Search

Find a vulnerability

Search criteria

    41 vulnerabilities by unify

    VAR-201503-0055

    Vulnerability from variot - Updated: 2026-03-09 23:25

    The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform boolean-type comparisons, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature. OpenSSL is prone to denial-of-service vulnerability. An attacker may exploit this issue to crash the application, resulting in denial-of-service conditions. The Common Vulnerabilities and Exposures project identifies the following issues:

    CVE-2015-0286

    Stephen Henson discovered that the ASN1_TYPE_cmp() function
    can be crashed, resulting in denial of service.
    

    CVE-2015-0287

    Emilia Kaesper discovered a memory corruption in ASN.1 parsing.
    

    CVE-2015-0292

    It was discovered that missing input sanitising in base64 decoding
    might result in memory corruption.
    

    CVE-2015-0209

    It was discovered that a malformed EC private key might result in
    memory corruption.
    

    CVE-2015-0288

    It was discovered that missing input sanitising in the
    X509_to_X509_REQ() function might result in denial of service.
    

    For the stable distribution (wheezy), these problems have been fixed in version 1.0.1e-2+deb7u15. In this update the export ciphers are removed from the default cipher list.

    References:

    CVE-2014-3569 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206 CVE-2015-0209 CVE-2015-0286 CVE-2015-0288 CVE-2015-5432 CVE-2015-5433

    SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. OpenSSL Security Advisory [19 Mar 2015]

    OpenSSL 1.0.2 ClientHello sigalgs DoS (CVE-2015-0291)

    Severity: High

    If a client connects to an OpenSSL 1.0.2 server and renegotiates with an invalid signature algorithms extension a NULL pointer dereference will occur. This can be exploited in a DoS attack against the server.

    This issue was was reported to OpenSSL on 26th February 2015 by David Ramos of Stanford University. The fix was developed by Stephen Henson and Matt Caswell of the OpenSSL development team.

    Reclassified: RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204)

    Severity: High

    This security issue was previously announced by the OpenSSL project and classified as "low" severity. This severity rating has now been changed to "high".

    This was classified low because it was originally thought that server RSA export ciphersuite support was rare: a client was only vulnerable to a MITM attack against a server which supports an RSA export ciphersuite. Recent studies have shown that RSA export ciphersuites support is far more common.

    OpenSSL 1.0.1 users should upgrade to 1.0.1k. OpenSSL 1.0.0 users should upgrade to 1.0.0p. OpenSSL 0.9.8 users should upgrade to 0.9.8zd.

    This issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan Bhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen Henson of the OpenSSL core team. It was previously announced in the OpenSSL security advisory on 8th January 2015.

    Multiblock corrupted pointer (CVE-2015-0290)

    Severity: Moderate

    OpenSSL 1.0.2 introduced the "multiblock" performance improvement. This feature only applies on 64 bit x86 architecture platforms that support AES NI instructions. A defect in the implementation of "multiblock" can cause OpenSSL's internal write buffer to become incorrectly set to NULL when using non-blocking IO. Typically, when the user application is using a socket BIO for writing, this will only result in a failed connection. However if some other BIO is used then it is likely that a segmentation fault will be triggered, thus enabling a potential DoS attack.

    This issue was reported to OpenSSL on 13th February 2015 by Daniel Danner and Rainer Mueller. The fix was developed by Matt Caswell of the OpenSSL development team.

    Segmentation fault in DTLSv1_listen (CVE-2015-0207)

    Severity: Moderate

    The DTLSv1_listen function is intended to be stateless and processes the initial ClientHello from many peers. It is common for user code to loop over the call to DTLSv1_listen until a valid ClientHello is received with an associated cookie. A defect in the implementation of DTLSv1_listen means that state is preserved in the SSL object from one invocation to the next that can lead to a segmentation fault. Errors processing the initial ClientHello can trigger this scenario. An example of such an error could be that a DTLS1.0 only client is attempting to connect to a DTLS1.2 only server.

    This issue was reported to OpenSSL on 27th January 2015 by Per Allansson. The fix was developed by Matt Caswell of the OpenSSL development team.

    Segmentation fault in ASN1_TYPE_cmp (CVE-2015-0286)

    Severity: Moderate

    The function ASN1_TYPE_cmp will crash with an invalid read if an attempt is made to compare ASN.1 boolean types. Since ASN1_TYPE_cmp is used to check certificate signature algorithm consistency this can be used to crash any certificate verification operation and exploited in a DoS attack. Any application which performs certificate verification is vulnerable including OpenSSL clients and servers which enable client authentication.

    OpenSSL 1.0.2 users should upgrade to 1.0.2a OpenSSL 1.0.1 users should upgrade to 1.0.1m. OpenSSL 1.0.0 users should upgrade to 1.0.0r. OpenSSL 0.9.8 users should upgrade to 0.9.8zf.

    This issue was discovered and fixed by Stephen Henson of the OpenSSL development team.

    Segmentation fault for invalid PSS parameters (CVE-2015-0208)

    Severity: Moderate

    The signature verification routines will crash with a NULL pointer dereference if presented with an ASN.1 signature using the RSA PSS algorithm and invalid parameters. Since these routines are used to verify certificate signature algorithms this can be used to crash any certificate verification operation and exploited in a DoS attack. Any application which performs certificate verification is vulnerable including OpenSSL clients and servers which enable client authentication.

    This issue affects OpenSSL version: 1.0.2

    OpenSSL 1.0.2 users should upgrade to 1.0.2a

    This issue was was reported to OpenSSL on 31st January 2015 by Brian Carpenter and a fix developed by Stephen Henson of the OpenSSL development team.

    ASN.1 structure reuse memory corruption (CVE-2015-0287)

    Severity: Moderate

    Reusing a structure in ASN.1 parsing may allow an attacker to cause memory corruption via an invalid write. Such reuse is and has been strongly discouraged and is believed to be rare.

    Applications that parse structures containing CHOICE or ANY DEFINED BY components may be affected. Certificate parsing (d2i_X509 and related functions) are however not affected. OpenSSL clients and servers are not affected.

    OpenSSL 1.0.2 users should upgrade to 1.0.2a OpenSSL 1.0.1 users should upgrade to 1.0.1m. OpenSSL 1.0.0 users should upgrade to 1.0.0r. OpenSSL 0.9.8 users should upgrade to 0.9.8zf.

    This issue was discovered by Emilia Käsper and a fix developed by Stephen Henson of the OpenSSL development team.

    PKCS7 NULL pointer dereferences (CVE-2015-0289)

    Severity: Moderate

    The PKCS#7 parsing code does not handle missing outer ContentInfo correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs with missing content and trigger a NULL pointer dereference on parsing.

    Applications that verify PKCS#7 signatures, decrypt PKCS#7 data or otherwise parse PKCS#7 structures from untrusted sources are affected. OpenSSL clients and servers are not affected.

    OpenSSL 1.0.2 users should upgrade to 1.0.2a OpenSSL 1.0.1 users should upgrade to 1.0.1m. OpenSSL 1.0.0 users should upgrade to 1.0.0r. OpenSSL 0.9.8 users should upgrade to 0.9.8zf.

    This issue was reported to OpenSSL on February 16th 2015 by Michal Zalewski (Google) and a fix developed by Emilia Käsper of the OpenSSL development team.

    Base64 decode (CVE-2015-0292)

    Severity: Moderate

    A vulnerability existed in previous versions of OpenSSL related to the processing of base64 encoded data. Any code path that reads base64 data from an untrusted source could be affected (such as the PEM processing routines). Maliciously crafted base 64 data could trigger a segmenation fault or memory corruption.

    OpenSSL 1.0.1 users should upgrade to 1.0.1h. OpenSSL 1.0.0 users should upgrade to 1.0.0m. OpenSSL 0.9.8 users should upgrade to 0.9.8za. This issue was originally reported by Robert Dugal and subsequently by David Ramos.

    DoS via reachable assert in SSLv2 servers (CVE-2015-0293)

    Severity: Moderate

    A malicious client can trigger an OPENSSL_assert (i.e., an abort) in servers that both support SSLv2 and enable export cipher suites by sending a specially crafted SSLv2 CLIENT-MASTER-KEY message.

    OpenSSL 1.0.2 users should upgrade to 1.0.2a OpenSSL 1.0.1 users should upgrade to 1.0.1m. OpenSSL 1.0.0 users should upgrade to 1.0.0r. OpenSSL 0.9.8 users should upgrade to 0.9.8zf.

    This issue was discovered by Sean Burford (Google) and Emilia Käsper (OpenSSL development team) in March 2015 and the fix was developed by Emilia Käsper.

    Empty CKE with client auth and DHE (CVE-2015-1787)

    Severity: Moderate

    If client auth is used then a server can seg fault in the event of a DHE ciphersuite being selected and a zero length ClientKeyExchange message being sent by the client. This could be exploited in a DoS attack.

    This issue was discovered and the fix was developed by Matt Caswell of the OpenSSL development team.

    Handshake with unseeded PRNG (CVE-2015-0285)

    Severity: Low

    Under certain conditions an OpenSSL 1.0.2 client can complete a handshake with an unseeded PRNG. The conditions are: - The client is on a platform where the PRNG has not been seeded automatically, and the user has not seeded manually - A protocol specific client method version has been used (i.e. not SSL_client_methodv23) - A ciphersuite is used that does not require additional random data from the PRNG beyond the initial ClientHello client random (e.g. PSK-RC4-SHA).

    If the handshake succeeds then the client random that has been used will have been generated from a PRNG with insufficient entropy and therefore the output may be predictable.

    For example using the following command with an unseeded openssl will succeed on an unpatched platform:

    openssl s_client -psk 1a2b3c4d -tls1_2 -cipher PSK-RC4-SHA

    This issue affects OpenSSL version: 1.0.2

    OpenSSL 1.0.2 users should upgrade to 1.0.2a.

    This issue was discovered and the fix was developed by Matt Caswell of the OpenSSL development team.

    Use After Free following d2i_ECPrivatekey error (CVE-2015-0209)

    Severity: Low

    A malformed EC private key file consumed via the d2i_ECPrivateKey function could cause a use after free condition. This, in turn, could cause a double free in several private key parsing functions (such as d2i_PrivateKey or EVP_PKCS82PKEY) and could lead to a DoS attack or memory corruption for applications that receive EC private keys from untrusted sources. This scenario is considered rare.

    OpenSSL 1.0.2 users should upgrade to 1.0.2a OpenSSL 1.0.1 users should upgrade to 1.0.1m. OpenSSL 1.0.0 users should upgrade to 1.0.0r. OpenSSL 0.9.8 users should upgrade to 0.9.8zf.

    This issue was discovered by the BoringSSL project and fixed in their commit 517073cd4b. The OpenSSL fix was developed by Matt Caswell of the OpenSSL development team.

    X509_to_X509_REQ NULL pointer deref (CVE-2015-0288)

    Severity: Low

    The function X509_to_X509_REQ will crash with a NULL pointer dereference if the certificate key is invalid. This function is rarely used in practice.

    OpenSSL 1.0.2 users should upgrade to 1.0.2a OpenSSL 1.0.1 users should upgrade to 1.0.1m. OpenSSL 1.0.0 users should upgrade to 1.0.0r. OpenSSL 0.9.8 users should upgrade to 0.9.8zf.

    This issue was discovered by Brian Carpenter and a fix developed by Stephen Henson of the OpenSSL development team.

    Note

    As per our previous announcements and our Release Strategy (https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions 1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these releases will be provided after that date. Users of these releases are advised to upgrade.

    References

    URL for this Security Advisory: https://www.openssl.org/news/secadv_20150319.txt

    Note: the online version of the advisory may be updated with additional details over time.

    For details of OpenSSL severity classifications please see: https://www.openssl.org/about/secpolicy.html

    . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    APPLE-SA-2015-09-16-1 iOS 9

    iOS 9 is now available and addresses the following:

    Apple Pay Available for: iPhone 6, iPad mini 3, and iPad Air 2 Impact: Some cards may allow a terminal to retrieve limited recent transaction information when making a payment Description: The transaction log functionality was enabled in certain configurations. This issue was addressed by removing the transaction log functionality. CVE-ID CVE-2015-5916

    AppleKeyStore Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local attacker may be able to reset failed passcode attempts with an iOS backup Description: An issue existed in resetting failed passcode attempts with a backup of the iOS device. This was addressed through improved passcode failure logic. CVE-ID CVE-2015-5850 : an anonymous researcher

    Application Store Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Clicking a malicious ITMS link may lead to a denial of service in an enterprise-signed application Description: An issue existed with installation through ITMS links. This was addressed through additional installation verification. CVE-ID CVE-2015-5856 : Zhaofeng Chen, Hui Xue, and Tao (Lenx) Wei of FireEye, Inc.

    Audio Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Playing a malicious audio file may lead to an unexpected application termination Description: A memory corruption issue existed in the handling of audio files. This issue issue was addressed through improved memory handling. CVE-ID CVE-2015-5862 : YoungJin Yoon of Information Security Lab. (Adv.: Prof. Taekyoung Kwon), Yonsei University, Seoul, Korea

    Certificate Trust Policy Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Update to the certificate trust policy Description: The certificate trust policy was updated. The complete list of certificates may be viewed at https://support.apple.com/en- us/HT204132.

    CFNetwork Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to an iOS device may read cache data from Apple apps Description: Cache data was encrypted with a key protected only by the hardware UID. This issue was addressed by encrypting the cache data with a key protected by the hardware UID and the user's passcode. CVE-ID CVE-2015-5898 : Andreas Kurtz of NESO Security Labs

    CFNetwork Cookies Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker in a privileged network position can track a user's activity Description: A cross-domain cookie issue existed in the handling of top level domains. The issue was address through improved restrictions of cookie creation. CVE-ID CVE-2015-5885 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua University

    CFNetwork Cookies Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker may be able to create unintended cookies for a website Description: WebKit would accept multiple cookies to be set in the document.cookie API. This issue was addressed through improved parsing. CVE-ID CVE-2015-3801 : Erling Ellingsen of Facebook

    CFNetwork FTPProtocol Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Malicious FTP servers may be able to cause the client to perform reconnaissance on other hosts Description: An issue existed in FTP packet handling if clients were using an FTP proxy. CVE-ID CVE-2015-5912 : Amit Klein

    CFNetwork HTTPProtocol Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A maliciously crafted URL may be able to bypass HTTP Strict Transport Security (HSTS) and leak sensitive data Description: A URL parsing vulnerability existed in HSTS handling. This issue was addressed through improved URL parsing. CVE-ID CVE-2015-5858 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua University

    CFNetwork HTTPProtocol Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious website may be able to track users in Safari private browsing mode Description: An issue existed in the handling of HSTS state in Safari private browsing mode. This issue was addressed through improved state handling. CVE-ID CVE-2015-5860 : Sam Greenhalgh of RadicalResearch Ltd

    CFNetwork Proxies Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Connecting to a malicious web proxy may set malicious cookies for a website Description: An issue existed in the handling of proxy connect responses. This issue was addressed by removing the set-cookie header while parsing the connect response. CVE-ID CVE-2015-5841 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua University

    CFNetwork SSL Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker with a privileged network position may intercept SSL/TLS connections Description: A certificate validation issue existed in NSURL when a certificate changed. This issue was addressed through improved certificate validation. CVE-ID CVE-2015-5824 : Timothy J. Wood of The Omni Group

    CFNetwork SSL Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker may be able to decrypt data protected by SSL Description: There are known attacks on the confidentiality of RC4. An attacker could force the use of RC4, even if the server preferred better ciphers, by blocking TLS 1.0 and higher connections until CFNetwork tried SSL 3.0, which only allows RC4. This issue was addressed by removing the fallback to SSL 3.0.

    CoreAnimation Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to leak sensitive user information Description: Applications could access the screen framebuffer while they were in the background. This issue was addressed with improved access control on IOSurfaces. CVE-ID CVE-2015-5880 : Jin Han, Su Mon Kywe, Qiang Yan, Robert Deng, Debin Gao, Yingjiu Li of School of Information Systems Singapore Management University, Feng Bao and Jianying Zhou of Cryptography and Security Department Institute for Infocomm Research

    CoreCrypto Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker may be able to determine a private key Description: By observing many signing or decryption attempts, an attacker may have been able to determine the RSA private key. This issue was addressed using improved encryption algorithms.

    CoreText Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2015-5874 : John Villamil (@day6reak), Yahoo Pentest Team

    Data Detectors Engine Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Processing a maliciously crafted text file may lead to arbitrary code execution Description: Memory corruption issues existed in the processing of text files. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-5829 : M1x7e1 of Safeye Team (www.safeye.org)

    Dev Tools Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in dyld. This was addressed through improved memory handling. CVE-ID CVE-2015-5876 : beist of grayhash

    dyld Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An application may be able to bypass code signing Description: An issue existed with validation of the code signature of executables. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-5839 : @PanguTeam, TaiG Jailbreak Team

    Disk Images Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in DiskImages. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5847 : Filippo Bigarella, Luca Todesco

    Game Center Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious Game Center application may be able to access a player's email address Description: An issue existed in Game Center in the handling of a player's email. This issue was addressed through improved access restrictions. CVE-ID CVE-2015-5855 : Nasser Alnasser

    ICU Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Multiple vulnerabilities in ICU Description: Multiple vulnerabilities existed in ICU versions prior to 53.1.0. These issues were addressed by updating ICU to version 55.1. CVE-ID CVE-2014-8146 CVE-2015-1205

    IOAcceleratorFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to determine kernel memory layout Description: An issue existed that led to the disclosure of kernel memory content. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-5834 : Cererdlong of Alibaba Mobile Security Team

    IOAcceleratorFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in IOAcceleratorFamily. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5848 : Filippo Bigarella

    IOHIDFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in IOHIDFamily. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5867 : moony li of Trend Micro

    IOKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5844 : Filippo Bigarella CVE-2015-5845 : Filippo Bigarella CVE-2015-5846 : Filippo Bigarella

    IOMobileFrameBuffer Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in IOMobileFrameBuffer. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5843 : Filippo Bigarella

    IOStorageFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local attacker may be able to read kernel memory Description: A memory initialization issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5863 : Ilja van Sprundel of IOActive

    iTunes Store Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: AppleID credentials may persist in the keychain after sign out Description: An issue existed in keychain deletion. This issue was addressed through improved account cleanup. CVE-ID CVE-2015-5832 : Kasif Dekel from Check Point Software Technologies

    JavaScriptCore Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2015-5791 : Apple CVE-2015-5793 : Apple CVE-2015-5814 : Apple CVE-2015-5816 : Apple CVE-2015-5822 : Mark S. Miller of Google CVE-2015-5823 : Apple

    Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5868 : Cererdlong of Alibaba Mobile Security Team CVE-2015-5896 : Maxime Villard of m00nbsd CVE-2015-5903 : CESG

    Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local attacker may control the value of stack cookies Description: Multiple weaknesses existed in the generation of user space stack cookies. This was addressed through improved generation of stack cookies. CVE-ID CVE-2013-3951 : Stefan Esser

    Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local process can modify other processes without entitlement checks Description: An issue existed where root processes using the processor_set_tasks API were allowed to retrieve the task ports of other processes. This issue was addressed through added entitlement checks. CVE-ID CVE-2015-5882 : Pedro Vilaca, working from original research by Ming- chieh Pan and Sung-ting Tsai; Jonathan Levin

    Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker may be able to launch denial of service attacks on targeted TCP connections without knowing the correct sequence number Description: An issue existed in xnu's validation of TCP packet headers. This issues was addressed through improved TCP packet header validation. CVE-ID CVE-2015-5879 : Jonathan Looney

    Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker in a local LAN segment may disable IPv6 routing Description: An insufficient validation issue existed in handling of IPv6 router advertisements that allowed an attacker to set the hop limit to an arbitrary value. This issue was addressed by enforcing a minimum hop limit. CVE-ID CVE-2015-5869 : Dennis Spindel Ljungmark

    Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to determine kernel memory layout Description: An issue existed in XNU that led to the disclosure of kernel memory. This was addressed through improved initialization of kernel memory structures. CVE-ID CVE-2015-5842 : beist of grayhash

    Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to cause a system denial of service Description: An issue existed in HFS drive mounting. This was addressed by additional validation checks. CVE-ID CVE-2015-5748 : Maxime Villard of m00nbsd

    libc Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2014-8611 : Adrian Chadd and Alfred Perlstein of Norse Corporation

    libpthread Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5899 : Lufeng Li of Qihoo 360 Vulcan Team

    Mail Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker can send an email that appears to come from a contact in the recipient's address book Description: An issue existed in the handling of the sender's address. This issue was addressed through improved validation. CVE-ID CVE-2015-5857 : Emre Saglam of salesforce.com

    Multipeer Connectivity Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local attacker may be able to observe unprotected multipeer data Description: An issue existed in convenience initializer handling in which encryption could be actively downgraded to a non-encrypted session. This issue was addressed by changing the convenience initializer to require encryption. CVE-ID CVE-2015-5851 : Alban Diquet (@nabla_c0d3) of Data Theorem

    NetworkExtension Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to determine kernel memory layout Description: An uninitialized memory issue in the kernel led to the disclosure of kernel memory content. This issue was addressed through memory initialization. CVE-ID CVE-2015-5831 : Maxime Villard of m00nbsd

    OpenSSL Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Multiple vulnerabilities in OpenSSL Description: Multiple vulnerabilities existed in OpenSSL versions prior to 0.9.8zg. These were addressed by updating OpenSSL to version 0.9.8zg. CVE-ID CVE-2015-0286 CVE-2015-0287

    PluginKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious enterprise application can install extensions before the application has been trusted Description: An issue existed in the validation of extensions during installation. This was addressed through improved app verification. CVE-ID CVE-2015-5837 : Zhaofeng Chen, Hui Xue, and Tao (Lenx) Wei of FireEye, Inc.

    removefile Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Processing malicious data may lead to unexpected application termination Description: An overflow fault existed in the checkint division routines. This issue was addressed with improved division routines. CVE-ID CVE-2015-5840 : an anonymous researcher

    Safari Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to read Safari bookmarks on a locked iOS device without a passcode Description: Safari bookmark data was encrypted with a key protected only by the hardware UID. This issue was addressed by encrypting the Safari bookmark data with a key protected by the hardware UID and the user's passcode. CVE-ID CVE-2015-5903 : Jonathan Zdziarski

    Safari Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a malicious website may lead to user interface spoofing Description: An issue may have allowed a website to display content with a URL from a different website. This issue was addressed through improved URL handling. CVE-ID CVE-2015-5904 : Erling Ellingsen of Facebook, Lukasz Pilorz

    Safari Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a malicious website may lead to user interface spoofing Description: Navigating to a malicious website with a malformed window opener may have allowed the display of arbitrary URLs. This issue was addressed through improved handling of window openers. CVE-ID CVE-2015-5905 : Keita Haga of keitahaga.com

    Safari Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Users may be tracked by malicious websites using client certificates Description: An issue existed in Safari's client certificate matching for SSL authentication. This issue was addressed through improved matching of valid client certificates. CVE-ID CVE-2015-1129 : Stefan Kraus of fluid Operations AG, Sylvain Munaut of Whatever s.a.

    Safari Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a malicious website may lead to user interface spoofing Description: Multiple user interface inconsistencies may have allowed a malicious website to display an arbitrary URL. These issues were addressed through improved URL display logic. CVE-ID CVE-2015-5764 : Antonio Sanso (@asanso) of Adobe CVE-2015-5765 : Ron Masas CVE-2015-5767 : Krystian Kloskowski via Secunia, Masato Kinugawa

    Safari Safe Browsing Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Navigating to the IP address of a known malicious website may not trigger a security warning Description: Safari's Safe Browsing feature did not warn users when visiting known malicious websites by their IP addresses. The issue was addressed through improved malicious site detection. Rahul M of TagsDoc

    Security Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious app may be able to intercept communication between apps Description: An issue existed that allowed a malicious app to intercept URL scheme communication between apps. This was mitigated by displaying a dialog when a URL scheme is used for the first time. CVE-ID CVE-2015-5835 : Teun van Run of FiftyTwoDegreesNorth B.V.; XiaoFeng Wang of Indiana University, Luyi Xing of Indiana University, Tongxin Li of Peking University, Tongxin Li of Peking University, Xiaolong Bai of Tsinghua University

    Siri Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to an iOS device may be able to use Siri to read notifications of content that is set not to be displayed at the lock screen Description: When a request was made to Siri, client side restrictions were not being checked by the server. This issue was addressed through improved restriction checking. CVE-ID CVE-2015-5892 : Robert S Mozayeni, Joshua Donvito

    SpringBoard Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to an iOS device can reply to an audio message from the lock screen when message previews from the lock screen are disabled Description: A lock screen issue allowed users to reply to audio messages when message previews were disabled. This issue was addressed through improved state management. CVE-ID CVE-2015-5861 : Daniel Miedema of Meridian Apps

    SpringBoard Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to spoof another application's dialog windows Description: An access issue existed with privileged API calls. This issue was addressed through additional restrictions. CVE-ID CVE-2015-5838 : Min (Spark) Zheng, Hui Xue, Tao (Lenx) Wei, John C.S. Lui

    SQLite Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Multiple vulnerabilities in SQLite v3.8.5 Description: Multiple vulnerabilities existed in SQLite v3.8.5. These issues were addressed by updating SQLite to version 3.8.10.2. CVE-ID CVE-2015-5895

    tidy Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue existed in Tidy. This issues was addressed through improved memory handling. CVE-ID CVE-2015-5522 : Fernando Munoz of NULLGroup.com CVE-2015-5523 : Fernando Munoz of NULLGroup.com

    WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Object references may be leaked between isolated origins on custom events, message events and pop state events Description: An object leak issue broke the isolation boundary between origins. This issue was addressed through improved isolation between origins. CVE-ID CVE-2015-5827 : Gildas

    WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2015-5789 : Apple CVE-2015-5790 : Apple CVE-2015-5792 : Apple CVE-2015-5794 : Apple CVE-2015-5795 : Apple CVE-2015-5796 : Apple CVE-2015-5797 : Apple CVE-2015-5799 : Apple CVE-2015-5800 : Apple CVE-2015-5801 : Apple CVE-2015-5802 : Apple CVE-2015-5803 : Apple CVE-2015-5804 : Apple CVE-2015-5805 CVE-2015-5806 : Apple CVE-2015-5807 : Apple CVE-2015-5809 : Apple CVE-2015-5810 : Apple CVE-2015-5811 : Apple CVE-2015-5812 : Apple CVE-2015-5813 : Apple CVE-2015-5817 : Apple CVE-2015-5818 : Apple CVE-2015-5819 : Apple CVE-2015-5821 : Apple

    WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a malicious website may lead to unintended dialing Description: An issue existed in handling of tel://, facetime://, and facetime-audio:// URLs. This issue was addressed through improved URL handling. CVE-ID CVE-2015-5820 : Andrei Neculaesei, Guillaume Ross

    WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: QuickType may learn the last character of a password in a filled-in web form Description: An issue existed in WebKit's handling of password input context. This issue was addressed through improved input context handling. CVE-ID CVE-2015-5906 : Louis Romero of Google Inc.

    WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker in a privileged network position may be able to redirect to a malicious domain Description: An issue existed in the handling of resource caches on sites with invalid certificates. The issue was addressed by rejecting the application cache of domains with invalid certificates. CVE-ID CVE-2015-5907 : Yaoqi Jia of National University of Singapore (NUS)

    WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious website may exfiltrate data cross-origin Description: Safari allowed cross-origin stylesheets to be loaded with non-CSS MIME types which could be used for cross-origin data exfiltration. This issue was addressed by limiting MIME types for cross-origin stylesheets. CVE-ID CVE-2015-5826 : filedescriptor, Chris Evans

    WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: The Performance API may allow a malicious website to leak browsing history, network activity, and mouse movements Description: WebKit's Performance API could have allowed a malicious website to leak browsing history, network activity, and mouse movements by measuring time. This issue was addressed by limiting time resolution. CVE-ID CVE-2015-5825 : Yossi Oren et al. of Columbia University's Network Security Lab

    WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: An issue existed with Content-Disposition headers containing type attachment. This issue was addressed by disallowing some functionality for type attachment pages. CVE-ID CVE-2015-5921 : Mickey Shkatov of the Intel(r) Advanced Threat Research Team, Daoyuan Wu of Singapore Management University, Rocky K. C. Chang of Hong Kong Polytechnic University, Lukasz Pilorz, superhei of www.knownsec.com

    WebKit Canvas Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a malicious website may disclose image data from another website Description: A cross-origin issue existed with "canvas" element images in WebKit. This was addressed through improved tracking of security origins. CVE-ID CVE-2015-5788 : Apple

    WebKit Page Loading Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: WebSockets may bypass mixed content policy enforcement Description: An insufficient policy enforcement issue allowed WebSockets to load mixed content. This issue was addressed by extending mixed content policy enforcement to WebSockets. Kevin G Jones of Higher Logic

    Installation note:

    This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/

    iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device.

    The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device.

    To check that the iPhone, iPod touch, or iPad has been updated:

    • Navigate to Settings
    • Select General
    • Select About. The version after applying this update will be "9".

    Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

    This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/

    -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org

    iQIcBAEBCAAGBQJV+avFAAoJEBcWfLTuOo7tAOsQAKVBs+YG3HuMy0mc0rnpbRtU +bjdnzwBeQE6C6Fp/SlZroyYtutnPw9QoFbUpY9Kkcer08uPap6kUAcF72fD51tG UYmIe5WvDSMWD98pKsgDGUVfGdU1h135KpSfDgoiQrZK2GAPe2xCDupD42jIPLk2 3qSyrYnVzfrCZ8uBk9j4gqoF5Ki6JSP/3Qm7hiPfhQXcMyQyIQ+2tJyQcSyGf5OM RgkmHwjIjkEb8jwwQ6h4LPMNuvqq8Kv6P4wQQeUl7RdtLJfafmFg+mV7bSmV/b28 Hk5EHQrQJ5fVl9jBFxti6aZrhrNr5yRL9yAdrpNB0rWfDN0z9emyGRrW2vli+Zv+ 0xXBZfAiNVAP53ou4gyVkLDZ+zx5lsWSADU1QWbIR2DY+WXUIN5QJ/ayFkNN9gqD WrFGHOc/l+Rq82uQi4ND0jTcYqhBG0MyooJf29orPA2tZeKvrcA4/6w12w6eJ7qA aW5J+BByErqWft42I/JT3CbnK+GBEDHnj4GAeSMHuNolPNsoH5cv0G4yKigW0zLS 81AzADTcBtKtaSD9aBAPAL6TTGUySmupF8flhHTMcpZh1MbAqo+bObMXUMvCrmST yq+5/R0gVuMN0BQ7adwI0akYApuqrNi/Mp9zT+JlU2wiSfaHm58Ugf8YAmc+sfjT rHWi1bvzskkrxRfuQ4mX =MnPh -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

    Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04746490

    SUPPORT COMMUNICATION - SECURITY BULLETIN

    Document ID: c04746490 Version: 1

    HPSBMU03380 rev.1 - HP System Management Homepage (SMH) on Linux and Windows, Multiple Vulnerabilities

    NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

    Release Date: 2015-07-20 Last Updated: 2015-07-20

    Potential Security Impact: Remote Denial of Service (DoS), cross-site request forgery (CSRF), execution of arbitrary code, unauthorized modification, unauthorized access, disclosure of information

    Source: Hewlett-Packard Company, HP Software Security Response Team

    VULNERABILITY SUMMARY Multiple potential security vulnerabilities have been identified with HP System Management Homepage (SMH) on Linux and Windows. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS), Cross-site Request Forgery (CSRF), execution of arbitrary code, unauthorized modification, unauthorized access, or disclosure of information.

    References:

    CVE-2014-0118 - Remote Denial of Service (DoS) CVE-2014-0226 - Remote Denial of Service (DoS) CVE-2014-0231 - Remote Denial of Service (DoS) CVE-2014-3523 - Remote Denial of Service (DoS) CVE-2014-3569 - Remote Denial of Service (DoS) CVE-2014-3570 - Remote Disclosure of Information CVE-2014-3571 - Remote Denial of Service (DoS) CVE-2014-3572 - Remote Disclosure of Information CVE-2014-8142 - Remote Code Execution CVE-2014-8275 - Unauthorized Modification CVE-2014-9427 - Remote Disclosure of Information CVE-2014-9652 - Remote Denial of Service (DoS) CVE-2014-9653 - Remote Denial of Service (DoS) CVE-2014-9705 - Remote Code Execution CVE-2015-0204 - Remote Disclosure of Information CVE-2015-0205 - Remote Unauthorized Access CVE-2015-0206 - Remote Denial of Service (DoS) CVE-2015-0207 - Remote Denial of Service (DoS) CVE-2015-0208 - Remote Denial of Service (DoS) CVE-2015-0209 - Remote Denial of Service (DoS) CVE-2015-0231 - Remote Denial of Service (DoS) CVE-2015-0232 - Remote Denial of Service (DoS), Execution of Arbitrary Code CVE-2015-0273 - Remote Execution of Arbitrary Code CVE-2015-0285 - Remote Disclosure of Information CVE-2015-0286 - Remote Denial of Service (DoS) CVE-2015-0287 - Remote Denial of Service (DoS) CVE-2015-0288 - Remote Denial of Service (DoS) CVE-2015-0289 - Remote Denial of Service (DoS) CVE-2015-0290 - Remote Denial of Service (DoS) CVE-2015-0291 - Remote Denial of Service (DoS) CVE-2015-0292 - Remote Denial of Service (DoS) CVE-2015-0293 - Remote Denial of Service (DoS) CVE-2015-1787 - Remote Denial of Service (DoS) CVE-2015-2301 - Remote Execution of Arbitrary Code CVE-2015-2331 - Remote Denial of Service (DoS), Execution of Arbitrary Code CVE-2015-2348 - Unauthorized Modification CVE-2015-2787 - Remote Execution of Arbitrary Code CVE-2015-2134 - Cross-site Request Forgery (CSRF) SSRT102109

    SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP System Management Homepage (SMH) prior to version 7.5.0

    BACKGROUND

    CVSS 2.0 Base Metrics

    Reference Base Vector Base Score CVE-2014-0118 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2014-0226 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-0231 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3523 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3569 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3570 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2014-3571 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3572 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2014-8142 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-8275 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2014-9427 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9652 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-9653 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9705 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0204 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2015-0205 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2015-0206 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0207 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0208 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-0209 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-0231 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0232 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-0273 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0285 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2015-0286 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0287 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0288 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0289 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0290 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0291 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0293 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-1787 (AV:N/AC:H/Au:N/C:N/I:N/A:P) 2.6 CVE-2015-2301 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-2331 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-2348 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2015-2787 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-2134 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

    RESOLUTION

    HP has made the following software updates available to resolve the vulnerabilities for the impacted versions of HP System Management Homepage (SMH).

    Please download the latest version of HP System Management Homepage (7.5.0) from the following location:

    http://www.hp.com/go/smh
    

    HISTORY Version:1 (rev.1) - 20 July 2015 Initial release

    Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

    Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.

    Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com

    Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

    Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

    Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

    3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX

    Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

    ============================================================================= FreeBSD-SA-15:06.openssl Security Advisory The FreeBSD Project

    Topic: Multiple OpenSSL vulnerabilities

    Category: contrib Module: openssl Announced: 2015-03-19 Affects: All supported versions of FreeBSD. Corrected: 2015-03-19 17:40:43 UTC (stable/10, 10.1-STABLE) 2015-03-19 17:42:38 UTC (releng/10.1, 10.1-RELEASE-p7) 2015-03-19 17:40:43 UTC (stable/9, 9.3-STABLE) 2015-03-19 17:42:38 UTC (releng/9.3, 9.3-RELEASE-p11) 2015-03-19 17:40:43 UTC (stable/8, 8.4-STABLE) 2015-03-19 17:42:38 UTC (releng/8.4, 8.4-RELEASE-p25) CVE Name: CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0293

    For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit .

    I. Background

    FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.

    Abstract Syntax Notation One (ASN.1) is a standard and notation that describes rules and structures for representing, encoding, transmitting, and decoding data in telecommunications and computer networking, which enables representation of objects that are independent of machine-specific encoding technique.

    II. [CVE-2015-0293]

    III. Impact

    A malformed elliptic curve private key file can cause server daemons using OpenSSL to crash, resulting in a Denial of Service. [CVE-2015-0209]

    A remote attacker who is able to send specifically crafted certificates may be able to crash an OpenSSL client or server. [CVE-2015-0287]

    An attacker may be able to crash applications that create a new certificate request with subject name the same as in an existing, specifically crafted certificate.

    IV. Workaround

    No workaround is available. Solution

    Perform one of the following:

    1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date.

    2) To update your vulnerable system via a binary patch:

    Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility:

    freebsd-update fetch

    freebsd-update install

    3) To update your vulnerable system via a source code patch:

    The following patches have been verified to apply to the applicable FreeBSD release branches.

    a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.

    [FreeBSD 8.4 and FreeBSD 9.3]

    fetch https://security.FreeBSD.org/patches/SA-15:06/openssl-0.9.8.patch

    fetch https://security.FreeBSD.org/patches/SA-15:06/openssl-0.9.8.patch.asc

    gpg --verify openssl-0.9.8.patch.asc

    [FreeBSD 10.1]

    fetch https://security.FreeBSD.org/patches/SA-15:06/openssl-1.0.1.patch

    fetch https://security.FreeBSD.org/patches/SA-15:06/openssl-1.0.1.patch.asc

    gpg --verify openssl-1.0.1.patch.asc

    b) Apply the patch. Execute the following commands as root:

    cd /usr/src

    patch < /path/to/patch

    c) Recompile the operating system using buildworld and installworld as described in .

    Restart all deamons using the library, or reboot the system.

    VI. Correction details

    The following list contains the correction revision numbers for each affected branch.

    Branch/path Revision


    stable/8/ r280266 releng/8.4/ r280268 stable/9/ r280266 releng/9.3/ r280268 stable/10/ r280266 releng/10.1/ r280268


    To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed:

    svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base

    Or visit the following URL, replacing NNNNNN with the revision number:

    VII.

    Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/openssl-1.0.1m-i486-1_slack14.1.txz: Upgraded. Fixes several bugs and security issues: o Segmentation fault in ASN1_TYPE_cmp fix (CVE-2015-0286) o ASN.1 structure reuse memory corruption fix (CVE-2015-0287) o PKCS7 NULL pointer dereferences fix (CVE-2015-0289) o DoS via reachable assert in SSLv2 servers fix (CVE-2015-0293) o Use After Free following d2i_ECPrivatekey error fix (CVE-2015-0209) o X509_to_X509_REQ NULL pointer deref fix (CVE-2015-0288) o Removed the export ciphers from the DEFAULT ciphers For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288 ( Security fix ) +--------------------------+

    Where to find the new packages: +-----------------------------+

    Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)

    Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

    Updated packages for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zf-i486-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zf-i486-1_slack13.0.txz

    Updated packages for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zf-x86_64-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zf-x86_64-1_slack13.0.txz

    Updated packages for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zf-i486-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zf-i486-1_slack13.1.txz

    Updated packages for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zf-x86_64-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zf-x86_64-1_slack13.1.txz

    Updated packages for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zf-i486-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zf-i486-1_slack13.37.txz

    Updated packages for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zf-x86_64-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zf-x86_64-1_slack13.37.txz

    Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1m-i486-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1m-i486-1_slack14.0.txz

    Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1m-x86_64-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1m-x86_64-1_slack14.0.txz

    Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1m-i486-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1m-i486-1_slack14.1.txz

    Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1m-x86_64-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1m-x86_64-1_slack14.1.txz

    Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1m-i486-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1m-i486-1.txz

    Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1m-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1m-x86_64-1.txz

    MD5 signatures: +-------------+

    Slackware 13.0 packages: 9ba57b2971962ceb6205ec7b7e6b84e7 openssl-0.9.8zf-i486-1_slack13.0.txz 706ef57bb71992961584a3d957c5dbcb openssl-solibs-0.9.8zf-i486-1_slack13.0.txz

    Slackware x86_64 13.0 packages: 5f581b663798eacc8e7df4c292f33dbf openssl-0.9.8zf-x86_64-1_slack13.0.txz fe5f33f4d2db08b4f8d724e62bf6e514 openssl-solibs-0.9.8zf-x86_64-1_slack13.0.txz

    Slackware 13.1 packages: 1ef0ba15454da786993361c927084438 openssl-0.9.8zf-i486-1_slack13.1.txz 2b3e20bcaa77f39512b6edcbc41b5471 openssl-solibs-0.9.8zf-i486-1_slack13.1.txz

    Slackware x86_64 13.1 packages: f8fae10a1936cf900d362b65d9b2c8df openssl-0.9.8zf-x86_64-1_slack13.1.txz 0093e35c46382eeef03a51421895ed65 openssl-solibs-0.9.8zf-x86_64-1_slack13.1.txz

    Slackware 13.37 packages: 7d4dd0f76252c98622a5f5939f6f0674 openssl-0.9.8zf-i486-1_slack13.37.txz e5cde01c0773ac78d33964e4107878df openssl-solibs-0.9.8zf-i486-1_slack13.37.txz

    Slackware x86_64 13.37 packages: 379424e15bd378e00a5ba0c709432429 openssl-0.9.8zf-x86_64-1_slack13.37.txz 54832ad7e5440ce1c496be47fec9140d openssl-solibs-0.9.8zf-x86_64-1_slack13.37.txz

    Slackware 14.0 packages: 8abafa33d2bf90b6cd8be849c0d9a643 openssl-1.0.1m-i486-1_slack14.0.txz bac56213a540586d801d7b57608396de openssl-solibs-1.0.1m-i486-1_slack14.0.txz

    Slackware x86_64 14.0 packages: b4c6c971e74b678c68671feed18fa7dc openssl-1.0.1m-x86_64-1_slack14.0.txz acac871e22b5de998544c2f6431c0139 openssl-solibs-1.0.1m-x86_64-1_slack14.0.txz

    Slackware 14.1 packages: c1f47f1f1ba5a13d6ac2ef2ae48bfb4c openssl-1.0.1m-i486-1_slack14.1.txz b7b1761ae1585f406d303273812043d3 openssl-solibs-1.0.1m-i486-1_slack14.1.txz

    Slackware x86_64 14.1 packages: 1c6e11e2e3454836d5a3e9243f7c7738 openssl-1.0.1m-x86_64-1_slack14.1.txz 25b7a704816a2123463ddbfabbc1b86d openssl-solibs-1.0.1m-x86_64-1_slack14.1.txz

    Slackware -current packages: 0926b2429e1326c8ab9bcbbda056dc66 a/openssl-solibs-1.0.1m-i486-1.txz b6252d0f141eba7b0a8e8c5bbdc314f0 n/openssl-1.0.1m-i486-1.txz

    Slackware x86_64 -current packages: 99b903f556c7a2d5ec283f04c2f5a650 a/openssl-solibs-1.0.1m-x86_64-1.txz 9ecb47e0b70bd7f8064c96fb2211c4b7 n/openssl-1.0.1m-x86_64-1.txz

    Installation instructions: +------------------------+

    Upgrade the packages as root:

    upgradepkg openssl-1.0.1m-i486-1_slack14.1.txz openssl-solibs-1.0.1m-i486-1_slack14.1.txz

    +-----+

    Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com

    +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

    ===================================================================== Red Hat Security Advisory

    Synopsis: Important: Red Hat JBoss Core Services Apache HTTP 2.4.23 Release Advisory ID: RHSA-2016:2957-01 Product: Red Hat JBoss Core Services Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2957.html Issue date: 2016-12-15 CVE Names: CVE-2012-1148 CVE-2014-3523 CVE-2014-8176 CVE-2015-0209 CVE-2015-0286 CVE-2015-3185 CVE-2015-3194 CVE-2015-3195 CVE-2015-3196 CVE-2015-3216 CVE-2016-0702 CVE-2016-0705 CVE-2016-0797 CVE-2016-0799 CVE-2016-1762 CVE-2016-1833 CVE-2016-1834 CVE-2016-1835 CVE-2016-1836 CVE-2016-1837 CVE-2016-1838 CVE-2016-1839 CVE-2016-1840 CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2108 CVE-2016-2109 CVE-2016-2177 CVE-2016-2178 CVE-2016-2842 CVE-2016-3627 CVE-2016-3705 CVE-2016-4447 CVE-2016-4448 CVE-2016-4449 CVE-2016-4459 CVE-2016-4483 CVE-2016-5419 CVE-2016-5420 CVE-2016-6808 CVE-2016-7141 CVE-2016-8612 =====================================================================

    1. Summary:

    Red Hat JBoss Core Services httpd 2.4.23 is now available from the Red Hat Customer Portal for Solaris and Microsoft Windows systems.

    Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description:

    This release of Red Hat JBoss Core Services httpd 2.4.23 serves as a replacement for JBoss Core Services Apache HTTP Server 2.4.6. (CVE-2014-8176, CVE-2015-0209, CVE-2015-0286, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196, CVE-2015-3216, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0799, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2177, CVE-2016-2178, CVE-2016-2842)

    • This update fixes several flaws in libxml2. (CVE-2016-1762, CVE-2016-1833, CVE-2016-1834, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, CVE-2016-1840, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447, CVE-2016-4448, CVE-2016-4449, CVE-2016-4483)

    • This update fixes three flaws in curl. (CVE-2016-5419, CVE-2016-5420, CVE-2016-7141)

    • This update fixes two flaws in httpd. (CVE-2016-4459, CVE-2016-8612)

    • A buffer overflow flaw when concatenating virtual host names and URIs was fixed in mod_jk. (CVE-2016-6808)

    • A memory leak flaw was fixed in expat. (CVE-2012-1148)

    Red Hat would like to thank the OpenSSL project for reporting CVE-2014-8176, CVE-2015-0286, CVE-2016-2108, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0799, and CVE-2016-2842. Upstream acknowledges Stephen Henson (OpenSSL development team) as the original reporter of CVE-2015-0286; Huzaifa Sidhpurwala (Red Hat), Hanno BAPck, and David Benjamin (Google) as the original reporters of CVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2105, CVE-2016-2106, CVE-2016-0797, CVE-2016-0799, and CVE-2016-2842; Juraj Somorovsky as the original reporter of CVE-2016-2107; Yuval Yarom (University of Adelaide and NICTA), Daniel Genkin (Technion and Tel Aviv University), and Nadia Heninger (University of Pennsylvania) as the original reporters of CVE-2016-0702; and Adam Langley (Google/BoringSSL) as the original reporter of CVE-2016-0705.

    See the corresponding CVE pages linked to in the References section for more information about each of the flaws listed in this advisory. Solution:

    The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).

    After installing the updated packages, the httpd daemon will be restarted automatically. Bugs fixed (https://bugzilla.redhat.com/):

    801648 - CVE-2012-1148 expat: Memory leak in poolGrow 1121519 - CVE-2014-3523 httpd: WinNT MPM denial of service 1196737 - CVE-2015-0209 openssl: use-after-free on invalid EC private key import 1202366 - CVE-2015-0286 openssl: invalid pointer use in ASN1_TYPE_cmp() 1227574 - CVE-2015-3216 openssl: Crash in ssleay_rand_bytes due to locking regression 1228611 - CVE-2014-8176 OpenSSL: Invalid free in DTLS 1243888 - CVE-2015-3185 httpd: ap_some_auth_required() does not properly indicate authenticated request in 2.4 1288320 - CVE-2015-3194 OpenSSL: Certificate verify crash with missing PSS parameter 1288322 - CVE-2015-3195 OpenSSL: X509_ATTRIBUTE memory leak 1288326 - CVE-2015-3196 OpenSSL: Race condition handling PSK identify hint 1310596 - CVE-2016-0705 OpenSSL: Double-free in DSA code 1310599 - CVE-2016-0702 OpenSSL: Side channel attack on modular exponentiation 1311880 - CVE-2016-0797 OpenSSL: BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption 1312219 - CVE-2016-0799 OpenSSL: Fix memory issues in BIO_*printf functions 1314757 - CVE-2016-2842 openssl: doapr_outch function does not verify that certain memory allocation succeeds 1319829 - CVE-2016-3627 libxml2: stack exhaustion while parsing xml files in recovery mode 1330101 - CVE-2016-2109 openssl: ASN.1 BIO handling of large amounts of data 1331402 - CVE-2016-2108 openssl: Memory corruption in the ASN.1 encoder 1331426 - CVE-2016-2107 openssl: Padding oracle in AES-NI CBC MAC check 1331441 - CVE-2016-2105 openssl: EVP_EncodeUpdate overflow 1331536 - CVE-2016-2106 openssl: EVP_EncryptUpdate overflow 1332443 - CVE-2016-3705 libxml2: stack overflow before detecting invalid XML file 1332820 - CVE-2016-4483 libxml2: out-of-bounds read 1338682 - CVE-2016-1833 libxml2: Heap-based buffer overread in htmlCurrentChar 1338686 - CVE-2016-4447 libxml2: Heap-based buffer underreads due to xmlParseName 1338691 - CVE-2016-1835 libxml2: Heap use-after-free in xmlSAX2AttributeNs 1338696 - CVE-2016-1837 libxml2: Heap use-after-free in htmlPArsePubidLiteral and htmlParseSystemiteral 1338700 - CVE-2016-4448 libxml2: Format string vulnerability 1338701 - CVE-2016-4449 libxml2: Inappropriate fetch of entities content 1338702 - CVE-2016-1836 libxml2: Heap use-after-free in xmlDictComputeFastKey 1338703 - CVE-2016-1839 libxml2: Heap-based buffer overread in xmlDictAddString 1338705 - CVE-2016-1838 libxml2: Heap-based buffer overread in xmlPArserPrintFileContextInternal 1338706 - CVE-2016-1840 libxml2: Heap-buffer-overflow in xmlFAParserPosCharGroup 1338708 - CVE-2016-1834 libxml2: Heap-buffer-overflow in xmlStrncat 1338711 - CVE-2016-1762 libxml2: Heap-based buffer-overread in xmlNextChar 1341583 - CVE-2016-4459 mod_cluster: Buffer overflow in mod_manager when sending request with long JVMRoute 1341705 - CVE-2016-2177 openssl: Possible integer overflow vulnerabilities in codebase 1343400 - CVE-2016-2178 openssl: Non-constant time codepath followed for certain operations in DSA implementation 1362183 - CVE-2016-5419 curl: TLS session resumption client cert bypass 1362190 - CVE-2016-5420 curl: Re-using connection with wrong client cert 1373229 - CVE-2016-7141 curl: Incorrect reuse of client certificates 1382352 - CVE-2016-6808 mod_jk: Buffer overflow when concatenating virtual host name and URI 1387605 - CVE-2016-8612 JBCS mod_cluster: Protocol parsing logic error

    1. JIRA issues fixed (https://issues.jboss.org/):

    JBCS-50 - CVE-2012-1148 CVE-2012-0876 expat: various flaws [jbews-3.0.0] JBCS-95 - CVE-2014-3523 httpd: WinNT MPM denial of service

    1. References:

    https://access.redhat.com/security/cve/CVE-2012-1148 https://access.redhat.com/security/cve/CVE-2014-3523 https://access.redhat.com/security/cve/CVE-2014-8176 https://access.redhat.com/security/cve/CVE-2015-0209 https://access.redhat.com/security/cve/CVE-2015-0286 https://access.redhat.com/security/cve/CVE-2015-3185 https://access.redhat.com/security/cve/CVE-2015-3194 https://access.redhat.com/security/cve/CVE-2015-3195 https://access.redhat.com/security/cve/CVE-2015-3196 https://access.redhat.com/security/cve/CVE-2015-3216 https://access.redhat.com/security/cve/CVE-2016-0702 https://access.redhat.com/security/cve/CVE-2016-0705 https://access.redhat.com/security/cve/CVE-2016-0797 https://access.redhat.com/security/cve/CVE-2016-0799 https://access.redhat.com/security/cve/CVE-2016-1762 https://access.redhat.com/security/cve/CVE-2016-1833 https://access.redhat.com/security/cve/CVE-2016-1834 https://access.redhat.com/security/cve/CVE-2016-1835 https://access.redhat.com/security/cve/CVE-2016-1836 https://access.redhat.com/security/cve/CVE-2016-1837 https://access.redhat.com/security/cve/CVE-2016-1838 https://access.redhat.com/security/cve/CVE-2016-1839 https://access.redhat.com/security/cve/CVE-2016-1840 https://access.redhat.com/security/cve/CVE-2016-2105 https://access.redhat.com/security/cve/CVE-2016-2106 https://access.redhat.com/security/cve/CVE-2016-2107 https://access.redhat.com/security/cve/CVE-2016-2108 https://access.redhat.com/security/cve/CVE-2016-2109 https://access.redhat.com/security/cve/CVE-2016-2177 https://access.redhat.com/security/cve/CVE-2016-2178 https://access.redhat.com/security/cve/CVE-2016-2842 https://access.redhat.com/security/cve/CVE-2016-3627 https://access.redhat.com/security/cve/CVE-2016-3705 https://access.redhat.com/security/cve/CVE-2016-4447 https://access.redhat.com/security/cve/CVE-2016-4448 https://access.redhat.com/security/cve/CVE-2016-4449 https://access.redhat.com/security/cve/CVE-2016-4459 https://access.redhat.com/security/cve/CVE-2016-4483 https://access.redhat.com/security/cve/CVE-2016-5419 https://access.redhat.com/security/cve/CVE-2016-5420 https://access.redhat.com/security/cve/CVE-2016-6808 https://access.redhat.com/security/cve/CVE-2016-7141 https://access.redhat.com/security/cve/CVE-2016-8612 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.apachehttp&downloadType=distributions&version=2.4.23 https://access.redhat.com/documentation/en/red-hat-jboss-core-services-apache-http-server/version-2.4.23/apache-http-server-2423-release-notes/

    1. Contact:

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

    Copyright 2016 Red Hat, Inc. ============================================================================ Ubuntu Security Notice USN-2537-1 March 19, 2015

    openssl vulnerabilities

    A security issue affects these releases of Ubuntu and its derivatives:

    • Ubuntu 14.10
    • Ubuntu 14.04 LTS
    • Ubuntu 12.04 LTS
    • Ubuntu 10.04 LTS

    Summary:

    Several security issues were fixed in OpenSSL.

    Software Description: - openssl: Secure Socket Layer (SSL) cryptographic library and tools

    Details:

    It was discovered that OpenSSL incorrectly handled malformed EC private key files. (CVE-2015-0293)

    Update instructions:

    The problem can be corrected by updating your system to the following package versions:

    Ubuntu 14.10: libssl1.0.0 1.0.1f-1ubuntu9.4

    Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.11

    Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.25

    Ubuntu 10.04 LTS: libssl0.9.8 0.9.8k-7ubuntu8.27

    After a standard system update you need to reboot your computer to make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    APPLE-SA-2015-06-30-2 OS X Yosemite v10.10.4 and Security Update 2015-005

    OS X Yosemite v10.10.4 and Security Update 2015-005 are now available and address the following:

    Admin Framework Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: A process may gain admin privileges without proper authentication Description: An issue existed when checking XPC entitlements. CVE-ID CVE-2015-3671 : Emil Kvarnhammar at TrueSec

    Admin Framework Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: A non-admin user may obtain admin rights Description: An issue existed in the handling of user authentication. CVE-ID CVE-2015-3672 : Emil Kvarnhammar at TrueSec

    Admin Framework Available for: OS X Yosemite v10.10 to v10.10.3 Impact: An attacker may abuse Directory Utility to gain root privileges Description: Directory Utility was able to be moved and modified to achieve code execution within an entitled process. CVE-ID CVE-2015-3674 : Dean Jerkovich of NCC Group

    apache Available for: OS X Yosemite v10.10 to v10.10.3 Impact: An attacker may be able to access directories that are protected with HTTP authentication without knowing the correct credentials Description: The default Apache configuration did not include mod_hfs_apple. If Apache was manually enabled and the configuration was not changed, some files that should not be accessible might have been accessible using a specially crafted URL. CVE-ID CVE-2015-1157 CVE-2015-3685 : Apple CVE-2015-3686 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-3687 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-3688 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-3689 : Apple

    coreTLS Available for: OS X Yosemite v10.10 to v10.10.3 Impact: An attacker with a privileged network position may intercept SSL/TLS connections Description: coreTLS accepted short ephemeral Diffie-Hellman (DH) keys, as used in export-strength ephemeral DH cipher suites. This issue, also known as Logjam, allowed an attacker with a privileged network position to downgrade security to 512-bit DH if the server supported an export-strength ephemeral DH cipher suite. The issue was addressed by increasing the default minimum size allowed for DH ephemeral keys to 768 bits. CVE-ID CVE-2015-3692 : Trammell Hudson of Two Sigma Investments, Xeno Kovah and Corey Kallenberg of LegbaCore LLC, Pedro Vilaca

    EFI Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may induce memory corruption to escalate privileges Description: A disturbance error, also known as Rowhammer, exists with some DDR3 RAM that could have led to memory corruption. CVE-ID CVE-2015-3712 : Ian Beer of Google Project Zero

    Intel Graphics Driver Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: Multiple buffer overflow issues exist in the Intel graphics driver, the most serious of which may lead to arbitrary code execution with system privileges Description: Multiple buffer overflow issues existed in the Intel graphics driver. CVE-ID CVE-2015-3695 : Ian Beer of Google Project Zero CVE-2015-3696 : Ian Beer of Google Project Zero CVE-2015-3697 : Ian Beer of Google Project Zero CVE-2015-3698 : Ian Beer of Google Project Zero CVE-2015-3699 : Ian Beer of Google Project Zero CVE-2015-3700 : Ian Beer of Google Project Zero CVE-2015-3701 : Ian Beer of Google Project Zero CVE-2015-3702 : KEEN Team

    ImageIO Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: Multiple vulnerabilities existed in libtiff, the most serious of which may lead to arbitrary code execution Description: Multiple vulnerabilities existed in libtiff versions prior to 4.0.4. CVE-ID CVE-2015-3709 : Ian Beer of Google Project Zero

    Mail Available for: OS X Yosemite v10.10 to v10.10.3 Impact: A maliciously crafted email can replace the message content with an arbitrary webpage when the message is viewed Description: An issue existed in the support for HTML email which allowed message content to be refreshed with an arbitrary webpage. CVE-ID CVE-2015-3711 : Peter Rutenbar working with HP's Zero Day Initiative

    ntp Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: An attacker in a privileged position may be able to perform a denial of service attack against two ntp clients Description: Multiple issues existed in the authentication of ntp packets being received by configured end-points. Geshev working with HP's Zero Day Initiative CVE-2015-3662 : kdot working with HP's Zero Day Initiative CVE-2015-3663 : kdot working with HP's Zero Day Initiative CVE-2015-3666 : Steven Seeley of Source Incite working with HP's Zero Day Initiative CVE-2015-3667 : Ryan Pentney, Richard Johnson of Cisco Talos and Kai Lu of Fortinet's FortiGuard Labs, Ryan Pentney, and Richard Johnson of Cisco Talos and Kai Lu of Fortinet's FortiGuard Labs CVE-2015-3668 : Kai Lu of Fortinet's FortiGuard Labs CVE-2015-3713 : Apple

    Security Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: A remote attacker may cause an unexpected application termination or arbitrary code execution Description: An integer overflow existed in the Security framework code for parsing S/MIME e-mail and some other signed or encrypted objects. CVE-ID CVE-2013-1741

    Security Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: Tampered applications may not be prevented from launching Description: Apps using custom resource rules may have been susceptible to tampering that would not have invalidated the signature. CVE-ID CVE-2015-3715 : Patrick Wardle of Synack

    Spotlight Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: Searching for a malicious file with Spotlight may lead to command injection Description: A command injection vulnerability existed in the handling of filenames of photos added to the local photo library. By sending a maliciously formatted message to systemstatsd, it may have been possible to execute arbitrary code as the systemstatsd process. CVE-ID

    CVE-2014-8139 CVE-2014-8140 CVE-2014-8141

    OS X Yosemite 10.10.4 includes the security content of Safari 8.0.7

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "1.0.0c"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "1.0.2"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "1.0.0d"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "1.0.1l"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "1.0.0e"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "1.0.0a"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "1.0.0b"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "1.0.1k"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "1.0.0"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "1.0.0q"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "1.0.0p"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "1.0.1f"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "1.0.0k"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "1.0.1d"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "1.0.1c"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "1.0.1h"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "1.0.0j"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "1.0.1j"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "1.0.0l"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "1.0.1i"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "1.0.1"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "1.0.1e"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "1.0.0m"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "1.0.0g"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "1.0.1g"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "1.0.0o"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "1.0.0f"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.8ze"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "1.0.0n"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "1.0.1a"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "1.0.0i"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "1.0.0h"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "1.0.1b"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "ne",
            "trust": 0.6,
            "vendor": "hp",
            "version": "7.5"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hp",
            "version": "7.4"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "openssl",
            "version": "0.9.8ze"
          },
          {
            "_id": null,
            "model": "hp-ux b.11.23 (11i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "v2)"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.1"
          },
          {
            "_id": null,
            "model": "netezza platform software 7.0.4.8-p2",
            "scope": null,
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "aura collaboration environment",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "flex system en2092 1gb ethernet scalable switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.8.60"
          },
          {
            "_id": null,
            "model": "informix genero",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.32"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.3.1"
          },
          {
            "_id": null,
            "model": "bladecenter advanced management module 25r5778",
            "scope": null,
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "security network controller 1.0.3361m",
            "scope": null,
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.10.186"
          },
          {
            "_id": null,
            "model": "algo one ase",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.7"
          },
          {
            "_id": null,
            "model": "system networking rackswitch g8124e",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.11.4.0"
          },
          {
            "_id": null,
            "model": "bladecenter -s",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1948"
          },
          {
            "_id": null,
            "model": "security access manager for web",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "gb esm ethernet switch",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1/107.4.11.0"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.2.6"
          },
          {
            "_id": null,
            "model": "systems insight manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "virtual fabric 10gb switch module for bladecenter",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.8.20.0"
          },
          {
            "_id": null,
            "model": "icewall mcrp sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "smartcloud entry fix pack",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.211"
          },
          {
            "_id": null,
            "model": "project openssl 0.9.8f",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "pureapplication system interim fix",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.0.0.1"
          },
          {
            "_id": null,
            "model": "sbr carrier",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "juniper",
            "version": "0"
          },
          {
            "_id": null,
            "model": "i operating system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2"
          },
          {
            "_id": null,
            "model": "rational clearcase",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.12"
          },
          {
            "_id": null,
            "model": "peoplesoft enterprise peopletools",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "8.53"
          },
          {
            "_id": null,
            "model": "virtual fabric 10gb switch module for bladecenter",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.8.6.0"
          },
          {
            "_id": null,
            "model": "algo one core",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.7"
          },
          {
            "_id": null,
            "model": "project openssl 1.0.0d",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl 1.0.1e",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "version control repository manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.2.2"
          },
          {
            "_id": null,
            "model": "insight orchestration",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.2"
          },
          {
            "_id": null,
            "model": "netezza platform software 7.0.4.7-p1",
            "scope": null,
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "informix genero",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.41"
          },
          {
            "_id": null,
            "model": "project openssl beta3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "1.0.1"
          },
          {
            "_id": null,
            "model": "security access manager for mobile",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.5"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.4"
          },
          {
            "_id": null,
            "model": "mysql enterprise monitor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "3.0.20"
          },
          {
            "_id": null,
            "model": "project openssl 0.9.8u",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0"
          },
          {
            "_id": null,
            "model": "version control repository manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.8.780"
          },
          {
            "_id": null,
            "model": "project openssl 1.0.1a",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "contactoptimization",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.2"
          },
          {
            "_id": null,
            "model": "pureapplication system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "insight orchestration",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.5.0"
          },
          {
            "_id": null,
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "3.2.2"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.1.6"
          },
          {
            "_id": null,
            "model": "smartcloud entry",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.2.0.1"
          },
          {
            "_id": null,
            "model": "security access manager for web",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.4"
          },
          {
            "_id": null,
            "model": "contactoptimization",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.1.1"
          },
          {
            "_id": null,
            "model": "aspera shares",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "asperasoft",
            "version": "1.7.5"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.7"
          },
          {
            "_id": null,
            "model": "version control agent",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.5.0"
          },
          {
            "_id": null,
            "model": "worklight foundation consumer edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.20"
          },
          {
            "_id": null,
            "model": "cms",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "17.0"
          },
          {
            "_id": null,
            "model": "storwize unified",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70001.5.0.1"
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "8.2"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.1.2"
          },
          {
            "_id": null,
            "model": "abyp-4tl-p",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "0"
          },
          {
            "_id": null,
            "model": "rational tau",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.35"
          },
          {
            "_id": null,
            "model": "communications session border controller scz7.4.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.2.15"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.2"
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "4.0.1"
          },
          {
            "_id": null,
            "model": "infosphere information server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "11.3"
          },
          {
            "_id": null,
            "model": "sonas",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.5.2.0"
          },
          {
            "_id": null,
            "model": "security network controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.0.1209"
          },
          {
            "_id": null,
            "model": "project openssl k",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "rational clearcase",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.24"
          },
          {
            "_id": null,
            "model": "campaign",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.1.0.4"
          },
          {
            "_id": null,
            "model": "project openssl 1.0.2a",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "8.4"
          },
          {
            "_id": null,
            "model": "qradar security information and event manager mr2 patch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.16"
          },
          {
            "_id": null,
            "model": "netezza platform software 7.2.0.4-p3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl 1.0.0g",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.04"
          },
          {
            "_id": null,
            "model": "workload deployer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.16"
          },
          {
            "_id": null,
            "model": "security access manager for mobile",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.3"
          },
          {
            "_id": null,
            "model": "rational clearcase",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.8"
          },
          {
            "_id": null,
            "model": "tivoli netcool/reporter",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2"
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "8.1.3"
          },
          {
            "_id": null,
            "model": "vios fp-25 sp-02",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.1.4"
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "7.0.3"
          },
          {
            "_id": null,
            "model": "endeca server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "7.6.1.0.0"
          },
          {
            "_id": null,
            "model": "system networking rackswitch g8124",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.11.4.0"
          },
          {
            "_id": null,
            "model": "security network controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.0.3361"
          },
          {
            "_id": null,
            "model": "sterling integrator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.1"
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "4.2.10"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.1.1"
          },
          {
            "_id": null,
            "model": "netezza platform software 7.0.2.16-p3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.7"
          },
          {
            "_id": null,
            "model": "sametime",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0.0.1"
          },
          {
            "_id": null,
            "model": "initiate master data service",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.2"
          },
          {
            "_id": null,
            "model": "project openssl 0.9.8zb",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "netscaler t1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "citrix",
            "version": "0"
          },
          {
            "_id": null,
            "model": "security access manager for web",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.1.1"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "3.0.0-68"
          },
          {
            "_id": null,
            "model": "worklight foundation enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.20"
          },
          {
            "_id": null,
            "model": "version control agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.1.0.842"
          },
          {
            "_id": null,
            "model": "systems director",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.2"
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "apple",
            "version": "9"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "3.0.0"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.8.1"
          },
          {
            "_id": null,
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.04"
          },
          {
            "_id": null,
            "model": "sonas",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.4"
          },
          {
            "_id": null,
            "model": "version control repository manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.3.0.870"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.2.2"
          },
          {
            "_id": null,
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "3.0.2-77"
          },
          {
            "_id": null,
            "model": "communications policy management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.9.1"
          },
          {
            "_id": null,
            "model": "netezza platform software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2.0.3"
          },
          {
            "_id": null,
            "model": "rational clearcase",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.2.17"
          },
          {
            "_id": null,
            "model": "campaign",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.1"
          },
          {
            "_id": null,
            "model": "system networking rackswitch g8332",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.7.20.0"
          },
          {
            "_id": null,
            "model": "image construction and composition tool",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.3.1.0"
          },
          {
            "_id": null,
            "model": "project openssl 1.0.1m",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "contactoptimization",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1"
          },
          {
            "_id": null,
            "model": "version control agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.0.0.840"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.2.4"
          },
          {
            "_id": null,
            "model": "sonas",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.4.3.0"
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "7.1.1"
          },
          {
            "_id": null,
            "model": "infinity",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pexip",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "project openssl 1.0.0r",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "version control agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.2"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "3.0.2.77"
          },
          {
            "_id": null,
            "model": "project openssl 0.9.8w",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "7.1"
          },
          {
            "_id": null,
            "model": "cognos tm1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.5.2"
          },
          {
            "_id": null,
            "model": "rational clearcase",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0"
          },
          {
            "_id": null,
            "model": "service delivery manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2.1"
          },
          {
            "_id": null,
            "model": "tivoli workload scheduler for applications",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.4"
          },
          {
            "_id": null,
            "model": "flex system fabric en4093r 10gb scalable switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.8.6.0"
          },
          {
            "_id": null,
            "model": "flashsystem 9843-ae1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "840"
          },
          {
            "_id": null,
            "model": "rational clearcase",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.27"
          },
          {
            "_id": null,
            "model": "campaign",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.11"
          },
          {
            "_id": null,
            "model": "project openssl 1.0.0m",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.2.27"
          },
          {
            "_id": null,
            "model": "sterling connect:express for unix ifix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.5.0.11150-11"
          },
          {
            "_id": null,
            "model": "rational application developer for websphere",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.1.1"
          },
          {
            "_id": null,
            "model": "business server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "1"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.2.8"
          },
          {
            "_id": null,
            "model": "project openssl 1.0.1g",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "smartcloud entry",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.2.0.4"
          },
          {
            "_id": null,
            "model": "g8264cs si fabric image",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.8.10.0"
          },
          {
            "_id": null,
            "model": "contactoptimization",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2"
          },
          {
            "_id": null,
            "model": "systems insight manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "sonas",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.4.1.1"
          },
          {
            "_id": null,
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.04"
          },
          {
            "_id": null,
            "model": "enterprise manager ops center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.1"
          },
          {
            "_id": null,
            "model": "project openssl 0.9.8m",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "flex system cn4093 10gb scalable switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.8.10.0"
          },
          {
            "_id": null,
            "model": "aura experience portal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "infinity",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pexip",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "ds8870",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "87.41.32.0"
          },
          {
            "_id": null,
            "model": "mysql enterprise monitor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "2.3"
          },
          {
            "_id": null,
            "model": "project openssl j",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "qlogic 8gb intelligent pass-thru module \u0026 san switch module",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.10.1.31.00"
          },
          {
            "_id": null,
            "model": "rational application developer for websphere",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.1"
          },
          {
            "_id": null,
            "model": "command center appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "citrix",
            "version": "0"
          },
          {
            "_id": null,
            "model": "workload deployer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "security virtual server protection for vmware",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.1.0.1"
          },
          {
            "_id": null,
            "model": "gb esm ethernet switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1/107.4.10.0"
          },
          {
            "_id": null,
            "model": "systems insight manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.2.1"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.0.96"
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.2.4"
          },
          {
            "_id": null,
            "model": "sterling connect:enterprise for unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.5.0.0"
          },
          {
            "_id": null,
            "model": "bladecenter -t",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8720"
          },
          {
            "_id": null,
            "model": "aspera shares",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "asperasoft",
            "version": "1.0.1"
          },
          {
            "_id": null,
            "model": "storwize unified",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70001.3.23"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.1.5"
          },
          {
            "_id": null,
            "model": "flex system cn4093 10gb scalable switch",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.8.11.0"
          },
          {
            "_id": null,
            "model": "storwize unified",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70001.5.0.2"
          },
          {
            "_id": null,
            "model": "storwize unified",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70001.4.2.1"
          },
          {
            "_id": null,
            "model": "tivoli common reporting",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.1.1.2"
          },
          {
            "_id": null,
            "model": "qradar security information and event manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2.4"
          },
          {
            "_id": null,
            "model": "qradar security information and event manager mr2 patch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.17"
          },
          {
            "_id": null,
            "model": "netezza platform software 7.0.2.15-p1",
            "scope": null,
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.2.0"
          },
          {
            "_id": null,
            "model": "initiate master data service patient hub",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.7"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.6.156"
          },
          {
            "_id": null,
            "model": "ds8700",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "87.31.16.0"
          },
          {
            "_id": null,
            "model": "netscaler gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "citrix",
            "version": "0"
          },
          {
            "_id": null,
            "model": "project openssl 1.0.1i",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.12"
          },
          {
            "_id": null,
            "model": "enterprise manager ops center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.1.3"
          },
          {
            "_id": null,
            "model": "security network controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.0.913"
          },
          {
            "_id": null,
            "model": "alienvault",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "alienvault",
            "version": "4.13"
          },
          {
            "_id": null,
            "model": "rational clearcase",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.2"
          },
          {
            "_id": null,
            "model": "tivoli provisioning manager for os deployment",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.1"
          },
          {
            "_id": null,
            "model": "sdk for node.js",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.1.0.13"
          },
          {
            "_id": null,
            "model": "systems director",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.3.1.1"
          },
          {
            "_id": null,
            "model": "infosphere guardium database activity monitoring",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "infosphere master data management patient hub",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "campaign",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.10"
          },
          {
            "_id": null,
            "model": "sametime unified telephony",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "storwize unified",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70001.5.0.0"
          },
          {
            "_id": null,
            "model": "sterling connect:express for unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.4.6"
          },
          {
            "_id": null,
            "model": "security access manager for mobile",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.2"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.6"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "14.10"
          },
          {
            "_id": null,
            "model": "alienvault",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "alienvault",
            "version": "4.12"
          },
          {
            "_id": null,
            "model": "qradar security information and event manager patch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2.43"
          },
          {
            "_id": null,
            "model": "flex system en4023 10gb scalable switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "flex system fc5022 16gb san scalable switch 7.2.1c",
            "scope": null,
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "virtual fabric 10gb switch module for bladecenter",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.8.21.0"
          },
          {
            "_id": null,
            "model": "mobilefirst platform foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.3.0.0"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.211"
          },
          {
            "_id": null,
            "model": "bladecenter -s",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8886"
          },
          {
            "_id": null,
            "model": "system networking rackswitch g8124e",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.11.3.0"
          },
          {
            "_id": null,
            "model": "cognos controller if4",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.1"
          },
          {
            "_id": null,
            "model": "campaign",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.10"
          },
          {
            "_id": null,
            "model": "rational clearcase",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.2.9"
          },
          {
            "_id": null,
            "model": "communications session border controller scz7.3.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "4.2.7"
          },
          {
            "_id": null,
            "model": "real-time compression appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.9"
          },
          {
            "_id": null,
            "model": "enterprise manager ops center",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "12.2"
          },
          {
            "_id": null,
            "model": "sterling connect:enterprise for unix ifix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.4.4.03"
          },
          {
            "_id": null,
            "model": "sdk for node.js",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.1.0.7"
          },
          {
            "_id": null,
            "model": "project openssl 0.9.8r",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "sonas",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.3.21"
          },
          {
            "_id": null,
            "model": "aspera faspex",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "asperasoft",
            "version": "3.0.3"
          },
          {
            "_id": null,
            "model": "algo one pcre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.7"
          },
          {
            "_id": null,
            "model": "aspera ondemand",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "asperasoft",
            "version": "3.5"
          },
          {
            "_id": null,
            "model": "version control agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.2.1"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.2.16"
          },
          {
            "_id": null,
            "model": "qradar security information and event manager patch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2.42"
          },
          {
            "_id": null,
            "model": "project openssl 0.9.8n",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "bundle of g8264cs image",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.8.10.0"
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.14"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.9.2"
          },
          {
            "_id": null,
            "model": "virtual connect enterprise manager sdk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.4"
          },
          {
            "_id": null,
            "model": "abyp-2t-1s-1l-p-m",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "0"
          },
          {
            "_id": null,
            "model": "project openssl beta1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "1.0.2"
          },
          {
            "_id": null,
            "model": "version control repository manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.3"
          },
          {
            "_id": null,
            "model": "rational tau",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.36"
          },
          {
            "_id": null,
            "model": "security network intrusion prevention system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.3"
          },
          {
            "_id": null,
            "model": "version control repository manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.2.0.820"
          },
          {
            "_id": null,
            "model": "aspera console",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "asperasoft",
            "version": "2.5.3"
          },
          {
            "_id": null,
            "model": "sametime",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.2.1"
          },
          {
            "_id": null,
            "model": "security network controller 1.0.3350m",
            "scope": null,
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "initiate master data service",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.5"
          },
          {
            "_id": null,
            "model": "mysql enterprise monitor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "project openssl 0.9.8y",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "cognos metrics manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.2"
          },
          {
            "_id": null,
            "model": "aspera connect server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "asperasoft",
            "version": "3.5.4"
          },
          {
            "_id": null,
            "model": "netezza platform software 7.2.0.4-p2",
            "scope": null,
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "icewall sso agent option",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "8.02007"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.11"
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "5.1.1"
          },
          {
            "_id": null,
            "model": "campaign",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "project openssl beta4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "1.0.0"
          },
          {
            "_id": null,
            "model": "campaign",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.3"
          },
          {
            "_id": null,
            "model": "websphere mq",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.3"
          },
          {
            "_id": null,
            "model": "sterling connect:enterprise for unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.4.4.0"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.213"
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.0.11"
          },
          {
            "_id": null,
            "model": "infinity",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "pexip",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "contactoptimization",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.6"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0.1"
          },
          {
            "_id": null,
            "model": "tssc/imc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.4"
          },
          {
            "_id": null,
            "model": "project openssl 1.0.0l",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "rational clearcase",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.6"
          },
          {
            "_id": null,
            "model": "systems director",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.3.20"
          },
          {
            "_id": null,
            "model": "netscaler application delivery controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "citrix",
            "version": "0"
          },
          {
            "_id": null,
            "model": "cognos insight",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.2.1"
          },
          {
            "_id": null,
            "model": "project openssl beta5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "1.0.0"
          },
          {
            "_id": null,
            "model": "rational tau",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.34"
          },
          {
            "_id": null,
            "model": "bladecenter -e",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7967"
          },
          {
            "_id": null,
            "model": "abyp-2t-1s-1l-p",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "0"
          },
          {
            "_id": null,
            "model": "system networking rackswitch g8124",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.9.13.0"
          },
          {
            "_id": null,
            "model": "storwize unified",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70001.4.1.1"
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "6.0.2"
          },
          {
            "_id": null,
            "model": "version control agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.3.3"
          },
          {
            "_id": null,
            "model": "system networking rackswitch g8052",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.9.14.0"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.2.3"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "3.0.68"
          },
          {
            "_id": null,
            "model": "opensuse",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "13.2"
          },
          {
            "_id": null,
            "model": "sonas",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.3.0.0"
          },
          {
            "_id": null,
            "model": "flex system fabric en4093r 10gb scalable switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.8.9"
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "3.2"
          },
          {
            "_id": null,
            "model": "abyp-10g-2sr-2lr-1-p-m",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "0"
          },
          {
            "_id": null,
            "model": "security network protection",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.2.0"
          },
          {
            "_id": null,
            "model": "sonas",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.3.2.0"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.1.0.102"
          },
          {
            "_id": null,
            "model": "campaign",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5"
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "4.2.6"
          },
          {
            "_id": null,
            "model": "system networking rackswitch g8124",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.11.3.0"
          },
          {
            "_id": null,
            "model": "sdk for node.js",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.1.0.3"
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.3.4"
          },
          {
            "_id": null,
            "model": "infinity",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pexip",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "project openssl 0.9.8p",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "systems insight manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.3.1"
          },
          {
            "_id": null,
            "model": "initiate master data service",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.1"
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "7.0.1"
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "8"
          },
          {
            "_id": null,
            "model": "version control repository manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.2.1.830"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "bladecenter -h",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8852"
          },
          {
            "_id": null,
            "model": "si4093 si fabric",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.8.11.0"
          },
          {
            "_id": null,
            "model": "bladecenter -ht",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8750"
          },
          {
            "_id": null,
            "model": "infosphere information server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.1"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.15-210"
          },
          {
            "_id": null,
            "model": "rational clearcase",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.01"
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.0.13"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.9.4"
          },
          {
            "_id": null,
            "model": "peoplesoft enterprise peopletools",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "8.54"
          },
          {
            "_id": null,
            "model": "abyp-2t-2s-0l-p",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "0"
          },
          {
            "_id": null,
            "model": "linux ia-64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "6.2"
          },
          {
            "_id": null,
            "model": "security proventia network enterprise scanner",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.3"
          },
          {
            "_id": null,
            "model": "systems director",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.3.5.0"
          },
          {
            "_id": null,
            "model": "powerkvm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "sterling connect:enterprise for unix ifix03",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.5.0.3"
          },
          {
            "_id": null,
            "model": "security access manager for web",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "aspera console",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "asperasoft",
            "version": "2.3.1"
          },
          {
            "_id": null,
            "model": "aspera connect server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "asperasoft",
            "version": "3.5.2"
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "4.0.2"
          },
          {
            "_id": null,
            "model": "tivoli common reporting",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.1.0.2"
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "4.2"
          },
          {
            "_id": null,
            "model": "smartcloud entry fix pack",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.2.08"
          },
          {
            "_id": null,
            "model": "worklight consumer edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.0.0"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.2.9.1"
          },
          {
            "_id": null,
            "model": "cognos insight",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.2"
          },
          {
            "_id": null,
            "model": "security network intrusion prevention system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.5"
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.3.2"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.1.0-103"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.12.201"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.0.0.95"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.06"
          },
          {
            "_id": null,
            "model": "rational insight",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.1.1.4"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.10.3"
          },
          {
            "_id": null,
            "model": "infinity",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pexip",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "qradar security information and event manager mr2 patch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.15"
          },
          {
            "_id": null,
            "model": "cognos controller fp3 if2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.1.1"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.1.4"
          },
          {
            "_id": null,
            "model": "power hmc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.7.8.0"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.9.1"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.9"
          },
          {
            "_id": null,
            "model": "version control agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.7.770"
          },
          {
            "_id": null,
            "model": "flex system fabric si4093 system interconnect module",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.8.11.0"
          },
          {
            "_id": null,
            "model": "rational clearcase",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.4"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.0.0-95"
          },
          {
            "_id": null,
            "model": "security network controller 1.0.3379m",
            "scope": null,
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "flex system en2092 1gb ethernet scalable switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.8.7"
          },
          {
            "_id": null,
            "model": "rational clearcase",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.1.6"
          },
          {
            "_id": null,
            "model": "project openssl 0.9.8za",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "qradar security information and event manager mr2 patch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.19"
          },
          {
            "_id": null,
            "model": "openscape voice r1.43.1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "unify",
            "version": "v7"
          },
          {
            "_id": null,
            "model": "abyp-0t-4s-0l-p",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "0"
          },
          {
            "_id": null,
            "model": "algo one aggregation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.9"
          },
          {
            "_id": null,
            "model": "project openssl 0.9.8m beta1",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "systems insight manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.2.2"
          },
          {
            "_id": null,
            "model": "pureapplication system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.0.0.1"
          },
          {
            "_id": null,
            "model": "version control agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.3.1"
          },
          {
            "_id": null,
            "model": "hp-ux b.11.11 (11i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "v1)"
          },
          {
            "_id": null,
            "model": "predictiveinsight",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "rational clearcase",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.1.2"
          },
          {
            "_id": null,
            "model": "abyp-4ts-p-m",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "0"
          },
          {
            "_id": null,
            "model": "rational clearcase",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.2.15"
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "4.1"
          },
          {
            "_id": null,
            "model": "security network intrusion prevention system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.4"
          },
          {
            "_id": null,
            "model": "netezza platform software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.45"
          },
          {
            "_id": null,
            "model": "sterling connect:enterprise for unix ifix",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.5.0.38"
          },
          {
            "_id": null,
            "model": "rational clearcase",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.07"
          },
          {
            "_id": null,
            "model": "project openssl 0.9.8q",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "sterling connect:express for unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.5.0.11"
          },
          {
            "_id": null,
            "model": "systems insight manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.0.0.96"
          },
          {
            "_id": null,
            "model": "rational developer for i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.1.1"
          },
          {
            "_id": null,
            "model": "sterling connect:express for unix ifix",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.5.0.11150-11"
          },
          {
            "_id": null,
            "model": "security privileged identity manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.0.1.1"
          },
          {
            "_id": null,
            "model": "flex system fc5022 16gb san scalable switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.7.4"
          },
          {
            "_id": null,
            "model": "infosphere master data management provider hub",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "initiate master data service",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.7"
          },
          {
            "_id": null,
            "model": "algo one ase",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.9"
          },
          {
            "_id": null,
            "model": "websphere mq",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.1"
          },
          {
            "_id": null,
            "model": "rational application developer for websphere",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.1.0.1"
          },
          {
            "_id": null,
            "model": "abyp-10g-4lr-1-p",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "0"
          },
          {
            "_id": null,
            "model": "abyp-10g-4lr-1-p-m",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "0"
          },
          {
            "_id": null,
            "model": "mysql enterprise monitor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "3.0.10"
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "qradar security information and event manager patch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2.44"
          },
          {
            "_id": null,
            "model": "netezza platform software 7.0.4.8-p1",
            "scope": null,
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "infosphere information server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.2.127"
          },
          {
            "_id": null,
            "model": "version control repository manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.10.800"
          },
          {
            "_id": null,
            "model": "predictiveinsight",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5"
          },
          {
            "_id": null,
            "model": "rational clearcase",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.1.1"
          },
          {
            "_id": null,
            "model": "pureapplication system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.10"
          },
          {
            "_id": null,
            "model": "rational clearcase",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.02"
          },
          {
            "_id": null,
            "model": "algo one core",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.9"
          },
          {
            "_id": null,
            "model": "systems insight manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5.3"
          },
          {
            "_id": null,
            "model": "sterling connect:express for unix ifix",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.4.6.1146-109"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "ds8800",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "86.31.123.0"
          },
          {
            "_id": null,
            "model": "ip office server edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "flex system en2092 1gb ethernet scalable switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.8.10.0"
          },
          {
            "_id": null,
            "model": "storwize unified",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70001.4"
          },
          {
            "_id": null,
            "model": "rational clearcase",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.07"
          },
          {
            "_id": null,
            "model": "project openssl 1.0.1c",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "predictiveinsight",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.6"
          },
          {
            "_id": null,
            "model": "predictiveinsight",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "smartcloud entry",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.2.0.2"
          },
          {
            "_id": null,
            "model": "pureapplication system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "sonas",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.4.1.0"
          },
          {
            "_id": null,
            "model": "bladecenter -e",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1881"
          },
          {
            "_id": null,
            "model": "netezza platform software 7.1.0.4-p1",
            "scope": null,
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "openscape voice r1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "unify",
            "version": "v7"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.5"
          },
          {
            "_id": null,
            "model": "cloud manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.1.0.1"
          },
          {
            "_id": null,
            "model": "security network controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.0.1768"
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "7.0.4"
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "4.3.5"
          },
          {
            "_id": null,
            "model": "security access manager for mobile",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.1"
          },
          {
            "_id": null,
            "model": "business intelligence enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.1.1.9"
          },
          {
            "_id": null,
            "model": "algo one mag",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.7"
          },
          {
            "_id": null,
            "model": "abyp-0t-0s-4l-p-m",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "0"
          },
          {
            "_id": null,
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8v"
          },
          {
            "_id": null,
            "model": "security access manager for web",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.5"
          },
          {
            "_id": null,
            "model": "pureapplication system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.11"
          },
          {
            "_id": null,
            "model": "flex system fabric si4093 system interconnect module",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.8.4.0"
          },
          {
            "_id": null,
            "model": "project openssl 1.0.1f",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "aspera proxy",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "asperasoft",
            "version": "1.2.2"
          },
          {
            "_id": null,
            "model": "abyp-4t-0s-0l-p-m",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "0"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "3.0.1-73"
          },
          {
            "_id": null,
            "model": "contactoptimization",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.1"
          },
          {
            "_id": null,
            "model": "aspera connect server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "asperasoft",
            "version": "3.5.1"
          },
          {
            "_id": null,
            "model": "algo audit and compliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.2.4.1"
          },
          {
            "_id": null,
            "model": "rational reporting for development intelligence",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.0.5"
          },
          {
            "_id": null,
            "model": "version control agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.8.780"
          },
          {
            "_id": null,
            "model": "pureapplication system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.1.0.5"
          },
          {
            "_id": null,
            "model": "communications policy management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.7.3"
          },
          {
            "_id": null,
            "model": "worklight enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.0.0"
          },
          {
            "_id": null,
            "model": "cognos insight",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.2.2.4"
          },
          {
            "_id": null,
            "model": "mysql enterprise monitor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "3.0.9"
          },
          {
            "_id": null,
            "model": "tivoli provisioning manager for images",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.1.0"
          },
          {
            "_id": null,
            "model": "service delivery manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2.4"
          },
          {
            "_id": null,
            "model": "campaign",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.3"
          },
          {
            "_id": null,
            "model": "sametime",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0.0.0"
          },
          {
            "_id": null,
            "model": "aspera enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "asperasoft",
            "version": "3.5.4"
          },
          {
            "_id": null,
            "model": "project openssl 0.9.8g",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "7.0.6"
          },
          {
            "_id": null,
            "model": "flex system fc5022 16gb san scalable switch 7.3.0a",
            "scope": null,
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "abyp-0t-2s-2l-p",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "0"
          },
          {
            "_id": null,
            "model": "virtual connect enterprise manager sdk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.4.1"
          },
          {
            "_id": null,
            "model": "virtual fabric 10gb switch module for bladecenter",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.8.7.0"
          },
          {
            "_id": null,
            "model": "storwize unified",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70001.41"
          },
          {
            "_id": null,
            "model": "storediq",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.6"
          },
          {
            "_id": null,
            "model": "storwize unified",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70001.3.21"
          },
          {
            "_id": null,
            "model": "integration bus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "7"
          },
          {
            "_id": null,
            "model": "version control agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.5"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "3.0.1"
          },
          {
            "_id": null,
            "model": "initiate master data service",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "security access manager for mobile",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.4"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.2.0-14"
          },
          {
            "_id": null,
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "sametime community server hf1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.10.2"
          },
          {
            "_id": null,
            "model": "project openssl 0.9.8ze",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.15"
          },
          {
            "_id": null,
            "model": "mysql enterprise monitor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "2.3.19"
          },
          {
            "_id": null,
            "model": "security access manager for mobile",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.1.2"
          },
          {
            "_id": null,
            "model": "pureapplication system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.04"
          },
          {
            "_id": null,
            "model": "secure global desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "4.63"
          },
          {
            "_id": null,
            "model": "rational clearcase",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.1.5"
          },
          {
            "_id": null,
            "model": "project openssl 1.0.0o",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "version control repository manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.2.0.860"
          },
          {
            "_id": null,
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.04"
          },
          {
            "_id": null,
            "model": "tivoli workload scheduler for applications fp02",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.4"
          },
          {
            "_id": null,
            "model": "worklight consumer edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.0.2"
          },
          {
            "_id": null,
            "model": "rational software architect",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.1.1"
          },
          {
            "_id": null,
            "model": "contactoptimization",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "system networking rackswitch g8264t",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.9.14.0"
          },
          {
            "_id": null,
            "model": "rational reporting for development intelligence",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0.2"
          },
          {
            "_id": null,
            "model": "linux lts amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "12.04"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.2.5"
          },
          {
            "_id": null,
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "1.0.2"
          },
          {
            "_id": null,
            "model": "project openssl beta2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "bladecenter -s",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7779"
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "4.2.1"
          },
          {
            "_id": null,
            "model": "algo one core",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.7.1"
          },
          {
            "_id": null,
            "model": "systems director",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.3.2.2"
          },
          {
            "_id": null,
            "model": "storwize unified",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70001.5"
          },
          {
            "_id": null,
            "model": "sametime community server limited use",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9"
          },
          {
            "_id": null,
            "model": "pureapplication system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.02"
          },
          {
            "_id": null,
            "model": "flex system en2092 1gb ethernet scalable switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.8.4.0"
          },
          {
            "_id": null,
            "model": "version control agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.3.0.870"
          },
          {
            "_id": null,
            "model": "hp-ux b.11.31 (11i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "v3)"
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "6"
          },
          {
            "_id": null,
            "model": "netezza platform software 7.0.4.8-p3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "system networking rackswitch g8332",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.7.19.0"
          },
          {
            "_id": null,
            "model": "linux mips",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "storwize unified",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70001.3.20"
          },
          {
            "_id": null,
            "model": "system networking rackswitch g8052",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.11.4.0"
          },
          {
            "_id": null,
            "model": "contactoptimization",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5"
          },
          {
            "_id": null,
            "model": "idp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "juniper",
            "version": "0"
          },
          {
            "_id": null,
            "model": "secure global desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "5.1"
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "6.0.1"
          },
          {
            "_id": null,
            "model": "alienvault",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "alienvault",
            "version": "4.12.1"
          },
          {
            "_id": null,
            "model": "sonas",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.5"
          },
          {
            "_id": null,
            "model": "security network intrusion prevention system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.6"
          },
          {
            "_id": null,
            "model": "storwize unified",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70001.40"
          },
          {
            "_id": null,
            "model": "abyp-0t-2s-2l-p-m",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "0"
          },
          {
            "_id": null,
            "model": "aura conferencing",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "aspera enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "asperasoft",
            "version": "3.5.2"
          },
          {
            "_id": null,
            "model": "ctpos 7.0r4",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "version control repository manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.0.0.840"
          },
          {
            "_id": null,
            "model": "version control repository manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.4.1"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "14.1"
          },
          {
            "_id": null,
            "model": "business intelligence enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.1.1.7"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.14"
          },
          {
            "_id": null,
            "model": "abyp-2t-0s-2l-p",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "0"
          },
          {
            "_id": null,
            "model": "storwize unified",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70001.4.32"
          },
          {
            "_id": null,
            "model": "rational clearcase",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.211"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.15210"
          },
          {
            "_id": null,
            "model": "cognos tm1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.2.2"
          },
          {
            "_id": null,
            "model": "version control repository manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.2"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.8"
          },
          {
            "_id": null,
            "model": "aspera shares",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "asperasoft",
            "version": "1.9.2"
          },
          {
            "_id": null,
            "model": "sterling connect:enterprise for unix ifix",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.4.4.04"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "3.0.64"
          },
          {
            "_id": null,
            "model": "abyp-10g-4sr-1-p-m",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "0"
          },
          {
            "_id": null,
            "model": "rational software architect for websphere software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.1.1"
          },
          {
            "_id": null,
            "model": "contactoptimization",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.6"
          },
          {
            "_id": null,
            "model": "contactoptimization",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "g8264cs si fabric image",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.8.11.0"
          },
          {
            "_id": null,
            "model": "security network controller 1.0.3352m",
            "scope": null,
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "system networking rackswitch g8264cs",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.8.10.0"
          },
          {
            "_id": null,
            "model": "flex system en4023 10gb scalable switch",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "alienvault",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "alienvault",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "rational clearcase",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.2.16"
          },
          {
            "_id": null,
            "model": "enterprise manager ops center",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "12.1.4"
          },
          {
            "_id": null,
            "model": "systems director",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.3.3.1"
          },
          {
            "_id": null,
            "model": "rational tau interim fix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.3.0.6"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.2.8"
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.1.0"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.2.14"
          },
          {
            "_id": null,
            "model": "rational software architect for websphere software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.1"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.14"
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "5.0.1"
          },
          {
            "_id": null,
            "model": "project openssl 0.9.8l",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "enterprise session border controller ecz7.3m2p2",
            "scope": null,
            "trust": 0.3,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.1.1"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.13"
          },
          {
            "_id": null,
            "model": "system networking rackswitch g8264cs",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.8.11.0"
          },
          {
            "_id": null,
            "model": "rational clearcase",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.03"
          },
          {
            "_id": null,
            "model": "version control repository manager 7.4.0a",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "junos space",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "juniper",
            "version": "0"
          },
          {
            "_id": null,
            "model": "version control repository manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.3.740"
          },
          {
            "_id": null,
            "model": "icewall sso dfw r2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "3.2.1"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.1"
          },
          {
            "_id": null,
            "model": "flex system en2092 1gb ethernet scalable switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2"
          },
          {
            "_id": null,
            "model": "system networking rackswitch g8264",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.9.14.0"
          },
          {
            "_id": null,
            "model": "project openssl h",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "secure global desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "5.2"
          },
          {
            "_id": null,
            "model": "campaign",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "ddos secure",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "juniper",
            "version": "0"
          },
          {
            "_id": null,
            "model": "cognos metrics manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.2.1"
          },
          {
            "_id": null,
            "model": "infinity",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pexip",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "system management homepage 7.4.0a",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "systems director",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.2.1.0"
          },
          {
            "_id": null,
            "model": "smartcloud entry fix pack",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.2.0.411"
          },
          {
            "_id": null,
            "model": "infosphere master data management standard/advanced edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "11.0"
          },
          {
            "_id": null,
            "model": "image construction and composition tool",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.1.3"
          },
          {
            "_id": null,
            "model": "rational clearcase",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.213"
          },
          {
            "_id": null,
            "model": "systems insight manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.3"
          },
          {
            "_id": null,
            "model": "ip office server edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "8.1"
          },
          {
            "_id": null,
            "model": "power hmc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.7.3.0"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.8.2"
          },
          {
            "_id": null,
            "model": "project openssl i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "7.0.2"
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "4.2.5"
          },
          {
            "_id": null,
            "model": "secure backup",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.4.0.4.0"
          },
          {
            "_id": null,
            "model": "systems director",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.3.1.0"
          },
          {
            "_id": null,
            "model": "one-x client enablement services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.2"
          },
          {
            "_id": null,
            "model": "storwize unified",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70001.4.2.0"
          },
          {
            "_id": null,
            "model": "workload deployer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.17"
          },
          {
            "_id": null,
            "model": "project openssl 1.0.0i",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "predictiveinsight",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.1"
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "7"
          },
          {
            "_id": null,
            "model": "smartcloud entry",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.2.0.3"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.1"
          },
          {
            "_id": null,
            "model": "storwize unified",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70001.3.0.0"
          },
          {
            "_id": null,
            "model": "ds8870",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "87.31.38.0"
          },
          {
            "_id": null,
            "model": "openscape voice r1.42.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "unify",
            "version": "v7"
          },
          {
            "_id": null,
            "model": "pureapplication system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "version control repository manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.3.2"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.4.1"
          },
          {
            "_id": null,
            "model": "aspera faspex",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "asperasoft",
            "version": "3.9.2"
          },
          {
            "_id": null,
            "model": "enterprise manager ops center",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "12.3"
          },
          {
            "_id": null,
            "model": "security access manager for web",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.2"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.2"
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "4"
          },
          {
            "_id": null,
            "model": "storwize unified",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70001.5.2.0"
          },
          {
            "_id": null,
            "model": "algo one pcre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.9"
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "4.3"
          },
          {
            "_id": null,
            "model": "ringmaster appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "juniper",
            "version": "0"
          },
          {
            "_id": null,
            "model": "systems director",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.2.1.2"
          },
          {
            "_id": null,
            "model": "security privileged identity manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.0.1"
          },
          {
            "_id": null,
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "5"
          },
          {
            "_id": null,
            "model": "cognos planning",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.1.1"
          },
          {
            "_id": null,
            "model": "rational clearcase",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.28"
          },
          {
            "_id": null,
            "model": "tivoli workload scheduler for applications",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.6"
          },
          {
            "_id": null,
            "model": "infosphere information server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.7"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.13"
          },
          {
            "_id": null,
            "model": "netezza platform software 7.0.2.16-p1",
            "scope": null,
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "campaign",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.2"
          },
          {
            "_id": null,
            "model": "bundle of g8264cs image",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.8.11.0"
          },
          {
            "_id": null,
            "model": "rational clearcase",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.21"
          },
          {
            "_id": null,
            "model": "rational insight",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.1.13"
          },
          {
            "_id": null,
            "model": "sterling connect:express for unix ifix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.4.6.1146-108"
          },
          {
            "_id": null,
            "model": "aspera enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "asperasoft",
            "version": "3.5.1"
          },
          {
            "_id": null,
            "model": "security virtual server protection for vmware",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.1"
          },
          {
            "_id": null,
            "model": "version control agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "cognos controller fp1 if1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.2.1"
          },
          {
            "_id": null,
            "model": "project openssl 1.0.0e",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "openscape voice r1.37.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "unify",
            "version": "v8"
          },
          {
            "_id": null,
            "model": "aspera console",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "asperasoft",
            "version": "3.0.0"
          },
          {
            "_id": null,
            "model": "project openssl beta1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "icewall sso dfw",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "security privileged identity manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "version control agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.3"
          },
          {
            "_id": null,
            "model": "tivoli common reporting",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.1.0.1"
          },
          {
            "_id": null,
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "vgw",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "juniper",
            "version": "0"
          },
          {
            "_id": null,
            "model": "version control agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.4"
          },
          {
            "_id": null,
            "model": "version control agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.2.0.820"
          },
          {
            "_id": null,
            "model": "business server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "1x8664"
          },
          {
            "_id": null,
            "model": "security access manager for web",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.1.0"
          },
          {
            "_id": null,
            "model": "rational clearcase",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.1.4"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.010"
          },
          {
            "_id": null,
            "model": "storwize unified",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70001.4.1.0"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.3"
          },
          {
            "_id": null,
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "infinity",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pexip",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "aspera shares",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "asperasoft",
            "version": "1.7.3"
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.0.10"
          },
          {
            "_id": null,
            "model": "version control repository manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.2.2.835"
          },
          {
            "_id": null,
            "model": "sonas",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.41"
          },
          {
            "_id": null,
            "model": "infosphere guardium for applications",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "0"
          },
          {
            "_id": null,
            "model": "aura collaboration environment",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "systems insight manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.10.1"
          },
          {
            "_id": null,
            "model": "icewall sso agent option",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "8"
          },
          {
            "_id": null,
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8x"
          },
          {
            "_id": null,
            "model": "netezza platform software 7.0.2.16-p2",
            "scope": null,
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.3.2"
          },
          {
            "_id": null,
            "model": "security network intrusion prevention system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.6.1"
          },
          {
            "_id": null,
            "model": "rational reporting for development intelligence",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0.1"
          },
          {
            "_id": null,
            "model": "openscape voice r1.38.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "unify",
            "version": "v8"
          },
          {
            "_id": null,
            "model": "abyp-10g-4sr-1-p",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "0"
          },
          {
            "_id": null,
            "model": "storwize unified",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70001.4.33"
          },
          {
            "_id": null,
            "model": "src series",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "juniper",
            "version": "0"
          },
          {
            "_id": null,
            "model": "openssh for gpfs",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.5"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.8"
          },
          {
            "_id": null,
            "model": "contactoptimization",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.3"
          },
          {
            "_id": null,
            "model": "initiate master data service provider hub",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.5"
          },
          {
            "_id": null,
            "model": "cloud manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.2.0.1"
          },
          {
            "_id": null,
            "model": "icewall sso dfw",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "storwize unified",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70001.4.3.0"
          },
          {
            "_id": null,
            "model": "endeca server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "7.3.0"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.8.4"
          },
          {
            "_id": null,
            "model": "infinity",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pexip",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.3.3"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.9"
          },
          {
            "_id": null,
            "model": "netezza platform software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.213"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "project openssl 0.9.8t",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "rational clearcase",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.26"
          },
          {
            "_id": null,
            "model": "cloud manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.2"
          },
          {
            "_id": null,
            "model": "version control repository manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.4"
          },
          {
            "_id": null,
            "model": "version control repository manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.3.3"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0.2.106"
          },
          {
            "_id": null,
            "model": "aura session manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.2"
          },
          {
            "_id": null,
            "model": "infosphere master data management standard/advanced edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "11.3"
          },
          {
            "_id": null,
            "model": "sonas",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.3.1.0"
          },
          {
            "_id": null,
            "model": "virtual connect enterprise manager sdk",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.5.0"
          },
          {
            "_id": null,
            "model": "storwize unified",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70001.3.1.0"
          },
          {
            "_id": null,
            "model": "cloud manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.1.0.3"
          },
          {
            "_id": null,
            "model": "abyp-0t-4s-0l-p-m",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "0"
          },
          {
            "_id": null,
            "model": "pureapplication system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.03"
          },
          {
            "_id": null,
            "model": "version control agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.2.1.830"
          },
          {
            "_id": null,
            "model": "service delivery manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2.2"
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "6.1.3"
          },
          {
            "_id": null,
            "model": "sdk for node.js",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.1.0.6"
          },
          {
            "_id": null,
            "model": "secure global desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "4.71"
          },
          {
            "_id": null,
            "model": "aspera faspex",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "asperasoft",
            "version": "3.7.5"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.2.3"
          },
          {
            "_id": null,
            "model": "endeca server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "7.5.1.1"
          },
          {
            "_id": null,
            "model": "systems director",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.3.2.1"
          },
          {
            "_id": null,
            "model": "project openssl 1.0.0c",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "systems director",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.2.0.0"
          },
          {
            "_id": null,
            "model": "power hmc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.2.0.0"
          },
          {
            "_id": null,
            "model": "system networking rackswitch g8052",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.9.13.0"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.1.7"
          },
          {
            "_id": null,
            "model": "contactoptimization",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.1"
          },
          {
            "_id": null,
            "model": "strm/jsa",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "juniper",
            "version": "0"
          },
          {
            "_id": null,
            "model": "qradar security information and event manager mr2 patch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.12"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.14.20"
          },
          {
            "_id": null,
            "model": "version control repository manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.5.760"
          },
          {
            "_id": null,
            "model": "aspera drive",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "asperasoft",
            "version": "1.2.1"
          },
          {
            "_id": null,
            "model": "algo one core",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "8.1"
          },
          {
            "_id": null,
            "model": "rational insight",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.1.1.7"
          },
          {
            "_id": null,
            "model": "insight orchestration",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "system networking rackswitch g8052",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.11.3.0"
          },
          {
            "_id": null,
            "model": "qradar security information and event manager mr2 patch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.11"
          },
          {
            "_id": null,
            "model": "cloud manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.1"
          },
          {
            "_id": null,
            "model": "rational clearcase",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.5"
          },
          {
            "_id": null,
            "model": "sonas",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.5.1.3"
          },
          {
            "_id": null,
            "model": "netezza platform software 7.1.0.5-p2",
            "scope": null,
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "informix genero",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.50"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.9.3"
          },
          {
            "_id": null,
            "model": "openscape voice r1.3.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "unify",
            "version": "v8"
          },
          {
            "_id": null,
            "model": "predictiveinsight",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.3"
          },
          {
            "_id": null,
            "model": "alienvault",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "alienvault",
            "version": "4.15.1"
          },
          {
            "_id": null,
            "model": "alienvault",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "alienvault",
            "version": "4.15.2"
          },
          {
            "_id": null,
            "model": "rational clearcase",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.210"
          },
          {
            "_id": null,
            "model": "security network protection",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.3"
          },
          {
            "_id": null,
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "6"
          },
          {
            "_id": null,
            "model": "netezza platform software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.0.1"
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "6.3.1"
          },
          {
            "_id": null,
            "model": "tuxedo",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "12.1.1.0"
          },
          {
            "_id": null,
            "model": "sonas",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.4.0.0"
          },
          {
            "_id": null,
            "model": "pureapplication system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.14"
          },
          {
            "_id": null,
            "model": "i operating systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "cloud manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.2.0.2"
          },
          {
            "_id": null,
            "model": "security network controller 1.0.3381m",
            "scope": null,
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "rational reporting for development intelligence",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "centos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "centos",
            "version": "7"
          },
          {
            "_id": null,
            "model": "version control agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.3.4"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.10.4"
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "7.1.2"
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "5"
          },
          {
            "_id": null,
            "model": "power hmc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.7.9.0"
          },
          {
            "_id": null,
            "model": "linux lts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "14.04"
          },
          {
            "_id": null,
            "model": "cognos planning",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.1"
          },
          {
            "_id": null,
            "model": "project openssl 1.0.0f",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "gb esm ethernet switch",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1/106.8.21.0"
          },
          {
            "_id": null,
            "model": "rational developer for i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.1"
          },
          {
            "_id": null,
            "model": "linux lts i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "12.04"
          },
          {
            "_id": null,
            "model": "project openssl d",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "algo one mag",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.8"
          },
          {
            "_id": null,
            "model": "websphere message broker",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "sdk for node.js",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.1.0.9"
          },
          {
            "_id": null,
            "model": "pureapplication system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.1"
          },
          {
            "_id": null,
            "model": "tssc/imc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5"
          },
          {
            "_id": null,
            "model": "version control agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.9.790"
          },
          {
            "_id": null,
            "model": "version control repository manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.3.1"
          },
          {
            "_id": null,
            "model": "tivoli provisioning manager for os deployment",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.1.0.2"
          },
          {
            "_id": null,
            "model": "sdk for node.js",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.1"
          },
          {
            "_id": null,
            "model": "version control repository manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.1.730"
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.0.12"
          },
          {
            "_id": null,
            "model": "sterling connect:direct for unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "5.1"
          },
          {
            "_id": null,
            "model": "enterprise manager ops center",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "12.2.1"
          },
          {
            "_id": null,
            "model": "rational tau interim fix",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.3.0.6"
          },
          {
            "_id": null,
            "model": "cloud manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.1.0.2"
          },
          {
            "_id": null,
            "model": "project openssl 1.0.0j",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl 1.0.0b",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.1.1"
          },
          {
            "_id": null,
            "model": "screenos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "juniper",
            "version": "0"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.2.6"
          },
          {
            "_id": null,
            "model": "bladecenter t advanced management module 32r0835",
            "scope": null,
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "version control agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.10.801"
          },
          {
            "_id": null,
            "model": "flex system en2092 1gb ethernet scalable switch",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.8.11.0"
          },
          {
            "_id": null,
            "model": "sonas",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.3.0.5"
          },
          {
            "_id": null,
            "model": "system storage san768b-2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "0"
          },
          {
            "_id": null,
            "model": "pureapplication system",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.1.0.1"
          },
          {
            "_id": null,
            "model": "system networking rackswitch g8316",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.9.14.0"
          },
          {
            "_id": null,
            "model": "tivoli common reporting",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "systems director",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.3.3.0"
          },
          {
            "_id": null,
            "model": "systems director",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.0.0"
          },
          {
            "_id": null,
            "model": "lotus protector for mail security",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.80"
          },
          {
            "_id": null,
            "model": "flex system fabric en4093r 10gb scalable switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.8.10.0"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.11"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "3.0.2"
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "8.1.1"
          },
          {
            "_id": null,
            "model": "version control agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.2.2"
          },
          {
            "_id": null,
            "model": "system networking rackswitch g8264",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.11.4.0"
          },
          {
            "_id": null,
            "model": "mysql enterprise monitor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "2.3.16"
          },
          {
            "_id": null,
            "model": "initiate master data service provider hub",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.7"
          },
          {
            "_id": null,
            "model": "contactoptimization",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.7.3"
          },
          {
            "_id": null,
            "model": "aspera console",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "asperasoft",
            "version": "2.0.1"
          },
          {
            "_id": null,
            "model": "smartcloud entry",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.2"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.2.2"
          },
          {
            "_id": null,
            "model": "secure backup",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.2.0.2"
          },
          {
            "_id": null,
            "model": "sonas",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.5.0.0"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.1.2"
          },
          {
            "_id": null,
            "model": "sdk for node.js",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.1.0.5"
          },
          {
            "_id": null,
            "model": "exalogic infrastructure",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "2.0.6.2"
          },
          {
            "_id": null,
            "model": "rational insight",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.1.1.6"
          },
          {
            "_id": null,
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "1.0.1"
          },
          {
            "_id": null,
            "model": "qradar security information and event manager patch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2.41"
          },
          {
            "_id": null,
            "model": "systems insight manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.1.1"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.8.3"
          },
          {
            "_id": null,
            "model": "aspera proxy",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "asperasoft",
            "version": "1.2.3"
          },
          {
            "_id": null,
            "model": "rational clearcase",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.03"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.4.143"
          },
          {
            "_id": null,
            "model": "cognos controller fp1 if1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.1"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.3"
          },
          {
            "_id": null,
            "model": "linux s/390",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "version control repository manager",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.5.0"
          },
          {
            "_id": null,
            "model": "lotus protector for mail security",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.8.1.0"
          },
          {
            "_id": null,
            "model": "aura experience portal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "openscape voice r1.43.1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "unify",
            "version": "v8"
          },
          {
            "_id": null,
            "model": "mysql enterprise monitor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "3.0.8"
          },
          {
            "_id": null,
            "model": "sonas",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.4.3.4"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.7.1"
          },
          {
            "_id": null,
            "model": "project openssl 1.0.1j",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl beta3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "project openssl f",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.3.1"
          },
          {
            "_id": null,
            "model": "mysql enterprise monitor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "2.3.13"
          },
          {
            "_id": null,
            "model": "bladecenter -t",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8730"
          },
          {
            "_id": null,
            "model": "rational tau",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.31"
          },
          {
            "_id": null,
            "model": "cloudbridge",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "citrix",
            "version": "0"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.7"
          },
          {
            "_id": null,
            "model": "gb esm ethernet switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1/106.8.20.0"
          },
          {
            "_id": null,
            "model": "campaign",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.6"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.3"
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2"
          },
          {
            "_id": null,
            "model": "tivoli workload scheduler for applications fp01",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5"
          },
          {
            "_id": null,
            "model": "abyp-0t-0s-4l-p",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "0"
          },
          {
            "_id": null,
            "model": "ds8870",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "87.31.2.0"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.3.132"
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "4.3.4"
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "6.1.6"
          },
          {
            "_id": null,
            "model": "initiate master data service patient hub",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.5"
          },
          {
            "_id": null,
            "model": "system networking rackswitch g8316",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.9.13.0"
          },
          {
            "_id": null,
            "model": "contactoptimization",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.3"
          },
          {
            "_id": null,
            "model": "rational clearcase",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.2.14"
          },
          {
            "_id": null,
            "model": "flashsystem 9840-ae1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "840"
          },
          {
            "_id": null,
            "model": "systems insight manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.2"
          },
          {
            "_id": null,
            "model": "sterling connect:direct for unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.1"
          },
          {
            "_id": null,
            "model": "rational clearcase",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.14"
          },
          {
            "_id": null,
            "model": "sonas",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.5.0.1"
          },
          {
            "_id": null,
            "model": "netezza platform software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.12"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.3.0"
          },
          {
            "_id": null,
            "model": "project openssl 1.0.1d",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "security access manager for web",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.1.2"
          },
          {
            "_id": null,
            "model": "rational clearcase",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.13"
          },
          {
            "_id": null,
            "model": "abyp-2t-2s-0l-p-m",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "0"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.2.0-12"
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.1.9"
          },
          {
            "_id": null,
            "model": "secure backup",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.3"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.2.1"
          },
          {
            "_id": null,
            "model": "bladecenter -h",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7989"
          },
          {
            "_id": null,
            "model": "sonas",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.4.3.3"
          },
          {
            "_id": null,
            "model": "security network controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.0.3381"
          },
          {
            "_id": null,
            "model": "rational software architect",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.1"
          },
          {
            "_id": null,
            "model": "flex system fabric si4093 system interconnect module",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.8.8.0"
          },
          {
            "_id": null,
            "model": "abyp-4tl-p-m",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "0"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0.1.104"
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "8.3"
          },
          {
            "_id": null,
            "model": "nsm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "juniper",
            "version": "0"
          },
          {
            "_id": null,
            "model": "project openssl beta1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "1.0.1"
          },
          {
            "_id": null,
            "model": "bladecenter -ht",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8740"
          },
          {
            "_id": null,
            "model": "abyp-4ts-p",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "0"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.10.5"
          },
          {
            "_id": null,
            "model": "workload deployer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.11"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.2"
          },
          {
            "_id": null,
            "model": "version control agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.2.0.860"
          },
          {
            "_id": null,
            "model": "icewall mcrp sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "qlogic 8gb intelligent pass-thru module \u0026 san switch module",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.10.1.35.00"
          },
          {
            "_id": null,
            "model": "infosphere guardium database activity monitoring",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.2"
          },
          {
            "_id": null,
            "model": "tivoli provisioning manager for images",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.1.19"
          },
          {
            "_id": null,
            "model": "qradar security information and event manager mr2 patch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.13"
          },
          {
            "_id": null,
            "model": "campaign",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.4"
          },
          {
            "_id": null,
            "model": "project openssl 1.0.0p",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.12"
          },
          {
            "_id": null,
            "model": "flex system fabric en4093r 10gb scalable switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.8.4.0"
          },
          {
            "_id": null,
            "model": "openscape voice r1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "unify",
            "version": "v8"
          },
          {
            "_id": null,
            "model": "cognos controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5"
          },
          {
            "_id": null,
            "model": "secure backup",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.3.0.3"
          },
          {
            "_id": null,
            "model": "enterprise manager ops center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "12.1"
          },
          {
            "_id": null,
            "model": "cognos controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.1.1"
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "4.2.8"
          },
          {
            "_id": null,
            "model": "smartcloud entry fix pack",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.2.09"
          },
          {
            "_id": null,
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "aspera console",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "asperasoft",
            "version": "2.3"
          },
          {
            "_id": null,
            "model": "tivoli provisioning manager for images",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1"
          },
          {
            "_id": null,
            "model": "pulse secure",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "juniper",
            "version": "0"
          },
          {
            "_id": null,
            "model": "rational clearcase",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.1"
          },
          {
            "_id": null,
            "model": "aspera faspex",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "asperasoft",
            "version": "3.7.7"
          },
          {
            "_id": null,
            "model": "secure backup",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.2"
          },
          {
            "_id": null,
            "model": "secure backup",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.1"
          },
          {
            "_id": null,
            "model": "worklight consumer edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.0.1"
          },
          {
            "_id": null,
            "model": "websphere mq",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.0"
          },
          {
            "_id": null,
            "model": "sonas",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.3.2.3"
          },
          {
            "_id": null,
            "model": "mysql enterprise monitor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "2.3.14"
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.1.8"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.10"
          },
          {
            "_id": null,
            "model": "abyp-10g-2sr-2lr-1-p",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "0"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.5.146"
          },
          {
            "_id": null,
            "model": "alienvault",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "alienvault",
            "version": "4.14"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "3.0.1.73"
          },
          {
            "_id": null,
            "model": "system networking rackswitch g8264t",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.9.13.0"
          },
          {
            "_id": null,
            "model": "systems insight manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.3.2"
          },
          {
            "_id": null,
            "model": "power hmc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.1.0.0"
          },
          {
            "_id": null,
            "model": "storwize unified",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70001.5.1.3"
          },
          {
            "_id": null,
            "model": "project openssl 0.9.8zc",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl 1.0.0n",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "real-time compression appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.8"
          },
          {
            "_id": null,
            "model": "rational clearcase",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.13"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.5"
          },
          {
            "_id": null,
            "model": "icewall sso agent option update rele",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "8.02007"
          },
          {
            "_id": null,
            "model": "secure backup",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.2.0.3"
          },
          {
            "_id": null,
            "model": "qradar security information and event manager mr2 patch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.18"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.8"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.6.8"
          },
          {
            "_id": null,
            "model": "rational clearcase",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.25"
          },
          {
            "_id": null,
            "model": "rational developer for i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.1.1.1"
          },
          {
            "_id": null,
            "model": "cognos tm1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.2"
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "8.1.2"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.2.0"
          },
          {
            "_id": null,
            "model": "system networking rackswitch g8124e",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.9.14.0"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.3.3.1"
          },
          {
            "_id": null,
            "model": "rational reporting for development intelligence",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.0.6"
          },
          {
            "_id": null,
            "model": "storwize unified",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70001.4.34"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "14.0"
          },
          {
            "_id": null,
            "model": "alienvault",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "alienvault",
            "version": "4.15"
          },
          {
            "_id": null,
            "model": "mysql enterprise monitor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "2.3.15"
          },
          {
            "_id": null,
            "model": "flex system fabric en4093r 10gb scalable switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2"
          },
          {
            "_id": null,
            "model": "security network controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.0.3376"
          },
          {
            "_id": null,
            "model": "version control agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.1841"
          },
          {
            "_id": null,
            "model": "endeca server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "7.4"
          },
          {
            "_id": null,
            "model": "netezza platform software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1"
          },
          {
            "_id": null,
            "model": "rational clearcase",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.010"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.2"
          },
          {
            "_id": null,
            "model": "flex system fc5022 16gb san scalable switch",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.3.1"
          },
          {
            "_id": null,
            "model": "abyp-4t-0s-0l-p",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "0"
          },
          {
            "_id": null,
            "model": "secure backup",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.41"
          },
          {
            "_id": null,
            "model": "project openssl 0.9.8zd",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "secure backup",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.3.0.2"
          },
          {
            "_id": null,
            "model": "tivoli workload scheduler for applications",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5"
          },
          {
            "_id": null,
            "model": "project openssl 1.0.0h",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0"
          },
          {
            "_id": null,
            "model": "worklight enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.0.2"
          },
          {
            "_id": null,
            "model": "rational clearcase",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.23"
          },
          {
            "_id": null,
            "model": "qradar security information and event manager mr2 patch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.14"
          },
          {
            "_id": null,
            "model": "websphere mq",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.2"
          },
          {
            "_id": null,
            "model": "netezza platform software 7.1.0.5-p3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.10.4"
          },
          {
            "_id": null,
            "model": "initiate master data service",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "rational clearcase",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.11"
          },
          {
            "_id": null,
            "model": "icewall sso dfw r3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "cognos controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.2.1"
          },
          {
            "_id": null,
            "model": "systems insight manager sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "4.2"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.8.179"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.9.5"
          },
          {
            "_id": null,
            "model": "project openssl 1.0.1k",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "smartcloud entry fix pack",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.2.010"
          },
          {
            "_id": null,
            "model": "mq light",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "informix genero",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.40"
          },
          {
            "_id": null,
            "model": "rational clearcase",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.9"
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.3"
          },
          {
            "_id": null,
            "model": "pureapplication system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.1.0.2"
          },
          {
            "_id": null,
            "model": "junos os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "juniper",
            "version": "0"
          },
          {
            "_id": null,
            "model": "ds8870",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "87.31.16.0"
          },
          {
            "_id": null,
            "model": "campaign",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.1.1"
          },
          {
            "_id": null,
            "model": "version control agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.3.2"
          },
          {
            "_id": null,
            "model": "system networking rackswitch g8264",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.9.13.0"
          },
          {
            "_id": null,
            "model": "project openssl 0.9.8o",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "worklight foundation consumer edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.2.0.1"
          },
          {
            "_id": null,
            "model": "sdk for node.js",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.1.0.2"
          },
          {
            "_id": null,
            "model": "netezza platform software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "13.1"
          },
          {
            "_id": null,
            "model": "project openssl e",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "project openssl 1.0.1b",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl 1.0.0k",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "security network intrusion prevention system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.6.2"
          },
          {
            "_id": null,
            "model": "bladecenter -h",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1886"
          },
          {
            "_id": null,
            "model": "tivoli provisioning manager for os deployment build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.1.151.05"
          },
          {
            "_id": null,
            "model": "sonas",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.4.3.2"
          },
          {
            "_id": null,
            "model": "system networking rackswitch g8124e",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.9.13.0"
          },
          {
            "_id": null,
            "model": "campaign",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.1"
          },
          {
            "_id": null,
            "model": "version control repository manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.2.1"
          },
          {
            "_id": null,
            "model": "system networking rackswitch g8264",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.11.3.0"
          },
          {
            "_id": null,
            "model": "image construction and composition tool",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.3.2.0"
          },
          {
            "_id": null,
            "model": "systems insight manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.4"
          },
          {
            "_id": null,
            "model": "version control agent",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.3.5"
          },
          {
            "_id": null,
            "model": "sterling connect:enterprise for unix ifix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.5.0.37"
          },
          {
            "_id": null,
            "model": "security access manager for mobile",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.1"
          },
          {
            "_id": null,
            "model": "cognos metrics manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.2.2"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "13.0"
          },
          {
            "_id": null,
            "model": "mysql enterprise monitor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "2.3.20"
          },
          {
            "_id": null,
            "model": "storwize unified",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70001.3.0.5"
          },
          {
            "_id": null,
            "model": "systems insight manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "4.2"
          },
          {
            "_id": null,
            "model": "system networking rackswitch g8124",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.9.14.0"
          },
          {
            "_id": null,
            "model": "tivoli provisioning manager for os deployment",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.1.19"
          },
          {
            "_id": null,
            "model": "rational clearcase",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.1.7"
          },
          {
            "_id": null,
            "model": "real-time compression appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.1"
          },
          {
            "_id": null,
            "model": "worklight enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.0.1"
          },
          {
            "_id": null,
            "model": "secure backup",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.3.0.1.0"
          },
          {
            "_id": null,
            "model": "rational clearcase",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.212"
          },
          {
            "_id": null,
            "model": "sametime",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.2.0"
          },
          {
            "_id": null,
            "model": "centos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "centos",
            "version": "6"
          },
          {
            "_id": null,
            "model": "infosphere master data management standard/advanced edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "11.4"
          },
          {
            "_id": null,
            "model": "pureapplication system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.01"
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "8.4.1"
          },
          {
            "_id": null,
            "model": "aspera orchestrator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "asperasoft",
            "version": "2.2.1"
          },
          {
            "_id": null,
            "model": "sterling connect:express for unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.5.0"
          },
          {
            "_id": null,
            "model": "cognos controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.1"
          },
          {
            "_id": null,
            "model": "sterling b2b integrator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.2"
          },
          {
            "_id": null,
            "model": "worklight foundation enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.2.0.1"
          },
          {
            "_id": null,
            "model": "ctpos 6.6r1",
            "scope": null,
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "cognos controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.2"
          },
          {
            "_id": null,
            "model": "bladecenter -e",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8677"
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "4.2.9"
          },
          {
            "_id": null,
            "model": "communications policy management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "12.1.1"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.11"
          },
          {
            "_id": null,
            "model": "icewall mcrp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.8.5"
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "6.1.4"
          },
          {
            "_id": null,
            "model": "sametime unified telephony",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.2"
          },
          {
            "_id": null,
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.04"
          },
          {
            "_id": null,
            "model": "tivoli common reporting",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "sonas",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.4.2.0"
          },
          {
            "_id": null,
            "model": "project openssl 0.9.8s",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "version control agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.2.2.835"
          },
          {
            "_id": null,
            "model": "version control repository manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.1.0.841"
          },
          {
            "_id": null,
            "model": "security privileged identity manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.0.1"
          },
          {
            "_id": null,
            "model": "systems insight manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.2.12"
          },
          {
            "_id": null,
            "model": "pureapplication system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.13"
          },
          {
            "_id": null,
            "model": "rational tau",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.32"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.2"
          },
          {
            "_id": null,
            "model": "campaign",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1"
          },
          {
            "_id": null,
            "model": "sonas",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.4.2.1"
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.2.5"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.1.0.103"
          },
          {
            "_id": null,
            "model": "workload deployer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.12"
          },
          {
            "_id": null,
            "model": "tivoli common reporting",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.1.2"
          },
          {
            "_id": null,
            "model": "sdk for node.js",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.1.0.12"
          },
          {
            "_id": null,
            "model": "cloud manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.1.0.4"
          },
          {
            "_id": null,
            "model": "security network controller 1.0.3376m",
            "scope": null,
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.3"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.2.1"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.9"
          },
          {
            "_id": null,
            "model": "tivoli common reporting",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.1.1"
          },
          {
            "_id": null,
            "model": "aspera faspex",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "asperasoft",
            "version": "3.9"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.7.5"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.2.9"
          },
          {
            "_id": null,
            "model": "rational tau",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.3"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "13.37"
          },
          {
            "_id": null,
            "model": "security network controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.0.3379"
          },
          {
            "_id": null,
            "model": "cognos insight",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.2.2"
          },
          {
            "_id": null,
            "model": "linux ia-32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "tivoli provisioning manager for os deployment",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.1"
          },
          {
            "_id": null,
            "model": "netscaler service delivery appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "citrix",
            "version": "0"
          },
          {
            "_id": null,
            "model": "si4093 si fabric",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.8.10.0"
          },
          {
            "_id": null,
            "model": "predictiveinsight",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.2"
          },
          {
            "_id": null,
            "model": "tivoli provisioning manager for os deployment",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1"
          },
          {
            "_id": null,
            "model": "project openssl beta2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "1.0.1"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "3.2.7"
          },
          {
            "_id": null,
            "model": "campaign",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2"
          },
          {
            "_id": null,
            "model": "ip office application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "systems insight manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.3"
          },
          {
            "_id": null,
            "model": "security access manager for mobile",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "mobilefirst platform foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.0.0"
          },
          {
            "_id": null,
            "model": "flex system fabric si4093 system interconnect module",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.8.60"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.0.121"
          },
          {
            "_id": null,
            "model": "contactoptimization",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.4"
          },
          {
            "_id": null,
            "model": "aspera shares",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "asperasoft",
            "version": "1.9"
          },
          {
            "_id": null,
            "model": "campaign",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.6"
          },
          {
            "_id": null,
            "model": "campaign",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0.2"
          },
          {
            "_id": null,
            "model": "communications policy management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.4.1"
          },
          {
            "_id": null,
            "model": "rational clearcase",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.2.2"
          },
          {
            "_id": null,
            "model": "project openssl 0.9.8zf",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.3"
          },
          {
            "_id": null,
            "model": "flex system fabric si4093 system interconnect module",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.7.5.0"
          },
          {
            "_id": null,
            "model": "systems director",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.3.0.0"
          },
          {
            "_id": null,
            "model": "session border controller for enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.3.0"
          },
          {
            "_id": null,
            "model": "flex system fabric en4093r 10gb scalable switch",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.8.11.0"
          },
          {
            "_id": null,
            "model": "sonas",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.5.0.2"
          },
          {
            "_id": null,
            "model": "version control repository manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.7.770"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.4"
          },
          {
            "_id": null,
            "model": "insight orchestration",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.2.10"
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.3.0"
          },
          {
            "_id": null,
            "model": "flex system fc5022 16gb san scalable switch 7.2.0d5",
            "scope": null,
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "icewall mcrp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "enterprise manager ops center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "12.1.0.1"
          },
          {
            "_id": null,
            "model": "qradar security information and event manager mr2 patch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.110"
          },
          {
            "_id": null,
            "model": "abyp-2t-0s-2l-p-m",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "0"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.1"
          },
          {
            "_id": null,
            "model": "flex system fabric si4093 system interconnect module",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.8.10.0"
          },
          {
            "_id": null,
            "model": "rational tau",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.33"
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.1.3"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.2.7"
          },
          {
            "_id": null,
            "model": "systems insight manager 7.4.0a",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "systems insight manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.2"
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "project openssl 1.0.1l",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "version control repository manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.4.750"
          },
          {
            "_id": null,
            "model": "initiate master data service",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.1"
          },
          {
            "_id": null,
            "model": "systems insight manager",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.5.0"
          },
          {
            "_id": null,
            "model": "version control repository manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.3.4"
          },
          {
            "_id": null,
            "model": "security virtual server protection for vmware",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.1.1"
          },
          {
            "_id": null,
            "model": "i operating system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1"
          },
          {
            "_id": null,
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "3.2.2"
          },
          {
            "_id": null,
            "model": "project openssl 1.0.0q",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "infinity",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pexip",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "algo one core",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.8"
          },
          {
            "_id": null,
            "model": "tivoli provisioning manager for images system edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "x7.1.1.0"
          },
          {
            "_id": null,
            "model": "ctpos 6.6r2",
            "scope": null,
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "version control agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.10.800"
          },
          {
            "_id": null,
            "model": "contactoptimization",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "project openssl 1.0.1h",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "cognos tm1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.1.1"
          },
          {
            "_id": null,
            "model": "mysql enterprise monitor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "3.0.18"
          },
          {
            "_id": null,
            "model": "mysql enterprise monitor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "3.0.4"
          },
          {
            "_id": null,
            "model": "cognos controller fp1 if2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.2"
          },
          {
            "_id": null,
            "model": "project openssl 1.0.0a",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "icewall sso dfw r1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "version control repository manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.9.790"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "73225"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201503-398"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-0286"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Stephen Henson",
        "sources": [
          {
            "db": "BID",
            "id": "73225"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2015-0286",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2015-0286",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.1,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2015-0286",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201503-398",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2015-0286",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2015-0286"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201503-398"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-0286"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform boolean-type comparisons, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature. OpenSSL is prone to denial-of-service vulnerability. \nAn attacker may exploit this issue to crash the application, resulting in denial-of-service conditions. The Common Vulnerabilities and Exposures project\nidentifies the following issues:\n\nCVE-2015-0286\n\n    Stephen Henson discovered that the ASN1_TYPE_cmp() function\n    can be crashed, resulting in denial of service. \n\nCVE-2015-0287\n\n    Emilia Kaesper discovered a memory corruption in ASN.1 parsing. \n\nCVE-2015-0292\n\n    It was discovered that missing input sanitising in base64 decoding\n    might result in memory corruption. \n\nCVE-2015-0209\n\n    It was discovered that a malformed EC private key might result in\n    memory corruption. \n\nCVE-2015-0288\n\n    It was discovered that missing input sanitising in the\n    X509_to_X509_REQ() function might result in denial of service. \n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1.0.1e-2+deb7u15. In this update the export ciphers are removed\nfrom the default cipher list. \n\nReferences:\n\nCVE-2014-3569\nCVE-2014-3570\nCVE-2014-3571\nCVE-2014-3572\nCVE-2014-8275\nCVE-2015-0204\nCVE-2015-0205\nCVE-2015-0206\nCVE-2015-0209\nCVE-2015-0286\nCVE-2015-0288\nCVE-2015-5432\nCVE-2015-5433\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. OpenSSL Security Advisory [19 Mar 2015]\n=======================================\n\nOpenSSL 1.0.2 ClientHello sigalgs DoS (CVE-2015-0291)\n=====================================================\n\nSeverity: High\n\nIf a client connects to an OpenSSL 1.0.2 server and renegotiates with an\ninvalid signature algorithms extension a NULL pointer dereference will occur. \nThis can be exploited in a DoS attack against the server. \n\nThis issue was was reported to OpenSSL on 26th February 2015 by David Ramos\nof Stanford University. The fix was developed by Stephen Henson and Matt\nCaswell of the OpenSSL development team. \n\nReclassified: RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204)\n============================================================================\n\nSeverity: High\n\nThis security issue was previously announced by the OpenSSL project and\nclassified as \"low\" severity. This severity rating has now been changed to\n\"high\". \n\nThis was classified low because it was originally thought that server RSA\nexport ciphersuite support was rare: a client was only vulnerable to a MITM\nattack against a server which supports an RSA export ciphersuite. Recent\nstudies have shown that RSA export ciphersuites support is far more common. \n\nOpenSSL 1.0.1 users should upgrade to 1.0.1k. \nOpenSSL 1.0.0 users should upgrade to 1.0.0p. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zd. \n\nThis issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan\nBhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen\nHenson of the OpenSSL core team. It was previously announced in the OpenSSL\nsecurity advisory on 8th January 2015. \n\nMultiblock corrupted pointer (CVE-2015-0290)\n============================================\n\nSeverity: Moderate\n\nOpenSSL 1.0.2 introduced the \"multiblock\" performance improvement. This feature\nonly applies on 64 bit x86 architecture platforms that support AES NI\ninstructions. A defect in the implementation of \"multiblock\" can cause OpenSSL\u0027s\ninternal write buffer to become incorrectly set to NULL when using non-blocking\nIO. Typically, when the user application is using a socket BIO for writing, this\nwill only result in a failed connection. However if some other BIO is used then\nit is likely that a segmentation fault will be triggered, thus enabling a\npotential DoS attack. \n\nThis issue was reported to OpenSSL on 13th February 2015 by Daniel Danner and\nRainer Mueller. The fix was developed by Matt Caswell of the OpenSSL development\nteam. \n\nSegmentation fault in DTLSv1_listen (CVE-2015-0207)\n===================================================\n\nSeverity: Moderate\n\nThe DTLSv1_listen function is intended to be stateless and processes the initial\nClientHello from many peers. It is common for user code to loop over the call to\nDTLSv1_listen until a valid ClientHello is received with an associated cookie. A\ndefect in the implementation of DTLSv1_listen means that state is preserved in\nthe SSL object from one invocation to the next that can lead to a segmentation\nfault. Errors processing the initial ClientHello can trigger this scenario. An\nexample of such an error could be that a DTLS1.0 only client is attempting to\nconnect to a DTLS1.2 only server. \n\nThis issue was reported to OpenSSL on 27th January 2015 by Per Allansson. The\nfix was developed by Matt Caswell of the OpenSSL development team. \n\nSegmentation fault in ASN1_TYPE_cmp (CVE-2015-0286)\n===================================================\n\nSeverity: Moderate\n\nThe function ASN1_TYPE_cmp will crash with an invalid read if an attempt is\nmade to compare ASN.1 boolean types. Since ASN1_TYPE_cmp is used to check\ncertificate signature algorithm consistency this can be used to crash any\ncertificate verification operation and exploited in a DoS attack. Any\napplication which performs certificate verification is vulnerable including\nOpenSSL clients and servers which enable client authentication. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2a\nOpenSSL 1.0.1 users should upgrade to 1.0.1m. \nOpenSSL 1.0.0 users should upgrade to 1.0.0r. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zf. \n\nThis issue was discovered and fixed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nSegmentation fault for invalid PSS parameters (CVE-2015-0208)\n=============================================================\n\nSeverity: Moderate\n\nThe signature verification routines will crash with a NULL pointer\ndereference if presented with an ASN.1 signature using the RSA PSS\nalgorithm and invalid parameters. Since these routines are used to verify\ncertificate signature algorithms this can be used to crash any\ncertificate verification operation and exploited in a DoS attack. Any\napplication which performs certificate verification is vulnerable including\nOpenSSL clients and servers which enable client authentication. \n\nThis issue affects OpenSSL version: 1.0.2\n\nOpenSSL 1.0.2 users should upgrade to 1.0.2a\n\nThis issue was was reported to OpenSSL on 31st January 2015 by Brian Carpenter\nand a fix developed by Stephen Henson of the OpenSSL development team. \n\nASN.1 structure reuse memory corruption (CVE-2015-0287)\n=======================================================\n\nSeverity: Moderate\n\nReusing a structure in ASN.1 parsing may allow an attacker to cause\nmemory corruption via an invalid write. Such reuse is and has been\nstrongly discouraged and is believed to be rare. \n\nApplications that parse structures containing CHOICE or ANY DEFINED BY\ncomponents may be affected. Certificate parsing (d2i_X509 and related\nfunctions) are however not affected. OpenSSL clients and servers are\nnot affected. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2a\nOpenSSL 1.0.1 users should upgrade to 1.0.1m. \nOpenSSL 1.0.0 users should upgrade to 1.0.0r. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zf. \n\nThis issue was discovered by Emilia K\u00e4sper and a fix developed by\nStephen Henson of the OpenSSL development team. \n\nPKCS7 NULL pointer dereferences (CVE-2015-0289)\n===============================================\n\nSeverity: Moderate\n\nThe PKCS#7 parsing code does not handle missing outer ContentInfo correctly. \nAn attacker can craft malformed ASN.1-encoded PKCS#7 blobs with\nmissing content and trigger a NULL pointer dereference on parsing. \n\nApplications that verify PKCS#7 signatures, decrypt PKCS#7 data or\notherwise parse PKCS#7 structures from untrusted sources are\naffected. OpenSSL clients and servers are not affected. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2a\nOpenSSL 1.0.1 users should upgrade to 1.0.1m. \nOpenSSL 1.0.0 users should upgrade to 1.0.0r. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zf. \n\nThis issue was reported to OpenSSL on February 16th 2015 by Michal\nZalewski (Google) and a fix developed by Emilia K\u00e4sper of the OpenSSL\ndevelopment team. \n\nBase64 decode (CVE-2015-0292)\n=============================\n\nSeverity: Moderate\n\nA vulnerability existed in previous versions of OpenSSL related to the\nprocessing of base64 encoded data. Any code path that reads base64 data from an\nuntrusted source could be affected (such as the PEM processing routines). \nMaliciously crafted base 64 data could trigger a segmenation fault or memory\ncorruption. \n\nOpenSSL 1.0.1 users should upgrade to 1.0.1h. \nOpenSSL 1.0.0 users should upgrade to 1.0.0m. \nOpenSSL 0.9.8 users should upgrade to 0.9.8za. This issue was originally reported by\nRobert Dugal and subsequently by David Ramos. \n\nDoS via reachable assert in SSLv2 servers (CVE-2015-0293)\n=========================================================\n\nSeverity: Moderate\n\nA malicious client can trigger an OPENSSL_assert (i.e., an abort) in\nservers that both support SSLv2 and enable export cipher suites by sending\na specially crafted SSLv2 CLIENT-MASTER-KEY message. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2a\nOpenSSL 1.0.1 users should upgrade to 1.0.1m. \nOpenSSL 1.0.0 users should upgrade to 1.0.0r. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zf. \n\nThis issue was discovered by Sean Burford (Google) and Emilia K\u00e4sper\n(OpenSSL development team) in March 2015 and the fix was developed by\nEmilia K\u00e4sper. \n\nEmpty CKE with client auth and DHE (CVE-2015-1787)\n==================================================\n\nSeverity: Moderate\n\nIf client auth is used then a server can seg fault in the event of a DHE\nciphersuite being selected and a zero length ClientKeyExchange message being\nsent by the client. This could be exploited in a DoS attack. \n\nThis issue was discovered and the fix was developed by Matt Caswell of the\nOpenSSL development team. \n\nHandshake with unseeded PRNG (CVE-2015-0285)\n============================================\n\nSeverity: Low\n\nUnder certain conditions an OpenSSL 1.0.2 client can complete a handshake with\nan unseeded PRNG. The conditions are:\n- The client is on a platform where the PRNG has not been seeded automatically,\nand the user has not seeded manually\n- A protocol specific client method version has been used (i.e. not\nSSL_client_methodv23)\n- A ciphersuite is used that does not require additional random data from the\nPRNG beyond the initial ClientHello client random (e.g. PSK-RC4-SHA). \n\nIf the handshake succeeds then the client random that has been used will have\nbeen generated from a PRNG with insufficient entropy and therefore the output\nmay be predictable. \n\nFor example using the following command with an unseeded openssl will succeed on\nan unpatched platform:\n\nopenssl s_client -psk 1a2b3c4d -tls1_2 -cipher PSK-RC4-SHA\n\nThis issue affects OpenSSL version: 1.0.2\n\nOpenSSL 1.0.2 users should upgrade to 1.0.2a. \n\nThis issue was discovered and the fix was developed by Matt Caswell of the\nOpenSSL development team. \n\nUse After Free following d2i_ECPrivatekey error (CVE-2015-0209)\n===============================================================\n\nSeverity: Low\n\nA malformed EC private key file consumed via the d2i_ECPrivateKey function could\ncause a use after free condition. This, in turn, could cause a double\nfree in several private key parsing functions (such as d2i_PrivateKey\nor EVP_PKCS82PKEY) and could lead to a DoS attack or memory corruption\nfor applications that receive EC private keys from untrusted\nsources. This scenario is considered rare. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2a\nOpenSSL 1.0.1 users should upgrade to 1.0.1m. \nOpenSSL 1.0.0 users should upgrade to 1.0.0r. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zf. \n\nThis issue was discovered by the BoringSSL project and fixed in their commit\n517073cd4b. The OpenSSL fix was developed by Matt Caswell of the OpenSSL\ndevelopment team. \n\nX509_to_X509_REQ NULL pointer deref (CVE-2015-0288)\n===================================================\n\nSeverity: Low\n\nThe function X509_to_X509_REQ will crash with a NULL pointer dereference if\nthe certificate key is invalid. This function is rarely used in practice. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2a\nOpenSSL 1.0.1 users should upgrade to 1.0.1m. \nOpenSSL 1.0.0 users should upgrade to 1.0.0r. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zf. \n\nThis issue was discovered by Brian Carpenter and a fix developed by Stephen\nHenson of the OpenSSL development team. \n\nNote\n====\n\nAs per our previous announcements and our Release Strategy\n(https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions\n1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these\nreleases will be provided after that date. Users of these releases are advised\nto upgrade. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20150319.txt\n\nNote: the online version of the advisory may be updated with additional\ndetails over time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/about/secpolicy.html\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2015-09-16-1 iOS 9\n\niOS 9 is now available and addresses the following:\n\nApple Pay\nAvailable for:  iPhone 6, iPad mini 3, and iPad Air 2\nImpact:  Some cards may allow a terminal to retrieve limited recent\ntransaction information when making a payment\nDescription:  The transaction log functionality was enabled in\ncertain configurations. This issue was addressed by removing the\ntransaction log functionality. \nCVE-ID\nCVE-2015-5916\n\nAppleKeyStore\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A local attacker may be able to reset failed passcode\nattempts with an iOS backup\nDescription:  An issue existed in resetting failed passcode attempts\nwith a backup of the iOS device. This was addressed through improved\npasscode failure logic. \nCVE-ID\nCVE-2015-5850 : an anonymous researcher\n\nApplication Store\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Clicking a malicious ITMS link may lead to a denial of\nservice in an enterprise-signed application\nDescription:  An issue existed with installation through ITMS links. \nThis was addressed through additional installation verification. \nCVE-ID\nCVE-2015-5856 : Zhaofeng Chen, Hui Xue, and Tao (Lenx) Wei of\nFireEye, Inc. \n\nAudio\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Playing a malicious audio file may lead to an unexpected\napplication termination\nDescription:  A memory corruption issue existed in the handling of\naudio files. This issue issue was addressed through improved memory\nhandling. \nCVE-ID\nCVE-2015-5862 : YoungJin Yoon of Information Security Lab. (Adv.:\nProf. Taekyoung Kwon), Yonsei University, Seoul, Korea\n\nCertificate Trust Policy\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Update to the certificate trust policy\nDescription:  The certificate trust policy was updated. The complete\nlist of certificates may be viewed at https://support.apple.com/en-\nus/HT204132. \n\nCFNetwork\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A person with physical access to an iOS device may read\ncache data from Apple apps\nDescription:  Cache data was encrypted with a key protected only by\nthe hardware UID. This issue was addressed by encrypting the cache\ndata with a key protected by the hardware UID and the user\u0027s\npasscode. \nCVE-ID\nCVE-2015-5898 : Andreas Kurtz of NESO Security Labs\n\nCFNetwork Cookies\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  An attacker in a privileged network position can track a\nuser\u0027s activity\nDescription:  A cross-domain cookie issue existed in the handling of\ntop level domains. The issue was address through improved\nrestrictions of cookie creation. \nCVE-ID\nCVE-2015-5885 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua\nUniversity\n\nCFNetwork Cookies\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  An attacker may be able to create unintended cookies for a\nwebsite\nDescription:  WebKit would accept multiple cookies to be set in the\ndocument.cookie API. This issue was addressed through improved\nparsing. \nCVE-ID\nCVE-2015-3801 : Erling Ellingsen of Facebook\n\nCFNetwork FTPProtocol\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Malicious FTP servers may be able to cause the client to\nperform reconnaissance on other hosts\nDescription:  An issue existed in FTP packet handling if clients were\nusing an FTP proxy. \nCVE-ID\nCVE-2015-5912 : Amit Klein\n\nCFNetwork HTTPProtocol\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A maliciously crafted URL may be able to bypass HTTP Strict\nTransport Security (HSTS) and leak sensitive data\nDescription:  A URL parsing vulnerability existed in HSTS handling. \nThis issue was addressed through improved URL parsing. \nCVE-ID\nCVE-2015-5858 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua\nUniversity\n\nCFNetwork HTTPProtocol\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A malicious website may be able to track users in Safari\nprivate browsing mode\nDescription:  An issue existed in the handling of HSTS state in\nSafari private browsing mode. This issue was addressed through\nimproved state handling. \nCVE-ID\nCVE-2015-5860 : Sam Greenhalgh of RadicalResearch Ltd\n\nCFNetwork Proxies\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Connecting to a malicious web proxy may set malicious\ncookies for a website\nDescription:  An issue existed in the handling of proxy connect\nresponses. This issue was addressed by removing the set-cookie header\nwhile parsing the connect response. \nCVE-ID\nCVE-2015-5841 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua\nUniversity\n\nCFNetwork SSL\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  An attacker with a privileged network position may intercept\nSSL/TLS connections\nDescription:  A certificate validation issue existed in NSURL when a\ncertificate changed. This issue was addressed through improved\ncertificate validation. \nCVE-ID\nCVE-2015-5824 : Timothy J. Wood of The Omni Group\n\nCFNetwork SSL\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  An attacker may be able to decrypt data protected by SSL\nDescription:  There are known attacks on the confidentiality of RC4. \nAn attacker could force the use of RC4, even if the server preferred\nbetter ciphers, by blocking TLS 1.0 and higher connections until\nCFNetwork tried SSL 3.0, which only allows RC4. This issue was\naddressed by removing the fallback to SSL 3.0. \n\nCoreAnimation\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A malicious application may be able to leak sensitive user\ninformation\nDescription:  Applications could access the screen framebuffer while\nthey were in the background. This issue was addressed with improved\naccess control on IOSurfaces. \nCVE-ID\nCVE-2015-5880 : Jin Han, Su Mon Kywe, Qiang Yan, Robert Deng, Debin\nGao, Yingjiu Li of School of Information Systems Singapore Management\nUniversity,  Feng Bao and Jianying Zhou of Cryptography and Security\nDepartment Institute for Infocomm Research\n\nCoreCrypto\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  An attacker may be able to determine a private key\nDescription:  By observing many signing or decryption attempts, an\nattacker may have been able to determine the RSA private key. This\nissue was addressed using improved encryption algorithms. \n\nCoreText\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription:  A memory corruption issue existed in the processing of\nfont files. This issue was addressed through improved input\nvalidation. \nCVE-ID\nCVE-2015-5874 : John Villamil (@day6reak), Yahoo Pentest Team\n\nData Detectors Engine\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Processing a maliciously crafted text file may lead to\narbitrary code execution\nDescription:  Memory corruption issues existed in the processing of\ntext files. These issues were addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2015-5829 : M1x7e1 of Safeye Team (www.safeye.org)\n\nDev Tools\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  A memory corruption issue existed in dyld. This was\naddressed through improved memory handling. \nCVE-ID\nCVE-2015-5876 : beist of grayhash\n\ndyld\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  An application may be able to bypass code signing\nDescription:  An issue existed with validation of the code signature\nof executables. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2015-5839 : @PanguTeam, TaiG Jailbreak Team\n\nDisk Images\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A local user may be able to execute arbitrary code with\nsystem privileges\nDescription:  A memory corruption issue existed in DiskImages. This\nissue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-5847 : Filippo Bigarella, Luca Todesco\n\nGame Center\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A malicious Game Center application may be able to access a\nplayer\u0027s email address\nDescription:  An issue existed in Game Center in the handling of a\nplayer\u0027s email. This issue was addressed through improved access\nrestrictions. \nCVE-ID\nCVE-2015-5855 : Nasser Alnasser\n\nICU\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Multiple vulnerabilities in ICU\nDescription:  Multiple vulnerabilities existed in ICU versions prior\nto 53.1.0. These issues were addressed by updating ICU to version\n55.1. \nCVE-ID\nCVE-2014-8146\nCVE-2015-1205\n\nIOAcceleratorFamily\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A malicious application may be able to determine kernel\nmemory layout\nDescription:  An issue existed that led to the disclosure of kernel\nmemory content. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2015-5834 : Cererdlong of Alibaba Mobile Security Team\n\nIOAcceleratorFamily\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A local user may be able to execute arbitrary code with\nsystem privileges\nDescription:  A memory corruption issue existed in\nIOAcceleratorFamily. This issue was addressed through improved memory\nhandling. \nCVE-ID\nCVE-2015-5848 : Filippo Bigarella\n\nIOHIDFamily\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  A memory corruption issue existed in IOHIDFamily. This\nissue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-5867 : moony li of Trend Micro\n\nIOKit\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  A memory corruption issue existed in the kernel. This\nissue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-5844 : Filippo Bigarella\nCVE-2015-5845 : Filippo Bigarella\nCVE-2015-5846 : Filippo Bigarella\n\nIOMobileFrameBuffer\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A local user may be able to execute arbitrary code with\nsystem privileges\nDescription:  A memory corruption issue existed in\nIOMobileFrameBuffer. This issue was addressed through improved memory\nhandling. \nCVE-ID\nCVE-2015-5843 : Filippo Bigarella\n\nIOStorageFamily\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A local attacker may be able to read kernel memory\nDescription:  A memory initialization issue existed in the kernel. \nThis issue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-5863 : Ilja van Sprundel of IOActive\n\niTunes Store\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  AppleID credentials may persist in the keychain after sign\nout\nDescription:  An issue existed in keychain deletion. This issue was\naddressed through improved account cleanup. \nCVE-ID\nCVE-2015-5832 : Kasif Dekel from Check Point Software Technologies\n\nJavaScriptCore\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription:  Memory corruption issues existed in WebKit. These\nissues were addressed through improved memory handling. \nCVE-ID\nCVE-2015-5791 : Apple\nCVE-2015-5793 : Apple\nCVE-2015-5814 : Apple\nCVE-2015-5816 : Apple\nCVE-2015-5822 : Mark S. Miller of Google\nCVE-2015-5823 : Apple\n\nKernel\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A local user may be able to execute arbitrary code with\nkernel privileges\nDescription:  A memory corruption issue existed in the kernel. This\nissue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-5868 : Cererdlong of Alibaba Mobile Security Team\nCVE-2015-5896 : Maxime Villard of m00nbsd\nCVE-2015-5903 : CESG\n\nKernel\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A local attacker may control the value of stack cookies\nDescription:  Multiple weaknesses existed in the generation of user\nspace stack cookies. This was addressed through improved generation\nof stack cookies. \nCVE-ID\nCVE-2013-3951 : Stefan Esser\n\nKernel\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A local process can modify other processes without\nentitlement checks\nDescription:  An issue existed where root processes using the\nprocessor_set_tasks API were allowed to retrieve the task ports of\nother processes. This issue was addressed through added entitlement\nchecks. \nCVE-ID\nCVE-2015-5882 : Pedro Vilaca, working from original research by Ming-\nchieh Pan and Sung-ting Tsai; Jonathan Levin\n\nKernel\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  An attacker may be able to launch denial of service attacks\non targeted TCP connections without knowing the correct sequence\nnumber\nDescription:  An issue existed in xnu\u0027s validation of TCP packet\nheaders. This issues was addressed through improved TCP packet header\nvalidation. \nCVE-ID\nCVE-2015-5879 : Jonathan Looney\n\nKernel\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  An attacker in a local LAN segment may disable IPv6 routing\nDescription:  An insufficient validation issue existed in handling of\nIPv6 router advertisements that allowed an attacker to set the hop\nlimit to an arbitrary value. This issue was addressed by enforcing a\nminimum hop limit. \nCVE-ID\nCVE-2015-5869 : Dennis Spindel Ljungmark\n\nKernel\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A local user may be able to determine kernel memory layout\nDescription:  An issue existed in XNU that led to the disclosure of\nkernel memory. This was addressed through improved initialization of\nkernel memory structures. \nCVE-ID\nCVE-2015-5842 : beist of grayhash\n\nKernel\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A local user may be able to cause a system denial of service\nDescription:  An issue existed in HFS drive mounting. This was\naddressed by additional validation checks. \nCVE-ID\nCVE-2015-5748 : Maxime Villard of m00nbsd\n\nlibc\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A local user may be able to execute arbitrary code with\nkernel privileges\nDescription:  A memory corruption issue existed in the kernel. This\nissue was addressed through improved memory handling. \nCVE-ID\nCVE-2014-8611 : Adrian Chadd and Alfred Perlstein of Norse\nCorporation\n\nlibpthread\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A local user may be able to execute arbitrary code with\nkernel privileges\nDescription:  A memory corruption issue existed in the kernel. This\nissue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-5899 : Lufeng Li of Qihoo 360 Vulcan Team\n\nMail\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  An attacker can send an email that appears to come from a\ncontact in the recipient\u0027s address book\nDescription:  An issue existed in the handling of the sender\u0027s\naddress. This issue was addressed through improved validation. \nCVE-ID\nCVE-2015-5857 : Emre Saglam of salesforce.com\n\nMultipeer Connectivity\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A local attacker may be able to observe unprotected\nmultipeer data\nDescription:  An issue existed in convenience initializer handling in\nwhich encryption could be actively downgraded to a non-encrypted\nsession. This issue was addressed by changing the convenience\ninitializer to require encryption. \nCVE-ID\nCVE-2015-5851 : Alban Diquet (@nabla_c0d3) of Data Theorem\n\nNetworkExtension\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A malicious application may be able to determine kernel\nmemory layout\nDescription:  An uninitialized memory issue in the kernel led to the\ndisclosure of kernel memory content. This issue was addressed through\nmemory initialization. \nCVE-ID\nCVE-2015-5831 : Maxime Villard of m00nbsd\n\nOpenSSL\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Multiple vulnerabilities in OpenSSL\nDescription:  Multiple vulnerabilities existed in OpenSSL versions\nprior to 0.9.8zg. These were addressed by updating OpenSSL to version\n0.9.8zg. \nCVE-ID\nCVE-2015-0286\nCVE-2015-0287\n\nPluginKit\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A malicious enterprise application can install extensions\nbefore the application has been trusted\nDescription:  An issue existed in the validation of extensions during\ninstallation. This was addressed through improved app verification. \nCVE-ID\nCVE-2015-5837 : Zhaofeng Chen, Hui Xue, and Tao (Lenx) Wei of\nFireEye, Inc. \n\nremovefile\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Processing malicious data may lead to unexpected application\ntermination\nDescription:  An overflow fault existed in the checkint division\nroutines. This issue was addressed with improved division routines. \nCVE-ID\nCVE-2015-5840 : an anonymous researcher\n\nSafari\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A local user may be able to read Safari bookmarks on a\nlocked iOS device without a passcode\nDescription:  Safari bookmark data was encrypted with a key protected\nonly by the hardware UID. This issue was addressed by encrypting the\nSafari bookmark data with a key protected by the hardware UID and the\nuser\u0027s passcode. \nCVE-ID\nCVE-2015-5903 : Jonathan Zdziarski\n\nSafari\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Visiting a malicious website may lead to user interface\nspoofing\nDescription:  An issue may have allowed a website to display content\nwith a URL from a different website. This issue was addressed through\nimproved URL handling. \nCVE-ID\nCVE-2015-5904 : Erling Ellingsen of Facebook, Lukasz Pilorz\n\nSafari\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Visiting a malicious website may lead to user interface\nspoofing\nDescription:  Navigating to a malicious website with a malformed\nwindow opener may have allowed the display of arbitrary URLs. This\nissue was addressed through improved handling of window openers. \nCVE-ID\nCVE-2015-5905 : Keita Haga of keitahaga.com\n\nSafari\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Users may be tracked by malicious websites using client\ncertificates\nDescription:  An issue existed in Safari\u0027s client certificate\nmatching for SSL authentication. This issue was addressed through\nimproved matching of valid client certificates. \nCVE-ID\nCVE-2015-1129 : Stefan Kraus of fluid Operations AG, Sylvain Munaut\nof Whatever s.a. \n\nSafari\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Visiting a malicious website may lead to user interface\nspoofing\nDescription:  Multiple user interface inconsistencies may have\nallowed a malicious website to display an arbitrary URL. These issues\nwere addressed through improved URL display logic. \nCVE-ID\nCVE-2015-5764 : Antonio Sanso (@asanso) of Adobe\nCVE-2015-5765 : Ron Masas\nCVE-2015-5767 : Krystian Kloskowski via Secunia, Masato Kinugawa\n\nSafari Safe Browsing\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Navigating to the IP address of a known malicious website\nmay not trigger a security warning\nDescription:  Safari\u0027s Safe Browsing feature did not warn users when\nvisiting known malicious websites by their IP addresses. The issue\nwas addressed through improved malicious site detection. \nRahul M of TagsDoc\n\nSecurity\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A malicious app may be able to intercept communication\nbetween apps\nDescription:  An issue existed that allowed a malicious app to\nintercept URL scheme communication between apps. This was mitigated\nby displaying a dialog when a URL scheme is used for the first time. \nCVE-ID\nCVE-2015-5835 : Teun van Run of FiftyTwoDegreesNorth B.V.; XiaoFeng\nWang of Indiana University, Luyi Xing of Indiana University, Tongxin\nLi of Peking University, Tongxin Li of Peking University, Xiaolong\nBai of Tsinghua University\n\nSiri\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A person with physical access to an iOS device may be able\nto use Siri to read notifications of content that is set not to be\ndisplayed at the lock screen\nDescription:  When a request was made to Siri, client side\nrestrictions were not being checked by the server. This issue was\naddressed through improved restriction checking. \nCVE-ID\nCVE-2015-5892 : Robert S Mozayeni, Joshua Donvito\n\nSpringBoard\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A person with physical access to an iOS device can reply to\nan audio message from the lock screen when message previews from the\nlock screen are disabled\nDescription:  A lock screen issue allowed users to reply to audio\nmessages when message previews were disabled. This issue was\naddressed through improved state management. \nCVE-ID\nCVE-2015-5861 : Daniel Miedema of Meridian Apps\n\nSpringBoard\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A malicious application may be able to spoof another\napplication\u0027s dialog windows\nDescription:  An access issue existed with privileged API calls. This\nissue was addressed through additional restrictions. \nCVE-ID\nCVE-2015-5838 : Min (Spark) Zheng, Hui Xue, Tao (Lenx) Wei, John C.S. \nLui\n\nSQLite\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Multiple vulnerabilities in SQLite v3.8.5\nDescription:  Multiple vulnerabilities existed in SQLite v3.8.5. \nThese issues were addressed by updating SQLite to version 3.8.10.2. \nCVE-ID\nCVE-2015-5895\n\ntidy\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription:  A memory corruption issue existed in Tidy. This issues\nwas addressed through improved memory handling. \nCVE-ID\nCVE-2015-5522 : Fernando Munoz of NULLGroup.com\nCVE-2015-5523 : Fernando Munoz of NULLGroup.com\n\nWebKit\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Object references may be leaked between isolated origins on\ncustom events, message events and pop state events\nDescription:  An object leak issue broke the isolation boundary\nbetween origins. This issue was addressed through improved isolation\nbetween origins. \nCVE-ID\nCVE-2015-5827 : Gildas\n\nWebKit\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription:  Memory corruption issues existed in WebKit. These\nissues were addressed through improved memory handling. \nCVE-ID\nCVE-2015-5789 : Apple\nCVE-2015-5790 : Apple\nCVE-2015-5792 : Apple\nCVE-2015-5794 : Apple\nCVE-2015-5795 : Apple\nCVE-2015-5796 : Apple\nCVE-2015-5797 : Apple\nCVE-2015-5799 : Apple\nCVE-2015-5800 : Apple\nCVE-2015-5801 : Apple\nCVE-2015-5802 : Apple\nCVE-2015-5803 : Apple\nCVE-2015-5804 : Apple\nCVE-2015-5805\nCVE-2015-5806 : Apple\nCVE-2015-5807 : Apple\nCVE-2015-5809 : Apple\nCVE-2015-5810 : Apple\nCVE-2015-5811 : Apple\nCVE-2015-5812 : Apple\nCVE-2015-5813 : Apple\nCVE-2015-5817 : Apple\nCVE-2015-5818 : Apple\nCVE-2015-5819 : Apple\nCVE-2015-5821 : Apple\n\nWebKit\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Visiting a malicious website may lead to unintended dialing\nDescription:  An issue existed in handling of tel://, facetime://,\nand facetime-audio:// URLs. This issue was addressed through improved\nURL handling. \nCVE-ID\nCVE-2015-5820 : Andrei Neculaesei, Guillaume Ross\n\nWebKit\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  QuickType may learn the last character of a password in a\nfilled-in web form\nDescription:  An issue existed in WebKit\u0027s handling of password input\ncontext. This issue was addressed through improved input context\nhandling. \nCVE-ID\nCVE-2015-5906 : Louis Romero of Google Inc. \n\nWebKit\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  An attacker in a privileged network position may be able to\nredirect to a malicious domain\nDescription:  An issue existed in the handling of resource caches on\nsites with invalid certificates. The issue was addressed by rejecting\nthe application cache of domains with invalid certificates. \nCVE-ID\nCVE-2015-5907 : Yaoqi Jia of National University of Singapore (NUS)\n\nWebKit\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A malicious website may exfiltrate data cross-origin\nDescription:  Safari allowed cross-origin stylesheets to be loaded\nwith non-CSS MIME types which could be used for cross-origin data\nexfiltration. This issue was addressed by limiting MIME types for\ncross-origin stylesheets. \nCVE-ID\nCVE-2015-5826 : filedescriptor, Chris Evans\n\nWebKit\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  The Performance API may allow a malicious website to leak\nbrowsing history, network activity, and mouse movements\nDescription:  WebKit\u0027s Performance API could have allowed a malicious\nwebsite to leak browsing history, network activity, and mouse\nmovements by measuring time. This issue was addressed by limiting\ntime resolution. \nCVE-ID\nCVE-2015-5825 : Yossi Oren et al. of Columbia University\u0027s Network\nSecurity Lab\n\nWebKit\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  An attacker in a privileged network position may be able to\nleak sensitive user information\nDescription:  An issue existed with Content-Disposition headers\ncontaining type attachment. This issue was addressed by disallowing\nsome functionality for type attachment pages. \nCVE-ID\nCVE-2015-5921 : Mickey Shkatov of the Intel(r) Advanced Threat\nResearch Team, Daoyuan Wu of Singapore Management University, Rocky\nK. C. Chang of Hong Kong Polytechnic University, Lukasz Pilorz,\nsuperhei of www.knownsec.com\n\nWebKit Canvas\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Visiting a malicious website may disclose image data from\nanother website\nDescription:  A cross-origin issue existed with \"canvas\" element\nimages in WebKit. This was addressed through improved tracking of\nsecurity origins. \nCVE-ID\nCVE-2015-5788 : Apple\n\nWebKit Page Loading\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  WebSockets may bypass mixed content policy enforcement\nDescription:  An insufficient policy enforcement issue allowed\nWebSockets to load mixed content. This issue was addressed by\nextending mixed content policy enforcement to WebSockets. \nKevin G Jones of Higher Logic\n\nInstallation note:\n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple\u0027s update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don\u0027t Install\nwill present the option the next time you connect your iOS device. \n\nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. You may manually\nobtain the update via the Check for Updates button within iTunes, or\nthe Software Update on your device. \n\nTo check that the iPhone, iPod touch, or iPad has been updated:\n\n* Navigate to Settings\n* Select General\n* Select About. The version after applying this update\nwill be \"9\". \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBCAAGBQJV+avFAAoJEBcWfLTuOo7tAOsQAKVBs+YG3HuMy0mc0rnpbRtU\n+bjdnzwBeQE6C6Fp/SlZroyYtutnPw9QoFbUpY9Kkcer08uPap6kUAcF72fD51tG\nUYmIe5WvDSMWD98pKsgDGUVfGdU1h135KpSfDgoiQrZK2GAPe2xCDupD42jIPLk2\n3qSyrYnVzfrCZ8uBk9j4gqoF5Ki6JSP/3Qm7hiPfhQXcMyQyIQ+2tJyQcSyGf5OM\nRgkmHwjIjkEb8jwwQ6h4LPMNuvqq8Kv6P4wQQeUl7RdtLJfafmFg+mV7bSmV/b28\nHk5EHQrQJ5fVl9jBFxti6aZrhrNr5yRL9yAdrpNB0rWfDN0z9emyGRrW2vli+Zv+\n0xXBZfAiNVAP53ou4gyVkLDZ+zx5lsWSADU1QWbIR2DY+WXUIN5QJ/ayFkNN9gqD\nWrFGHOc/l+Rq82uQi4ND0jTcYqhBG0MyooJf29orPA2tZeKvrcA4/6w12w6eJ7qA\naW5J+BByErqWft42I/JT3CbnK+GBEDHnj4GAeSMHuNolPNsoH5cv0G4yKigW0zLS\n81AzADTcBtKtaSD9aBAPAL6TTGUySmupF8flhHTMcpZh1MbAqo+bObMXUMvCrmST\nyq+5/R0gVuMN0BQ7adwI0akYApuqrNi/Mp9zT+JlU2wiSfaHm58Ugf8YAmc+sfjT\nrHWi1bvzskkrxRfuQ4mX\n=MnPh\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04746490\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04746490\nVersion: 1\n\nHPSBMU03380 rev.1 - HP System Management Homepage (SMH) on Linux and Windows,\nMultiple Vulnerabilities\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2015-07-20\nLast Updated: 2015-07-20\n\nPotential Security Impact: Remote Denial of Service (DoS), cross-site request\nforgery (CSRF), execution of arbitrary code, unauthorized modification,\nunauthorized access, disclosure of information\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nMultiple potential security vulnerabilities have been identified with HP\nSystem Management Homepage (SMH) on Linux and Windows. The vulnerabilities\ncould be exploited remotely resulting in Denial of Service (DoS), Cross-site\nRequest Forgery (CSRF), execution of arbitrary code, unauthorized\nmodification, unauthorized access, or disclosure of information. \n\nReferences:\n\nCVE-2014-0118 - Remote Denial of Service (DoS)\nCVE-2014-0226 - Remote Denial of Service (DoS)\nCVE-2014-0231 - Remote Denial of Service (DoS)\nCVE-2014-3523 - Remote Denial of Service (DoS)\nCVE-2014-3569 - Remote Denial of Service (DoS)\nCVE-2014-3570 - Remote Disclosure of Information\nCVE-2014-3571 - Remote Denial of Service (DoS)\nCVE-2014-3572 - Remote Disclosure of Information\nCVE-2014-8142 - Remote Code Execution\nCVE-2014-8275 - Unauthorized Modification\nCVE-2014-9427 - Remote Disclosure of Information\nCVE-2014-9652 - Remote Denial of Service (DoS)\nCVE-2014-9653 - Remote Denial of Service (DoS)\nCVE-2014-9705 - Remote Code Execution\nCVE-2015-0204 - Remote Disclosure of Information\nCVE-2015-0205 - Remote Unauthorized Access\nCVE-2015-0206 - Remote Denial of Service (DoS)\nCVE-2015-0207 - Remote Denial of Service (DoS)\nCVE-2015-0208 - Remote Denial of Service (DoS)\nCVE-2015-0209 - Remote Denial of Service (DoS)\nCVE-2015-0231 - Remote Denial of Service (DoS)\nCVE-2015-0232 - Remote Denial of Service (DoS), Execution of Arbitrary Code\nCVE-2015-0273 - Remote Execution of Arbitrary Code\nCVE-2015-0285 - Remote Disclosure of Information\nCVE-2015-0286 - Remote Denial of Service (DoS)\nCVE-2015-0287 - Remote Denial of Service (DoS)\nCVE-2015-0288 - Remote Denial of Service (DoS)\nCVE-2015-0289 - Remote Denial of Service (DoS)\nCVE-2015-0290 - Remote Denial of Service (DoS)\nCVE-2015-0291 - Remote Denial of Service (DoS)\nCVE-2015-0292 - Remote Denial of Service (DoS)\nCVE-2015-0293 - Remote Denial of Service (DoS)\nCVE-2015-1787 - Remote Denial of Service (DoS)\nCVE-2015-2301 - Remote Execution of Arbitrary Code\nCVE-2015-2331 - Remote Denial of Service (DoS), Execution of Arbitrary Code\nCVE-2015-2348 - Unauthorized Modification\nCVE-2015-2787 - Remote Execution of Arbitrary Code\nCVE-2015-2134 - Cross-site Request Forgery (CSRF)\nSSRT102109\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP System Management Homepage (SMH) prior to version 7.5.0\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2014-0118    (AV:N/AC:M/Au:N/C:N/I:N/A:P)       4.3\nCVE-2014-0226    (AV:N/AC:M/Au:N/C:P/I:P/A:P)       6.8\nCVE-2014-0231    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2014-3523    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2014-3569    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2014-3570    (AV:N/AC:L/Au:N/C:P/I:N/A:N)       5.0\nCVE-2014-3571    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2014-3572    (AV:N/AC:L/Au:N/C:N/I:P/A:N)       5.0\nCVE-2014-8142    (AV:N/AC:L/Au:N/C:P/I:P/A:P)       7.5\nCVE-2014-8275    (AV:N/AC:L/Au:N/C:N/I:P/A:N)       5.0\nCVE-2014-9427    (AV:N/AC:L/Au:N/C:P/I:P/A:P)       7.5\nCVE-2014-9652    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2014-9653    (AV:N/AC:L/Au:N/C:P/I:P/A:P)       7.5\nCVE-2014-9705    (AV:N/AC:L/Au:N/C:P/I:P/A:P)       7.5\nCVE-2015-0204    (AV:N/AC:M/Au:N/C:N/I:P/A:N)       4.3\nCVE-2015-0205    (AV:N/AC:L/Au:N/C:N/I:P/A:N)       5.0\nCVE-2015-0206    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2015-0207    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2015-0208    (AV:N/AC:M/Au:N/C:N/I:N/A:P)       4.3\nCVE-2015-0209    (AV:N/AC:M/Au:N/C:P/I:P/A:P)       6.8\nCVE-2015-0231    (AV:N/AC:L/Au:N/C:P/I:P/A:P)       7.5\nCVE-2015-0232    (AV:N/AC:M/Au:N/C:P/I:P/A:P)       6.8\nCVE-2015-0273    (AV:N/AC:L/Au:N/C:P/I:P/A:P)       7.5\nCVE-2015-0285    (AV:N/AC:M/Au:N/C:P/I:N/A:N)       4.3\nCVE-2015-0286    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2015-0287    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2015-0288    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2015-0289    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2015-0290    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2015-0291    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2015-0292    (AV:N/AC:L/Au:N/C:P/I:P/A:P)       7.5\nCVE-2015-0293    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2015-1787    (AV:N/AC:H/Au:N/C:N/I:N/A:P)       2.6\nCVE-2015-2301    (AV:N/AC:L/Au:N/C:P/I:P/A:P)       7.5\nCVE-2015-2331    (AV:N/AC:L/Au:N/C:P/I:P/A:P)       7.5\nCVE-2015-2348    (AV:N/AC:L/Au:N/C:N/I:P/A:N)       5.0\nCVE-2015-2787    (AV:N/AC:L/Au:N/C:P/I:P/A:P)       7.5\nCVE-2015-2134    (AV:N/AC:M/Au:S/C:P/I:P/A:P)       6.0\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has made the following software updates available to resolve the\nvulnerabilities for the impacted versions of HP System Management Homepage\n(SMH). \n\n  Please download the latest version of HP System Management Homepage (7.5.0)\nfrom the following location:\n\n    http://www.hp.com/go/smh\n\nHISTORY\nVersion:1 (rev.1) - 20 July 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel.  For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n=============================================================================\nFreeBSD-SA-15:06.openssl                                    Security Advisory\n                                                          The FreeBSD Project\n\nTopic:          Multiple OpenSSL vulnerabilities\n\nCategory:       contrib\nModule:         openssl\nAnnounced:      2015-03-19\nAffects:        All supported versions of FreeBSD. \nCorrected:      2015-03-19 17:40:43 UTC (stable/10, 10.1-STABLE)\n                2015-03-19 17:42:38 UTC (releng/10.1, 10.1-RELEASE-p7)\n                2015-03-19 17:40:43 UTC (stable/9, 9.3-STABLE)\n                2015-03-19 17:42:38 UTC (releng/9.3, 9.3-RELEASE-p11)\n                2015-03-19 17:40:43 UTC (stable/8, 8.4-STABLE)\n                2015-03-19 17:42:38 UTC (releng/8.4, 8.4-RELEASE-p25)\nCVE Name:       CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288,\n                CVE-2015-0289, CVE-2015-0293\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit \u003cURL:https://security.FreeBSD.org/\u003e. \n\nI.   Background\n\nFreeBSD includes software from the OpenSSL Project.  The OpenSSL Project is\na collaborative effort to develop a robust, commercial-grade, full-featured\nOpen Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols as well as a full-strength\ngeneral purpose cryptography library. \n\nAbstract Syntax Notation One (ASN.1) is a standard and notation that\ndescribes rules and structures for representing, encoding, transmitting,\nand decoding data in telecommunications and computer networking, which\nenables representation of objects that are independent of machine-specific\nencoding technique. \n\nII.  [CVE-2015-0293]\n\nIII. Impact\n\nA malformed elliptic curve private key file can cause server daemons using\nOpenSSL to crash, resulting in a Denial of Service.  [CVE-2015-0209]\n\nA remote attacker who is able to send specifically crafted certificates\nmay be able to crash an OpenSSL client or server. [CVE-2015-0287]\n\nAn attacker may be able to crash applications that create a new certificate\nrequest with subject name the same as in an existing, specifically crafted\ncertificate. \n\nIV.  Workaround\n\nNo workaround is available.   Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to a supported FreeBSD stable or\nrelease / security branch (releng) dated after the correction date. \n\n2) To update your vulnerable system via a binary patch:\n\nSystems running a RELEASE version of FreeBSD on the i386 or amd64\nplatforms can be updated via the freebsd-update(8) utility:\n\n# freebsd-update fetch\n# freebsd-update install\n\n3) To update your vulnerable system via a source code patch:\n\nThe following patches have been verified to apply to the applicable\nFreeBSD release branches. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n[FreeBSD 8.4 and FreeBSD 9.3]\n# fetch https://security.FreeBSD.org/patches/SA-15:06/openssl-0.9.8.patch\n# fetch https://security.FreeBSD.org/patches/SA-15:06/openssl-0.9.8.patch.asc\n# gpg --verify openssl-0.9.8.patch.asc\n\n[FreeBSD 10.1]\n# fetch https://security.FreeBSD.org/patches/SA-15:06/openssl-1.0.1.patch\n# fetch https://security.FreeBSD.org/patches/SA-15:06/openssl-1.0.1.patch.asc\n# gpg --verify openssl-1.0.1.patch.asc\n\nb) Apply the patch.  Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n\nc) Recompile the operating system using buildworld and installworld as\ndescribed in \u003cURL:https://www.FreeBSD.org/handbook/makeworld.html\u003e. \n\nRestart all deamons using the library, or reboot the system. \n\nVI.  Correction details\n\nThe following list contains the correction revision numbers for each\naffected branch. \n\nBranch/path                                                      Revision\n- -------------------------------------------------------------------------\nstable/8/                                                         r280266\nreleng/8.4/                                                       r280268\nstable/9/                                                         r280266\nreleng/9.3/                                                       r280268\nstable/10/                                                        r280266\nreleng/10.1/                                                      r280268\n- -------------------------------------------------------------------------\n\nTo see which files were modified by a particular revision, run the\nfollowing command, replacing NNNNNN with the revision number, on a\nmachine with Subversion installed:\n\n# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base\n\nOr visit the following URL, replacing NNNNNN with the revision number:\n\n\u003cURL:https://svnweb.freebsd.org/base?view=revision\u0026revision=NNNNNN\u003e\n\nVII. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/openssl-1.0.1m-i486-1_slack14.1.txz:  Upgraded. \n  Fixes several bugs and security issues:\n   o Segmentation fault in ASN1_TYPE_cmp fix (CVE-2015-0286)\n   o ASN.1 structure reuse memory corruption fix (CVE-2015-0287)\n   o PKCS7 NULL pointer dereferences fix (CVE-2015-0289)\n   o DoS via reachable assert in SSLv2 servers fix (CVE-2015-0293)\n   o Use After Free following d2i_ECPrivatekey error fix (CVE-2015-0209)\n   o X509_to_X509_REQ NULL pointer deref fix (CVE-2015-0288)\n   o Removed the export ciphers from the DEFAULT ciphers\n  For more information, see:\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288\n  (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project!  :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated packages for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zf-i486-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zf-i486-1_slack13.0.txz\n\nUpdated packages for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zf-x86_64-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zf-x86_64-1_slack13.0.txz\n\nUpdated packages for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zf-i486-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zf-i486-1_slack13.1.txz\n\nUpdated packages for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zf-x86_64-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zf-x86_64-1_slack13.1.txz\n\nUpdated packages for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zf-i486-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zf-i486-1_slack13.37.txz\n\nUpdated packages for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zf-x86_64-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zf-x86_64-1_slack13.37.txz\n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1m-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1m-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1m-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1m-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1m-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1m-i486-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1m-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1m-x86_64-1_slack14.1.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1m-i486-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1m-i486-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1m-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1m-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 13.0 packages:\n9ba57b2971962ceb6205ec7b7e6b84e7  openssl-0.9.8zf-i486-1_slack13.0.txz\n706ef57bb71992961584a3d957c5dbcb  openssl-solibs-0.9.8zf-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 packages:\n5f581b663798eacc8e7df4c292f33dbf  openssl-0.9.8zf-x86_64-1_slack13.0.txz\nfe5f33f4d2db08b4f8d724e62bf6e514  openssl-solibs-0.9.8zf-x86_64-1_slack13.0.txz\n\nSlackware 13.1 packages:\n1ef0ba15454da786993361c927084438  openssl-0.9.8zf-i486-1_slack13.1.txz\n2b3e20bcaa77f39512b6edcbc41b5471  openssl-solibs-0.9.8zf-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 packages:\nf8fae10a1936cf900d362b65d9b2c8df  openssl-0.9.8zf-x86_64-1_slack13.1.txz\n0093e35c46382eeef03a51421895ed65  openssl-solibs-0.9.8zf-x86_64-1_slack13.1.txz\n\nSlackware 13.37 packages:\n7d4dd0f76252c98622a5f5939f6f0674  openssl-0.9.8zf-i486-1_slack13.37.txz\ne5cde01c0773ac78d33964e4107878df  openssl-solibs-0.9.8zf-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 packages:\n379424e15bd378e00a5ba0c709432429  openssl-0.9.8zf-x86_64-1_slack13.37.txz\n54832ad7e5440ce1c496be47fec9140d  openssl-solibs-0.9.8zf-x86_64-1_slack13.37.txz\n\nSlackware 14.0 packages:\n8abafa33d2bf90b6cd8be849c0d9a643  openssl-1.0.1m-i486-1_slack14.0.txz\nbac56213a540586d801d7b57608396de  openssl-solibs-1.0.1m-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\nb4c6c971e74b678c68671feed18fa7dc  openssl-1.0.1m-x86_64-1_slack14.0.txz\nacac871e22b5de998544c2f6431c0139  openssl-solibs-1.0.1m-x86_64-1_slack14.0.txz\n\nSlackware 14.1 packages:\nc1f47f1f1ba5a13d6ac2ef2ae48bfb4c  openssl-1.0.1m-i486-1_slack14.1.txz\nb7b1761ae1585f406d303273812043d3  openssl-solibs-1.0.1m-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\n1c6e11e2e3454836d5a3e9243f7c7738  openssl-1.0.1m-x86_64-1_slack14.1.txz\n25b7a704816a2123463ddbfabbc1b86d  openssl-solibs-1.0.1m-x86_64-1_slack14.1.txz\n\nSlackware -current packages:\n0926b2429e1326c8ab9bcbbda056dc66  a/openssl-solibs-1.0.1m-i486-1.txz\nb6252d0f141eba7b0a8e8c5bbdc314f0  n/openssl-1.0.1m-i486-1.txz\n\nSlackware x86_64 -current packages:\n99b903f556c7a2d5ec283f04c2f5a650  a/openssl-solibs-1.0.1m-x86_64-1.txz\n9ecb47e0b70bd7f8064c96fb2211c4b7  n/openssl-1.0.1m-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the packages as root:\n# upgradepkg openssl-1.0.1m-i486-1_slack14.1.txz openssl-solibs-1.0.1m-i486-1_slack14.1.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list:                          |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message:                                                     |\n|                                                                        |\n|   unsubscribe slackware-security                                       |\n|                                                                        |\n| You will get a confirmation message back containing instructions to    |\n| complete the process.  Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: Red Hat JBoss Core Services Apache HTTP 2.4.23 Release\nAdvisory ID:       RHSA-2016:2957-01\nProduct:           Red Hat JBoss Core Services\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2016-2957.html\nIssue date:        2016-12-15\nCVE Names:         CVE-2012-1148 CVE-2014-3523 CVE-2014-8176 \n                   CVE-2015-0209 CVE-2015-0286 CVE-2015-3185 \n                   CVE-2015-3194 CVE-2015-3195 CVE-2015-3196 \n                   CVE-2015-3216 CVE-2016-0702 CVE-2016-0705 \n                   CVE-2016-0797 CVE-2016-0799 CVE-2016-1762 \n                   CVE-2016-1833 CVE-2016-1834 CVE-2016-1835 \n                   CVE-2016-1836 CVE-2016-1837 CVE-2016-1838 \n                   CVE-2016-1839 CVE-2016-1840 CVE-2016-2105 \n                   CVE-2016-2106 CVE-2016-2107 CVE-2016-2108 \n                   CVE-2016-2109 CVE-2016-2177 CVE-2016-2178 \n                   CVE-2016-2842 CVE-2016-3627 CVE-2016-3705 \n                   CVE-2016-4447 CVE-2016-4448 CVE-2016-4449 \n                   CVE-2016-4459 CVE-2016-4483 CVE-2016-5419 \n                   CVE-2016-5420 CVE-2016-6808 CVE-2016-7141 \n                   CVE-2016-8612 \n=====================================================================\n\n1. Summary:\n\nRed Hat JBoss Core Services httpd 2.4.23 is now available from the Red Hat\nCustomer Portal for Solaris and Microsoft Windows systems. \n\nRed Hat Product Security has rated this release as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. Description:\n\nThis release of Red Hat JBoss Core Services httpd 2.4.23 serves as a\nreplacement for JBoss Core Services Apache HTTP Server 2.4.6. (CVE-2014-8176,\nCVE-2015-0209, CVE-2015-0286, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196,\nCVE-2015-3216, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0799,\nCVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109,\nCVE-2016-2177, CVE-2016-2178, CVE-2016-2842)\n\n* This update fixes several flaws in libxml2. (CVE-2016-1762,\nCVE-2016-1833, CVE-2016-1834, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837,\nCVE-2016-1838, CVE-2016-1839, CVE-2016-1840, CVE-2016-3627, CVE-2016-3705,\nCVE-2016-4447, CVE-2016-4448, CVE-2016-4449, CVE-2016-4483)\n\n* This update fixes three flaws in curl. (CVE-2016-5419, CVE-2016-5420,\nCVE-2016-7141)\n\n* This update fixes two flaws in httpd. (CVE-2016-4459,\nCVE-2016-8612)\n\n* A buffer overflow flaw when concatenating virtual host names and URIs was\nfixed in mod_jk. (CVE-2016-6808)\n\n* A memory leak flaw was fixed in expat. (CVE-2012-1148)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2014-8176, CVE-2015-0286, CVE-2016-2108, CVE-2016-2105, CVE-2016-2106,\nCVE-2016-2107, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0799,\nand CVE-2016-2842. Upstream acknowledges Stephen Henson (OpenSSL development team)\nas the original reporter of CVE-2015-0286; Huzaifa Sidhpurwala (Red Hat),\nHanno BAPck, and David Benjamin (Google) as the original reporters of\nCVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2105,\nCVE-2016-2106, CVE-2016-0797, CVE-2016-0799, and CVE-2016-2842; Juraj\nSomorovsky as the original reporter of CVE-2016-2107; Yuval Yarom\n(University of Adelaide and NICTA), Daniel Genkin (Technion and Tel Aviv\nUniversity), and Nadia Heninger (University of Pennsylvania) as the\noriginal reporters of CVE-2016-0702; and Adam Langley (Google/BoringSSL) as\nthe original reporter of CVE-2016-0705. \n\nSee the corresponding CVE pages linked to in the References section for\nmore information about each of the flaws listed in this advisory. Solution:\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss Web Server installation (including all applications\nand configuration files). \n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically. Bugs fixed (https://bugzilla.redhat.com/):\n\n801648 - CVE-2012-1148 expat: Memory leak in poolGrow\n1121519 - CVE-2014-3523 httpd: WinNT MPM denial of service\n1196737 - CVE-2015-0209 openssl: use-after-free on invalid EC private key import\n1202366 - CVE-2015-0286 openssl: invalid pointer use in ASN1_TYPE_cmp()\n1227574 - CVE-2015-3216 openssl: Crash in ssleay_rand_bytes due to locking regression\n1228611 - CVE-2014-8176 OpenSSL: Invalid free in DTLS\n1243888 - CVE-2015-3185 httpd: ap_some_auth_required() does not properly indicate authenticated request in 2.4\n1288320 - CVE-2015-3194 OpenSSL: Certificate verify crash with missing PSS parameter\n1288322 - CVE-2015-3195 OpenSSL: X509_ATTRIBUTE memory leak\n1288326 - CVE-2015-3196 OpenSSL: Race condition handling PSK identify hint\n1310596 - CVE-2016-0705 OpenSSL: Double-free in DSA code\n1310599 - CVE-2016-0702 OpenSSL: Side channel attack on modular exponentiation\n1311880 - CVE-2016-0797 OpenSSL: BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption\n1312219 - CVE-2016-0799 OpenSSL: Fix memory issues in BIO_*printf functions\n1314757 - CVE-2016-2842 openssl: doapr_outch function does not verify that certain memory allocation succeeds\n1319829 - CVE-2016-3627 libxml2: stack exhaustion while parsing xml files in recovery mode\n1330101 - CVE-2016-2109 openssl: ASN.1 BIO handling of large amounts of data\n1331402 - CVE-2016-2108 openssl: Memory corruption in the ASN.1 encoder\n1331426 - CVE-2016-2107 openssl: Padding oracle in AES-NI CBC MAC check\n1331441 - CVE-2016-2105 openssl: EVP_EncodeUpdate overflow\n1331536 - CVE-2016-2106 openssl: EVP_EncryptUpdate overflow\n1332443 - CVE-2016-3705 libxml2: stack overflow before detecting invalid XML file\n1332820 - CVE-2016-4483 libxml2: out-of-bounds read\n1338682 - CVE-2016-1833 libxml2: Heap-based buffer overread in htmlCurrentChar\n1338686 - CVE-2016-4447 libxml2: Heap-based buffer underreads due to xmlParseName\n1338691 - CVE-2016-1835 libxml2: Heap use-after-free in xmlSAX2AttributeNs\n1338696 - CVE-2016-1837 libxml2: Heap use-after-free in htmlPArsePubidLiteral and htmlParseSystemiteral\n1338700 - CVE-2016-4448 libxml2: Format string vulnerability\n1338701 - CVE-2016-4449 libxml2: Inappropriate fetch of entities content\n1338702 - CVE-2016-1836 libxml2: Heap use-after-free in xmlDictComputeFastKey\n1338703 - CVE-2016-1839 libxml2: Heap-based buffer overread in xmlDictAddString\n1338705 - CVE-2016-1838 libxml2: Heap-based buffer overread in xmlPArserPrintFileContextInternal\n1338706 - CVE-2016-1840 libxml2: Heap-buffer-overflow in xmlFAParserPosCharGroup\n1338708 - CVE-2016-1834 libxml2: Heap-buffer-overflow in xmlStrncat\n1338711 - CVE-2016-1762 libxml2: Heap-based buffer-overread in xmlNextChar\n1341583 - CVE-2016-4459 mod_cluster: Buffer overflow in mod_manager when sending request with long JVMRoute\n1341705 - CVE-2016-2177 openssl: Possible integer overflow vulnerabilities in codebase\n1343400 - CVE-2016-2178 openssl: Non-constant time codepath followed for certain operations in DSA implementation\n1362183 - CVE-2016-5419 curl: TLS session resumption client cert bypass\n1362190 - CVE-2016-5420 curl: Re-using connection with wrong client cert\n1373229 - CVE-2016-7141 curl: Incorrect reuse of client certificates\n1382352 - CVE-2016-6808 mod_jk: Buffer overflow when concatenating virtual host name and URI\n1387605 - CVE-2016-8612 JBCS mod_cluster: Protocol parsing logic error\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nJBCS-50 - CVE-2012-1148 CVE-2012-0876 expat: various flaws [jbews-3.0.0]\nJBCS-95 - CVE-2014-3523 httpd: WinNT MPM denial of service\n\n6. References:\n\nhttps://access.redhat.com/security/cve/CVE-2012-1148\nhttps://access.redhat.com/security/cve/CVE-2014-3523\nhttps://access.redhat.com/security/cve/CVE-2014-8176\nhttps://access.redhat.com/security/cve/CVE-2015-0209\nhttps://access.redhat.com/security/cve/CVE-2015-0286\nhttps://access.redhat.com/security/cve/CVE-2015-3185\nhttps://access.redhat.com/security/cve/CVE-2015-3194\nhttps://access.redhat.com/security/cve/CVE-2015-3195\nhttps://access.redhat.com/security/cve/CVE-2015-3196\nhttps://access.redhat.com/security/cve/CVE-2015-3216\nhttps://access.redhat.com/security/cve/CVE-2016-0702\nhttps://access.redhat.com/security/cve/CVE-2016-0705\nhttps://access.redhat.com/security/cve/CVE-2016-0797\nhttps://access.redhat.com/security/cve/CVE-2016-0799\nhttps://access.redhat.com/security/cve/CVE-2016-1762\nhttps://access.redhat.com/security/cve/CVE-2016-1833\nhttps://access.redhat.com/security/cve/CVE-2016-1834\nhttps://access.redhat.com/security/cve/CVE-2016-1835\nhttps://access.redhat.com/security/cve/CVE-2016-1836\nhttps://access.redhat.com/security/cve/CVE-2016-1837\nhttps://access.redhat.com/security/cve/CVE-2016-1838\nhttps://access.redhat.com/security/cve/CVE-2016-1839\nhttps://access.redhat.com/security/cve/CVE-2016-1840\nhttps://access.redhat.com/security/cve/CVE-2016-2105\nhttps://access.redhat.com/security/cve/CVE-2016-2106\nhttps://access.redhat.com/security/cve/CVE-2016-2107\nhttps://access.redhat.com/security/cve/CVE-2016-2108\nhttps://access.redhat.com/security/cve/CVE-2016-2109\nhttps://access.redhat.com/security/cve/CVE-2016-2177\nhttps://access.redhat.com/security/cve/CVE-2016-2178\nhttps://access.redhat.com/security/cve/CVE-2016-2842\nhttps://access.redhat.com/security/cve/CVE-2016-3627\nhttps://access.redhat.com/security/cve/CVE-2016-3705\nhttps://access.redhat.com/security/cve/CVE-2016-4447\nhttps://access.redhat.com/security/cve/CVE-2016-4448\nhttps://access.redhat.com/security/cve/CVE-2016-4449\nhttps://access.redhat.com/security/cve/CVE-2016-4459\nhttps://access.redhat.com/security/cve/CVE-2016-4483\nhttps://access.redhat.com/security/cve/CVE-2016-5419\nhttps://access.redhat.com/security/cve/CVE-2016-5420\nhttps://access.redhat.com/security/cve/CVE-2016-6808\nhttps://access.redhat.com/security/cve/CVE-2016-7141\nhttps://access.redhat.com/security/cve/CVE-2016-8612\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.apachehttp\u0026downloadType=distributions\u0026version=2.4.23\nhttps://access.redhat.com/documentation/en/red-hat-jboss-core-services-apache-http-server/version-2.4.23/apache-http-server-2423-release-notes/\n\n7. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. ============================================================================\nUbuntu Security Notice USN-2537-1\nMarch 19, 2015\n\nopenssl vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.10\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n- Ubuntu 10.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in OpenSSL. \n\nSoftware Description:\n- openssl: Secure Socket Layer (SSL) cryptographic library and tools\n\nDetails:\n\nIt was discovered that OpenSSL incorrectly handled malformed EC private key\nfiles. (CVE-2015-0293)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.10:\n  libssl1.0.0                     1.0.1f-1ubuntu9.4\n\nUbuntu 14.04 LTS:\n  libssl1.0.0                     1.0.1f-1ubuntu2.11\n\nUbuntu 12.04 LTS:\n  libssl1.0.0                     1.0.1-4ubuntu5.25\n\nUbuntu 10.04 LTS:\n  libssl0.9.8                     0.9.8k-7ubuntu8.27\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2015-06-30-2 OS X Yosemite v10.10.4 and Security Update\n2015-005\n\nOS X Yosemite v10.10.4 and Security Update 2015-005 are now available\nand address the following:\n\nAdmin Framework\nAvailable for:  OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact:  A process may gain admin privileges without proper\nauthentication\nDescription:  An issue existed when checking XPC entitlements. \nCVE-ID\nCVE-2015-3671 : Emil Kvarnhammar at TrueSec\n\nAdmin Framework\nAvailable for:  OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact:  A non-admin user may obtain admin rights\nDescription:  An issue existed in the handling of user\nauthentication. \nCVE-ID\nCVE-2015-3672 : Emil Kvarnhammar at TrueSec\n\nAdmin Framework\nAvailable for:  OS X Yosemite v10.10 to v10.10.3\nImpact:  An attacker may abuse Directory Utility to gain root\nprivileges\nDescription:  Directory Utility was able to be moved and modified to\nachieve code execution within an entitled process. \nCVE-ID\nCVE-2015-3674 : Dean Jerkovich of NCC Group\n\napache\nAvailable for:  OS X Yosemite v10.10 to v10.10.3\nImpact:  An attacker may be able to access directories that are\nprotected with HTTP authentication without knowing the correct\ncredentials\nDescription:  The default Apache configuration did not include\nmod_hfs_apple. If Apache was manually enabled and the configuration\nwas not changed, some files that should not be accessible might have\nbeen accessible using a specially crafted URL. \nCVE-ID\nCVE-2015-1157\nCVE-2015-3685 : Apple\nCVE-2015-3686 : John Villamil (@day6reak), Yahoo Pentest Team\nCVE-2015-3687 : John Villamil (@day6reak), Yahoo Pentest Team\nCVE-2015-3688 : John Villamil (@day6reak), Yahoo Pentest Team\nCVE-2015-3689 : Apple\n\ncoreTLS\nAvailable for:  OS X Yosemite v10.10 to v10.10.3\nImpact:  An attacker with a privileged network position may intercept\nSSL/TLS connections\nDescription:  coreTLS accepted short ephemeral Diffie-Hellman (DH)\nkeys, as used in export-strength ephemeral DH cipher suites. This\nissue, also known as Logjam, allowed an attacker with a privileged\nnetwork position to downgrade security to 512-bit DH if the server\nsupported an export-strength ephemeral DH cipher suite. The issue was\naddressed by increasing the default minimum size allowed for DH\nephemeral keys to 768 bits. \nCVE-ID\nCVE-2015-3692 : Trammell Hudson of Two Sigma Investments, Xeno Kovah\nand Corey Kallenberg of LegbaCore LLC, Pedro Vilaca\n\nEFI\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact:  A malicious application may induce memory corruption to\nescalate privileges\nDescription:  A disturbance error, also known as Rowhammer, exists\nwith some DDR3 RAM that could have led to memory corruption. \nCVE-ID\nCVE-2015-3712 : Ian Beer of Google Project Zero\n\nIntel Graphics Driver\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact:  Multiple buffer overflow issues exist in the Intel graphics\ndriver, the most serious of which may lead to arbitrary code\nexecution with system privileges\nDescription:  Multiple buffer overflow issues existed in the Intel\ngraphics driver. \nCVE-ID\nCVE-2015-3695 : Ian Beer of Google Project Zero\nCVE-2015-3696 : Ian Beer of Google Project Zero\nCVE-2015-3697 : Ian Beer of Google Project Zero\nCVE-2015-3698 : Ian Beer of Google Project Zero\nCVE-2015-3699 : Ian Beer of Google Project Zero\nCVE-2015-3700 : Ian Beer of Google Project Zero\nCVE-2015-3701 : Ian Beer of Google Project Zero\nCVE-2015-3702 : KEEN Team\n\nImageIO\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact:  Multiple vulnerabilities existed in libtiff, the most\nserious of which may lead to arbitrary code execution\nDescription:  Multiple vulnerabilities existed in libtiff versions\nprior to 4.0.4. \nCVE-ID\nCVE-2015-3709 : Ian Beer of Google Project Zero\n\nMail\nAvailable for:  OS X Yosemite v10.10 to v10.10.3\nImpact:  A maliciously crafted email can replace the message content\nwith an arbitrary webpage when the message is viewed\nDescription:  An issue existed in the support for HTML email which\nallowed message content to be refreshed with an arbitrary webpage. \nCVE-ID\nCVE-2015-3711 : Peter Rutenbar working with HP\u0027s Zero Day Initiative\n\nntp\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact:  An attacker in a privileged position may be able to perform\na denial of service attack against two ntp clients\nDescription:  Multiple issues existed in the authentication of ntp\npackets being received by configured end-points. Geshev working with HP\u0027s Zero Day Initiative\nCVE-2015-3662 : kdot working with HP\u0027s Zero Day Initiative\nCVE-2015-3663 : kdot working with HP\u0027s Zero Day Initiative\nCVE-2015-3666 : Steven Seeley of Source Incite working with HP\u0027s Zero\nDay Initiative\nCVE-2015-3667 : Ryan Pentney, Richard Johnson of Cisco Talos and Kai\nLu of Fortinet\u0027s FortiGuard Labs, Ryan Pentney, and Richard Johnson\nof Cisco Talos and Kai Lu of Fortinet\u0027s FortiGuard Labs\nCVE-2015-3668 : Kai Lu of Fortinet\u0027s FortiGuard Labs\nCVE-2015-3713 : Apple\n\nSecurity\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact:  A remote attacker may cause an unexpected application\ntermination or arbitrary code execution\nDescription:  An integer overflow existed in the Security framework\ncode for parsing S/MIME e-mail and some other signed or encrypted\nobjects. \nCVE-ID\nCVE-2013-1741\n\nSecurity\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact:  Tampered applications may not be prevented from launching\nDescription:  Apps using custom resource rules may have been\nsusceptible to tampering that would not have invalidated the\nsignature. \nCVE-ID\nCVE-2015-3715 : Patrick Wardle of Synack\n\nSpotlight\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact:  Searching for a malicious file with Spotlight may lead to\ncommand injection\nDescription:  A command injection vulnerability existed in the\nhandling of filenames of photos added to the local photo library. By sending a maliciously\nformatted message to systemstatsd, it may have been possible to\nexecute arbitrary code as the systemstatsd process. \nCVE-ID\n\nCVE-2014-8139\nCVE-2014-8140\nCVE-2014-8141\n\n\nOS X Yosemite 10.10.4 includes the security content of Safari 8.0.7",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2015-0286"
          },
          {
            "db": "BID",
            "id": "73225"
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-0286"
          },
          {
            "db": "PACKETSTORM",
            "id": "130912"
          },
          {
            "db": "PACKETSTORM",
            "id": "133317"
          },
          {
            "db": "PACKETSTORM",
            "id": "130933"
          },
          {
            "db": "PACKETSTORM",
            "id": "133616"
          },
          {
            "db": "PACKETSTORM",
            "id": "132763"
          },
          {
            "db": "PACKETSTORM",
            "id": "130932"
          },
          {
            "db": "PACKETSTORM",
            "id": "131585"
          },
          {
            "db": "PACKETSTORM",
            "id": "140182"
          },
          {
            "db": "PACKETSTORM",
            "id": "130914"
          },
          {
            "db": "PACKETSTORM",
            "id": "132518"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2015-0286",
            "trust": 3.0
          },
          {
            "db": "BID",
            "id": "73225",
            "trust": 2.0
          },
          {
            "db": "JUNIPER",
            "id": "JSA10680",
            "trust": 2.0
          },
          {
            "db": "SECTRACK",
            "id": "1032917",
            "trust": 1.7
          },
          {
            "db": "SECTRACK",
            "id": "1031929",
            "trust": 1.7
          },
          {
            "db": "MCAFEE",
            "id": "SB10110",
            "trust": 1.7
          },
          {
            "db": "SIEMENS",
            "id": "SSA-412672",
            "trust": 1.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.0696",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201503-398",
            "trust": 0.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-22-349-21",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-0286",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "130912",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "133317",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "130933",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "133616",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "132763",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "130932",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "131585",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "140182",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "130914",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "132518",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2015-0286"
          },
          {
            "db": "BID",
            "id": "73225"
          },
          {
            "db": "PACKETSTORM",
            "id": "130912"
          },
          {
            "db": "PACKETSTORM",
            "id": "133317"
          },
          {
            "db": "PACKETSTORM",
            "id": "130933"
          },
          {
            "db": "PACKETSTORM",
            "id": "133616"
          },
          {
            "db": "PACKETSTORM",
            "id": "132763"
          },
          {
            "db": "PACKETSTORM",
            "id": "130932"
          },
          {
            "db": "PACKETSTORM",
            "id": "131585"
          },
          {
            "db": "PACKETSTORM",
            "id": "140182"
          },
          {
            "db": "PACKETSTORM",
            "id": "130914"
          },
          {
            "db": "PACKETSTORM",
            "id": "132518"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201503-398"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-0286"
          }
        ]
      },
      "id": "VAR-201503-0055",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.22222222
      },
      "last_update_date": "2026-03-09T23:25:56.069000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "openssl-1.0.0r",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=54508"
          },
          {
            "title": "openssl-0.9.8zf",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=54507"
          },
          {
            "title": "openssl-1.0.2a",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=54510"
          },
          {
            "title": "openssl-1.0.1m",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=54509"
          },
          {
            "title": "Red Hat: CVE-2015-0286",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2015-0286"
          },
          {
            "title": "Ubuntu Security Notice: openssl vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-2537-1"
          },
          {
            "title": "Amazon Linux AMI: ALAS-2015-498",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2015-498"
          },
          {
            "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP 2.4.23 Release",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20162957 - Security Advisory"
          },
          {
            "title": "Tenable Security Advisories: [R6] OpenSSL \u002720150319\u0027 Advisory Affects Tenable Products",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=TNS-2015-04"
          },
          {
            "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2015",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=2a43c5799a7dd07d6c0a92a3b040d12f"
          },
          {
            "title": "Cisco: Multiple Vulnerabilities in OpenSSL (March 2015) Affecting Cisco Products",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20150320-openssl"
          },
          {
            "title": "Oracle: Oracle Critical Patch Update Advisory - October 2015",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=744c19dc9f4f70ad58059bf8733ec9c1"
          },
          {
            "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2015",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=eaf98750f1130c39e83765575c69e165"
          },
          {
            "title": "Symantec Security Advisories: SA92 : OpenSSL Security Advisory 19-Mar-2015",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=07adc2b6f5910b64efc7296f227b9f10"
          },
          {
            "title": "Citrix Security Bulletins: Multiple Security Vulnerabilities in Citrix NetScaler Platform IPMI Lights Out Management (LOM) firmware",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=eb059834b7f24e2562bcf592b6d0afbc"
          },
          {
            "title": "Oracle: Oracle Critical Patch Update Advisory - July 2015",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=459961024c4bdce7bb3a1a40a65a6f2e"
          },
          {
            "title": "Oracle: Oracle Critical Patch Update Advisory - October 2016",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=05aabe19d38058b7814ef5514aab4c0c"
          },
          {
            "title": "Oracle: Oracle Critical Patch Update Advisory - January 2016",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=63802a6c83b107c4e6e0c7f9241a66a8"
          },
          {
            "title": "Oracle: Oracle Critical Patch Update Advisory - April 2017",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=143b3fb255063c81571469eaa3cf0a87"
          },
          {
            "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
          },
          {
            "title": "Oracle: Oracle Critical Patch Update Advisory - July 2017",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=2f446a7e1ea263c0c3a365776c6713f2"
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/Live-Hack-CVE/CVE-2015-0286 "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2015-0286"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201503-398"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-17",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2015-0286"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 2.1,
            "url": "https://www.openssl.org/news/secadv_20150319.txt"
          },
          {
            "trust": 2.0,
            "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
          },
          {
            "trust": 2.0,
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
          },
          {
            "trust": 2.0,
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
          },
          {
            "trust": 2.0,
            "url": "https://support.citrix.com/article/ctx216642"
          },
          {
            "trust": 1.8,
            "url": "http://www.ubuntu.com/usn/usn-2537-1"
          },
          {
            "trust": 1.8,
            "url": "http://www.securityfocus.com/bid/73225"
          },
          {
            "trust": 1.8,
            "url": "http://rhn.redhat.com/errata/rhsa-2016-2957.html"
          },
          {
            "trust": 1.7,
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202366"
          },
          {
            "trust": 1.7,
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-march/152844.html"
          },
          {
            "trust": 1.7,
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-march/152733.html"
          },
          {
            "trust": 1.7,
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-march/152734.html"
          },
          {
            "trust": 1.7,
            "url": "http://www.debian.org/security/2015/dsa-3197"
          },
          {
            "trust": 1.7,
            "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00062.html"
          },
          {
            "trust": 1.7,
            "url": "https://www.freebsd.org/security/advisories/freebsd-sa-15%3a06.openssl.asc"
          },
          {
            "trust": 1.7,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00022.html"
          },
          {
            "trust": 1.7,
            "url": "http://www.securitytracker.com/id/1031929"
          },
          {
            "trust": 1.7,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
          },
          {
            "trust": 1.7,
            "url": "http://rhn.redhat.com/errata/rhsa-2015-0716.html"
          },
          {
            "trust": 1.7,
            "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:063"
          },
          {
            "trust": 1.7,
            "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:062"
          },
          {
            "trust": 1.7,
            "url": "http://rhn.redhat.com/errata/rhsa-2015-0752.html"
          },
          {
            "trust": 1.7,
            "url": "http://rhn.redhat.com/errata/rhsa-2015-0715.html"
          },
          {
            "trust": 1.7,
            "url": "http://marc.info/?l=bugtraq\u0026m=142841429220765\u0026w=2"
          },
          {
            "trust": 1.7,
            "url": "https://access.redhat.com/articles/1384453"
          },
          {
            "trust": 1.7,
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-may/156823.html"
          },
          {
            "trust": 1.7,
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-may/157177.html"
          },
          {
            "trust": 1.7,
            "url": "http://lists.apple.com/archives/security-announce/2015/jun/msg00002.html"
          },
          {
            "trust": 1.7,
            "url": "http://support.apple.com/kb/ht204942"
          },
          {
            "trust": 1.7,
            "url": "https://support.apple.com/ht205212"
          },
          {
            "trust": 1.7,
            "url": "http://lists.apple.com/archives/security-announce/2015/sep/msg00001.html"
          },
          {
            "trust": 1.7,
            "url": "https://support.apple.com/ht205267"
          },
          {
            "trust": 1.7,
            "url": "http://lists.apple.com/archives/security-announce/2015/sep/msg00008.html"
          },
          {
            "trust": 1.7,
            "url": "https://bto.bluecoat.com/security-advisory/sa92"
          },
          {
            "trust": 1.7,
            "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
          },
          {
            "trust": 1.7,
            "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
          },
          {
            "trust": 1.7,
            "url": "http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2"
          },
          {
            "trust": 1.7,
            "url": "http://marc.info/?l=bugtraq\u0026m=143213830203296\u0026w=2"
          },
          {
            "trust": 1.7,
            "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
          },
          {
            "trust": 1.7,
            "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
          },
          {
            "trust": 1.7,
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
          },
          {
            "trust": 1.7,
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
          },
          {
            "trust": 1.7,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
          },
          {
            "trust": 1.7,
            "url": "http://www.fortiguard.com/advisory/2015-03-24-openssl-vulnerabilities-march-2015"
          },
          {
            "trust": 1.7,
            "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10680"
          },
          {
            "trust": 1.7,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
          },
          {
            "trust": 1.7,
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10110"
          },
          {
            "trust": 1.7,
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          },
          {
            "trust": 1.7,
            "url": "http://www.securitytracker.com/id/1032917"
          },
          {
            "trust": 1.7,
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "trust": 1.7,
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          },
          {
            "trust": 1.1,
            "url": "https://git.openssl.org/?p=openssl.git%3ba=commit%3bh=c3c7fb07dc975dc3c9de0eddb7d8fd79fc9c67c1"
          },
          {
            "trust": 1.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0286"
          },
          {
            "trust": 0.9,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0209"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0288"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0287"
          },
          {
            "trust": 0.7,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0289"
          },
          {
            "trust": 0.6,
            "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=c3c7fb07dc975dc3c9de0eddb7d8fd79fc9c67c1"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0293"
          },
          {
            "trust": 0.3,
            "url": "http://openssl.org/"
          },
          {
            "trust": 0.3,
            "url": "https://www.alienvault.com/forums/discussion/4885/security-advisory-alienvault-v5-0-"
          },
          {
            "trust": 0.3,
            "url": "https://support.asperasoft.com/entries/93038317-security-bulletin-vulnerabilities-in-openssl"
          },
          {
            "trust": 0.3,
            "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04746490"
          },
          {
            "trust": 0.3,
            "url": "http://seclists.org/bugtraq/2015/apr/37"
          },
          {
            "trust": 0.3,
            "url": "http://seclists.org/bugtraq/2015/aug/137"
          },
          {
            "trust": 0.3,
            "url": "http://seclists.org/bugtraq/2015/aug/134"
          },
          {
            "trust": 0.3,
            "url": "http://seclists.org/bugtraq/2015/aug/136"
          },
          {
            "trust": 0.3,
            "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04679334"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005226"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005241"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005254"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21958089"
          },
          {
            "trust": 0.3,
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21961293"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962334"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966177"
          },
          {
            "trust": 0.3,
            "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098144"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020693"
          },
          {
            "trust": 0.3,
            "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory13.asc"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21958903"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963024"
          },
          {
            "trust": 0.3,
            "url": "https://www.openssl.org/news/vulnerabilities.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.pexip.com/sites/pexip/files/pexip_security_bulletin_2015-04-16.pdf"
          },
          {
            "trust": 0.3,
            "url": "https://networks.unify.com/security/advisories/obso-1512-01.pdf"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005341"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964676"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21701028"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963783"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963964"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005375"
          },
          {
            "trust": 0.3,
            "url": "www-01.ibm.com/support/docview.wss?uid=swg21701256"
          },
          {
            "trust": 0.3,
            "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10680\u0026cat=sirt_1\u0026actp=list"
          },
          {
            "trust": 0.3,
            "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21882710"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022183"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964164"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903799"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022382"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21701238"
          },
          {
            "trust": 0.3,
            "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099273"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902449"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902277"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21882644"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21701054"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21957922"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902544"
          },
          {
            "trust": 0.3,
            "url": "www-01.ibm.com/support/docview.wss?uid=swg21701086"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21702160"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903269"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022367"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883028"
          },
          {
            "trust": 0.3,
            "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098141"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902519"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020716"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022103"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902673"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883593"
          },
          {
            "trust": 0.3,
            "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099272"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700167"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005257"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903425"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21722409"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700411"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960212"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960210"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21701354"
          },
          {
            "trust": 0.3,
            "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21883249"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961179"
          },
          {
            "trust": 0.3,
            "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098564"
          },
          {
            "trust": 0.3,
            "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098563"
          },
          {
            "trust": 0.3,
            "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098568"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964410"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964686"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?rs=630\u0026uid=swg21970748"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960588"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960668"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903261"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694849"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903729"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21701326"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883221"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883222"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21713653"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21701334"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21882955"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0292"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0204"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2015-0286"
          },
          {
            "trust": 0.2,
            "url": "http://www.debian.org/security/"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3572"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0205"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3570"
          },
          {
            "trust": 0.2,
            "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3571"
          },
          {
            "trust": 0.2,
            "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8275"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3569"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0206"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0207"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0208"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0285"
          },
          {
            "trust": 0.2,
            "url": "https://support.apple.com/en-"
          },
          {
            "trust": 0.2,
            "url": "https://www.apple.com/support/security/pgp/"
          },
          {
            "trust": 0.2,
            "url": "http://gpgtools.org"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3523"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0273"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/17.html"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/live-hack-cve/cve-2015-0286"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://usn.ubuntu.com/2537-1/"
          },
          {
            "trust": 0.1,
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21"
          },
          {
            "trust": 0.1,
            "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=39581"
          },
          {
            "trust": 0.1,
            "url": "http://www.debian.org/security/faq"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5432"
          },
          {
            "trust": 0.1,
            "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5433"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0290"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0291"
          },
          {
            "trust": 0.1,
            "url": "https://www.openssl.org/about/releasestrat.html),"
          },
          {
            "trust": 0.1,
            "url": "https://www.openssl.org/about/secpolicy.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1787"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5800"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5765"
          },
          {
            "trust": 0.1,
            "url": "https://www.apple.com/itunes/"
          },
          {
            "trust": 0.1,
            "url": "https://support.apple.com/kb/ht201222"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5802"
          },
          {
            "trust": 0.1,
            "url": "https://www.knownsec.com"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5795"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5788"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5799"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8146"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5797"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5794"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1129"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5791"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-3951"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5522"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5789"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1205"
          },
          {
            "trust": 0.1,
            "url": "https://www.safeye.org)"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5793"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5764"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8611"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5523"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5801"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5796"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5790"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3801"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5792"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5767"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5748"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0118"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8142"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0226"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0231"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9653"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9705"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0232"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9427"
          },
          {
            "trust": 0.1,
            "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0231"
          },
          {
            "trust": 0.1,
            "url": "http://www.hp.com/go/smh"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9652"
          },
          {
            "trust": 0.1,
            "url": "https://security.freebsd.org/patches/sa-15:06/openssl-1.0.1.patch.asc"
          },
          {
            "trust": 0.1,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0293\u003e"
          },
          {
            "trust": 0.1,
            "url": "https://security.freebsd.org/patches/sa-15:06/openssl-0.9.8.patch"
          },
          {
            "trust": 0.1,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0287\u003e"
          },
          {
            "trust": 0.1,
            "url": "https://svnweb.freebsd.org/base?view=revision\u0026revision=nnnnnn\u003e"
          },
          {
            "trust": 0.1,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0289\u003e"
          },
          {
            "trust": 0.1,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0286\u003e"
          },
          {
            "trust": 0.1,
            "url": "https://security.freebsd.org/\u003e."
          },
          {
            "trust": 0.1,
            "url": "https://security.freebsd.org/advisories/freebsd-sa-15:06.openssl.asc\u003e"
          },
          {
            "trust": 0.1,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0209\u003e"
          },
          {
            "trust": 0.1,
            "url": "https://www.freebsd.org/handbook/makeworld.html\u003e."
          },
          {
            "trust": 0.1,
            "url": "https://security.freebsd.org/patches/sa-15:06/openssl-1.0.1.patch"
          },
          {
            "trust": 0.1,
            "url": "https://www.openssl.org/news/secadv_20150319.txt\u003e"
          },
          {
            "trust": 0.1,
            "url": "https://security.freebsd.org/patches/sa-15:06/openssl-0.9.8.patch.asc"
          },
          {
            "trust": 0.1,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0288\u003e"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0289"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0209"
          },
          {
            "trust": 0.1,
            "url": "http://slackware.com"
          },
          {
            "trust": 0.1,
            "url": "http://osuosl.org)"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0288"
          },
          {
            "trust": 0.1,
            "url": "http://slackware.com/gpg-key"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0287"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0293"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0286"
          },
          {
            "trust": 0.1,
            "url": "https://issues.jboss.org/):"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2107"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2106"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-0705"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2015-3196"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-4448"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3216"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-2106"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-0702"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0797"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2014-8176"
          },
          {
            "trust": 0.1,
            "url": "https://bugzilla.redhat.com/):"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-6808"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1835"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en/red-hat-jboss-core-services-apache-http-server/version-2.4.23/apache-http-server-2423-release-notes/"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-3705"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-1838"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-2107"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0799"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3196"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-1839"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-2177"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/team/contact/"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-4483"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2014-3523"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-2842"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-8612"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1148"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1840"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-0797"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3185"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2109"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1836"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0705"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2015-3185"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2015-3194"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-1833"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.apachehttp\u0026downloadtype=distributions\u0026version=2.4.23"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-2105"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8176"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-1840"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-1836"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-1762"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-1835"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-4449"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1762"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-5420"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-2178"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3194"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-2108"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-3627"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2012-1148"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-1837"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-2109"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-1834"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3195"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/updates/classification/#important"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1837"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1839"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-5419"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-4459"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2108"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2015-0209"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2015-3195"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0702"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2015-3216"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1838"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1833"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2105"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1834"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-4447"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-7141"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-0799"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/openssl/0.9.8k-7ubuntu8.27"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.11"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.25"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu9.4"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3673"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8141"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8140"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0235"
          },
          {
            "trust": 0.1,
            "url": "http://support.apple.com/kb/ht1222"
          },
          {
            "trust": 0.1,
            "url": "https://support.apple.com/en-us/ht204938"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3672"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8127"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3661"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3671"
          },
          {
            "trust": 0.1,
            "url": "http://www.apple.com/support/downloads/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1741"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8128"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8130"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8139"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3662"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8129"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1157"
          },
          {
            "trust": 0.1,
            "url": "https://support.apple.com/en-us/ht204950"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3663"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3668"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1799"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3666"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1798"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3667"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2015-0286"
          },
          {
            "db": "BID",
            "id": "73225"
          },
          {
            "db": "PACKETSTORM",
            "id": "130912"
          },
          {
            "db": "PACKETSTORM",
            "id": "133317"
          },
          {
            "db": "PACKETSTORM",
            "id": "130933"
          },
          {
            "db": "PACKETSTORM",
            "id": "133616"
          },
          {
            "db": "PACKETSTORM",
            "id": "132763"
          },
          {
            "db": "PACKETSTORM",
            "id": "130932"
          },
          {
            "db": "PACKETSTORM",
            "id": "131585"
          },
          {
            "db": "PACKETSTORM",
            "id": "140182"
          },
          {
            "db": "PACKETSTORM",
            "id": "130914"
          },
          {
            "db": "PACKETSTORM",
            "id": "132518"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201503-398"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-0286"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "VULMON",
            "id": "CVE-2015-0286",
            "ident": null
          },
          {
            "db": "BID",
            "id": "73225",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "130912",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "133317",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "130933",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "133616",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "132763",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "130932",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "131585",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "140182",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "130914",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "132518",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201503-398",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2015-0286",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2015-03-19T00:00:00",
            "db": "VULMON",
            "id": "CVE-2015-0286",
            "ident": null
          },
          {
            "date": "2015-03-19T00:00:00",
            "db": "BID",
            "id": "73225",
            "ident": null
          },
          {
            "date": "2015-03-20T04:42:01",
            "db": "PACKETSTORM",
            "id": "130912",
            "ident": null
          },
          {
            "date": "2015-08-26T01:33:18",
            "db": "PACKETSTORM",
            "id": "133317",
            "ident": null
          },
          {
            "date": "2015-03-20T05:46:26",
            "db": "PACKETSTORM",
            "id": "130933",
            "ident": null
          },
          {
            "date": "2015-09-19T15:18:18",
            "db": "PACKETSTORM",
            "id": "133616",
            "ident": null
          },
          {
            "date": "2015-07-21T13:37:51",
            "db": "PACKETSTORM",
            "id": "132763",
            "ident": null
          },
          {
            "date": "2015-03-20T05:41:10",
            "db": "PACKETSTORM",
            "id": "130932",
            "ident": null
          },
          {
            "date": "2015-04-22T20:14:53",
            "db": "PACKETSTORM",
            "id": "131585",
            "ident": null
          },
          {
            "date": "2016-12-16T16:34:49",
            "db": "PACKETSTORM",
            "id": "140182",
            "ident": null
          },
          {
            "date": "2015-03-20T04:43:46",
            "db": "PACKETSTORM",
            "id": "130914",
            "ident": null
          },
          {
            "date": "2015-07-01T05:31:53",
            "db": "PACKETSTORM",
            "id": "132518",
            "ident": null
          },
          {
            "date": "2015-03-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201503-398",
            "ident": null
          },
          {
            "date": "2015-03-19T22:59:04.677000",
            "db": "NVD",
            "id": "CVE-2015-0286",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2023-11-07T00:00:00",
            "db": "VULMON",
            "id": "CVE-2015-0286",
            "ident": null
          },
          {
            "date": "2017-05-02T03:08:00",
            "db": "BID",
            "id": "73225",
            "ident": null
          },
          {
            "date": "2022-12-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201503-398",
            "ident": null
          },
          {
            "date": "2025-04-12T10:46:40.837000",
            "db": "NVD",
            "id": "CVE-2015-0286",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "130914"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201503-398"
          }
        ],
        "trust": 0.7
      },
      "title": {
        "_id": null,
        "data": "OpenSSL \u2018 ASN1_TYPE_cmp \u0027Function security vulnerability",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201503-398"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "_id": null,
        "data": "code problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201503-398"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201512-0483

    Vulnerability from variot - Updated: 2026-03-09 22:42

    crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parameter. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. OpenSSL is prone to denial-of-service vulnerability. An attacker may exploit this issue to crash the affected application; denying service to legitimate users.

    NOTE: WE ANTICIPATE THAT 1.0.0t AND 0.9.8zh WILL BE THE LAST RELEASES FOR THE 0.9.8 AND 1.0.0 VERSIONS AND THAT NO MORE SECURITY FIXES WILL BE PROVIDED (AS PER PREVIOUS ANNOUNCEMENTS). USERS ARE ADVISED TO UPGRADE TO LATER VERSIONS.

    BN_mod_exp may produce incorrect results on x86_64 (CVE-2015-3193)

    Severity: Moderate

    There is a carry propagating bug in the x86_64 Montgomery squaring procedure. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites.

    This issue affects OpenSSL version 1.0.2.

    OpenSSL 1.0.2 users should upgrade to 1.0.2e

    This issue was reported to OpenSSL on August 13 2015 by Hanno Böck. The fix was developed by Andy Polyakov of the OpenSSL development team. Since these routines are used to verify certificate signature algorithms this can be used to crash any certificate verification operation and exploited in a DoS attack.

    This issue affects OpenSSL versions 1.0.2 and 1.0.1.

    OpenSSL 1.0.2 users should upgrade to 1.0.2e OpenSSL 1.0.1 users should upgrade to 1.0.1q

    This issue was reported to OpenSSL on August 27 2015 by Loïc Jonas Etienne (Qnective AG). The fix was developed by Dr. Stephen Henson of the OpenSSL development team. This structure is used by the PKCS#7 and CMS routines so any application which reads PKCS#7 or CMS data from untrusted sources is affected. SSL/TLS is not affected.

    This issue affects OpenSSL versions 1.0.2 and 1.0.1, 1.0.0 and 0.9.8.

    OpenSSL 1.0.2 users should upgrade to 1.0.2e OpenSSL 1.0.1 users should upgrade to 1.0.1q OpenSSL 1.0.0 users should upgrade to 1.0.0t OpenSSL 0.9.8 users should upgrade to 0.9.8zh

    This issue was reported to OpenSSL on November 9 2015 by Adam Langley (Google/BoringSSL) using libFuzzer. The fix was developed by Dr. Stephen Henson of the OpenSSL development team.

    Race condition handling PSK identify hint (CVE-2015-3196)

    Severity: Low

    If PSK identity hints are received by a multi-threaded client then the values are wrongly updated in the parent SSL_CTX structure.

    This issue was fixed in OpenSSL 1.0.2d and 1.0.1p but has not been previously listed in an OpenSSL security advisory. This issue also affects OpenSSL 1.0.0 and has not been previously fixed in an OpenSSL 1.0.0 release.

    The fix was developed by Dr. Stephen Henson of the OpenSSL development team.

    Anon DH ServerKeyExchange with 0 p parameter (CVE-2015-1794)

    Severity: Low

    If a client receives a ServerKeyExchange for an anonymous DH ciphersuite with the value of p set to 0 then a seg fault can occur leading to a possible denial of service attack.

    This issue affects OpenSSL version 1.0.2.

    OpenSSL 1.0.2 users should upgrade to 1.0.2e

    This issue was reported to OpenSSL on August 3 2015 by Guy Leaver (Cisco). The fix was developed by Matt Caswell of the OpenSSL development team.

    Note

    As per our previous announcements and our Release Strategy (https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions 1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these versions will be provided after that date. In the absence of significant security issues being identified prior to that date, the 1.0.0t and 0.9.8zh releases will be the last for those versions. Users of these versions are advised to upgrade.

    References

    URL for this Security Advisory: https://www.openssl.org/news/secadv/20151203.txt

    Note: the online version of the advisory may be updated with additional details over time.

    For details of OpenSSL severity classifications please see: https://www.openssl.org/about/secpolicy.html

    .

    References:

    CVE-2016-0800 CVE-2016-0799 CVE-2016-2842 CVE-2015-1789 CVE-2015-1791 CVE-2015-3194 CVE-2015-0705 CVE-2015-5600 CVE-2014-3566 CVE-2008-5161 SSRT102281

    SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. The following firmware versions of Virtual Connect (VC) are impacted:

    HPE BladeSystem c-Class Virtual Connect (VC) Firmware 4.30 through VC 4.45 HPE BladeSystem c-Class Virtual Connect (VC) Firmware 3.62 through VC 4.21

    Note: Firmware versions 3.62 through 4.21 are not impacted by CVE-2016-0800, CVE-2015-3194, CVE-2014-3566, CVE-2015-0705, CVE-2016-0799, and CVE-2016-2842. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05398322

    SUPPORT COMMUNICATION - SECURITY BULLETIN

    Document ID: c05398322 Version: 1

    HPESBHF03709 rev.1 - HPE Network products including Comware, IMC, and VCX running OpenSSL, Remote Denial of Service (DoS), Disclosure of Sensitive Information

    NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

    Release Date: 2017-02-21 Last Updated: 2017-02-21

    Potential Security Impact: Remote: Denial of Service (DoS), Disclosure of Sensitive Information

    Source: Hewlett Packard Enterprise, Product Security Response Team

    VULNERABILITY SUMMARY Potential security vulnerabilities with OpenSSL have been addressed for HPE Network products including Comware 5, Comware 7, IMC, and VCX. The vulnerabilities could be remotely exploited resulting in Denial of Service (DoS) or disclosure of sensitive information.

    References:

    • CVE-2015-1794 - Remote Denial of Service (DoS)
    • CVE-2015-3193 - Remote disclosure of sensitive information
    • CVE-2015-3194 - Remote Denial of Service (DoS)
    • CVE-2015-3195 - Remote disclosure of sensitive information
    • CVE-2015-3196 - Remote Denial of Service (DoS)

    SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.

    • Comware 5 (CW5) Products All versions - Please refer to the RESOLUTION below for a list of updated products.
    • Comware 7 (CW7) Products All versions - Please refer to the RESOLUTION below for a list of updated products.
    • HPE Intelligent Management Center (iMC) All versions - Please refer to the RESOLUTION below for a list of updated products.
    • VCX Products All versions - Please refer to the RESOLUTION below for a list of updated products.

    BACKGROUND

    CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector

    CVE-2015-1794
      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
      5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
    
    CVE-2015-3193
      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
      5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
    
    CVE-2015-3194
      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
      5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
    
    CVE-2015-3195
      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
      5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
    
    CVE-2015-3196
      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
      4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
    
    Information on CVSS is documented in
    HPE Customer Notice HPSN-2008-002 here:
    

    https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499

    RESOLUTION

    HPE has made the following software updates to resolve the vulnerabilities in the Comware, IMC and VCX products running OpenSSL.

    COMWARE 5 Products

    • A6600 (Comware 5) - Version: R3303P28
      • HP Network Products
      • JC165A HP 6600 RPE-X1 Router Module
      • JC177A HP 6608 Router
      • JC177B HP 6608 Router Chassis
      • JC178A HP 6604 Router Chassis
      • JC178B HP 6604 Router Chassis
      • JC496A HP 6616 Router Chassis
      • JC566A HP 6600 RSE-X1 Router Main Processing Unit
      • JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit
      • JG781A HP 6600 RPE-X1 TAA-compliant Main Processing Unit
    • HSR6602 (Comware 5) - Version: R3303P28
      • HP Network Products
      • JC176A HP 6602 Router Chassis
      • JG353A HP HSR6602-G Router
      • JG354A HP HSR6602-XG Router
      • JG355A HP 6600 MCP-X1 Router Main Processing Unit
      • JG356A HP 6600 MCP-X2 Router Main Processing Unit
      • JG776A HP HSR6602-G TAA-compliant Router
      • JG777A HP HSR6602-XG TAA-compliant Router
      • JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit
    • HSR6800 (Comware 5) - Version: R3303P28
      • HP Network Products
      • JG361A HP HSR6802 Router Chassis
      • JG361B HP HSR6802 Router Chassis
      • JG362A HP HSR6804 Router Chassis
      • JG362B HP HSR6804 Router Chassis
      • JG363A HP HSR6808 Router Chassis
      • JG363B HP HSR6808 Router Chassis
      • JG364A HP HSR6800 RSE-X2 Router Main Processing Unit
      • JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit
    • MSR20 (Comware 5) - Version: R2516
      • HP Network Products
      • JD432A HP A-MSR20-21 Router
      • JD662A HP MSR20-20 Router
      • JD663A HP A-MSR20-21 Router
      • JD663B HP MSR20-21 Router
      • JD664A HP MSR20-40 Router
      • JF228A HP MSR20-40 Router
      • JF283A HP MSR20-20 Router
    • MSR20-1X (Comware 5) - Version: R2516
      • HP Network Products
      • JD431A HP MSR20-10 Router
      • JD667A HP MSR20-15 IW Multi-Service Router
      • JD668A HP MSR20-13 Multi-Service Router
      • JD669A HP MSR20-13 W Multi-Service Router
      • JD670A HP MSR20-15 A Multi-Service Router
      • JD671A HP MSR20-15 AW Multi-Service Router
      • JD672A HP MSR20-15 I Multi-Service Router
      • JD673A HP MSR20-11 Multi-Service Router
      • JD674A HP MSR20-12 Multi-Service Router
      • JD675A HP MSR20-12 W Multi-Service Router
      • JD676A HP MSR20-12 T1 Multi-Service Router
      • JF236A HP MSR20-15-I Router
      • JF237A HP MSR20-15-A Router
      • JF238A HP MSR20-15-I-W Router
      • JF239A HP MSR20-11 Router
      • JF240A HP MSR20-13 Router
      • JF241A HP MSR20-12 Router
      • JF806A HP MSR20-12-T Router
      • JF807A HP MSR20-12-W Router
      • JF808A HP MSR20-13-W Router
      • JF809A HP MSR20-15-A-W Router
      • JF817A HP MSR20-15 Router
      • JG209A HP MSR20-12-T-W Router (NA)
      • JG210A HP MSR20-13-W Router (NA)
    • MSR 30 (Comware 5) - Version: R2516
      • HP Network Products
      • JD654A HP MSR30-60 POE Multi-Service Router
      • JD657A HP MSR30-40 Multi-Service Router
      • JD658A HP MSR30-60 Multi-Service Router
      • JD660A HP MSR30-20 POE Multi-Service Router
      • JD661A HP MSR30-40 POE Multi-Service Router
      • JD666A HP MSR30-20 Multi-Service Router
      • JF229A HP MSR30-40 Router
      • JF230A HP MSR30-60 Router
      • JF232A HP RTMSR3040-AC-OVSAS-H3
      • JF235A HP MSR30-20 DC Router
      • JF284A HP MSR30-20 Router
      • JF287A HP MSR30-40 DC Router
      • JF801A HP MSR30-60 DC Router
      • JF802A HP MSR30-20 PoE Router
      • JF803A HP MSR30-40 PoE Router
      • JF804A HP MSR30-60 PoE Router
      • JG728A HP MSR30-20 TAA-compliant DC Router
      • JG729A HP MSR30-20 TAA-compliant Router
    • MSR 30-16 (Comware 5) - Version: R2516
      • HP Network Products
      • JD659A HP MSR30-16 POE Multi-Service Router
      • JD665A HP MSR30-16 Multi-Service Router
      • JF233A HP MSR30-16 Router
      • JF234A HP MSR30-16 PoE Router
    • MSR 30-1X (Comware 5) - Version: R2516
      • HP Network Products
      • JF800A HP MSR30-11 Router
      • JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr
      • JG182A HP MSR30-11E Router
      • JG183A HP MSR30-11F Router
      • JG184A HP MSR30-10 DC Router
    • MSR 50 (Comware 5) - Version: R2516
      • HP Network Products
      • JD433A HP MSR50-40 Router
      • JD653A HP MSR50 Processor Module
      • JD655A HP MSR50-40 Multi-Service Router
      • JD656A HP MSR50-60 Multi-Service Router
      • JF231A HP MSR50-60 Router
      • JF285A HP MSR50-40 DC Router
      • JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply
    • MSR 50-G2 (Comware 5) - Version: R2516
      • HP Network Products
      • JD429A HP MSR50 G2 Processor Module
      • JD429B HP MSR50 G2 Processor Module
    • MSR 9XX (Comware 5) - Version: R2516
      • HP Network Products
      • JF812A HP MSR900 Router
      • JF813A HP MSR920 Router
      • JF814A HP MSR900-W Router
      • JF815A HP MSR920 2FEWAN/8FELAN/.11 b/g Rtr
      • JG207A HP MSR900-W Router (NA)
      • JG208A HP MSR920-W Router (NA)
    • MSR 93X (Comware 5) - Version: R2516
      • HP Network Products
      • JG511A HP MSR930 Router
      • JG511B HP MSR930 Router
      • JG512A HP MSR930 Wireless Router
      • JG513A HP MSR930 3G Router
      • JG513B HP MSR930 3G Router
      • JG514A HP MSR931 Router
      • JG514B HP MSR931 Router
      • JG515A HP MSR931 3G Router
      • JG516A HP MSR933 Router
      • JG517A HP MSR933 3G Router
      • JG518A HP MSR935 Router
      • JG518B HP MSR935 Router
      • JG519A HP MSR935 Wireless Router
      • JG520A HP MSR935 3G Router
      • JG531A HP MSR931 Dual 3G Router
      • JG531B HP MSR931 Dual 3G Router
      • JG596A HP MSR930 4G LTE/3G CDMA Router
      • JG597A HP MSR936 Wireless Router
      • JG665A HP MSR930 4G LTE/3G WCDMA Global Router
      • JG704A HP MSR930 4G LTE/3G WCDMA ATT Router
      • JH009A HP MSR931 Serial (TI) Router
      • JH010A HP MSR933 G.SHDSL (TI) Router
      • JH011A HP MSR935 ADSL2+ (TI) Router
      • JH012A HP MSR930 Wireless 802.11n (NA) Router
      • JH012B HP MSR930 Wireless 802.11n (NA) Router
      • JH013A HP MSR935 Wireless 802.11n (NA) Router
    • MSR1000 (Comware 5) - Version: See Mitigation
      • HP Network Products
      • JG732A HP MSR1003-8 AC Router
    • 12500 (Comware 5) - Version: R1829P02
      • HP Network Products
      • JC072B HP 12500 Main Processing Unit
      • JC085A HP A12518 Switch Chassis
      • JC086A HP A12508 Switch Chassis
      • JC652A HP 12508 DC Switch Chassis
      • JC653A HP 12518 DC Switch Chassis
      • JC654A HP 12504 AC Switch Chassis
      • JC655A HP 12504 DC Switch Chassis
      • JC808A HP 12500 TAA Main Processing Unit
      • JF430A HP A12518 Switch Chassis
      • JF430B HP 12518 Switch Chassis
      • JF430C HP 12518 AC Switch Chassis
      • JF431A HP A12508 Switch Chassis
      • JF431B HP 12508 Switch Chassis
      • JF431C HP 12508 AC Switch Chassis
    • 9500E (Comware 5) - Version: R1829P02
      • HP Network Products
      • JC124A HP A9508 Switch Chassis
      • JC124B HP 9505 Switch Chassis
      • JC125A HP A9512 Switch Chassis
      • JC125B HP 9512 Switch Chassis
      • JC474A HP A9508-V Switch Chassis
      • JC474B HP 9508-V Switch Chassis
    • 10500 (Comware 5) - Version: R1210P02
      • HP Network Products
      • JC611A HP 10508-V Switch Chassis
      • JC612A HP 10508 Switch Chassis
      • JC613A HP 10504 Switch Chassis
      • JC614A HP 10500 Main Processing Unit
      • JC748A HP 10512 Switch Chassis
      • JG375A HP 10500 TAA-compliant Main Processing Unit
      • JG820A HP 10504 TAA-compliant Switch Chassis
      • JG821A HP 10508 TAA-compliant Switch Chassis
      • JG822A HP 10508-V TAA-compliant Switch Chassis
      • JG823A HP 10512 TAA-compliant Switch Chassis
    • 7500 (Comware 5) - Version: R6710P02
      • HP Network Products
      • JC666A HP 7503-S 144Gbps Fabric/MPU with PoE Upgradable 20-port Gig-T/4-port GbE Combo
      • JC697A HP 7502 TAA-compliant Main Processing Unit
      • JC698A HP 7503-S 144Gbps TAA Fabric / MPU with 16 GbE SFP Ports and 8 GbE Combo Ports
      • JC699A HP 7500 384Gbps TAA-compliant Fabric / MPU with 2 10GbE XFP Ports
      • JC700A HP 7500 384Gbps TAA-compliant Fabric / Main Processing Unit
      • JC701A HP 7500 768Gbps TAA-compliant Fabric / Main Processing Unit
      • JD193A HP 7500 384Gbps Fabric Module with 2 XFP Ports
      • JD193B HP 7500 384Gbps Fabric Module with 2 XFP Ports
      • JD194A HP 7500 384Gbps Fabric Module
      • JD194B HP 7500 384Gbps Fabric Module
      • JD195A HP 7500 384Gbps Advanced Fabric Module
      • JD196A HP 7502 Fabric Module
      • JD220A HP 7500 768Gbps Fabric Module
      • JD224A HP 7500 384Gbps Fabric Module with 12 SFP Ports
      • JD238A HP 7510 Switch Chassis
      • JD238B HP 7510 Switch Chassis
      • JD239A HP 7506 Switch Chassis
      • JD239B HP 7506 Switch Chassis
      • JD240A HP 7503 Switch Chassis
      • JD240B HP 7503 Switch Chassis
      • JD241A HP 7506-V Switch Chassis
      • JD241B HP 7506-V Switch Chassis
      • JD242A HP 7502 Switch Chassis
      • JD242B HP 7502 Switch Chassis
      • JD243A HP 7503-S Switch Chassis with 1 Fabric Slot
      • JD243B HP 7503-S Switch Chassis with 1 Fabric Slot
      • JE164A HP E7902 Switch Chassis
      • JE165A HP E7903 Switch Chassis
      • JE166A HP E7903 1 Fabric Slot Switch Chassis
      • JE167A HP E7906 Switch Chassis
      • JE168A HP E7906 Vertical Switch Chassis
      • JE169A HP E7910 Switch Chassis
    • 6125G/XG Blade Switch - Version: R2112P05
      • HP Network Products
      • 737220-B21 HP 6125G Blade Switch with TAA
      • 737226-B21 HP 6125G/XG Blade Switch with TAA
      • 658250-B21 HP 6125G/XG Blade Switch Opt Kit
      • 658247-B21 HP 6125G Blade Switch Opt Kit
    • 5830 (Comware 5) - Version: R1118P13
      • HP Network Products
      • JC691A HP 5830AF-48G Switch with 1 Interface Slot
      • JC694A HP 5830AF-96G Switch
      • JG316A HP 5830AF-48G TAA-compliant Switch w/1 Interface Slot
      • JG374A HP 5830AF-96G TAA-compliant Switch
    • 5800 (Comware 5) - Version: R1810P03
      • HP Network Products
      • JC099A HP 5800-24G-PoE Switch
      • JC099B HP 5800-24G-PoE+ Switch
      • JC100A HP 5800-24G Switch
      • JC100B HP 5800-24G Switch
      • JC101A HP 5800-48G Switch with 2 Slots
      • JC101B HP 5800-48G-PoE+ Switch with 2 Interface Slots
      • JC103A HP 5800-24G-SFP Switch
      • JC103B HP 5800-24G-SFP Switch with 1 Interface Slot
      • JC104A HP 5800-48G-PoE Switch
      • JC104B HP 5800-48G-PoE+ Switch with 1 Interface Slot
      • JC105A HP 5800-48G Switch
      • JC105B HP 5800-48G Switch with 1 Interface Slot
      • JG254A HP 5800-24G-PoE+ TAA-compliant Switch
      • JG254B HP 5800-24G-PoE+ TAA-compliant Switch
      • JG255A HP 5800-24G TAA-compliant Switch
      • JG255B HP 5800-24G TAA-compliant Switch
      • JG256A HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot
      • JG256B HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot
      • JG257A HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot
      • JG257B HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot
      • JG258A HP 5800-48G TAA-compliant Switch with 1 Interface Slot
      • JG258B HP 5800-48G TAA-compliant Switch with 1 Interface Slot
      • JG225A HP 5800AF-48G Switch
      • JG225B HP 5800AF-48G Switch
      • JG242A HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface Slots
      • JG242B HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface
      • JG243A HP 5820-24XG-SFP+ TAA-compliant Switch
      • JG243B HP 5820-24XG-SFP+ TAA-compliant Switch
      • JG259A HP 5820X-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots & 1 OAA Slot
      • JG259B HP 5820-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots and 1 OAA Slot
      • JC106A HP 5820-14XG-SFP+ Switch with 2 Slots
      • JC106B HP 5820-14XG-SFP+ Switch with 2 Interface Slots & 1 OAA Slot
      • JG219A HP 5820AF-24XG Switch
      • JG219B HP 5820AF-24XG Switch
      • JC102A HP 5820-24XG-SFP+ Switch
      • JC102B HP 5820-24XG-SFP+ Switch
    • 5500 HI (Comware 5) - Version: R5501P21
      • HP Network Products
      • JG311A HP 5500-24G-4SFP HI Switch with 2 Interface Slots
      • JG312A HP 5500-48G-4SFP HI Switch with 2 Interface Slots
      • JG541A HP 5500-24G-PoE+-4SFP HI Switch with 2 Interface Slots
      • JG542A HP 5500-48G-PoE+-4SFP HI Switch with 2 Interface Slots
      • JG543A HP 5500-24G-SFP HI Switch with 2 Interface Slots
      • JG679A HP 5500-24G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface Slots
      • JG680A HP 5500-48G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface Slots
      • JG681A HP 5500-24G-SFP HI TAA-compliant Switch with 2 Interface Slots
    • 5500 EI (Comware 5) - Version: R2221P22
      • HP Network Products
      • JD373A HP 5500-24G DC EI Switch
      • JD374A HP 5500-24G-SFP EI Switch
      • JD375A HP 5500-48G EI Switch
      • JD376A HP 5500-48G-PoE EI Switch
      • JD377A HP 5500-24G EI Switch
      • JD378A HP 5500-24G-PoE EI Switch
      • JD379A HP 5500-24G-SFP DC EI Switch
      • JG240A HP 5500-48G-PoE+ EI Switch with 2 Interface Slots
      • JG241A HP 5500-24G-PoE+ EI Switch with 2 Interface Slots
      • JG249A HP 5500-24G-SFP EI TAA-compliant Switch with 2 Interface
      • JG250A HP 5500-24G EI TAA-compliant Switch with 2 Interface Slots
      • JG251A HP 5500-48G EI TAA-compliant Switch with 2 Interface Slots
      • JG252A HP 5500-24G-PoE+ EI TAA-compliant Switch with 2 Interface Slots
      • JG253A HP 5500-48G-PoE+ EI TAA-compliant Switch with 2 Interface Slots
    • 4800G (Comware 5) - Version: R2221P22
      • HP Network Products
      • JD007A HP 4800-24G Switch
      • JD008A HP 4800-24G-PoE Switch
      • JD009A HP 4800-24G-SFP Switch
      • JD010A HP 4800-48G Switch
      • JD011A HP 4800-48G-PoE Switch
    • 5500SI (Comware 5) - Version: R2221P22
      • HP Network Products
      • JD369A HP 5500-24G SI Switch
      • JD370A HP 5500-48G SI Switch
      • JD371A HP 5500-24G-PoE SI Switch
      • JD372A HP 5500-48G-PoE SI Switch
      • JG238A HP 5500-24G-PoE+ SI Switch with 2 Interface Slots
      • JG239A HP 5500-48G-PoE+ SI Switch with 2 Interface Slots
    • 4500G (Comware 5) - Version: R2221P22
      • HP Network Products
      • JF428A HP 4510-48G Switch
      • JF847A HP 4510-24G Switch
    • 5120 EI (Comware 5) - Version: R2221P22
      • HP Network Products
      • JE066A HP 5120-24G EI Switch
      • JE067A HP 5120-48G EI Switch
      • JE068A HP 5120-24G EI Switch with 2 Interface Slots
      • JE069A HP 5120-48G EI Switch with 2 Interface Slots
      • JE070A HP 5120-24G-PoE EI 2-slot Switch
      • JE071A HP 5120-48G-PoE EI 2-slot Switch
      • JG236A HP 5120-24G-PoE+ EI Switch with 2 Interface Slots
      • JG237A HP 5120-48G-PoE+ EI Switch with 2 Interface Slots
      • JG245A HP 5120-24G EI TAA-compliant Switch with 2 Interface Slots
      • JG246A HP 5120-48G EI TAA-compliant Switch with 2 Interface Slots
      • JG247A HP 5120-24G-PoE+ EI TAA-compliant Switch with 2 Slots
      • JG248A HP 5120-48G-PoE+ EI TAA-compliant Switch with 2 Slots
    • 4210G (Comware 5) - Version: R2221P22
      • HP Network Products
      • JF844A HP 4210-24G Switch
      • JF845A HP 4210-48G Switch
      • JF846A HP 4210-24G-PoE Switch
    • 5120 SI (Comware 5) - Version: R1517
      • HP Network Products
      • JE072A HP 5120-48G SI Switch
      • JE072B HPE 5120 48G SI Switch
      • JE073A HP 5120-16G SI Switch
      • JE073B HPE 5120 16G SI Switch
      • JE074A HP 5120-24G SI Switch
      • JE074B HPE 5120 24G SI Switch
      • JG091A HP 5120-24G-PoE+ (370W) SI Switch
      • JG091B HPE 5120 24G PoE+ (370W) SI Switch
      • JG092A HP 5120-24G-PoE+ (170W) SI Switch
      • JG309B HPE 5120 8G PoE+ (180W) SI Switch
      • JG310B HPE 5120 8G PoE+ (65W) SI Switch
    • 3610 (Comware 5) - Version: R5319P15
      • HP Network Products
      • JD335A HP 3610-48 Switch
      • JD336A HP 3610-24-4G-SFP Switch
      • JD337A HP 3610-24-2G-2G-SFP Switch
      • JD338A HP 3610-24-SFP Switch
    • 3600V2 (Comware 5) - Version: R2111P01
      • HP Network Products
      • JG299A HP 3600-24 v2 EI Switch
      • JG299B HP 3600-24 v2 EI Switch
      • JG300A HP 3600-48 v2 EI Switch
      • JG300B HP 3600-48 v2 EI Switch
      • JG301A HP 3600-24-PoE+ v2 EI Switch
      • JG301B HP 3600-24-PoE+ v2 EI Switch
      • JG301C HP 3600-24-PoE+ v2 EI Switch
      • JG302A HP 3600-48-PoE+ v2 EI Switch
      • JG302B HP 3600-48-PoE+ v2 EI Switch
      • JG302C HP 3600-48-PoE+ v2 EI Switch
      • JG303A HP 3600-24-SFP v2 EI Switch
      • JG303B HP 3600-24-SFP v2 EI Switch
      • JG304A HP 3600-24 v2 SI Switch
      • JG304B HP 3600-24 v2 SI Switch
      • JG305A HP 3600-48 v2 SI Switch
      • JG305B HP 3600-48 v2 SI Switch
      • JG306A HP 3600-24-PoE+ v2 SI Switch
      • JG306B HP 3600-24-PoE+ v2 SI Switch
      • JG306C HP 3600-24-PoE+ v2 SI Switch
      • JG307A HP 3600-48-PoE+ v2 SI Switch
      • JG307B HP 3600-48-PoE+ v2 SI Switch
      • JG307C HP 3600-48-PoE+ v2 SI Switch
    • 3100V2 (Comware 5) - Version: R5213P01
      • HP Network Products
      • JD313B HPE 3100 24 PoE v2 EI Switch
      • JD318B HPE 3100 8 v2 EI Switch
      • JD319B HPE 3100 16 v2 EI Switch
      • JD320B HPE 3100 24 v2 EI Switch
      • JG221A HPE 3100 8 v2 SI Switch
      • JG222A HPE 3100 16 v2 SI Switch
      • JG223A HPE 3100 24 v2 SI Switch
    • HP870 (Comware 5) - Version: R2607P51
      • HP Network Products
      • JG723A HP 870 Unified Wired-WLAN Appliance
      • JG725A HP 870 Unified Wired-WLAN TAA-compliant Appliance
    • HP850 (Comware 5) - Version: R2607P51
      • HP Network Products
      • JG722A HP 850 Unified Wired-WLAN Appliance
      • JG724A HP 850 Unified Wired-WLAN TAA-compliant Appliance
    • HP830 (Comware 5) - Version: R3507P51
      • HP Network Products
      • JG640A HP 830 24-Port PoE+ Unified Wired-WLAN Switch
      • JG641A HP 830 8-port PoE+ Unified Wired-WLAN Switch
      • JG646A HP 830 24-Port PoE+ Unified Wired-WLAN TAA-compliant Switch
      • JG647A HP 830 8-Port PoE+ Unified Wired-WLAN TAA-compliant
    • HP6000 (Comware 5) - Version: R2507P44
      • HP Network Products
      • JG639A HP 10500/7500 20G Unified Wired-WLAN Module
      • JG645A HP 10500/7500 20G Unified Wired-WLAN TAA-compliant Module
    • WX5004-EI (Comware 5) - Version: R2507P44
      • HP Network Products
      • JD447B HP WX5002 Access Controller
      • JD448A HP WX5004 Access Controller
      • JD448B HP WX5004 Access Controller
      • JD469A HP WX5004 Access Controller
    • SecBlade FW (Comware 5) - Version: R3181P07
      • HP Network Products
      • JC635A HP 12500 VPN Firewall Module
      • JD245A HP 9500 VPN Firewall Module
      • JD249A HP 10500/7500 Advanced VPN Firewall Module
      • JD250A HP 6600 Firewall Processing Router Module
      • JD251A HP 8800 Firewall Processing Module
      • JD255A HP 5820 VPN Firewall Module
    • F1000-E (Comware 5) - Version: TBD still fixing
      • HP Network Products
      • JD272A HP F1000-E VPN Firewall Appliance
    • F1000-A-EI (Comware 5) - Version: TBD still fixing
      • HP Network Products
      • JG214A HP F1000-A-EI VPN Firewall Appliance
    • F1000-S-EI (Comware 5) - Version: TBD still fixing
      • HP Network Products
      • JG213A HP F1000-S-EI VPN Firewall Appliance
    • F5000-A (Comware 5) - Version: F3210P26
      • HP Network Products
      • JD259A HP A5000-A5 VPN Firewall Chassis
      • JG215A HP F5000 Firewall Main Processing Unit
      • JG216A HP F5000 Firewall Standalone Chassis
    • U200S and CS (Comware 5) - Version: F5123P33
      • HP Network Products
      • JD273A HP U200-S UTM Appliance
    • U200A and M (Comware 5) - Version: F5123P33
      • HP Network Products
      • JD275A HP U200-A UTM Appliance
    • F5000-C/S (Comware 5) - Version: TBD still fixing
      • HP Network Products
      • JG650A HP F5000-C VPN Firewall Appliance
      • JG370A HP F5000-S VPN Firewall Appliance
    • SecBlade III (Comware 5) - Version: TBD still fixing
      • HP Network Products
      • JG371A HP 12500 20Gbps VPN Firewall Module
      • JG372A HP 10500/11900/7500 20Gbps VPN Firewall Module
    • 6600 RSE RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU
      • HP Network Products
      • JC177A HP 6608 Router
      • JC177B HP 6608 Router Chassis
      • JC178A HP 6604 Router Chassis
      • JC178B HP 6604 Router Chassis
      • JC496A HP 6616 Router Chassis
      • JC566A HP 6600 RSE-X1 Router Main Processing Unit
      • JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit
    • 6600 RPE RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU
      • HP Network Products
      • JC165A HP 6600 RPE-X1 Router Module
      • JC177A HP 6608 Router
      • JC177B HPE FlexNetwork 6608 Router Chassis
      • JC178A HPE FlexNetwork 6604 Router Chassis
      • JC178B HPE FlexNetwork 6604 Router Chassis
      • JC496A HPE FlexNetwork 6616 Router Chassis
      • JG781A HP 6600 RPE-X1 TAA-compliant Main Processing Unit
    • 6602 RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU
      • HP Network Products
      • JC176A HP 6602 Router Chassis
    • HSR6602 RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU
      • HP Network Products
      • JC177A HP 6608 Router
      • JC177B HP 6608 Router Chassis
      • JC178A HP 6604 Router Chassis
      • JC178B HP 6604 Router Chassis
      • JC496A HP 6616 Router Chassis
      • JG353A HP HSR6602-G Router
      • JG354A HP HSR6602-XG Router
      • JG355A HP 6600 MCP-X1 Router Main Processing Unit
      • JG356A HP 6600 MCP-X2 Router Main Processing Unit
      • JG776A HP HSR6602-G TAA-compliant Router
      • JG777A HP HSR6602-XG TAA-compliant Router
      • JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit
    • HSR6800 RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU
      • HP Network Products
      • JG361A HP HSR6802 Router Chassis
      • JG361B HP HSR6802 Router Chassis
      • JG362A HP HSR6804 Router Chassis
      • JG362B HP HSR6804 Router Chassis
      • JG363A HP HSR6808 Router Chassis
      • JG363B HP HSR6808 Router Chassis
      • JG364A HP HSR6800 RSE-X2 Router Main Processing Unit
      • JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit
    • SMB1910 (Comware 5) - Version: R1113
      • HP Network Products
      • JG540A HP 1910-48 Switch
      • JG539A HP 1910-24-PoE+ Switch
      • JG538A HP 1910-24 Switch
      • JG537A HP 1910-8 -PoE+ Switch
      • JG536A HP 1910-8 Switch
    • SMB1920 (Comware 5) - Version: R1112
      • HP Network Products
      • JG928A HP 1920-48G-PoE+ (370W) Switch
      • JG927A HP 1920-48G Switch
      • JG926A HP 1920-24G-PoE+ (370W) Switch
      • JG925A HP 1920-24G-PoE+ (180W) Switch
      • JG924A HP 1920-24G Switch
      • JG923A HP 1920-16G Switch
      • JG922A HP 1920-8G-PoE+ (180W) Switch
      • JG921A HP 1920-8G-PoE+ (65W) Switch
      • JG920A HP 1920-8G Switch
    • V1910 (Comware 5) - Version: R1517P01
      • HP Network Products
      • JE005A HP 1910-16G Switch
      • JE006A HP 1910-24G Switch
      • JE007A HP 1910-24G-PoE (365W) Switch
      • JE008A HP 1910-24G-PoE(170W) Switch
      • JE009A HP 1910-48G Switch
      • JG348A HP 1910-8G Switch
      • JG349A HP 1910-8G-PoE+ (65W) Switch
      • JG350A HP 1910-8G-PoE+ (180W) Switch
    • SMB 1620 (Comware 5) - Version: R1110
      • HP Network Products
      • JG914A HP 1620-48G Switch
      • JG913A HP 1620-24G Switch
      • JG912A HP 1620-8G Switch
    • NJ5000 - Version: R1107
      • HP Network Products
      • JH237A HPE FlexNetwork NJ5000 5G PoE+ Walljack

    COMWARE 7 Products

    • 12500 (Comware 7) - Version: R7377
      • HP Network Products
      • JC072B HP 12500 Main Processing Unit
      • JC085A HP A12518 Switch Chassis
      • JC086A HP A12508 Switch Chassis
      • JC652A HP 12508 DC Switch Chassis
      • JC653A HP 12518 DC Switch Chassis
      • JC654A HP 12504 AC Switch Chassis
      • JC655A HP 12504 DC Switch Chassis
      • JF430A HP A12518 Switch Chassis
      • JF430B HP 12518 Switch Chassis
      • JF430C HP 12518 AC Switch Chassis
      • JF431A HP A12508 Switch Chassis
      • JF431B HP 12508 Switch Chassis
      • JF431C HP 12508 AC Switch Chassis
      • JG497A HP 12500 MPU w/Comware V7 OS
      • JG782A HP FF 12508E AC Switch Chassis
      • JG783A HP FF 12508E DC Switch Chassis
      • JG784A HP FF 12518E AC Switch Chassis
      • JG785A HP FF 12518E DC Switch Chassis
      • JG802A HP FF 12500E MPU
    • 10500 (Comware 7) - Version: R7180
      • HP Network Products
      • JC611A HP 10508-V Switch Chassis
      • JC612A HP 10508 Switch Chassis
      • JC613A HP 10504 Switch Chassis
      • JC748A HP 10512 Switch Chassis
      • JG608A HP FlexFabric 11908-V Switch Chassis
      • JG609A HP FlexFabric 11900 Main Processing Unit
      • JG820A HP 10504 TAA Switch Chassis
      • JG821A HP 10508 TAA Switch Chassis
      • JG822A HP 10508-V TAA Switch Chassis
      • JG823A HP 10512 TAA Switch Chassis
      • JG496A HP 10500 Type A MPU w/Comware v7 OS
      • JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating System
      • JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System Main Processing Unit
    • 12900 (Comware 7) - Version: R1150
      • HP Network Products
      • JG619A HP FlexFabric 12910 Switch AC Chassis
      • JG621A HP FlexFabric 12910 Main Processing Unit
      • JG632A HP FlexFabric 12916 Switch AC Chassis
      • JG634A HP FlexFabric 12916 Main Processing Unit
      • JH104A HP FlexFabric 12900E Main Processing Unit
      • JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit
      • JH263A HP FlexFabric 12904E Main Processing Unit
      • JH255A HP FlexFabric 12908E Switch Chassis
      • JH262A HP FlexFabric 12904E Switch Chassis
      • JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis
      • JH103A HP FlexFabric 12916E Switch Chassis
    • 5900 (Comware 7) - Version: R2432P01
      • HP Network Products
      • JC772A HP 5900AF-48XG-4QSFP+ Switch
      • JG296A HP 5920AF-24XG Switch
      • JG336A HP 5900AF-48XGT-4QSFP+ Switch
      • JG510A HP 5900AF-48G-4XG-2QSFP+ Switch
      • JG554A HP 5900AF-48XG-4QSFP+ TAA Switch
      • JG555A HP 5920AF-24XG TAA Switch
      • JG838A HP FF 5900CP-48XG-4QSFP+ Switch
      • JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant
      • JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch
      • JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant
    • MSR1000 (Comware 7) - Version: R0306P12
      • HP Network Products
      • JG875A HP MSR1002-4 AC Router
      • JH060A HP MSR1003-8S AC Router
    • MSR2000 (Comware 7) - Version: R0306P12
      • HP Network Products
      • JG411A HP MSR2003 AC Router
      • JG734A HP MSR2004-24 AC Router
      • JG735A HP MSR2004-48 Router
      • JG866A HP MSR2003 TAA-compliant AC Router
    • MSR3000 (Comware 7) - Version: R0306P12
      • HP Network Products
      • JG404A HP MSR3064 Router
      • JG405A HP MSR3044 Router
      • JG406A HP MSR3024 AC Router
      • JG407A HP MSR3024 DC Router
      • JG408A HP MSR3024 PoE Router
      • JG409A HP MSR3012 AC Router
      • JG410A HP MSR3012 DC Router
      • JG861A HP MSR3024 TAA-compliant AC Router
    • MSR4000 (Comware 7) - Version: R0306P12
      • HP Network Products
      • JG402A HP MSR4080 Router Chassis
      • JG403A HP MSR4060 Router Chassis
      • JG412A HP MSR4000 MPU-100 Main Processing Unit
      • JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit
    • VSR (Comware 7) - Version: E0322P01
      • HP Network Products
      • JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation Software
      • JG811AAE HP VSR1001 Comware 7 Virtual Services Router
      • JG812AAE HP VSR1004 Comware 7 Virtual Services Router
      • JG813AAE HP VSR1008 Comware 7 Virtual Services Router
    • 7900 (Comware 7) - Version: R2150
      • HP Network Products
      • JG682A HP FlexFabric 7904 Switch Chassis
      • JG841A HP FlexFabric 7910 Switch Chassis
      • JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit
      • JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit
      • JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis
      • JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis
      • JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main Processing Unit
      • JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main Processing Unit
    • 5130 (Comware 7) - Version: R3113P02
      • HP Network Products
      • JG932A HP 5130-24G-4SFP+ EI Switch
      • JG933A HP 5130-24G-SFP-4SFP+ EI Switch
      • JG934A HP 5130-48G-4SFP+ EI Switch
      • JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch
      • JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch
      • JG938A HP 5130-24G-2SFP+-2XGT EI Switch
      • JG939A HP 5130-48G-2SFP+-2XGT EI Switch
      • JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch
      • JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch
      • JG975A HP 5130-24G-4SFP+ EI Brazil Switch
      • JG976A HP 5130-48G-4SFP+ EI Brazil Switch
      • JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch
      • JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch
    • 6125XLG - Version: R2432P01
      • HP Network Products
      • 711307-B21 HP 6125XLG Blade Switch
      • 737230-B21 HP 6125XLG Blade Switch with TAA
    • 6127XLG - Version: R2432P01
      • HP Network Products
      • 787635-B21 HP 6127XLG Blade Switch Opt Kit
      • 787635-B22 HP 6127XLG Blade Switch with TAA
    • Moonshot - Version: R2432P01
      • HP Network Products
      • 786617-B21 - HP Moonshot-45Gc Switch Module
      • 704654-B21 - HP Moonshot-45XGc Switch Module
      • 786619-B21 - HP Moonshot-180XGc Switch Module
    • 5700 (Comware 7) - Version: R2432P01
      • HP Network Products
      • JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch
      • JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch
      • JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch
      • JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch
      • JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch
      • JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch
    • 5930 (Comware 7) - Version: R2432P01
      • HP Network Products
      • JG726A HP FlexFabric 5930 32QSFP+ Switch
      • JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch
      • JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch
      • JH179A HP FlexFabric 5930 4-slot Switch
      • JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch
      • JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch
    • HSR6600 (Comware 7) - Version: R7103P09
      • HP Network Products
      • JG353A HP HSR6602-G Router
      • JG354A HP HSR6602-XG Router
      • JG776A HP HSR6602-G TAA-compliant Router
      • JG777A HP HSR6602-XG TAA-compliant Router
    • HSR6800 (Comware 7) - Version: R7103P09
      • HP Network Products
      • JG361A HP HSR6802 Router Chassis
      • JG361B HP HSR6802 Router Chassis
      • JG362A HP HSR6804 Router Chassis
      • JG362B HP HSR6804 Router Chassis
      • JG363A HP HSR6808 Router Chassis
      • JG363B HP HSR6808 Router Chassis
      • JG364A HP HSR6800 RSE-X2 Router Main Processing Unit
      • JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing
      • JH075A HP HSR6800 RSE-X3 Router Main Processing Unit
    • 1950 (Comware 7) - Version: R3113P02
      • HP Network Products
      • JG960A HP 1950-24G-4XG Switch
      • JG961A HP 1950-48G-2SFP+-2XGT Switch
      • JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch
      • JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch
    • 7500 (Comware 7) - Version: R7180
      • HP Network Products
      • JD238C HP 7510 Switch Chassis
      • JD239C HP 7506 Switch Chassis
      • JD240C HP 7503 Switch Chassis
      • JD242C HP 7502 Switch Chassis
      • JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only Main Processing Unit
      • JH208A HP 7502 Main Processing Unit
      • JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port 40GbE QSFP+ Main Processing Unit
    • 5510HI (Comware 7) - Version: R1120
      • HP Network Products
      • JH145A HPE 5510 24G 4SFP+ HI 1-slot Switch
      • JH146A HPE 5510 48G 4SFP+ HI 1-slot Switch
      • JH147A HPE 5510 24G PoE+ 4SFP+ HI 1-slot Switch
      • JH148A HPE 5510 48G PoE+ 4SFP+ HI 1-slot Switch
      • JH149A HPE 5510 24G SFP 4SFP+ HI 1-slot Switch
    • 5130HI (Comware 7) - Version: R1120
      • HP Network Products
      • JH323A HPE 5130 24G 4SFP+ 1-slot HI Switch
      • JH324A HPE 5130 48G 4SFP+ 1-slot HI Switch
      • JH325A HPE 5130 24G PoE+ 4SFP+ 1-slot HI Switch
      • JH326A HPE 5130 48G PoE+ 4SFP+ 1-slot HI Switch

    iMC Products

    • IMC PLAT - Version: 7.2 E0403P04
      • HP Network Products
      • JD125A HP IMC Std S/W Platform w/100-node
      • JD126A HP IMC Ent S/W Platform w/100-node
      • JD808A HP IMC Ent Platform w/100-node License
      • JD814A HP A-IMC Enterprise Edition Software DVD Media
      • JD815A HP IMC Std Platform w/100-node License
      • JD816A HP A-IMC Standard Edition Software DVD Media
      • JF288AAE HP Network Director to Intelligent Management Center Upgrade E-LTU
      • JF289AAE HP Enterprise Management System to Intelligent Management Center Upgrade E-LTU
      • JF377A HP IMC Std S/W Platform w/100-node Lic
      • JF377AAE HP IMC Std S/W Pltfrm w/100-node E-LTU
      • JF378A HP IMC Ent S/W Platform w/200-node Lic
      • JF378AAE HP IMC Ent S/W Pltfrm w/200-node E-LTU
      • JG546AAE HP IMC Basic SW Platform w/50-node E-LTU
      • JG548AAE HP PCM+ to IMC Bsc Upgr w/50-node E-LTU
      • JG549AAE HP PCM+ to IMC Std Upgr w/200-node E-LTU
      • JG747AAE HP IMC Std SW Plat w/ 50 Nodes E-LTU
      • JG748AAE HP IMC Ent SW Plat w/ 50 Nodes E-LTU
      • JG768AAE HP PCM+ to IMC Std Upg w/ 200-node E-LTU
    • IMC iNode - Version: 7.2 E0407
      • HP Network Products
      • JD144A HP A-IMC User Access Management Software Module with 200-user License
      • JD147A HP IMC Endpoint Admission Defense Software Module with 200-user License
      • JD435A HP A-IMC Endpoint Admission Defense Client Software
      • JF388A HP IMC User Authentication Management Software Module with 200-user License
      • JF388AAE HP IMC User Authentication Management Software Module with 200-user E-LTU
      • JF391A HP IMC Endpoint Admission Defense Software Module with 200-user License
      • JF391AAE HP IMC Endpoint Admission Defense Software Module with 200-user E-LTU
      • JG752AAE HP IMC User Access Manager Software Module with 50-user E-LTU
      • JG754AAE) HP IMC Endpoint Admission Defense Software Module with 50-user E-LTU
    • iMC UAM_TAM - Version: 7.1 E0406
      • HP Network Products
      • JF388A HP IMC UAM S/W MODULE W/200-USER LICENSE
      • JF388AAE HP IMC UAM S/W MODULE W/200-USER E-LTU
      • JG752AAE HP IMC UAM SW MOD W/ 50-USER E-LTU
      • JG483A HP IMC TAM S/W MODULE W/100-NODE LIC
      • JG483AAE HP IMC TAM S/W MODULE W/100-NODE E-LTU
      • JG764AAE HP IMC TAM SW MOD W/ 50-NODE E-LTU
    • IMC WSM - Version: 7.2 E0502P04
      • HP Network Products
      • JD456A HP IMC WSM Software Module with 50-Access Point License
      • JF414A HP IMC Wireless Service Manager Software Module with 50-Access Point License
      • JF414AAE HP IMC Wireless Service Manager Software Module with 50-Access Point E-LTU
      • JG551AAE HP PCM+ Mobility Manager to IMC Wireless Service Manager Module Upgrade with 250 Access Point E-LTU
      • JG758AAE HP IMC WSM/RTLS w/ 50-node E-LTU
      • JG769AAE HP PCM Mobility Manager to IMC Wireless Service Manager Upg with 250-node E-LTU

    VCX Products

    • VCX - Version: 9.8.19
      • HP Network Products
      • J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr
      • J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr
      • JC517A HP VCX V7205 Platform w/DL 360 G6 Server
      • JE355A HP VCX V6000 Branch Platform 9.0
      • JC516A HP VCX V7005 Platform w/DL 120 G6 Server
      • JC518A HP VCX Connect 200 Primry 120 G6 Server
      • J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr
      • JE341A HP VCX Connect 100 Secondary
      • JE252A HP VCX Connect Primary MIM Module
      • JE253A HP VCX Connect Secondary MIM Module
      • JE254A HP VCX Branch MIM Module
      • JE355A HP VCX V6000 Branch Platform 9.0
      • JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod
      • JD023A HP MSR30-40 Router with VCX MIM Module
      • JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM
      • JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod
      • JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod
      • JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod
      • JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS
      • JE340A HP VCX Connect 100 Pri Server 9.0
      • JE342A HP VCX Connect 100 Sec Server 9.0

    Note: Please contact HPE Technical Support if any assistance is needed acquiring the software updates.

    HISTORY Version:1 (rev.1) - 21 February 2017 Initial release

    Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.

    Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.

    Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com

    Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice

    Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive

    Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

    3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX

    Copyright 2016 Hewlett Packard Enterprise

    Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

    ===================================================================== Red Hat Security Advisory

    Synopsis: Moderate: openssl security update Advisory ID: RHSA-2015:2617-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-2617.html Issue date: 2015-12-14 CVE Names: CVE-2015-3194 CVE-2015-3195 CVE-2015-3196 =====================================================================

    1. Summary:

    Updated openssl packages that fix three security issues are now available for Red Hat Enterprise Linux 6 and 7.

    Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

    1. Relevant releases/architectures:

    Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

    1. Description:

    OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.

    A NULL pointer derefernce flaw was found in the way OpenSSL verified signatures using the RSA PSS algorithm. A remote attacked could possibly use this flaw to crash a TLS/SSL client using OpenSSL, or a TLS/SSL server using OpenSSL if it enabled client authentication. (CVE-2015-3194)

    A memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and CMS data. A remote attacker could use this flaw to cause an application that parses PKCS#7 or CMS data from untrusted sources to use an excessive amount of memory and possibly crash. (CVE-2015-3195)

    A race condition flaw, leading to a double free, was found in the way OpenSSL handled pre-shared key (PSK) identify hints. A remote attacker could use this flaw to crash a multi-threaded SSL/TLS client using OpenSSL. (CVE-2015-3196)

    All openssl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.

    1. Solution:

    Before applying this update, make sure all previously released errata relevant to your system have been applied.

    For details on how to apply this update, refer to:

    https://access.redhat.com/articles/11258

    1. Bugs fixed (https://bugzilla.redhat.com/):

    1288320 - CVE-2015-3194 OpenSSL: Certificate verify crash with missing PSS parameter 1288322 - CVE-2015-3195 OpenSSL: X509_ATTRIBUTE memory leak 1288326 - CVE-2015-3196 OpenSSL: Race condition handling PSK identify hint

    1. Package List:

    Red Hat Enterprise Linux Desktop (v. 6):

    Source: openssl-1.0.1e-42.el6_7.1.src.rpm

    i386: openssl-1.0.1e-42.el6_7.1.i686.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm

    x86_64: openssl-1.0.1e-42.el6_7.1.i686.rpm openssl-1.0.1e-42.el6_7.1.x86_64.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm

    Red Hat Enterprise Linux Desktop Optional (v. 6):

    i386: openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm openssl-devel-1.0.1e-42.el6_7.1.i686.rpm openssl-perl-1.0.1e-42.el6_7.1.i686.rpm openssl-static-1.0.1e-42.el6_7.1.i686.rpm

    x86_64: openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm openssl-devel-1.0.1e-42.el6_7.1.i686.rpm openssl-devel-1.0.1e-42.el6_7.1.x86_64.rpm openssl-perl-1.0.1e-42.el6_7.1.x86_64.rpm openssl-static-1.0.1e-42.el6_7.1.x86_64.rpm

    Red Hat Enterprise Linux HPC Node (v. 6):

    Source: openssl-1.0.1e-42.el6_7.1.src.rpm

    x86_64: openssl-1.0.1e-42.el6_7.1.i686.rpm openssl-1.0.1e-42.el6_7.1.x86_64.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm

    Red Hat Enterprise Linux HPC Node Optional (v. 6):

    x86_64: openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm openssl-devel-1.0.1e-42.el6_7.1.i686.rpm openssl-devel-1.0.1e-42.el6_7.1.x86_64.rpm openssl-perl-1.0.1e-42.el6_7.1.x86_64.rpm openssl-static-1.0.1e-42.el6_7.1.x86_64.rpm

    Red Hat Enterprise Linux Server (v. 6):

    Source: openssl-1.0.1e-42.el6_7.1.src.rpm

    i386: openssl-1.0.1e-42.el6_7.1.i686.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm openssl-devel-1.0.1e-42.el6_7.1.i686.rpm

    ppc64: openssl-1.0.1e-42.el6_7.1.ppc.rpm openssl-1.0.1e-42.el6_7.1.ppc64.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.ppc.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.ppc64.rpm openssl-devel-1.0.1e-42.el6_7.1.ppc.rpm openssl-devel-1.0.1e-42.el6_7.1.ppc64.rpm

    s390x: openssl-1.0.1e-42.el6_7.1.s390.rpm openssl-1.0.1e-42.el6_7.1.s390x.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.s390.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.s390x.rpm openssl-devel-1.0.1e-42.el6_7.1.s390.rpm openssl-devel-1.0.1e-42.el6_7.1.s390x.rpm

    x86_64: openssl-1.0.1e-42.el6_7.1.i686.rpm openssl-1.0.1e-42.el6_7.1.x86_64.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm openssl-devel-1.0.1e-42.el6_7.1.i686.rpm openssl-devel-1.0.1e-42.el6_7.1.x86_64.rpm

    Red Hat Enterprise Linux Server Optional (v. 6):

    i386: openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm openssl-perl-1.0.1e-42.el6_7.1.i686.rpm openssl-static-1.0.1e-42.el6_7.1.i686.rpm

    ppc64: openssl-debuginfo-1.0.1e-42.el6_7.1.ppc64.rpm openssl-perl-1.0.1e-42.el6_7.1.ppc64.rpm openssl-static-1.0.1e-42.el6_7.1.ppc64.rpm

    s390x: openssl-debuginfo-1.0.1e-42.el6_7.1.s390x.rpm openssl-perl-1.0.1e-42.el6_7.1.s390x.rpm openssl-static-1.0.1e-42.el6_7.1.s390x.rpm

    x86_64: openssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm openssl-perl-1.0.1e-42.el6_7.1.x86_64.rpm openssl-static-1.0.1e-42.el6_7.1.x86_64.rpm

    Red Hat Enterprise Linux Workstation (v. 6):

    Source: openssl-1.0.1e-42.el6_7.1.src.rpm

    i386: openssl-1.0.1e-42.el6_7.1.i686.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm openssl-devel-1.0.1e-42.el6_7.1.i686.rpm

    x86_64: openssl-1.0.1e-42.el6_7.1.i686.rpm openssl-1.0.1e-42.el6_7.1.x86_64.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm openssl-devel-1.0.1e-42.el6_7.1.i686.rpm openssl-devel-1.0.1e-42.el6_7.1.x86_64.rpm

    Red Hat Enterprise Linux Workstation Optional (v. 6):

    i386: openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm openssl-perl-1.0.1e-42.el6_7.1.i686.rpm openssl-static-1.0.1e-42.el6_7.1.i686.rpm

    x86_64: openssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm openssl-perl-1.0.1e-42.el6_7.1.x86_64.rpm openssl-static-1.0.1e-42.el6_7.1.x86_64.rpm

    Red Hat Enterprise Linux Client (v. 7):

    Source: openssl-1.0.1e-51.el7_2.1.src.rpm

    x86_64: openssl-1.0.1e-51.el7_2.1.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.1.i686.rpm openssl-libs-1.0.1e-51.el7_2.1.x86_64.rpm

    Red Hat Enterprise Linux Client Optional (v. 7):

    x86_64: openssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.1.i686.rpm openssl-devel-1.0.1e-51.el7_2.1.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.1.x86_64.rpm openssl-static-1.0.1e-51.el7_2.1.i686.rpm openssl-static-1.0.1e-51.el7_2.1.x86_64.rpm

    Red Hat Enterprise Linux ComputeNode (v. 7):

    Source: openssl-1.0.1e-51.el7_2.1.src.rpm

    x86_64: openssl-1.0.1e-51.el7_2.1.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.1.i686.rpm openssl-libs-1.0.1e-51.el7_2.1.x86_64.rpm

    Red Hat Enterprise Linux ComputeNode Optional (v. 7):

    x86_64: openssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.1.i686.rpm openssl-devel-1.0.1e-51.el7_2.1.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.1.x86_64.rpm openssl-static-1.0.1e-51.el7_2.1.i686.rpm openssl-static-1.0.1e-51.el7_2.1.x86_64.rpm

    Red Hat Enterprise Linux Server (v. 7):

    Source: openssl-1.0.1e-51.el7_2.1.src.rpm

    aarch64: openssl-1.0.1e-51.el7_2.1.aarch64.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.aarch64.rpm openssl-devel-1.0.1e-51.el7_2.1.aarch64.rpm openssl-libs-1.0.1e-51.el7_2.1.aarch64.rpm

    ppc64: openssl-1.0.1e-51.el7_2.1.ppc64.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.ppc.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.ppc64.rpm openssl-devel-1.0.1e-51.el7_2.1.ppc.rpm openssl-devel-1.0.1e-51.el7_2.1.ppc64.rpm openssl-libs-1.0.1e-51.el7_2.1.ppc.rpm openssl-libs-1.0.1e-51.el7_2.1.ppc64.rpm

    ppc64le: openssl-1.0.1e-51.el7_2.1.ppc64le.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.ppc64le.rpm openssl-devel-1.0.1e-51.el7_2.1.ppc64le.rpm openssl-libs-1.0.1e-51.el7_2.1.ppc64le.rpm

    s390x: openssl-1.0.1e-51.el7_2.1.s390x.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.s390.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.s390x.rpm openssl-devel-1.0.1e-51.el7_2.1.s390.rpm openssl-devel-1.0.1e-51.el7_2.1.s390x.rpm openssl-libs-1.0.1e-51.el7_2.1.s390.rpm openssl-libs-1.0.1e-51.el7_2.1.s390x.rpm

    x86_64: openssl-1.0.1e-51.el7_2.1.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.1.i686.rpm openssl-devel-1.0.1e-51.el7_2.1.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.1.i686.rpm openssl-libs-1.0.1e-51.el7_2.1.x86_64.rpm

    Red Hat Enterprise Linux Server Optional (v. 7):

    aarch64: openssl-debuginfo-1.0.1e-51.el7_2.1.aarch64.rpm openssl-perl-1.0.1e-51.el7_2.1.aarch64.rpm openssl-static-1.0.1e-51.el7_2.1.aarch64.rpm

    ppc64: openssl-debuginfo-1.0.1e-51.el7_2.1.ppc.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.ppc64.rpm openssl-perl-1.0.1e-51.el7_2.1.ppc64.rpm openssl-static-1.0.1e-51.el7_2.1.ppc.rpm openssl-static-1.0.1e-51.el7_2.1.ppc64.rpm

    ppc64le: openssl-debuginfo-1.0.1e-51.el7_2.1.ppc64le.rpm openssl-perl-1.0.1e-51.el7_2.1.ppc64le.rpm openssl-static-1.0.1e-51.el7_2.1.ppc64le.rpm

    s390x: openssl-debuginfo-1.0.1e-51.el7_2.1.s390.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.s390x.rpm openssl-perl-1.0.1e-51.el7_2.1.s390x.rpm openssl-static-1.0.1e-51.el7_2.1.s390.rpm openssl-static-1.0.1e-51.el7_2.1.s390x.rpm

    x86_64: openssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.1.x86_64.rpm openssl-static-1.0.1e-51.el7_2.1.i686.rpm openssl-static-1.0.1e-51.el7_2.1.x86_64.rpm

    Red Hat Enterprise Linux Workstation (v. 7):

    Source: openssl-1.0.1e-51.el7_2.1.src.rpm

    x86_64: openssl-1.0.1e-51.el7_2.1.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.1.i686.rpm openssl-devel-1.0.1e-51.el7_2.1.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.1.i686.rpm openssl-libs-1.0.1e-51.el7_2.1.x86_64.rpm

    Red Hat Enterprise Linux Workstation Optional (v. 7):

    x86_64: openssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.1.x86_64.rpm openssl-static-1.0.1e-51.el7_2.1.i686.rpm openssl-static-1.0.1e-51.el7_2.1.x86_64.rpm

    These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

    1. References:

    https://access.redhat.com/security/cve/CVE-2015-3194 https://access.redhat.com/security/cve/CVE-2015-3195 https://access.redhat.com/security/cve/CVE-2015-3196 https://access.redhat.com/security/updates/classification/#moderate https://openssl.org/news/secadv/20151203.txt

    1. Contact:

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

    Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

    iD8DBQFWblodXlSAg2UNWIIRAt6yAKCw1yHbcUPDEPeokS22dMKyo6YFsQCgmPe4 dpIS/iR9oiOKMXJY5t447ME= =qvLr -----END PGP SIGNATURE-----

    -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Description:

    This release of Red Hat JBoss Core Services httpd 2.4.23 serves as a replacement for JBoss Core Services Apache HTTP Server 2.4.6. (CVE-2014-8176, CVE-2015-0209, CVE-2015-0286, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196, CVE-2015-3216, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0799, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2177, CVE-2016-2178, CVE-2016-2842)

    • This update fixes several flaws in libxml2. (CVE-2016-1762, CVE-2016-1833, CVE-2016-1834, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, CVE-2016-1840, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447, CVE-2016-4448, CVE-2016-4449, CVE-2016-4483)

    • This update fixes three flaws in curl. (CVE-2016-5419, CVE-2016-5420, CVE-2016-7141)

    • This update fixes two flaws in httpd. (CVE-2014-3523, CVE-2015-3185)

    • This update fixes two flaws in mod_cluster. (CVE-2016-4459, CVE-2016-8612)

    • A buffer overflow flaw when concatenating virtual host names and URIs was fixed in mod_jk. (CVE-2012-1148)

    Red Hat would like to thank the OpenSSL project for reporting CVE-2014-8176, CVE-2015-0286, CVE-2016-2108, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0799, and CVE-2016-2842. Upstream acknowledges Stephen Henson (OpenSSL development team) as the original reporter of CVE-2015-0286; Huzaifa Sidhpurwala (Red Hat), Hanno BAPck, and David Benjamin (Google) as the original reporters of CVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2105, CVE-2016-2106, CVE-2016-0797, CVE-2016-0799, and CVE-2016-2842; Juraj Somorovsky as the original reporter of CVE-2016-2107; Yuval Yarom (University of Adelaide and NICTA), Daniel Genkin (Technion and Tel Aviv University), and Nadia Heninger (University of Pennsylvania) as the original reporters of CVE-2016-0702; and Adam Langley (Google/BoringSSL) as the original reporter of CVE-2016-0705.

    See the corresponding CVE pages linked to in the References section for more information about each of the flaws listed in this advisory. Solution:

    The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).

    After installing the updated packages, the httpd daemon will be restarted automatically. Bugs fixed (https://bugzilla.redhat.com/):

    801648 - CVE-2012-1148 expat: Memory leak in poolGrow 1121519 - CVE-2014-3523 httpd: WinNT MPM denial of service 1196737 - CVE-2015-0209 openssl: use-after-free on invalid EC private key import 1202366 - CVE-2015-0286 openssl: invalid pointer use in ASN1_TYPE_cmp() 1227574 - CVE-2015-3216 openssl: Crash in ssleay_rand_bytes due to locking regression 1228611 - CVE-2014-8176 OpenSSL: Invalid free in DTLS 1243888 - CVE-2015-3185 httpd: ap_some_auth_required() does not properly indicate authenticated request in 2.4 1288320 - CVE-2015-3194 OpenSSL: Certificate verify crash with missing PSS parameter 1288322 - CVE-2015-3195 OpenSSL: X509_ATTRIBUTE memory leak 1288326 - CVE-2015-3196 OpenSSL: Race condition handling PSK identify hint 1310596 - CVE-2016-0705 OpenSSL: Double-free in DSA code 1310599 - CVE-2016-0702 OpenSSL: Side channel attack on modular exponentiation 1311880 - CVE-2016-0797 OpenSSL: BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption 1312219 - CVE-2016-0799 OpenSSL: Fix memory issues in BIO_*printf functions 1314757 - CVE-2016-2842 openssl: doapr_outch function does not verify that certain memory allocation succeeds 1319829 - CVE-2016-3627 libxml2: stack exhaustion while parsing xml files in recovery mode 1330101 - CVE-2016-2109 openssl: ASN.1 BIO handling of large amounts of data 1331402 - CVE-2016-2108 openssl: Memory corruption in the ASN.1 encoder 1331426 - CVE-2016-2107 openssl: Padding oracle in AES-NI CBC MAC check 1331441 - CVE-2016-2105 openssl: EVP_EncodeUpdate overflow 1331536 - CVE-2016-2106 openssl: EVP_EncryptUpdate overflow 1332443 - CVE-2016-3705 libxml2: stack overflow before detecting invalid XML file 1332820 - CVE-2016-4483 libxml2: out-of-bounds read 1338682 - CVE-2016-1833 libxml2: Heap-based buffer overread in htmlCurrentChar 1338686 - CVE-2016-4447 libxml2: Heap-based buffer underreads due to xmlParseName 1338691 - CVE-2016-1835 libxml2: Heap use-after-free in xmlSAX2AttributeNs 1338696 - CVE-2016-1837 libxml2: Heap use-after-free in htmlPArsePubidLiteral and htmlParseSystemiteral 1338700 - CVE-2016-4448 libxml2: Format string vulnerability 1338701 - CVE-2016-4449 libxml2: Inappropriate fetch of entities content 1338702 - CVE-2016-1836 libxml2: Heap use-after-free in xmlDictComputeFastKey 1338703 - CVE-2016-1839 libxml2: Heap-based buffer overread in xmlDictAddString 1338705 - CVE-2016-1838 libxml2: Heap-based buffer overread in xmlPArserPrintFileContextInternal 1338706 - CVE-2016-1840 libxml2: Heap-buffer-overflow in xmlFAParserPosCharGroup 1338708 - CVE-2016-1834 libxml2: Heap-buffer-overflow in xmlStrncat 1338711 - CVE-2016-1762 libxml2: Heap-based buffer-overread in xmlNextChar 1341583 - CVE-2016-4459 mod_cluster: Buffer overflow in mod_manager when sending request with long JVMRoute 1341705 - CVE-2016-2177 openssl: Possible integer overflow vulnerabilities in codebase 1343400 - CVE-2016-2178 openssl: Non-constant time codepath followed for certain operations in DSA implementation 1362183 - CVE-2016-5419 curl: TLS session resumption client cert bypass 1362190 - CVE-2016-5420 curl: Re-using connection with wrong client cert 1373229 - CVE-2016-7141 curl: Incorrect reuse of client certificates 1382352 - CVE-2016-6808 mod_jk: Buffer overflow when concatenating virtual host name and URI 1387605 - CVE-2016-8612 JBCS mod_cluster: Protocol parsing logic error

    1. JIRA issues fixed (https://issues.jboss.org/):

    JBCS-50 - CVE-2012-1148 CVE-2012-0876 expat: various flaws [jbews-3.0.0] JBCS-95 - CVE-2014-3523 httpd: WinNT MPM denial of service

    For the oldstable distribution (wheezy), these problems have been fixed in version 1.0.1e-2+deb7u18.

    For the stable distribution (jessie), these problems have been fixed in version 1.0.1k-3+deb8u2.

    For the unstable distribution (sid), these problems have been fixed in version 1.0.2e-1 or earlier

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "primavera p6 enterprise project portfolio management",
            "scope": "eq",
            "trust": 1.1,
            "vendor": "oracle",
            "version": "15.1"
          },
          {
            "_id": null,
            "model": "primavera p6 enterprise project portfolio management",
            "scope": "eq",
            "trust": 1.1,
            "vendor": "oracle",
            "version": "8.3"
          },
          {
            "_id": null,
            "model": "primavera p6 enterprise project portfolio management",
            "scope": "eq",
            "trust": 1.1,
            "vendor": "oracle",
            "version": "8.4"
          },
          {
            "_id": null,
            "model": "primavera p6 enterprise project portfolio management",
            "scope": "eq",
            "trust": 1.1,
            "vendor": "oracle",
            "version": "15.2"
          },
          {
            "_id": null,
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "15.10"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "1.0.1p"
          },
          {
            "_id": null,
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "14.04"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "1.0.1f"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "node.js",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "0.12.9"
          },
          {
            "_id": null,
            "model": "node.js",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "0.10.0"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "1.0.1l"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "1.0.1d"
          },
          {
            "_id": null,
            "model": "node.js",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "0.12.0"
          },
          {
            "_id": null,
            "model": "node.js",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "5.0.0"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "1.0.1h"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "1.0.1c"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "1.0.1j"
          },
          {
            "_id": null,
            "model": "node.js",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "5.1.1"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "1.0.2d"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "1.0.1o"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "1.0.1"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "1.0.1e"
          },
          {
            "_id": null,
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "15.04"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "1.0.1g"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "1.0.2"
          },
          {
            "_id": null,
            "model": "node.js",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "4.2.3"
          },
          {
            "_id": null,
            "model": "node.js",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "0.10.41"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "1.0.2b"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "1.0.2c"
          },
          {
            "_id": null,
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "12.04"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "1.0.1a"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "1.0.1i"
          },
          {
            "_id": null,
            "model": "node.js",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "4.0.0"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "1.0.1k"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "1.0.1n"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "1.0.2a"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "1.0.1b"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "1.0.1m"
          },
          {
            "_id": null,
            "model": "hpe systems insight manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": null
          },
          {
            "_id": null,
            "model": "mysql",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "oracle",
            "version": "5.7.10 and earlier"
          },
          {
            "_id": null,
            "model": "hpe server migration pack",
            "scope": null,
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": null
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "openssl",
            "version": "1.0.1"
          },
          {
            "_id": null,
            "model": "mysql",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "oracle",
            "version": "5.6.28 and earlier"
          },
          {
            "_id": null,
            "model": "hpe insight control",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": "none"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "openssl",
            "version": "1.0.1q"
          },
          {
            "_id": null,
            "model": "secure global desktop",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "oracle",
            "version": "4.63"
          },
          {
            "_id": null,
            "model": "hpe version control repository manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": null
          },
          {
            "_id": null,
            "model": "hpe matrix operating environment",
            "scope": null,
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": null
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "openssl",
            "version": "1.0.2e"
          },
          {
            "_id": null,
            "model": "secure global desktop",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "oracle",
            "version": "5.2"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "openssl",
            "version": "1.0.2"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": null,
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": null
          },
          {
            "_id": null,
            "model": "secure global desktop",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "oracle",
            "version": "4.71"
          },
          {
            "_id": null,
            "model": "hpe insight control",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": "server provisioning"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70001.1"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.1"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v50007.2.0.5"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v37007.5.0.6"
          },
          {
            "_id": null,
            "model": "rational requisitepro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.3.14"
          },
          {
            "_id": null,
            "model": "10.2-rc1-p2",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "security network controller 1.0.3361m",
            "scope": null,
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.1.10"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.2.19"
          },
          {
            "_id": null,
            "model": "1/10gb uplink ethernet switch module",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.8.22.0"
          },
          {
            "_id": null,
            "model": "(comware r2432p01",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "59307)"
          },
          {
            "_id": null,
            "model": "rational requisitepro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.4.10"
          },
          {
            "_id": null,
            "model": "power hmc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.3.0.0"
          },
          {
            "_id": null,
            "model": "security access manager for web",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "api management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v35007.2"
          },
          {
            "_id": null,
            "model": "systems insight manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.1.6"
          },
          {
            "_id": null,
            "model": "fortimanager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fortinet",
            "version": "5.2.4"
          },
          {
            "_id": null,
            "model": "san volume controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.4.1.3"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.18"
          },
          {
            "_id": null,
            "model": "oncommand performance manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netapp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "flex system en2092 1gb ethernet scalable switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.8.12.0"
          },
          {
            "_id": null,
            "model": "project openssl 1.0.1e",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "version control repository manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.2.2"
          },
          {
            "_id": null,
            "model": "hsr6602 (comware r3303p28",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5)"
          },
          {
            "_id": null,
            "model": "ru r3303p28.ru",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "66025"
          },
          {
            "_id": null,
            "model": "system networking rackswitch g8264",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.9.15.0"
          },
          {
            "_id": null,
            "model": "rational requisitepro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.3.15"
          },
          {
            "_id": null,
            "model": "security access manager for mobile",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.5"
          },
          {
            "_id": null,
            "model": "fortiauthenticator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fortinet",
            "version": "0"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.4"
          },
          {
            "_id": null,
            "model": "insight control",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.3"
          },
          {
            "_id": null,
            "model": "xcode",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "1.5"
          },
          {
            "_id": null,
            "model": "project openssl 1.0.1a",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "fortimanager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fortinet",
            "version": "5.2.1"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.1.6"
          },
          {
            "_id": null,
            "model": "security access manager for web",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.4"
          },
          {
            "_id": null,
            "model": "rational requisitepro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.2.13"
          },
          {
            "_id": null,
            "model": "storwize unified",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70001.5.0.1"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.1.2"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.2.15"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "qradar incident forensics",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2"
          },
          {
            "_id": null,
            "model": "sonas",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.5.2.0"
          },
          {
            "_id": null,
            "model": "security network controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.0.1209"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70007.5"
          },
          {
            "_id": null,
            "model": "9.3-release-p31",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "hp870 (comware r2607p51",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5)"
          },
          {
            "_id": null,
            "model": "power hmc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.4.0.0"
          },
          {
            "_id": null,
            "model": "systems insight manager 7.3.0a",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "msr (comware r2516",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "30-165)"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70007.5.0.2"
          },
          {
            "_id": null,
            "model": "security access manager for mobile",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.3"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.5"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v37006.4.19"
          },
          {
            "_id": null,
            "model": "insight control server provisioning",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.5.1"
          },
          {
            "_id": null,
            "model": "security network controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.0.3361"
          },
          {
            "_id": null,
            "model": "10.1-release-p5",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.1.1"
          },
          {
            "_id": null,
            "model": "xcode",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "4500g (comware r2221p22",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5)"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v50007.5.0.6"
          },
          {
            "_id": null,
            "model": "flex system fc3171 8gb san pass-thru",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.1"
          },
          {
            "_id": null,
            "model": "business process manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.5"
          },
          {
            "_id": null,
            "model": "xcode",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "4.3.1"
          },
          {
            "_id": null,
            "model": "security access manager for web",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.1.1"
          },
          {
            "_id": null,
            "model": "fortiswitch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fortinet",
            "version": "0"
          },
          {
            "_id": null,
            "model": "mobile foundation consumer edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.2.0.1"
          },
          {
            "_id": null,
            "model": "security network controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.0.3394"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70007.4.0.5"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.2.2"
          },
          {
            "_id": null,
            "model": "xcode",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "8"
          },
          {
            "_id": null,
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "xcode",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "2.3"
          },
          {
            "_id": null,
            "model": "9.3-release-p22",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "10.1-rc1-p1",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "email gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mcafee",
            "version": "7.6.2"
          },
          {
            "_id": null,
            "model": "flex system manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.3.4.0"
          },
          {
            "_id": null,
            "model": "netezza platform software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2.0.3"
          },
          {
            "_id": null,
            "model": "solaris",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.1.7"
          },
          {
            "_id": null,
            "model": "image construction and composition tool",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.3.1.0"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v35007.6.0.3"
          },
          {
            "_id": null,
            "model": "openscape uc application",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "unify",
            "version": "0"
          },
          {
            "_id": null,
            "model": "smartcloud provisioning",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.2.4"
          },
          {
            "_id": null,
            "model": "msr (comware r2516",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "30-1x5)"
          },
          {
            "_id": null,
            "model": "fortiadc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fortinet",
            "version": "3.2.1"
          },
          {
            "_id": null,
            "model": "(comware r2150",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "79007)"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v37001.1"
          },
          {
            "_id": null,
            "model": "infinity",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pexip",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "matrix operating environment",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.3"
          },
          {
            "_id": null,
            "model": "api management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "9.3-release-p10",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "9.3-release-p1",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "qradar siem",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70007.4"
          },
          {
            "_id": null,
            "model": "opensuse evergreen",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "11.4"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.5.4"
          },
          {
            "_id": null,
            "model": "infosphere master data management standard/advanced edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "11.5"
          },
          {
            "_id": null,
            "model": "mq light client module for node.js",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.0.2014091001"
          },
          {
            "_id": null,
            "model": "flashsystem 9843-ae1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "840"
          },
          {
            "_id": null,
            "model": "san volume controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.4.1.8"
          },
          {
            "_id": null,
            "model": "tealeaf customer experience",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.7"
          },
          {
            "_id": null,
            "model": "g8264cs si fabric image",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.8.12.0"
          },
          {
            "_id": null,
            "model": "bigfix platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.2"
          },
          {
            "_id": null,
            "model": "smb (comware r1110",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "16205)"
          },
          {
            "_id": null,
            "model": "project openssl 1.0.1g",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "systems insight manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "infinity",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pexip",
            "version": "10.1"
          },
          {
            "_id": null,
            "model": "infinity",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pexip",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v37007.2"
          },
          {
            "_id": null,
            "model": "flex system fabric cn4093 10gb converged scalable switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.8.12.0"
          },
          {
            "_id": null,
            "model": "systems insight manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.2.1"
          },
          {
            "_id": null,
            "model": "rational requisitepro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.1.4"
          },
          {
            "_id": null,
            "model": "flashsystem 9848-ae1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v840"
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.2.4"
          },
          {
            "_id": null,
            "model": "rational requisitepro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.1.5"
          },
          {
            "_id": null,
            "model": "system networking rackswitch g8264cs",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.8.12.0"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v50001.1"
          },
          {
            "_id": null,
            "model": "rational requisitepro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.16"
          },
          {
            "_id": null,
            "model": "rational requisitepro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.2.6"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.1.5"
          },
          {
            "_id": null,
            "model": "qradar siem patch ifix01",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2.44"
          },
          {
            "_id": null,
            "model": "storwize unified",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70001.5.0.2"
          },
          {
            "_id": null,
            "model": "qradar siem",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2"
          },
          {
            "_id": null,
            "model": "10.1-release-p17",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "xcode",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "3.2.4"
          },
          {
            "_id": null,
            "model": "system networking rackswitch g8124",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.9.16.0"
          },
          {
            "_id": null,
            "model": "mobile foundation enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.2.0.0"
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.2.0"
          },
          {
            "_id": null,
            "model": "initiate master data service patient hub",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.7"
          },
          {
            "_id": null,
            "model": "rational requisitepro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.210"
          },
          {
            "_id": null,
            "model": "project openssl 1.0.1i",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "rational requisitepro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.1.9"
          },
          {
            "_id": null,
            "model": "fortimail",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fortinet",
            "version": "0"
          },
          {
            "_id": null,
            "model": "forticlient",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fortinet",
            "version": "5.2.3.091"
          },
          {
            "_id": null,
            "model": "msr20 (comware r2516",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5)"
          },
          {
            "_id": null,
            "model": "rational requisitepro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.2.2"
          },
          {
            "_id": null,
            "model": "security network controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.0.913"
          },
          {
            "_id": null,
            "model": "xcode",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v37007.2.0.8"
          },
          {
            "_id": null,
            "model": "msr 50-g2 (comware r2516",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5)"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v35007.3.0.10"
          },
          {
            "_id": null,
            "model": "infosphere master data management patient hub",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "ctpview 7.3r1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "9.3-beta3-p2",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "storwize unified",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70001.5.0.0"
          },
          {
            "_id": null,
            "model": "xcode",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "3.1.1"
          },
          {
            "_id": null,
            "model": "security access manager for mobile",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.2"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.15"
          },
          {
            "_id": null,
            "model": "system networking rackswitch g8052",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.11.6.0"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70007.6.0.4"
          },
          {
            "_id": null,
            "model": "san volume controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2.0.5"
          },
          {
            "_id": null,
            "model": "mq light client module for node.js",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.0.2014090800"
          },
          {
            "_id": null,
            "model": "xcode",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "6.3"
          },
          {
            "_id": null,
            "model": "system networking rackswitch g8124-e",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.11.5.0"
          },
          {
            "_id": null,
            "model": "mobilefirst platform foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.3.0.0"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.211"
          },
          {
            "_id": null,
            "model": "10.2-release-p6",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "xcode",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70006.4.19"
          },
          {
            "_id": null,
            "model": "rational requisitepro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.4.6"
          },
          {
            "_id": null,
            "model": "si (comware r1517",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "51205)"
          },
          {
            "_id": null,
            "model": "version control repository manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.5.0"
          },
          {
            "_id": null,
            "model": "10.1-rc2-p3",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "(comware r7180",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "105007)"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70006.4"
          },
          {
            "_id": null,
            "model": "security access manager for web",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.1"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v35007.3"
          },
          {
            "_id": null,
            "model": "project openssl 1.0.2e",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "bigfix platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0.0.1"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.2.16"
          },
          {
            "_id": null,
            "model": "sonas",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.5.2.2"
          },
          {
            "_id": null,
            "model": "xcode",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "3.1.3"
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.14"
          },
          {
            "_id": null,
            "model": "san volume controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5"
          },
          {
            "_id": null,
            "model": "project openssl 1.0.1q",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "qlogic 8gb intelligent pass-thru module \u0026 san switch module for",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.10.1.38.00"
          },
          {
            "_id": null,
            "model": "san volume controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.2"
          },
          {
            "_id": null,
            "model": "icewall sso agent option",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "10"
          },
          {
            "_id": null,
            "model": "version control repository manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.3"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v50007.2.0.3"
          },
          {
            "_id": null,
            "model": "openscape common management port",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "unify",
            "version": "0"
          },
          {
            "_id": null,
            "model": "san volume controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2.0.3"
          },
          {
            "_id": null,
            "model": "fortiweb",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fortinet",
            "version": "5.2.1"
          },
          {
            "_id": null,
            "model": "initiate master data service",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.5"
          },
          {
            "_id": null,
            "model": "security network controller 1.0.3350m",
            "scope": null,
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "1/10gb uplink ethernet switch module",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.4.13.0"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v37007.2.0.3"
          },
          {
            "_id": null,
            "model": "rational requisitepro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.2.1"
          },
          {
            "_id": null,
            "model": "power hmc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.3.0.0"
          },
          {
            "_id": null,
            "model": "matrix operating environment",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.5"
          },
          {
            "_id": null,
            "model": "netezza platform software 7.2.0.4-p2",
            "scope": null,
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v50007.3.0.10"
          },
          {
            "_id": null,
            "model": "security access manager for web",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.03"
          },
          {
            "_id": null,
            "model": "flex system manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.2"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v35006.4.1.8"
          },
          {
            "_id": null,
            "model": "sonas",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.5.2.1"
          },
          {
            "_id": null,
            "model": "flex system manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.3.1"
          },
          {
            "_id": null,
            "model": "(comware r7180",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "75007)"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70006.4.1.8"
          },
          {
            "_id": null,
            "model": "system networking rackswitch g8316",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.9.15.0"
          },
          {
            "_id": null,
            "model": "oncommand report",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netapp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70006.1"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.213"
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.0.11"
          },
          {
            "_id": null,
            "model": "rational requisitepro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.3.12"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v50006.4"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.17"
          },
          {
            "_id": null,
            "model": "qlogic 8gb intelligent pass-thru module \u0026 san switch module for",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.10"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v37007.4.0.7"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.13"
          },
          {
            "_id": null,
            "model": "cognos insight",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.2.1"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v35007.1"
          },
          {
            "_id": null,
            "model": "storwize unified",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70001.5.1.0"
          },
          {
            "_id": null,
            "model": "flex system manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.3.0.1"
          },
          {
            "_id": null,
            "model": "matrix operating environment",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.2.2"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.2.3"
          },
          {
            "_id": null,
            "model": "imc uam tam e0406",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.1"
          },
          {
            "_id": null,
            "model": "system networking rackswitch g8124-e",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.9.15.0"
          },
          {
            "_id": null,
            "model": "rational requisitepro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.3.9"
          },
          {
            "_id": null,
            "model": "bladesystem c-class virtual connect",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "4.30"
          },
          {
            "_id": null,
            "model": "xcode",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "3.1.4"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v35007.4"
          },
          {
            "_id": null,
            "model": "netezza platform software 7.1.0.8-p1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.3.4"
          },
          {
            "_id": null,
            "model": "infinity",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pexip",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "systems insight manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.3.1"
          },
          {
            "_id": null,
            "model": "(comware r5319p15",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "36105)"
          },
          {
            "_id": null,
            "model": "initiate master data service",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.1"
          },
          {
            "_id": null,
            "model": "bundle of g8264cs image",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.8.13.0"
          },
          {
            "_id": null,
            "model": "rational requisitepro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.1.1"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.16"
          },
          {
            "_id": null,
            "model": "fortisandbox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fortinet",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "openscape voice trace manage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "unify",
            "version": "0"
          },
          {
            "_id": null,
            "model": "xcode",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "7.1"
          },
          {
            "_id": null,
            "model": "storwize unified",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70001.5.2.3"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.28"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v50007.5.0.7"
          },
          {
            "_id": null,
            "model": "msr2000 (comware r0306p12",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7)"
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.0.13"
          },
          {
            "_id": null,
            "model": "tealeaf customer experience",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "vcx",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "bigfix remote control",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.1.2"
          },
          {
            "_id": null,
            "model": "fortios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fortinet",
            "version": "5.2.3"
          },
          {
            "_id": null,
            "model": "linux ia-64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "san volume controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.4.0.7"
          },
          {
            "_id": null,
            "model": "ei (comware r2221p22",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "51205)"
          },
          {
            "_id": null,
            "model": "openscape desk phone ip hf r0.28",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "unify",
            "version": "v3"
          },
          {
            "_id": null,
            "model": "flex system fc3171 8gb san pass-thru",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.1.8.01.00"
          },
          {
            "_id": null,
            "model": "security access manager for web",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v35007.5"
          },
          {
            "_id": null,
            "model": "xcode",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "6.0.1"
          },
          {
            "_id": null,
            "model": "insight control",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.2"
          },
          {
            "_id": null,
            "model": "san volume controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.0.7"
          },
          {
            "_id": null,
            "model": "worklight consumer edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.0.0"
          },
          {
            "_id": null,
            "model": "cognos insight",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.2"
          },
          {
            "_id": null,
            "model": "system networking rackswitch g8264t",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.9.15.0"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v37006.1"
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.3.2"
          },
          {
            "_id": null,
            "model": "1/10gb uplink ethernet switch module",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.8.23.0"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70007.4.0.7"
          },
          {
            "_id": null,
            "model": "proventia network enterprise scanner",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.3"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.06"
          },
          {
            "_id": null,
            "model": "infinity",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pexip",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "security network controller 1.0.3387m",
            "scope": null,
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "virtual fabric 10gb switch module",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.8.8.0"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.1.4"
          },
          {
            "_id": null,
            "model": "xcode",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "7.2"
          },
          {
            "_id": null,
            "model": "mobile foundation consumer edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.2.0.0"
          },
          {
            "_id": null,
            "model": "9.3-rc",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "san volume controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.3.0.12"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v35007.4.0.9"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v37007.4.0.6"
          },
          {
            "_id": null,
            "model": "security network controller 1.0.3379m",
            "scope": null,
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "9.3-beta1",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "rational requisitepro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.0.2"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v50007.2.0.8"
          },
          {
            "_id": null,
            "model": "10.2-rc2-p1",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v37007.4"
          },
          {
            "_id": null,
            "model": "systems insight manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.2.2"
          },
          {
            "_id": null,
            "model": "netezza platform software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2.0.7"
          },
          {
            "_id": null,
            "model": "rational requisitepro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.2.17"
          },
          {
            "_id": null,
            "model": "10.1-rc2-p1",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "6125xlg r2432p01",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v50007.5"
          },
          {
            "_id": null,
            "model": "rational requisitepro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.1.2"
          },
          {
            "_id": null,
            "model": "10.1-release",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "systems insight manager",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.5.1"
          },
          {
            "_id": null,
            "model": "infosphere master data management provider hub",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "san volume controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.3.0.10"
          },
          {
            "_id": null,
            "model": "bladesystem c-class virtual connect",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "4.50"
          },
          {
            "_id": null,
            "model": "(comware r2432p01",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "59007)"
          },
          {
            "_id": null,
            "model": "initiate master data service",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.7"
          },
          {
            "_id": null,
            "model": "hsr6800 (comware r7103p09",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7)"
          },
          {
            "_id": null,
            "model": "f5000-a (comware f3210p26",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5)"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v37007.1.0.6"
          },
          {
            "_id": null,
            "model": "9.3-release-p2",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "flex system fabric si4093 system interconnect module",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.8.13.0"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v35007.4.0.5"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.1.8"
          },
          {
            "_id": null,
            "model": "10.1-release-p1",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "9.3-stable",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "san volume controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2.0.8"
          },
          {
            "_id": null,
            "model": "smartcloud provisioning",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.1.0.4"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v50007.2"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v37007.4.0.5"
          },
          {
            "_id": null,
            "model": "systems insight manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5.3"
          },
          {
            "_id": null,
            "model": "sonas",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.5.2.4"
          },
          {
            "_id": null,
            "model": "10.1-release-p9",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v37007.5.0.2"
          },
          {
            "_id": null,
            "model": "si4093 image",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.8.12.0"
          },
          {
            "_id": null,
            "model": "imc inode e0407",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.2"
          },
          {
            "_id": null,
            "model": "qradar siem patch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2.34"
          },
          {
            "_id": null,
            "model": "project openssl 1.0.1c",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "storwize 6.4storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v3500v3700"
          },
          {
            "_id": null,
            "model": "smartcloud entry appliance fixpac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "xcode",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "4.3.2"
          },
          {
            "_id": null,
            "model": "system networking rackswitch g8332",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.7.21.0"
          },
          {
            "_id": null,
            "model": "netezza platform software 7.1.0.4-p1",
            "scope": null,
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "openscape voice r1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "unify",
            "version": "v7"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.5"
          },
          {
            "_id": null,
            "model": "system networking rackswitch g8124",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.11.5.0"
          },
          {
            "_id": null,
            "model": "security network controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.0.1768"
          },
          {
            "_id": null,
            "model": "flex system fabric en4093r 10gb scalable switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.8.12.0"
          },
          {
            "_id": null,
            "model": "9.3-rc2-p1",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "security access manager for mobile",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.1"
          },
          {
            "_id": null,
            "model": "rational requisitepro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.38"
          },
          {
            "_id": null,
            "model": "security access manager for web",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.5"
          },
          {
            "_id": null,
            "model": "project openssl 1.0.1f",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl 1.0.2a",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "solaris",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.3"
          },
          {
            "_id": null,
            "model": "altavault",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netapp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "netezza platform software 7.2.0.4-p3",
            "scope": null,
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "san volume controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.4.0.8"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.2.4.1"
          },
          {
            "_id": null,
            "model": "fortimanager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fortinet",
            "version": "5.2.3"
          },
          {
            "_id": null,
            "model": "10.2-rc1-p1",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "worklight enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.0.0"
          },
          {
            "_id": null,
            "model": "rational requisitepro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.2.12"
          },
          {
            "_id": null,
            "model": "fortiweb",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fortinet",
            "version": "5.3.3"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70007.4.0.9"
          },
          {
            "_id": null,
            "model": "netezza platform software 7.2.1.1-p1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "qradar siem patch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2.41"
          },
          {
            "_id": null,
            "model": "smb1910 (comware r1113",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5)"
          },
          {
            "_id": null,
            "model": "san volume controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.4.0.6"
          },
          {
            "_id": null,
            "model": "netezza diagnostics tools",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.3.1.2"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70007.3.0.10"
          },
          {
            "_id": null,
            "model": "hi (comware r5501p21",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "55005)"
          },
          {
            "_id": null,
            "model": "flex system en2092 1gb ethernet scalable switch",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.8.13.0"
          },
          {
            "_id": null,
            "model": "initiate master data service",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "security access manager for mobile",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.4"
          },
          {
            "_id": null,
            "model": "10.1-beta1-p1",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "freebsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "fortiweb",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fortinet",
            "version": "5.3.4"
          },
          {
            "_id": null,
            "model": "9.3-release-p3",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "matrix operating environment",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.3.2"
          },
          {
            "_id": null,
            "model": "rational requisitepro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.2.9"
          },
          {
            "_id": null,
            "model": "security access manager for web",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.1.3"
          },
          {
            "_id": null,
            "model": "xcode",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "security access manager for mobile",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.1.2"
          },
          {
            "_id": null,
            "model": "qradar incident forensics patch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2.53"
          },
          {
            "_id": null,
            "model": "san volume controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.3"
          },
          {
            "_id": null,
            "model": "security access manager for mobile",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "virtual fabric 10gb switch module",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.8.22.0"
          },
          {
            "_id": null,
            "model": "insight control",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.4"
          },
          {
            "_id": null,
            "model": "san volume controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.3.1.7"
          },
          {
            "_id": null,
            "model": "worklight consumer edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.0.2"
          },
          {
            "_id": null,
            "model": "system networking rackswitch g8124",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.9.15.0"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70007.2"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v37007.3.0.10"
          },
          {
            "_id": null,
            "model": "fortirecorder",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fortinet",
            "version": "2.0.1"
          },
          {
            "_id": null,
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "1.0.2"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70007.3.0.12"
          },
          {
            "_id": null,
            "model": "mobilefirst platform foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.0.0"
          },
          {
            "_id": null,
            "model": "comware",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "70"
          },
          {
            "_id": null,
            "model": "cognos tm1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.1.0"
          },
          {
            "_id": null,
            "model": "flex system manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.3.0"
          },
          {
            "_id": null,
            "model": "msr (comware r2516",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "9xx5)"
          },
          {
            "_id": null,
            "model": "xcode",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "3.1.2"
          },
          {
            "_id": null,
            "model": "system networking rackswitch g8264",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.11.6.0"
          },
          {
            "_id": null,
            "model": "hp850 (comware r2607p51",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5)"
          },
          {
            "_id": null,
            "model": "project openssl 1.0.2d",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "imc wsm e0502p04",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.2"
          },
          {
            "_id": null,
            "model": "xcode",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "4.0.2"
          },
          {
            "_id": null,
            "model": "6127xlg r2432p01",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "xcode",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "4.2"
          },
          {
            "_id": null,
            "model": "linux mips",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "a6600 (comware r3303p28",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5)"
          },
          {
            "_id": null,
            "model": "(comware r1810p03",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "58005)"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70007.3"
          },
          {
            "_id": null,
            "model": "email gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mcafee",
            "version": "7.6.3.2"
          },
          {
            "_id": null,
            "model": "security access manager for mobile",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.1.1"
          },
          {
            "_id": null,
            "model": "moonshot r2432p01",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "san volume controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.0.3"
          },
          {
            "_id": null,
            "model": "netezza platform software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.0.8"
          },
          {
            "_id": null,
            "model": "infinity",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "pexip",
            "version": "11.1"
          },
          {
            "_id": null,
            "model": "9.3-beta1-p1",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "rational requisitepro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.31"
          },
          {
            "_id": null,
            "model": "9.3-release-p25",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "fortirecorder",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fortinet",
            "version": "1.5"
          },
          {
            "_id": null,
            "model": "flashsystem 9848-ac1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v840"
          },
          {
            "_id": null,
            "model": "flashsystem 9840-ae2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "840"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70007.5.0.7"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v37007.4.0.9"
          },
          {
            "_id": null,
            "model": "rational requisitepro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.34"
          },
          {
            "_id": null,
            "model": "rational requisitepro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.2.7"
          },
          {
            "_id": null,
            "model": "version control repository manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.4.1"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70006.3"
          },
          {
            "_id": null,
            "model": "openscape sbc r",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "unify",
            "version": "v7"
          },
          {
            "_id": null,
            "model": "cognos tm1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.2.2"
          },
          {
            "_id": null,
            "model": "security network controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.0.3387"
          },
          {
            "_id": null,
            "model": "version control repository manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.2"
          },
          {
            "_id": null,
            "model": "mq light client module for node.js",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.0.2014090300"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v50007.4.0.6"
          },
          {
            "_id": null,
            "model": "xcode",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "4.4"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v50007.4.0.9"
          },
          {
            "_id": null,
            "model": "10.2-beta2-p2",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "netezza platform software 7.1.0.5-p3",
            "scope": null,
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "email gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mcafee",
            "version": "7.6.1"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v37007.5.0.7"
          },
          {
            "_id": null,
            "model": "security network controller 1.0.3352m",
            "scope": null,
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "xcode",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.1.0"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.2.14"
          },
          {
            "_id": null,
            "model": "openscape alarm respons",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "unify",
            "version": "0"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.14"
          },
          {
            "_id": null,
            "model": "san volume controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.6.0.3"
          },
          {
            "_id": null,
            "model": "systems insight manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.5.0"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70007.5.0.6"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.1.1"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.13"
          },
          {
            "_id": null,
            "model": "flex system manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.3.20"
          },
          {
            "_id": null,
            "model": "matrix operating environment",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.4"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v35007.4.0.7"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.1"
          },
          {
            "_id": null,
            "model": "forticlient",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fortinet",
            "version": "5.2.4.0650"
          },
          {
            "_id": null,
            "model": "smartcloud entry",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "san volume controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "flex system fc3171 8gb san switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.1"
          },
          {
            "_id": null,
            "model": "san volume controller",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.0.7"
          },
          {
            "_id": null,
            "model": "tealeaf customer experience",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "infinity",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pexip",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "san volume controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.0.6"
          },
          {
            "_id": null,
            "model": "project openssl 1.0.1n",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v50007.4.0.5"
          },
          {
            "_id": null,
            "model": "infosphere master data management standard/advanced edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "11.0"
          },
          {
            "_id": null,
            "model": "flashsystem 9846-ae1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v840"
          },
          {
            "_id": null,
            "model": "systems insight manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.3"
          },
          {
            "_id": null,
            "model": "project openssl 1.0.1o",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "integration bus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9"
          },
          {
            "_id": null,
            "model": "xcode",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "3.2.5"
          },
          {
            "_id": null,
            "model": "ei (comware r2221p22",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "55005)"
          },
          {
            "_id": null,
            "model": "5510hi (comware r1120",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7)"
          },
          {
            "_id": null,
            "model": "xcode",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "7.3.1"
          },
          {
            "_id": null,
            "model": "g8264cs si fabric image",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.8.13.0"
          },
          {
            "_id": null,
            "model": "rational requisitepro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.3.16"
          },
          {
            "_id": null,
            "model": "bladesystem c-class virtual connect",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "4.45"
          },
          {
            "_id": null,
            "model": "workload deployer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.17"
          },
          {
            "_id": null,
            "model": "rational requisitepro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.18"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v35007.4.0.8"
          },
          {
            "_id": null,
            "model": "10.1-beta3-p1",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "freebsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "10.1"
          },
          {
            "_id": null,
            "model": "msr1000 (comware r0306p12",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7)"
          },
          {
            "_id": null,
            "model": "rational requisitepro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.4.3"
          },
          {
            "_id": null,
            "model": "integration bus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10"
          },
          {
            "_id": null,
            "model": "vsr (comware e0322p01",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7)"
          },
          {
            "_id": null,
            "model": "openscape r",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "unify",
            "version": "4000v7"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.0.1"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v37007.5.0.3"
          },
          {
            "_id": null,
            "model": "manageability sdk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netapp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.1"
          },
          {
            "_id": null,
            "model": "flex system fabric cn4093 10gb converged scalable switch",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.8.13.0"
          },
          {
            "_id": null,
            "model": "version control repository manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.3.2"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.4.1"
          },
          {
            "_id": null,
            "model": "power hmc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.9.0.0"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.2.18"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.2"
          },
          {
            "_id": null,
            "model": "flashsystem 9846-ac0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v840"
          },
          {
            "_id": null,
            "model": "storwize unified",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70001.5.2.0"
          },
          {
            "_id": null,
            "model": "rational requisitepro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.4.7"
          },
          {
            "_id": null,
            "model": "system networking rackswitch g8264cs",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.8.13.0"
          },
          {
            "_id": null,
            "model": "wx5004-ei (comware r2507p44",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5)"
          },
          {
            "_id": null,
            "model": "10.1-rc3-p1",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "system networking rackswitch g8052",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.9.16.0"
          },
          {
            "_id": null,
            "model": "rational requisitepro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.2.15"
          },
          {
            "_id": null,
            "model": "mq light client module for node.js",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.0.2014111002"
          },
          {
            "_id": null,
            "model": "san volume controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.4.19"
          },
          {
            "_id": null,
            "model": "fortiap",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fortinet",
            "version": "0"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v35007.2.0.5"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.13"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v35006.1"
          },
          {
            "_id": null,
            "model": "openscape r1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "unify",
            "version": "4000v7"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v37007.3.0.12"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70007.4.0.6"
          },
          {
            "_id": null,
            "model": "xcode",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "6.2"
          },
          {
            "_id": null,
            "model": "email gateway",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "mcafee",
            "version": "7.6.404"
          },
          {
            "_id": null,
            "model": "openscape sbc r",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "unify",
            "version": "v8"
          },
          {
            "_id": null,
            "model": "insight control server provisioning",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.5.0"
          },
          {
            "_id": null,
            "model": "insight control server provisioning",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.4.0"
          },
          {
            "_id": null,
            "model": "9.3-prerelease",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "4800g (comware r2221p22",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5)"
          },
          {
            "_id": null,
            "model": "(comware r3113p02",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "51307)"
          },
          {
            "_id": null,
            "model": "9.3-release-p21",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "smb1920 (comware r1112",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5)"
          },
          {
            "_id": null,
            "model": "smartcloud provisioning",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.1.0.1"
          },
          {
            "_id": null,
            "model": "9.3-release-p24",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "tealeaf customer experience",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.8"
          },
          {
            "_id": null,
            "model": "1/10gb uplink ethernet switch module",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.4.12.0"
          },
          {
            "_id": null,
            "model": "10.1-release-p19",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v37007.3.0.5"
          },
          {
            "_id": null,
            "model": "openstage desk phone ip si r3.32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "unify",
            "version": "v3"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.5.5"
          },
          {
            "_id": null,
            "model": "rational requisitepro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.35"
          },
          {
            "_id": null,
            "model": "security access manager for web",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.1.0"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.010"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.3"
          },
          {
            "_id": null,
            "model": "infinity",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pexip",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.0.10"
          },
          {
            "_id": null,
            "model": "smartcloud entry appliance fixpac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.2"
          },
          {
            "_id": null,
            "model": "u200s and cs (comware f5123p33",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5)"
          },
          {
            "_id": null,
            "model": "systems insight manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "9.3-release-p13",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.23"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.3.2"
          },
          {
            "_id": null,
            "model": "10.1-prerelease",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "(comware r2432p01",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "57007)"
          },
          {
            "_id": null,
            "model": "fortivoiceos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fortinet",
            "version": "0"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v35006.4.19"
          },
          {
            "_id": null,
            "model": "san volume controller",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.4.0.9"
          },
          {
            "_id": null,
            "model": "fortisandbox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fortinet",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "xcode",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "4.2.1"
          },
          {
            "_id": null,
            "model": "msr4000 (comware r0306p12",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7)"
          },
          {
            "_id": null,
            "model": "icewall sso dfw",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "initiate master data service provider hub",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.5"
          },
          {
            "_id": null,
            "model": "hp6000 (comware r2507p44",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5)"
          },
          {
            "_id": null,
            "model": "xcode",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "(comware r1118p13",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "58305)"
          },
          {
            "_id": null,
            "model": "rational requisitepro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.2.4"
          },
          {
            "_id": null,
            "model": "infinity",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pexip",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "smartcloud entry appliance fix pack",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.11"
          },
          {
            "_id": null,
            "model": "netezza diagnostics tools",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.3.1.1"
          },
          {
            "_id": null,
            "model": "fortisandbox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fortinet",
            "version": "2.0.2"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v37007.6.0.4"
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.3.3"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.9"
          },
          {
            "_id": null,
            "model": "version control repository manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.4"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "version control repository manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.3.3"
          },
          {
            "_id": null,
            "model": "intelligent management center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "rse ru r3303p28.ru",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "66005"
          },
          {
            "_id": null,
            "model": "infosphere master data management standard/advanced edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "11.3"
          },
          {
            "_id": null,
            "model": "fortios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fortinet",
            "version": "5.2.2"
          },
          {
            "_id": null,
            "model": "xcode",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "3.2.3"
          },
          {
            "_id": null,
            "model": "rpe ru r3303p28.ru",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "66005"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v50007.6.0.3"
          },
          {
            "_id": null,
            "model": "(comware r5213p01",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "3100v25)"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70007.6.0.3"
          },
          {
            "_id": null,
            "model": "storwize unified",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70001.5.2.4"
          },
          {
            "_id": null,
            "model": "mq light client module for node.js 1.0.2014091000-red",
            "scope": null,
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "rational requisitepro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.2.8"
          },
          {
            "_id": null,
            "model": "power hmc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.2.0.0"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.1.7"
          },
          {
            "_id": null,
            "model": "9.3-rc2",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "9.3-rc3-p1",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "rational requisitepro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.17"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v35007.6.0.4"
          },
          {
            "_id": null,
            "model": "business process manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.6"
          },
          {
            "_id": null,
            "model": "vcx",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "9.8.19"
          },
          {
            "_id": null,
            "model": "smartcloud provisioning",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.1.0.5"
          },
          {
            "_id": null,
            "model": "san volume controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.0.5"
          },
          {
            "_id": null,
            "model": "fortios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fortinet",
            "version": "5.2.1"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v37007.4.0.8"
          },
          {
            "_id": null,
            "model": "smartcloud entry appliance fix pack",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.21"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v35006.4"
          },
          {
            "_id": null,
            "model": "sonas",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.5.1.3"
          },
          {
            "_id": null,
            "model": "netezza platform software 7.1.0.5-p2",
            "scope": null,
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v50007.3"
          },
          {
            "_id": null,
            "model": "qradar incident forensics",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2.2"
          },
          {
            "_id": null,
            "model": "flex system fc3171 8gb san switch",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.1.8.01.00"
          },
          {
            "_id": null,
            "model": "ctpview",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "juniper",
            "version": "7.3"
          },
          {
            "_id": null,
            "model": "xcode",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "3.2.1"
          },
          {
            "_id": null,
            "model": "security identity governance and intelligence",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.2"
          },
          {
            "_id": null,
            "model": "netezza platform software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.0.1"
          },
          {
            "_id": null,
            "model": "(comware r7377",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "125007)"
          },
          {
            "_id": null,
            "model": "websphere mq for hp nonstop server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.3.1.11"
          },
          {
            "_id": null,
            "model": "rational requisitepro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.3.10"
          },
          {
            "_id": null,
            "model": "fortiweb",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fortinet",
            "version": "5.3.5"
          },
          {
            "_id": null,
            "model": "security network controller 1.0.3394m",
            "scope": null,
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "security network controller 1.0.3381m",
            "scope": null,
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "xcode",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "4.1.1"
          },
          {
            "_id": null,
            "model": "comware",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "50"
          },
          {
            "_id": null,
            "model": "system networking rackswitch g8124-e",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.11.6.0"
          },
          {
            "_id": null,
            "model": "flex system manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.1"
          },
          {
            "_id": null,
            "model": "rational requisitepro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.37"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.4"
          },
          {
            "_id": null,
            "model": "9.3-rc1-p2",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "10.1-rc4-p1",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v35007.3.0.12"
          },
          {
            "_id": null,
            "model": "imc plat e0403p04",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.2"
          },
          {
            "_id": null,
            "model": "flashsystem 9843-ae2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "840"
          },
          {
            "_id": null,
            "model": "xcode",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "2.2"
          },
          {
            "_id": null,
            "model": "qlogic virtual fabric extension module for ibm bladecenter",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0.3.16.00"
          },
          {
            "_id": null,
            "model": "version control repository manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.3.1"
          },
          {
            "_id": null,
            "model": "websphere mq",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.3"
          },
          {
            "_id": null,
            "model": "sonas",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.5.2.3"
          },
          {
            "_id": null,
            "model": "email gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mcafee",
            "version": "7.6.4"
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.0.12"
          },
          {
            "_id": null,
            "model": "sterling connect:direct for unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v37007.2.0.5"
          },
          {
            "_id": null,
            "model": "matrix operating environment",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.2"
          },
          {
            "_id": null,
            "model": "rational requisitepro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.211"
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.1.1"
          },
          {
            "_id": null,
            "model": "project openssl 1.0.1m",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.1.4"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.1.5"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70007.1.0.5"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.2.6"
          },
          {
            "_id": null,
            "model": "xcode",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "4.3"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70006.2"
          },
          {
            "_id": null,
            "model": "email gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mcafee",
            "version": "7.6.3.1"
          },
          {
            "_id": null,
            "model": "flex system fabric en4093r 10gb scalable switch",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.8.13.0"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v35007.3.0.5"
          },
          {
            "_id": null,
            "model": "rational requisitepro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.2.16"
          },
          {
            "_id": null,
            "model": "10.1-release-p6",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "forticlient",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fortinet",
            "version": "5.2.3.633"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.1.9"
          },
          {
            "_id": null,
            "model": "openscape branch r",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "unify",
            "version": "v7"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.1"
          },
          {
            "_id": null,
            "model": "initiate master data service provider hub",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.7"
          },
          {
            "_id": null,
            "model": "virtual fabric 10gb switch module",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.8.23.0"
          },
          {
            "_id": null,
            "model": "rational requisitepro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.1.3"
          },
          {
            "_id": null,
            "model": "10.2-beta2-p3",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "smartcloud entry",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.2"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.2.2"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70007.2.0.3"
          },
          {
            "_id": null,
            "model": "sonas",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.5.0.0"
          },
          {
            "_id": null,
            "model": "xcode",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "(comware r1517p01",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "v19105)"
          },
          {
            "_id": null,
            "model": "hp830 (comware r3507p51",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5)"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.1.2"
          },
          {
            "_id": null,
            "model": "san volume controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.1"
          },
          {
            "_id": null,
            "model": "systems insight manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.1.1"
          },
          {
            "_id": null,
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "1.0.1"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.1.11"
          },
          {
            "_id": null,
            "model": "msr (comware r2516",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "505)"
          },
          {
            "_id": null,
            "model": "hsr6800 (comware r3303p28",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5)"
          },
          {
            "_id": null,
            "model": "puredata system for analytics",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "rational requisitepro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.3.13"
          },
          {
            "_id": null,
            "model": "fortimanager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fortinet",
            "version": "5.2.2"
          },
          {
            "_id": null,
            "model": "forticlient ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fortinet",
            "version": "5.2.1"
          },
          {
            "_id": null,
            "model": "system networking rackswitch g8264t",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.9.16.0"
          },
          {
            "_id": null,
            "model": "10.2-release-p8",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.2.6"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.3"
          },
          {
            "_id": null,
            "model": "linux s/390",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "rational requisitepro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.41"
          },
          {
            "_id": null,
            "model": "forticlient android",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fortinet",
            "version": "5.2.6"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70007.5.0.3"
          },
          {
            "_id": null,
            "model": "project openssl 1.0.1j",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.3.1"
          },
          {
            "_id": null,
            "model": "si4093 image",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.8.13.0"
          },
          {
            "_id": null,
            "model": "rational requisitepro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.3.17"
          },
          {
            "_id": null,
            "model": "infinity",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pexip",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v50007.4"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v37006.4.1.8"
          },
          {
            "_id": null,
            "model": "san volume controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.0.6"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.7"
          },
          {
            "_id": null,
            "model": "version control repository manager",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.5.1"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v35007.2.0.3"
          },
          {
            "_id": null,
            "model": "xcode",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "u200a and m (comware f5123p33",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5)"
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2"
          },
          {
            "_id": null,
            "model": "openscape desk phone ip si r3.32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "unify",
            "version": "v3"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v50007.1.0.7"
          },
          {
            "_id": null,
            "model": "system networking rackswitch g8052",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.11.5.0"
          },
          {
            "_id": null,
            "model": "initiate master data service patient hub",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.5"
          },
          {
            "_id": null,
            "model": "flashsystem 9840-ae1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "840"
          },
          {
            "_id": null,
            "model": "systems insight manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.2"
          },
          {
            "_id": null,
            "model": "sterling connect:direct for unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.1"
          },
          {
            "_id": null,
            "model": "sonas",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.5.0.1"
          },
          {
            "_id": null,
            "model": "netezza platform software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.12"
          },
          {
            "_id": null,
            "model": "xcode",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "7.3"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70007.3.0.5"
          },
          {
            "_id": null,
            "model": "project openssl 1.0.1d",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "ctpview 7.1r3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "security access manager for web",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.1.2"
          },
          {
            "_id": null,
            "model": "hsr6602 ru r3303p28.ru",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5"
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.1.9"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.2.1"
          },
          {
            "_id": null,
            "model": "ctpview 7.1r2",
            "scope": null,
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "security network controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.0.3381"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70007.1.0.6"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v37007.1.0.7"
          },
          {
            "_id": null,
            "model": "fortios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fortinet",
            "version": "5.0.0"
          },
          {
            "_id": null,
            "model": "rational requisitepro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.3.6"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v35007.1.0.6"
          },
          {
            "_id": null,
            "model": "(comware r1210p02",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "105005)"
          },
          {
            "_id": null,
            "model": "system networking rackswitch g8332",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.7.22.0"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v50007.5.0.2"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v37006.2"
          },
          {
            "_id": null,
            "model": "storwize unified",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70001.5.2.1"
          },
          {
            "_id": null,
            "model": "smartcloud entry appliance fixpac",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.2"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.12"
          },
          {
            "_id": null,
            "model": "matrix operating environment",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.2.1"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v50007.5.0.3"
          },
          {
            "_id": null,
            "model": "openscape voice r1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "unify",
            "version": "v8"
          },
          {
            "_id": null,
            "model": "security access manager for mobile",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.1.3"
          },
          {
            "_id": null,
            "model": "fortiweb",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fortinet",
            "version": "5.2.0"
          },
          {
            "_id": null,
            "model": "smartcloud provisioning",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.13"
          },
          {
            "_id": null,
            "model": "rational requisitepro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.2.3"
          },
          {
            "_id": null,
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v37007.6.0.3"
          },
          {
            "_id": null,
            "model": "security access manager for web",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.02"
          },
          {
            "_id": null,
            "model": "system networking rackswitch g8264",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.9.16.0"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v50006.1"
          },
          {
            "_id": null,
            "model": "fortianalyzer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fortinet",
            "version": "0"
          },
          {
            "_id": null,
            "model": "worklight consumer edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.0.1"
          },
          {
            "_id": null,
            "model": "nj5000 r1107",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "hsr6600 (comware r7103p09",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7)"
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.1.8"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v35007.5.0.3"
          },
          {
            "_id": null,
            "model": "san volume controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.4"
          },
          {
            "_id": null,
            "model": "system networking rackswitch g8052",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.9.15.0"
          },
          {
            "_id": null,
            "model": "systems insight manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.3.2"
          },
          {
            "_id": null,
            "model": "power hmc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.1.0.0"
          },
          {
            "_id": null,
            "model": "storwize unified",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70001.5.1.3"
          },
          {
            "_id": null,
            "model": "hsr6800 ru r3303p28.ru",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5"
          },
          {
            "_id": null,
            "model": "endpoint manager for remote control",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0.1"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "insight control server provisioning",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.4.1"
          },
          {
            "_id": null,
            "model": "bigfix platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.1"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.8"
          },
          {
            "_id": null,
            "model": "tivoli netcool reporter",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v50007.1"
          },
          {
            "_id": null,
            "model": "(comware r1829p02",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "125005)"
          },
          {
            "_id": null,
            "model": "cognos tm1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.2"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70007.1"
          },
          {
            "_id": null,
            "model": "qlogic virtual fabric extension module for ibm bladecenter",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "fortiweb",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fortinet",
            "version": "5.3.1"
          },
          {
            "_id": null,
            "model": "netezza platform software 7.2.0.7-p1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "insight control",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.5.1"
          },
          {
            "_id": null,
            "model": "xcode",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "2.4.1"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.3.3.1"
          },
          {
            "_id": null,
            "model": "security access manager for mobile",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.0"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v37006.4"
          },
          {
            "_id": null,
            "model": "system networking rackswitch g8124",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.11.6.0"
          },
          {
            "_id": null,
            "model": "security network controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.0.3376"
          },
          {
            "_id": null,
            "model": "qradar incident forensics patch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2.62"
          },
          {
            "_id": null,
            "model": "tealeaf customer experience",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0.1"
          },
          {
            "_id": null,
            "model": "netezza platform software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.12"
          },
          {
            "_id": null,
            "model": "server migration pack",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.5"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.2"
          },
          {
            "_id": null,
            "model": "xcode",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "3.2.2"
          },
          {
            "_id": null,
            "model": "worklight enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.0.2"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.0.2"
          },
          {
            "_id": null,
            "model": "10.2-stable",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "email gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mcafee",
            "version": "7.6.3"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v50006.3"
          },
          {
            "_id": null,
            "model": "insight control",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.5"
          },
          {
            "_id": null,
            "model": "9.3-release-p5",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "msr20-1x (comware r2516",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5)"
          },
          {
            "_id": null,
            "model": "msr3000 (comware r0306p12",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7)"
          },
          {
            "_id": null,
            "model": "san volume controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.4"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v37007.3"
          },
          {
            "_id": null,
            "model": "qradar siem patch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2.53"
          },
          {
            "_id": null,
            "model": "project openssl 1.0.1k",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "9500e (comware r1829p02",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5)"
          },
          {
            "_id": null,
            "model": "fortidb",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fortinet",
            "version": "0"
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.3"
          },
          {
            "_id": null,
            "model": "5130hi (comware r1120",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7)"
          },
          {
            "_id": null,
            "model": "5500si (comware r2221p22",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5)"
          },
          {
            "_id": null,
            "model": "flashsystem 9848-ac0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v840"
          },
          {
            "_id": null,
            "model": "netezza platform software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2"
          },
          {
            "_id": null,
            "model": "server migration pack",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.5.1"
          },
          {
            "_id": null,
            "model": "9.3-beta1-p2",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "tealeaf customer experience",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0.2"
          },
          {
            "_id": null,
            "model": "project openssl 1.0.1b",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.25"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v35006.2"
          },
          {
            "_id": null,
            "model": "san volume controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.3"
          },
          {
            "_id": null,
            "model": "san volume controller",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.6.0.4"
          },
          {
            "_id": null,
            "model": "version control repository manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.2.1"
          },
          {
            "_id": null,
            "model": "rational requisitepro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.33"
          },
          {
            "_id": null,
            "model": "openscape branch r1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "unify",
            "version": "v8"
          },
          {
            "_id": null,
            "model": "image construction and composition tool",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.3.2.0"
          },
          {
            "_id": null,
            "model": "storwize unified",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70001.5.2.2"
          },
          {
            "_id": null,
            "model": "smartcloud provisioning",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.12"
          },
          {
            "_id": null,
            "model": "systems insight manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.4"
          },
          {
            "_id": null,
            "model": "smartcloud entry appliance fixpac",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v35001.1"
          },
          {
            "_id": null,
            "model": "security access manager for mobile",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.1"
          },
          {
            "_id": null,
            "model": "security access manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70007.2.0.5"
          },
          {
            "_id": null,
            "model": "matrix operating environment",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.3.1"
          },
          {
            "_id": null,
            "model": "systems insight manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "4.2"
          },
          {
            "_id": null,
            "model": "fortiadc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fortinet",
            "version": "3.2"
          },
          {
            "_id": null,
            "model": "qradar siem patch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2.43"
          },
          {
            "_id": null,
            "model": "worklight enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.0.1"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v35007.5.0.6"
          },
          {
            "_id": null,
            "model": "infosphere master data management standard/advanced edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "11.4"
          },
          {
            "_id": null,
            "model": "qradar siem",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2.3"
          },
          {
            "_id": null,
            "model": "flashsystem 9846-ac1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v840"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v50006.2"
          },
          {
            "_id": null,
            "model": "msr (comware r2516",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "93x5)"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.18"
          },
          {
            "_id": null,
            "model": "netezza platform software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2.1.1"
          },
          {
            "_id": null,
            "model": "websphere mq advanced message security",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "-8.0.0.0"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.11"
          },
          {
            "_id": null,
            "model": "10.1-release-p23",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "fortiweb",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fortinet",
            "version": "5.1.4"
          },
          {
            "_id": null,
            "model": "xcode",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "4.0.1"
          },
          {
            "_id": null,
            "model": "bundle of g8264cs image",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.8.12.0"
          },
          {
            "_id": null,
            "model": "10.1-release-p16",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.11"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v35007.5.0.7"
          },
          {
            "_id": null,
            "model": "fortiap",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fortinet",
            "version": "5.0.8"
          },
          {
            "_id": null,
            "model": "san volume controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.3.0.5"
          },
          {
            "_id": null,
            "model": "rational requisitepro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.2.5"
          },
          {
            "_id": null,
            "model": "ctpview 7.1r1",
            "scope": null,
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "9.3-release-p6",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "(comware r3113p02",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "19507)"
          },
          {
            "_id": null,
            "model": "websphere message broker",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v50007.3.0.12"
          },
          {
            "_id": null,
            "model": "systems insight manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v35006.3"
          },
          {
            "_id": null,
            "model": "9.3-release-p9",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v35007.1.0.7"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.2.12"
          },
          {
            "_id": null,
            "model": "forticache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fortinet",
            "version": "0"
          },
          {
            "_id": null,
            "model": "project openssl 1.0.2c",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.2"
          },
          {
            "_id": null,
            "model": "fortiadc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fortinet",
            "version": "4.2"
          },
          {
            "_id": null,
            "model": "(comware r6710p02",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "75005)"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v50007.4.0.7"
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.2.5"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v37006.3"
          },
          {
            "_id": null,
            "model": "rational requisitepro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.4.9"
          },
          {
            "_id": null,
            "model": "fortiwan",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fortinet",
            "version": "0"
          },
          {
            "_id": null,
            "model": "mq light client module for node.js",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.0.2014090801"
          },
          {
            "_id": null,
            "model": "fortios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fortinet",
            "version": "5.2.4"
          },
          {
            "_id": null,
            "model": "security network controller 1.0.3376m",
            "scope": null,
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1"
          },
          {
            "_id": null,
            "model": "oncommand unified manager for clustered data ontap",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netapp",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.2.1"
          },
          {
            "_id": null,
            "model": "(comware r2111p01",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "3600v25)"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.2.9"
          },
          {
            "_id": null,
            "model": "linux ia-32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "security network controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.0.3379"
          },
          {
            "_id": null,
            "model": "fortimanager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fortinet",
            "version": "5.2"
          },
          {
            "_id": null,
            "model": "cognos insight",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.2.2"
          },
          {
            "_id": null,
            "model": "(comware r1150",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "129007)"
          },
          {
            "_id": null,
            "model": "matrix operating environment",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.5.1"
          },
          {
            "_id": null,
            "model": "websphere mq for hp nonstop server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.3.1.10"
          },
          {
            "_id": null,
            "model": "msr (comware r2516",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "305)"
          },
          {
            "_id": null,
            "model": "san volume controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1"
          },
          {
            "_id": null,
            "model": "project openssl 1.0.2b",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "fortiweb",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fortinet",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "10.1-release-p25",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "fortirecorder",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fortinet",
            "version": "1.4.2"
          },
          {
            "_id": null,
            "model": "flex system manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.2.1"
          },
          {
            "_id": null,
            "model": "systems insight manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.3"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "0"
          },
          {
            "_id": null,
            "model": "flex system manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.3.3.0"
          },
          {
            "_id": null,
            "model": "mobilefirst platform foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.0.0"
          },
          {
            "_id": null,
            "model": "mobile foundation enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.2.0.1"
          },
          {
            "_id": null,
            "model": "rational requisitepro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.2.14"
          },
          {
            "_id": null,
            "model": "flex system chassis management module 2pet",
            "scope": null,
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v35007.4.0.6"
          },
          {
            "_id": null,
            "model": "tealeaf customer experience",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.6"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70007.1.0.7"
          },
          {
            "_id": null,
            "model": "qradar incident forensics patch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2.41"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.3"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v35007.5.0.2"
          },
          {
            "_id": null,
            "model": "fortiddos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fortinet",
            "version": "0"
          },
          {
            "_id": null,
            "model": "rational requisitepro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.4.8"
          },
          {
            "_id": null,
            "model": "sonas",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.5.0.2"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.2.10"
          },
          {
            "_id": null,
            "model": "xcode",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "apple",
            "version": "8.1"
          },
          {
            "_id": null,
            "model": "sonas",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.5.1.0"
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.3.0"
          },
          {
            "_id": null,
            "model": "system networking rackswitch g8316",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.9.16.0"
          },
          {
            "_id": null,
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "flex system fabric si4093 system interconnect module",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.8.12.0"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v50007.1.0.6"
          },
          {
            "_id": null,
            "model": "san volume controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v37007.1"
          },
          {
            "_id": null,
            "model": "fortisandbox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fortinet",
            "version": "2.0.3"
          },
          {
            "_id": null,
            "model": "secblade fw (comware r3181p07",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5)"
          },
          {
            "_id": null,
            "model": "4210g (comware r2221p22",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5)"
          },
          {
            "_id": null,
            "model": "rational requisitepro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.32"
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.1.3"
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.2.7"
          },
          {
            "_id": null,
            "model": "system networking rackswitch g8264",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.11.5.0"
          },
          {
            "_id": null,
            "model": "systems insight manager 7.4.0a",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "systems insight manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.2"
          },
          {
            "_id": null,
            "model": "6125g/xg blade switch r2112p05",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v35007.2.0.8"
          },
          {
            "_id": null,
            "model": "project openssl 1.0.1l",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v50007.4.0.8"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v37007.5"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70007.4.0.8"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v50007.3.0.5"
          },
          {
            "_id": null,
            "model": "rational requisitepro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.0.1"
          },
          {
            "_id": null,
            "model": "9.3-release-p29",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "fortiweb",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fortinet",
            "version": "5.3.2"
          },
          {
            "_id": null,
            "model": "system networking rackswitch g8124-e",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.9.16.0"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70007.2.0.8"
          },
          {
            "_id": null,
            "model": "version control repository manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.3.4"
          },
          {
            "_id": null,
            "model": "rational requisitepro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.2.18"
          },
          {
            "_id": null,
            "model": "infinity",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pexip",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "xcode",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "4.3.3"
          },
          {
            "_id": null,
            "model": "oncommand unified manager host package",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netapp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "storwize",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v50007.6.0.4"
          },
          {
            "_id": null,
            "model": "project openssl 1.0.1h",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "10.2-prerelease",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "rational clearquest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.1.9"
          },
          {
            "_id": null,
            "model": "project openssl 1.0.1p",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "virtual fabric 10gb switch module",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.8.9.0"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "78623"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006115"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-3194"
          }
        ]
      },
      "configurations": {
        "_id": null,
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:openssl:openssl",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:oracle:mysql",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:oracle:secure_global_desktop",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:oracle:vm_virtualbox",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:oracle:primavera_p6_enterprise_project_portfolio_management",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:hp:insight_control",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:hp:matrix_operating_environment",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:hp:server_migration_pack",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:hp:systems_insight_manager",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:hp:version_control_repository_manager",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:hp:system_management_homepage",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006115"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "HP",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "137294"
          },
          {
            "db": "PACKETSTORM",
            "id": "137292"
          },
          {
            "db": "PACKETSTORM",
            "id": "137201"
          },
          {
            "db": "PACKETSTORM",
            "id": "136992"
          }
        ],
        "trust": 0.4
      },
      "cve": "CVE-2015-3194",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2015-3194",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2015-3194",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2015-3194",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2015-3194",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2015-3194",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "VULMON",
                "id": "CVE-2015-3194",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2015-3194"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006115"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-3194"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parameter. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. OpenSSL is prone to denial-of-service vulnerability. \nAn attacker may exploit this issue to crash the affected application; denying service to legitimate users. \n\nNOTE: WE ANTICIPATE THAT 1.0.0t AND 0.9.8zh WILL BE THE LAST RELEASES FOR THE\n0.9.8 AND 1.0.0 VERSIONS AND THAT NO MORE SECURITY FIXES WILL BE PROVIDED (AS\nPER PREVIOUS ANNOUNCEMENTS). USERS ARE ADVISED TO UPGRADE TO LATER VERSIONS. \n\nBN_mod_exp may produce incorrect results on x86_64 (CVE-2015-3193)\n==================================================================\n\nSeverity: Moderate\n\nThere is a carry propagating bug in the x86_64 Montgomery squaring procedure. No\nEC algorithms are affected. Analysis suggests that attacks against RSA and DSA\nas a result of this defect would be very difficult to perform and are not\nbelieved likely. Attacks against DH are considered just feasible (although very\ndifficult) because most of the work necessary to deduce information\nabout a private key may be performed offline. The amount of resources\nrequired for such an attack would be very significant and likely only\naccessible to a limited number of attackers. An attacker would\nadditionally need online access to an unpatched system using the target\nprivate key in a scenario with persistent DH parameters and a private\nkey that is shared between multiple clients. For example this can occur by\ndefault in OpenSSL DHE based SSL/TLS ciphersuites. \n\nThis issue affects OpenSSL version 1.0.2. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2e\n\nThis issue was reported to OpenSSL on August 13 2015 by Hanno\nB\u00f6ck. The fix was developed by Andy Polyakov of the OpenSSL\ndevelopment team. Since these routines are used to verify\ncertificate signature algorithms this can be used to crash any certificate\nverification operation and exploited in a DoS attack. \n\nThis issue affects OpenSSL versions 1.0.2 and 1.0.1. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2e\nOpenSSL 1.0.1 users should upgrade to 1.0.1q\n\nThis issue was reported to OpenSSL on August 27 2015 by Lo\u00efc Jonas Etienne\n(Qnective AG). The fix was developed by Dr. Stephen Henson of the OpenSSL\ndevelopment team. This structure is used by the PKCS#7 and CMS routines so any\napplication which reads PKCS#7 or CMS data from untrusted sources is affected. \nSSL/TLS is not affected. \n\nThis issue affects OpenSSL versions 1.0.2 and 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2e\nOpenSSL 1.0.1 users should upgrade to 1.0.1q\nOpenSSL 1.0.0 users should upgrade to 1.0.0t\nOpenSSL 0.9.8 users should upgrade to 0.9.8zh\n\nThis issue was reported to OpenSSL on November 9 2015 by Adam Langley\n(Google/BoringSSL) using libFuzzer. The fix was developed by Dr. Stephen\nHenson of the OpenSSL development team. \n\nRace condition handling PSK identify hint (CVE-2015-3196)\n=========================================================\n\nSeverity: Low\n\nIf PSK identity hints are received by a multi-threaded client then\nthe values are wrongly updated in the parent SSL_CTX structure. \n\nThis issue was fixed in OpenSSL 1.0.2d and 1.0.1p but has not been previously\nlisted in an OpenSSL security advisory. This issue also affects OpenSSL 1.0.0\nand has not been previously fixed in an OpenSSL 1.0.0 release. \n\nThe fix was developed by Dr. Stephen Henson of the OpenSSL development team. \n\nAnon DH ServerKeyExchange with 0 p parameter (CVE-2015-1794)\n============================================================\n\nSeverity: Low\n\nIf a client receives a ServerKeyExchange for an anonymous DH ciphersuite with\nthe value of p set to 0 then a seg fault can occur leading to a possible denial\nof service attack. \n\nThis issue affects OpenSSL version 1.0.2. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2e\n\nThis issue was reported to OpenSSL on August 3 2015 by Guy Leaver (Cisco). The\nfix was developed by Matt Caswell of the OpenSSL development team. \n\nNote\n====\n\nAs per our previous announcements and our Release Strategy\n(https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions\n1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these\nversions will be provided after that date. In the absence of significant\nsecurity issues being identified prior to that date, the 1.0.0t and 0.9.8zh\nreleases will be the last for those versions. Users of these versions are\nadvised to upgrade. \n\n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv/20151203.txt\n\nNote: the online version of the advisory may be updated with additional\ndetails over time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/about/secpolicy.html\n\n. \n\nReferences:\n\nCVE-2016-0800\nCVE-2016-0799\nCVE-2016-2842\nCVE-2015-1789\nCVE-2015-1791\nCVE-2015-3194\nCVE-2015-0705\nCVE-2015-5600\nCVE-2014-3566\nCVE-2008-5161\nSSRT102281\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nThe following firmware versions of Virtual Connect (VC) are impacted:\n\nHPE BladeSystem c-Class Virtual Connect (VC) Firmware 4.30 through VC 4.45\nHPE BladeSystem c-Class Virtual Connect (VC) Firmware 3.62 through VC 4.21\n\nNote: Firmware versions 3.62 through 4.21 are not impacted by CVE-2016-0800,\nCVE-2015-3194, CVE-2014-3566, CVE-2015-0705, CVE-2016-0799, and\nCVE-2016-2842. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05398322\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c05398322\nVersion: 1\n\nHPESBHF03709 rev.1 - HPE Network products including Comware, IMC, and VCX\nrunning OpenSSL, Remote Denial of Service (DoS), Disclosure of Sensitive\nInformation\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2017-02-21\nLast Updated: 2017-02-21\n\nPotential Security Impact: Remote: Denial of Service (DoS), Disclosure of\nSensitive Information\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities with OpenSSL have been addressed for HPE\nNetwork products including Comware 5, Comware 7, IMC, and VCX. The\nvulnerabilities could be remotely exploited resulting in Denial of Service\n(DoS) or disclosure of sensitive information. \n\nReferences:\n\n  - CVE-2015-1794 - Remote Denial of Service (DoS)\n  - CVE-2015-3193 - Remote disclosure of sensitive information\n  - CVE-2015-3194 - Remote Denial of Service (DoS)\n  - CVE-2015-3195 - Remote disclosure of sensitive information\n  - CVE-2015-3196 - Remote Denial of Service (DoS)\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\n  - Comware 5 (CW5) Products All versions - Please refer to the RESOLUTION\nbelow for a list of updated products. \n  - Comware 7 (CW7) Products All versions - Please refer to the RESOLUTION\nbelow for a list of updated products. \n  - HPE Intelligent Management Center (iMC) All versions - Please refer to\nthe RESOLUTION below for a list of updated products. \n  - VCX Products All versions - Please refer to the RESOLUTION below for a\nlist of updated products. \n\nBACKGROUND\n\n  CVSS Base Metrics\n  =================\n  Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n    CVE-2015-1794\n      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n      5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n    CVE-2015-3193\n      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n      5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)\n\n    CVE-2015-3194\n      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n      5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n    CVE-2015-3195\n      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n      5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n    CVE-2015-3196\n      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n      4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)\n\n    Information on CVSS is documented in\n    HPE Customer Notice HPSN-2008-002 here:\n\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499\n\nRESOLUTION\n\nHPE has made the following software updates to resolve the vulnerabilities in\nthe Comware, IMC and VCX products running OpenSSL. \n\n\n**COMWARE 5 Products**\n\n  + **A6600 (Comware 5) - Version: R3303P28**\n    * HP Network Products\n      - JC165A HP 6600 RPE-X1 Router Module\n      - JC177A HP 6608 Router\n      - JC177B HP 6608 Router Chassis\n      - JC178A HP 6604 Router Chassis\n      - JC178B HP 6604 Router Chassis\n      - JC496A HP 6616 Router Chassis\n      - JC566A HP 6600 RSE-X1 Router Main Processing Unit\n      - JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit\n      - JG781A HP 6600 RPE-X1 TAA-compliant Main Processing Unit\n  + **HSR6602 (Comware 5) - Version: R3303P28**\n    * HP Network Products\n      - JC176A HP 6602 Router Chassis\n      - JG353A HP HSR6602-G Router\n      - JG354A HP HSR6602-XG Router\n      - JG355A HP 6600 MCP-X1 Router Main Processing Unit\n      - JG356A HP 6600 MCP-X2 Router Main Processing Unit\n      - JG776A HP HSR6602-G TAA-compliant Router\n      - JG777A HP HSR6602-XG TAA-compliant Router\n      - JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit\n  + **HSR6800 (Comware 5) - Version: R3303P28**\n    * HP Network Products\n      - JG361A HP HSR6802 Router Chassis\n      - JG361B HP HSR6802 Router Chassis\n      - JG362A HP HSR6804 Router Chassis\n      - JG362B HP HSR6804 Router Chassis\n      - JG363A HP HSR6808 Router Chassis\n      - JG363B HP HSR6808 Router Chassis\n      - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit\n      - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit\n  + **MSR20 (Comware 5) - Version: R2516**\n    * HP Network Products\n      - JD432A HP A-MSR20-21 Router\n      - JD662A HP MSR20-20 Router\n      - JD663A HP A-MSR20-21 Router\n      - JD663B HP MSR20-21 Router\n      - JD664A HP MSR20-40 Router\n      - JF228A HP MSR20-40 Router\n      - JF283A HP MSR20-20 Router\n  + **MSR20-1X  (Comware 5) - Version: R2516**\n    * HP Network Products\n      - JD431A HP MSR20-10 Router\n      - JD667A HP MSR20-15 IW Multi-Service Router\n      - JD668A HP MSR20-13 Multi-Service Router\n      - JD669A HP MSR20-13 W Multi-Service Router\n      - JD670A HP MSR20-15 A Multi-Service Router\n      - JD671A HP MSR20-15 AW Multi-Service Router\n      - JD672A HP MSR20-15 I Multi-Service Router\n      - JD673A HP MSR20-11 Multi-Service Router\n      - JD674A HP MSR20-12 Multi-Service Router\n      - JD675A HP MSR20-12 W Multi-Service Router\n      - JD676A HP MSR20-12 T1 Multi-Service Router\n      - JF236A HP MSR20-15-I Router\n      - JF237A HP MSR20-15-A Router\n      - JF238A HP MSR20-15-I-W Router\n      - JF239A HP MSR20-11 Router\n      - JF240A HP MSR20-13 Router\n      - JF241A HP MSR20-12 Router\n      - JF806A HP MSR20-12-T Router\n      - JF807A HP MSR20-12-W Router\n      - JF808A HP MSR20-13-W Router\n      - JF809A HP MSR20-15-A-W Router\n      - JF817A HP MSR20-15 Router\n      - JG209A HP MSR20-12-T-W Router (NA)\n      - JG210A HP MSR20-13-W Router (NA)\n  + **MSR 30 (Comware 5) - Version: R2516**\n    * HP Network Products\n      - JD654A HP MSR30-60 POE Multi-Service Router\n      - JD657A HP MSR30-40 Multi-Service Router\n      - JD658A HP MSR30-60 Multi-Service Router\n      - JD660A HP MSR30-20 POE Multi-Service Router\n      - JD661A HP MSR30-40 POE Multi-Service Router\n      - JD666A HP MSR30-20 Multi-Service Router\n      - JF229A HP MSR30-40 Router\n      - JF230A HP MSR30-60 Router\n      - JF232A HP RTMSR3040-AC-OVSAS-H3\n      - JF235A HP MSR30-20 DC Router\n      - JF284A HP MSR30-20 Router\n      - JF287A HP MSR30-40 DC Router\n      - JF801A HP MSR30-60 DC Router\n      - JF802A HP MSR30-20 PoE Router\n      - JF803A HP MSR30-40 PoE Router\n      - JF804A HP MSR30-60 PoE Router\n      - JG728A HP MSR30-20 TAA-compliant DC Router\n      - JG729A HP MSR30-20 TAA-compliant Router\n  + **MSR 30-16 (Comware 5) - Version: R2516**\n    * HP Network Products\n      - JD659A HP MSR30-16 POE Multi-Service Router\n      - JD665A HP MSR30-16 Multi-Service Router\n      - JF233A HP MSR30-16 Router\n      - JF234A HP MSR30-16 PoE Router\n  + **MSR 30-1X (Comware 5) - Version: R2516**\n    * HP Network Products\n      - JF800A HP MSR30-11 Router\n      - JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr\n      - JG182A HP MSR30-11E Router\n      - JG183A HP MSR30-11F Router\n      - JG184A HP MSR30-10 DC Router\n  + **MSR 50 (Comware 5) - Version: R2516**\n    * HP Network Products\n      - JD433A HP MSR50-40 Router\n      - JD653A HP MSR50 Processor Module\n      - JD655A HP MSR50-40 Multi-Service Router\n      - JD656A HP MSR50-60 Multi-Service Router\n      - JF231A HP MSR50-60 Router\n      - JF285A HP MSR50-40 DC Router\n      - JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply\n  + **MSR 50-G2 (Comware 5) - Version: R2516**\n    * HP Network Products\n      - JD429A HP MSR50 G2 Processor Module\n      - JD429B HP MSR50 G2 Processor Module\n  + **MSR 9XX (Comware 5) - Version: R2516**\n    * HP Network Products\n      - JF812A HP MSR900 Router\n      - JF813A HP MSR920 Router\n      - JF814A HP MSR900-W Router\n      - JF815A HP MSR920 2FEWAN/8FELAN/.11 b/g Rtr\n      - JG207A HP MSR900-W Router (NA)\n      - JG208A HP MSR920-W Router (NA)\n  + **MSR 93X (Comware 5) - Version: R2516**\n    * HP Network Products\n      - JG511A HP MSR930 Router\n      - JG511B HP MSR930 Router\n      - JG512A HP MSR930 Wireless Router\n      - JG513A HP MSR930 3G Router\n      - JG513B HP MSR930 3G Router\n      - JG514A HP MSR931 Router\n      - JG514B HP MSR931 Router\n      - JG515A HP MSR931 3G Router\n      - JG516A HP MSR933 Router\n      - JG517A HP MSR933 3G Router\n      - JG518A HP MSR935 Router\n      - JG518B HP MSR935 Router\n      - JG519A HP MSR935 Wireless Router\n      - JG520A HP MSR935 3G Router\n      - JG531A HP MSR931 Dual 3G Router\n      - JG531B HP MSR931 Dual 3G Router\n      - JG596A HP MSR930 4G LTE/3G CDMA Router\n      - JG597A HP MSR936 Wireless Router\n      - JG665A HP MSR930 4G LTE/3G WCDMA Global Router\n      - JG704A HP MSR930 4G LTE/3G WCDMA  ATT Router\n      - JH009A HP MSR931 Serial (TI) Router\n      - JH010A HP MSR933 G.SHDSL (TI) Router\n      - JH011A HP MSR935 ADSL2+ (TI) Router\n      - JH012A HP MSR930 Wireless 802.11n (NA) Router\n      - JH012B HP MSR930 Wireless 802.11n (NA) Router\n      - JH013A HP MSR935 Wireless 802.11n (NA) Router\n  + **MSR1000 (Comware 5) - Version: See Mitigation**\n    * HP Network Products\n      - JG732A HP MSR1003-8 AC Router\n  + **12500 (Comware 5) - Version: R1829P02**\n    * HP Network Products\n      - JC072B HP 12500 Main Processing Unit\n      - JC085A HP A12518 Switch Chassis\n      - JC086A HP A12508 Switch Chassis\n      - JC652A HP 12508 DC Switch Chassis\n      - JC653A HP 12518 DC Switch Chassis\n      - JC654A HP 12504 AC Switch Chassis\n      - JC655A HP 12504 DC Switch Chassis\n      - JC808A HP 12500 TAA Main Processing Unit\n      - JF430A HP A12518 Switch Chassis\n      - JF430B HP 12518 Switch Chassis\n      - JF430C HP 12518 AC Switch Chassis\n      - JF431A HP A12508 Switch Chassis\n      - JF431B HP 12508 Switch Chassis\n      - JF431C HP 12508 AC Switch Chassis\n  + **9500E (Comware 5) - Version: R1829P02**\n    * HP Network Products\n      - JC124A HP A9508 Switch Chassis\n      - JC124B HP 9505 Switch Chassis\n      - JC125A HP A9512 Switch Chassis\n      - JC125B HP 9512 Switch Chassis\n      - JC474A HP A9508-V Switch Chassis\n      - JC474B HP 9508-V Switch Chassis\n  + **10500 (Comware 5) - Version: R1210P02**\n    * HP Network Products\n      - JC611A HP 10508-V Switch Chassis\n      - JC612A HP 10508 Switch Chassis\n      - JC613A HP 10504 Switch Chassis\n      - JC614A HP 10500 Main Processing Unit\n      - JC748A HP 10512 Switch Chassis\n      - JG375A HP 10500 TAA-compliant Main Processing Unit\n      - JG820A HP 10504 TAA-compliant Switch Chassis\n      - JG821A HP 10508 TAA-compliant Switch Chassis\n      - JG822A HP 10508-V TAA-compliant Switch Chassis\n      - JG823A HP 10512 TAA-compliant Switch Chassis\n  + **7500 (Comware 5) - Version: R6710P02**\n    * HP Network Products\n      - JC666A HP 7503-S 144Gbps Fabric/MPU with PoE Upgradable 20-port\nGig-T/4-port GbE Combo\n      - JC697A HP 7502 TAA-compliant Main Processing Unit\n      - JC698A HP 7503-S 144Gbps TAA Fabric / MPU with 16 GbE SFP Ports and 8\nGbE Combo Ports\n      - JC699A HP 7500 384Gbps TAA-compliant Fabric / MPU with 2 10GbE XFP\nPorts\n      - JC700A HP 7500 384Gbps TAA-compliant Fabric / Main Processing Unit\n      - JC701A HP 7500 768Gbps TAA-compliant Fabric / Main Processing Unit\n      - JD193A HP 7500 384Gbps Fabric Module with 2 XFP Ports\n      - JD193B HP 7500 384Gbps Fabric Module with 2 XFP Ports\n      - JD194A HP 7500 384Gbps Fabric Module\n      - JD194B HP 7500 384Gbps Fabric Module\n      - JD195A HP 7500 384Gbps Advanced Fabric Module\n      - JD196A HP 7502 Fabric Module\n      - JD220A HP 7500 768Gbps Fabric Module\n      - JD224A HP 7500 384Gbps Fabric Module with 12 SFP Ports\n      - JD238A HP 7510 Switch Chassis\n      - JD238B HP 7510 Switch Chassis\n      - JD239A HP 7506 Switch Chassis\n      - JD239B HP 7506 Switch Chassis\n      - JD240A HP 7503 Switch Chassis\n      - JD240B HP 7503 Switch Chassis\n      - JD241A HP 7506-V Switch Chassis\n      - JD241B HP 7506-V Switch Chassis\n      - JD242A HP 7502 Switch Chassis\n      - JD242B HP 7502 Switch Chassis\n      - JD243A HP 7503-S Switch Chassis with 1 Fabric Slot\n      - JD243B HP 7503-S Switch Chassis with 1 Fabric Slot\n      - JE164A HP E7902 Switch Chassis\n      - JE165A HP E7903 Switch Chassis\n      - JE166A HP E7903 1 Fabric Slot Switch Chassis\n      - JE167A HP E7906 Switch Chassis\n      - JE168A HP E7906 Vertical Switch Chassis\n      - JE169A HP E7910 Switch Chassis\n  + **6125G/XG Blade Switch - Version: R2112P05**\n    * HP Network Products\n      - 737220-B21 HP 6125G Blade Switch with TAA\n      - 737226-B21 HP 6125G/XG Blade Switch with TAA\n      - 658250-B21 HP 6125G/XG Blade Switch Opt Kit\n      - 658247-B21 HP 6125G Blade Switch Opt Kit\n  + **5830 (Comware 5) - Version: R1118P13**\n    * HP Network Products\n      - JC691A HP 5830AF-48G Switch with 1 Interface Slot\n      - JC694A HP 5830AF-96G Switch\n      - JG316A HP 5830AF-48G TAA-compliant Switch w/1 Interface Slot\n      - JG374A HP 5830AF-96G TAA-compliant Switch\n  + **5800 (Comware 5) - Version: R1810P03**\n    * HP Network Products\n      - JC099A HP 5800-24G-PoE Switch\n      - JC099B HP 5800-24G-PoE+ Switch\n      - JC100A HP 5800-24G Switch\n      - JC100B HP 5800-24G Switch\n      - JC101A HP 5800-48G Switch with 2 Slots\n      - JC101B HP 5800-48G-PoE+ Switch with 2 Interface Slots\n      - JC103A HP 5800-24G-SFP Switch\n      - JC103B HP 5800-24G-SFP Switch with 1 Interface Slot\n      - JC104A HP 5800-48G-PoE Switch\n      - JC104B HP 5800-48G-PoE+ Switch with 1 Interface Slot\n      - JC105A HP 5800-48G Switch\n      - JC105B HP 5800-48G Switch with 1 Interface Slot\n      - JG254A HP 5800-24G-PoE+ TAA-compliant Switch\n      - JG254B HP 5800-24G-PoE+ TAA-compliant Switch\n      - JG255A HP 5800-24G TAA-compliant Switch\n      - JG255B HP 5800-24G TAA-compliant Switch\n      - JG256A HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot\n      - JG256B HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot\n      - JG257A HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot\n      - JG257B HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot\n      - JG258A HP 5800-48G TAA-compliant Switch with 1 Interface Slot\n      - JG258B HP 5800-48G TAA-compliant Switch with 1 Interface Slot\n      - JG225A HP 5800AF-48G Switch\n      - JG225B HP 5800AF-48G Switch\n      - JG242A HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface Slots\n      - JG242B HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface\n      - JG243A HP 5820-24XG-SFP+ TAA-compliant Switch\n      - JG243B HP 5820-24XG-SFP+ TAA-compliant Switch\n      - JG259A HP 5820X-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots\n\u0026 1 OAA Slot\n      - JG259B HP 5820-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots\nand 1 OAA Slot\n      - JC106A HP 5820-14XG-SFP+ Switch with 2 Slots\n      - JC106B HP 5820-14XG-SFP+ Switch with 2 Interface Slots \u0026 1 OAA Slot\n      - JG219A HP 5820AF-24XG Switch\n      - JG219B HP 5820AF-24XG Switch\n      - JC102A HP 5820-24XG-SFP+ Switch\n      - JC102B HP 5820-24XG-SFP+ Switch\n  + **5500 HI (Comware 5) - Version: R5501P21**\n    * HP Network Products\n      - JG311A HP 5500-24G-4SFP HI Switch with 2 Interface Slots\n      - JG312A HP 5500-48G-4SFP HI Switch with 2 Interface Slots\n      - JG541A HP 5500-24G-PoE+-4SFP HI Switch with 2 Interface Slots\n      - JG542A HP 5500-48G-PoE+-4SFP HI Switch with 2 Interface Slots\n      - JG543A HP 5500-24G-SFP HI Switch with 2 Interface Slots\n      - JG679A HP 5500-24G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface\nSlots\n      - JG680A HP 5500-48G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface\nSlots\n      - JG681A HP 5500-24G-SFP HI TAA-compliant Switch with 2 Interface Slots\n  + **5500 EI (Comware 5) - Version: R2221P22**\n    * HP Network Products\n      - JD373A HP 5500-24G DC EI Switch\n      - JD374A HP 5500-24G-SFP EI Switch\n      - JD375A HP 5500-48G EI Switch\n      - JD376A HP 5500-48G-PoE EI Switch\n      - JD377A HP 5500-24G EI Switch\n      - JD378A HP 5500-24G-PoE EI Switch\n      - JD379A HP 5500-24G-SFP DC EI Switch\n      - JG240A HP 5500-48G-PoE+ EI Switch with 2 Interface Slots\n      - JG241A HP 5500-24G-PoE+ EI Switch with 2 Interface Slots\n      - JG249A HP 5500-24G-SFP EI TAA-compliant Switch with 2 Interface\n      - JG250A HP 5500-24G EI TAA-compliant Switch with 2 Interface Slots\n      - JG251A HP 5500-48G EI TAA-compliant Switch with 2 Interface Slots\n      - JG252A HP 5500-24G-PoE+ EI TAA-compliant Switch with 2 Interface\nSlots\n      - JG253A HP 5500-48G-PoE+ EI TAA-compliant Switch with 2 Interface\nSlots\n  + **4800G (Comware 5) - Version: R2221P22**\n    * HP Network Products\n      - JD007A HP 4800-24G Switch\n      - JD008A HP 4800-24G-PoE Switch\n      - JD009A HP 4800-24G-SFP Switch\n      - JD010A HP 4800-48G Switch\n      - JD011A HP 4800-48G-PoE Switch\n  + **5500SI (Comware 5) - Version: R2221P22**\n    * HP Network Products\n      - JD369A HP 5500-24G SI Switch\n      - JD370A HP 5500-48G SI Switch\n      - JD371A HP 5500-24G-PoE SI Switch\n      - JD372A HP 5500-48G-PoE SI Switch\n      - JG238A HP 5500-24G-PoE+ SI Switch with 2 Interface Slots\n      - JG239A HP 5500-48G-PoE+ SI Switch with 2 Interface Slots\n  + **4500G (Comware 5) - Version: R2221P22**\n    * HP Network Products\n      - JF428A HP 4510-48G Switch\n      - JF847A HP 4510-24G Switch\n  + **5120 EI (Comware 5) - Version: R2221P22**\n    * HP Network Products\n      - JE066A HP 5120-24G EI Switch\n      - JE067A HP 5120-48G EI Switch\n      - JE068A HP 5120-24G EI Switch with 2 Interface Slots\n      - JE069A HP 5120-48G EI Switch with 2 Interface Slots\n      - JE070A HP 5120-24G-PoE EI 2-slot Switch\n      - JE071A HP 5120-48G-PoE EI 2-slot Switch\n      - JG236A HP 5120-24G-PoE+ EI Switch with 2 Interface Slots\n      - JG237A HP 5120-48G-PoE+ EI Switch with 2 Interface Slots\n      - JG245A HP 5120-24G EI TAA-compliant Switch with 2 Interface Slots\n      - JG246A HP 5120-48G EI TAA-compliant Switch with 2 Interface Slots\n      - JG247A HP 5120-24G-PoE+ EI TAA-compliant Switch with 2 Slots\n      - JG248A HP 5120-48G-PoE+ EI TAA-compliant Switch with 2 Slots\n  + **4210G (Comware 5) - Version: R2221P22**\n    * HP Network Products\n      - JF844A HP 4210-24G Switch\n      - JF845A HP 4210-48G Switch\n      - JF846A HP 4210-24G-PoE Switch\n  + **5120 SI (Comware 5) - Version: R1517**\n    * HP Network Products\n      - JE072A HP 5120-48G SI Switch\n      - JE072B HPE 5120 48G SI Switch\n      - JE073A HP 5120-16G SI Switch\n      - JE073B HPE 5120 16G SI Switch\n      - JE074A HP 5120-24G SI Switch\n      - JE074B HPE 5120 24G SI Switch\n      - JG091A HP 5120-24G-PoE+ (370W) SI Switch\n      - JG091B HPE 5120 24G PoE+ (370W) SI Switch\n      - JG092A HP 5120-24G-PoE+ (170W) SI Switch\n      - JG309B HPE 5120 8G PoE+ (180W) SI Switch\n      - JG310B HPE 5120 8G PoE+ (65W) SI Switch\n  + **3610 (Comware 5) - Version: R5319P15**\n    * HP Network Products\n      - JD335A HP 3610-48 Switch\n      - JD336A HP 3610-24-4G-SFP Switch\n      - JD337A HP 3610-24-2G-2G-SFP Switch\n      - JD338A HP 3610-24-SFP Switch\n  + **3600V2 (Comware 5) - Version: R2111P01**\n    * HP Network Products\n      - JG299A HP 3600-24 v2 EI Switch\n      - JG299B HP 3600-24 v2 EI Switch\n      - JG300A HP 3600-48 v2 EI Switch\n      - JG300B HP 3600-48 v2 EI Switch\n      - JG301A HP 3600-24-PoE+ v2 EI Switch\n      - JG301B HP 3600-24-PoE+ v2 EI Switch\n      - JG301C HP 3600-24-PoE+ v2 EI Switch\n      - JG302A HP 3600-48-PoE+ v2 EI Switch\n      - JG302B HP 3600-48-PoE+ v2 EI Switch\n      - JG302C HP 3600-48-PoE+ v2 EI Switch\n      - JG303A HP 3600-24-SFP v2 EI Switch\n      - JG303B HP 3600-24-SFP v2 EI Switch\n      - JG304A HP 3600-24 v2 SI Switch\n      - JG304B HP 3600-24 v2 SI Switch\n      - JG305A HP 3600-48 v2 SI Switch\n      - JG305B HP 3600-48 v2 SI Switch\n      - JG306A HP 3600-24-PoE+ v2 SI Switch\n      - JG306B HP 3600-24-PoE+ v2 SI Switch\n      - JG306C HP 3600-24-PoE+ v2 SI Switch\n      - JG307A HP 3600-48-PoE+ v2 SI Switch\n      - JG307B HP 3600-48-PoE+ v2 SI Switch\n      - JG307C HP 3600-48-PoE+ v2 SI Switch\n  + **3100V2 (Comware 5) - Version: R5213P01**\n    * HP Network Products\n      - JD313B HPE 3100 24 PoE v2 EI Switch\n      - JD318B HPE 3100 8 v2 EI Switch\n      - JD319B HPE 3100 16 v2 EI Switch\n      - JD320B HPE 3100 24 v2 EI Switch\n      - JG221A HPE 3100 8 v2 SI Switch\n      - JG222A HPE 3100 16 v2 SI Switch\n      - JG223A HPE 3100 24 v2 SI Switch\n  + **HP870 (Comware 5) - Version: R2607P51**\n    * HP Network Products\n      - JG723A HP 870 Unified Wired-WLAN Appliance\n      - JG725A HP 870 Unified Wired-WLAN TAA-compliant Appliance\n  + **HP850 (Comware 5) - Version: R2607P51**\n    * HP Network Products\n      - JG722A HP 850 Unified Wired-WLAN Appliance\n      - JG724A HP 850 Unified Wired-WLAN TAA-compliant Appliance\n  + **HP830 (Comware 5) - Version: R3507P51**\n    * HP Network Products\n      - JG640A HP 830 24-Port PoE+ Unified Wired-WLAN Switch\n      - JG641A HP 830 8-port PoE+ Unified Wired-WLAN Switch\n      - JG646A HP 830 24-Port PoE+ Unified Wired-WLAN TAA-compliant Switch\n      - JG647A HP 830 8-Port PoE+ Unified Wired-WLAN TAA-compliant\n  + **HP6000 (Comware 5) - Version: R2507P44**\n    * HP Network Products\n      - JG639A HP 10500/7500 20G Unified Wired-WLAN Module\n      - JG645A HP 10500/7500 20G Unified Wired-WLAN TAA-compliant Module\n  + **WX5004-EI (Comware 5) - Version: R2507P44**\n    * HP Network Products\n      - JD447B HP WX5002 Access Controller\n      - JD448A HP WX5004 Access Controller\n      - JD448B HP WX5004 Access Controller\n      - JD469A HP WX5004 Access Controller\n  + **SecBlade FW (Comware 5) - Version: R3181P07**\n    * HP Network Products\n      - JC635A HP 12500 VPN Firewall Module\n      - JD245A HP 9500 VPN Firewall Module\n      - JD249A HP 10500/7500 Advanced VPN Firewall Module\n      - JD250A HP 6600 Firewall Processing Router Module\n      - JD251A HP 8800 Firewall Processing Module\n      - JD255A HP 5820 VPN Firewall Module\n  + **F1000-E (Comware 5) - Version: TBD still fixing**\n    * HP Network Products\n      - JD272A HP F1000-E VPN Firewall Appliance\n  + **F1000-A-EI (Comware 5) - Version: TBD still fixing**\n    * HP Network Products\n      - JG214A HP F1000-A-EI VPN Firewall Appliance\n  + **F1000-S-EI (Comware 5) - Version: TBD still fixing**\n    * HP Network Products\n      - JG213A HP F1000-S-EI VPN Firewall Appliance\n  + **F5000-A (Comware 5) - Version: F3210P26**\n    * HP Network Products\n      - JD259A HP A5000-A5 VPN Firewall Chassis\n      - JG215A HP F5000 Firewall Main Processing Unit\n      - JG216A HP F5000 Firewall Standalone Chassis\n  + **U200S and CS (Comware 5) - Version: F5123P33**\n    * HP Network Products\n      - JD273A HP U200-S UTM Appliance\n  + **U200A and M (Comware 5) - Version: F5123P33**\n    * HP Network Products\n      - JD275A HP U200-A UTM Appliance\n  + **F5000-C/S (Comware 5) - Version: TBD still fixing**\n    * HP Network Products\n      - JG650A HP F5000-C VPN Firewall Appliance\n      - JG370A HP F5000-S VPN Firewall Appliance\n  + **SecBlade III (Comware 5) - Version: TBD still fixing**\n    * HP Network Products\n      - JG371A HP 12500 20Gbps VPN Firewall Module\n      - JG372A HP 10500/11900/7500 20Gbps VPN Firewall Module\n  + **6600 RSE RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU**\n    * HP Network Products\n      - JC177A HP 6608 Router\n      - JC177B HP 6608 Router Chassis\n      - JC178A HP 6604 Router Chassis\n      - JC178B HP 6604 Router Chassis\n      - JC496A HP 6616 Router Chassis\n      - JC566A HP 6600 RSE-X1 Router Main Processing Unit\n      - JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit\n  + **6600 RPE RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU**\n    * HP Network Products\n      - JC165A HP 6600 RPE-X1 Router Module\n      - JC177A HP 6608 Router\n      - JC177B HPE FlexNetwork 6608 Router Chassis\n      - JC178A HPE FlexNetwork 6604 Router Chassis\n      - JC178B HPE FlexNetwork 6604 Router Chassis\n      - JC496A HPE FlexNetwork 6616 Router Chassis\n      - JG781A HP 6600 RPE-X1 TAA-compliant Main Processing Unit\n  + **6602 RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU**\n    * HP Network Products\n      - JC176A HP 6602 Router Chassis\n  + **HSR6602 RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU**\n    * HP Network Products\n      - JC177A HP 6608 Router\n      - JC177B HP 6608 Router Chassis\n      - JC178A HP 6604 Router Chassis\n      - JC178B HP 6604 Router Chassis\n      - JC496A HP 6616 Router Chassis\n      - JG353A HP HSR6602-G Router\n      - JG354A HP HSR6602-XG Router\n      - JG355A HP 6600 MCP-X1 Router Main Processing Unit\n      - JG356A HP 6600 MCP-X2 Router Main Processing Unit\n      - JG776A HP HSR6602-G TAA-compliant Router\n      - JG777A HP HSR6602-XG TAA-compliant Router\n      - JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit\n  + **HSR6800 RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU**\n    * HP Network Products\n      - JG361A HP HSR6802 Router Chassis\n      - JG361B HP HSR6802 Router Chassis\n      - JG362A HP HSR6804 Router Chassis\n      - JG362B HP HSR6804 Router Chassis\n      - JG363A HP HSR6808 Router Chassis\n      - JG363B HP HSR6808 Router Chassis\n      - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit\n      - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit\n  + **SMB1910 (Comware 5) - Version: R1113**\n    * HP Network Products\n      - JG540A HP 1910-48 Switch\n      - JG539A HP 1910-24-PoE+ Switch\n      - JG538A HP 1910-24 Switch\n      - JG537A HP 1910-8 -PoE+ Switch\n      - JG536A HP 1910-8 Switch\n  + **SMB1920 (Comware 5) - Version: R1112**\n    * HP Network Products\n      - JG928A HP 1920-48G-PoE+ (370W) Switch\n      - JG927A HP 1920-48G Switch\n      - JG926A HP 1920-24G-PoE+ (370W) Switch\n      - JG925A HP 1920-24G-PoE+ (180W) Switch\n      - JG924A HP 1920-24G Switch\n      - JG923A HP 1920-16G Switch\n      - JG922A HP 1920-8G-PoE+ (180W) Switch\n      - JG921A HP 1920-8G-PoE+ (65W) Switch\n      - JG920A HP 1920-8G Switch\n  + **V1910 (Comware 5) - Version: R1517P01**\n    * HP Network Products\n      - JE005A HP 1910-16G Switch\n      - JE006A HP 1910-24G Switch\n      - JE007A HP 1910-24G-PoE (365W) Switch\n      - JE008A HP 1910-24G-PoE(170W) Switch\n      - JE009A HP 1910-48G Switch\n      - JG348A HP 1910-8G Switch\n      - JG349A HP 1910-8G-PoE+ (65W) Switch\n      - JG350A HP 1910-8G-PoE+ (180W) Switch\n  + **SMB 1620 (Comware 5) - Version: R1110**\n    * HP Network Products\n      - JG914A HP 1620-48G Switch\n      - JG913A HP 1620-24G Switch\n      - JG912A HP 1620-8G Switch\n  + **NJ5000 - Version: R1107**\n    * HP Network Products\n      - JH237A HPE FlexNetwork NJ5000 5G PoE+ Walljack\n\n\n**COMWARE 7 Products**\n\n  + **12500 (Comware 7) - Version: R7377**\n    * HP Network Products\n      - JC072B HP 12500 Main Processing Unit\n      - JC085A HP A12518 Switch Chassis\n      - JC086A HP A12508 Switch Chassis\n      - JC652A HP 12508 DC Switch Chassis\n      - JC653A HP 12518 DC Switch Chassis\n      - JC654A HP 12504 AC Switch Chassis\n      - JC655A HP 12504 DC Switch Chassis\n      - JF430A HP A12518 Switch Chassis\n      - JF430B HP 12518 Switch Chassis\n      - JF430C HP 12518 AC Switch Chassis\n      - JF431A HP A12508 Switch Chassis\n      - JF431B HP 12508 Switch Chassis\n      - JF431C HP 12508 AC Switch Chassis\n      - JG497A HP 12500 MPU w/Comware V7 OS\n      - JG782A HP FF 12508E AC Switch Chassis\n      - JG783A HP FF 12508E DC Switch Chassis\n      - JG784A HP FF 12518E AC Switch Chassis\n      - JG785A HP FF 12518E DC Switch Chassis\n      - JG802A HP FF 12500E MPU\n  + **10500 (Comware 7) - Version: R7180**\n    * HP Network Products\n      - JC611A HP 10508-V Switch Chassis\n      - JC612A HP 10508 Switch Chassis\n      - JC613A HP 10504 Switch Chassis\n      - JC748A HP 10512 Switch Chassis\n      - JG608A HP FlexFabric 11908-V Switch Chassis\n      - JG609A HP FlexFabric 11900 Main Processing Unit\n      - JG820A HP 10504 TAA Switch Chassis\n      - JG821A HP 10508 TAA Switch Chassis\n      - JG822A HP 10508-V TAA Switch Chassis\n      - JG823A HP 10512 TAA Switch Chassis\n      - JG496A HP 10500 Type A MPU w/Comware v7 OS\n      - JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating\nSystem\n      - JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System\nMain Processing Unit\n  + **12900 (Comware 7) - Version: R1150**\n    * HP Network Products\n      - JG619A HP FlexFabric 12910 Switch AC Chassis\n      - JG621A HP FlexFabric 12910 Main Processing Unit\n      - JG632A HP FlexFabric 12916 Switch AC Chassis\n      - JG634A HP FlexFabric 12916 Main Processing Unit\n      - JH104A HP FlexFabric 12900E Main Processing Unit\n      - JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit\n      - JH263A HP FlexFabric 12904E Main Processing Unit\n      - JH255A HP FlexFabric 12908E Switch Chassis\n      - JH262A HP FlexFabric 12904E Switch Chassis\n      - JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis\n      - JH103A HP FlexFabric 12916E Switch Chassis\n  + **5900 (Comware 7) - Version: R2432P01**\n    * HP Network Products\n      - JC772A HP 5900AF-48XG-4QSFP+ Switch\n      - JG296A HP 5920AF-24XG Switch\n      - JG336A HP 5900AF-48XGT-4QSFP+ Switch\n      - JG510A HP 5900AF-48G-4XG-2QSFP+ Switch\n      - JG554A HP 5900AF-48XG-4QSFP+ TAA Switch\n      - JG555A HP 5920AF-24XG TAA Switch\n      - JG838A HP FF 5900CP-48XG-4QSFP+ Switch\n      - JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant\n      - JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch\n      - JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant\n  + **MSR1000 (Comware 7) - Version: R0306P12**\n    * HP Network Products\n      - JG875A HP MSR1002-4 AC Router\n      - JH060A HP MSR1003-8S AC Router\n  + **MSR2000 (Comware 7) - Version: R0306P12**\n    * HP Network Products\n      - JG411A HP MSR2003 AC Router\n      - JG734A HP MSR2004-24 AC Router\n      - JG735A HP MSR2004-48 Router\n      - JG866A HP MSR2003 TAA-compliant AC Router\n  + **MSR3000 (Comware 7) - Version: R0306P12**\n    * HP Network Products\n      - JG404A HP MSR3064 Router\n      - JG405A HP MSR3044 Router\n      - JG406A HP MSR3024 AC Router\n      - JG407A HP MSR3024 DC Router\n      - JG408A HP MSR3024 PoE Router\n      - JG409A HP MSR3012 AC Router\n      - JG410A HP MSR3012 DC Router\n      - JG861A HP MSR3024 TAA-compliant AC Router\n  + **MSR4000 (Comware 7) - Version: R0306P12**\n    * HP Network Products\n      - JG402A HP MSR4080 Router Chassis\n      - JG403A HP MSR4060 Router Chassis\n      - JG412A HP MSR4000 MPU-100 Main Processing Unit\n      - JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit\n  + **VSR (Comware 7) - Version: E0322P01**\n    * HP Network Products\n      - JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation\nSoftware\n      - JG811AAE HP VSR1001 Comware 7 Virtual Services Router\n      - JG812AAE HP VSR1004 Comware 7 Virtual Services Router\n      - JG813AAE HP VSR1008 Comware 7 Virtual Services Router\n  + **7900 (Comware 7) - Version: R2150**\n    * HP Network Products\n      - JG682A HP FlexFabric 7904 Switch Chassis\n      - JG841A HP FlexFabric 7910 Switch Chassis\n      - JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit\n      - JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit\n      - JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis\n      - JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis\n      - JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main\nProcessing Unit\n      - JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main\nProcessing Unit\n  + **5130 (Comware 7) - Version: R3113P02**\n    * HP Network Products\n      - JG932A HP 5130-24G-4SFP+ EI Switch\n      - JG933A HP 5130-24G-SFP-4SFP+ EI Switch\n      - JG934A HP 5130-48G-4SFP+ EI Switch\n      - JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch\n      - JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch\n      - JG938A HP 5130-24G-2SFP+-2XGT EI Switch\n      - JG939A HP 5130-48G-2SFP+-2XGT EI Switch\n      - JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch\n      - JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch\n      - JG975A HP 5130-24G-4SFP+ EI Brazil Switch\n      - JG976A HP 5130-48G-4SFP+ EI Brazil Switch\n      - JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch\n      - JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch\n  + **6125XLG - Version: R2432P01**\n    * HP Network Products\n      - 711307-B21 HP 6125XLG Blade Switch\n      - 737230-B21 HP 6125XLG Blade Switch with TAA\n  + **6127XLG - Version: R2432P01**\n    * HP Network Products\n      - 787635-B21 HP 6127XLG Blade Switch Opt Kit\n      - 787635-B22 HP 6127XLG Blade Switch with TAA\n  + **Moonshot - Version: R2432P01**\n    * HP Network Products\n      - 786617-B21 - HP Moonshot-45Gc Switch Module\n      - 704654-B21 - HP Moonshot-45XGc Switch Module\n      - 786619-B21 - HP Moonshot-180XGc Switch Module\n  + **5700 (Comware 7) - Version: R2432P01**\n    * HP Network Products\n      - JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch\n      - JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch\n      - JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch\n      - JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch\n      - JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch\n      - JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch\n  + **5930 (Comware 7) - Version: R2432P01**\n    * HP Network Products\n      - JG726A HP FlexFabric 5930 32QSFP+ Switch\n      - JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch\n      - JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch\n      - JH179A HP FlexFabric 5930 4-slot Switch\n      - JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch\n      - JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch\n  + **HSR6600 (Comware 7) - Version: R7103P09**\n    * HP Network Products\n      - JG353A HP HSR6602-G Router\n      - JG354A HP HSR6602-XG Router\n      - JG776A HP HSR6602-G TAA-compliant Router\n      - JG777A HP HSR6602-XG TAA-compliant Router\n  + **HSR6800 (Comware 7) - Version: R7103P09**\n    * HP Network Products\n      - JG361A HP HSR6802 Router Chassis\n      - JG361B HP HSR6802 Router Chassis\n      - JG362A HP HSR6804 Router Chassis\n      - JG362B HP HSR6804 Router Chassis\n      - JG363A HP HSR6808 Router Chassis\n      - JG363B HP HSR6808 Router Chassis\n      - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit\n      - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing\n      - JH075A HP HSR6800 RSE-X3 Router Main Processing Unit\n  + **1950 (Comware 7) - Version: R3113P02**\n    * HP Network Products\n      - JG960A HP 1950-24G-4XG Switch\n      - JG961A HP 1950-48G-2SFP+-2XGT Switch\n      - JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch\n      - JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch\n  + **7500 (Comware 7) - Version: R7180**\n    * HP Network Products\n      - JD238C HP 7510 Switch Chassis\n      - JD239C HP 7506 Switch Chassis\n      - JD240C HP 7503 Switch Chassis\n      - JD242C HP 7502 Switch Chassis\n      - JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only\nMain Processing Unit\n      - JH208A HP 7502 Main Processing Unit\n      - JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port\n40GbE QSFP+ Main Processing Unit\n  + **5510HI (Comware 7) - Version: R1120**\n    * HP Network Products\n      - JH145A HPE 5510 24G 4SFP+ HI 1-slot Switch\n      - JH146A HPE 5510 48G 4SFP+ HI 1-slot Switch\n      - JH147A HPE 5510 24G PoE+ 4SFP+ HI 1-slot Switch\n      - JH148A HPE 5510 48G PoE+ 4SFP+ HI 1-slot Switch\n      - JH149A HPE 5510 24G SFP 4SFP+ HI 1-slot Switch\n  + **5130HI (Comware 7) - Version: R1120**\n    * HP Network Products\n      - JH323A HPE 5130 24G 4SFP+ 1-slot HI Switch\n      - JH324A HPE 5130 48G 4SFP+ 1-slot HI Switch\n      - JH325A HPE 5130 24G PoE+ 4SFP+ 1-slot HI Switch\n      - JH326A HPE 5130 48G PoE+ 4SFP+ 1-slot HI Switch\n\n\n**iMC Products**\n\n  + **IMC PLAT - Version: 7.2 E0403P04**\n    * HP Network Products\n      - JD125A  HP IMC Std S/W Platform w/100-node\n      - JD126A  HP IMC Ent S/W Platform w/100-node\n      - JD808A  HP IMC Ent Platform w/100-node License\n      - JD814A   HP A-IMC Enterprise Edition Software DVD Media\n      - JD815A  HP IMC Std Platform w/100-node License\n      - JD816A  HP A-IMC Standard Edition Software DVD Media\n      - JF288AAE  HP Network Director to Intelligent Management Center\nUpgrade E-LTU\n      - JF289AAE  HP Enterprise Management System to Intelligent Management\nCenter Upgrade E-LTU\n      - JF377A  HP IMC Std S/W Platform w/100-node Lic\n      - JF377AAE  HP IMC Std S/W Pltfrm w/100-node E-LTU\n      - JF378A  HP IMC Ent S/W Platform w/200-node Lic\n      - JF378AAE  HP IMC Ent S/W Pltfrm w/200-node E-LTU\n      - JG546AAE  HP IMC Basic SW Platform w/50-node E-LTU\n      - JG548AAE  HP PCM+ to IMC Bsc Upgr w/50-node E-LTU\n      - JG549AAE  HP PCM+ to IMC Std Upgr w/200-node E-LTU\n      - JG747AAE  HP IMC Std SW Plat w/ 50 Nodes E-LTU\n      - JG748AAE  HP IMC Ent SW Plat w/ 50 Nodes E-LTU\n      - JG768AAE  HP PCM+ to IMC Std Upg w/ 200-node E-LTU\n  + **IMC iNode - Version: 7.2 E0407**\n    * HP Network Products\n      - JD144A HP A-IMC User Access Management Software Module with 200-user\nLicense\n      - JD147A HP IMC Endpoint Admission Defense Software Module with\n200-user License\n      - JD435A HP A-IMC Endpoint Admission Defense Client Software\n      - JF388A HP IMC User Authentication Management Software Module with\n200-user License\n      - JF388AAE HP IMC User Authentication Management Software Module with\n200-user E-LTU\n      - JF391A HP IMC Endpoint Admission Defense Software Module with\n200-user License\n      - JF391AAE HP IMC Endpoint Admission Defense Software Module with\n200-user E-LTU\n      - JG752AAE HP IMC User Access Manager Software Module with 50-user\nE-LTU\n      - JG754AAE) HP IMC Endpoint Admission Defense Software Module with\n50-user E-LTU\n  + **iMC UAM_TAM - Version: 7.1 E0406**\n    * HP Network Products\n      - JF388A HP IMC UAM S/W MODULE W/200-USER LICENSE\n      - JF388AAE HP IMC UAM S/W MODULE W/200-USER E-LTU\n      - JG752AAE HP IMC UAM SW MOD W/ 50-USER E-LTU\n      - JG483A HP IMC TAM S/W MODULE W/100-NODE LIC\n      - JG483AAE HP IMC TAM S/W MODULE W/100-NODE E-LTU\n      - JG764AAE HP IMC TAM SW MOD W/ 50-NODE E-LTU\n  + **IMC WSM - Version: 7.2 E0502P04**\n    * HP Network Products\n      - JD456A HP IMC WSM Software Module with 50-Access Point License\n      - JF414A HP IMC Wireless Service Manager Software Module with 50-Access\nPoint License\n      - JF414AAE HP IMC Wireless Service Manager Software Module with\n50-Access Point E-LTU\n      - JG551AAE HP PCM+ Mobility Manager to IMC Wireless Service Manager\nModule Upgrade with 250 Access Point E-LTU\n      - JG758AAE HP IMC WSM/RTLS w/ 50-node E-LTU\n      - JG769AAE HP PCM Mobility Manager to IMC Wireless Service Manager Upg\nwith 250-node E-LTU\n\n**VCX Products**\n\n  + **VCX - Version: 9.8.19**\n    * HP Network Products\n      - J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr\n      - J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr\n      - JC517A HP VCX V7205 Platform w/DL 360 G6 Server\n      -  JE355A HP VCX V6000 Branch Platform 9.0\n      - JC516A HP VCX V7005 Platform w/DL 120 G6 Server\n      - JC518A HP VCX Connect 200 Primry 120 G6 Server\n      - J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr\n      - JE341A HP VCX Connect 100 Secondary\n      - JE252A HP VCX Connect Primary MIM Module\n      - JE253A HP VCX Connect Secondary MIM Module\n      - JE254A HP VCX Branch MIM Module\n      - JE355A HP VCX V6000 Branch Platform 9.0\n      - JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod\n      - JD023A HP MSR30-40 Router with VCX MIM Module\n      - JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM\n      - JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod\n      - JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod\n      - JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod\n      - JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS\n      - JE340A HP VCX Connect 100 Pri Server 9.0\n      - JE342A HP VCX Connect 100 Sec Server 9.0\n\n**Note:** Please contact HPE Technical Support if any assistance is needed\nacquiring the software updates. \n\nHISTORY\nVersion:1 (rev.1) - 21 February 2017 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability for any HPE supported\nproduct:\n  Web form: https://www.hpe.com/info/report-security-vulnerability\n  Email: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: openssl security update\nAdvisory ID:       RHSA-2015:2617-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2015-2617.html\nIssue date:        2015-12-14\nCVE Names:         CVE-2015-3194 CVE-2015-3195 CVE-2015-3196 \n=====================================================================\n\n1. Summary:\n\nUpdated openssl packages that fix three security issues are now available\nfor Red Hat Enterprise Linux 6 and 7. \n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library. \n\nA NULL pointer derefernce flaw was found in the way OpenSSL verified\nsignatures using the RSA PSS algorithm. A remote attacked could possibly\nuse this flaw to crash a TLS/SSL client using OpenSSL, or a TLS/SSL server\nusing OpenSSL if it enabled client authentication. (CVE-2015-3194)\n\nA memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and\nCMS data. A remote attacker could use this flaw to cause an application\nthat parses PKCS#7 or CMS data from untrusted sources to use an excessive\namount of memory and possibly crash. (CVE-2015-3195)\n\nA race condition flaw, leading to a double free, was found in the way\nOpenSSL handled pre-shared key (PSK) identify hints. A remote attacker\ncould use this flaw to crash a multi-threaded SSL/TLS client using\nOpenSSL. (CVE-2015-3196)\n\nAll openssl users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library must be restarted, or\nthe system rebooted. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1288320 - CVE-2015-3194 OpenSSL: Certificate verify crash with missing PSS parameter\n1288322 - CVE-2015-3195 OpenSSL: X509_ATTRIBUTE memory leak\n1288326 - CVE-2015-3196 OpenSSL: Race condition handling PSK identify hint\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nopenssl-1.0.1e-42.el6_7.1.src.rpm\n\ni386:\nopenssl-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-perl-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-static-1.0.1e-42.el6_7.1.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-perl-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-static-1.0.1e-42.el6_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nopenssl-1.0.1e-42.el6_7.1.src.rpm\n\nx86_64:\nopenssl-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-perl-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-static-1.0.1e-42.el6_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nopenssl-1.0.1e-42.el6_7.1.src.rpm\n\ni386:\nopenssl-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.i686.rpm\n\nppc64:\nopenssl-1.0.1e-42.el6_7.1.ppc.rpm\nopenssl-1.0.1e-42.el6_7.1.ppc64.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.ppc.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.ppc64.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.ppc.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-42.el6_7.1.s390.rpm\nopenssl-1.0.1e-42.el6_7.1.s390x.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.s390.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.s390x.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.s390.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-perl-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-static-1.0.1e-42.el6_7.1.i686.rpm\n\nppc64:\nopenssl-debuginfo-1.0.1e-42.el6_7.1.ppc64.rpm\nopenssl-perl-1.0.1e-42.el6_7.1.ppc64.rpm\nopenssl-static-1.0.1e-42.el6_7.1.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-42.el6_7.1.s390x.rpm\nopenssl-perl-1.0.1e-42.el6_7.1.s390x.rpm\nopenssl-static-1.0.1e-42.el6_7.1.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-perl-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-static-1.0.1e-42.el6_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nopenssl-1.0.1e-42.el6_7.1.src.rpm\n\ni386:\nopenssl-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-perl-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-static-1.0.1e-42.el6_7.1.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-perl-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-static-1.0.1e-42.el6_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.1.src.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.1.src.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.1.src.rpm\n\naarch64:\nopenssl-1.0.1e-51.el7_2.1.aarch64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.aarch64.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.aarch64.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.aarch64.rpm\n\nppc64:\nopenssl-1.0.1e-51.el7_2.1.ppc64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.ppc.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.ppc64.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.ppc.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.ppc64.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.ppc.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.ppc64.rpm\n\nppc64le:\nopenssl-1.0.1e-51.el7_2.1.ppc64le.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.ppc64le.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.ppc64le.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.ppc64le.rpm\n\ns390x:\nopenssl-1.0.1e-51.el7_2.1.s390x.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.s390.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.s390x.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.s390.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.s390x.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.s390.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\naarch64:\nopenssl-debuginfo-1.0.1e-51.el7_2.1.aarch64.rpm\nopenssl-perl-1.0.1e-51.el7_2.1.aarch64.rpm\nopenssl-static-1.0.1e-51.el7_2.1.aarch64.rpm\n\nppc64:\nopenssl-debuginfo-1.0.1e-51.el7_2.1.ppc.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.ppc64.rpm\nopenssl-perl-1.0.1e-51.el7_2.1.ppc64.rpm\nopenssl-static-1.0.1e-51.el7_2.1.ppc.rpm\nopenssl-static-1.0.1e-51.el7_2.1.ppc64.rpm\n\nppc64le:\nopenssl-debuginfo-1.0.1e-51.el7_2.1.ppc64le.rpm\nopenssl-perl-1.0.1e-51.el7_2.1.ppc64le.rpm\nopenssl-static-1.0.1e-51.el7_2.1.ppc64le.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-51.el7_2.1.s390.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.s390x.rpm\nopenssl-perl-1.0.1e-51.el7_2.1.s390x.rpm\nopenssl-static-1.0.1e-51.el7_2.1.s390.rpm\nopenssl-static-1.0.1e-51.el7_2.1.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.1.src.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2015-3194\nhttps://access.redhat.com/security/cve/CVE-2015-3195\nhttps://access.redhat.com/security/cve/CVE-2015-3196\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://openssl.org/news/secadv/20151203.txt\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFWblodXlSAg2UNWIIRAt6yAKCw1yHbcUPDEPeokS22dMKyo6YFsQCgmPe4\ndpIS/iR9oiOKMXJY5t447ME=\n=qvLr\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. Description:\n\nThis release of Red Hat JBoss Core Services httpd 2.4.23 serves as a\nreplacement for JBoss Core Services Apache HTTP Server 2.4.6. (CVE-2014-8176,\nCVE-2015-0209, CVE-2015-0286, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196,\nCVE-2015-3216, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0799,\nCVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109,\nCVE-2016-2177, CVE-2016-2178, CVE-2016-2842)\n\n* This update fixes several flaws in libxml2. (CVE-2016-1762,\nCVE-2016-1833, CVE-2016-1834, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837,\nCVE-2016-1838, CVE-2016-1839, CVE-2016-1840, CVE-2016-3627, CVE-2016-3705,\nCVE-2016-4447, CVE-2016-4448, CVE-2016-4449, CVE-2016-4483)\n\n* This update fixes three flaws in curl. (CVE-2016-5419, CVE-2016-5420,\nCVE-2016-7141)\n\n* This update fixes two flaws in httpd. (CVE-2014-3523, CVE-2015-3185)\n\n* This update fixes two flaws in mod_cluster. (CVE-2016-4459,\nCVE-2016-8612)\n\n* A buffer overflow flaw when concatenating virtual host names and URIs was\nfixed in mod_jk. (CVE-2012-1148)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2014-8176, CVE-2015-0286, CVE-2016-2108, CVE-2016-2105, CVE-2016-2106,\nCVE-2016-2107, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0799,\nand CVE-2016-2842. Upstream acknowledges Stephen Henson (OpenSSL development team)\nas the original reporter of CVE-2015-0286; Huzaifa Sidhpurwala (Red Hat),\nHanno BAPck, and David Benjamin (Google) as the original reporters of\nCVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2105,\nCVE-2016-2106, CVE-2016-0797, CVE-2016-0799, and CVE-2016-2842; Juraj\nSomorovsky as the original reporter of CVE-2016-2107; Yuval Yarom\n(University of Adelaide and NICTA), Daniel Genkin (Technion and Tel Aviv\nUniversity), and Nadia Heninger (University of Pennsylvania) as the\noriginal reporters of CVE-2016-0702; and Adam Langley (Google/BoringSSL) as\nthe original reporter of CVE-2016-0705. \n\nSee the corresponding CVE pages linked to in the References section for\nmore information about each of the flaws listed in this advisory. Solution:\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss Web Server installation (including all applications\nand configuration files). \n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically. Bugs fixed (https://bugzilla.redhat.com/):\n\n801648 - CVE-2012-1148 expat: Memory leak in poolGrow\n1121519 - CVE-2014-3523 httpd: WinNT MPM denial of service\n1196737 - CVE-2015-0209 openssl: use-after-free on invalid EC private key import\n1202366 - CVE-2015-0286 openssl: invalid pointer use in ASN1_TYPE_cmp()\n1227574 - CVE-2015-3216 openssl: Crash in ssleay_rand_bytes due to locking regression\n1228611 - CVE-2014-8176 OpenSSL: Invalid free in DTLS\n1243888 - CVE-2015-3185 httpd: ap_some_auth_required() does not properly indicate authenticated request in 2.4\n1288320 - CVE-2015-3194 OpenSSL: Certificate verify crash with missing PSS parameter\n1288322 - CVE-2015-3195 OpenSSL: X509_ATTRIBUTE memory leak\n1288326 - CVE-2015-3196 OpenSSL: Race condition handling PSK identify hint\n1310596 - CVE-2016-0705 OpenSSL: Double-free in DSA code\n1310599 - CVE-2016-0702 OpenSSL: Side channel attack on modular exponentiation\n1311880 - CVE-2016-0797 OpenSSL: BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption\n1312219 - CVE-2016-0799 OpenSSL: Fix memory issues in BIO_*printf functions\n1314757 - CVE-2016-2842 openssl: doapr_outch function does not verify that certain memory allocation succeeds\n1319829 - CVE-2016-3627 libxml2: stack exhaustion while parsing xml files in recovery mode\n1330101 - CVE-2016-2109 openssl: ASN.1 BIO handling of large amounts of data\n1331402 - CVE-2016-2108 openssl: Memory corruption in the ASN.1 encoder\n1331426 - CVE-2016-2107 openssl: Padding oracle in AES-NI CBC MAC check\n1331441 - CVE-2016-2105 openssl: EVP_EncodeUpdate overflow\n1331536 - CVE-2016-2106 openssl: EVP_EncryptUpdate overflow\n1332443 - CVE-2016-3705 libxml2: stack overflow before detecting invalid XML file\n1332820 - CVE-2016-4483 libxml2: out-of-bounds read\n1338682 - CVE-2016-1833 libxml2: Heap-based buffer overread in htmlCurrentChar\n1338686 - CVE-2016-4447 libxml2: Heap-based buffer underreads due to xmlParseName\n1338691 - CVE-2016-1835 libxml2: Heap use-after-free in xmlSAX2AttributeNs\n1338696 - CVE-2016-1837 libxml2: Heap use-after-free in htmlPArsePubidLiteral and htmlParseSystemiteral\n1338700 - CVE-2016-4448 libxml2: Format string vulnerability\n1338701 - CVE-2016-4449 libxml2: Inappropriate fetch of entities content\n1338702 - CVE-2016-1836 libxml2: Heap use-after-free in xmlDictComputeFastKey\n1338703 - CVE-2016-1839 libxml2: Heap-based buffer overread in xmlDictAddString\n1338705 - CVE-2016-1838 libxml2: Heap-based buffer overread in xmlPArserPrintFileContextInternal\n1338706 - CVE-2016-1840 libxml2: Heap-buffer-overflow in xmlFAParserPosCharGroup\n1338708 - CVE-2016-1834 libxml2: Heap-buffer-overflow in xmlStrncat\n1338711 - CVE-2016-1762 libxml2: Heap-based buffer-overread in xmlNextChar\n1341583 - CVE-2016-4459 mod_cluster: Buffer overflow in mod_manager when sending request with long JVMRoute\n1341705 - CVE-2016-2177 openssl: Possible integer overflow vulnerabilities in codebase\n1343400 - CVE-2016-2178 openssl: Non-constant time codepath followed for certain operations in DSA implementation\n1362183 - CVE-2016-5419 curl: TLS session resumption client cert bypass\n1362190 - CVE-2016-5420 curl: Re-using connection with wrong client cert\n1373229 - CVE-2016-7141 curl: Incorrect reuse of client certificates\n1382352 - CVE-2016-6808 mod_jk: Buffer overflow when concatenating virtual host name and URI\n1387605 - CVE-2016-8612 JBCS mod_cluster: Protocol parsing logic error\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nJBCS-50 - CVE-2012-1148 CVE-2012-0876 expat: various flaws [jbews-3.0.0]\nJBCS-95 - CVE-2014-3523 httpd: WinNT MPM denial of service\n\n6. \n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 1.0.1e-2+deb7u18. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1.0.1k-3+deb8u2. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.0.2e-1 or earlier",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2015-3194"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006115"
          },
          {
            "db": "BID",
            "id": "78623"
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-3194"
          },
          {
            "db": "PACKETSTORM",
            "id": "169632"
          },
          {
            "db": "PACKETSTORM",
            "id": "137294"
          },
          {
            "db": "PACKETSTORM",
            "id": "141239"
          },
          {
            "db": "PACKETSTORM",
            "id": "134782"
          },
          {
            "db": "PACKETSTORM",
            "id": "137292"
          },
          {
            "db": "PACKETSTORM",
            "id": "137201"
          },
          {
            "db": "PACKETSTORM",
            "id": "136992"
          },
          {
            "db": "PACKETSTORM",
            "id": "140182"
          },
          {
            "db": "PACKETSTORM",
            "id": "134632"
          }
        ],
        "trust": 2.79
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2015-3194",
            "trust": 3.1
          },
          {
            "db": "BID",
            "id": "78623",
            "trust": 1.4
          },
          {
            "db": "JUNIPER",
            "id": "JSA10761",
            "trust": 1.4
          },
          {
            "db": "BID",
            "id": "91787",
            "trust": 1.1
          },
          {
            "db": "PULSESECURE",
            "id": "SA40100",
            "trust": 1.1
          },
          {
            "db": "SIEMENS",
            "id": "SSA-412672",
            "trust": 1.1
          },
          {
            "db": "SECTRACK",
            "id": "1034294",
            "trust": 1.1
          },
          {
            "db": "JUNIPER",
            "id": "JSA10759",
            "trust": 1.1
          },
          {
            "db": "JVN",
            "id": "JVNVU95113540",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006115",
            "trust": 0.8
          },
          {
            "db": "MCAFEE",
            "id": "SB10203",
            "trust": 0.3
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-22-349-21",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-3194",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "169632",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "137294",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "141239",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "134782",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "137292",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "137201",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "136992",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "140182",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "134632",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2015-3194"
          },
          {
            "db": "BID",
            "id": "78623"
          },
          {
            "db": "PACKETSTORM",
            "id": "169632"
          },
          {
            "db": "PACKETSTORM",
            "id": "137294"
          },
          {
            "db": "PACKETSTORM",
            "id": "141239"
          },
          {
            "db": "PACKETSTORM",
            "id": "134782"
          },
          {
            "db": "PACKETSTORM",
            "id": "137292"
          },
          {
            "db": "PACKETSTORM",
            "id": "137201"
          },
          {
            "db": "PACKETSTORM",
            "id": "136992"
          },
          {
            "db": "PACKETSTORM",
            "id": "140182"
          },
          {
            "db": "PACKETSTORM",
            "id": "134632"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006115"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-3194"
          }
        ]
      },
      "id": "VAR-201512-0483",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.446405245
      },
      "last_update_date": "2026-03-09T22:42:25.354000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "HPSBMU03590",
            "trust": 0.8,
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05131085"
          },
          {
            "title": "HPSBMU03611",
            "trust": 0.8,
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05150888"
          },
          {
            "title": "HPSBMU03612",
            "trust": 0.8,
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05158380"
          },
          {
            "title": "OpenSSL 1.0.2 Series Release Notes",
            "trust": 0.8,
            "url": "https://www.openssl.org/news/openssl-1.0.2-notes.html"
          },
          {
            "title": "OpenSSL 1.0.1 Series Release Notes",
            "trust": 0.8,
            "url": "https://www.openssl.org/news/openssl-1.0.1-notes.html"
          },
          {
            "title": "Release Strategy",
            "trust": 0.8,
            "url": "https://www.openssl.org/policies/releasestrat.html"
          },
          {
            "title": "Add PSS parameter check. (d8541d7)",
            "trust": 0.8,
            "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=d8541d7e9e63bf5f343af24644046c8d96498c17"
          },
          {
            "title": "Add PSS parameter check. (c394a48)",
            "trust": 0.8,
            "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=c394a488942387246653833359a5c94b5832674e"
          },
          {
            "title": "Certificate verify crash with missing PSS parameter (CVE-2015-3194)",
            "trust": 0.8,
            "url": "http://openssl.org/news/secadv/20151203.txt"
          },
          {
            "title": "Oracle Critical Patch Update Advisory - April 2016",
            "trust": 0.8,
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
          },
          {
            "title": "Oracle Critical Patch Update CVSS V2 Risk Matrices - April 2016",
            "trust": 0.8,
            "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html"
          },
          {
            "title": "Text Form of Oracle Critical Patch Update - April 2016 Risk Matrices",
            "trust": 0.8,
            "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2016verbose-2881709.html"
          },
          {
            "title": "Oracle Critical Patch Update Advisory - July 2016",
            "trust": 0.8,
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
          },
          {
            "title": "Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices",
            "trust": 0.8,
            "url": "http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html"
          },
          {
            "title": "Oracle Solaris Third Party Bulletin - January 2016",
            "trust": 0.8,
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
          },
          {
            "title": "Bug 1288320",
            "trust": 0.8,
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1288320"
          },
          {
            "title": "July 2016 Critical Patch Update Released",
            "trust": 0.8,
            "url": "https://blogs.oracle.com/security/entry/july_2016_critical_patch_update"
          },
          {
            "title": "April 2016 Critical Patch Update Released",
            "trust": 0.8,
            "url": "https://blogs.oracle.com/security/entry/april_2016_critical_patch_update"
          },
          {
            "title": "Red Hat: Moderate: openssl security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20152617 - Security Advisory"
          },
          {
            "title": "Debian Security Advisories: DSA-3413-1 openssl -- security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=82bedc073c0f22b408ebaf092ed8621c"
          },
          {
            "title": "Red Hat: CVE-2015-3194",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2015-3194"
          },
          {
            "title": "Ubuntu Security Notice: openssl vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-2830-1"
          },
          {
            "title": "Amazon Linux AMI: ALAS-2015-614",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2015-614"
          },
          {
            "title": "Tenable Security Advisories: [R7] OpenSSL \u002720151203\u0027 Advisory Affects Tenable SecurityCenter",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=TNS-2016-01"
          },
          {
            "title": "Forcepoint Security Advisories: CVE-2015-3194, 3195, 3196 -- Security Vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=forcepoint_security_advisories\u0026qid=62ab21cc073446940abce12c35db3049"
          },
          {
            "title": "Cisco: Multiple Vulnerabilities in OpenSSL (December 2015) Affecting Cisco Products",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20151204-openssl"
          },
          {
            "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP 2.4.23 Release",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20162957 - Security Advisory"
          },
          {
            "title": "Symantec Security Advisories: SA105 : OpenSSL Vulnerabilities 3-Dec-2015",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=a924415f718a299b2d1e8046890941f3"
          },
          {
            "title": "Debian CVElist Bug Report Logs: Security fixes from the April 2016 CPU",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=6bed8fb34e63f7953d08e5701d75ec01"
          },
          {
            "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - October 2015",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=435ed9abc2fb1e74ce2a69605a01e326"
          },
          {
            "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
          },
          {
            "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2016",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=eb439566c9130adc92d21bc093204cf8"
          },
          {
            "title": "Oracle: Oracle Critical Patch Update Advisory - April 2016",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=122319027ae43d6d626710f1b1bb1d43"
          },
          {
            "title": "Oracle: Oracle Critical Patch Update Advisory - July 2016",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489"
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/Live-Hack-CVE/CVE-2015-3194 "
          },
          {
            "title": "changelog",
            "trust": 0.1,
            "url": "https://github.com/halon/changelog "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2015-3194"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006115"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-476",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-Other",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006115"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-3194"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 1.5,
            "url": "http://openssl.org/news/secadv/20151203.txt"
          },
          {
            "trust": 1.4,
            "url": "http://www.fortiguard.com/advisory/openssl-advisory-december-2015"
          },
          {
            "trust": 1.4,
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
          },
          {
            "trust": 1.4,
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
          },
          {
            "trust": 1.4,
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
          },
          {
            "trust": 1.2,
            "url": "http://rhn.redhat.com/errata/rhsa-2015-2617.html"
          },
          {
            "trust": 1.2,
            "url": "http://rhn.redhat.com/errata/rhsa-2016-2957.html"
          },
          {
            "trust": 1.1,
            "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00071.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.debian.org/security/2015/dsa-3413"
          },
          {
            "trust": 1.1,
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-december/173801.html"
          },
          {
            "trust": 1.1,
            "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00087.html"
          },
          {
            "trust": 1.1,
            "url": "http://fortiguard.com/advisory/openssl-advisory-december-2015"
          },
          {
            "trust": 1.1,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html"
          },
          {
            "trust": 1.1,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.securityfocus.com/bid/78623"
          },
          {
            "trust": 1.1,
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04944173"
          },
          {
            "trust": 1.1,
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05158380"
          },
          {
            "trust": 1.1,
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05150888"
          },
          {
            "trust": 1.1,
            "url": "http://www.securityfocus.com/bid/91787"
          },
          {
            "trust": 1.1,
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05131085"
          },
          {
            "trust": 1.1,
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05111017"
          },
          {
            "trust": 1.1,
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05157667"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=145382583417444\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
          },
          {
            "trust": 1.1,
            "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40100"
          },
          {
            "trust": 1.1,
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1288320"
          },
          {
            "trust": 1.1,
            "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151204-openssl"
          },
          {
            "trust": 1.1,
            "url": "http://www.ubuntu.com/usn/usn-2830-1"
          },
          {
            "trust": 1.1,
            "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2015\u0026m=slackware-security.754583"
          },
          {
            "trust": 1.1,
            "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00070.html"
          },
          {
            "trust": 1.1,
            "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759"
          },
          {
            "trust": 1.1,
            "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10761"
          },
          {
            "trust": 1.1,
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05398322"
          },
          {
            "trust": 1.1,
            "url": "http://www.securitytracker.com/id/1034294"
          },
          {
            "trust": 1.1,
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "trust": 1.1,
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          },
          {
            "trust": 1.1,
            "url": "https://git.openssl.org/?p=openssl.git%3ba=commit%3bh=c394a488942387246653833359a5c94b5832674e"
          },
          {
            "trust": 1.1,
            "url": "https://git.openssl.org/?p=openssl.git%3ba=commit%3bh=d8541d7e9e63bf5f343af24644046c8d96498c17"
          },
          {
            "trust": 0.9,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3194"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3195"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3194"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/vu/jvnvu95113540/"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3194"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3196"
          },
          {
            "trust": 0.5,
            "url": "http://www.hpe.com/support/security_bulletin_archive"
          },
          {
            "trust": 0.5,
            "url": "http://www.hpe.com/support/subscriber_choice"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0799"
          },
          {
            "trust": 0.4,
            "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05398322"
          },
          {
            "trust": 0.4,
            "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0705"
          },
          {
            "trust": 0.3,
            "url": "https://kb.netapp.com/support/index?page=content\u0026id=9010051\u0026actp=rss"
          },
          {
            "trust": 0.3,
            "url": "http://openssl.org/"
          },
          {
            "trust": 0.3,
            "url": "https://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10761\u0026cat=sirt_1\u0026actp=list"
          },
          {
            "trust": 0.3,
            "url": "http://prod.lists.apple.com/archives/security-announce/2016/oct/msg00005.html"
          },
          {
            "trust": 0.3,
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10203"
          },
          {
            "trust": 0.3,
            "url": "http://seclists.org/bugtraq/2015/dec/23"
          },
          {
            "trust": 0.3,
            "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04944173"
          },
          {
            "trust": 0.3,
            "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05131085 "
          },
          {
            "trust": 0.3,
            "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05157667"
          },
          {
            "trust": 0.3,
            "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05150888"
          },
          {
            "trust": 0.3,
            "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05158380"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1023836"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1023987"
          },
          {
            "trust": 0.3,
            "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099196"
          },
          {
            "trust": 0.3,
            "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099199"
          },
          {
            "trust": 0.3,
            "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099200"
          },
          {
            "trust": 0.3,
            "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099210"
          },
          {
            "trust": 0.3,
            "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099426"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21981021"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1021091"
          },
          {
            "trust": 0.3,
            "url": "https://www.pexip.com/sites/pexip/files/pexip_security_bulletin_2016-02-17.pdf"
          },
          {
            "trust": 0.3,
            "url": "https://networks.unify.com/security/advisories/obso-1512-02.pdf"
          },
          {
            "trust": 0.3,
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21979528"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg2c1000128"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21978415"
          },
          {
            "trust": 0.3,
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21979761"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005656"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005657"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005669"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005694"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005702"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974168"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974459"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976148"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976419"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21977265"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21978085"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21978238"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21978239"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979086"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980207"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980965"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980969"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21981765"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982172"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982877"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982883"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983532"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984021"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21985739"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986593"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg2c1000058"
          },
          {
            "trust": 0.3,
            "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory15.asc"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983823"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982347"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1789"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1791"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6565"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1794"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3193"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2842"
          },
          {
            "trust": 0.2,
            "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2015-3194"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2015-3195"
          },
          {
            "trust": 0.2,
            "url": "https://bugzilla.redhat.com/):"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2015-3196"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/team/contact/"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1790"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1788"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1792"
          },
          {
            "trust": 0.2,
            "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05131085"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3567"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3513"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7501"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2017"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0205"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3568"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3508"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3569"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3509"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3511"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/476.html"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/live-hack-cve/cve-2015-3194"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2015:2617"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://usn.ubuntu.com/2830-1/"
          },
          {
            "trust": 0.1,
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21"
          },
          {
            "trust": 0.1,
            "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=42530"
          },
          {
            "trust": 0.1,
            "url": "https://www.openssl.org/about/secpolicy.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.openssl.org/about/releasestrat.html),"
          },
          {
            "trust": 0.1,
            "url": "https://www.openssl.org/news/secadv/20151203.txt"
          },
          {
            "trust": 0.1,
            "url": "http://h20564.www2.hpe.com/hpsc/swd/public"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0705"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-5161"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5600"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0800"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3566"
          },
          {
            "trust": 0.1,
            "url": "https://www.hpe.com/info/report-security-vulnerability"
          },
          {
            "trust": 0.1,
            "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/team/key/"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/articles/11258"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/updates/classification/#moderate"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7995"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-6750"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8035"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3237"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2015"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0728"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7547"
          },
          {
            "trust": 0.1,
            "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_"
          },
          {
            "trust": 0.1,
            "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05111017"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4969"
          },
          {
            "trust": 0.1,
            "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05131044"
          },
          {
            "trust": 0.1,
            "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05130958"
          },
          {
            "trust": 0.1,
            "url": "http://www.hpe.com/info/insightcontrol"
          },
          {
            "trust": 0.1,
            "url": "http://www.hpe.com/info/insightmanagement"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2019"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2020"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2018"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2022"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2027"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2026"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2021"
          },
          {
            "trust": 0.1,
            "url": "https://www.hp.com/go/hpsim"
          },
          {
            "trust": 0.1,
            "url": "https://issues.jboss.org/):"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2107"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2106"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-0705"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-4448"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3216"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-2106"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-0702"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0797"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2014-8176"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-6808"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1835"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en/red-hat-jboss-core-services-apache-http-server/version-2.4.23/apache-http-server-2423-release-notes/"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-3705"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-1838"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-2107"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-1839"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3523"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-2177"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-4483"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2014-3523"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-2842"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-8612"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1148"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1840"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-0797"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3185"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2109"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1836"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2015-3185"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-1833"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.apachehttp\u0026downloadtype=distributions\u0026version=2.4.23"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-2105"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8176"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-1840"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-1836"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-1762"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-1835"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-4449"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2015-0286"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1762"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-5420"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-2178"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-2108"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0286"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-3627"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2012-1148"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-1837"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-2109"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-1834"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/updates/classification/#important"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0209"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1837"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1839"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-5419"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-4459"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2108"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2015-0209"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0702"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2015-3216"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1838"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1833"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2105"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1834"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-4447"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-7141"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-0799"
          },
          {
            "trust": 0.1,
            "url": "https://www.debian.org/security/faq"
          },
          {
            "trust": 0.1,
            "url": "https://www.debian.org/security/"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2015-3194"
          },
          {
            "db": "BID",
            "id": "78623"
          },
          {
            "db": "PACKETSTORM",
            "id": "169632"
          },
          {
            "db": "PACKETSTORM",
            "id": "137294"
          },
          {
            "db": "PACKETSTORM",
            "id": "141239"
          },
          {
            "db": "PACKETSTORM",
            "id": "134782"
          },
          {
            "db": "PACKETSTORM",
            "id": "137292"
          },
          {
            "db": "PACKETSTORM",
            "id": "137201"
          },
          {
            "db": "PACKETSTORM",
            "id": "136992"
          },
          {
            "db": "PACKETSTORM",
            "id": "140182"
          },
          {
            "db": "PACKETSTORM",
            "id": "134632"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006115"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-3194"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "VULMON",
            "id": "CVE-2015-3194",
            "ident": null
          },
          {
            "db": "BID",
            "id": "78623",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "169632",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "137294",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "141239",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "134782",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "137292",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "137201",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "136992",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "140182",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "134632",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006115",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2015-3194",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2015-12-06T00:00:00",
            "db": "VULMON",
            "id": "CVE-2015-3194",
            "ident": null
          },
          {
            "date": "2015-12-03T00:00:00",
            "db": "BID",
            "id": "78623",
            "ident": null
          },
          {
            "date": "2015-12-03T12:12:12",
            "db": "PACKETSTORM",
            "id": "169632",
            "ident": null
          },
          {
            "date": "2016-06-02T16:22:00",
            "db": "PACKETSTORM",
            "id": "137294",
            "ident": null
          },
          {
            "date": "2017-02-23T17:10:09",
            "db": "PACKETSTORM",
            "id": "141239",
            "ident": null
          },
          {
            "date": "2015-12-14T16:39:59",
            "db": "PACKETSTORM",
            "id": "134782",
            "ident": null
          },
          {
            "date": "2016-06-02T19:12:12",
            "db": "PACKETSTORM",
            "id": "137292",
            "ident": null
          },
          {
            "date": "2016-05-26T09:22:00",
            "db": "PACKETSTORM",
            "id": "137201",
            "ident": null
          },
          {
            "date": "2016-05-13T16:14:35",
            "db": "PACKETSTORM",
            "id": "136992",
            "ident": null
          },
          {
            "date": "2016-12-16T16:34:49",
            "db": "PACKETSTORM",
            "id": "140182",
            "ident": null
          },
          {
            "date": "2015-12-04T17:22:00",
            "db": "PACKETSTORM",
            "id": "134632",
            "ident": null
          },
          {
            "date": "2015-12-08T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-006115",
            "ident": null
          },
          {
            "date": "2015-12-06T20:59:04.707000",
            "db": "NVD",
            "id": "CVE-2015-3194",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2023-11-07T00:00:00",
            "db": "VULMON",
            "id": "CVE-2015-3194",
            "ident": null
          },
          {
            "date": "2017-12-19T22:37:00",
            "db": "BID",
            "id": "78623",
            "ident": null
          },
          {
            "date": "2016-09-30T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-006115",
            "ident": null
          },
          {
            "date": "2025-04-12T10:46:40.837000",
            "db": "NVD",
            "id": "CVE-2015-3194",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "network",
        "sources": [
          {
            "db": "BID",
            "id": "78623"
          }
        ],
        "trust": 0.3
      },
      "title": {
        "_id": null,
        "data": "OpenSSL of  crypto/rsa/rsa_ameth.c Service disruption in  (DoS) Vulnerabilities",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006115"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "Failure to Handle Exceptional Conditions",
        "sources": [
          {
            "db": "BID",
            "id": "78623"
          }
        ],
        "trust": 0.3
      }
    }

    VAR-201709-0051

    Vulnerability from variot - Updated: 2025-04-20 23:21

    OpenStage 60 and OpenScape Desk Phone IP 55G SIP V3, OpenStage 15, 20E, 20 and 40 and OpenScape Desk Phone IP 35G SIP V3, OpenScape Desk Phone IP 35G Eco SIP V3, OpenStage 60 and OpenScape Desk Phone IP 55G HFA V3, OpenStage 15, 20E, 20, and 40 and OpenScape Desk Phone IP 35G HFA V3, and OpenScape Desk Phone IP 35G Eco HFA V3 use non-unique X.509 certificates and SSH host keys. Many embedded devices are not unique X.509 Certificate and SSH Spoofing and intermediary because host key is used (man-in-the-middle) There is a possibility of being attacked and attacks such as decryption of communication contents. The encryption key is hard-coded (CWE-321) SEC Consult of Stefan Viehböck According to the survey, many embedded devices are not unique X.509 Certificate and SSH It is said that it is accessible from the Internet using a host key. A hard-coded key in a firmware image or a repository stored by scanning the Internet scans.io ( In particular SSH And the result of SSL Certificate ) A device that uses a certificate whose fingerprint matches the data of can be determined to be vulnerable. Affected devices include household routers and IP From the camera VoIP Wide range of products. CWE-321: Use of Hard-coded Cryptographic Key http://cwe.mitre.org/data/definitions/321.html scans.io https://scans.io/ SSH Result of https://scans.io/series/ssh-rsa-full-ipv4 SSL Certificate https://scans.io/study/sonar.ssl In many vulnerable devices, certificate and key reuse is limited to a limited product line by a specific developer, but there are several examples where multiple developers use the same certificate or key. Or exist. These are common SDK Firmware developed using, or ISP Provided by OEM The root cause is the use of device firmware. Vulnerable equipment is impersonation and intermediary (man-in-the-middle) There is a possibility of being attacked or deciphering the communication contents. Perhaps the attacker can obtain authentication information and other sensitive information and use it for further attacks. Survey results and certificates SSH For more information on systems affected by host key issues, see SEC Consult See the blog post. Certificate https://www.sec-consult.com/download/certificates.html SSH Host key https://www.sec-consult.com/download/ssh_host_keys.html SEC Consult http://blog.sec-consult.com/2015/11/house-of-keys-industry-wide-https.htmlA remote attacker impersonates a user or intermediary (man-in-the-middle) There is a possibility of being attacked or deciphering the communication contents. As a result, confidential information may be leaked. UnifyOpenStage60 and so on are all IP phones from Unify. A remote attacker could exploit the vulnerability to exploit a man-in-the-middle attack or decrypt communication between legitimate users and devices

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201709-0051",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "openscape desk phone ip 35g hfa",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "unify",
            "version": "3.0"
          },
          {
            "model": "openscape desk phone ip 55g sip",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "unify",
            "version": "3.0"
          },
          {
            "model": "openstage 60",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "unify",
            "version": "3.0"
          },
          {
            "model": "openstage 20",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "unify",
            "version": "3.0"
          },
          {
            "model": "openscape desk phone ip 35g eco sip",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "unify",
            "version": "3.0"
          },
          {
            "model": "openstage 40",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "unify",
            "version": "3.0"
          },
          {
            "model": "openscape desk phone ip 55g hfa",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "unify",
            "version": "3.0"
          },
          {
            "model": "openstage 20e",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "unify",
            "version": "3.0"
          },
          {
            "model": "openscape desk phone ip 35g sip",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "unify",
            "version": "3.0"
          },
          {
            "model": "openstage 15",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "unify",
            "version": "3.0"
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "actiontec",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "d link",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "general electric",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "huawei",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "netcomm",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sierra",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "technicolor",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ubiquiti",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "unify",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "zte",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "c1000z",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "fr1000z",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "gs1900-24",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "gs1900-8",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "nwa1100-n",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "nwa1100-nh",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "nwa1121-ni",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "nwa1123-ac",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "nwa1123-ni",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "p-660hn-51",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "p-663hn-51",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "p8702n",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "pmg5318-b20a",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "q1000",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "sbg3300-n000",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "sbg3300-nb00",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "sbg3500-n000",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "vmg1312-b10a",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "vmg1312-b30a",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "vmg1312-b30b",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "vmg4380-b10a",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "vmg8324-b10a",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "vmg8924-b10a",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "vmg8924-b30a",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "vsg1435-b101",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "",
            "scope": null,
            "trust": 0.8,
            "vendor": "multiple vendors",
            "version": null
          },
          {
            "model": "openstage",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "unify",
            "version": "60"
          },
          {
            "model": "openscape desk phone ip 55g sip",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "unify",
            "version": "v3"
          },
          {
            "model": "openscape desk phone ip 35g sip",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "unify",
            "version": "v3"
          },
          {
            "model": "openstage",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "unify",
            "version": "40"
          },
          {
            "model": "openstage",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "unify",
            "version": "20"
          },
          {
            "model": "openstage 20e",
            "scope": null,
            "trust": 0.6,
            "vendor": "unify",
            "version": null
          },
          {
            "model": "openstage",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "unify",
            "version": "15"
          },
          {
            "model": "openscape desk phone ip 55g hfa",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "unify",
            "version": "v3"
          },
          {
            "model": "openscape desk phone ip 35g hfa",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "unify",
            "version": "v3"
          },
          {
            "model": "openscape desk phone ip 35g eco hfa",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "unify",
            "version": "v3"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#566724"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-33799"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006907"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201709-1157"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-8251"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:zyxel:c1000z_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:fr1000z_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:gs1900-24_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:gs1900-8_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:nwa1100-n_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:nwa1100-nh_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:nwa1121-ni_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:nwa1123-ac_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:nwa1123-ni_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:p-660hn-51_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:p-663hn-51_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:p8702n_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:pmg5318-b20a_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:q1000_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:sbg3300-n000_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:sbg3300-nb00_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:sbg3500-n000_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:vmg1312-b10a_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:vmg1312-b30a_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:vmg1312-b30b_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:vmg4380-b10a_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:vmg8324-b10a_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:vmg8924-b10a_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:vmg8924-b30a_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:vsg1435-b101_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:misc:multiple_vendors",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006907"
          }
        ]
      },
      "cve": "CVE-2015-8251",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2015-8251",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.0,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2015-8251",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2017-33799",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "VHN-86212",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.2,
                "id": "CVE-2015-8251",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2015-8251",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2015-8251",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-33799",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201709-1157",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-86212",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-33799"
          },
          {
            "db": "VULHUB",
            "id": "VHN-86212"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006907"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201709-1157"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-8251"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "OpenStage 60 and OpenScape Desk Phone IP 55G SIP V3, OpenStage 15, 20E, 20 and 40 and OpenScape Desk Phone IP 35G SIP V3, OpenScape Desk Phone IP 35G Eco SIP V3, OpenStage 60 and OpenScape Desk Phone IP 55G HFA V3, OpenStage 15, 20E, 20, and 40 and OpenScape Desk Phone IP 35G HFA V3, and OpenScape Desk Phone IP 35G Eco HFA V3 use non-unique X.509 certificates and SSH host keys. Many embedded devices are not unique X.509 Certificate and SSH Spoofing and intermediary because host key is used (man-in-the-middle) There is a possibility of being attacked and attacks such as decryption of communication contents. The encryption key is hard-coded (CWE-321) SEC Consult of Stefan Viehb\u0026#246;ck According to the survey, many embedded devices are not unique X.509 Certificate and SSH It is said that it is accessible from the Internet using a host key. A hard-coded key in a firmware image or a repository stored by scanning the Internet scans.io ( In particular SSH And the result of SSL Certificate ) A device that uses a certificate whose fingerprint matches the data of can be determined to be vulnerable. Affected devices include household routers and IP From the camera VoIP Wide range of products. CWE-321: Use of Hard-coded Cryptographic Key http://cwe.mitre.org/data/definitions/321.html scans.io https://scans.io/ SSH Result of https://scans.io/series/ssh-rsa-full-ipv4 SSL Certificate https://scans.io/study/sonar.ssl In many vulnerable devices, certificate and key reuse is limited to a limited product line by a specific developer, but there are several examples where multiple developers use the same certificate or key. Or exist. These are common SDK Firmware developed using, or ISP Provided by OEM The root cause is the use of device firmware. Vulnerable equipment is impersonation and intermediary (man-in-the-middle) There is a possibility of being attacked or deciphering the communication contents. Perhaps the attacker can obtain authentication information and other sensitive information and use it for further attacks. Survey results and certificates SSH For more information on systems affected by host key issues, see SEC Consult See the blog post. Certificate https://www.sec-consult.com/download/certificates.html SSH Host key https://www.sec-consult.com/download/ssh_host_keys.html SEC Consult http://blog.sec-consult.com/2015/11/house-of-keys-industry-wide-https.htmlA remote attacker impersonates a user or intermediary (man-in-the-middle) There is a possibility of being attacked or deciphering the communication contents. As a result, confidential information may be leaked. UnifyOpenStage60 and so on are all IP phones from Unify. A remote attacker could exploit the vulnerability to exploit a man-in-the-middle attack or decrypt communication between legitimate users and devices",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2015-8251"
          },
          {
            "db": "CERT/CC",
            "id": "VU#566724"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006907"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-33799"
          },
          {
            "db": "VULHUB",
            "id": "VHN-86212"
          }
        ],
        "trust": 2.97
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#566724",
            "trust": 3.9
          },
          {
            "db": "NVD",
            "id": "CVE-2015-8251",
            "trust": 3.1
          },
          {
            "db": "JVN",
            "id": "JVNVU96100360",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006907",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201709-1157",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-33799",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "84118",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-86212",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#566724"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-33799"
          },
          {
            "db": "VULHUB",
            "id": "VHN-86212"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006907"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201709-1157"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-8251"
          }
        ]
      },
      "id": "VAR-201709-0051",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-33799"
          },
          {
            "db": "VULHUB",
            "id": "VHN-86212"
          }
        ],
        "trust": 1.192671785
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-33799"
          }
        ]
      },
      "last_update_date": "2025-04-20T23:21:26.580000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Zyxel to Fix SSH Private Key and Certificate Vulnerability (CVE-2015-7256)",
            "trust": 0.8,
            "url": "http://www.zyxel.com/support/announcement_SSH_private_key_and_certificate_vulnerability.shtml"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006907"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-200",
            "trust": 1.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-86212"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-8251"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "http://www.kb.cert.org/vuls/id/566724"
          },
          {
            "trust": 1.7,
            "url": "https://networks.unify.com/security/advisories/obso-1511-02-a.pdf"
          },
          {
            "trust": 1.7,
            "url": "https://networks.unify.com/security/advisories/obso-1511-02.pdf"
          },
          {
            "trust": 1.7,
            "url": "https://www.kb.cert.org/vuls/id/bluu-a2ppze"
          },
          {
            "trust": 1.6,
            "url": "http://blog.sec-consult.com/2015/11/house-of-keys-industry-wide-https.html"
          },
          {
            "trust": 0.8,
            "url": "http://blog.sec-consult.com/2016/09/house-of-keys-9-months-later-40-worse.html"
          },
          {
            "trust": 0.8,
            "url": "https://www.sec-consult.com/download/certificates.html"
          },
          {
            "trust": 0.8,
            "url": "https://www.sec-consult.com/download/ssh_host_keys.html"
          },
          {
            "trust": 0.8,
            "url": "https://scans.io/"
          },
          {
            "trust": 0.8,
            "url": "https://scans.io/series/ssh-rsa-full-ipv4"
          },
          {
            "trust": 0.8,
            "url": "https://scans.io/study/sonar.ssl"
          },
          {
            "trust": 0.8,
            "url": "https://censys.io"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6358"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7255"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7256"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7276"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8251"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/vu/jvnvu96100360/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7256"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6358"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7255"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7276"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8251"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#566724"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-33799"
          },
          {
            "db": "VULHUB",
            "id": "VHN-86212"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006907"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201709-1157"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-8251"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#566724"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-33799"
          },
          {
            "db": "VULHUB",
            "id": "VHN-86212"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006907"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201709-1157"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-8251"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-11-25T00:00:00",
            "db": "CERT/CC",
            "id": "VU#566724"
          },
          {
            "date": "2017-11-14T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-33799"
          },
          {
            "date": "2017-09-25T00:00:00",
            "db": "VULHUB",
            "id": "VHN-86212"
          },
          {
            "date": "2016-02-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-006907"
          },
          {
            "date": "2017-09-25T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201709-1157"
          },
          {
            "date": "2017-09-25T21:29:00.913000",
            "db": "NVD",
            "id": "CVE-2015-8251"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-09-06T00:00:00",
            "db": "CERT/CC",
            "id": "VU#566724"
          },
          {
            "date": "2017-11-14T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-33799"
          },
          {
            "date": "2017-10-11T00:00:00",
            "db": "VULHUB",
            "id": "VHN-86212"
          },
          {
            "date": "2018-02-28T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-006907"
          },
          {
            "date": "2017-11-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201709-1157"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2015-8251"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201709-1157"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Embedded devices use non-unique X.509 certificates and SSH host keys",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#566724"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "information disclosure",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201709-1157"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201710-0035

    Vulnerability from variot - Updated: 2025-04-20 23:21

    Multiple Cisco embedded devices use hardcoded X.509 certificates and SSH host keys embedded in the firmware, which allows remote attackers to defeat cryptographic protection mechanisms and conduct man-in-the-middle attacks by leveraging knowledge of these certificates and keys from another installation, aka Bug IDs CSCuw46610, CSCuw46620, CSCuw46637, CSCuw46654, CSCuw46665, CSCuw46672, CSCuw46677, CSCuw46682, CSCuw46705, CSCuw46716, CSCuw46979, CSCuw47005, CSCuw47028, CSCuw47040, CSCuw47048, CSCuw47061, CSCuw90860, CSCuw90869, CSCuw90875, CSCuw90881, CSCuw90899, and CSCuw90913. The encryption key is hard-coded (CWE-321) SEC Consult of Stefan Viehböck According to the survey, many embedded devices are not unique X.509 Certificate and SSH It is said that it is accessible from the Internet using a host key. A hard-coded key in a firmware image or a repository stored by scanning the Internet scans.io ( In particular SSH And the result of SSL Certificate ) A device that uses a certificate whose fingerprint matches the data of can be determined to be vulnerable. Affected devices include household routers and IP From the camera VoIP Wide range of products. CWE-321: Use of Hard-coded Cryptographic Key http://cwe.mitre.org/data/definitions/321.html scans.io https://scans.io/ SSH Result of https://scans.io/series/ssh-rsa-full-ipv4 SSL Certificate https://scans.io/study/sonar.ssl In many vulnerable devices, certificate and key reuse is limited to a limited product line by a specific developer, but there are several examples where multiple developers use the same certificate or key. Or exist. These are common SDK Firmware developed using, or ISP Provided by OEM The root cause is the use of device firmware. Vulnerable equipment is impersonation and intermediary (man-in-the-middle) There is a possibility of being attacked or deciphering the communication contents. Perhaps the attacker can obtain authentication information and other sensitive information and use it for further attacks. Survey results and certificates SSH For more information on systems affected by host key issues, see SEC Consult See the blog post. Certificate https://www.sec-consult.com/download/certificates.html SSH Host key https://www.sec-consult.com/download/ssh_host_keys.html SEC Consult http://blog.sec-consult.com/2015/11/house-of-keys-industry-wide-https.htmlA remote attacker impersonates a user or intermediary (man-in-the-middle) There is a possibility of being attacked or deciphering the communication contents. As a result, confidential information may be leaked. The Cisco RV320 Dual Gigabit WAN VPN is a router product from Cisco Systems, USA. Multiple Cisco Products are prone to an information-disclosure vulnerability. Successful exploits will lead to other attacks. This issue is being tracked by Cisco Bug IDs CSCuw46610, CSCuw46620, CSCuw46637, CSCuw46654, CSCuw46665, CSCuw46672, CSCuw46677, CSCuw46682, CSCuw46705, CSCuw46716, CSCuw46979, CSCuw47005, CSCuw47028, CSCuw47040, CSCuw47048, CSCuw47061, CSCuw90860, CSCuw90869, CSCuw90875, CSCuw90881, CSCuw90899, and CSCuw90913. The flaw stems from the fact that the program does not generate unique keys and certificates

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201710-0035",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "srp520-u",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.2.6"
          },
          {
            "model": "rv180w",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.0.5.4"
          },
          {
            "model": "srp520",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.01.29"
          },
          {
            "model": "spa400",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.1.2.2"
          },
          {
            "model": "wap4410n",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "2.0.7.8"
          },
          {
            "model": "rv220w",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.0.4.17"
          },
          {
            "model": "pvc2300",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.1.2.6"
          },
          {
            "model": "rv120w",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.0.5.9"
          },
          {
            "model": "wrv210",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "2.0.1.5"
          },
          {
            "model": "rvs4000",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "2.0.3.4"
          },
          {
            "model": "wrv200",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.0.39"
          },
          {
            "model": "wvc2300",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.1.2.6"
          },
          {
            "model": "srw224p",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "2.0.2.4"
          },
          {
            "model": "wap2000",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "2.0.8.0"
          },
          {
            "model": "rv180",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.0.5.4"
          },
          {
            "model": "wrp500",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.0.1.002"
          },
          {
            "model": "wap4400n",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv325",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.3.1.10"
          },
          {
            "model": "rtp300",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "3.1.24"
          },
          {
            "model": "wrvs4400n",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "2.0.2.2"
          },
          {
            "model": "rv320",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.3.1.10"
          },
          {
            "model": "wap200",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "2.0.6.0"
          },
          {
            "model": "wet200",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "2.0.8.0"
          },
          {
            "model": "rv315w",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.01.03"
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "actiontec",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "d link",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "general electric",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "huawei",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "netcomm",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sierra",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "technicolor",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ubiquiti",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "unify",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "zte",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "c1000z",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "fr1000z",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "gs1900-24",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "gs1900-8",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "nwa1100-n",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "nwa1100-nh",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "nwa1121-ni",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "nwa1123-ac",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "nwa1123-ni",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "p-660hn-51",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "p-663hn-51",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "p8702n",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "pmg5318-b20a",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "q1000",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "sbg3300-n000",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "sbg3300-nb00",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "sbg3500-n000",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "vmg1312-b10a",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "vmg1312-b30a",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "vmg1312-b30b",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "vmg4380-b10a",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "vmg8324-b10a",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "vmg8924-b10a",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "vmg8924-b30a",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "vsg1435-b101",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "",
            "scope": null,
            "trust": 0.8,
            "vendor": "multiple vendors",
            "version": null
          },
          {
            "model": "rv320 dual gigabit wan vpn router",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv325 dual gigabit wan vpn router",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv325 dual wan gigabit vpn router",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rvs4000 4-port gigabit security router vpn",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "wrv210 wireless-g vpn router rangebooster",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "wap4410n wireless-n access point poe/advanced security",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "wrv200 wireless-g vpn router rangebooster",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "wrvs4400n wireless",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "srw224p",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "2.0.2.4"
          },
          {
            "model": "wap4400n",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "wvc2300",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "1.1.2.6"
          },
          {
            "model": "rv180",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "1.0.5.4"
          },
          {
            "model": "wap200",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "2.0.6.0"
          },
          {
            "model": "wrvs4400n",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "2.0.2.2"
          },
          {
            "model": "rv180w",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "1.0.5.4"
          },
          {
            "model": "wap2000",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "2.0.8.0"
          },
          {
            "model": "pvc2300",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "1.1.2.6"
          },
          {
            "model": "wet200",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "2.0.8.0"
          },
          {
            "model": "wvc2300 wireless-g business internet video camera audio",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "-0"
          },
          {
            "model": "wrvs4400n wireless-n gigabit security router vpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "-2.0"
          },
          {
            "model": "wrv210 wireless-g vpn router rangebooster",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "-0"
          },
          {
            "model": "wrv200 wireless-g vpn router rangebooster",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "-0"
          },
          {
            "model": "wrp500 wireless-ac broadband router with phone ports",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "20"
          },
          {
            "model": "wet200 wireless-g business ethernet bridge",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "wap4410n wireless-n access point poe/advanced security",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "-0"
          },
          {
            "model": "wap4400n wireless-n access point poe",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "-0"
          },
          {
            "model": "wap2000 wireless-g access point poe",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "-0"
          },
          {
            "model": "wap200 wireless-g access point poe/rangebooster",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "-0"
          },
          {
            "model": "srw224p 24-port 2-port gigabit switch webview/poe",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "10/100+-0"
          },
          {
            "model": "spa400 internet telephony gateway with fxo ports",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "40"
          },
          {
            "model": "small business srp520-u models",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "small business srp520 models",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "rvs4000 4-port gigabit security router vpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "-0"
          },
          {
            "model": "rv325 dual wan gigabit vpn router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "rv325 dual gigabit wan vpn router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "rv320 dual gigabit wan vpn router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "rv315w wireless-n vpn router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "rv220w wireless network security firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "rv180w wireless-n multifunction vpn router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "rv180 vpn router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "rv120w wireless-n vpn firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "rtp300 broadband router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "pvc2300 business internet video camera audio/poe",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "-0"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#566724"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-07863"
          },
          {
            "db": "BID",
            "id": "78047"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006907"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201511-426"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-6358"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:zyxel:c1000z_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:fr1000z_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:gs1900-24_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:gs1900-8_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:nwa1100-n_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:nwa1100-nh_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:nwa1121-ni_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:nwa1123-ac_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:nwa1123-ni_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:p-660hn-51_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:p-663hn-51_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:p8702n_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:pmg5318-b20a_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:q1000_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:sbg3300-n000_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:sbg3300-nb00_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:sbg3500-n000_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:vmg1312-b10a_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:vmg1312-b30a_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:vmg1312-b30b_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:vmg4380-b10a_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:vmg8324-b10a_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:vmg8924-b10a_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:vmg8924-b30a_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:vsg1435-b101_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:misc:multiple_vendors",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006907"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Stefan Viehb\u00f6ck of SEC Consult.",
        "sources": [
          {
            "db": "BID",
            "id": "78047"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2015-6358",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2015-6358",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.0,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2015-6358",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2015-07863",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "VHN-84319",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.2,
                "id": "CVE-2015-6358",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2015-6358",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2015-6358",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2015-07863",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201511-426",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-84319",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-07863"
          },
          {
            "db": "VULHUB",
            "id": "VHN-84319"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006907"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201511-426"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-6358"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple Cisco embedded devices use hardcoded X.509 certificates and SSH host keys embedded in the firmware, which allows remote attackers to defeat cryptographic protection mechanisms and conduct man-in-the-middle attacks by leveraging knowledge of these certificates and keys from another installation, aka Bug IDs CSCuw46610, CSCuw46620, CSCuw46637, CSCuw46654, CSCuw46665, CSCuw46672, CSCuw46677, CSCuw46682, CSCuw46705, CSCuw46716, CSCuw46979, CSCuw47005, CSCuw47028, CSCuw47040, CSCuw47048, CSCuw47061, CSCuw90860, CSCuw90869, CSCuw90875, CSCuw90881, CSCuw90899, and CSCuw90913. The encryption key is hard-coded (CWE-321) SEC Consult of Stefan Viehb\u0026#246;ck According to the survey, many embedded devices are not unique X.509 Certificate and SSH It is said that it is accessible from the Internet using a host key. A hard-coded key in a firmware image or a repository stored by scanning the Internet scans.io ( In particular SSH And the result of SSL Certificate ) A device that uses a certificate whose fingerprint matches the data of can be determined to be vulnerable. Affected devices include household routers and IP From the camera VoIP Wide range of products. CWE-321: Use of Hard-coded Cryptographic Key http://cwe.mitre.org/data/definitions/321.html scans.io https://scans.io/ SSH Result of https://scans.io/series/ssh-rsa-full-ipv4 SSL Certificate https://scans.io/study/sonar.ssl In many vulnerable devices, certificate and key reuse is limited to a limited product line by a specific developer, but there are several examples where multiple developers use the same certificate or key. Or exist. These are common SDK Firmware developed using, or ISP Provided by OEM The root cause is the use of device firmware. Vulnerable equipment is impersonation and intermediary (man-in-the-middle) There is a possibility of being attacked or deciphering the communication contents. Perhaps the attacker can obtain authentication information and other sensitive information and use it for further attacks. Survey results and certificates SSH For more information on systems affected by host key issues, see SEC Consult See the blog post. Certificate https://www.sec-consult.com/download/certificates.html SSH Host key https://www.sec-consult.com/download/ssh_host_keys.html SEC Consult http://blog.sec-consult.com/2015/11/house-of-keys-industry-wide-https.htmlA remote attacker impersonates a user or intermediary (man-in-the-middle) There is a possibility of being attacked or deciphering the communication contents. As a result, confidential information may be leaked. The Cisco RV320 Dual Gigabit WAN VPN is a router product from Cisco Systems, USA. Multiple Cisco Products are prone to an information-disclosure vulnerability. Successful exploits will lead to other attacks. \nThis issue is being tracked by Cisco Bug IDs CSCuw46610, CSCuw46620, CSCuw46637, CSCuw46654, CSCuw46665, CSCuw46672, CSCuw46677, CSCuw46682, CSCuw46705, CSCuw46716, CSCuw46979, CSCuw47005, CSCuw47028, CSCuw47040, CSCuw47048, CSCuw47061, CSCuw90860, CSCuw90869, CSCuw90875, CSCuw90881, CSCuw90899, and CSCuw90913. The flaw stems from the fact that the program does not generate unique keys and certificates",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2015-6358"
          },
          {
            "db": "CERT/CC",
            "id": "VU#566724"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006907"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-07863"
          },
          {
            "db": "BID",
            "id": "78047"
          },
          {
            "db": "VULHUB",
            "id": "VHN-84319"
          }
        ],
        "trust": 3.24
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#566724",
            "trust": 3.6
          },
          {
            "db": "NVD",
            "id": "CVE-2015-6358",
            "trust": 3.4
          },
          {
            "db": "BID",
            "id": "78047",
            "trust": 2.0
          },
          {
            "db": "SECTRACK",
            "id": "1034257",
            "trust": 1.7
          },
          {
            "db": "SECTRACK",
            "id": "1034255",
            "trust": 1.7
          },
          {
            "db": "SECTRACK",
            "id": "1034258",
            "trust": 1.7
          },
          {
            "db": "SECTRACK",
            "id": "1034256",
            "trust": 1.7
          },
          {
            "db": "JVN",
            "id": "JVNVU96100360",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006907",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201511-426",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-07863",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-84319",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#566724"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-07863"
          },
          {
            "db": "VULHUB",
            "id": "VHN-84319"
          },
          {
            "db": "BID",
            "id": "78047"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006907"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201511-426"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-6358"
          }
        ]
      },
      "id": "VAR-201710-0035",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-07863"
          },
          {
            "db": "VULHUB",
            "id": "VHN-84319"
          }
        ],
        "trust": 1.365750996923077
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-07863"
          }
        ]
      },
      "last_update_date": "2025-04-20T23:21:26.541000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Zyxel to Fix SSH Private Key and Certificate Vulnerability (CVE-2015-7256)",
            "trust": 0.8,
            "url": "http://www.zyxel.com/support/announcement_SSH_private_key_and_certificate_vulnerability.shtml"
          },
          {
            "title": "Patches for multiple Cisco product information disclosure vulnerabilities",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/67387"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-07863"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006907"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-295",
            "trust": 1.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-84319"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-6358"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.8,
            "url": "http://www.kb.cert.org/vuls/id/566724"
          },
          {
            "trust": 2.6,
            "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151125-ci"
          },
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/78047"
          },
          {
            "trust": 1.7,
            "url": "http://www.securitytracker.com/id/1034255"
          },
          {
            "trust": 1.7,
            "url": "http://www.securitytracker.com/id/1034256"
          },
          {
            "trust": 1.7,
            "url": "http://www.securitytracker.com/id/1034257"
          },
          {
            "trust": 1.7,
            "url": "http://www.securitytracker.com/id/1034258"
          },
          {
            "trust": 1.6,
            "url": "http://blog.sec-consult.com/2015/11/house-of-keys-industry-wide-https.html"
          },
          {
            "trust": 0.8,
            "url": "http://blog.sec-consult.com/2016/09/house-of-keys-9-months-later-40-worse.html"
          },
          {
            "trust": 0.8,
            "url": "https://www.sec-consult.com/download/certificates.html"
          },
          {
            "trust": 0.8,
            "url": "https://www.sec-consult.com/download/ssh_host_keys.html"
          },
          {
            "trust": 0.8,
            "url": "https://scans.io/"
          },
          {
            "trust": 0.8,
            "url": "https://scans.io/series/ssh-rsa-full-ipv4"
          },
          {
            "trust": 0.8,
            "url": "https://scans.io/study/sonar.ssl"
          },
          {
            "trust": 0.8,
            "url": "https://censys.io"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6358"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7255"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7256"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7276"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8251"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/vu/jvnvu96100360/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7256"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6358"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7255"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7276"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8251"
          },
          {
            "trust": 0.3,
            "url": "http://www.cisco.com/"
          },
          {
            "trust": 0.3,
            "url": "http://www.kb.cert.org/vuls/id/bluu-a2nqxj"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#566724"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-07863"
          },
          {
            "db": "VULHUB",
            "id": "VHN-84319"
          },
          {
            "db": "BID",
            "id": "78047"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006907"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201511-426"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-6358"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#566724"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-07863"
          },
          {
            "db": "VULHUB",
            "id": "VHN-84319"
          },
          {
            "db": "BID",
            "id": "78047"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006907"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201511-426"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-6358"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-11-25T00:00:00",
            "db": "CERT/CC",
            "id": "VU#566724"
          },
          {
            "date": "2015-12-01T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-07863"
          },
          {
            "date": "2017-10-12T00:00:00",
            "db": "VULHUB",
            "id": "VHN-84319"
          },
          {
            "date": "2015-11-25T00:00:00",
            "db": "BID",
            "id": "78047"
          },
          {
            "date": "2016-02-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-006907"
          },
          {
            "date": "2015-11-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201511-426"
          },
          {
            "date": "2017-10-12T15:29:00.217000",
            "db": "NVD",
            "id": "CVE-2015-6358"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-09-06T00:00:00",
            "db": "CERT/CC",
            "id": "VU#566724"
          },
          {
            "date": "2015-12-01T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-07863"
          },
          {
            "date": "2017-11-03T00:00:00",
            "db": "VULHUB",
            "id": "VHN-84319"
          },
          {
            "date": "2015-11-25T00:00:00",
            "db": "BID",
            "id": "78047"
          },
          {
            "date": "2018-02-28T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-006907"
          },
          {
            "date": "2017-10-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201511-426"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2015-6358"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201511-426"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Embedded devices use non-unique X.509 certificates and SSH host keys",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#566724"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "lack of information",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201511-426"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201709-0027

    Vulnerability from variot - Updated: 2025-04-20 23:21

    ZyXEL NWA1100-N, NWA1100-NH, NWA1121-NI, NWA1123-AC, and NWA1123-NI access points; P-660HN-51, P-663HN-51, VMG1312-B10A, VMG1312-B30A, VMG1312-B30B, VMG4380-B10A, VMG8324-B10A, VMG8924-B10A, VMG8924-B30A, and VSG1435-B101 DSL CPEs; PMG5318-B20A GPONs; SBG3300-N000, SBG3300-NB00, and SBG3500-N000 small business gateways; GS1900-8 and GS1900-24 switches; and C1000Z, Q1000, FR1000Z, and P8702N project models use non-unique X.509 certificates and SSH host keys. Many embedded devices are not unique X.509 Certificate and SSH Spoofing and intermediary because host key is used (man-in-the-middle) There is a possibility of being attacked and attacks such as decryption of communication contents. The encryption key is hard-coded (CWE-321) SEC Consult of Stefan Viehböck According to the survey, many embedded devices are not unique X.509 Certificate and SSH It is said that it is accessible from the Internet using a host key. A hard-coded key in a firmware image or a repository stored by scanning the Internet scans.io ( In particular SSH And the result of SSL Certificate ) A device that uses a certificate whose fingerprint matches the data of can be determined to be vulnerable. Affected devices include household routers and IP From the camera VoIP Wide range of products. CWE-321: Use of Hard-coded Cryptographic Key http://cwe.mitre.org/data/definitions/321.html scans.io https://scans.io/ SSH Result of https://scans.io/series/ssh-rsa-full-ipv4 SSL Certificate https://scans.io/study/sonar.ssl In many vulnerable devices, certificate and key reuse is limited to a limited product line by a specific developer, but there are several examples where multiple developers use the same certificate or key. Or exist. These are common SDK Firmware developed using, or ISP Provided by OEM The root cause is the use of device firmware. Vulnerable equipment is impersonation and intermediary (man-in-the-middle) There is a possibility of being attacked or deciphering the communication contents. Perhaps the attacker can obtain authentication information and other sensitive information and use it for further attacks. Survey results and certificates SSH For more information on systems affected by host key issues, see SEC Consult See the blog post. Certificate https://www.sec-consult.com/download/certificates.html SSH Host key https://www.sec-consult.com/download/ssh_host_keys.html SEC Consult http://blog.sec-consult.com/2015/11/house-of-keys-industry-wide-https.htmlA remote attacker impersonates a user or intermediary (man-in-the-middle) There is a possibility of being attacked or deciphering the communication contents. As a result, confidential information may be leaked. ZyXEL Access Point NWA1100-N is a wireless network receiving device from ZyXEL Technology. Multiple ZyXEL Products are prone to an information-disclosure vulnerability. Successful exploits will lead to other attacks

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201709-0027",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "gs1900-8",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "gs1900-24",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "sbg3500-n000",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "p8702n",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "pmg5318-b20a",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "c1000z",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "q1000",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "sbg3300-nb00",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "fr1000z",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "sbg3300-n000",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "vmg4380-b10a",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "nwa1123-ac",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "vmg1312-b30b",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "vsg1435-b101",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "nwa1123-ni",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "vmg1312-b30a",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "nwa1121-ni",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "vmg8924-b30a",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "vmg1312-b10a",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "nwa1100-nh",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "nwa1100-n",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "vmg8924-b10a",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "p-660hn-51",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "p-663hn-51",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "vmg8324-b10a",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "access point nwa1100-n",
            "scope": null,
            "trust": 0.9,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "access point nwa1100-nh",
            "scope": null,
            "trust": 0.9,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "access point nwa1123-ac",
            "scope": null,
            "trust": 0.9,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "access point nwa1121-ni",
            "scope": null,
            "trust": 0.9,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "dsl cpe p-660hn-51",
            "scope": null,
            "trust": 0.9,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "dsl cpe p-663hn-51",
            "scope": null,
            "trust": 0.9,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "dsl cpe vmg1312-b10a",
            "scope": null,
            "trust": 0.9,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "dsl cpe vmg1312-b30a",
            "scope": null,
            "trust": 0.9,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "dsl cpe vmg1312-b30b",
            "scope": null,
            "trust": 0.9,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "dsl cpe vmg4380-b10a",
            "scope": null,
            "trust": 0.9,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "dsl cpe vmg8324-b10a",
            "scope": null,
            "trust": 0.9,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "dsl cpe vmg8924-b10a",
            "scope": null,
            "trust": 0.9,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "dsl cpe vmg8924-b30a",
            "scope": null,
            "trust": 0.9,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "dsl cpe vsg1435-b101",
            "scope": null,
            "trust": 0.9,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "gpon pmg1006-b20a",
            "scope": null,
            "trust": 0.9,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "gpon pmg5318-b20a",
            "scope": null,
            "trust": 0.9,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "small business gateway sbg3300-n000",
            "scope": null,
            "trust": 0.9,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "small business gateway sbg3300-nb00",
            "scope": null,
            "trust": 0.9,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "small business gateway sbg3500-n000",
            "scope": null,
            "trust": 0.9,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "switch gs1900-8",
            "scope": null,
            "trust": 0.9,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "switch gs1900-24",
            "scope": null,
            "trust": 0.9,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "wimax max208m2w",
            "scope": null,
            "trust": 0.9,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "wimax max218m2w",
            "scope": null,
            "trust": 0.9,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "wimax max218mw",
            "scope": null,
            "trust": 0.9,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "wimax max308m",
            "scope": null,
            "trust": 0.9,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "project model c1000z",
            "scope": null,
            "trust": 0.9,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "project model q1000",
            "scope": null,
            "trust": 0.9,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "project model fr1000z",
            "scope": null,
            "trust": 0.9,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "project model p8702n",
            "scope": null,
            "trust": 0.9,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "actiontec",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "d link",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "general electric",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "huawei",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "netcomm",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sierra",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "technicolor",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ubiquiti",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "unify",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "zte",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "c1000z",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "fr1000z",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "gs1900-24",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "gs1900-8",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "nwa1100-n",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "nwa1100-nh",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "nwa1121-ni",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "nwa1123-ac",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "nwa1123-ni",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "p-660hn-51",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "p-663hn-51",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "p8702n",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "pmg5318-b20a",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "q1000",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "sbg3300-n000",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "sbg3300-nb00",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "sbg3500-n000",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "vmg1312-b10a",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "vmg1312-b30a",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "vmg1312-b30b",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "vmg4380-b10a",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "vmg8324-b10a",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "vmg8924-b10a",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "vmg8924-b30a",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "vsg1435-b101",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "",
            "scope": null,
            "trust": 0.8,
            "vendor": "multiple vendors",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#566724"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-08082"
          },
          {
            "db": "BID",
            "id": "78214"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006907"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201512-204"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-7256"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:zyxel:c1000z_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:fr1000z_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:gs1900-24_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:gs1900-8_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:nwa1100-n_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:nwa1100-nh_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:nwa1121-ni_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:nwa1123-ac_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:nwa1123-ni_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:p-660hn-51_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:p-663hn-51_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:p8702n_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:pmg5318-b20a_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:q1000_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:sbg3300-n000_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:sbg3300-nb00_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:sbg3500-n000_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:vmg1312-b10a_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:vmg1312-b30a_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:vmg1312-b30b_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:vmg4380-b10a_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:vmg8324-b10a_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:vmg8924-b10a_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:vmg8924-b30a_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:vsg1435-b101_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:misc:multiple_vendors",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006907"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Stefan Viehb?ck of SEC Consult.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201512-204"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2015-7256",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2015-7256",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.0,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2015-7256",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2015-08082",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "VHN-85217",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.2,
                "id": "CVE-2015-7256",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2015-7256",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2015-7256",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2015-08082",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201512-204",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-85217",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-08082"
          },
          {
            "db": "VULHUB",
            "id": "VHN-85217"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006907"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201512-204"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-7256"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ZyXEL NWA1100-N, NWA1100-NH, NWA1121-NI, NWA1123-AC, and NWA1123-NI access points; P-660HN-51, P-663HN-51, VMG1312-B10A, VMG1312-B30A, VMG1312-B30B, VMG4380-B10A, VMG8324-B10A, VMG8924-B10A, VMG8924-B30A, and VSG1435-B101 DSL CPEs; PMG5318-B20A GPONs; SBG3300-N000, SBG3300-NB00, and SBG3500-N000 small business gateways; GS1900-8 and GS1900-24 switches; and C1000Z, Q1000, FR1000Z, and P8702N project models use non-unique X.509 certificates and SSH host keys. Many embedded devices are not unique X.509 Certificate and SSH Spoofing and intermediary because host key is used (man-in-the-middle) There is a possibility of being attacked and attacks such as decryption of communication contents. The encryption key is hard-coded (CWE-321) SEC Consult of Stefan Viehb\u0026#246;ck According to the survey, many embedded devices are not unique X.509 Certificate and SSH It is said that it is accessible from the Internet using a host key. A hard-coded key in a firmware image or a repository stored by scanning the Internet scans.io ( In particular SSH And the result of SSL Certificate ) A device that uses a certificate whose fingerprint matches the data of can be determined to be vulnerable. Affected devices include household routers and IP From the camera VoIP Wide range of products. CWE-321: Use of Hard-coded Cryptographic Key http://cwe.mitre.org/data/definitions/321.html scans.io https://scans.io/ SSH Result of https://scans.io/series/ssh-rsa-full-ipv4 SSL Certificate https://scans.io/study/sonar.ssl In many vulnerable devices, certificate and key reuse is limited to a limited product line by a specific developer, but there are several examples where multiple developers use the same certificate or key. Or exist. These are common SDK Firmware developed using, or ISP Provided by OEM The root cause is the use of device firmware. Vulnerable equipment is impersonation and intermediary (man-in-the-middle) There is a possibility of being attacked or deciphering the communication contents. Perhaps the attacker can obtain authentication information and other sensitive information and use it for further attacks. Survey results and certificates SSH For more information on systems affected by host key issues, see SEC Consult See the blog post. Certificate https://www.sec-consult.com/download/certificates.html SSH Host key https://www.sec-consult.com/download/ssh_host_keys.html SEC Consult http://blog.sec-consult.com/2015/11/house-of-keys-industry-wide-https.htmlA remote attacker impersonates a user or intermediary (man-in-the-middle) There is a possibility of being attacked or deciphering the communication contents. As a result, confidential information may be leaked. ZyXEL Access Point NWA1100-N is a wireless network receiving device from ZyXEL Technology. Multiple ZyXEL Products are prone to an information-disclosure vulnerability. Successful exploits will lead to other attacks",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2015-7256"
          },
          {
            "db": "CERT/CC",
            "id": "VU#566724"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006907"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-08082"
          },
          {
            "db": "BID",
            "id": "78214"
          },
          {
            "db": "VULHUB",
            "id": "VHN-85217"
          }
        ],
        "trust": 3.24
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#566724",
            "trust": 3.6
          },
          {
            "db": "NVD",
            "id": "CVE-2015-7256",
            "trust": 3.4
          },
          {
            "db": "BID",
            "id": "78214",
            "trust": 1.6
          },
          {
            "db": "JVN",
            "id": "JVNVU96100360",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006907",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201512-204",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-08082",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-85217",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#566724"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-08082"
          },
          {
            "db": "VULHUB",
            "id": "VHN-85217"
          },
          {
            "db": "BID",
            "id": "78214"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006907"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201512-204"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-7256"
          }
        ]
      },
      "id": "VAR-201709-0027",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-08082"
          },
          {
            "db": "VULHUB",
            "id": "VHN-85217"
          }
        ],
        "trust": 1.4433235866666667
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-08082"
          }
        ]
      },
      "last_update_date": "2025-04-20T23:21:26.498000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Zyxel to Fix SSH Private Key and Certificate Vulnerability (CVE-2015-7256)",
            "trust": 0.8,
            "url": "http://www.zyxel.com/support/announcement_SSH_private_key_and_certificate_vulnerability.shtml"
          },
          {
            "title": "Patches for multiple ZyXEL product information disclosure vulnerabilities",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/68153"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-08082"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006907"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-310",
            "trust": 1.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-85217"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-7256"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.8,
            "url": "http://www.kb.cert.org/vuls/id/566724"
          },
          {
            "trust": 2.0,
            "url": "http://www.zyxel.com/support/announcement_ssh_private_key_and_certificate_vulnerability.shtml"
          },
          {
            "trust": 1.6,
            "url": "http://blog.sec-consult.com/2015/11/house-of-keys-industry-wide-https.html"
          },
          {
            "trust": 1.2,
            "url": "http://www.securityfocus.com/bid/78214"
          },
          {
            "trust": 0.8,
            "url": "http://blog.sec-consult.com/2016/09/house-of-keys-9-months-later-40-worse.html"
          },
          {
            "trust": 0.8,
            "url": "https://www.sec-consult.com/download/certificates.html"
          },
          {
            "trust": 0.8,
            "url": "https://www.sec-consult.com/download/ssh_host_keys.html"
          },
          {
            "trust": 0.8,
            "url": "https://scans.io/"
          },
          {
            "trust": 0.8,
            "url": "https://scans.io/series/ssh-rsa-full-ipv4"
          },
          {
            "trust": 0.8,
            "url": "https://scans.io/study/sonar.ssl"
          },
          {
            "trust": 0.8,
            "url": "https://censys.io"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6358"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7255"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7256"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7276"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8251"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/vu/jvnvu96100360/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7256"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6358"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7255"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7276"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8251"
          },
          {
            "trust": 0.3,
            "url": "http://www.zyxel.com/th/th/"
          },
          {
            "trust": 0.3,
            "url": "http://www.kb.cert.org/vuls/id/bluu-a2nqyp"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#566724"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-08082"
          },
          {
            "db": "VULHUB",
            "id": "VHN-85217"
          },
          {
            "db": "BID",
            "id": "78214"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006907"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201512-204"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-7256"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#566724"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-08082"
          },
          {
            "db": "VULHUB",
            "id": "VHN-85217"
          },
          {
            "db": "BID",
            "id": "78214"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006907"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201512-204"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-7256"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-11-25T00:00:00",
            "db": "CERT/CC",
            "id": "VU#566724"
          },
          {
            "date": "2015-12-14T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-08082"
          },
          {
            "date": "2017-09-28T00:00:00",
            "db": "VULHUB",
            "id": "VHN-85217"
          },
          {
            "date": "2015-11-25T00:00:00",
            "db": "BID",
            "id": "78214"
          },
          {
            "date": "2016-02-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-006907"
          },
          {
            "date": "2015-11-25T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201512-204"
          },
          {
            "date": "2017-09-28T01:29:00.670000",
            "db": "NVD",
            "id": "CVE-2015-7256"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-09-06T00:00:00",
            "db": "CERT/CC",
            "id": "VU#566724"
          },
          {
            "date": "2015-12-14T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-08082"
          },
          {
            "date": "2017-10-11T00:00:00",
            "db": "VULHUB",
            "id": "VHN-85217"
          },
          {
            "date": "2015-11-25T00:00:00",
            "db": "BID",
            "id": "78214"
          },
          {
            "date": "2018-02-28T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-006907"
          },
          {
            "date": "2015-12-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201512-204"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2015-7256"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201512-204"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Embedded devices use non-unique X.509 certificates and SSH host keys",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#566724"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "encryption problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201512-204"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201708-0143

    Vulnerability from variot - Updated: 2025-04-20 23:21

    ZTE OX-330P, ZXHN H108N, W300V1.0.0S_ZRD_TR1_D68, HG110, GAN9.8T101A-B, MF28G, ZXHN H108N use non-unique X.509 certificates and SSH host keys, which might allow remote attackers to obtain credentials or other sensitive information via a man-in-the-middle attack, passive decryption attack, or impersonating a legitimate device. The encryption key is hard-coded (CWE-321) SEC Consult of Stefan Viehböck According to the survey, many embedded devices are not unique X.509 Certificate and SSH It is said that it is accessible from the Internet using a host key. A hard-coded key in a firmware image or a repository stored by scanning the Internet scans.io ( In particular SSH And the result of SSL Certificate ) A device that uses a certificate whose fingerprint matches the data of can be determined to be vulnerable. Affected devices include household routers and IP From the camera VoIP Wide range of products. CWE-321: Use of Hard-coded Cryptographic Key http://cwe.mitre.org/data/definitions/321.html scans.io https://scans.io/ SSH Result of https://scans.io/series/ssh-rsa-full-ipv4 SSL Certificate https://scans.io/study/sonar.ssl In many vulnerable devices, certificate and key reuse is limited to a limited product line by a specific developer, but there are several examples where multiple developers use the same certificate or key. Or exist. These are common SDK Firmware developed using, or ISP Provided by OEM The root cause is the use of device firmware. Vulnerable equipment is impersonation and intermediary (man-in-the-middle) There is a possibility of being attacked or deciphering the communication contents. Perhaps the attacker can obtain authentication information and other sensitive information and use it for further attacks. Survey results and certificates SSH For more information on systems affected by host key issues, see SEC Consult See the blog post. As a result, confidential information may be leaked. ZTEOX-330P and others are wireless router products of China ZTE Corporation (ZTE). An information disclosure vulnerability exists in several ZTE products. The following products are affected: ZTE OX-330P; ZXHN H108N; W300V1.0.0S_ZRD_TR1_D68; HG110; GAN9.8T101A-B; MF28G;

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201708-0143",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "mf28g",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "zte",
            "version": null
          },
          {
            "model": "hg110",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "zte",
            "version": null
          },
          {
            "model": "zxhn h108n",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "zte",
            "version": null
          },
          {
            "model": "gan9.8t101a-b",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "zte",
            "version": null
          },
          {
            "model": "ox-330p",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "zte",
            "version": null
          },
          {
            "model": "w300v1.0.0s zrd tr1 d68",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "zte",
            "version": null
          },
          {
            "model": "zxhn h108n",
            "scope": null,
            "trust": 1.2,
            "vendor": "zte",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "actiontec",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "d link",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "general electric",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "huawei",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "netcomm",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sierra",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "technicolor",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ubiquiti",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "unify",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "zte",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "c1000z",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "fr1000z",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "gs1900-24",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "gs1900-8",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "nwa1100-n",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "nwa1100-nh",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "nwa1121-ni",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "nwa1123-ac",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "nwa1123-ni",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "p-660hn-51",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "p-663hn-51",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "p8702n",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "pmg5318-b20a",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "q1000",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "sbg3300-n000",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "sbg3300-nb00",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "sbg3500-n000",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "vmg1312-b10a",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "vmg1312-b30a",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "vmg1312-b30b",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "vmg4380-b10a",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "vmg8324-b10a",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "vmg8924-b10a",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "vmg8924-b30a",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "vsg1435-b101",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "",
            "scope": null,
            "trust": 0.8,
            "vendor": "multiple vendors",
            "version": null
          },
          {
            "model": "ox-330p",
            "scope": null,
            "trust": 0.6,
            "vendor": "zte",
            "version": null
          },
          {
            "model": "w300v1.0.0s zrd tr1 d68",
            "scope": null,
            "trust": 0.6,
            "vendor": "zte",
            "version": null
          },
          {
            "model": "hg110",
            "scope": null,
            "trust": 0.6,
            "vendor": "zte",
            "version": null
          },
          {
            "model": "gan9.8t101a-b",
            "scope": null,
            "trust": 0.6,
            "vendor": "zte",
            "version": null
          },
          {
            "model": "mf28g",
            "scope": null,
            "trust": 0.6,
            "vendor": "zte",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#566724"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-33516"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006907"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-1334"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-7255"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:zyxel:c1000z_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:fr1000z_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:gs1900-24_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:gs1900-8_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:nwa1100-n_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:nwa1100-nh_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:nwa1121-ni_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:nwa1123-ac_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:nwa1123-ni_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:p-660hn-51_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:p-663hn-51_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:p8702n_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:pmg5318-b20a_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:q1000_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:sbg3300-n000_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:sbg3300-nb00_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:sbg3500-n000_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:vmg1312-b10a_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:vmg1312-b30a_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:vmg1312-b30b_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:vmg4380-b10a_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:vmg8324-b10a_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:vmg8924-b10a_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:vmg8924-b30a_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:vsg1435-b101_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:misc:multiple_vendors",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006907"
          }
        ]
      },
      "cve": "CVE-2015-7255",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2015-7255",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2017-33516",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-85216",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2015-7255",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2015-7255",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2015-7255",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-33516",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201708-1334",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-85216",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-33516"
          },
          {
            "db": "VULHUB",
            "id": "VHN-85216"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006907"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-1334"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-7255"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ZTE OX-330P, ZXHN H108N, W300V1.0.0S_ZRD_TR1_D68, HG110, GAN9.8T101A-B, MF28G, ZXHN H108N use non-unique X.509 certificates and SSH host keys, which might allow remote attackers to obtain credentials or other sensitive information via a man-in-the-middle attack, passive decryption attack, or impersonating a legitimate device. The encryption key is hard-coded (CWE-321) SEC Consult of Stefan Viehb\u0026#246;ck According to the survey, many embedded devices are not unique X.509 Certificate and SSH It is said that it is accessible from the Internet using a host key. A hard-coded key in a firmware image or a repository stored by scanning the Internet scans.io ( In particular SSH And the result of SSL Certificate ) A device that uses a certificate whose fingerprint matches the data of can be determined to be vulnerable. Affected devices include household routers and IP From the camera VoIP Wide range of products. CWE-321: Use of Hard-coded Cryptographic Key http://cwe.mitre.org/data/definitions/321.html scans.io https://scans.io/ SSH Result of https://scans.io/series/ssh-rsa-full-ipv4 SSL Certificate https://scans.io/study/sonar.ssl In many vulnerable devices, certificate and key reuse is limited to a limited product line by a specific developer, but there are several examples where multiple developers use the same certificate or key. Or exist. These are common SDK Firmware developed using, or ISP Provided by OEM The root cause is the use of device firmware. Vulnerable equipment is impersonation and intermediary (man-in-the-middle) There is a possibility of being attacked or deciphering the communication contents. Perhaps the attacker can obtain authentication information and other sensitive information and use it for further attacks. Survey results and certificates SSH For more information on systems affected by host key issues, see SEC Consult See the blog post. As a result, confidential information may be leaked. ZTEOX-330P and others are wireless router products of China ZTE Corporation (ZTE). An information disclosure vulnerability exists in several ZTE products. The following products are affected: ZTE OX-330P; ZXHN H108N; W300V1.0.0S_ZRD_TR1_D68; HG110; GAN9.8T101A-B; MF28G;",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2015-7255"
          },
          {
            "db": "CERT/CC",
            "id": "VU#566724"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006907"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-33516"
          },
          {
            "db": "VULHUB",
            "id": "VHN-85216"
          }
        ],
        "trust": 2.97
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#566724",
            "trust": 3.9
          },
          {
            "db": "NVD",
            "id": "CVE-2015-7255",
            "trust": 3.1
          },
          {
            "db": "JVN",
            "id": "JVNVU96100360",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006907",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-1334",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-33516",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-85216",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#566724"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-33516"
          },
          {
            "db": "VULHUB",
            "id": "VHN-85216"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006907"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-1334"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-7255"
          }
        ]
      },
      "id": "VAR-201708-0143",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-33516"
          },
          {
            "db": "VULHUB",
            "id": "VHN-85216"
          }
        ],
        "trust": 1.28941403
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-33516"
          }
        ]
      },
      "last_update_date": "2025-04-20T23:21:26.460000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Zyxel to Fix SSH Private Key and Certificate Vulnerability (CVE-2015-7256)",
            "trust": 0.8,
            "url": "http://www.zyxel.com/support/announcement_SSH_private_key_and_certificate_vulnerability.shtml"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006907"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-200",
            "trust": 1.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-85216"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-7255"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "http://www.kb.cert.org/vuls/id/566724"
          },
          {
            "trust": 1.7,
            "url": "https://www.kb.cert.org/vuls/id/bluu-a2nqyr"
          },
          {
            "trust": 1.6,
            "url": "http://blog.sec-consult.com/2015/11/house-of-keys-industry-wide-https.html"
          },
          {
            "trust": 1.6,
            "url": "https://github.com/sec-consult/houseofkeys/search?p=3\u0026q=zte\u0026type=\u0026utf8=%e2%9c%93"
          },
          {
            "trust": 0.8,
            "url": "http://blog.sec-consult.com/2016/09/house-of-keys-9-months-later-40-worse.html"
          },
          {
            "trust": 0.8,
            "url": "https://www.sec-consult.com/download/certificates.html"
          },
          {
            "trust": 0.8,
            "url": "https://www.sec-consult.com/download/ssh_host_keys.html"
          },
          {
            "trust": 0.8,
            "url": "https://scans.io/"
          },
          {
            "trust": 0.8,
            "url": "https://scans.io/series/ssh-rsa-full-ipv4"
          },
          {
            "trust": 0.8,
            "url": "https://scans.io/study/sonar.ssl"
          },
          {
            "trust": 0.8,
            "url": "https://censys.io"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6358"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7255"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7256"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7276"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8251"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/vu/jvnvu96100360/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7256"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6358"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7255"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7276"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8251"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/sec-consult/houseofkeys/search?p=3\u0026amp;q=zte\u0026amp;type=\u0026amp;utf8=%e2%9c%93"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#566724"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-33516"
          },
          {
            "db": "VULHUB",
            "id": "VHN-85216"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006907"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-1334"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-7255"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#566724"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-33516"
          },
          {
            "db": "VULHUB",
            "id": "VHN-85216"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006907"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-1334"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-7255"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-11-25T00:00:00",
            "db": "CERT/CC",
            "id": "VU#566724"
          },
          {
            "date": "2017-11-10T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-33516"
          },
          {
            "date": "2017-08-29T00:00:00",
            "db": "VULHUB",
            "id": "VHN-85216"
          },
          {
            "date": "2016-02-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-006907"
          },
          {
            "date": "2017-08-29T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201708-1334"
          },
          {
            "date": "2017-08-29T15:29:00.517000",
            "db": "NVD",
            "id": "CVE-2015-7255"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-09-06T00:00:00",
            "db": "CERT/CC",
            "id": "VU#566724"
          },
          {
            "date": "2017-11-10T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-33516"
          },
          {
            "date": "2017-09-12T00:00:00",
            "db": "VULHUB",
            "id": "VHN-85216"
          },
          {
            "date": "2018-02-28T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-006907"
          },
          {
            "date": "2017-10-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201708-1334"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2015-7255"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-1334"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Embedded devices use non-unique X.509 certificates and SSH host keys",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#566724"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "information disclosure",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-1334"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201512-0395

    Vulnerability from variot - Updated: 2025-04-13 20:25

    Serialized-object interfaces in certain Cisco Collaboration and Social Media; Endpoint Clients and Client Software; Network Application, Service, and Acceleration; Network and Content Security Devices; Network Management and Provisioning; Routing and Switching - Enterprise and Service Provider; Unified Computing; Voice and Unified Communications Devices; Video, Streaming, TelePresence, and Transcoding Devices; Wireless; and Cisco Hosted Services products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. The TP-LINK EAP Controller is TP-LINK's software for remotely controlling wireless access point devices. EAP Controller for Linux lacks user authentication for RMI service commands, as well as utilizes an outdated vulnerable version of Apache commons-collections, which may allow an attacker to implement deserialization attacks and control the EAP Controller server. plural Cisco The serialized object interface of the product contains an arbitrary command execution vulnerability. http://cwe.mitre.org/data/definitions/502.htmlSkillfully crafted serialized by a third party Java An arbitrary command may be executed through the object. Apache Commons Collections (ACC) The library deserialization process is vulnerable. Java Application ACC When using the library directly or within the range accessible by specifying the class path ACC If a library is installed, arbitrary code may be executed. Apache Commons Collections (ACC) Library http://commons.apache.org/proper/commons-collections/ Deserialize untrusted data (CWE-502) 2015 Year 1 Held on the moon AppSec California 2015 In Gabriel Lawrence Mr. and Chris Frohoff He talked about a vulnerability that could deserialize untrusted data and showed that it could execute arbitrary code. Any use of the serialization function that is not appropriate Java Application or Java Libraries are affected by this vulnerability. Deserialize untrusted data (CWE-502) http://cwe.mitre.org/data/definitions/502.html Gabriel Lawrence Mr. and Chris Frohoff Mr. Lecture http://frohoff.github.io/appseccali-marshalling-pickles/ 2015 Year 11 A month Foxglove Security of Stephen Breen Mr. this problem Apache Commons Collections (ACC) Exist in the library, especially for deserializing untrusted data InvokerTransformer It was pointed out that arbitrary code could be executed when using classes. ACC Software that uses the library, WebSphere , Jenkins , WebLogic , OpenNMS Etc. are also affected. Foxglove Security of Stephen Breen Mr (What Do WebLogic, WebSphere, JBoss, Jenkins, OpenNMS, and Your Application Have in Common? This Vulnerability.) http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/ Jenkins https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11 WebLogic http://www.oracle.com/technetwork/topics/security/alert-cve-2015-4852-2763333.html?elq_mid=31793&sh=&cmid=WWSU12091612MPP001C179 ACC Library version 3.2.1 , 4.0 Both are affected by this vulnerability. version 3.2.1 , 4.0 https://blogs.apache.org/foundation/entry/apache_commons_statement_to_widespread Apache Software Fondation Has posted an official view of the vulnerability on its blog. Here you can find advice on countermeasures and links to related information. In addition, entries related to this vulnerability (COLLECTIONS-580) Is built on a bug management system. Official view https://blogs.apache.org/foundation/entry/apache_commons_statement_to_widespread Entries related to this vulnerability (COLLECTIONS-580) https://issues.apache.org/jira/browse/COLLECTIONS-580 ACC other than, Groovy And Spring The same problem is being investigated for these issues. Lawrence Mr. and Frohoff In his presentation material, Java not only Python And Ruby It is stated that the same problem exists in applications and libraries written in the above. Regardless of the programming language or library used, it is important to fully consider the data serialization capabilities from the software design stage.Apache Commons Collections I'm using a library Java Application or Java Library is optional Java It may be possible to execute code. Also, ACC Even if the library is not used directly, it can be accessed by specifying the class path. ACC If the library exists, any Java It may be possible to execute code. Oracle WebLogic is an application server based on Java (J2EE) architecture of Oracle Corporation of the United States. Red Hat JBOSS is an open source J2EE-based application server from Red Hat. CloudBees Jenkins CI (formerly known as Hudson Labs) is a set of Java-based continuous integration tools developed by CloudBees. OpenNMS is a set of enterprise-level, Java / XML-based distributed network and system monitoring and management platform from the American OpenNMS company. It can extend or add Java collections framework. A remote command execution vulnerability exists in Java's deserialization process. A remote attacker can exploit this vulnerability by constructing an automatically executed code call chain to attach malicious code to user input and execute arbitrary Java functions or bytecode. The following products and versions are affected: JBoss Enterprise Application Platform 6.4.4, 5.2.0, 4.3.0_CP10, AS (Wildly) 6 and earlier, A-MQ 6.2.0, Fuse 6.2.0, SOA Platform (SOA-P) 5.3.1, Data Grid (JDG) 6.5.0, BRMS (BRMS) 6.1.0, BPMS (BPMS) 6.1.0, Data Virtualization (JDV) 6.1.0, Fuse Service Works (FSW) version 6.0.0, Enterprise Web Server (EWS) version 2.1, version 3.0, Jenkins version 1.555, WebSphere, WebLogic, OpenNMS. Apache Commons Collections(ACC)是美国阿帕奇(Apache)软件基金会的一个Apache Commons项目的Commons Proper(可重复利用Java组件库)中的组件,它可以扩展或增加Java集合框架.

    多款Cisco产品的ACC库中使用的Java反序列化过程中存在安全漏洞。远程攻击者可通过提交特制的输入利用该漏洞执行任意代码。以下产品及版本受到影响:Cisco Digital Life RMS 1.8.1.1版本,Broadband Access Center Telco Wireless 3.8.1版本;SocialMiner,WebEx Meetings Server 1.x版本,2.x版本;NAC Agent for Windows;InTracer,Network Admission Control (NAC),Visual Quality Experience Server,Visual Quality Experience Tools Server;ASA CX and Cisco Prime Security Manager,Clean Access Manager,NAC Appliance (Clean Access Server),NAC Guest Server,NAC Server,Secure Access Control System (ACS);Access Registrar Appliance,Cloupia Unified Infrastructure Controller,Configuration Professional,Digital Media Manager,Insight Reporter,Prime Access Registrar Appliance,Prime Access Registrar,Prime Collaboration Provisioning,Prime Home,Prime LAN Management Solution (LMS - Solaris),Prime Optical for SPs,Prime Performance Manager,Prime Provisioning for SPs,Prime Provisioning,Prime Service Catalog Virtual Appliance,Security Manager,Data Center Analytics Framework (DCAF);Broadband Access Center Telco Wireless;Computer Telephony Integration Object Server (CTIOS),Hosted Collaboration Mediation Fulfillment,IM and Presence Service (CUPS),IP Interoperability and Collaboration System (IPICS),Management Heartbeat Server,MediaSense,MeetingPlace,Unified Communications Manager (UCM),Unified Communications Manager Session Management Edition (SME),Unified Contact Center Enterprise,Unified Intelligence Center,Unified Intelligent Contact Management Enterprise,Unified Sip Proxy;Media Experience Engines (MXE),Show and Share,TelePresence Exchange System (CTX),Videoscape Conductor;Business Video Services Automation Software (BV),Cloud Email Security,Registered Envelope Service (CRES),Unified Services Delivery Platform (CUSDP),Communication/Collaboration Sizing Tool, Virtue Machine Placement Tool,Unified Communications Upgrade Readiness Assessment,DCAF UCS Collector,Network Change and Configuration Management,Partner Supporting Service (PSS) 1.x版本,SI component of Partner Supporting Service,Serial Number Assessment Service (SNAS),Smart Net Total Care (SNTC). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    Cisco Security Advisory: Vulnerability in Java Deserialization Affecting Cisco Products

    Advisory ID: cisco-sa-20151209-java-deserialization

    Revision 1.0

    For Public Release: 2015 December 9 16:00 GMT +---------------------------------------------------------------------

    Summary

    A vulnerability in the Java deserialization used by the Apache Commons Collections (ACC) library could allow an unauthenticated, remote attacker to execute arbitrary code. The report contains detailed proof-of-concept code for a number of applications, including WebSphere Application Server, JBoss, Jenkins, OpenNMS, and WebLogic. A wide range of potential impacts includes allowing the attacker to obtain sensitive information.

    Object serialization is a technique that many programming languages use to convert an object into a sequence of bits for transfer purposes. Deserialization is a technique that reassembles those bits back to an object.

    Many applications accept serialized objects from the network without performing input validation checks before deserializing it.

    Additional details about the vulnerability are available at the following links:

    Official Vulnerability Note from CERT: http://www.kb.cert.org/vuls/id/576313

    Foxglove Security: http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/

    Apache Commons Statement: https://blogs.apache.org/foundation/entry/apache_commons_statement_to_widespread

    Oracle Security Alert: https://blogs.oracle.com/security/entry/security_alert_cve_2015_4852

    Cisco will release software updates that address this vulnerability. There are no workarounds that mitigate this vulnerability.

    This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-java-deserialization

    -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org

    iQIcBAEBCAAGBQJWaE9BAAoJEIpI1I6i1Mx31a0QALya6VDmcGiyx3AlCzsKGISc 3NJP4PPjVFGjHQmB/+bXn1zXLZ63JgbOZuG9pLxhmJpPMxQI8jeXEHqzVmrA9cOj u/QRGkITxQaRS50cwFJXPDOVWWCTcHLhuk83Ofih8vhC8UPBy1FGMBl5rpVLDkG9 ue8yX5ACEQ078F78dpcnJmbv1Hxu021wI+nM3pn7C/aOrJ1wSNop8KkFZ+VHzbKY aeuMFqhal+ePx+JoIC4JMrTll/BLxjI17tKrzXas6D4zKNGSO0WxnEFjDWuPlc89 2y3DnaVc0eeAVPy3ODN6wJzuro4w69z1GrvXPkBfVe9WNKD1lMGRUPMRwnb/zjxu DT8Ms4LDaVCLDZ01ox3BpuZIDBP1q2Xk6ToObeHUNMSDM9IuMeVOz9BtxJxO8Yp/ YfVaoqkM6Vrf5oXKUvWow0r19+ODp18JUnc8qT7Cj0b9PwtlOUqpsNE+cAzPyZh7 UBYLPm2AZypOgw4ryUf66p3l+NGLvLdA+A1u0m+YfXSrsuEFCosUeppmZMvgzEME 7TDSbOlt6yj9W/U3ioYbhLWk1D2whTyDybXz4MLaPTPxfxozyePOcthU7R/PVGrU M0Do8nugnDXE0rYVRooF3+A/6ahoKUb9QR00O4xN4A94lfXqgc6t+180S4vavgxS g9ZP7zYVhaDCRufDoNVI =nsL1 -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05376917

    SUPPORT COMMUNICATION - SECURITY BULLETIN

    Document ID: c05376917 Version: 1

    HPSBMU03685 rev.1 - HPE Insight Control server provisioning (ICsp), Multiple Remote Vulnerabilities

    NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

    Release Date: 2017-01-18 Last Updated: 2017-01-18

    Potential Security Impact: Remote: Arbitrary Code Execution, Arbitrary Command Execution, Denial of Service (DoS), Disclosure of Sensitive Information, Unauthorized Access to Files

    Source: Hewlett Packard Enterprise, Product Security Response Team

    VULNERABILITY SUMMARY Multiple potential security vulnerabilities have been identified in HPE Insight Control server provisioning (ICsp) software. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS), arbitrary code execution, arbitrary command execution, unauthorized access to files or disclosure of sensitive information.

    References:

    • CVE-2015-6420 - Cisco routing and switching, execution of code
    • CVE-2016-0702 - OpenSSL, disclosure of information, "CacheBleed"
    • CVE-2016-0705 - OpenSSL, denial of service (DoS)
    • CVE-2016-0797 - OpenSSL, denial of service (DoS)
    • CVE-2016-0799 - OpenSSL, denial of service (DoS)
    • CVE-2016-2842 - OpenSSL, denial of service (DoS)
    • CVE-2015-7547 - glibc, denial of service (DoS)
    • CVE-2014-0050 - Apache Commons FileUpload, denial of service (DoS)
    • CVE-2014-4877 - wget, execution of arbitrary code

    SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.

    • HP Insight Control server provisioning all versions prior to 7.6

    BACKGROUND

    CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector

    CVE-2014-0050
      7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
    
    CVE-2014-4877
      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
      9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
    
    CVE-2015-6420
      7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
    
    CVE-2015-7547
      5.6 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
      6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
    
    CVE-2016-0702
      2.9 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
      1.9 (AV:L/AC:M/Au:N/C:P/I:N/A:N)
    
    CVE-2016-0705
      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
      10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
    
    CVE-2016-0797
      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
      5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
    
    CVE-2016-0799
      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
      10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
    
    CVE-2016-2842
      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
      10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
    
    Information on CVSS is documented in
    HPE Customer Notice HPSN-2008-002 here:
    

    https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499

    RESOLUTION

    HPE has made the following software updates available to resolve the vulnerabilities for the impacted versions of HPE Insight Control server provisioning (ICsp). Please download the latest version of Insight Control server provisioning (ICsp)-7.6 from the following location:

    * https://h20392.www2.hpe.com/portal/swdepot/displayProductInfo.do?productNumb r=IMDVD

    HISTORY Version:1 (rev.1) - 18 January 2017 Initial release

    Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.

    Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.

    Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com

    Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice

    Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive

    Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

    3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX

    Copyright 2016 Hewlett Packard Enterprise

    Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201512-0395",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "commons collections",
            "scope": "eq",
            "trust": 2.2,
            "vendor": "apache",
            "version": "4.0"
          },
          {
            "model": "commons collections",
            "scope": "lte",
            "trust": 1.8,
            "vendor": "apache",
            "version": "3.2.1"
          },
          {
            "model": "capssuite",
            "scope": null,
            "trust": 1.6,
            "vendor": "nec",
            "version": null
          },
          {
            "model": "infoframe relational store",
            "scope": null,
            "trust": 1.6,
            "vendor": "nec",
            "version": null
          },
          {
            "model": "systemdirector enterprise",
            "scope": null,
            "trust": 1.6,
            "vendor": "nec",
            "version": null
          },
          {
            "model": "webotx",
            "scope": null,
            "trust": 1.6,
            "vendor": "nec",
            "version": null
          },
          {
            "model": "commons collections",
            "scope": "eq",
            "trust": 1.2,
            "vendor": "apache",
            "version": "3.2.1"
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "tp link",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "apache",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ibm",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "jenkins",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "oracle",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "unify",
            "version": null
          },
          {
            "model": "commons collections",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "apache",
            "version": "4.0"
          },
          {
            "model": "eap controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "tp link",
            "version": "2.5.3"
          },
          {
            "model": "eap controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "tp link",
            "version": "2.4.8"
          },
          {
            "model": "insight control",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.5.1"
          },
          {
            "model": "insight control",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.5"
          },
          {
            "model": "insight control",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.4"
          },
          {
            "model": "insight control",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.3"
          },
          {
            "model": "insight control",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.2"
          },
          {
            "model": "webex meetings server 2.5mr2",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "webex meetings server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.5.99.2"
          },
          {
            "model": "webex meetings server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.5.0.997"
          },
          {
            "model": "webex meetings server mr1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.5"
          },
          {
            "model": "webex meetings server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.5"
          },
          {
            "model": "webex meetings server 2.0mr2",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "webex meetings server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.0"
          },
          {
            "model": "webex meetings server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.5.1.6"
          },
          {
            "model": "webex meetings server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.5.1.131"
          },
          {
            "model": "webex meetings server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.5(.1.6)"
          },
          {
            "model": "webex meetings server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.5(.1.131)"
          },
          {
            "model": "webex meetings server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.5"
          },
          {
            "model": "webex meetings server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.1"
          },
          {
            "model": "webex meetings server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.0"
          },
          {
            "model": "visual quality experience tools server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "visual quality experience server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "virtue machine placement tool",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "videoscape conductor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "unified sip proxy",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "unified services delivery platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "unified intelligent contact management enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "unified intelligence center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "unified contact center enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "unified communications upgrade readiness assessment",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "unified communications manager session management edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "unified communications manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "telepresence exchange system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "socialminer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "smart net total care",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "si component of partner supporting service",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "show and share",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "serial number assessment service",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "security manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "secure access control system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "registered envelope service",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "prime service catalog virtual appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "prime provisioning for sps",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "prime provisioning",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "prime performance manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "prime optical for sps",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "prime lan management solution",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "prime home",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "prime collaboration provisioning",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "prime access registrar appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "prime access registrar",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "partner supporting service",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.0"
          },
          {
            "model": "network admission control",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "nac server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "nac manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "nac guest server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "nac agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "meetingplace",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "mediasense",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "media experience engines",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "management heartbeat server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "ip interoperability and collaboration system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "intracer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "insight reporter",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "im and presence service",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "hosted collaboration mediation fulfillment",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "digital media manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "digital life rms",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.8.1.1"
          },
          {
            "model": "dcaf ucs collector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "data center analytics framework",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "configuration professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "computer telephony integration object server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "communication sizing tool",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "collaboration sizing tool",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "cloupia unified infrastructure controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "cloud email security",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "clean access manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "business video services automation software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "broadband access center telco wireless",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.8.1"
          },
          {
            "model": "asa cx and cisco prime security manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "access registrar appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "jenkins",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "jenkins ci",
            "version": "0"
          },
          {
            "model": "commons collections",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "3.0"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#581311"
          },
          {
            "db": "CERT/CC",
            "id": "VU#576313"
          },
          {
            "db": "BID",
            "id": "78872"
          },
          {
            "db": "BID",
            "id": "77521"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006448"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-005930"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201512-420"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-6420"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:apache:commons_collections",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:nec:capssuite",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:nec:infoframe_relational_store",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:nec:systemdirector_enterprise",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:nec:webotx",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006448"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "foxglovesecurity",
        "sources": [
          {
            "db": "BID",
            "id": "77521"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201512-421"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2015-6420",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2015-6420",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "availabilityRequirement": "NOT DEFINED",
                "baseScore": 7.5,
                "collateralDamagePotential": "NOT DEFINED",
                "confidentialityImpact": "PARTIAL",
                "confidentialityRequirement": "NOT DEFINED",
                "enviromentalScore": 6.4,
                "exploitability": "PROOF-OF-CONCEPT",
                "exploitabilityScore": 10.0,
                "id": "CVE-2015-6420",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "integrityRequirement": "NOT DEFINED",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "remediationLevel": "WORKAROUND",
                "reportConfidence": "CONFIRMED",
                "severity": "HIGH",
                "targetDistribution": "HIGH",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vector_string": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "Partial",
                "baseScore": 7.5,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2015-005930",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2015-6420",
                "trust": 1.6,
                "value": "HIGH"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2015-6420",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2015-005930",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201512-420",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULMON",
                "id": "CVE-2015-6420",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#576313"
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-6420"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006448"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-005930"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201512-420"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-6420"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Serialized-object interfaces in certain Cisco Collaboration and Social Media; Endpoint Clients and Client Software; Network Application, Service, and Acceleration; Network and Content Security Devices; Network Management and Provisioning; Routing and Switching - Enterprise and Service Provider; Unified Computing; Voice and Unified Communications Devices; Video, Streaming, TelePresence, and Transcoding Devices; Wireless; and Cisco Hosted Services products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. The TP-LINK EAP Controller is TP-LINK\u0027s software for remotely controlling wireless access point devices. EAP Controller for Linux lacks user authentication for RMI service commands, as well as utilizes an outdated vulnerable version of Apache commons-collections, which may allow an attacker to implement deserialization attacks and control the EAP Controller server. plural Cisco The serialized object interface of the product contains an arbitrary command execution vulnerability. http://cwe.mitre.org/data/definitions/502.htmlSkillfully crafted serialized by a third party Java An arbitrary command may be executed through the object. Apache Commons Collections (ACC) The library deserialization process is vulnerable. Java Application ACC When using the library directly or within the range accessible by specifying the class path ACC If a library is installed, arbitrary code may be executed. Apache Commons Collections (ACC) Library http://commons.apache.org/proper/commons-collections/ Deserialize untrusted data (CWE-502) 2015 Year 1 Held on the moon AppSec California 2015 In Gabriel Lawrence Mr. and Chris Frohoff He talked about a vulnerability that could deserialize untrusted data and showed that it could execute arbitrary code. Any use of the serialization function that is not appropriate Java Application or Java Libraries are affected by this vulnerability. Deserialize untrusted data (CWE-502) http://cwe.mitre.org/data/definitions/502.html Gabriel Lawrence Mr. and Chris Frohoff Mr. Lecture http://frohoff.github.io/appseccali-marshalling-pickles/ 2015 Year 11 A month Foxglove Security of Stephen Breen Mr. this problem Apache Commons Collections (ACC) Exist in the library, especially for deserializing untrusted data InvokerTransformer It was pointed out that arbitrary code could be executed when using classes. ACC Software that uses the library, WebSphere , Jenkins , WebLogic , OpenNMS Etc. are also affected. Foxglove Security of Stephen Breen Mr (What Do WebLogic, WebSphere, JBoss, Jenkins, OpenNMS, and Your Application Have in Common? This Vulnerability.) http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/ Jenkins https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11 WebLogic http://www.oracle.com/technetwork/topics/security/alert-cve-2015-4852-2763333.html?elq_mid=31793\u0026sh=\u0026cmid=WWSU12091612MPP001C179 ACC Library version 3.2.1 , 4.0 Both are affected by this vulnerability. version 3.2.1 , 4.0 https://blogs.apache.org/foundation/entry/apache_commons_statement_to_widespread Apache Software Fondation Has posted an official view of the vulnerability on its blog. Here you can find advice on countermeasures and links to related information. In addition, entries related to this vulnerability (COLLECTIONS-580) Is built on a bug management system. Official view https://blogs.apache.org/foundation/entry/apache_commons_statement_to_widespread Entries related to this vulnerability (COLLECTIONS-580) https://issues.apache.org/jira/browse/COLLECTIONS-580 ACC other than, Groovy And Spring The same problem is being investigated for these issues. Lawrence Mr. and Frohoff In his presentation material, Java not only Python And Ruby It is stated that the same problem exists in applications and libraries written in the above. Regardless of the programming language or library used, it is important to fully consider the data serialization capabilities from the software design stage.Apache Commons Collections I\u0027m using a library Java Application or Java Library is optional Java It may be possible to execute code. Also, ACC Even if the library is not used directly, it can be accessed by specifying the class path. ACC If the library exists, any Java It may be possible to execute code. Oracle WebLogic is an application server based on Java (J2EE) architecture of Oracle Corporation of the United States. Red Hat JBOSS is an open source J2EE-based application server from Red Hat. CloudBees Jenkins CI (formerly known as Hudson Labs) is a set of Java-based continuous integration tools developed by CloudBees. OpenNMS is a set of enterprise-level, Java / XML-based distributed network and system monitoring and management platform from the American OpenNMS company. It can extend or add Java collections framework. \nA remote command execution vulnerability exists in Java\u0027s deserialization process. A remote attacker can exploit this vulnerability by constructing an automatically executed code call chain to attach malicious code to user input and execute arbitrary Java functions or bytecode. The following products and versions are affected: JBoss Enterprise Application Platform 6.4.4, 5.2.0, 4.3.0_CP10, AS (Wildly) 6 and earlier, A-MQ 6.2.0, Fuse 6.2.0, SOA Platform (SOA-P) 5.3.1, Data Grid (JDG) 6.5.0, BRMS (BRMS) 6.1.0, BPMS (BPMS) 6.1.0, Data Virtualization (JDV) 6.1.0, Fuse Service Works (FSW) version 6.0.0, Enterprise Web Server (EWS) version 2.1, version 3.0, Jenkins version 1.555, WebSphere, WebLogic, OpenNMS. Apache Commons Collections\uff08ACC\uff09\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u8f6f\u4ef6\u57fa\u91d1\u4f1a\u7684\u4e00\u4e2aApache Commons\u9879\u76ee\u7684Commons Proper\uff08\u53ef\u91cd\u590d\u5229\u7528Java\u7ec4\u4ef6\u5e93\uff09\u4e2d\u7684\u7ec4\u4ef6\uff0c\u5b83\u53ef\u4ee5\u6269\u5c55\u6216\u589e\u52a0Java\u96c6\u5408\u6846\u67b6. \n\n\u591a\u6b3eCisco\u4ea7\u54c1\u7684ACC\u5e93\u4e2d\u4f7f\u7528\u7684Java\u53cd\u5e8f\u5217\u5316\u8fc7\u7a0b\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u63d0\u4ea4\u7279\u5236\u7684\u8f93\u5165\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u4ee5\u4e0b\u4ea7\u54c1\u53ca\u7248\u672c\u53d7\u5230\u5f71\u54cd\uff1aCisco Digital Life RMS 1.8.1.1\u7248\u672c\uff0cBroadband Access Center Telco Wireless 3.8.1\u7248\u672c\uff1bSocialMiner\uff0cWebEx Meetings Server 1.x\u7248\u672c\uff0c2.x\u7248\u672c\uff1bNAC Agent for Windows\uff1bInTracer\uff0cNetwork Admission Control (NAC)\uff0cVisual Quality Experience Server\uff0cVisual Quality Experience Tools Server\uff1bASA CX and Cisco Prime Security Manager\uff0cClean Access Manager\uff0cNAC Appliance (Clean Access Server)\uff0cNAC Guest Server\uff0cNAC Server\uff0cSecure Access Control System (ACS)\uff1bAccess Registrar Appliance\uff0cCloupia Unified Infrastructure Controller\uff0cConfiguration Professional\uff0cDigital Media Manager\uff0cInsight Reporter\uff0cPrime Access Registrar Appliance\uff0cPrime Access Registrar\uff0cPrime Collaboration Provisioning\uff0cPrime Home\uff0cPrime LAN Management Solution (LMS - Solaris)\uff0cPrime Optical for SPs\uff0cPrime Performance Manager\uff0cPrime Provisioning for SPs\uff0cPrime Provisioning\uff0cPrime Service Catalog Virtual Appliance\uff0cSecurity Manager\uff0cData Center Analytics Framework (DCAF)\uff1bBroadband Access Center Telco Wireless\uff1bComputer Telephony Integration Object Server (CTIOS)\uff0cHosted Collaboration Mediation Fulfillment\uff0cIM and Presence Service (CUPS)\uff0cIP Interoperability and Collaboration System (IPICS)\uff0cManagement Heartbeat Server\uff0cMediaSense\uff0cMeetingPlace\uff0cUnified Communications Manager (UCM)\uff0cUnified Communications Manager Session Management Edition (SME)\uff0cUnified Contact Center Enterprise\uff0cUnified Intelligence Center\uff0cUnified Intelligent Contact Management Enterprise\uff0cUnified Sip Proxy\uff1bMedia Experience Engines (MXE)\uff0cShow and Share\uff0cTelePresence Exchange System (CTX)\uff0cVideoscape Conductor\uff1bBusiness Video Services Automation Software (BV)\uff0cCloud Email Security\uff0cRegistered Envelope Service (CRES)\uff0cUnified Services Delivery Platform (CUSDP)\uff0cCommunication/Collaboration Sizing Tool, Virtue Machine Placement Tool\uff0cUnified Communications Upgrade Readiness Assessment\uff0cDCAF UCS Collector\uff0cNetwork Change and Configuration Management\uff0cPartner Supporting Service (PSS) 1.x\u7248\u672c\uff0cSI component of Partner Supporting Service\uff0cSerial Number Assessment Service (SNAS)\uff0cSmart Net Total Care (SNTC). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nCisco Security Advisory: Vulnerability in Java Deserialization Affecting Cisco Products\n\nAdvisory ID: cisco-sa-20151209-java-deserialization\n\nRevision 1.0\n\nFor Public Release: 2015 December 9 16:00  GMT\n+---------------------------------------------------------------------\n\nSummary\n=======\n\nA vulnerability in the Java deserialization used by the Apache Commons Collections (ACC) library could allow an unauthenticated, remote attacker to execute arbitrary code. The report contains detailed proof-of-concept code for a number of applications, including WebSphere Application Server, JBoss, Jenkins, OpenNMS, and WebLogic. A wide range of potential impacts includes allowing the attacker to obtain sensitive information. \n\nObject serialization is a technique that many programming languages use to convert an object into a sequence of bits for transfer purposes. Deserialization is a technique that reassembles those bits back to an object. \n\nMany applications accept serialized objects from the network without performing input validation checks before deserializing it. \n\nAdditional details about the vulnerability are available at the following links:\n\nOfficial Vulnerability Note from CERT:\nhttp://www.kb.cert.org/vuls/id/576313\n\nFoxglove Security:\nhttp://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/\n\nApache Commons Statement:\nhttps://blogs.apache.org/foundation/entry/apache_commons_statement_to_widespread\n\nOracle Security Alert:\nhttps://blogs.oracle.com/security/entry/security_alert_cve_2015_4852\n\nCisco will release software updates that address this vulnerability. There are no workarounds that mitigate this vulnerability. \n\nThis advisory is available at the following link:\nhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-java-deserialization\n\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBCAAGBQJWaE9BAAoJEIpI1I6i1Mx31a0QALya6VDmcGiyx3AlCzsKGISc\n3NJP4PPjVFGjHQmB/+bXn1zXLZ63JgbOZuG9pLxhmJpPMxQI8jeXEHqzVmrA9cOj\nu/QRGkITxQaRS50cwFJXPDOVWWCTcHLhuk83Ofih8vhC8UPBy1FGMBl5rpVLDkG9\nue8yX5ACEQ078F78dpcnJmbv1Hxu021wI+nM3pn7C/aOrJ1wSNop8KkFZ+VHzbKY\naeuMFqhal+ePx+JoIC4JMrTll/BLxjI17tKrzXas6D4zKNGSO0WxnEFjDWuPlc89\n2y3DnaVc0eeAVPy3ODN6wJzuro4w69z1GrvXPkBfVe9WNKD1lMGRUPMRwnb/zjxu\nDT8Ms4LDaVCLDZ01ox3BpuZIDBP1q2Xk6ToObeHUNMSDM9IuMeVOz9BtxJxO8Yp/\nYfVaoqkM6Vrf5oXKUvWow0r19+ODp18JUnc8qT7Cj0b9PwtlOUqpsNE+cAzPyZh7\nUBYLPm2AZypOgw4ryUf66p3l+NGLvLdA+A1u0m+YfXSrsuEFCosUeppmZMvgzEME\n7TDSbOlt6yj9W/U3ioYbhLWk1D2whTyDybXz4MLaPTPxfxozyePOcthU7R/PVGrU\nM0Do8nugnDXE0rYVRooF3+A/6ahoKUb9QR00O4xN4A94lfXqgc6t+180S4vavgxS\ng9ZP7zYVhaDCRufDoNVI\n=nsL1\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05376917\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c05376917\nVersion: 1\n\nHPSBMU03685 rev.1 - HPE Insight Control server provisioning (ICsp), Multiple\nRemote Vulnerabilities\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2017-01-18\nLast Updated: 2017-01-18\n\nPotential Security Impact: Remote: Arbitrary Code Execution, Arbitrary\nCommand Execution, Denial of Service (DoS), Disclosure of Sensitive\nInformation, Unauthorized Access to Files\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nMultiple potential security vulnerabilities have been identified in HPE\nInsight Control server provisioning (ICsp) software. The vulnerabilities\ncould be exploited remotely resulting in Denial of Service (DoS), arbitrary\ncode execution, arbitrary command execution, unauthorized access to files or\ndisclosure of sensitive information. \n\nReferences:\n\n  - CVE-2015-6420 - Cisco routing and switching, execution of code\n  - CVE-2016-0702 - OpenSSL, disclosure of information, \"CacheBleed\"\n  - CVE-2016-0705 - OpenSSL, denial of service (DoS)\n  - CVE-2016-0797 - OpenSSL, denial of service (DoS)\n  - CVE-2016-0799 - OpenSSL, denial of service (DoS)\n  - CVE-2016-2842 - OpenSSL, denial of service (DoS)\n  - CVE-2015-7547 - glibc, denial of service (DoS)\n  - CVE-2014-0050 -  Apache Commons FileUpload, denial of service (DoS) \n  - CVE-2014-4877 - wget, execution of arbitrary code\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\n  - HP Insight Control server provisioning all versions prior to 7.6\n\nBACKGROUND\n\n  CVSS Base Metrics\n  =================\n  Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n    CVE-2014-0050\n      7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2014-4877\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)\n\n    CVE-2015-6420\n      7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2015-7547\n      5.6 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L\n      6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)\n\n    CVE-2016-0702\n      2.9 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N\n      1.9 (AV:L/AC:M/Au:N/C:P/I:N/A:N)\n\n    CVE-2016-0705\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)\n\n    CVE-2016-0797\n      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n      5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n    CVE-2016-0799\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)\n\n    CVE-2016-2842\n      9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n      10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)\n\n    Information on CVSS is documented in\n    HPE Customer Notice HPSN-2008-002 here:\n\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499\n\nRESOLUTION\n\nHPE has made the following software updates available to resolve the\nvulnerabilities for the impacted versions of HPE Insight Control server\nprovisioning (ICsp). Please download the latest version of Insight Control\nserver provisioning (ICsp)-7.6 from the following location: \n\n  *\n\u003chttps://h20392.www2.hpe.com/portal/swdepot/displayProductInfo.do?productNumb\nr=IMDVD\u003e\n\nHISTORY\nVersion:1 (rev.1) - 18 January 2017 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability for any HPE supported\nproduct:\n  Web form: https://www.hpe.com/info/report-security-vulnerability\n  Email: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2015-6420"
          },
          {
            "db": "CERT/CC",
            "id": "VU#581311"
          },
          {
            "db": "CERT/CC",
            "id": "VU#576313"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006448"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-005930"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201512-421"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201511-241"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201512-420"
          },
          {
            "db": "BID",
            "id": "77521"
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-6420"
          },
          {
            "db": "PACKETSTORM",
            "id": "134752"
          },
          {
            "db": "PACKETSTORM",
            "id": "140605"
          }
        ],
        "trust": 5.94
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://www.kb.cert.org/vuls/id/576313",
            "trust": 0.8,
            "type": "poc"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#576313"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#576313",
            "trust": 4.6
          },
          {
            "db": "NVD",
            "id": "CVE-2015-6420",
            "trust": 3.7
          },
          {
            "db": "CERT/CC",
            "id": "VU#581311",
            "trust": 2.7
          },
          {
            "db": "BID",
            "id": "78872",
            "trust": 1.9
          },
          {
            "db": "JVN",
            "id": "JVNVU94276522",
            "trust": 1.6
          },
          {
            "db": "TENABLE",
            "id": "TRA-2017-14",
            "trust": 1.6
          },
          {
            "db": "TENABLE",
            "id": "TRA-2017-23",
            "trust": 1.6
          },
          {
            "db": "OPENWALL",
            "id": "OSS-SECURITY/2015/11/11/3",
            "trust": 1.4
          },
          {
            "db": "BID",
            "id": "77521",
            "trust": 0.9
          },
          {
            "db": "JVN",
            "id": "JVNVU96340370",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006448",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-005930",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201512-421",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201511-241",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.3165",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201512-420",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-6420",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "134752",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "140605",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#581311"
          },
          {
            "db": "CERT/CC",
            "id": "VU#576313"
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-6420"
          },
          {
            "db": "BID",
            "id": "78872"
          },
          {
            "db": "BID",
            "id": "77521"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006448"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-005930"
          },
          {
            "db": "PACKETSTORM",
            "id": "134752"
          },
          {
            "db": "PACKETSTORM",
            "id": "140605"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201512-421"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201511-241"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201512-420"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-6420"
          }
        ]
      },
      "id": "VAR-201512-0395",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.44379129500000003
      },
      "last_update_date": "2025-04-13T20:25:49.985000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "cisco-sa-20151209-java-deserialization",
            "trust": 1.6,
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-java-deserialization"
          },
          {
            "title": "NV16-002",
            "trust": 1.6,
            "url": "http://jpn.nec.com/security-info/secinfo/nv16-002.html"
          },
          {
            "title": "Apache Commons statement to widespread Java object de-serialisation vulnerability",
            "trust": 1.6,
            "url": "https://blogs.apache.org/foundation/entry/apache_commons_statement_to_widespread"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://commons.apache.org/proper/commons-collections/"
          },
          {
            "title": "COLLECTIONS-580: Arbitrary remote code execution with InvokerTransformer",
            "trust": 0.8,
            "url": "https://issues.apache.org/jira/browse/COLLECTIONS-580"
          },
          {
            "title": "HS16-010",
            "trust": 0.8,
            "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS16-010/index.html"
          },
          {
            "title": "1970575",
            "trust": 0.8,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970575"
          },
          {
            "title": "Jenkins Security Advisory 2015-11-11",
            "trust": 0.8,
            "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11"
          },
          {
            "title": "Secure Coding Guidelines for Java SE",
            "trust": 0.8,
            "url": "http://www.oracle.com/technetwork/java/seccodeguide-139067.html#8"
          },
          {
            "title": "Oracle Security Alert for CVE-2015-4852",
            "trust": 0.8,
            "url": "http://www.oracle.com/technetwork/topics/security/alert-cve-2015-4852-2763333.html"
          },
          {
            "title": "HS16-010",
            "trust": 0.8,
            "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS16-010/index.html"
          },
          {
            "title": "\u65e5\u7acb\u30c7\u30a3\u30b9\u30af\u30a2\u30ec\u30a4\u30b7\u30b9\u30c6\u30e0\u306b\u304a\u3051\u308bSVP \u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30db\u30fc\u30eb",
            "trust": 0.8,
            "url": "http://www.hitachi.co.jp/products/it/storage-solutions/techsupport/sec_info/sec_acc20160328.html"
          },
          {
            "title": "Multiple Cisco product Apache Commons Collections Fixes for library arbitrary code execution vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90854"
          },
          {
            "title": "Debian CVElist Bug Report Logs: logback: CVE-2017-5929: serialization vulnerability affecting the SocketServer and ServerSocketReceiver components",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=a2fcdf172bb6bcdc6b94a705615d0184"
          },
          {
            "title": "Cisco: Vulnerability in Java Deserialization Affecting Cisco Products",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20151209-java-deserialization"
          },
          {
            "title": "IBM: Security Bulletin: Multiple vulnerabilities in IBM WebSphere eXtreme Scale Liberty Deployment.",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=79b8774da31f52ed0fc7f5e9561104e9"
          },
          {
            "title": "IBM: Security Bulletin: Multiple vulnerability issues affect IBM Spectrum Symphony 7.3.1",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=c47c09015d1429df4a71453000607351"
          },
          {
            "title": "IBM: IBM Security Bulletin: IBM Security Privileged Identity Manager is affected by multiple security vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=8580d3cd770371e2ef0f68ca624b80b0"
          },
          {
            "title": "Oracle: Oracle Critical Patch Update Advisory - July 2018",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=5f8c525f1408011628af1792207b2099"
          },
          {
            "title": "fake-vulnerabilities-java-maven",
            "trust": 0.1,
            "url": "https://github.com/xthk/fake-vulnerabilities-java-maven "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/andy-r2c/mavenJavaTest "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/learngove/exampleJavaMaven "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/Cheatahh/jvm-reverseshell "
          },
          {
            "title": "apkRepair",
            "trust": 0.1,
            "url": "https://github.com/qiqiApink/apkRepair "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2015-6420"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006448"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-005930"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201512-420"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-Other",
            "trust": 1.6
          },
          {
            "problemtype": "CWE-502",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006448"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-005930"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-6420"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.9,
            "url": "https://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/"
          },
          {
            "trust": 3.8,
            "url": "https://www.kb.cert.org/vuls/id/576313"
          },
          {
            "trust": 3.4,
            "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151209-java-deserialization"
          },
          {
            "trust": 2.2,
            "url": "http://frohoff.github.io/appseccali-marshalling-pickles/"
          },
          {
            "trust": 1.9,
            "url": "https://www.kb.cert.org/vuls/id/581311"
          },
          {
            "trust": 1.8,
            "url": "https://blogs.apache.org/foundation/entry/apache_commons_statement_to_widespread"
          },
          {
            "trust": 1.7,
            "url": "https://issues.apache.org/jira/browse/collections-580"
          },
          {
            "trust": 1.6,
            "url": "http://cwe.mitre.org/data/definitions/502.html"
          },
          {
            "trust": 1.6,
            "url": "http://jvn.jp/vu/jvnvu94276522/index.html"
          },
          {
            "trust": 1.6,
            "url": "http://www.securityfocus.com/bid/78872"
          },
          {
            "trust": 1.6,
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05376917"
          },
          {
            "trust": 1.6,
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
          },
          {
            "trust": 1.6,
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05390722"
          },
          {
            "trust": 1.6,
            "url": "https://www.tenable.com/security/research/tra-2017-14"
          },
          {
            "trust": 1.6,
            "url": "https://www.tenable.com/security/research/tra-2017-23"
          },
          {
            "trust": 1.4,
            "url": "https://wiki.jenkins-ci.org/display/security/jenkins+security+advisory+2015-11-11"
          },
          {
            "trust": 1.4,
            "url": "http://www.openwall.com/lists/oss-security/2015/11/11/3"
          },
          {
            "trust": 1.4,
            "url": "http://www.infoq.com/news/2015/11/commons-exploit"
          },
          {
            "trust": 1.4,
            "url": "https://tersesystems.com/2015/11/08/closing-the-open-door-of-java-object-serialization/"
          },
          {
            "trust": 1.4,
            "url": "http://mail-archives.apache.org/mod_mbox/commons-dev/201511.mbox/%3c20151106222553.00002c57.ecki@zusammenkunft.net%3e"
          },
          {
            "trust": 1.4,
            "url": "http://www.slideshare.net/frohoff1/appseccali-2015-marshalling-pickles"
          },
          {
            "trust": 1.4,
            "url": "https://www.youtube.com/watch?v=vviy3o-euvq"
          },
          {
            "trust": 1.4,
            "url": "https://commons.apache.org/proper/commons-collections/"
          },
          {
            "trust": 1.4,
            "url": "https://www.securecoding.cert.org/confluence/pages/viewpage.action?pageid=27492407"
          },
          {
            "trust": 1.4,
            "url": "http://www.oracle.com/technetwork/java/seccodeguide-139067.html#8"
          },
          {
            "trust": 1.0,
            "url": "https://news.apache.org/foundation/entry/apache_commons_statement_to_widespread"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/r352e40ca9874d1beb4ad95403792adca7eb295e6bc3bd7b65fabcc21%40%3ccommits.samza.apache.org%3e"
          },
          {
            "trust": 0.8,
            "url": "https://www.tp-link.com/en/download/eap220.html#controller_software"
          },
          {
            "trust": 0.8,
            "url": "https://docs.oracle.com/javase/8/docs/technotes/guides/rmi/rmi_security_recommendations.html"
          },
          {
            "trust": 0.8,
            "url": "http://cwe.mitre.org/data/definitions/306.html"
          },
          {
            "trust": 0.8,
            "url": "https://networks.unify.com/security/advisories/obso-1511-01.pdf"
          },
          {
            "trust": 0.8,
            "url": "http://www.oracle.com/technetwork/topics/security/alert-cve-2015-4852-2763333.html?elq_mid=31793\u0026sh=\u0026cmid=wwsu12091612mpp001c179 "
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6420"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu96340370/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6420"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/bid/77521"
          },
          {
            "trust": 0.6,
            "url": "http://www.oracle.com/technetwork/topics/security/alert-cve-2015-4852-2763333.html?elq_mid=31793\u0026sh=\u0026cmid=wwsu12091612mpp001c179"
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/r352e40ca9874d1beb4ad95403792adca7eb295e6bc3bd7b65fabcc21@%3ccommits.samza.apache.org%3e"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/docview.wss?uid=ibm10967469"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-websphere-extreme-scale-liberty-deployment/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-identified-in-ibm-storediq/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-workspace-is-affected-by-security-vulnerabilities-2/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerability-issues-affect-ibm-spectrum-symphony-7-3-1/"
          },
          {
            "trust": 0.6,
            "url": "http://www.ibm.com/support/docview.wss?uid=ibm10958165"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.3165/"
          },
          {
            "trust": 0.4,
            "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05376917"
          },
          {
            "trust": 0.3,
            "url": "http://www.cisco.com/"
          },
          {
            "trust": 0.3,
            "url": "http://seclists.org/oss-sec/2015/q4/237"
          },
          {
            "trust": 0.3,
            "url": "http://seclists.org/oss-sec/2015/q4/241"
          },
          {
            "trust": 0.1,
            "url": "https://blogs.oracle.com/security/entry/security_alert_cve_2015_4852"
          },
          {
            "trust": 0.1,
            "url": "http://gpgtools.org"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0797"
          },
          {
            "trust": 0.1,
            "url": "http://www.hpe.com/support/security_bulletin_archive"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4877"
          },
          {
            "trust": 0.1,
            "url": "https://www.hpe.com/info/report-security-vulnerability"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7547"
          },
          {
            "trust": 0.1,
            "url": "http://www.hpe.com/support/subscriber_choice"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0702"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2842"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6420"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0705"
          },
          {
            "trust": 0.1,
            "url": "https://h20392.www2.hpe.com/portal/swdepot/displayproductinfo.do?productnumb"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0050"
          },
          {
            "trust": 0.1,
            "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0799"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#581311"
          },
          {
            "db": "CERT/CC",
            "id": "VU#576313"
          },
          {
            "db": "BID",
            "id": "78872"
          },
          {
            "db": "BID",
            "id": "77521"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006448"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-005930"
          },
          {
            "db": "PACKETSTORM",
            "id": "134752"
          },
          {
            "db": "PACKETSTORM",
            "id": "140605"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201512-421"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201511-241"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201512-420"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-6420"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#581311"
          },
          {
            "db": "CERT/CC",
            "id": "VU#576313"
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-6420"
          },
          {
            "db": "BID",
            "id": "78872"
          },
          {
            "db": "BID",
            "id": "77521"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006448"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-005930"
          },
          {
            "db": "PACKETSTORM",
            "id": "134752"
          },
          {
            "db": "PACKETSTORM",
            "id": "140605"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201512-421"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201511-241"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201512-420"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-6420"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-09-26T00:00:00",
            "db": "CERT/CC",
            "id": "VU#581311"
          },
          {
            "date": "2015-11-13T00:00:00",
            "db": "CERT/CC",
            "id": "VU#576313"
          },
          {
            "date": "2015-12-15T00:00:00",
            "db": "VULMON",
            "id": "CVE-2015-6420"
          },
          {
            "date": "2015-12-09T00:00:00",
            "db": "BID",
            "id": "78872"
          },
          {
            "date": "2015-11-08T00:00:00",
            "db": "BID",
            "id": "77521"
          },
          {
            "date": "2015-12-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-006448"
          },
          {
            "date": "2015-11-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-005930"
          },
          {
            "date": "2015-12-10T17:22:52",
            "db": "PACKETSTORM",
            "id": "134752"
          },
          {
            "date": "2017-01-19T13:56:50",
            "db": "PACKETSTORM",
            "id": "140605"
          },
          {
            "date": "2015-11-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201512-421"
          },
          {
            "date": "2015-11-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201511-241"
          },
          {
            "date": "2015-12-15T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201512-420"
          },
          {
            "date": "2015-12-15T05:59:07.823000",
            "db": "NVD",
            "id": "CVE-2015-6420"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-11-08T00:00:00",
            "db": "CERT/CC",
            "id": "VU#581311"
          },
          {
            "date": "2018-08-27T00:00:00",
            "db": "CERT/CC",
            "id": "VU#576313"
          },
          {
            "date": "2023-11-07T00:00:00",
            "db": "VULMON",
            "id": "CVE-2015-6420"
          },
          {
            "date": "2018-09-27T06:00:00",
            "db": "BID",
            "id": "78872"
          },
          {
            "date": "2015-12-08T22:09:00",
            "db": "BID",
            "id": "77521"
          },
          {
            "date": "2018-09-28T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-006448"
          },
          {
            "date": "2018-02-07T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-005930"
          },
          {
            "date": "2015-12-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201512-421"
          },
          {
            "date": "2015-11-24T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201511-241"
          },
          {
            "date": "2021-05-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201512-420"
          },
          {
            "date": "2025-04-12T10:46:40.837000",
            "db": "NVD",
            "id": "CVE-2015-6420"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "134752"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201512-421"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201511-241"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201512-420"
          }
        ],
        "trust": 1.9
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TP-Link EAP Controller lacks RMI authentication and is vulnerable to deserialization attacks",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#581311"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Input Validation Error",
        "sources": [
          {
            "db": "BID",
            "id": "78872"
          },
          {
            "db": "BID",
            "id": "77521"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-200006-0148

    Vulnerability from variot - Updated: 2025-04-03 22:26

    Unify eWave ServletExec allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case. Many webservers are case-sensitive, but do not have all possible combinations of cases in mapped extensions mapped properly. In that manner, a user is able to access the source code to those specific files. Microsoft IIS 5.0 has a dedicated scripting engine for advanced file types such as ASP, ASA, HTR, etc. files. The scripting engines handle requests for these file types, processes them accordingly, and then executes them on the server. It is possible to force the server to send back the source of known scriptable files to the client if the HTTP GET request contains a specialized header with 'Translate: f' at the end of it, and if a trailing slash '/' is appended to the end of the URL. The scripting engine will be able to locate the requested file, however, it will not recognize it as a file that needs to be processed and will proceed to send the file source to the client.

    Title: Cisco Collaboration Server 5 XSS, Source Code Disclosure

    Author: s4squatch

    Published: 2010-02-11

    Cisco Collaboration Server 5 XSS, Source Code Disclosure Discovered by: s4squatch of SecureState R&D Team (www.securestate.com Discovered: 08/26/2008

    Note: End of Engineering --> http://www.cisco.com/en/US/products/sw/custcosw/ps747/prod_eol_notice09186a008032d4d0.html Replaced with: http://www.cisco.com/en/US/products/ps7233/index.html and http://www.cisco.com/en/US/products/ps7236/index.html

    XSS

    http://www.website.com/webline/html/admin/wcs/LoginPage.jhtml?oper=&dest=">

    Java Servlet Source Code Disclosure

    The source code of .jhtml files is revealed to the end user by requesting any of the following:

    Normal File: file.html

    Modified 1: file%2Ejhtml Modified 2: file.jhtm%6C Modified 3: file.jhtml%00 Modified 4: file.jhtml%c0%80

    Cisco Collaboration Server 5 Paths It Works On (list may not be complete)

    http://www.website.com/doc/docindex.jhtml http://www.website.com/browserId/wizardForm.jhtml http://www.website.com/webline/html/forms/callback.jhtml http://www.website.com/webline/html/forms/callbackICM.jhtml http://www.website.com/webline/html/agent/AgentFrame.jhtml http://www.website.com/webline/html/agent/default/badlogin.jhtml http://www.website.com/callme/callForm.jhtml http://www.website.com/webline/html/multichatui/nowDefunctWindow.jhtml http://www.website.com/browserId/wizard.jhtml http://www.website.com/admin/CiscoAdmin.jhtml http://www.website.com/msccallme/mscCallForm.jhtml http://www.website.com/webline/html/admin/wcs/LoginPage.jhtml

    Related Public Info

    http://www.securityfocus.com/bid/3592/info http://www.securityfocus.com/bid/1578/info http://www.securityfocus.com/bid/1328/info

    Scott Whiteswhite@securestate.com | Senior Consultant | SecureState 623.321.2660 - office | 480.440.7595 - mobile | 216.927.2801 - fax

    [cid:image001.png@01CAAB16.BDE852B0]https://www.securestate.com/

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-200006-0148",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ewave servletexec",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "unify",
            "version": null
          },
          {
            "model": "ewave servletexec",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "unify",
            "version": "3.0"
          },
          {
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0.2.1"
          },
          {
            "model": "systems weblogic server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bea",
            "version": "4.5.1"
          },
          {
            "model": "systems weblogic",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bea",
            "version": "4.0.4"
          },
          {
            "model": "systems weblogic",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bea",
            "version": "3.1.8"
          },
          {
            "model": "ewave servletexec c",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "unify",
            "version": "3.0"
          },
          {
            "model": "iis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "5.0"
          },
          {
            "model": "iis",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "1328"
          },
          {
            "db": "BID",
            "id": "1578"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200006-036"
          },
          {
            "db": "NVD",
            "id": "CVE-2000-0498"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Unify Exploit : Discovered by Niclas Vikstrom and posted to NTbugtraq on June 8, 2000.\n\n BEA Systems exploit : Discovered by Shreeraj Shah and published by Foundstone, Inc., June 12, 2000.\n\n IBM WebSphere Application Server exploit : Discovered by Shreera",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200006-036"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2000-0498",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2000-0498",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2000-0498",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2000-0498",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200006-036",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200006-036"
          },
          {
            "db": "NVD",
            "id": "CVE-2000-0498"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Unify eWave ServletExec allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case. Many webservers are case-sensitive, but do not have all possible combinations of cases in mapped extensions mapped properly. In that manner, a user is able to access the source code to those specific files. Microsoft IIS 5.0 has a dedicated scripting engine for advanced file types such as ASP, ASA, HTR, etc. files. The scripting engines handle requests for these file types, processes them accordingly, and then executes them  on the server. \nIt is possible to force the server to send back the source of known scriptable files to the client if the HTTP GET request contains a specialized header with \u0027Translate: f\u0027 at the end of it, and if a trailing slash \u0027/\u0027 is appended to the end of the URL. The scripting engine will be able to locate the requested file, however, it will not recognize it as a file that needs to be processed and will proceed to send the file source to the client. \n\n# Title: Cisco Collaboration Server 5 XSS, Source Code Disclosure\n# Author: s4squatch\n# Published: 2010-02-11\n\n\nCisco Collaboration Server 5 XSS, Source Code Disclosure\nDiscovered by:  s4squatch of SecureState R\u0026D Team (www.securestate.com\nDiscovered: 08/26/2008\n\nNote: End of Engineering  --\u003e  http://www.cisco.com/en/US/products/sw/custcosw/ps747/prod_eol_notice09186a008032d4d0.html\nReplaced with: http://www.cisco.com/en/US/products/ps7233/index.html and http://www.cisco.com/en/US/products/ps7236/index.html\n\n\nXSS\n===\nhttp://www.website.com/webline/html/admin/wcs/LoginPage.jhtml?oper=\u0026dest=\"\u003e\n\n\n\nJava Servlet Source Code Disclosure\n===================================\nThe source code of .jhtml files is revealed to the end user by requesting any of the following:\n\nNormal File:                        file.html\n\nModified 1:                                         file%2Ejhtml\nModified 2:                                         file.jhtm%6C\nModified 3:                                         file.jhtml%00\nModified 4:                                         file.jhtml%c0%80\n\nCisco Collaboration Server 5 Paths It Works On (list may not be complete)\n=========================================================================\nhttp://www.website.com/doc/docindex.jhtml\nhttp://www.website.com/browserId/wizardForm.jhtml\nhttp://www.website.com/webline/html/forms/callback.jhtml\nhttp://www.website.com/webline/html/forms/callbackICM.jhtml\nhttp://www.website.com/webline/html/agent/AgentFrame.jhtml\nhttp://www.website.com/webline/html/agent/default/badlogin.jhtml\nhttp://www.website.com/callme/callForm.jhtml\nhttp://www.website.com/webline/html/multichatui/nowDefunctWindow.jhtml\nhttp://www.website.com/browserId/wizard.jhtml\nhttp://www.website.com/admin/CiscoAdmin.jhtml\nhttp://www.website.com/msccallme/mscCallForm.jhtml\nhttp://www.website.com/webline/html/admin/wcs/LoginPage.jhtml\n\nRelated Public Info\n===================\nhttp://www.securityfocus.com/bid/3592/info\nhttp://www.securityfocus.com/bid/1578/info\nhttp://www.securityfocus.com/bid/1328/info\n\n\nScott White\u003cmailto:swhite@securestate.com\u003e                | Senior Consultant          | SecureState\n623.321.2660 - office | 480.440.7595 - mobile | 216.927.2801 - fax\n\n[cid:image001.png@01CAAB16.BDE852B0]\u003chttps://www.securestate.com/\u003e\n\n\n\n\n\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2000-0498"
          },
          {
            "db": "BID",
            "id": "1328"
          },
          {
            "db": "BID",
            "id": "1578"
          },
          {
            "db": "PACKETSTORM",
            "id": "86199"
          }
        ],
        "trust": 1.53
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "BID",
            "id": "1328",
            "trust": 2.0
          },
          {
            "db": "NVD",
            "id": "CVE-2000-0498",
            "trust": 1.6
          },
          {
            "db": "NTBUGTRAQ",
            "id": "20000608 POTENTIAL VULNERABILITY IN UNIFY EWAVE SERVLETEXEC",
            "trust": 0.6
          },
          {
            "db": "XF",
            "id": "4649",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200006-036",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "1578",
            "trust": 0.4
          },
          {
            "db": "BID",
            "id": "3592",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "86199",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "1328"
          },
          {
            "db": "BID",
            "id": "1578"
          },
          {
            "db": "PACKETSTORM",
            "id": "86199"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200006-036"
          },
          {
            "db": "NVD",
            "id": "CVE-2000-0498"
          }
        ]
      },
      "id": "VAR-200006-0148",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 1.0
      },
      "last_update_date": "2025-04-03T22:26:28.806000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-178",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2000-0498"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0250.html"
          },
          {
            "trust": 1.6,
            "url": "http://www.securityfocus.com/bid/1328"
          },
          {
            "trust": 1.0,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4649"
          },
          {
            "trust": 0.6,
            "url": "http://xforce.iss.net/static/4649.php"
          },
          {
            "trust": 0.3,
            "url": "http://www.servletexec.com/"
          },
          {
            "trust": 0.3,
            "url": "http://www.beasys.com/products/weblogic/index.html"
          },
          {
            "trust": 0.3,
            "url": "http://www-4.ibm.com/software/webservers/appserv/efix.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.microsoft.com/technet/security/bulletin/fq00-058.asp"
          },
          {
            "trust": 0.1,
            "url": "http://www.website.com/doc/docindex.jhtml"
          },
          {
            "trust": 0.1,
            "url": "http://www.website.com/webline/html/admin/wcs/loginpage.jhtml"
          },
          {
            "trust": 0.1,
            "url": "http://www.website.com/callme/callform.jhtml"
          },
          {
            "trust": 0.1,
            "url": "http://www.securityfocus.com/bid/1578/info"
          },
          {
            "trust": 0.1,
            "url": "http://www.cisco.com/en/us/products/ps7233/index.html"
          },
          {
            "trust": 0.1,
            "url": "http://www.website.com/webline/html/forms/callback.jhtml"
          },
          {
            "trust": 0.1,
            "url": "http://www.website.com/browserid/wizard.jhtml"
          },
          {
            "trust": 0.1,
            "url": "http://www.website.com/webline/html/agent/default/badlogin.jhtml"
          },
          {
            "trust": 0.1,
            "url": "http://www.securityfocus.com/bid/1328/info"
          },
          {
            "trust": 0.1,
            "url": "http://www.website.com/webline/html/forms/callbackicm.jhtml"
          },
          {
            "trust": 0.1,
            "url": "http://www.website.com/msccallme/msccallform.jhtml"
          },
          {
            "trust": 0.1,
            "url": "http://www.website.com/browserid/wizardform.jhtml"
          },
          {
            "trust": 0.1,
            "url": "http://www.website.com/webline/html/admin/wcs/loginpage.jhtml?oper=\u0026dest=\"\u003e"
          },
          {
            "trust": 0.1,
            "url": "http://www.website.com/webline/html/multichatui/nowdefunctwindow.jhtml"
          },
          {
            "trust": 0.1,
            "url": "http://www.cisco.com/en/us/products/ps7236/index.html"
          },
          {
            "trust": 0.1,
            "url": "http://www.securityfocus.com/bid/3592/info"
          },
          {
            "trust": 0.1,
            "url": "https://www.securestate.com/\u003e"
          },
          {
            "trust": 0.1,
            "url": "http://www.website.com/webline/html/agent/agentframe.jhtml"
          },
          {
            "trust": 0.1,
            "url": "http://www.website.com/admin/ciscoadmin.jhtml"
          },
          {
            "trust": 0.1,
            "url": "http://www.cisco.com/en/us/products/sw/custcosw/ps747/prod_eol_notice09186a008032d4d0.html"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "1328"
          },
          {
            "db": "BID",
            "id": "1578"
          },
          {
            "db": "PACKETSTORM",
            "id": "86199"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200006-036"
          },
          {
            "db": "NVD",
            "id": "CVE-2000-0498"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "BID",
            "id": "1328"
          },
          {
            "db": "BID",
            "id": "1578"
          },
          {
            "db": "PACKETSTORM",
            "id": "86199"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200006-036"
          },
          {
            "db": "NVD",
            "id": "CVE-2000-0498"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2000-06-08T00:00:00",
            "db": "BID",
            "id": "1328"
          },
          {
            "date": "2000-08-14T00:00:00",
            "db": "BID",
            "id": "1578"
          },
          {
            "date": "2010-02-12T06:51:39",
            "db": "PACKETSTORM",
            "id": "86199"
          },
          {
            "date": "2000-06-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200006-036"
          },
          {
            "date": "2000-06-08T04:00:00",
            "db": "NVD",
            "id": "CVE-2000-0498"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2000-06-08T00:00:00",
            "db": "BID",
            "id": "1328"
          },
          {
            "date": "2000-08-14T00:00:00",
            "db": "BID",
            "id": "1578"
          },
          {
            "date": "2005-07-27T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200006-036"
          },
          {
            "date": "2025-04-03T01:03:51.193000",
            "db": "NVD",
            "id": "CVE-2000-0498"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "network",
        "sources": [
          {
            "db": "BID",
            "id": "1328"
          },
          {
            "db": "BID",
            "id": "1578"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "JSP Source code leak vulnerability",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200006-036"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Design Error",
        "sources": [
          {
            "db": "BID",
            "id": "1328"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200006-036"
          }
        ],
        "trust": 0.9
      }
    }

    VAR-200006-0150

    Vulnerability from variot - Updated: 2025-04-03 22:26

    Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL. Many webservers are case-sensitive, but do not have all possible combinations of cases in mapped extensions mapped properly. By changing the letters in a JSP or a JHTML file extension from lower case to upper case (eg: .jsp or .jhtml becomes .JSP or .JHTML) in a URL the server does not recognize the file extension and sends the file normally. In that manner, a user is able to access the source code to those specific files. Microsoft IIS 5.0 has a dedicated scripting engine for advanced file types such as ASP, ASA, HTR, etc. files. The scripting engines handle requests for these file types, processes them accordingly, and then executes them on the server. It is possible to force the server to send back the source of known scriptable files to the client if the HTTP GET request contains a specialized header with 'Translate: f' at the end of it, and if a trailing slash '/' is appended to the end of the URL. The scripting engine will be able to locate the requested file, however, it will not recognize it as a file that needs to be processed and will proceed to send the file source to the client. Allaire JRun is a development suite with JSP and Java Servlets for developing web applications. Allaire JRun is prone to an information-disclosure vulnerability because it fails to handle malformed URLs properly. A remote attacker could access the contents under the webserver root directory. Submitting a request for 'http://server/%3f.jsp' could cause JRun to reveal the contents within the web root. It's also possible to view the contents of any subdirectories along with ACL-protected resources. The attacker could exploit this issue to obtain the source of known files residing on the host, including ASP files. NOTE: This vulnerability was originally reported to work on Microsoft IIS hosts only, but other webservers (Apache, Jetty) have been reported vulnerable.

    Title: Cisco Collaboration Server 5 XSS, Source Code Disclosure

    Author: s4squatch

    Published: 2010-02-11

    Cisco Collaboration Server 5 XSS, Source Code Disclosure Discovered by: s4squatch of SecureState R&D Team (www.securestate.com Discovered: 08/26/2008

    Note: End of Engineering --> http://www.cisco.com/en/US/products/sw/custcosw/ps747/prod_eol_notice09186a008032d4d0.html Replaced with: http://www.cisco.com/en/US/products/ps7233/index.html and http://www.cisco.com/en/US/products/ps7236/index.html

    XSS

    http://www.website.com/webline/html/admin/wcs/LoginPage.jhtml?oper=&dest=">

    Java Servlet Source Code Disclosure

    The source code of .jhtml files is revealed to the end user by requesting any of the following:

    Normal File: file.html

    Modified 1: file%2Ejhtml Modified 2: file.jhtm%6C Modified 3: file.jhtml%00 Modified 4: file.jhtml%c0%80

    Cisco Collaboration Server 5 Paths It Works On (list may not be complete)

    http://www.website.com/doc/docindex.jhtml http://www.website.com/browserId/wizardForm.jhtml http://www.website.com/webline/html/forms/callback.jhtml http://www.website.com/webline/html/forms/callbackICM.jhtml http://www.website.com/webline/html/agent/AgentFrame.jhtml http://www.website.com/webline/html/agent/default/badlogin.jhtml http://www.website.com/callme/callForm.jhtml http://www.website.com/webline/html/multichatui/nowDefunctWindow.jhtml http://www.website.com/browserId/wizard.jhtml http://www.website.com/admin/CiscoAdmin.jhtml http://www.website.com/msccallme/mscCallForm.jhtml http://www.website.com/webline/html/admin/wcs/LoginPage.jhtml

    Related Public Info

    http://www.securityfocus.com/bid/3592/info http://www.securityfocus.com/bid/1578/info http://www.securityfocus.com/bid/1328/info

    Scott Whiteswhite@securestate.com | Senior Consultant | SecureState 623.321.2660 - office | 480.440.7595 - mobile | 216.927.2801 - fax

    [cid:image001.png@01CAAB16.BDE852B0]https://www.securestate.com/

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-200006-0150",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "jrun",
            "scope": "eq",
            "trust": 1.9,
            "vendor": "macromedia",
            "version": "3.1"
          },
          {
            "model": "jrun",
            "scope": "eq",
            "trust": 1.9,
            "vendor": "macromedia",
            "version": "3.0"
          },
          {
            "model": "jrun",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "macromedia",
            "version": "2.3.3"
          },
          {
            "model": "ewave servletexec",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "unify",
            "version": "3.0"
          },
          {
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0.2.1"
          },
          {
            "model": "systems weblogic server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bea",
            "version": "4.5.1"
          },
          {
            "model": "systems weblogic",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bea",
            "version": "4.0.4"
          },
          {
            "model": "systems weblogic",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bea",
            "version": "3.1.8"
          },
          {
            "model": "ewave servletexec c",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "unify",
            "version": "3.0"
          },
          {
            "model": "iis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "5.0"
          },
          {
            "model": "iis",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "1328"
          },
          {
            "db": "BID",
            "id": "1578"
          },
          {
            "db": "BID",
            "id": "3592"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200112-162"
          },
          {
            "db": "NVD",
            "id": "CVE-2001-1510"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovered by George Hedfors \u003cgeorge.hedfors@defcom.com\u003e of Defcom Labs and published in Macromedia Product Security Bulletin (MPSB01-13) on November 27, 2001.",
        "sources": [
          {
            "db": "BID",
            "id": "3592"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200112-162"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2001-1510",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2001-1510",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2001-1510",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200112-162",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200112-162"
          },
          {
            "db": "NVD",
            "id": "CVE-2001-1510"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) \"%3f.jsp\", (2) \"?.jsp\" or (3) \"?\" to the requested URL. Many webservers are case-sensitive, but do not have all possible combinations of cases in mapped extensions mapped properly. \nBy changing the letters in a JSP or a JHTML file extension from lower case to upper case (eg: .jsp or .jhtml becomes .JSP or .JHTML) in a URL the server does not recognize the file extension and sends the file normally. In that manner, a user is able to access the source code to those specific files. Microsoft IIS 5.0 has a dedicated scripting engine for advanced file types such as ASP, ASA, HTR, etc. files. The scripting engines handle requests for these file types, processes them accordingly, and then executes them  on the server. \nIt is possible to force the server to send back the source of known scriptable files to the client if the HTTP GET request contains a specialized header with \u0027Translate: f\u0027 at the end of it, and if a trailing slash \u0027/\u0027 is appended to the end of the URL. The scripting engine will be able to locate the requested file, however, it will not recognize it as a file that needs to be processed and will proceed to send the file source to the client. Allaire JRun is a development suite with JSP and Java Servlets for developing web applications. \nAllaire JRun is prone to an information-disclosure vulnerability because it fails to handle malformed URLs properly. A remote attacker could access the contents under the webserver root directory. \nSubmitting a request for \u0027http://server/%3f.jsp\u0027 could cause JRun to reveal the contents within the web root.  It\u0027s also possible to view the contents of any subdirectories along with ACL-protected resources. \nThe attacker could exploit this issue to obtain the source of known files residing on the host, including ASP files. \nNOTE: This vulnerability was originally reported to work on Microsoft IIS hosts only, but other webservers (Apache, Jetty) have been reported vulnerable. \n\n# Title: Cisco Collaboration Server 5 XSS, Source Code Disclosure\n# Author: s4squatch\n# Published: 2010-02-11\n\n\nCisco Collaboration Server 5 XSS, Source Code Disclosure\nDiscovered by:  s4squatch of SecureState R\u0026D Team (www.securestate.com\nDiscovered: 08/26/2008\n\nNote: End of Engineering  --\u003e  http://www.cisco.com/en/US/products/sw/custcosw/ps747/prod_eol_notice09186a008032d4d0.html\nReplaced with: http://www.cisco.com/en/US/products/ps7233/index.html and http://www.cisco.com/en/US/products/ps7236/index.html\n\n\nXSS\n===\nhttp://www.website.com/webline/html/admin/wcs/LoginPage.jhtml?oper=\u0026dest=\"\u003e\n\n\n\nJava Servlet Source Code Disclosure\n===================================\nThe source code of .jhtml files is revealed to the end user by requesting any of the following:\n\nNormal File:                        file.html\n\nModified 1:                                         file%2Ejhtml\nModified 2:                                         file.jhtm%6C\nModified 3:                                         file.jhtml%00\nModified 4:                                         file.jhtml%c0%80\n\nCisco Collaboration Server 5 Paths It Works On (list may not be complete)\n=========================================================================\nhttp://www.website.com/doc/docindex.jhtml\nhttp://www.website.com/browserId/wizardForm.jhtml\nhttp://www.website.com/webline/html/forms/callback.jhtml\nhttp://www.website.com/webline/html/forms/callbackICM.jhtml\nhttp://www.website.com/webline/html/agent/AgentFrame.jhtml\nhttp://www.website.com/webline/html/agent/default/badlogin.jhtml\nhttp://www.website.com/callme/callForm.jhtml\nhttp://www.website.com/webline/html/multichatui/nowDefunctWindow.jhtml\nhttp://www.website.com/browserId/wizard.jhtml\nhttp://www.website.com/admin/CiscoAdmin.jhtml\nhttp://www.website.com/msccallme/mscCallForm.jhtml\nhttp://www.website.com/webline/html/admin/wcs/LoginPage.jhtml\n\nRelated Public Info\n===================\nhttp://www.securityfocus.com/bid/3592/info\nhttp://www.securityfocus.com/bid/1578/info\nhttp://www.securityfocus.com/bid/1328/info\n\n\nScott White\u003cmailto:swhite@securestate.com\u003e                | Senior Consultant          | SecureState\n623.321.2660 - office | 480.440.7595 - mobile | 216.927.2801 - fax\n\n[cid:image001.png@01CAAB16.BDE852B0]\u003chttps://www.securestate.com/\u003e\n\n\n\n\n\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2001-1510"
          },
          {
            "db": "BID",
            "id": "1328"
          },
          {
            "db": "BID",
            "id": "1578"
          },
          {
            "db": "BID",
            "id": "3592"
          },
          {
            "db": "PACKETSTORM",
            "id": "86199"
          }
        ],
        "trust": 1.8
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "BID",
            "id": "3592",
            "trust": 2.0
          },
          {
            "db": "NVD",
            "id": "CVE-2001-1510",
            "trust": 1.9
          },
          {
            "db": "XF",
            "id": "7623",
            "trust": 0.6
          },
          {
            "db": "ALLAIRE",
            "id": "MPSB01-13",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200112-162",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "1328",
            "trust": 0.4
          },
          {
            "db": "BID",
            "id": "1578",
            "trust": 0.4
          },
          {
            "db": "PACKETSTORM",
            "id": "86199",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "1328"
          },
          {
            "db": "BID",
            "id": "1578"
          },
          {
            "db": "BID",
            "id": "3592"
          },
          {
            "db": "PACKETSTORM",
            "id": "86199"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200112-162"
          },
          {
            "db": "NVD",
            "id": "CVE-2001-1510"
          }
        ]
      },
      "id": "VAR-200006-0150",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 1.0
      },
      "last_update_date": "2025-04-03T22:26:28.771000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2001-1510"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "http://www.securityfocus.com/bid/3592"
          },
          {
            "trust": 1.6,
            "url": "http://www.macromedia.com/v1/handlers/index.cfm?id=22262\u0026method=full"
          },
          {
            "trust": 1.6,
            "url": "http://www.iss.net/security_center/static/7623.php"
          },
          {
            "trust": 1.0,
            "url": "http://online.securityfocus.com/archive/1/242843/2002-07-27/2002-08-02/2"
          },
          {
            "trust": 1.0,
            "url": "http://online.securityfocus.com/archive/1/243203"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/243636"
          },
          {
            "trust": 0.3,
            "url": "http://www.servletexec.com/"
          },
          {
            "trust": 0.3,
            "url": "http://www.beasys.com/products/weblogic/index.html"
          },
          {
            "trust": 0.3,
            "url": "http://www-4.ibm.com/software/webservers/appserv/efix.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.microsoft.com/technet/security/bulletin/fq00-058.asp"
          },
          {
            "trust": 0.3,
            "url": "http://www.allaire.com/products/jrun/index.cfm"
          },
          {
            "trust": 0.1,
            "url": "http://www.website.com/doc/docindex.jhtml"
          },
          {
            "trust": 0.1,
            "url": "http://www.website.com/webline/html/admin/wcs/loginpage.jhtml"
          },
          {
            "trust": 0.1,
            "url": "http://www.website.com/callme/callform.jhtml"
          },
          {
            "trust": 0.1,
            "url": "http://www.securityfocus.com/bid/1578/info"
          },
          {
            "trust": 0.1,
            "url": "http://www.cisco.com/en/us/products/ps7233/index.html"
          },
          {
            "trust": 0.1,
            "url": "http://www.website.com/webline/html/forms/callback.jhtml"
          },
          {
            "trust": 0.1,
            "url": "http://www.website.com/browserid/wizard.jhtml"
          },
          {
            "trust": 0.1,
            "url": "http://www.website.com/webline/html/agent/default/badlogin.jhtml"
          },
          {
            "trust": 0.1,
            "url": "http://www.securityfocus.com/bid/1328/info"
          },
          {
            "trust": 0.1,
            "url": "http://www.website.com/webline/html/forms/callbackicm.jhtml"
          },
          {
            "trust": 0.1,
            "url": "http://www.website.com/msccallme/msccallform.jhtml"
          },
          {
            "trust": 0.1,
            "url": "http://www.website.com/browserid/wizardform.jhtml"
          },
          {
            "trust": 0.1,
            "url": "http://www.website.com/webline/html/admin/wcs/loginpage.jhtml?oper=\u0026dest=\"\u003e"
          },
          {
            "trust": 0.1,
            "url": "http://www.website.com/webline/html/multichatui/nowdefunctwindow.jhtml"
          },
          {
            "trust": 0.1,
            "url": "http://www.cisco.com/en/us/products/ps7236/index.html"
          },
          {
            "trust": 0.1,
            "url": "http://www.securityfocus.com/bid/3592/info"
          },
          {
            "trust": 0.1,
            "url": "https://www.securestate.com/\u003e"
          },
          {
            "trust": 0.1,
            "url": "http://www.website.com/webline/html/agent/agentframe.jhtml"
          },
          {
            "trust": 0.1,
            "url": "http://www.website.com/admin/ciscoadmin.jhtml"
          },
          {
            "trust": 0.1,
            "url": "http://www.cisco.com/en/us/products/sw/custcosw/ps747/prod_eol_notice09186a008032d4d0.html"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "1328"
          },
          {
            "db": "BID",
            "id": "1578"
          },
          {
            "db": "BID",
            "id": "3592"
          },
          {
            "db": "PACKETSTORM",
            "id": "86199"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200112-162"
          },
          {
            "db": "NVD",
            "id": "CVE-2001-1510"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "BID",
            "id": "1328"
          },
          {
            "db": "BID",
            "id": "1578"
          },
          {
            "db": "BID",
            "id": "3592"
          },
          {
            "db": "PACKETSTORM",
            "id": "86199"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200112-162"
          },
          {
            "db": "NVD",
            "id": "CVE-2001-1510"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2000-06-08T00:00:00",
            "db": "BID",
            "id": "1328"
          },
          {
            "date": "2000-08-14T00:00:00",
            "db": "BID",
            "id": "1578"
          },
          {
            "date": "2001-11-27T00:00:00",
            "db": "BID",
            "id": "3592"
          },
          {
            "date": "2010-02-12T06:51:39",
            "db": "PACKETSTORM",
            "id": "86199"
          },
          {
            "date": "2001-12-31T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200112-162"
          },
          {
            "date": "2001-12-31T05:00:00",
            "db": "NVD",
            "id": "CVE-2001-1510"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2000-06-08T00:00:00",
            "db": "BID",
            "id": "1328"
          },
          {
            "date": "2000-08-14T00:00:00",
            "db": "BID",
            "id": "1578"
          },
          {
            "date": "2009-11-03T15:27:00",
            "db": "BID",
            "id": "3592"
          },
          {
            "date": "2005-10-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200112-162"
          },
          {
            "date": "2025-04-03T01:03:51.193000",
            "db": "NVD",
            "id": "CVE-2001-1510"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "network",
        "sources": [
          {
            "db": "BID",
            "id": "1328"
          },
          {
            "db": "BID",
            "id": "1578"
          },
          {
            "db": "BID",
            "id": "3592"
          }
        ],
        "trust": 0.9
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Allaire JRun Web Root directory leak vulnerability",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200112-162"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Unknown",
        "sources": [
          {
            "db": "BID",
            "id": "3592"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200112-162"
          }
        ],
        "trust": 0.9
      }
    }

    VAR-200006-0149

    Vulnerability from variot - Updated: 2025-04-03 22:26

    IBM WebSphere server 3.0.2 allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case. Many webservers are case-sensitive, but do not have all possible combinations of cases in mapped extensions mapped properly. In that manner, a user is able to access the source code to those specific files. Microsoft IIS 5.0 has a dedicated scripting engine for advanced file types such as ASP, ASA, HTR, etc. files. The scripting engines handle requests for these file types, processes them accordingly, and then executes them on the server. It is possible to force the server to send back the source of known scriptable files to the client if the HTTP GET request contains a specialized header with 'Translate: f' at the end of it, and if a trailing slash '/' is appended to the end of the URL. The scripting engine will be able to locate the requested file, however, it will not recognize it as a file that needs to be processed and will proceed to send the file source to the client.

    Title: Cisco Collaboration Server 5 XSS, Source Code Disclosure

    Author: s4squatch

    Published: 2010-02-11

    Cisco Collaboration Server 5 XSS, Source Code Disclosure Discovered by: s4squatch of SecureState R&D Team (www.securestate.com Discovered: 08/26/2008

    Note: End of Engineering --> http://www.cisco.com/en/US/products/sw/custcosw/ps747/prod_eol_notice09186a008032d4d0.html Replaced with: http://www.cisco.com/en/US/products/ps7233/index.html and http://www.cisco.com/en/US/products/ps7236/index.html

    XSS

    http://www.website.com/webline/html/admin/wcs/LoginPage.jhtml?oper=&dest=">

    Java Servlet Source Code Disclosure

    The source code of .jhtml files is revealed to the end user by requesting any of the following:

    Normal File: file.html

    Modified 1: file%2Ejhtml Modified 2: file.jhtm%6C Modified 3: file.jhtml%00 Modified 4: file.jhtml%c0%80

    Cisco Collaboration Server 5 Paths It Works On (list may not be complete)

    http://www.website.com/doc/docindex.jhtml http://www.website.com/browserId/wizardForm.jhtml http://www.website.com/webline/html/forms/callback.jhtml http://www.website.com/webline/html/forms/callbackICM.jhtml http://www.website.com/webline/html/agent/AgentFrame.jhtml http://www.website.com/webline/html/agent/default/badlogin.jhtml http://www.website.com/callme/callForm.jhtml http://www.website.com/webline/html/multichatui/nowDefunctWindow.jhtml http://www.website.com/browserId/wizard.jhtml http://www.website.com/admin/CiscoAdmin.jhtml http://www.website.com/msccallme/mscCallForm.jhtml http://www.website.com/webline/html/admin/wcs/LoginPage.jhtml

    Related Public Info

    http://www.securityfocus.com/bid/3592/info http://www.securityfocus.com/bid/1578/info http://www.securityfocus.com/bid/1328/info

    Scott Whiteswhite@securestate.com | Senior Consultant | SecureState 623.321.2660 - office | 480.440.7595 - mobile | 216.927.2801 - fax

    [cid:image001.png@01CAAB16.BDE852B0]https://www.securestate.com/

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-200006-0149",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "websphere application server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "3.0.2"
          },
          {
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ibm",
            "version": "3.0.21"
          },
          {
            "model": "ewave servletexec",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "unify",
            "version": "3.0"
          },
          {
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0.2.1"
          },
          {
            "model": "systems weblogic server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bea",
            "version": "4.5.1"
          },
          {
            "model": "systems weblogic",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bea",
            "version": "4.0.4"
          },
          {
            "model": "systems weblogic",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bea",
            "version": "3.1.8"
          },
          {
            "model": "ewave servletexec c",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "unify",
            "version": "3.0"
          },
          {
            "model": "iis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "5.0"
          },
          {
            "model": "iis",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "1328"
          },
          {
            "db": "BID",
            "id": "1578"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200006-040"
          },
          {
            "db": "NVD",
            "id": "CVE-2000-0497"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Unify Exploit : Discovered by Niclas Vikstrom and posted to NTbugtraq on June 8, 2000.\n\n BEA Systems exploit : Discovered by Shreeraj Shah and published by Foundstone, Inc., June 12, 2000.\n\n IBM WebSphere Application Server exploit : Discovered by Shreera",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200006-040"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2000-0497",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2000-0497",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2000-0497",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2000-0497",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200006-040",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200006-040"
          },
          {
            "db": "NVD",
            "id": "CVE-2000-0497"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "IBM WebSphere server 3.0.2 allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case. Many webservers are case-sensitive, but do not have all possible combinations of cases in mapped extensions mapped properly. In that manner, a user is able to access the source code to those specific files. Microsoft IIS 5.0 has a dedicated scripting engine for advanced file types such as ASP, ASA, HTR, etc. files. The scripting engines handle requests for these file types, processes them accordingly, and then executes them  on the server. \nIt is possible to force the server to send back the source of known scriptable files to the client if the HTTP GET request contains a specialized header with \u0027Translate: f\u0027 at the end of it, and if a trailing slash \u0027/\u0027 is appended to the end of the URL. The scripting engine will be able to locate the requested file, however, it will not recognize it as a file that needs to be processed and will proceed to send the file source to the client. \n\n# Title: Cisco Collaboration Server 5 XSS, Source Code Disclosure\n# Author: s4squatch\n# Published: 2010-02-11\n\n\nCisco Collaboration Server 5 XSS, Source Code Disclosure\nDiscovered by:  s4squatch of SecureState R\u0026D Team (www.securestate.com\nDiscovered: 08/26/2008\n\nNote: End of Engineering  --\u003e  http://www.cisco.com/en/US/products/sw/custcosw/ps747/prod_eol_notice09186a008032d4d0.html\nReplaced with: http://www.cisco.com/en/US/products/ps7233/index.html and http://www.cisco.com/en/US/products/ps7236/index.html\n\n\nXSS\n===\nhttp://www.website.com/webline/html/admin/wcs/LoginPage.jhtml?oper=\u0026dest=\"\u003e\n\n\n\nJava Servlet Source Code Disclosure\n===================================\nThe source code of .jhtml files is revealed to the end user by requesting any of the following:\n\nNormal File:                        file.html\n\nModified 1:                                         file%2Ejhtml\nModified 2:                                         file.jhtm%6C\nModified 3:                                         file.jhtml%00\nModified 4:                                         file.jhtml%c0%80\n\nCisco Collaboration Server 5 Paths It Works On (list may not be complete)\n=========================================================================\nhttp://www.website.com/doc/docindex.jhtml\nhttp://www.website.com/browserId/wizardForm.jhtml\nhttp://www.website.com/webline/html/forms/callback.jhtml\nhttp://www.website.com/webline/html/forms/callbackICM.jhtml\nhttp://www.website.com/webline/html/agent/AgentFrame.jhtml\nhttp://www.website.com/webline/html/agent/default/badlogin.jhtml\nhttp://www.website.com/callme/callForm.jhtml\nhttp://www.website.com/webline/html/multichatui/nowDefunctWindow.jhtml\nhttp://www.website.com/browserId/wizard.jhtml\nhttp://www.website.com/admin/CiscoAdmin.jhtml\nhttp://www.website.com/msccallme/mscCallForm.jhtml\nhttp://www.website.com/webline/html/admin/wcs/LoginPage.jhtml\n\nRelated Public Info\n===================\nhttp://www.securityfocus.com/bid/3592/info\nhttp://www.securityfocus.com/bid/1578/info\nhttp://www.securityfocus.com/bid/1328/info\n\n\nScott White\u003cmailto:swhite@securestate.com\u003e                | Senior Consultant          | SecureState\n623.321.2660 - office | 480.440.7595 - mobile | 216.927.2801 - fax\n\n[cid:image001.png@01CAAB16.BDE852B0]\u003chttps://www.securestate.com/\u003e\n\n\n\n\n\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2000-0497"
          },
          {
            "db": "BID",
            "id": "1328"
          },
          {
            "db": "BID",
            "id": "1578"
          },
          {
            "db": "PACKETSTORM",
            "id": "86199"
          }
        ],
        "trust": 1.53
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "BID",
            "id": "1328",
            "trust": 2.0
          },
          {
            "db": "NVD",
            "id": "CVE-2000-0497",
            "trust": 1.6
          },
          {
            "db": "NTBUGTRAQ",
            "id": "20000612 IBM WEBSPHERE JSP SHOWCODE VULNERABILITY",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200006-040",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "1578",
            "trust": 0.4
          },
          {
            "db": "BID",
            "id": "3592",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "86199",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "1328"
          },
          {
            "db": "BID",
            "id": "1578"
          },
          {
            "db": "PACKETSTORM",
            "id": "86199"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200006-040"
          },
          {
            "db": "NVD",
            "id": "CVE-2000-0497"
          }
        ]
      },
      "id": "VAR-200006-0149",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 1.0
      },
      "last_update_date": "2025-04-03T22:26:28.740000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-178",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2000-0497"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.9,
            "url": "http://www-4.ibm.com/software/webservers/appserv/efix.html"
          },
          {
            "trust": 1.6,
            "url": "http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0263.html"
          },
          {
            "trust": 1.6,
            "url": "http://www.securityfocus.com/bid/1328"
          },
          {
            "trust": 0.3,
            "url": "http://www.servletexec.com/"
          },
          {
            "trust": 0.3,
            "url": "http://www.beasys.com/products/weblogic/index.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.microsoft.com/technet/security/bulletin/fq00-058.asp"
          },
          {
            "trust": 0.1,
            "url": "http://www.website.com/doc/docindex.jhtml"
          },
          {
            "trust": 0.1,
            "url": "http://www.website.com/webline/html/admin/wcs/loginpage.jhtml"
          },
          {
            "trust": 0.1,
            "url": "http://www.website.com/callme/callform.jhtml"
          },
          {
            "trust": 0.1,
            "url": "http://www.securityfocus.com/bid/1578/info"
          },
          {
            "trust": 0.1,
            "url": "http://www.cisco.com/en/us/products/ps7233/index.html"
          },
          {
            "trust": 0.1,
            "url": "http://www.website.com/webline/html/forms/callback.jhtml"
          },
          {
            "trust": 0.1,
            "url": "http://www.website.com/browserid/wizard.jhtml"
          },
          {
            "trust": 0.1,
            "url": "http://www.website.com/webline/html/agent/default/badlogin.jhtml"
          },
          {
            "trust": 0.1,
            "url": "http://www.securityfocus.com/bid/1328/info"
          },
          {
            "trust": 0.1,
            "url": "http://www.website.com/webline/html/forms/callbackicm.jhtml"
          },
          {
            "trust": 0.1,
            "url": "http://www.website.com/msccallme/msccallform.jhtml"
          },
          {
            "trust": 0.1,
            "url": "http://www.website.com/browserid/wizardform.jhtml"
          },
          {
            "trust": 0.1,
            "url": "http://www.website.com/webline/html/admin/wcs/loginpage.jhtml?oper=\u0026dest=\"\u003e"
          },
          {
            "trust": 0.1,
            "url": "http://www.website.com/webline/html/multichatui/nowdefunctwindow.jhtml"
          },
          {
            "trust": 0.1,
            "url": "http://www.cisco.com/en/us/products/ps7236/index.html"
          },
          {
            "trust": 0.1,
            "url": "http://www.securityfocus.com/bid/3592/info"
          },
          {
            "trust": 0.1,
            "url": "https://www.securestate.com/\u003e"
          },
          {
            "trust": 0.1,
            "url": "http://www.website.com/webline/html/agent/agentframe.jhtml"
          },
          {
            "trust": 0.1,
            "url": "http://www.website.com/admin/ciscoadmin.jhtml"
          },
          {
            "trust": 0.1,
            "url": "http://www.cisco.com/en/us/products/sw/custcosw/ps747/prod_eol_notice09186a008032d4d0.html"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "1328"
          },
          {
            "db": "BID",
            "id": "1578"
          },
          {
            "db": "PACKETSTORM",
            "id": "86199"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200006-040"
          },
          {
            "db": "NVD",
            "id": "CVE-2000-0497"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "BID",
            "id": "1328"
          },
          {
            "db": "BID",
            "id": "1578"
          },
          {
            "db": "PACKETSTORM",
            "id": "86199"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200006-040"
          },
          {
            "db": "NVD",
            "id": "CVE-2000-0497"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2000-06-08T00:00:00",
            "db": "BID",
            "id": "1328"
          },
          {
            "date": "2000-08-14T00:00:00",
            "db": "BID",
            "id": "1578"
          },
          {
            "date": "2010-02-12T06:51:39",
            "db": "PACKETSTORM",
            "id": "86199"
          },
          {
            "date": "2000-06-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200006-040"
          },
          {
            "date": "2000-06-08T04:00:00",
            "db": "NVD",
            "id": "CVE-2000-0497"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2000-06-08T00:00:00",
            "db": "BID",
            "id": "1328"
          },
          {
            "date": "2000-08-14T00:00:00",
            "db": "BID",
            "id": "1578"
          },
          {
            "date": "2006-08-21T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200006-040"
          },
          {
            "date": "2025-04-03T01:03:51.193000",
            "db": "NVD",
            "id": "CVE-2000-0497"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "network",
        "sources": [
          {
            "db": "BID",
            "id": "1328"
          },
          {
            "db": "BID",
            "id": "1578"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "JSP Source code leak vulnerability",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200006-040"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Design Error",
        "sources": [
          {
            "db": "BID",
            "id": "1328"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200006-040"
          }
        ],
        "trust": 0.9
      }
    }

    VAR-200006-0151

    Vulnerability from variot - Updated: 2025-04-03 22:26

    IIS 5.0 allows remote attackers to obtain source code for .ASP files and other scripts via an HTTP GET request with a "Translate: f" header, aka the "Specialized Header" vulnerability. Microsoft IIS Is "Translate: f" Header added HTTP GET When a request is received, a flaw exists that locates the correct file but does not recognize it as a file that needs to be processed by the script engine and sends that file to the browser..ASP And .ASA And .HTR You may be able to view source files that have a normal extension that cannot be viewed. Many webservers are case-sensitive, but do not have all possible combinations of cases in mapped extensions mapped properly. By changing the letters in a JSP or a JHTML file extension from lower case to upper case (eg: .jsp or .jhtml becomes .JSP or .JHTML) in a URL the server does not recognize the file extension and sends the file normally. In that manner, a user is able to access the source code to those specific files. Microsoft IIS 5.0 has a dedicated scripting engine for advanced file types such as ASP, ASA, HTR, etc. files. The scripting engines handle requests for these file types, processes them accordingly, and then executes them on the server.

    Title: Cisco Collaboration Server 5 XSS, Source Code Disclosure

    Author: s4squatch

    Published: 2010-02-11

    Cisco Collaboration Server 5 XSS, Source Code Disclosure Discovered by: s4squatch of SecureState R&D Team (www.securestate.com Discovered: 08/26/2008

    Note: End of Engineering --> http://www.cisco.com/en/US/products/sw/custcosw/ps747/prod_eol_notice09186a008032d4d0.html Replaced with: http://www.cisco.com/en/US/products/ps7233/index.html and http://www.cisco.com/en/US/products/ps7236/index.html

    XSS

    http://www.website.com/webline/html/admin/wcs/LoginPage.jhtml?oper=&dest=">

    Java Servlet Source Code Disclosure

    The source code of .jhtml files is revealed to the end user by requesting any of the following:

    Normal File: file.html

    Modified 1: file%2Ejhtml Modified 2: file.jhtm%6C Modified 3: file.jhtml%00 Modified 4: file.jhtml%c0%80

    Cisco Collaboration Server 5 Paths It Works On (list may not be complete)

    http://www.website.com/doc/docindex.jhtml http://www.website.com/browserId/wizardForm.jhtml http://www.website.com/webline/html/forms/callback.jhtml http://www.website.com/webline/html/forms/callbackICM.jhtml http://www.website.com/webline/html/agent/AgentFrame.jhtml http://www.website.com/webline/html/agent/default/badlogin.jhtml http://www.website.com/callme/callForm.jhtml http://www.website.com/webline/html/multichatui/nowDefunctWindow.jhtml http://www.website.com/browserId/wizard.jhtml http://www.website.com/admin/CiscoAdmin.jhtml http://www.website.com/msccallme/mscCallForm.jhtml http://www.website.com/webline/html/admin/wcs/LoginPage.jhtml

    Related Public Info

    http://www.securityfocus.com/bid/3592/info http://www.securityfocus.com/bid/1578/info http://www.securityfocus.com/bid/1328/info

    Scott Whiteswhite@securestate.com | Senior Consultant | SecureState 623.321.2660 - office | 480.440.7595 - mobile | 216.927.2801 - fax

    [cid:image001.png@01CAAB16.BDE852B0]https://www.securestate.com/

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-200006-0151",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "internet information services",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "microsoft",
            "version": "5.0"
          },
          {
            "model": "iis",
            "scope": "eq",
            "trust": 1.1,
            "vendor": "microsoft",
            "version": "5.0"
          },
          {
            "model": "internet information server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "microsoft",
            "version": "5.0"
          },
          {
            "model": "ewave servletexec",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "unify",
            "version": "3.0"
          },
          {
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0.2.1"
          },
          {
            "model": "systems weblogic server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bea",
            "version": "4.5.1"
          },
          {
            "model": "systems weblogic",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bea",
            "version": "4.0.4"
          },
          {
            "model": "systems weblogic",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bea",
            "version": "3.1.8"
          },
          {
            "model": "ewave servletexec c",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "unify",
            "version": "3.0"
          },
          {
            "model": "iis",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "1328"
          },
          {
            "db": "BID",
            "id": "1578"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2000-000057"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200010-019"
          },
          {
            "db": "NVD",
            "id": "CVE-2000-0778"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:microsoft:iis",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2000-000057"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Daniel Docekal\u203b ddoc@MIA.CZ",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200010-019"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2000-0778",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2000-0778",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2000-0778",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2000-0778",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200010-019",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2000-000057"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200010-019"
          },
          {
            "db": "NVD",
            "id": "CVE-2000-0778"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "IIS 5.0 allows remote attackers to obtain source code for .ASP files and other scripts via an HTTP GET request with a \"Translate: f\" header, aka the \"Specialized Header\" vulnerability. Microsoft IIS Is \"Translate: f\" Header added HTTP GET When a request is received, a flaw exists that locates the correct file but does not recognize it as a file that needs to be processed by the script engine and sends that file to the browser..ASP And .ASA And .HTR You may be able to view source files that have a normal extension that cannot be viewed. Many webservers are case-sensitive, but do not have all possible combinations of cases in mapped extensions mapped properly. \nBy changing the letters in a JSP or a JHTML file extension from lower case to upper case (eg: .jsp or .jhtml becomes .JSP or .JHTML) in a URL the server does not recognize the file extension and sends the file normally. In that manner, a user is able to access the source code to those specific files. Microsoft IIS 5.0 has a dedicated scripting engine for advanced file types such as ASP, ASA, HTR, etc. files. The scripting engines handle requests for these file types, processes them accordingly, and then executes them  on the server. \n\n# Title: Cisco Collaboration Server 5 XSS, Source Code Disclosure\n# Author: s4squatch\n# Published: 2010-02-11\n\n\nCisco Collaboration Server 5 XSS, Source Code Disclosure\nDiscovered by:  s4squatch of SecureState R\u0026D Team (www.securestate.com\nDiscovered: 08/26/2008\n\nNote: End of Engineering  --\u003e  http://www.cisco.com/en/US/products/sw/custcosw/ps747/prod_eol_notice09186a008032d4d0.html\nReplaced with: http://www.cisco.com/en/US/products/ps7233/index.html and http://www.cisco.com/en/US/products/ps7236/index.html\n\n\nXSS\n===\nhttp://www.website.com/webline/html/admin/wcs/LoginPage.jhtml?oper=\u0026dest=\"\u003e\n\n\n\nJava Servlet Source Code Disclosure\n===================================\nThe source code of .jhtml files is revealed to the end user by requesting any of the following:\n\nNormal File:                        file.html\n\nModified 1:                                         file%2Ejhtml\nModified 2:                                         file.jhtm%6C\nModified 3:                                         file.jhtml%00\nModified 4:                                         file.jhtml%c0%80\n\nCisco Collaboration Server 5 Paths It Works On (list may not be complete)\n=========================================================================\nhttp://www.website.com/doc/docindex.jhtml\nhttp://www.website.com/browserId/wizardForm.jhtml\nhttp://www.website.com/webline/html/forms/callback.jhtml\nhttp://www.website.com/webline/html/forms/callbackICM.jhtml\nhttp://www.website.com/webline/html/agent/AgentFrame.jhtml\nhttp://www.website.com/webline/html/agent/default/badlogin.jhtml\nhttp://www.website.com/callme/callForm.jhtml\nhttp://www.website.com/webline/html/multichatui/nowDefunctWindow.jhtml\nhttp://www.website.com/browserId/wizard.jhtml\nhttp://www.website.com/admin/CiscoAdmin.jhtml\nhttp://www.website.com/msccallme/mscCallForm.jhtml\nhttp://www.website.com/webline/html/admin/wcs/LoginPage.jhtml\n\nRelated Public Info\n===================\nhttp://www.securityfocus.com/bid/3592/info\nhttp://www.securityfocus.com/bid/1578/info\nhttp://www.securityfocus.com/bid/1328/info\n\n\nScott White\u003cmailto:swhite@securestate.com\u003e                | Senior Consultant          | SecureState\n623.321.2660 - office | 480.440.7595 - mobile | 216.927.2801 - fax\n\n[cid:image001.png@01CAAB16.BDE852B0]\u003chttps://www.securestate.com/\u003e\n\n\n\n\n\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2000-0778"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2000-000057"
          },
          {
            "db": "BID",
            "id": "1328"
          },
          {
            "db": "BID",
            "id": "1578"
          },
          {
            "db": "PACKETSTORM",
            "id": "86199"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "BID",
            "id": "1578",
            "trust": 2.8
          },
          {
            "db": "NVD",
            "id": "CVE-2000-0778",
            "trust": 2.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2000-000057",
            "trust": 0.8
          },
          {
            "db": "NSFOCUS",
            "id": "752",
            "trust": 0.6
          },
          {
            "db": "MS",
            "id": "MS00-058",
            "trust": 0.6
          },
          {
            "db": "OVAL",
            "id": "OVAL:ORG.MITRE.OVAL:DEF:927",
            "trust": 0.6
          },
          {
            "db": "NTBUGTRAQ",
            "id": "20000816 TRANSLATE: F",
            "trust": 0.6
          },
          {
            "db": "BUGTRAQ",
            "id": "20000815 TRANSLATE:F SUMMARY, HISTORY AND THOUGHTS",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200010-019",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "1328",
            "trust": 0.4
          },
          {
            "db": "BID",
            "id": "3592",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "86199",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "1328"
          },
          {
            "db": "BID",
            "id": "1578"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2000-000057"
          },
          {
            "db": "PACKETSTORM",
            "id": "86199"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200010-019"
          },
          {
            "db": "NVD",
            "id": "CVE-2000-0778"
          }
        ]
      },
      "id": "VAR-200006-0151",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 1.0
      },
      "last_update_date": "2025-04-03T22:26:28.706000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "MS00-058",
            "trust": 0.8,
            "url": "http://www.microsoft.com/technet/security/bulletin/ms00-058.asp"
          },
          {
            "title": "MS00-058",
            "trust": 0.8,
            "url": "http://www.microsoft.com/japan/technet/security/Bulletin/ms00-058.mspx"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2000-000057"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2000-0778"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "http://www.securityfocus.com/bid/1578"
          },
          {
            "trust": 1.6,
            "url": "http://www.ntbugtraq.com/default.asp?pid=36\u0026sid=1\u0026a2=ind0008\u0026l=ntbugtraq\u0026f=\u0026s=\u0026p=5212"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/templates/archive.pike?list=1\u0026msg=080d5336d882d211b56b0060080f2cd696a7c9%40beta.mia.cz"
          },
          {
            "trust": 1.0,
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a927"
          },
          {
            "trust": 1.0,
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-058"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2000-0778"
          },
          {
            "trust": 0.8,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2000-0778"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/templates/archive.pike?list=1\u0026msg=080d5336d882d211b56b0060080f2cd696a7c9@beta.mia.cz"
          },
          {
            "trust": 0.6,
            "url": "http://www.microsoft.com/technet/security/bulletin/ms00-058.asp"
          },
          {
            "trust": 0.6,
            "url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:927"
          },
          {
            "trust": 0.6,
            "url": "http://www.nsfocus.net/vulndb/752"
          },
          {
            "trust": 0.3,
            "url": "http://www.servletexec.com/"
          },
          {
            "trust": 0.3,
            "url": "http://www.beasys.com/products/weblogic/index.html"
          },
          {
            "trust": 0.3,
            "url": "http://www-4.ibm.com/software/webservers/appserv/efix.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.microsoft.com/technet/security/bulletin/fq00-058.asp"
          },
          {
            "trust": 0.1,
            "url": "http://www.website.com/doc/docindex.jhtml"
          },
          {
            "trust": 0.1,
            "url": "http://www.website.com/webline/html/admin/wcs/loginpage.jhtml"
          },
          {
            "trust": 0.1,
            "url": "http://www.website.com/callme/callform.jhtml"
          },
          {
            "trust": 0.1,
            "url": "http://www.securityfocus.com/bid/1578/info"
          },
          {
            "trust": 0.1,
            "url": "http://www.cisco.com/en/us/products/ps7233/index.html"
          },
          {
            "trust": 0.1,
            "url": "http://www.website.com/webline/html/forms/callback.jhtml"
          },
          {
            "trust": 0.1,
            "url": "http://www.website.com/browserid/wizard.jhtml"
          },
          {
            "trust": 0.1,
            "url": "http://www.website.com/webline/html/agent/default/badlogin.jhtml"
          },
          {
            "trust": 0.1,
            "url": "http://www.securityfocus.com/bid/1328/info"
          },
          {
            "trust": 0.1,
            "url": "http://www.website.com/webline/html/forms/callbackicm.jhtml"
          },
          {
            "trust": 0.1,
            "url": "http://www.website.com/msccallme/msccallform.jhtml"
          },
          {
            "trust": 0.1,
            "url": "http://www.website.com/browserid/wizardform.jhtml"
          },
          {
            "trust": 0.1,
            "url": "http://www.website.com/webline/html/admin/wcs/loginpage.jhtml?oper=\u0026dest=\"\u003e"
          },
          {
            "trust": 0.1,
            "url": "http://www.website.com/webline/html/multichatui/nowdefunctwindow.jhtml"
          },
          {
            "trust": 0.1,
            "url": "http://www.cisco.com/en/us/products/ps7236/index.html"
          },
          {
            "trust": 0.1,
            "url": "http://www.securityfocus.com/bid/3592/info"
          },
          {
            "trust": 0.1,
            "url": "https://www.securestate.com/\u003e"
          },
          {
            "trust": 0.1,
            "url": "http://www.website.com/webline/html/agent/agentframe.jhtml"
          },
          {
            "trust": 0.1,
            "url": "http://www.website.com/admin/ciscoadmin.jhtml"
          },
          {
            "trust": 0.1,
            "url": "http://www.cisco.com/en/us/products/sw/custcosw/ps747/prod_eol_notice09186a008032d4d0.html"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "1328"
          },
          {
            "db": "BID",
            "id": "1578"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2000-000057"
          },
          {
            "db": "PACKETSTORM",
            "id": "86199"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200010-019"
          },
          {
            "db": "NVD",
            "id": "CVE-2000-0778"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "BID",
            "id": "1328"
          },
          {
            "db": "BID",
            "id": "1578"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2000-000057"
          },
          {
            "db": "PACKETSTORM",
            "id": "86199"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200010-019"
          },
          {
            "db": "NVD",
            "id": "CVE-2000-0778"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2000-06-08T00:00:00",
            "db": "BID",
            "id": "1328"
          },
          {
            "date": "2000-08-14T00:00:00",
            "db": "BID",
            "id": "1578"
          },
          {
            "date": "2007-04-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2000-000057"
          },
          {
            "date": "2010-02-12T06:51:39",
            "db": "PACKETSTORM",
            "id": "86199"
          },
          {
            "date": "2000-08-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200010-019"
          },
          {
            "date": "2000-10-20T04:00:00",
            "db": "NVD",
            "id": "CVE-2000-0778"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2000-06-08T00:00:00",
            "db": "BID",
            "id": "1328"
          },
          {
            "date": "2000-08-14T00:00:00",
            "db": "BID",
            "id": "1578"
          },
          {
            "date": "2007-04-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2000-000057"
          },
          {
            "date": "2005-10-12T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200010-019"
          },
          {
            "date": "2025-04-03T01:03:51.193000",
            "db": "NVD",
            "id": "CVE-2000-0778"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "network",
        "sources": [
          {
            "db": "BID",
            "id": "1328"
          },
          {
            "db": "BID",
            "id": "1578"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Microsoft IIS Vulnerabilities in source file information disclosure",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2000-000057"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "unknown",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200010-019"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-200006-0147

    Vulnerability from variot - Updated: 2025-04-03 22:26

    The default configuration of BEA WebLogic 3.1.8 through 4.5.1 allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case. Many webservers are case-sensitive, but do not have all possible combinations of cases in mapped extensions mapped properly. In that manner, a user is able to access the source code to those specific files. Microsoft IIS 5.0 has a dedicated scripting engine for advanced file types such as ASP, ASA, HTR, etc. files. The scripting engines handle requests for these file types, processes them accordingly, and then executes them on the server. It is possible to force the server to send back the source of known scriptable files to the client if the HTTP GET request contains a specialized header with 'Translate: f' at the end of it, and if a trailing slash '/' is appended to the end of the URL. The scripting engine will be able to locate the requested file, however, it will not recognize it as a file that needs to be processed and will proceed to send the file source to the client.

    Title: Cisco Collaboration Server 5 XSS, Source Code Disclosure

    Author: s4squatch

    Published: 2010-02-11

    Cisco Collaboration Server 5 XSS, Source Code Disclosure Discovered by: s4squatch of SecureState R&D Team (www.securestate.com Discovered: 08/26/2008

    Note: End of Engineering --> http://www.cisco.com/en/US/products/sw/custcosw/ps747/prod_eol_notice09186a008032d4d0.html Replaced with: http://www.cisco.com/en/US/products/ps7233/index.html and http://www.cisco.com/en/US/products/ps7236/index.html

    XSS

    http://www.website.com/webline/html/admin/wcs/LoginPage.jhtml?oper=&dest=">

    Java Servlet Source Code Disclosure

    The source code of .jhtml files is revealed to the end user by requesting any of the following:

    Normal File: file.html

    Modified 1: file%2Ejhtml Modified 2: file.jhtm%6C Modified 3: file.jhtml%00 Modified 4: file.jhtml%c0%80

    Cisco Collaboration Server 5 Paths It Works On (list may not be complete)

    http://www.website.com/doc/docindex.jhtml http://www.website.com/browserId/wizardForm.jhtml http://www.website.com/webline/html/forms/callback.jhtml http://www.website.com/webline/html/forms/callbackICM.jhtml http://www.website.com/webline/html/agent/AgentFrame.jhtml http://www.website.com/webline/html/agent/default/badlogin.jhtml http://www.website.com/callme/callForm.jhtml http://www.website.com/webline/html/multichatui/nowDefunctWindow.jhtml http://www.website.com/browserId/wizard.jhtml http://www.website.com/admin/CiscoAdmin.jhtml http://www.website.com/msccallme/mscCallForm.jhtml http://www.website.com/webline/html/admin/wcs/LoginPage.jhtml

    Related Public Info

    http://www.securityfocus.com/bid/3592/info http://www.securityfocus.com/bid/1578/info http://www.securityfocus.com/bid/1328/info

    Scott Whiteswhite@securestate.com | Senior Consultant | SecureState 623.321.2660 - office | 480.440.7595 - mobile | 216.927.2801 - fax

    [cid:image001.png@01CAAB16.BDE852B0]https://www.securestate.com/

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-200006-0147",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "weblogic server",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "bea",
            "version": "3.1.8"
          },
          {
            "model": "weblogic server",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "bea",
            "version": "4.5.1"
          },
          {
            "model": "weblogic server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "bea",
            "version": "*"
          },
          {
            "model": "weblogic server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "bea",
            "version": "express"
          },
          {
            "model": "weblogic server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "bea",
            "version": "4.5.1"
          },
          {
            "model": "weblogic server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "bea",
            "version": "4.0.4"
          },
          {
            "model": "weblogic server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "bea",
            "version": "3.1.8"
          },
          {
            "model": "ewave servletexec",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "unify",
            "version": "3.0"
          },
          {
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0.2.1"
          },
          {
            "model": "systems weblogic server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bea",
            "version": "4.5.1"
          },
          {
            "model": "systems weblogic",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bea",
            "version": "4.0.4"
          },
          {
            "model": "systems weblogic",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bea",
            "version": "3.1.8"
          },
          {
            "model": "ewave servletexec c",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "unify",
            "version": "3.0"
          },
          {
            "model": "iis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "5.0"
          },
          {
            "model": "iis",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "4.0"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "1328"
          },
          {
            "db": "BID",
            "id": "1578"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200006-037"
          },
          {
            "db": "NVD",
            "id": "CVE-2000-0499"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Unify Exploit : Discovered by Niclas Vikstrom and posted to NTbugtraq on June 8, 2000.\n\n BEA Systems exploit : Discovered by Shreeraj Shah and published by Foundstone, Inc., June 12, 2000.\n\n IBM WebSphere Application Server exploit : Discovered by Shreeraj",
        "sources": [
          {
            "db": "BID",
            "id": "1328"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2000-0499",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2000-0499",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2000-0499",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2000-0499",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200006-037",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200006-037"
          },
          {
            "db": "NVD",
            "id": "CVE-2000-0499"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The default configuration of BEA WebLogic 3.1.8 through 4.5.1 allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case. Many webservers are case-sensitive, but do not have all possible combinations of cases in mapped extensions mapped properly. In that manner, a user is able to access the source code to those specific files. Microsoft IIS 5.0 has a dedicated scripting engine for advanced file types such as ASP, ASA, HTR, etc. files. The scripting engines handle requests for these file types, processes them accordingly, and then executes them  on the server. \nIt is possible to force the server to send back the source of known scriptable files to the client if the HTTP GET request contains a specialized header with \u0027Translate: f\u0027 at the end of it, and if a trailing slash \u0027/\u0027 is appended to the end of the URL. The scripting engine will be able to locate the requested file, however, it will not recognize it as a file that needs to be processed and will proceed to send the file source to the client. \n\n# Title: Cisco Collaboration Server 5 XSS, Source Code Disclosure\n# Author: s4squatch\n# Published: 2010-02-11\n\n\nCisco Collaboration Server 5 XSS, Source Code Disclosure\nDiscovered by:  s4squatch of SecureState R\u0026D Team (www.securestate.com\nDiscovered: 08/26/2008\n\nNote: End of Engineering  --\u003e  http://www.cisco.com/en/US/products/sw/custcosw/ps747/prod_eol_notice09186a008032d4d0.html\nReplaced with: http://www.cisco.com/en/US/products/ps7233/index.html and http://www.cisco.com/en/US/products/ps7236/index.html\n\n\nXSS\n===\nhttp://www.website.com/webline/html/admin/wcs/LoginPage.jhtml?oper=\u0026dest=\"\u003e\n\n\n\nJava Servlet Source Code Disclosure\n===================================\nThe source code of .jhtml files is revealed to the end user by requesting any of the following:\n\nNormal File:                        file.html\n\nModified 1:                                         file%2Ejhtml\nModified 2:                                         file.jhtm%6C\nModified 3:                                         file.jhtml%00\nModified 4:                                         file.jhtml%c0%80\n\nCisco Collaboration Server 5 Paths It Works On (list may not be complete)\n=========================================================================\nhttp://www.website.com/doc/docindex.jhtml\nhttp://www.website.com/browserId/wizardForm.jhtml\nhttp://www.website.com/webline/html/forms/callback.jhtml\nhttp://www.website.com/webline/html/forms/callbackICM.jhtml\nhttp://www.website.com/webline/html/agent/AgentFrame.jhtml\nhttp://www.website.com/webline/html/agent/default/badlogin.jhtml\nhttp://www.website.com/callme/callForm.jhtml\nhttp://www.website.com/webline/html/multichatui/nowDefunctWindow.jhtml\nhttp://www.website.com/browserId/wizard.jhtml\nhttp://www.website.com/admin/CiscoAdmin.jhtml\nhttp://www.website.com/msccallme/mscCallForm.jhtml\nhttp://www.website.com/webline/html/admin/wcs/LoginPage.jhtml\n\nRelated Public Info\n===================\nhttp://www.securityfocus.com/bid/3592/info\nhttp://www.securityfocus.com/bid/1578/info\nhttp://www.securityfocus.com/bid/1328/info\n\n\nScott White\u003cmailto:swhite@securestate.com\u003e                | Senior Consultant          | SecureState\n623.321.2660 - office | 480.440.7595 - mobile | 216.927.2801 - fax\n\n[cid:image001.png@01CAAB16.BDE852B0]\u003chttps://www.securestate.com/\u003e\n\n\n\n\n\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2000-0499"
          },
          {
            "db": "BID",
            "id": "1328"
          },
          {
            "db": "BID",
            "id": "1578"
          },
          {
            "db": "PACKETSTORM",
            "id": "86199"
          }
        ],
        "trust": 1.53
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "BID",
            "id": "1328",
            "trust": 2.0
          },
          {
            "db": "NVD",
            "id": "CVE-2000-0499",
            "trust": 1.6
          },
          {
            "db": "XF",
            "id": "4694",
            "trust": 0.6
          },
          {
            "db": "NTBUGTRAQ",
            "id": "20000612 BEA WEBLOGIC JSP SHOWCODE VULNERABILITY",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200006-037",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "1578",
            "trust": 0.4
          },
          {
            "db": "BID",
            "id": "3592",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "86199",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "1328"
          },
          {
            "db": "BID",
            "id": "1578"
          },
          {
            "db": "PACKETSTORM",
            "id": "86199"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200006-037"
          },
          {
            "db": "NVD",
            "id": "CVE-2000-0499"
          }
        ]
      },
      "id": "VAR-200006-0147",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 1.0
      },
      "last_update_date": "2025-04-03T22:26:28.674000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-178",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2000-0499"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "http://www.securityfocus.com/bid/1328"
          },
          {
            "trust": 1.6,
            "url": "http://developer.bea.com/alerts/security_000612.html"
          },
          {
            "trust": 1.6,
            "url": "http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0262.htm"
          },
          {
            "trust": 1.0,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4694"
          },
          {
            "trust": 0.6,
            "url": "http://xforce.iss.net/static/4694.php"
          },
          {
            "trust": 0.3,
            "url": "http://www.servletexec.com/"
          },
          {
            "trust": 0.3,
            "url": "http://www.beasys.com/products/weblogic/index.html"
          },
          {
            "trust": 0.3,
            "url": "http://www-4.ibm.com/software/webservers/appserv/efix.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.microsoft.com/technet/security/bulletin/fq00-058.asp"
          },
          {
            "trust": 0.1,
            "url": "http://www.website.com/doc/docindex.jhtml"
          },
          {
            "trust": 0.1,
            "url": "http://www.website.com/webline/html/admin/wcs/loginpage.jhtml"
          },
          {
            "trust": 0.1,
            "url": "http://www.website.com/callme/callform.jhtml"
          },
          {
            "trust": 0.1,
            "url": "http://www.securityfocus.com/bid/1578/info"
          },
          {
            "trust": 0.1,
            "url": "http://www.cisco.com/en/us/products/ps7233/index.html"
          },
          {
            "trust": 0.1,
            "url": "http://www.website.com/webline/html/forms/callback.jhtml"
          },
          {
            "trust": 0.1,
            "url": "http://www.website.com/browserid/wizard.jhtml"
          },
          {
            "trust": 0.1,
            "url": "http://www.website.com/webline/html/agent/default/badlogin.jhtml"
          },
          {
            "trust": 0.1,
            "url": "http://www.securityfocus.com/bid/1328/info"
          },
          {
            "trust": 0.1,
            "url": "http://www.website.com/webline/html/forms/callbackicm.jhtml"
          },
          {
            "trust": 0.1,
            "url": "http://www.website.com/msccallme/msccallform.jhtml"
          },
          {
            "trust": 0.1,
            "url": "http://www.website.com/browserid/wizardform.jhtml"
          },
          {
            "trust": 0.1,
            "url": "http://www.website.com/webline/html/admin/wcs/loginpage.jhtml?oper=\u0026dest=\"\u003e"
          },
          {
            "trust": 0.1,
            "url": "http://www.website.com/webline/html/multichatui/nowdefunctwindow.jhtml"
          },
          {
            "trust": 0.1,
            "url": "http://www.cisco.com/en/us/products/ps7236/index.html"
          },
          {
            "trust": 0.1,
            "url": "http://www.securityfocus.com/bid/3592/info"
          },
          {
            "trust": 0.1,
            "url": "https://www.securestate.com/\u003e"
          },
          {
            "trust": 0.1,
            "url": "http://www.website.com/webline/html/agent/agentframe.jhtml"
          },
          {
            "trust": 0.1,
            "url": "http://www.website.com/admin/ciscoadmin.jhtml"
          },
          {
            "trust": 0.1,
            "url": "http://www.cisco.com/en/us/products/sw/custcosw/ps747/prod_eol_notice09186a008032d4d0.html"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "1328"
          },
          {
            "db": "BID",
            "id": "1578"
          },
          {
            "db": "PACKETSTORM",
            "id": "86199"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200006-037"
          },
          {
            "db": "NVD",
            "id": "CVE-2000-0499"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "BID",
            "id": "1328"
          },
          {
            "db": "BID",
            "id": "1578"
          },
          {
            "db": "PACKETSTORM",
            "id": "86199"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200006-037"
          },
          {
            "db": "NVD",
            "id": "CVE-2000-0499"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2000-06-08T00:00:00",
            "db": "BID",
            "id": "1328"
          },
          {
            "date": "2000-08-14T00:00:00",
            "db": "BID",
            "id": "1578"
          },
          {
            "date": "2010-02-12T06:51:39",
            "db": "PACKETSTORM",
            "id": "86199"
          },
          {
            "date": "2000-06-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200006-037"
          },
          {
            "date": "2000-06-08T04:00:00",
            "db": "NVD",
            "id": "CVE-2000-0499"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2000-06-08T00:00:00",
            "db": "BID",
            "id": "1328"
          },
          {
            "date": "2000-08-14T00:00:00",
            "db": "BID",
            "id": "1578"
          },
          {
            "date": "2005-05-02T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200006-037"
          },
          {
            "date": "2025-04-03T01:03:51.193000",
            "db": "NVD",
            "id": "CVE-2000-0499"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "network",
        "sources": [
          {
            "db": "BID",
            "id": "1328"
          },
          {
            "db": "BID",
            "id": "1578"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "BEA WebLogicJSP Source code leak vulnerability",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200006-037"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "unknown",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200006-037"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201911-1540

    Vulnerability from variot - Updated: 2024-11-23 22:25

    Technicolor C2000T and C2100T uses hard-coded cryptographic keys. Many embedded devices are not unique X.509 Certificate and SSH Spoofing and intermediary because host key is used (man-in-the-middle) There is a possibility of being attacked and attacks such as decryption of communication contents. The encryption key is hard-coded (CWE-321) SEC Consult of Stefan Viehböck According to the survey, many embedded devices are not unique X.509 Certificate and SSH It is said that it is accessible from the Internet using a host key. A hard-coded key in a firmware image or a repository stored by scanning the Internet scans.io ( In particular SSH And the result of SSL Certificate ) A device that uses a certificate whose fingerprint matches the data of can be determined to be vulnerable. Affected devices include household routers and IP From the camera VoIP Wide range of products. CWE-321: Use of Hard-coded Cryptographic Key http://cwe.mitre.org/data/definitions/321.html scans.io https://scans.io/ SSH Result of https://scans.io/series/ssh-rsa-full-ipv4 SSL Certificate https://scans.io/study/sonar.ssl In many vulnerable devices, certificate and key reuse is limited to a limited product line by a specific developer, but there are several examples where multiple developers use the same certificate or key. Or exist. These are common SDK Firmware developed using, or ISP Provided by OEM The root cause is the use of device firmware. Vulnerable equipment is impersonation and intermediary (man-in-the-middle) There is a possibility of being attacked or deciphering the communication contents. Perhaps the attacker can obtain authentication information and other sensitive information and use it for further attacks. Survey results and certificates SSH For more information on systems affected by host key issues, see SEC Consult See the blog post. Certificate https://www.sec-consult.com/download/certificates.html SSH Host key https://www.sec-consult.com/download/ssh_host_keys.html SEC Consult http://blog.sec-consult.com/2015/11/house-of-keys-industry-wide-https.htmlA remote attacker impersonates a user or intermediary (man-in-the-middle) There is a possibility of being attacked or deciphering the communication contents. As a result, confidential information may be leaked

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201911-1540",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "c2100t",
            "scope": "eq",
            "trust": 2.2,
            "vendor": "technicolor",
            "version": null
          },
          {
            "model": "c2000t",
            "scope": "eq",
            "trust": 2.2,
            "vendor": "technicolor",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "actiontec",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "d link",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "general electric",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "huawei",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "netcomm",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sierra",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "technicolor",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ubiquiti",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "unify",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "zte",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "c1000z",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "fr1000z",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "gs1900-24",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "gs1900-8",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "nwa1100-n",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "nwa1100-nh",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "nwa1121-ni",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "nwa1123-ac",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "nwa1123-ni",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "p-660hn-51",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "p-663hn-51",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "p8702n",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "pmg5318-b20a",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "q1000",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "sbg3300-n000",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "sbg3300-nb00",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "sbg3500-n000",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "vmg1312-b10a",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "vmg1312-b30a",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "vmg1312-b30b",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "vmg4380-b10a",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "vmg8324-b10a",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "vmg8924-b10a",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "vmg8924-b30a",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "vsg1435-b101",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "",
            "scope": null,
            "trust": 0.8,
            "vendor": "multiple vendors",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#566724"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006907"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-301"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-7276"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:zyxel:c1000z_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:fr1000z_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:gs1900-24_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:gs1900-8_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:nwa1100-n_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:nwa1100-nh_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:nwa1121-ni_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:nwa1123-ac_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:nwa1123-ni_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:p-660hn-51_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:p-663hn-51_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:p8702n_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:pmg5318-b20a_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:q1000_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:sbg3300-n000_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:sbg3300-nb00_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:sbg3500-n000_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:vmg1312-b10a_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:vmg1312-b30a_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:vmg1312-b30b_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:vmg4380-b10a_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:vmg8324-b10a_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:vmg8924-b10a_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:vmg8924-b30a_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:vsg1435-b101_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:misc:multiple_vendors",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006907"
          }
        ]
      },
      "cve": "CVE-2015-7276",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2015-7276",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.0,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2015-7276",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.2,
                "id": "CVE-2015-7276",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2015-7276",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2015-7276",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201911-301",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006907"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-301"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-7276"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Technicolor C2000T and C2100T uses hard-coded cryptographic keys. Many embedded devices are not unique X.509 Certificate and SSH Spoofing and intermediary because host key is used (man-in-the-middle) There is a possibility of being attacked and attacks such as decryption of communication contents. The encryption key is hard-coded (CWE-321) SEC Consult of Stefan Viehb\u0026#246;ck According to the survey, many embedded devices are not unique X.509 Certificate and SSH It is said that it is accessible from the Internet using a host key. A hard-coded key in a firmware image or a repository stored by scanning the Internet scans.io ( In particular SSH And the result of SSL Certificate ) A device that uses a certificate whose fingerprint matches the data of can be determined to be vulnerable. Affected devices include household routers and IP From the camera VoIP Wide range of products. CWE-321: Use of Hard-coded Cryptographic Key http://cwe.mitre.org/data/definitions/321.html scans.io https://scans.io/ SSH Result of https://scans.io/series/ssh-rsa-full-ipv4 SSL Certificate https://scans.io/study/sonar.ssl In many vulnerable devices, certificate and key reuse is limited to a limited product line by a specific developer, but there are several examples where multiple developers use the same certificate or key. Or exist. These are common SDK Firmware developed using, or ISP Provided by OEM The root cause is the use of device firmware. Vulnerable equipment is impersonation and intermediary (man-in-the-middle) There is a possibility of being attacked or deciphering the communication contents. Perhaps the attacker can obtain authentication information and other sensitive information and use it for further attacks. Survey results and certificates SSH For more information on systems affected by host key issues, see SEC Consult See the blog post. Certificate https://www.sec-consult.com/download/certificates.html SSH Host key https://www.sec-consult.com/download/ssh_host_keys.html SEC Consult http://blog.sec-consult.com/2015/11/house-of-keys-industry-wide-https.htmlA remote attacker impersonates a user or intermediary (man-in-the-middle) There is a possibility of being attacked or deciphering the communication contents. As a result, confidential information may be leaked",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2015-7276"
          },
          {
            "db": "CERT/CC",
            "id": "VU#566724"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006907"
          }
        ],
        "trust": 2.34
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#566724",
            "trust": 3.2
          },
          {
            "db": "NVD",
            "id": "CVE-2015-7276",
            "trust": 2.4
          },
          {
            "db": "JVN",
            "id": "JVNVU96100360",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006907",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-301",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#566724"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006907"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-301"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-7276"
          }
        ]
      },
      "id": "VAR-201911-1540",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.5497076
      },
      "last_update_date": "2024-11-23T22:25:43.507000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Zyxel to Fix SSH Private Key and Certificate Vulnerability (CVE-2015-7256)",
            "trust": 0.8,
            "url": "http://www.zyxel.com/support/announcement_SSH_private_key_and_certificate_vulnerability.shtml"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006907"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-798",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2015-7276"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "http://www.kb.cert.org/vuls/id/566724"
          },
          {
            "trust": 1.6,
            "url": "http://blog.sec-consult.com/2015/11/house-of-keys-industry-wide-https.html"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7276"
          },
          {
            "trust": 1.0,
            "url": "https://sec-consult.com/en/blog/2015/11/house-of-keys-industry-wide-https/"
          },
          {
            "trust": 0.8,
            "url": "http://blog.sec-consult.com/2016/09/house-of-keys-9-months-later-40-worse.html"
          },
          {
            "trust": 0.8,
            "url": "https://www.sec-consult.com/download/certificates.html"
          },
          {
            "trust": 0.8,
            "url": "https://www.sec-consult.com/download/ssh_host_keys.html"
          },
          {
            "trust": 0.8,
            "url": "https://scans.io/"
          },
          {
            "trust": 0.8,
            "url": "https://scans.io/series/ssh-rsa-full-ipv4"
          },
          {
            "trust": 0.8,
            "url": "https://scans.io/study/sonar.ssl"
          },
          {
            "trust": 0.8,
            "url": "https://censys.io"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6358"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7255"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7256"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7276"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8251"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/vu/jvnvu96100360/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7256"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6358"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7255"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8251"
          },
          {
            "trust": 0.6,
            "url": "https/"
          },
          {
            "trust": 0.6,
            "url": "https://sec-consult.com/en/blog/2015/11/house-of-keys-industry-wide-"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#566724"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006907"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-301"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-7276"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#566724"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006907"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-301"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-7276"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-11-25T00:00:00",
            "db": "CERT/CC",
            "id": "VU#566724"
          },
          {
            "date": "2016-02-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-006907"
          },
          {
            "date": "2019-11-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201911-301"
          },
          {
            "date": "2019-11-06T16:15:10.447000",
            "db": "NVD",
            "id": "CVE-2015-7276"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-09-06T00:00:00",
            "db": "CERT/CC",
            "id": "VU#566724"
          },
          {
            "date": "2018-02-28T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-006907"
          },
          {
            "date": "2019-11-12T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201911-301"
          },
          {
            "date": "2024-11-21T02:36:29.163000",
            "db": "NVD",
            "id": "CVE-2015-7276"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-301"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Embedded devices use non-unique X.509 certificates and SSH host keys",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#566724"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "trust management problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-301"
          }
        ],
        "trust": 0.6
      }
    }

    CVE-2023-40264 (GCVE-0-2023-40264)

    Vulnerability from nvd – Published: 2024-02-08 00:00 – Updated: 2025-06-17 17:05
    VLAI
    Summary
    An issue was discovered in Atos Unify OpenScape Voice Trace Manager V8 before V8 R0.9.11. It allows authenticated path traversal in the user interface.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:31:52.304Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://networks.unify.com/security/advisories/OBSO-2305-02.pdf"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 4.3,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-40264",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-26T19:09:05.040578Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-22",
                    "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-17T17:05:55.682Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in Atos Unify OpenScape Voice Trace Manager V8 before V8 R0.9.11. It allows authenticated path traversal in the user interface."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-08T22:11:56.498Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://networks.unify.com/security/advisories/OBSO-2305-02.pdf"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-40264",
        "datePublished": "2024-02-08T00:00:00.000Z",
        "dateReserved": "2023-08-11T00:00:00.000Z",
        "dateUpdated": "2025-06-17T17:05:55.682Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-40263 (GCVE-0-2023-40263)

    Vulnerability from nvd – Published: 2024-02-08 00:00 – Updated: 2025-05-15 19:41
    VLAI
    Summary
    An issue was discovered in Atos Unify OpenScape Voice Trace Manager V8 before V8 R0.9.11. It allows authenticated command injection via ftp.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:31:52.306Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://networks.unify.com/security/advisories/OBSO-2305-02.pdf"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-40263",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-08T17:30:14.087550Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-77",
                    "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-15T19:41:07.702Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in Atos Unify OpenScape Voice Trace Manager V8 before V8 R0.9.11. It allows authenticated command injection via ftp."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-08T22:11:26.115Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://networks.unify.com/security/advisories/OBSO-2305-02.pdf"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-40263",
        "datePublished": "2024-02-08T00:00:00.000Z",
        "dateReserved": "2023-08-11T00:00:00.000Z",
        "dateUpdated": "2025-05-15T19:41:07.702Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-40262 (GCVE-0-2023-40262)

    Vulnerability from nvd – Published: 2024-02-08 00:00 – Updated: 2025-06-17 17:03
    VLAI
    Summary
    An issue was discovered in Atos Unify OpenScape Voice Trace Manager V8 before V8 R0.9.11. It allows unauthenticated Stored Cross-Site Scripting (XSS) in the administration component via Access Request.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.1,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-40262",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-09T19:32:09.327467Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-79",
                    "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-17T17:03:09.090Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:31:52.382Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://networks.unify.com/security/advisories/OBSO-2305-02.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in Atos Unify OpenScape Voice Trace Manager V8 before V8 R0.9.11. It allows unauthenticated Stored Cross-Site Scripting (XSS) in the administration component via Access Request."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-08T22:10:46.771Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://networks.unify.com/security/advisories/OBSO-2305-02.pdf"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-40262",
        "datePublished": "2024-02-08T00:00:00.000Z",
        "dateReserved": "2023-08-11T00:00:00.000Z",
        "dateUpdated": "2025-06-17T17:03:09.090Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-48166 (GCVE-0-2023-48166)

    Vulnerability from nvd – Published: 2024-01-12 00:00 – Updated: 2025-06-20 16:38
    VLAI
    Summary
    A directory traversal vulnerability in the SOAP Server integrated in Atos Unify OpenScape Voice V10 before V10R3.26.1 allows a remote attacker to view the contents of arbitrary files in the local file system. An unauthenticated attacker might obtain sensitive files that allow for the compromise of the underlying system.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T21:23:38.670Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://networks.unify.com/security/advisories/OBSO-2401-01.pdf"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://labs.integrity.pt/advisories/cve-2023-48166/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-48166",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-01-17T15:28:22.236619Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-22",
                    "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-20T16:38:42.441Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A directory traversal vulnerability in the SOAP Server integrated in Atos Unify OpenScape Voice V10 before V10R3.26.1 allows a remote attacker to view the contents of arbitrary files in the local file system. An unauthenticated attacker might obtain sensitive files that allow for the compromise of the underlying system."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-12T22:28:29.679Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://networks.unify.com/security/advisories/OBSO-2401-01.pdf"
            },
            {
              "url": "https://labs.integrity.pt/advisories/cve-2023-48166/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-48166",
        "datePublished": "2024-01-12T00:00:00.000Z",
        "dateReserved": "2023-11-13T00:00:00.000Z",
        "dateUpdated": "2025-06-20T16:38:42.441Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-36619 (GCVE-0-2023-36619)

    Vulnerability from nvd – Published: 2023-10-04 00:00 – Updated: 2024-09-19 19:26
    VLAI
    Summary
    Atos Unify OpenScape Session Border Controller through V10 R3.01.03 allows execution of administrative scripts by unauthenticated users.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:52:54.186Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec-consult.com/vulnerability-lab/advisory/authenticated-remote-code-execution-missing-authentication-atos-unify-openscape/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://packetstormsecurity.com/files/174704/Atos-Unify-OpenScape-Code-Execution-Missing-Authentication.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://networks.unify.com/security/advisories/OBSO-2307-01.pdf"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-36619",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-19T19:26:15.981376Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-19T19:26:50.368Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Atos Unify OpenScape Session Border Controller through V10 R3.01.03 allows execution of administrative scripts by unauthenticated users."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-04T20:20:16.320Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://sec-consult.com/vulnerability-lab/advisory/authenticated-remote-code-execution-missing-authentication-atos-unify-openscape/"
            },
            {
              "url": "https://packetstormsecurity.com/files/174704/Atos-Unify-OpenScape-Code-Execution-Missing-Authentication.html"
            },
            {
              "url": "https://networks.unify.com/security/advisories/OBSO-2307-01.pdf"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-36619",
        "datePublished": "2023-10-04T00:00:00.000Z",
        "dateReserved": "2023-06-25T00:00:00.000Z",
        "dateUpdated": "2024-09-19T19:26:50.368Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-36618 (GCVE-0-2023-36618)

    Vulnerability from nvd – Published: 2023-10-04 00:00 – Updated: 2024-09-20 13:13
    VLAI
    Summary
    Atos Unify OpenScape Session Border Controller through V10 R3.01.03 allows execution of OS commands as root user by low-privileged authenticated users.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:52:53.920Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec-consult.com/vulnerability-lab/advisory/authenticated-remote-code-execution-missing-authentication-atos-unify-openscape/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://packetstormsecurity.com/files/174704/Atos-Unify-OpenScape-Code-Execution-Missing-Authentication.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://networks.unify.com/security/advisories/OBSO-2307-01.pdf"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-36618",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-20T13:13:33.844912Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-20T13:13:46.174Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Atos Unify OpenScape Session Border Controller through V10 R3.01.03 allows execution of OS commands as root user by low-privileged authenticated users."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-04T20:17:13.668Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://sec-consult.com/vulnerability-lab/advisory/authenticated-remote-code-execution-missing-authentication-atos-unify-openscape/"
            },
            {
              "url": "https://packetstormsecurity.com/files/174704/Atos-Unify-OpenScape-Code-Execution-Missing-Authentication.html"
            },
            {
              "url": "https://networks.unify.com/security/advisories/OBSO-2307-01.pdf"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-36618",
        "datePublished": "2023-10-04T00:00:00.000Z",
        "dateReserved": "2023-06-25T00:00:00.000Z",
        "dateUpdated": "2024-09-20T13:13:46.174Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-9563 (GCVE-0-2014-9563)

    Vulnerability from nvd – Published: 2018-04-12 21:00 – Updated: 2024-08-06 13:47
    VLAI
    Summary
    CRLF injection vulnerability in the web-based management (WBM) interface in Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 allows remote authenticated users to modify the root password and consequently access the debug port using the serial interface via the ssh-password parameter to page.cmd.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2015-02-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T13:47:41.671Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://networks.unify.com/security/advisories/OBSO-1501-02.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.modzero.ch/advisories/MZ-14-02-Siemens-Unify-OpenStage.txt"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-02-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "CRLF injection vulnerability in the web-based management (WBM) interface in Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 allows remote authenticated users to modify the root password and consequently access the debug port using the serial interface via the ssh-password parameter to page.cmd."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-04-12T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://networks.unify.com/security/advisories/OBSO-1501-02.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.modzero.ch/advisories/MZ-14-02-Siemens-Unify-OpenStage.txt"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-9563",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "CRLF injection vulnerability in the web-based management (WBM) interface in Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 allows remote authenticated users to modify the root password and consequently access the debug port using the serial interface via the ssh-password parameter to page.cmd."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://networks.unify.com/security/advisories/OBSO-1501-02.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://networks.unify.com/security/advisories/OBSO-1501-02.pdf"
                },
                {
                  "name": "https://www.modzero.ch/advisories/MZ-14-02-Siemens-Unify-OpenStage.txt",
                  "refsource": "MISC",
                  "url": "https://www.modzero.ch/advisories/MZ-14-02-Siemens-Unify-OpenStage.txt"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-9563",
        "datePublished": "2018-04-12T21:00:00.000Z",
        "dateReserved": "2015-01-07T00:00:00.000Z",
        "dateUpdated": "2024-08-06T13:47:41.671Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-8422 (GCVE-0-2014-8422)

    Vulnerability from nvd – Published: 2018-04-12 21:00 – Updated: 2024-08-06 13:18
    VLAI
    Summary
    The web-based management (WBM) interface in Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 generates session cookies with insufficient entropy, which makes it easier for remote attackers to hijack sessions via a brute-force attack.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2015-02-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T13:18:48.283Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://networks.unify.com/security/advisories/OBSO-1501-02.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.modzero.ch/advisories/MZ-14-02-Siemens-Unify-OpenStage.txt"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-02-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The web-based management (WBM) interface in Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 generates session cookies with insufficient entropy, which makes it easier for remote attackers to hijack sessions via a brute-force attack."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-04-12T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://networks.unify.com/security/advisories/OBSO-1501-02.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.modzero.ch/advisories/MZ-14-02-Siemens-Unify-OpenStage.txt"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-8422",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The web-based management (WBM) interface in Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 generates session cookies with insufficient entropy, which makes it easier for remote attackers to hijack sessions via a brute-force attack."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://networks.unify.com/security/advisories/OBSO-1501-02.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://networks.unify.com/security/advisories/OBSO-1501-02.pdf"
                },
                {
                  "name": "https://www.modzero.ch/advisories/MZ-14-02-Siemens-Unify-OpenStage.txt",
                  "refsource": "MISC",
                  "url": "https://www.modzero.ch/advisories/MZ-14-02-Siemens-Unify-OpenStage.txt"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-8422",
        "datePublished": "2018-04-12T21:00:00.000Z",
        "dateReserved": "2014-10-22T00:00:00.000Z",
        "dateUpdated": "2024-08-06T13:18:48.283Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-8421 (GCVE-0-2014-8421)

    Vulnerability from nvd – Published: 2018-04-12 21:00 – Updated: 2024-08-06 13:18
    VLAI
    Summary
    Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 allow remote attackers to gain super-user privileges by leveraging SSH access and incorrect ownership of (1) ConfigureCoreFile.sh, (2) Traceroute.sh, (3) apps.sh, (4) conversion_java2native.sh, (5) coreCompression.sh, (6) deletePasswd.sh, (7) findHealthSvcFDs.sh, (8) fw_printenv.sh, (9) fw_setenv.sh, (10) hw_wd_kicker.sh, (11) new_rootfs.sh, (12) opera_killSnmpd.sh, (13) opera_startSnmpd.sh, (14) rebootOperaSoftware.sh, (15) removeLogFiles.sh, (16) runOperaServices.sh, (17) setPasswd.sh, (18) startAccTestSvcs.sh, (19) usbNotification.sh, or (20) appWeb in /Opera_Deploy.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2015-02-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T13:18:48.296Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://networks.unify.com/security/advisories/OBSO-1501-02.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.modzero.ch/advisories/MZ-14-02-Siemens-Unify-OpenStage.txt"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-02-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 allow remote attackers to gain super-user privileges by leveraging SSH access and incorrect ownership of (1) ConfigureCoreFile.sh, (2) Traceroute.sh, (3) apps.sh, (4) conversion_java2native.sh, (5) coreCompression.sh, (6) deletePasswd.sh, (7) findHealthSvcFDs.sh, (8) fw_printenv.sh, (9) fw_setenv.sh, (10) hw_wd_kicker.sh, (11) new_rootfs.sh, (12) opera_killSnmpd.sh, (13) opera_startSnmpd.sh, (14) rebootOperaSoftware.sh, (15) removeLogFiles.sh, (16) runOperaServices.sh, (17) setPasswd.sh, (18) startAccTestSvcs.sh, (19) usbNotification.sh, or (20) appWeb in /Opera_Deploy."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-04-12T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://networks.unify.com/security/advisories/OBSO-1501-02.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.modzero.ch/advisories/MZ-14-02-Siemens-Unify-OpenStage.txt"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-8421",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 allow remote attackers to gain super-user privileges by leveraging SSH access and incorrect ownership of (1) ConfigureCoreFile.sh, (2) Traceroute.sh, (3) apps.sh, (4) conversion_java2native.sh, (5) coreCompression.sh, (6) deletePasswd.sh, (7) findHealthSvcFDs.sh, (8) fw_printenv.sh, (9) fw_setenv.sh, (10) hw_wd_kicker.sh, (11) new_rootfs.sh, (12) opera_killSnmpd.sh, (13) opera_startSnmpd.sh, (14) rebootOperaSoftware.sh, (15) removeLogFiles.sh, (16) runOperaServices.sh, (17) setPasswd.sh, (18) startAccTestSvcs.sh, (19) usbNotification.sh, or (20) appWeb in /Opera_Deploy."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://networks.unify.com/security/advisories/OBSO-1501-02.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://networks.unify.com/security/advisories/OBSO-1501-02.pdf"
                },
                {
                  "name": "https://www.modzero.ch/advisories/MZ-14-02-Siemens-Unify-OpenStage.txt",
                  "refsource": "MISC",
                  "url": "https://www.modzero.ch/advisories/MZ-14-02-Siemens-Unify-OpenStage.txt"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-8421",
        "datePublished": "2018-04-12T21:00:00.000Z",
        "dateReserved": "2014-10-22T00:00:00.000Z",
        "dateUpdated": "2024-08-06T13:18:48.296Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-40262 (GCVE-0-2023-40262)

    Vulnerability from cvelistv5 – Published: 2024-02-08 00:00 – Updated: 2025-06-17 17:03
    VLAI
    Summary
    An issue was discovered in Atos Unify OpenScape Voice Trace Manager V8 before V8 R0.9.11. It allows unauthenticated Stored Cross-Site Scripting (XSS) in the administration component via Access Request.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.1,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-40262",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-09T19:32:09.327467Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-79",
                    "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-17T17:03:09.090Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:31:52.382Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://networks.unify.com/security/advisories/OBSO-2305-02.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in Atos Unify OpenScape Voice Trace Manager V8 before V8 R0.9.11. It allows unauthenticated Stored Cross-Site Scripting (XSS) in the administration component via Access Request."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-08T22:10:46.771Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://networks.unify.com/security/advisories/OBSO-2305-02.pdf"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-40262",
        "datePublished": "2024-02-08T00:00:00.000Z",
        "dateReserved": "2023-08-11T00:00:00.000Z",
        "dateUpdated": "2025-06-17T17:03:09.090Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-40264 (GCVE-0-2023-40264)

    Vulnerability from cvelistv5 – Published: 2024-02-08 00:00 – Updated: 2025-06-17 17:05
    VLAI
    Summary
    An issue was discovered in Atos Unify OpenScape Voice Trace Manager V8 before V8 R0.9.11. It allows authenticated path traversal in the user interface.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:31:52.304Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://networks.unify.com/security/advisories/OBSO-2305-02.pdf"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 4.3,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-40264",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-26T19:09:05.040578Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-22",
                    "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-17T17:05:55.682Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in Atos Unify OpenScape Voice Trace Manager V8 before V8 R0.9.11. It allows authenticated path traversal in the user interface."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-08T22:11:56.498Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://networks.unify.com/security/advisories/OBSO-2305-02.pdf"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-40264",
        "datePublished": "2024-02-08T00:00:00.000Z",
        "dateReserved": "2023-08-11T00:00:00.000Z",
        "dateUpdated": "2025-06-17T17:05:55.682Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-40263 (GCVE-0-2023-40263)

    Vulnerability from cvelistv5 – Published: 2024-02-08 00:00 – Updated: 2025-05-15 19:41
    VLAI
    Summary
    An issue was discovered in Atos Unify OpenScape Voice Trace Manager V8 before V8 R0.9.11. It allows authenticated command injection via ftp.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:31:52.306Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://networks.unify.com/security/advisories/OBSO-2305-02.pdf"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-40263",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-08T17:30:14.087550Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-77",
                    "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-15T19:41:07.702Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in Atos Unify OpenScape Voice Trace Manager V8 before V8 R0.9.11. It allows authenticated command injection via ftp."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-08T22:11:26.115Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://networks.unify.com/security/advisories/OBSO-2305-02.pdf"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-40263",
        "datePublished": "2024-02-08T00:00:00.000Z",
        "dateReserved": "2023-08-11T00:00:00.000Z",
        "dateUpdated": "2025-05-15T19:41:07.702Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-48166 (GCVE-0-2023-48166)

    Vulnerability from cvelistv5 – Published: 2024-01-12 00:00 – Updated: 2025-06-20 16:38
    VLAI
    Summary
    A directory traversal vulnerability in the SOAP Server integrated in Atos Unify OpenScape Voice V10 before V10R3.26.1 allows a remote attacker to view the contents of arbitrary files in the local file system. An unauthenticated attacker might obtain sensitive files that allow for the compromise of the underlying system.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T21:23:38.670Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://networks.unify.com/security/advisories/OBSO-2401-01.pdf"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://labs.integrity.pt/advisories/cve-2023-48166/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-48166",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-01-17T15:28:22.236619Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-22",
                    "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-20T16:38:42.441Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A directory traversal vulnerability in the SOAP Server integrated in Atos Unify OpenScape Voice V10 before V10R3.26.1 allows a remote attacker to view the contents of arbitrary files in the local file system. An unauthenticated attacker might obtain sensitive files that allow for the compromise of the underlying system."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-12T22:28:29.679Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://networks.unify.com/security/advisories/OBSO-2401-01.pdf"
            },
            {
              "url": "https://labs.integrity.pt/advisories/cve-2023-48166/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-48166",
        "datePublished": "2024-01-12T00:00:00.000Z",
        "dateReserved": "2023-11-13T00:00:00.000Z",
        "dateUpdated": "2025-06-20T16:38:42.441Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-36619 (GCVE-0-2023-36619)

    Vulnerability from cvelistv5 – Published: 2023-10-04 00:00 – Updated: 2024-09-19 19:26
    VLAI
    Summary
    Atos Unify OpenScape Session Border Controller through V10 R3.01.03 allows execution of administrative scripts by unauthenticated users.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:52:54.186Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec-consult.com/vulnerability-lab/advisory/authenticated-remote-code-execution-missing-authentication-atos-unify-openscape/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://packetstormsecurity.com/files/174704/Atos-Unify-OpenScape-Code-Execution-Missing-Authentication.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://networks.unify.com/security/advisories/OBSO-2307-01.pdf"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-36619",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-19T19:26:15.981376Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-19T19:26:50.368Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Atos Unify OpenScape Session Border Controller through V10 R3.01.03 allows execution of administrative scripts by unauthenticated users."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-04T20:20:16.320Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://sec-consult.com/vulnerability-lab/advisory/authenticated-remote-code-execution-missing-authentication-atos-unify-openscape/"
            },
            {
              "url": "https://packetstormsecurity.com/files/174704/Atos-Unify-OpenScape-Code-Execution-Missing-Authentication.html"
            },
            {
              "url": "https://networks.unify.com/security/advisories/OBSO-2307-01.pdf"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-36619",
        "datePublished": "2023-10-04T00:00:00.000Z",
        "dateReserved": "2023-06-25T00:00:00.000Z",
        "dateUpdated": "2024-09-19T19:26:50.368Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-36618 (GCVE-0-2023-36618)

    Vulnerability from cvelistv5 – Published: 2023-10-04 00:00 – Updated: 2024-09-20 13:13
    VLAI
    Summary
    Atos Unify OpenScape Session Border Controller through V10 R3.01.03 allows execution of OS commands as root user by low-privileged authenticated users.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:52:53.920Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec-consult.com/vulnerability-lab/advisory/authenticated-remote-code-execution-missing-authentication-atos-unify-openscape/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://packetstormsecurity.com/files/174704/Atos-Unify-OpenScape-Code-Execution-Missing-Authentication.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://networks.unify.com/security/advisories/OBSO-2307-01.pdf"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-36618",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-20T13:13:33.844912Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-20T13:13:46.174Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Atos Unify OpenScape Session Border Controller through V10 R3.01.03 allows execution of OS commands as root user by low-privileged authenticated users."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-04T20:17:13.668Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://sec-consult.com/vulnerability-lab/advisory/authenticated-remote-code-execution-missing-authentication-atos-unify-openscape/"
            },
            {
              "url": "https://packetstormsecurity.com/files/174704/Atos-Unify-OpenScape-Code-Execution-Missing-Authentication.html"
            },
            {
              "url": "https://networks.unify.com/security/advisories/OBSO-2307-01.pdf"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-36618",
        "datePublished": "2023-10-04T00:00:00.000Z",
        "dateReserved": "2023-06-25T00:00:00.000Z",
        "dateUpdated": "2024-09-20T13:13:46.174Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-9563 (GCVE-0-2014-9563)

    Vulnerability from cvelistv5 – Published: 2018-04-12 21:00 – Updated: 2024-08-06 13:47
    VLAI
    Summary
    CRLF injection vulnerability in the web-based management (WBM) interface in Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 allows remote authenticated users to modify the root password and consequently access the debug port using the serial interface via the ssh-password parameter to page.cmd.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2015-02-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T13:47:41.671Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://networks.unify.com/security/advisories/OBSO-1501-02.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.modzero.ch/advisories/MZ-14-02-Siemens-Unify-OpenStage.txt"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-02-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "CRLF injection vulnerability in the web-based management (WBM) interface in Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 allows remote authenticated users to modify the root password and consequently access the debug port using the serial interface via the ssh-password parameter to page.cmd."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-04-12T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://networks.unify.com/security/advisories/OBSO-1501-02.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.modzero.ch/advisories/MZ-14-02-Siemens-Unify-OpenStage.txt"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-9563",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "CRLF injection vulnerability in the web-based management (WBM) interface in Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 allows remote authenticated users to modify the root password and consequently access the debug port using the serial interface via the ssh-password parameter to page.cmd."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://networks.unify.com/security/advisories/OBSO-1501-02.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://networks.unify.com/security/advisories/OBSO-1501-02.pdf"
                },
                {
                  "name": "https://www.modzero.ch/advisories/MZ-14-02-Siemens-Unify-OpenStage.txt",
                  "refsource": "MISC",
                  "url": "https://www.modzero.ch/advisories/MZ-14-02-Siemens-Unify-OpenStage.txt"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-9563",
        "datePublished": "2018-04-12T21:00:00.000Z",
        "dateReserved": "2015-01-07T00:00:00.000Z",
        "dateUpdated": "2024-08-06T13:47:41.671Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-8421 (GCVE-0-2014-8421)

    Vulnerability from cvelistv5 – Published: 2018-04-12 21:00 – Updated: 2024-08-06 13:18
    VLAI
    Summary
    Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 allow remote attackers to gain super-user privileges by leveraging SSH access and incorrect ownership of (1) ConfigureCoreFile.sh, (2) Traceroute.sh, (3) apps.sh, (4) conversion_java2native.sh, (5) coreCompression.sh, (6) deletePasswd.sh, (7) findHealthSvcFDs.sh, (8) fw_printenv.sh, (9) fw_setenv.sh, (10) hw_wd_kicker.sh, (11) new_rootfs.sh, (12) opera_killSnmpd.sh, (13) opera_startSnmpd.sh, (14) rebootOperaSoftware.sh, (15) removeLogFiles.sh, (16) runOperaServices.sh, (17) setPasswd.sh, (18) startAccTestSvcs.sh, (19) usbNotification.sh, or (20) appWeb in /Opera_Deploy.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2015-02-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T13:18:48.296Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://networks.unify.com/security/advisories/OBSO-1501-02.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.modzero.ch/advisories/MZ-14-02-Siemens-Unify-OpenStage.txt"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-02-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 allow remote attackers to gain super-user privileges by leveraging SSH access and incorrect ownership of (1) ConfigureCoreFile.sh, (2) Traceroute.sh, (3) apps.sh, (4) conversion_java2native.sh, (5) coreCompression.sh, (6) deletePasswd.sh, (7) findHealthSvcFDs.sh, (8) fw_printenv.sh, (9) fw_setenv.sh, (10) hw_wd_kicker.sh, (11) new_rootfs.sh, (12) opera_killSnmpd.sh, (13) opera_startSnmpd.sh, (14) rebootOperaSoftware.sh, (15) removeLogFiles.sh, (16) runOperaServices.sh, (17) setPasswd.sh, (18) startAccTestSvcs.sh, (19) usbNotification.sh, or (20) appWeb in /Opera_Deploy."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-04-12T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://networks.unify.com/security/advisories/OBSO-1501-02.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.modzero.ch/advisories/MZ-14-02-Siemens-Unify-OpenStage.txt"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-8421",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 allow remote attackers to gain super-user privileges by leveraging SSH access and incorrect ownership of (1) ConfigureCoreFile.sh, (2) Traceroute.sh, (3) apps.sh, (4) conversion_java2native.sh, (5) coreCompression.sh, (6) deletePasswd.sh, (7) findHealthSvcFDs.sh, (8) fw_printenv.sh, (9) fw_setenv.sh, (10) hw_wd_kicker.sh, (11) new_rootfs.sh, (12) opera_killSnmpd.sh, (13) opera_startSnmpd.sh, (14) rebootOperaSoftware.sh, (15) removeLogFiles.sh, (16) runOperaServices.sh, (17) setPasswd.sh, (18) startAccTestSvcs.sh, (19) usbNotification.sh, or (20) appWeb in /Opera_Deploy."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://networks.unify.com/security/advisories/OBSO-1501-02.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://networks.unify.com/security/advisories/OBSO-1501-02.pdf"
                },
                {
                  "name": "https://www.modzero.ch/advisories/MZ-14-02-Siemens-Unify-OpenStage.txt",
                  "refsource": "MISC",
                  "url": "https://www.modzero.ch/advisories/MZ-14-02-Siemens-Unify-OpenStage.txt"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-8421",
        "datePublished": "2018-04-12T21:00:00.000Z",
        "dateReserved": "2014-10-22T00:00:00.000Z",
        "dateUpdated": "2024-08-06T13:18:48.296Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }