VAR-201609-0597
Vulnerability from variot - Updated: 2025-12-22 23:25The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack. IPSec (full name Internet Protocol Security) is a set of IP security protocols established by the IPSec group of the Internet Engineering Task Force (IETF). Both DES and Triple DES are encryption algorithms. There are information leakage vulnerabilities in the DES and Triple DES encryption algorithms used in the TLS, SSH, and IPSec protocols and other protocols and products. This vulnerability stems from configuration errors in network systems or products during operation. (CVE-2016-2183)
- Solution:
For OpenShift Container Platform 4.1 see the following documentation, which will be updated shortly for release 4.1.18, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.1/release_notes/ocp-4-1-rel ease-notes.html
- Bugs fixed (https://bugzilla.redhat.com/):
1369383 - CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Important: Red Hat JBoss Enterprise Application Platform 6.4.18 security update Advisory ID: RHSA-2017:3239-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2017:3239 Issue date: 2017-11-16 CVE Names: CVE-2016-2183 CVE-2017-9788 CVE-2017-9798 =====================================================================
- Summary:
An update is now available for Red Hat JBoss Enterprise Application Platform.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server.
This release provides an update to httpd and OpenSSL. The updates are documented in the Release Notes document linked to in the References.
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.
This release of JBoss Enterprise Application Platform 6.4.18 Natives serves as a replacement of the JBoss Enterprise Application Platform 6.4.16 Natives and includes bug fixes which are documented in the Release Notes document linked to in the References.
All users of Red Hat JBoss Enterprise Application Platform 6.4 Natives are advised to upgrade to these updated packages.
Security Fix(es):
-
It was discovered that the httpd's mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server. (CVE-2017-9788)
-
A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183)
-
A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)
Red Hat would like to thank OpenVPN for reporting CVE-2016-2183 and Hanno BAPck for reporting CVE-2017-9798. Upstream acknowledges Karthikeyan Bhargavan (Inria) and GaA<<tan Leurent (Inria) as the original reporters of CVE-2016-2183.
Bug Fix(es):
-
CRL checking of very large CRLs fails with OpenSSL 1.0.2 (BZ#1508880)
-
mod_cluster segfaults in process_info() due to wrongly generated assembler instruction movslq (BZ#1508884)
-
Corruption in nodestatsmem in multiple core dumps but in different functions of each core dump. (BZ#1508885)
-
Solution:
Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.
The References section of this erratum contains a download link (you must log in to download the update).
The JBoss server process must be restarted for the update to take effect.
- Bugs fixed (https://bugzilla.redhat.com/):
1369383 - CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32) 1470748 - CVE-2017-9788 httpd: Uninitialized memory reflection in mod_auth_digest 1490344 - CVE-2017-9798 httpd: Use-after-free by limiting unregistered HTTP method (Optionsbleed) 1508880 - Unable to load large CRL openssl problem 1508884 - mod_cluster segfaults in process_info() due to wrongly generated assembler instruction movslq 1508885 - SegFault due to corrupt nodestatsmem
- References:
https://access.redhat.com/security/cve/CVE-2016-2183 https://access.redhat.com/security/cve/CVE-2017-9788 https://access.redhat.com/security/cve/CVE-2017-9798 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en/jboss-enterprise-application-platform/ https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform&downloadType=securityPatches&version=6.4 https://access.redhat.com/articles/3229231
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFaDeKOXlSAg2UNWIIRAlR3AKC25a1x1f7rkZYa74mYGwCi74HFRwCgvcGM wGn3j+UrRlNt1rGOWBoVHZ8= =SKvr -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Note: the current version of the following document is available here: https://softwaresupport.hpe.com/document/-/facetsearch/document/KM03158613
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: KM03158613 Version: 1
MFSBGN03805 - HP Service Manager, Remote Disclosure of Information
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2018-05-10 Last Updated: 2018-05-10
Potential Security Impact: Remote: Disclosure of Information
Source: Micro Focus, Product Security Response Team
VULNERABILITY SUMMARY A potential security vulnerability has been identified in Service Manager. This vulnerability may allow an exploit against a long-duration encrypted session known as the Sweet32 attack, and which may be exploited remotely.
References:
- CVE-2016-2183
- CVE-2016-6329
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
- HP Service Manager Software - v9.30, v9.31, v9.32, v9.33, v9.34, v9.35, v9.40, v9.41, v9.50, v9.51
BACKGROUND
CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector
RESOLUTION
MicroFocus has made the following information available to resolve the vulnerability for the impacted versions of Service Manager:
For versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35 please upgrade to SM 9.35.P6:
SM9.35 P6 packages, SM 9.35 AIX Server 9.35.6007 p6 http://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/- facetsearch/document/LID/HPSM_00916
SM 9.35 HP Itanium Server 9.35.6007 p6 http://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/- facetsearch/document/LID/HPSM_00917
SM 9.35 HP Itanium Server for Oracle 12c 9.35.6007 p6 http://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/- facetsearch/document/LID/HPSM_00918
SM 9.35 Linux Server 9.35.6007 p6 http://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/- facetsearch/document/LID/HPSM_00919
SM 9.35 Solaris Server 9.35.6007 p6 http://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/- facetsearch/document/LID/HPSM_00920
SM 9.35 Windows Server 9.35.6007 p6 http://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/- facetsearch/document/LID/HPSM_00921
For version 9.40, 9.41 please upgrade to SM 9.41.P6:
SM9.41.P6 packages, Service Manager 9.41.6000 p6 - Server for AIX http://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/- facetsearch/document/LID/HPSM_00891
Service Manager 9.41.6000 p6 - Server for HP-UX/IA http://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/- facetsearch/document/LID/HPSM_00892
Service Manager 9.41.6000 p6 - Server for Linux http://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/- facetsearch/document/LID/HPSM_00893
Service Manager 9.41.6000 p6 - Server for Solaris http://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/- facetsearch/document/LID/HPSM_00894
Service Manager 9.41.6000 p6 - Server for Windows http://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/- facetsearch/document/LID/HPSM_00895
For version 9.50, 9.51 Server and KM components please upgrade to SM 9.52.P2:
SM9.52.P2 packages, Service Manager 9.52.2021 p2 - Server for Windows http://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/- facetsearch/document/LID/HPSM_00906
Service Manager 9.52.2021 p2 - Server for Linux http://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/- facetsearch/document/LID/HPSM_00907
For version 9.50, 9.51 SMSP and SMC components please upgrade to SM 9.52:
SM9.52 packages, Service Manager 9.52 as a minor.minor full (MMF) release (due to the new SP aggregation SKU for Propel customers) is released on the following sites instead of SSO. https://h22255.www2.hpe.com/mysoftware/index
HISTORY Version:1 (rev.1) - 10 May 2018 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running Micro Focus products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal Micro Focus services support channel. For other issues about the content of this Security Bulletin, send e-mail to cyber-psrt@microfocus.com.
Report: To report a potential security vulnerability for any supported product: Web form: https://www.microfocus.com/support-and-services/report-security Email: security@microfocus.com
Subscribe: To initiate receiving subscriptions for future Micro Focus Security Bulletin alerts via Email, please subscribe here - https://softwaresupport.hpe.com/group/softwaresupport/email-notification/-/subscriptions/registerdocumentnotification Once you are logged in to the portal, please choose security bulletins under product and document types. Please note that you will need to sign in using a Passport account. If you do not have a Passport account yet, you can create one- its free and easy https://cf.passport.softwaregrp.com/hppcf/createuser.do
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://softwaresupport.hpe.com/security-vulnerability
Software Product Category: The Software Product Category is represented in the title by the two characters following Micro Focus Security Bulletin.
3P = 3rd Party Software GN = Micro Focus General Software MU = Multi-Platform Software
System management and security procedures must be reviewed frequently to maintain system integrity. Micro Focus is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"Micro Focus is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected Micro Focus products the important security information contained in this Bulletin. Micro Focus recommends that all users determine the applicability of this information to their individual situations and take appropriate action. Micro Focus does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, Micro Focus will not be responsible for any damages resulting from user's use or disregard of the information provided in this Security Bulletin. To the extent permitted by law, Micro Focus disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
Copyright 2017 EntIT Software LLC
Micro Focus shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither Micro Focus nor its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Micro Focus and the names of Micro Focus products referenced herein are trademarks of Micro Focus in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS), Unauthorized Read Access to Data and other impacts including:
- Padding Oracle attack in Apache mod_session_crypto
- Apache HTTP Request Parsing Whitespace Defects
References:
- CVE-2016-8740 - Apache http server, Denial of Service (DoS)
- CVE-2016-2161 - Apache http server, Denial of Service (DoS)
- CVE-2016-0736 - Apache http server, disclosure of information, padding oracle attack
- CVE-2016-8743 - Apache http server, request corruption, request parsing white space
- CVE-2016-2183 - OpenSSL, disclosure of information, SWEET32
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
- HP-UX Apache-based Web Server B.11.31 - httpd prior to B.2.4.18.02
BACKGROUND
CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector
CVE-2016-0736
0.0 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
4.4 (AV:L/AC:M/Au:N/C:P/I:P/A:P)
CVE-2016-2161
0.0 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
4.4 (AV:L/AC:M/Au:N/C:P/I:P/A:P)
CVE-2016-2183
5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVE-2016-8740
7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVE-2016-8743
0.0 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
4.4 (AV:L/AC:M/Au:N/C:P/I:P/A:P)
Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499
RESOLUTION
HPE has provided the following software updates to resolve the vulnerabilities with HP-UX Web Server Suite running Apache.
Apache 2.4.18.02 for HP-UX Release B.11.31 (PA and IA):
- 32 bit Depot: HP-UX 11.31(HPUXWS24ATW-B503-11-31-64.depot)
- 64 bit Depot: HP-UX 11.31(HPUXWS24ATW-B503-11-31-32.depot)
Note: The depot files can be found here: https://h20392.www2.hpe.com/portal/swdepot/displayProductInfo.do?productNumb r=HPUXWSATW503
MANUAL ACTIONS: Yes - Update Download and install the software update
PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application
that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HPE and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically.
3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX
Copyright 2016 Hewlett Packard Enterprise
Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. ========================================================================== Ubuntu Security Notice USN-3198-1 February 16, 2017
openjdk-6 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in OpenJDK 6.
Software Description: - openjdk-6: Open Source Java implementation
Details:
Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. This update moves those algorithms to the legacy algorithm set and causes them to be used only if no non-legacy algorithms can be negotiated. (CVE-2016-2183)
It was discovered that OpenJDK accepted ECSDA signatures using non-canonical DER encoding. An attacker could use this to modify or expose sensitive data. (CVE-2016-5546)
It was discovered that covert timing channel vulnerabilities existed in the DSA implementations in OpenJDK. A remote attacker could use this to expose sensitive information. (CVE-2016-5548)
It was discovered that the URLStreamHandler class in OpenJDK did not properly parse user information from a URL. A remote attacker could use this to expose sensitive information. (CVE-2016-5552)
It was discovered that the URLClassLoader class in OpenJDK did not properly check access control context when downloading class files. A remote attacker could use this to expose sensitive information. (CVE-2017-3231)
It was discovered that the Remote Method Invocation (RMI) implementation in OpenJDK performed deserialization of untrusted inputs. A remote attacker could use this to execute arbitrary code. (CVE-2017-3241)
It was discovered that the Java Authentication and Authorization Service (JAAS) component of OpenJDK did not properly perform user search LDAP queries. An attacker could use a specially constructed LDAP entry to expose or modify sensitive information. (CVE-2017-3252)
It was discovered that the PNGImageReader class in OpenJDK did not properly handle iTXt and zTXt chunks. An attacker could use this to cause a denial of service (memory consumption). (CVE-2017-3253)
It was discovered that integer overflows existed in the SocketInputStream and SocketOutputStream classes of OpenJDK. An attacker could use this to expose sensitive information. (CVE-2017-3261)
It was discovered that the atomic field updaters in the java.util.concurrent.atomic package in OpenJDK did not properly restrict access to protected field members. An attacker could use this to specially craft a Java application or applet that could bypass Java sandbox restrictions. (CVE-2017-3272)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 12.04 LTS: icedtea-6-jre-cacao 6b41-1.13.13-0ubuntu0.12.04.1 icedtea-6-jre-jamvm 6b41-1.13.13-0ubuntu0.12.04.1 openjdk-6-jdk 6b41-1.13.13-0ubuntu0.12.04.1 openjdk-6-jre 6b41-1.13.13-0ubuntu0.12.04.1 openjdk-6-jre-headless 6b41-1.13.13-0ubuntu0.12.04.1 openjdk-6-jre-lib 6b41-1.13.13-0ubuntu0.12.04.1 openjdk-6-jre-zero 6b41-1.13.13-0ubuntu0.12.04.1
This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any Java applications or applets to make all the necessary changes
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201609-0597",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "jboss enterprise web server",
"scope": "eq",
"trust": 1.6,
"vendor": "redhat",
"version": "1.0.0"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.6,
"vendor": "redhat",
"version": "5.0"
},
{
"model": "jboss web server",
"scope": "eq",
"trust": 1.6,
"vendor": "redhat",
"version": "3.0"
},
{
"model": "jboss enterprise application platform",
"scope": "eq",
"trust": 1.6,
"vendor": "redhat",
"version": "6.0.0"
},
{
"model": "jboss enterprise web server",
"scope": "eq",
"trust": 1.6,
"vendor": "redhat",
"version": "2.0.0"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "python",
"scope": "gte",
"trust": 1.0,
"vendor": "python",
"version": "2.7.0"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1p"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1f"
},
{
"model": "content security management appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.7.0-006"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "6.0.0"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "0.10.0"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1l"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1d"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1c"
},
{
"model": "python",
"scope": "lt",
"trust": 1.0,
"vendor": "python",
"version": "3.4.7"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.2d"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1g"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.2b"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.2c"
},
{
"model": "python",
"scope": "lt",
"trust": 1.0,
"vendor": "python",
"version": "2.7.13"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1q"
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "0.10.47"
},
{
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.2.0.4"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1t"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.2e"
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "4.1.2"
},
{
"model": "content security management appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.6.6-068"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "4.0.0"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1b"
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "0.12.16"
},
{
"model": "python",
"scope": "gte",
"trust": 1.0,
"vendor": "python",
"version": "3.4.0"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "0.12.0"
},
{
"model": "python",
"scope": "gte",
"trust": 1.0,
"vendor": "python",
"version": "3.5.0"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.2h"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1h"
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "4.6.0"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "4.2.0"
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "6.7.0"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1j"
},
{
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0.2"
},
{
"model": "python",
"scope": "lt",
"trust": 1.0,
"vendor": "python",
"version": "3.5.3"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1o"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1e"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1a"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.2f"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1i"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1r"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1k"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1n"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.2a"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1m"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201608-448"
},
{
"db": "NVD",
"id": "CVE-2016-2183"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat,Karthik Bhargavan and Gaetan Leurent from Inria.,The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201608-448"
}
],
"trust": 0.6
},
"cve": "CVE-2016-2183",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2016-2183",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-91002",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-2183",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-2183",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201608-448",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-91002",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-91002"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-448"
},
{
"db": "NVD",
"id": "CVE-2016-2183"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a \"Sweet32\" attack. IPSec (full name Internet Protocol Security) is a set of IP security protocols established by the IPSec group of the Internet Engineering Task Force (IETF). Both DES and Triple DES are encryption algorithms. There are information leakage vulnerabilities in the DES and Triple DES encryption algorithms used in the TLS, SSH, and IPSec protocols and other protocols and products. This vulnerability stems from configuration errors in network systems or products during operation. (CVE-2016-2183)\n\n3. Solution:\n\nFor OpenShift Container Platform 4.1 see the following documentation, which\nwill be updated shortly for release 4.1.18, for important instructions on\nhow to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.1/release_notes/ocp-4-1-rel\nease-notes.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1369383 - CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: Red Hat JBoss Enterprise Application Platform 6.4.18 security update\nAdvisory ID: RHSA-2017:3239-01\nProduct: Red Hat JBoss Enterprise Application Platform\nAdvisory URL: https://access.redhat.com/errata/RHSA-2017:3239\nIssue date: 2017-11-16\nCVE Names: CVE-2016-2183 CVE-2017-9788 CVE-2017-9798 \n=====================================================================\n\n1. Summary:\n\nAn update is now available for Red Hat JBoss Enterprise Application\nPlatform. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat JBoss Enterprise Application Platform is a platform for Java\napplications based on the JBoss Application Server. \n\nThis release provides an update to httpd and OpenSSL. The updates are\ndocumented in the Release Notes document linked to in the References. \n\nThe httpd packages provide the Apache HTTP Server, a powerful, efficient,\nand extensible web server. \n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and\nTransport Layer Security (TLS) protocols, as well as a full-strength\ngeneral-purpose cryptography library. \n\nThis release of JBoss Enterprise Application Platform 6.4.18 Natives serves\nas a replacement of the JBoss Enterprise Application Platform 6.4.16\nNatives and includes bug fixes which are documented in the Release Notes\ndocument linked to in the References. \n\nAll users of Red Hat JBoss Enterprise Application Platform 6.4 Natives are\nadvised to upgrade to these updated packages. \n\nSecurity Fix(es):\n\n* It was discovered that the httpd\u0027s mod_auth_digest module did not\nproperly initialize memory before using it when processing certain headers\nrelated to digest authentication. A remote attacker could possibly use this\nflaw to disclose potentially sensitive information or cause httpd child\nprocess to crash by sending specially crafted requests to a server. \n(CVE-2017-9788)\n\n* A flaw was found in the way the DES/3DES cipher was used as part of the\nTLS/SSL protocol. A man-in-the-middle attacker could use this flaw to\nrecover some plaintext data by capturing large amounts of encrypted traffic\nbetween TLS/SSL server and client if the communication used a DES/3DES\nbased ciphersuite. (CVE-2016-2183)\n\n* A use-after-free flaw was found in the way httpd handled invalid and\npreviously unregistered HTTP methods specified in the Limit directive used\nin an .htaccess file. A remote attacker could possibly use this flaw to\ndisclose portions of the server memory, or cause httpd child process to\ncrash. (CVE-2017-9798)\n\nRed Hat would like to thank OpenVPN for reporting CVE-2016-2183 and Hanno\nBAPck for reporting CVE-2017-9798. Upstream acknowledges Karthikeyan\nBhargavan (Inria) and GaA\u003c\u003ctan Leurent (Inria) as the original reporters of\nCVE-2016-2183. \n\nBug Fix(es):\n\n* CRL checking of very large CRLs fails with OpenSSL 1.0.2 (BZ#1508880)\n\n* mod_cluster segfaults in process_info() due to wrongly generated\nassembler instruction movslq (BZ#1508884)\n\n* Corruption in nodestatsmem in multiple core dumps but in different\nfunctions of each core dump. (BZ#1508885)\n\n3. Solution:\n\nBefore applying this update, back up your existing Red Hat JBoss Enterprise\nApplication Platform installation and deployed applications. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \n\nThe JBoss server process must be restarted for the update to take effect. \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1369383 - CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)\n1470748 - CVE-2017-9788 httpd: Uninitialized memory reflection in mod_auth_digest\n1490344 - CVE-2017-9798 httpd: Use-after-free by limiting unregistered HTTP method (Optionsbleed)\n1508880 - Unable to load large CRL openssl problem\n1508884 - mod_cluster segfaults in process_info() due to wrongly generated assembler instruction movslq\n1508885 - SegFault due to corrupt nodestatsmem\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-2183\nhttps://access.redhat.com/security/cve/CVE-2017-9788\nhttps://access.redhat.com/security/cve/CVE-2017-9798\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/documentation/en/jboss-enterprise-application-platform/\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform\u0026downloadType=securityPatches\u0026version=6.4\nhttps://access.redhat.com/articles/3229231\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2017 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFaDeKOXlSAg2UNWIIRAlR3AKC25a1x1f7rkZYa74mYGwCi74HFRwCgvcGM\nwGn3j+UrRlNt1rGOWBoVHZ8=\n=SKvr\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nNote: the current version of the following document is available here:\nhttps://softwaresupport.hpe.com/document/-/facetsearch/document/KM03158613\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: KM03158613\nVersion: 1\n\nMFSBGN03805 - HP Service Manager, Remote Disclosure of Information\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2018-05-10\nLast Updated: 2018-05-10\n\nPotential Security Impact: Remote: Disclosure of Information\n\nSource: Micro Focus, Product Security Response Team\n\nVULNERABILITY SUMMARY\nA potential security vulnerability has been identified in Service Manager. \nThis vulnerability may allow an exploit against a long-duration encrypted\nsession known as the Sweet32 attack, and which may be exploited remotely. \n\nReferences:\n\n - CVE-2016-2183\n - CVE-2016-6329\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\n - HP Service Manager Software - v9.30, v9.31, v9.32, v9.33, v9.34, v9.35,\nv9.40, v9.41, v9.50, v9.51\n\nBACKGROUND\n\n CVSS Base Metrics\n =================\n Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n\nRESOLUTION\n\nMicroFocus has made the following information available to resolve the\nvulnerability for the impacted versions of Service Manager:\n\nFor versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35 please upgrade to SM 9.35.P6:\n\nSM9.35 P6 packages,\nSM 9.35 AIX Server 9.35.6007 p6\n\u003chttp://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/-\nfacetsearch/document/LID/HPSM_00916\u003e\n\nSM 9.35 HP Itanium Server 9.35.6007 p6\n\u003chttp://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/-\nfacetsearch/document/LID/HPSM_00917\u003e\n\nSM 9.35 HP Itanium Server for Oracle 12c 9.35.6007 p6\n\u003chttp://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/-\nfacetsearch/document/LID/HPSM_00918\u003e\n\nSM 9.35 Linux Server 9.35.6007 p6\n\u003chttp://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/-\nfacetsearch/document/LID/HPSM_00919\u003e\n\nSM 9.35 Solaris Server 9.35.6007 p6\n\u003chttp://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/-\nfacetsearch/document/LID/HPSM_00920\u003e\n\nSM 9.35 Windows Server 9.35.6007 p6\n\u003chttp://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/-\nfacetsearch/document/LID/HPSM_00921\u003e\n\n\n\nFor version 9.40, 9.41 please upgrade to SM 9.41.P6:\n\nSM9.41.P6 packages,\nService Manager 9.41.6000 p6 - Server for AIX\n\u003chttp://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/-\nfacetsearch/document/LID/HPSM_00891\u003e\n\nService Manager 9.41.6000 p6 - Server for HP-UX/IA\n\u003chttp://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/-\nfacetsearch/document/LID/HPSM_00892\u003e\n\nService Manager 9.41.6000 p6 - Server for Linux\n\u003chttp://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/-\nfacetsearch/document/LID/HPSM_00893\u003e\n\nService Manager 9.41.6000 p6 - Server for Solaris\n\u003chttp://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/-\nfacetsearch/document/LID/HPSM_00894\u003e\n\nService Manager 9.41.6000 p6 - Server for Windows\n\u003chttp://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/-\nfacetsearch/document/LID/HPSM_00895\u003e\n\nFor version 9.50, 9.51 Server and KM components please upgrade to SM 9.52.P2:\n\nSM9.52.P2 packages,\nService Manager 9.52.2021 p2 - Server for Windows\n\u003chttp://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/-\nfacetsearch/document/LID/HPSM_00906\u003e\n\nService Manager 9.52.2021 p2 - Server for Linux\n\u003chttp://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/-\nfacetsearch/document/LID/HPSM_00907\u003e\n\nFor version 9.50, 9.51 SMSP and SMC components please upgrade to SM 9.52:\n\nSM9.52 packages,\nService Manager 9.52 as a minor.minor full (MMF) release (due to the new SP\naggregation SKU for Propel customers) is released on the following sites\ninstead of SSO. \n\u003chttps://h22255.www2.hpe.com/mysoftware/index\u003e\n\nHISTORY\nVersion:1 (rev.1) - 10 May 2018 Initial release\n\nThird Party Security Patches: Third party security patches that are to be installed on \nsystems running Micro Focus products should be applied in accordance with the customer\u0027s \npatch management policy. \n\nSupport: For issues about implementing the recommendations of this Security Bulletin, contact normal Micro Focus services support channel. \nFor other issues about the content of this Security Bulletin, send e-mail to cyber-psrt@microfocus.com. \n\nReport: To report a potential security vulnerability for any supported product:\n Web form: https://www.microfocus.com/support-and-services/report-security\n Email: security@microfocus.com\n\nSubscribe:\n To initiate receiving subscriptions for future Micro Focus Security Bulletin alerts via Email, please subscribe here - https://softwaresupport.hpe.com/group/softwaresupport/email-notification/-/subscriptions/registerdocumentnotification\n Once you are logged in to the portal, please choose security bulletins under product and document types. \n Please note that you will need to sign in using a Passport account. If you do not have a Passport account yet, you can create one- its free and easy https://cf.passport.softwaregrp.com/hppcf/createuser.do \n\nSecurity Bulletin Archive:\n A list of recently released Security Bulletins is available here: https://softwaresupport.hpe.com/security-vulnerability\n \nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following Micro Focus Security Bulletin. \n\n3P = 3rd Party Software\nGN = Micro Focus General Software\nMU = Multi-Platform Software\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. \nMicro Focus is continually reviewing and enhancing the security features of software products to provide \ncustomers with current secure solutions. \n\n\"Micro Focus is broadly distributing this Security Bulletin in order to bring to the attention of users of the \naffected Micro Focus products the important security information contained in this Bulletin. Micro Focus recommends \nthat all users determine the applicability of this information to their individual situations and take appropriate action. \nMicro Focus does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, \nMicro Focus will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in \nthis Security Bulletin. To the extent permitted by law, Micro Focus disclaims all warranties, either express or \nimplied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\" \n\n\nCopyright 2017 EntIT Software LLC\n\nMicro Focus shall not be liable for technical or editorial errors or omissions contained herein. \nThe information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, \nneither Micro Focus nor its affiliates, subcontractors or suppliers will be liable for incidental, special \nor consequential damages including downtime cost; lost profits; damages relating to the procurement of \nsubstitute products or services; or damages for loss of data, or software restoration. \nThe information in this document is subject to change without notice. Micro Focus and the names of \nMicro Focus products referenced herein are trademarks of Micro Focus in the United States and other countries. \nOther product and company names mentioned herein may be trademarks of their respective owners. These vulnerabilities could be exploited\nremotely to create a Denial of Service (DoS), Unauthorized Read Access to\nData and other impacts including:\n\n * Padding Oracle attack in Apache mod_session_crypto \t\n * Apache HTTP Request Parsing Whitespace Defects\n\nReferences:\n\n - CVE-2016-8740 - Apache http server, Denial of Service (DoS) \n - CVE-2016-2161 - Apache http server, Denial of Service (DoS)\n - CVE-2016-0736 - Apache http server, disclosure of information, padding\noracle attack\n - CVE-2016-8743 - Apache http server, request corruption, request parsing\nwhite space\n - CVE-2016-2183 - OpenSSL, disclosure of information, SWEET32\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\n - HP-UX Apache-based Web Server B.11.31 - httpd prior to B.2.4.18.02\n\nBACKGROUND\n\n CVSS Base Metrics\n =================\n Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n CVE-2016-0736\n 0.0 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N\n 4.4 (AV:L/AC:M/Au:N/C:P/I:P/A:P)\n\n CVE-2016-2161\n 0.0 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N\n 4.4 (AV:L/AC:M/Au:N/C:P/I:P/A:P)\n\n CVE-2016-2183\n 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\n 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)\n\n CVE-2016-8740\n 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\n 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n CVE-2016-8743\n 0.0 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N\n 4.4 (AV:L/AC:M/Au:N/C:P/I:P/A:P)\n\n Information on CVSS is documented in\n HPE Customer Notice HPSN-2008-002 here:\n\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499\n\nRESOLUTION\n\nHPE has provided the following software updates to resolve the\nvulnerabilities with HP-UX Web Server Suite running Apache. \n\nApache 2.4.18.02 for HP-UX Release B.11.31 (PA and IA):\n\n * 32 bit Depot: HP-UX 11.31(HPUXWS24ATW-B503-11-31-64.depot)\n * 64 bit Depot: HP-UX 11.31(HPUXWS24ATW-B503-11-31-32.depot)\n\n**Note:** The depot files can be found here:\n\u003chttps://h20392.www2.hpe.com/portal/swdepot/displayProductInfo.do?productNumb\nr=HPUXWSATW503\u003e\n\nMANUAL ACTIONS: Yes - Update \nDownload and install the software update \n\nPRODUCT SPECIFIC INFORMATION \nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application\n\nthat replaces HP-UX Security Patch Check. It analyzes all Security Bulletins \nissued by HPE and lists recommended actions that may apply to a specific\nHP-UX \nsystem. It can also download patches and create a depot automatically. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. \n==========================================================================\nUbuntu Security Notice USN-3198-1\nFebruary 16, 2017\n\nopenjdk-6 vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in OpenJDK 6. \n\nSoftware Description:\n- openjdk-6: Open Source Java implementation\n\nDetails:\n\nKarthik Bhargavan and Gaetan Leurent discovered that the DES and\nTriple DES ciphers were vulnerable to birthday attacks. This update moves those algorithms to the\nlegacy algorithm set and causes them to be used only if no non-legacy\nalgorithms can be negotiated. (CVE-2016-2183)\n\nIt was discovered that OpenJDK accepted ECSDA signatures using\nnon-canonical DER encoding. An attacker could use this to modify or\nexpose sensitive data. (CVE-2016-5546)\n\nIt was discovered that covert timing channel vulnerabilities existed\nin the DSA implementations in OpenJDK. A remote attacker could use\nthis to expose sensitive information. (CVE-2016-5548)\n\nIt was discovered that the URLStreamHandler class in OpenJDK did not\nproperly parse user information from a URL. A remote attacker could\nuse this to expose sensitive information. (CVE-2016-5552)\n\nIt was discovered that the URLClassLoader class in OpenJDK did not\nproperly check access control context when downloading class files. A\nremote attacker could use this to expose sensitive information. \n(CVE-2017-3231)\n\nIt was discovered that the Remote Method Invocation (RMI)\nimplementation in OpenJDK performed deserialization of untrusted\ninputs. A remote attacker could use this to execute arbitrary\ncode. (CVE-2017-3241)\n\nIt was discovered that the Java Authentication and Authorization\nService (JAAS) component of OpenJDK did not properly perform user\nsearch LDAP queries. An attacker could use a specially constructed\nLDAP entry to expose or modify sensitive information. (CVE-2017-3252)\n\nIt was discovered that the PNGImageReader class in OpenJDK did not\nproperly handle iTXt and zTXt chunks. An attacker could use this to\ncause a denial of service (memory consumption). (CVE-2017-3253)\n\nIt was discovered that integer overflows existed in the\nSocketInputStream and SocketOutputStream classes of OpenJDK. An\nattacker could use this to expose sensitive information. \n(CVE-2017-3261)\n\nIt was discovered that the atomic field updaters in the\njava.util.concurrent.atomic package in OpenJDK did not properly\nrestrict access to protected field members. An attacker could use\nthis to specially craft a Java application or applet that could bypass\nJava sandbox restrictions. (CVE-2017-3272)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 12.04 LTS:\n icedtea-6-jre-cacao 6b41-1.13.13-0ubuntu0.12.04.1\n icedtea-6-jre-jamvm 6b41-1.13.13-0ubuntu0.12.04.1\n openjdk-6-jdk 6b41-1.13.13-0ubuntu0.12.04.1\n openjdk-6-jre 6b41-1.13.13-0ubuntu0.12.04.1\n openjdk-6-jre-headless 6b41-1.13.13-0ubuntu0.12.04.1\n openjdk-6-jre-lib 6b41-1.13.13-0ubuntu0.12.04.1\n openjdk-6-jre-zero 6b41-1.13.13-0ubuntu0.12.04.1\n\nThis update uses a new upstream release, which includes additional\nbug fixes. After a standard system update you need to restart any\nJava applications or applets to make all the necessary changes",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-2183"
},
{
"db": "VULHUB",
"id": "VHN-91002"
},
{
"db": "PACKETSTORM",
"id": "154650"
},
{
"db": "PACKETSTORM",
"id": "145017"
},
{
"db": "PACKETSTORM",
"id": "147581"
},
{
"db": "PACKETSTORM",
"id": "141862"
},
{
"db": "PACKETSTORM",
"id": "141111"
}
],
"trust": 1.44
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-91002",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-91002"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-2183",
"trust": 2.2
},
{
"db": "PACKETSTORM",
"id": "142756",
"trust": 1.7
},
{
"db": "ICS CERT",
"id": "ICSMA-18-058-02",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1036696",
"trust": 1.7
},
{
"db": "PULSESECURE",
"id": "SA40312",
"trust": 1.7
},
{
"db": "BID",
"id": "92630",
"trust": 1.7
},
{
"db": "BID",
"id": "95568",
"trust": 1.7
},
{
"db": "TENABLE",
"id": "TNS-2017-09",
"trust": 1.7
},
{
"db": "TENABLE",
"id": "TNS-2016-21",
"trust": 1.7
},
{
"db": "TENABLE",
"id": "TNS-2016-20",
"trust": 1.7
},
{
"db": "TENABLE",
"id": "TNS-2016-16",
"trust": 1.7
},
{
"db": "MCAFEE",
"id": "SB10197",
"trust": 1.7
},
{
"db": "MCAFEE",
"id": "SB10310",
"trust": 1.7
},
{
"db": "MCAFEE",
"id": "SB10186",
"trust": 1.7
},
{
"db": "MCAFEE",
"id": "SB10215",
"trust": 1.7
},
{
"db": "MCAFEE",
"id": "SB10171",
"trust": 1.7
},
{
"db": "SIEMENS",
"id": "SSA-412672",
"trust": 1.7
},
{
"db": "JUNIPER",
"id": "JSA10759",
"trust": 1.7
},
{
"db": "EXPLOIT-DB",
"id": "42091",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "161320",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "156451",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "152978",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "159431",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201608-448",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.1734",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4645",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2555",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2018.0025.4",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0696",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1734.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.0946",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0437",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.1808",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3421",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0965",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0940",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2853",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.0668",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0586",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-21-075-02",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-22-160-01",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "163690",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "141111",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "145017",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "147581",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "154650",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "148410",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "141352",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "140708",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "143970",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "150303",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "140718",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "143244",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "141100",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "140473",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "141354",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144865",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "143549",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "141555",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "140725",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144869",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "142340",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "140084",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "140977",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "145018",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "141353",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-91002",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "141862",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-91002"
},
{
"db": "PACKETSTORM",
"id": "154650"
},
{
"db": "PACKETSTORM",
"id": "145017"
},
{
"db": "PACKETSTORM",
"id": "147581"
},
{
"db": "PACKETSTORM",
"id": "141862"
},
{
"db": "PACKETSTORM",
"id": "141111"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-448"
},
{
"db": "NVD",
"id": "CVE-2016-2183"
}
]
},
"id": "VAR-201609-0597",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-91002"
}
],
"trust": 0.01
},
"last_update_date": "2025-12-22T23:25:23.039000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DES and Triple DES Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=89481"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201608-448"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-91002"
},
{
"db": "NVD",
"id": "CVE-2016-2183"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "http://www.securityfocus.com/bid/92630"
},
{
"trust": 2.5,
"url": "https://access.redhat.com/security/cve/cve-2016-2183"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/95568"
},
{
"trust": 2.3,
"url": "https://access.redhat.com/errata/rhsa-2019:1245"
},
{
"trust": 2.3,
"url": "https://access.redhat.com/errata/rhsa-2020:0451"
},
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2017:3239"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:2859"
},
{
"trust": 1.8,
"url": "http://www.ubuntu.com/usn/usn-3198-1"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1036696"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/539885/100/0/threaded"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/archive/1/539885/100/0/threaded"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/archive/1/540129/100/0/threaded"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/540341/100/0/threaded"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/archive/1/540341/100/0/threaded"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2017/may/105"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2017/jul/31"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/541104/100/0/threaded"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/archive/1/541104/100/0/threaded"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/542005/100/0/threaded"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/archive/1/542005/100/0/threaded"
},
{
"trust": 1.7,
"url": "https://seclists.org/bugtraq/2018/nov/21"
},
{
"trust": 1.7,
"url": "https://www.exploit-db.com/exploits/42091/"
},
{
"trust": 1.7,
"url": "http://www.debian.org/security/2016/dsa-3673"
},
{
"trust": 1.7,
"url": "https://security.gentoo.org/glsa/201612-16"
},
{
"trust": 1.7,
"url": "https://security.gentoo.org/glsa/201701-65"
},
{
"trust": 1.7,
"url": "https://security.gentoo.org/glsa/201707-01"
},
{
"trust": 1.7,
"url": "http://rhn.redhat.com/errata/rhsa-2017-0336.html"
},
{
"trust": 1.7,
"url": "http://rhn.redhat.com/errata/rhsa-2017-0337.html"
},
{
"trust": 1.7,
"url": "http://rhn.redhat.com/errata/rhsa-2017-0338.html"
},
{
"trust": 1.7,
"url": "http://rhn.redhat.com/errata/rhsa-2017-0462.html"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2017:1216"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2017:2708"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2017:2709"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2017:2710"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2017:3113"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2017:3114"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2017:3240"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2018:2123"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00068.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00023.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00028.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00076.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html"
},
{
"trust": 1.7,
"url": "http://www.ubuntu.com/usn/usn-3087-1"
},
{
"trust": 1.7,
"url": "http://www.ubuntu.com/usn/usn-3087-2"
},
{
"trust": 1.7,
"url": "http://www.ubuntu.com/usn/usn-3179-1"
},
{
"trust": 1.7,
"url": "http://www.ubuntu.com/usn/usn-3194-1"
},
{
"trust": 1.7,
"url": "http://www.ubuntu.com/usn/usn-3270-1"
},
{
"trust": 1.7,
"url": "http://www.ubuntu.com/usn/usn-3372-1"
},
{
"trust": 1.7,
"url": "https://www.ietf.org/mail-archive/web/tls/current/msg04560.html"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/142756/ibm-informix-dynamic-server-dll-injection-code-execution.html"
},
{
"trust": 1.7,
"url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1021697"
},
{
"trust": 1.7,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991482"
},
{
"trust": 1.7,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
},
{
"trust": 1.7,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en"
},
{
"trust": 1.7,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"trust": 1.7,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"trust": 1.7,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"trust": 1.7,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"trust": 1.7,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"trust": 1.7,
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
},
{
"trust": 1.7,
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
},
{
"trust": 1.7,
"url": "http://www.splunk.com/view/sp-caaapsv"
},
{
"trust": 1.7,
"url": "http://www.splunk.com/view/sp-caaapue"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/articles/2548661"
},
{
"trust": 1.7,
"url": "https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/"
},
{
"trust": 1.7,
"url": "https://bto.bluecoat.com/security-advisory/sa133"
},
{
"trust": 1.7,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369383"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
},
{
"trust": 1.7,
"url": "https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633"
},
{
"trust": 1.7,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05302448"
},
{
"trust": 1.7,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05309984"
},
{
"trust": 1.7,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05323116"
},
{
"trust": 1.7,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05349499"
},
{
"trust": 1.7,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05356388"
},
{
"trust": 1.7,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05369403"
},
{
"trust": 1.7,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05369415"
},
{
"trust": 1.7,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05385680"
},
{
"trust": 1.7,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05390722"
},
{
"trust": 1.7,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05390849"
},
{
"trust": 1.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-18-058-02"
},
{
"trust": 1.7,
"url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40312"
},
{
"trust": 1.7,
"url": "https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/"
},
{
"trust": 1.7,
"url": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20160915-0001/"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20170119-0001/"
},
{
"trust": 1.7,
"url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/km03158613"
},
{
"trust": 1.7,
"url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/km03286178"
},
{
"trust": 1.7,
"url": "https://support.f5.com/csp/article/k13167034"
},
{
"trust": 1.7,
"url": "https://sweet32.info/"
},
{
"trust": 1.7,
"url": "https://wiki.opendaylight.org/view/security_advisories"
},
{
"trust": 1.7,
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24"
},
{
"trust": 1.7,
"url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008"
},
{
"trust": 1.7,
"url": "https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/"
},
{
"trust": 1.7,
"url": "https://www.openssl.org/blog/blog/2016/08/24/sweet32/"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"trust": 1.7,
"url": "https://www.sigsac.org/ccs/ccs2016/accepted-papers/"
},
{
"trust": 1.7,
"url": "https://www.tenable.com/security/tns-2016-16"
},
{
"trust": 1.7,
"url": "https://www.tenable.com/security/tns-2016-20"
},
{
"trust": 1.7,
"url": "https://www.tenable.com/security/tns-2016-21"
},
{
"trust": 1.7,
"url": "https://www.tenable.com/security/tns-2017-09"
},
{
"trust": 1.7,
"url": "https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00003.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00032.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html"
},
{
"trust": 1.6,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-c05302448"
},
{
"trust": 1.6,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10310"
},
{
"trust": 1.6,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbgn03765en_us"
},
{
"trust": 1.6,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759"
},
{
"trust": 1.6,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10171"
},
{
"trust": 1.6,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-c05390849"
},
{
"trust": 1.6,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-c05390722"
},
{
"trust": 1.6,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbux03725en_us"
},
{
"trust": 1.6,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10197"
},
{
"trust": 1.6,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-c05369403"
},
{
"trust": 1.6,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10215"
},
{
"trust": 1.6,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-c05385680"
},
{
"trust": 1.6,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10186"
},
{
"trust": 1.6,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-c05369415"
},
{
"trust": 1.0,
"url": "https://www.vicarius.io/vsociety/posts/cve-2016-2183-detection-sweet32-vulnerability"
},
{
"trust": 1.0,
"url": "https://www.vicarius.io/vsociety/posts/cve-2016-2183-mitigate-sweet32-vulnerability"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2020:3842"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2021:0308"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2021:2438"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2016:1940"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhba-2019:2581"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2017:0338"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2017:0337"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2017:0336"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2017:0462"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-201914246-1.html"
},
{
"trust": 0.6,
"url": "https://fortiguard.com/psirt/fg-ir-17-173"
},
{
"trust": 0.6,
"url": "http://www.ibm.com/support/docview.wss"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159431/red-hat-security-advisory-2020-3842-01.html"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-160-01"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.1808/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4645/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-affect-ibm-netezza-analytics/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-affect-ibm-netezza-analytics-for-nps/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0586/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0437"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-has-addressed-a-security-vulnerability-cve-2016-2183/"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-075-02"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/161320/red-hat-security-advisory-2021-0308-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1734/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2018.0025.4/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/152978/red-hat-security-advisory-2019-1245-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2853"
},
{
"trust": 0.6,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160927-openssl"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/77618"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/76446"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0965/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0940"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-jre-8-0-1-1-affect-ibm-netezza-platform-software-clients/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/163690/red-hat-security-advisory-2021-2438-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/156451/red-hat-security-advisory-2020-0451-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2555"
},
{
"trust": 0.6,
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10876602"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3421/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1734.2/"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2183"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026amp;id=jsa10759"
},
{
"trust": 0.1,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026amp;docid=emr_na-c05302448"
},
{
"trust": 0.1,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026amp;docid=emr_na-c05369403"
},
{
"trust": 0.1,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026amp;docid=emr_na-c05369415"
},
{
"trust": 0.1,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026amp;docid=emr_na-c05385680"
},
{
"trust": 0.1,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026amp;docid=emr_na-c05390722"
},
{
"trust": 0.1,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026amp;docid=emr_na-c05390849"
},
{
"trust": 0.1,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026amp;docid=emr_na-hpesbgn03765en_us"
},
{
"trust": 0.1,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026amp;docid=emr_na-hpesbux03725en_us"
},
{
"trust": 0.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10171"
},
{
"trust": 0.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10186"
},
{
"trust": 0.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10197"
},
{
"trust": 0.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10215"
},
{
"trust": 0.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10310"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.1/release_notes/ocp-4-1-rel"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en/jboss-enterprise-application-platform/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-9798"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9798"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/3229231"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-9788"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform\u0026downloadtype=securitypatches\u0026version=6.4"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9788"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://www.microfocus.com/support-and-services/report-security"
},
{
"trust": 0.1,
"url": "https://softwaresupport.hpe.com/group/softwaresupport/email-notification/-/subscriptions/registerdocumentnotification"
},
{
"trust": 0.1,
"url": "https://h22255.www2.hpe.com/mysoftware/index\u003e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6329"
},
{
"trust": 0.1,
"url": "https://cf.passport.softwaregrp.com/hppcf/createuser.do"
},
{
"trust": 0.1,
"url": "https://softwaresupport.hpe.com/security-vulnerability"
},
{
"trust": 0.1,
"url": "http://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/-"
},
{
"trust": 0.1,
"url": "https://softwaresupport.hpe.com/document/-/facetsearch/document/km03158613"
},
{
"trust": 0.1,
"url": "http://www.hpe.com/support/security_bulletin_archive"
},
{
"trust": 0.1,
"url": "https://www.hpe.com/info/report-security-vulnerability"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-8740"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-hpesbux03725en_us"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499"
},
{
"trust": 0.1,
"url": "https://h20392.www2.hpe.com/portal/swdepot/displayproductinfo.do?productnumb"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2161"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0736"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-8743"
},
{
"trust": 0.1,
"url": "http://www.hpe.com/support/subscriber_choice"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5548"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5552"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-3252"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openjdk-6/6b41-1.13.13-0ubuntu0.12.04.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-3253"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-3261"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-3272"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-3241"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-3231"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5546"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-91002"
},
{
"db": "PACKETSTORM",
"id": "154650"
},
{
"db": "PACKETSTORM",
"id": "145017"
},
{
"db": "PACKETSTORM",
"id": "147581"
},
{
"db": "PACKETSTORM",
"id": "141862"
},
{
"db": "PACKETSTORM",
"id": "141111"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-448"
},
{
"db": "NVD",
"id": "CVE-2016-2183"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-91002"
},
{
"db": "PACKETSTORM",
"id": "154650"
},
{
"db": "PACKETSTORM",
"id": "145017"
},
{
"db": "PACKETSTORM",
"id": "147581"
},
{
"db": "PACKETSTORM",
"id": "141862"
},
{
"db": "PACKETSTORM",
"id": "141111"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-448"
},
{
"db": "NVD",
"id": "CVE-2016-2183"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-09-01T00:00:00",
"db": "VULHUB",
"id": "VHN-91002"
},
{
"date": "2019-09-28T14:44:44",
"db": "PACKETSTORM",
"id": "154650"
},
{
"date": "2017-11-17T00:10:36",
"db": "PACKETSTORM",
"id": "145017"
},
{
"date": "2018-05-10T23:26:00",
"db": "PACKETSTORM",
"id": "147581"
},
{
"date": "2017-03-30T16:04:18",
"db": "PACKETSTORM",
"id": "141862"
},
{
"date": "2017-02-16T14:42:20",
"db": "PACKETSTORM",
"id": "141111"
},
{
"date": "2016-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201608-448"
},
{
"date": "2016-09-01T00:59:00.137000",
"db": "NVD",
"id": "CVE-2016-2183"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-12T00:00:00",
"db": "VULHUB",
"id": "VHN-91002"
},
{
"date": "2023-03-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201608-448"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-2183"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "141111"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-448"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OpenSSL Information disclosure vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201608-448"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201608-448"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.