ID

VAR-200911-0398


CVE

CVE-2009-3555


TITLE

SSL and TLS protocols renegotiation vulnerability

Trust: 0.8

sources: CERT/CC: VU#120541

DESCRIPTION

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) The protocol includes renegotiation A vulnerability exists in the function. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) Is a protocol that provides functions such as communication encryption and authentication. SSL and TLS The protocol includes renegotiation There are vulnerabilities due to functionality.A third party that can relay communication between the user and the server can insert arbitrary data at the beginning of the communication data under specific conditions. As a result, the attacker inserted HTTP The request may be sent to the server. HP ProCurve Threat Management Services (TMS) zl Module J9155A and J9156A ST.1.1.100330 and earlier. Product Version: ST.1.1.100430 or later. The updates are available from the following location: http://www.procurve.com/customercare/support/software/network-security.htm PRODUCT SPECIFIC INFORMATION None HISTORY: Version: 1 (rev.1) 4 August 2010 Initial release. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ VMware Security Advisory Advisory ID: VMSA-2011-0003 Synopsis: Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX Issue date: 2011-02-10 Updated on: 2011-02-10 (initial release of advisory) CVE numbers: --- Apache Tomcat --- CVE-2009-2693 CVE-2009-2901 CVE-2009-2902 CVE-2009-3548 CVE-2010-2227 CVE-2010-1157 --- Apache Tomcat Manager --- CVE-2010-2928 --- cURL --- CVE-2010-0734 --- COS Kernel --- CVE-2010-1084 CVE-2010-2066 CVE-2010-2070 CVE-2010-2226 CVE-2010-2248 CVE-2010-2521 CVE-2010-2524 CVE-2010-0008 CVE-2010-0415 CVE-2010-0437 CVE-2009-4308 CVE-2010-0003 CVE-2010-0007 CVE-2010-0307 CVE-2010-1086 CVE-2010-0410 CVE-2010-0730 CVE-2010-1085 CVE-2010-0291 CVE-2010-0622 CVE-2010-1087 CVE-2010-1173 CVE-2010-1437 CVE-2010-1088 CVE-2010-1187 CVE-2010-1436 CVE-2010-1641 CVE-2010-3081 --- Microsoft SQL Express --- CVE-2008-5416 CVE-2008-0085 CVE-2008-0086 CVE-2008-0107 CVE-2008-0106 --- OpenSSL --- CVE-2010-0740 CVE-2010-0433 CVE-2010-3864 CVE-2010-2939 --- Oracle (Sun) JRE --- CVE-2009-3555 CVE-2010-0082 CVE-2010-0084 CVE-2010-0085 CVE-2010-0087 CVE-2010-0088 CVE-2010-0089 CVE-2010-0090 CVE-2010-0091 CVE-2010-0092 CVE-2010-0093 CVE-2010-0094 CVE-2010-0095 CVE-2010-0837 CVE-2010-0838 CVE-2010-0839 CVE-2010-0840 CVE-2010-0841 CVE-2010-0842 CVE-2010-0843 CVE-2010-0844 CVE-2010-0845 CVE-2010-0846 CVE-2010-0847 CVE-2010-0848 CVE-2010-0849 CVE-2010-0850 CVE-2010-0886 CVE-2010-3556 CVE-2010-3566 CVE-2010-3567 CVE-2010-3550 CVE-2010-3561 CVE-2010-3573 CVE-2010-3565 CVE-2010-3568 CVE-2010-3569 CVE-2010-1321 CVE-2010-3548 CVE-2010-3551 CVE-2010-3562 CVE-2010-3571 CVE-2010-3554 CVE-2010-3559 CVE-2010-3572 CVE-2010-3553 CVE-2010-3549 CVE-2010-3557 CVE-2010-3541 CVE-2010-3574 --- pam_krb5 --- CVE-2008-3825 CVE-2009-1384 - ------------------------------------------------------------------------ 1. Summary Update 1 for vCenter Server 4.1, vCenter Update Manager 4.1, vSphere Hypervisor (ESXi) 4.1, ESXi 4.1, addresses several security issues. 2. Relevant releases vCenter Server 4.1 without Update 1, vCenter Update Manager 4.1 without Update 1, ESXi 4.1 without patch ESXi410-201101201-SG, ESX 4.1 without patch ESX410-201101201-SG. 3. Problem Description a. vCenter Server and vCenter Update Manager update Microsoft SQL Server 2005 Express Edition to Service Pack 3 Microsoft SQL Server 2005 Express Edition (SQL Express) distributed with vCenter Server 4.1 Update 1 and vCenter Update Manager 4.1 Update 1 is upgraded from SQL Express Service Pack 2 to SQL Express Service Pack 3, to address multiple security issues that exist in the earlier releases of Microsoft SQL Express. Customers using other database solutions need not update for these issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-5416, CVE-2008-0085, CVE-2008-0086, CVE-2008-0107 and CVE-2008-0106 to the issues addressed in MS SQL Express Service Pack 3. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter 4.1 Windows Update 1 vCenter 4.0 Windows affected, patch pending VirtualCenter 2.5 Windows affected, no patch planned Update Manager 4.1 Windows Update 1 Update Manager 4.0 Windows affected, patch pending Update Manager 1.0 Windows affected, no patch planned hosted * any any not affected ESXi any ESXi not affected ESX any ESX not affected * Hosted products are VMware Workstation, Player, ACE, Fusion. b. vCenter Apache Tomcat Management Application Credential Disclosure The Apache Tomcat Manager application configuration file contains logon credentials that can be read by unprivileged local users. The issue is resolved by removing the Manager application in vCenter 4.1 Update 1. If vCenter 4.1 is updated to vCenter 4.1 Update 1 the logon credentials are not present in the configuration file after the update. VMware would like to thank Claudio Criscione of Secure Networking for reporting this issue to us. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2010-2928 to this issue. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter 4.1 Windows Update 1 vCenter 4.0 Windows not affected VirtualCenter 2.5 Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX any ESX not affected * hosted products are VMware Workstation, Player, ACE, Fusion. c. vCenter Server and ESX, Oracle (Sun) JRE is updated to version 1.6.0_21 Oracle (Sun) JRE update to version 1.6.0_21, which addresses multiple security issues that existed in earlier releases of Oracle (Sun) JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Oracle (Sun) JRE 1.6.0_19: CVE-2009-3555, CVE-2010-0082, CVE-2010-0084, CVE-2010-0085, CVE-2010-0087, CVE-2010-0088, CVE-2010-0089, CVE-2010-0090, CVE-2010-0091, CVE-2010-0092, CVE-2010-0093, CVE-2010-0094, CVE-2010-0095, CVE-2010-0837, CVE-2010-0838, CVE-2010-0839, CVE-2010-0840, CVE-2010-0841, CVE-2010-0842, CVE-2010-0843, CVE-2010-0844, CVE-2010-0845, CVE-2010-0846, CVE-2010-0847, CVE-2010-0848, CVE-2010-0849, CVE-2010-0850. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following name to the security issue fixed in Oracle (Sun) JRE 1.6.0_20: CVE-2010-0886. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter 4.1 Windows Update 1 vCenter 4.0 Windows not applicable ** VirtualCenter 2.5 Windows not applicable ** Update Manager 4.1 Windows not applicable ** Update Manager 4.0 Windows not applicable ** Update Manager 1.0 Windows not applicable ** hosted * any any not affected ESXi any ESXi not affected ESX 4.1 ESX ESX410-201101201-SG ESX 4.0 ESX not applicable ** ESX 3.5 ESX not applicable ** ESX 3.0.3 ESX not applicable ** * hosted products are VMware Workstation, Player, ACE, Fusion. ** this product uses the Oracle (Sun) JRE 1.5.0 family d. vCenter Update Manager Oracle (Sun) JRE is updated to version 1.5.0_26 Oracle (Sun) JRE update to version 1.5.0_26, which addresses multiple security issues that existed in earlier releases of Oracle (Sun) JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Oracle (Sun) JRE 1.5.0_26: CVE-2010-3556, CVE-2010-3566, CVE-2010-3567, CVE-2010-3550, CVE-2010-3561, CVE-2010-3573, CVE-2010-3565,CVE-2010-3568, CVE-2010-3569, CVE-2009-3555, CVE-2010-1321, CVE-2010-3548, CVE-2010-3551, CVE-2010-3562, CVE-2010-3571, CVE-2010-3554, CVE-2010-3559, CVE-2010-3572, CVE-2010-3553, CVE-2010-3549, CVE-2010-3557, CVE-2010-3541, CVE-2010-3574. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter 4.1 Windows not applicable ** vCenter 4.0 Windows affected, patch pending VirtualCenter 2.5 Windows affected, no patch planned Update Manager 4.1 Windows Update 1 Update Manager 4.0 Windows affected, patch pending Update Manager 1.0 Windows affected, no patch planned hosted * any any not affected ESXi any ESXi not affected ESX 4.1 ESX not applicable ** ESX 4.0 ESX affected, patch pending ESX 3.5 ESX affected, no patch planned ESX 3.0.3 ESX affected, no patch planned * hosted products are VMware Workstation, Player, ACE, Fusion. ** this product uses the Oracle (Sun) JRE 1.6.0 family e. vCenter Server and ESX Apache Tomcat updated to version 6.0.28 Apache Tomcat updated to version 6.0.28, which addresses multiple security issues that existed in earlier releases of Apache Tomcat The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.24: CVE-2009-2693, CVE-2009-2901, CVE-2009-2902,i and CVE-2009-3548. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.28: CVE-2010-2227, CVE-2010-1157. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter 4.1 Windows Update 1 vCenter 4.0 Windows affected, patch pending VirtualCenter 2.5 Windows not applicable ** hosted * any any not affected ESXi any ESXi not affected ESX 4.1 ESX ESX410-201101201-SG ESX 4.0 ESX affected, patch pending ESX 3.5 ESX not applicable ** ESX 3.0.3 ESX not applicable ** * hosted products are VMware Workstation, Player, ACE, Fusion. ** this product uses the Apache Tomcat 5.5 family f. vCenter Server third party component OpenSSL updated to version 0.9.8n The version of the OpenSSL library in vCenter Server is updated to 0.9.8n. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-0740 and CVE-2010-0433 to the issues addressed in this version of OpenSSL. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter 4.1 Windows Update 1 vCenter 4.0 Windows affected, patch pending VirtualCenter 2.5 Windows affected, no patch planned hosted * any any not applicable ESXi any ESXi not applicable ESX any ESX not applicable * hosted products are VMware Workstation, Player, ACE, Fusion. g. ESX third party component OpenSSL updated to version 0.9.8p The version of the ESX OpenSSL library is updated to 0.9.8p. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-3864 and CVE-2010-2939 to the issues addressed in this update. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not applicable hosted * any any not applicable ESXi 4.1 ESXi ESXi410-201101201-SG ESXi 4.0 ESXi affected, patch pending ESXi 3.5 ESXi affected, patch pending ESX 4.1 ESX ESX410-201101201-SG ESX 4.0 ESX affected, patch pending ESX 3.5 ESX affected, patch pending ESX 3.0.3 ESX affected, patch pending * hosted products are VMware Workstation, Player, ACE, Fusion. h. ESXi third party component cURL updated The version of cURL library in ESXi is updated. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-0734 to the issues addressed in this update. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not affected hosted * any any not affected ESXi 4.1 ESXi ESXi410-201101201-SG ESXi 4.0 ESXi affected, patch pending ESXi 3.5 ESXi affected, patch pending ESX any ESX not applicable * hosted products are VMware Workstation, Player, ACE, Fusion. i. ESX third party component pam_krb5 updated The version of pam_krb5 library is updated. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-3825 and CVE-2009-1384 to the issues addressed in the update. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.1 ESX ESX410-201101201-SG ESX 4.0 ESX not affected ESX 3.5 ESX not affected ESX 3.0.3 ESX not affected * hosted products are VMware Workstation, Player, ACE, Fusion. j. ESX third party update for Service Console kernel The Service Console kernel is updated to include kernel version 2.6.18-194.11.1. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-1084, CVE-2010-2066, CVE-2010-2070, CVE-2010-2226, CVE-2010-2248, CVE-2010-2521, CVE-2010-2524, CVE-2010-0008, CVE-2010-0415, CVE-2010-0437, CVE-2009-4308, CVE-2010-0003, CVE-2010-0007, CVE-2010-0307, CVE-2010-1086, CVE-2010-0410, CVE-2010-0730, CVE-2010-1085, CVE-2010-0291, CVE-2010-0622, CVE-2010-1087, CVE-2010-1173, CVE-2010-1437, CVE-2010-1088, CVE-2010-1187, CVE-2010-1436, CVE-2010-1641, and CVE-2010-3081 to the issues addressed in the update. Note: This update also addresses the 64-bit compatibility mode stack pointer underflow issue identified by CVE-2010-3081. This issue was patched in an ESX 4.1 patch prior to the release of ESX 4.1 Update 1. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.1 ESX ESX410-201101201-SG ESX 4.0 ESX affected, patch pending ESX 3.5 ESX not applicable ESX 3.0.3 ESX not applicable * hosted products are VMware Workstation, Player, ACE, Fusion. 4. Solution Please review the patch/release notes for your product and version and verify the checksum of your downloaded file. VMware vCenter Server 4.1 Update 1 and modules ---------------------------------------------- http://downloads.vmware.com/d/info/datacenter_downloads/vmware_vsphere_4/4_0 Release Notes: http://downloads.vmware.com/support/pubs/vs_pages/vsp_pubs_esx41_vc41.html File type: .iso md5sum: 729cf247aa5d33ceec431c86377eee1a sha1sum: c1e10a5fcbc1ae9d13348d43541d574c563d66f0 File type: .zip md5sum: fd1441bef48a153f2807f6823790e2f0 sha1sum: 31737a816ed1c08ab3a505fb6db2483f49ad7c19 VMware vSphere Client File type: .exe md5sum: cb6aa91ada1289575355d79e8c2a9f8e sha1sum: f9e3d8eb83196ae7c31aab554e344a46b722b1e4 ESXi 4.1 Installable Update 1 ----------------------------- http://downloads.vmware.com/d/info/datacenter_downloads/vmware_vsphere_4/4_0 Release Notes: http://downloads.vmware.com/support/vsphere4/doc/vsp_esxi41_u1_rel_notes.html http://kb.vmware.com/kb/1027919 File type: .iso MD5SUM: d68d6c2e040a87cd04cd18c04c22c998 SHA1SUM: bbaacc0d34503822c14f6ccfefb6a5b62d18ae64 ESXi 4.1 Update 1 (upgrade ZIP from ESXi 4.1) File type: .zip MD5SUM: 2f1e009c046b20042fae3b7ca42a840f SHA1SUM: 1c9c644012dec657a705ddd3d033cbfb87a1fab1 ESXi 4.1 Update 1 (upgrade ZIP from ESXi 4.0) File type: .zip MD5SUM: 67b924618d196dafaf268a7691bd1a0f SHA1SUM: 9d74b639e703259d9e49c0341158e0d4e45de516 ESXi 4.1 Update 1 (upgrade ZIP from ESXi 3.5) File type: .zip MD5SUM: a6024b9f6c6b7b2c629696afc6d07cf4 SHA1SUM: b3841de1a30617ac68d5a861882aa72de3a93488 VMware Tools CD image for Linux Guest OSes File type: .iso MD5SUM: dad66fa8ece1dd121c302f45444daa70 SHA1SUM: 56535a2cfa7799607356c6fd0a7d9f041da614af VMware vSphere Client File type: .exe MD5SUM: cb6aa91ada1289575355d79e8c2a9f8e SHA1SUM: f9e3d8eb83196ae7c31aab554e344a46b722b1e4 ESXi Installable Update 1 contains the following security bulletins: ESXi410-201101201-SG. ESX 4.1 Update 1 ---------------- http://downloads.vmware.com/d/info/datacenter_downloads/vmware_vsphere_4/4_0 Release Notes: http://downloads.vmware.com/support/vsphere4/doc/vsp_esx41_u1_rel_notes.html http://kb.vmware.com/kb/1029353 ESX 4.1 Update 1 (DVD ISO) File type: .iso md5sum: b9a275b419a20c7bedf31c0bf64f504e sha1sum: 2d85edcaca8218013585e1eab00bc80db6d96e11 ESX 4.1 Update 1 (upgrade ZIP from ESX 4.1) File type: .zip md5sum: 2d81a87e994aa2b329036f11d90b4c14 sha1sum: c2bfc0cf7ac03d24afd5049ddbd09a865aad1798 Pre-upgrade package for ESX 4.0 to ESX 4.1 Update 1 File type: .zip md5sum: 75f8cebfd55d8a81deb57c27def963c2 sha1sum: 889c15aa8008fe0e29439d0ab3468c2beb1c4fe2 ESX 4.1 Update 1 (upgrade ZIP from ESX 4.0) File type: .zip md5sum: 1dc9035cd10e7e60d27e7a7aef57b4c2 sha1sum: e6d3fb65d83a3e263d0f634a3572025854ff8922 VMware Tools CD image for Linux Guest OSes File type: .iso md5sum: dad66fa8ece1dd121c302f45444daa70 sha1sum: 56535a2cfa7799607356c6fd0a7d9f041da614af VMware vSphere Client File type: .exe md5sum: cb6aa91ada1289575355d79e8c2a9f8e sha1sum: f9e3d8eb83196ae7c31aab554e344a46b722b1e4 ESX410-Update01 contains the following security bulletins: ESX410-201101201-SG (COS kernel, pam_krb5, cURL, OpenSSL, Apache Tomcat, Oracle (Sun) JRE) | http://kb.vmware.com/kb/1027904 ESX410-201101226-SG (glibc) | http://kb.vmware.com/kb/1031330 ESX410-Update01 also contains the following non-security bulletins ESX410-201101211-UG, ESX410-201101213-UG, ESX410-201101215-UG, ESX410-201101202-UG, ESX410-201101203-UG, ESX410-201101204-UG, ESX410-201101206-UG, ESX410-201101207-UG, ESX410-201101208-UG, ESX410-201101214-UG, ESX410-201101216-UG, ESX410-201101217-UG, ESX410-201101218-UG, ESX410-201101219-UG, ESX410-201101220-UG, ESX410-201101221-UG, ESX410-201101222-UG, ESX410-201101225-UG. To install an individual bulletin use esxupdate with the -b option. 5. References CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5416 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0085 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0086 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0107 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0106 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2928 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0082 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0084 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0085 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0087 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0088 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0089 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0090 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0091 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0092 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0093 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0094 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0095 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0837 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0838 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0839 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0840 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0841 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0842 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0843 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0844 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0845 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0846 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0847 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0848 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0849 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0850 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0886 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2693 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2901 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2902 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3548 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2227 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1157 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0740 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0433 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3864 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2939 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0734 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3825 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1384 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1084 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2066 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2070 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2226 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2248 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2521 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2524 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0008 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0415 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0437 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4308 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0003 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0007 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0307 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1086 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0410 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0730 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1085 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0291 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0622 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1087 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1173 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1437 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1088 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1187 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1436 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1641 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3081 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3556 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3566 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3567 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3550 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3561 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3573 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3565 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3568 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3569 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1321 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3548 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3551 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3562 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3571 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3554 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3559 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3572 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3553 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3549 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3557 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3541 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3574 - ------------------------------------------------------------------------ 6. Change log 2011-02-10 VMSA-2011-0003 Initial security advisory in conjunction with the release of vCenter Server 4.1 Update 1, vCenter Update Manager 4.1 Update 1, ESXi 4.1 Update 1, and ESX 4.1 Update 1 on 2011-02-10. - ----------------------------------------------------------------------- 7. Contact E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: * security-announce at lists.vmware.com * bugtraq at securityfocus.com * full-disclosure at lists.grok.org.uk E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055 VMware Security Advisories http://www.vmware.com/security/advisories VMware security response policy http://www.vmware.com/support/policies/security_response.html General support life cycle policy http://www.vmware.com/support/policies/eos.html VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html Copyright 2011 VMware Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) iEYEARECAAYFAk1U1eoACgkQS2KysvBH1xm3swCfeh4sWvPOubDT1K7QlRj3SjW9 dxYAmwbNLMR9IG/rKZDYh9hqcf4IldCX =2pVj -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . HP System Management Homepage v6.2 or subsequent for Linux (x86), Linux (AMD64/EM64T), and Windows can be downloaded from the following link. ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Oracle Application Server Multiple Vulnerabilities SECUNIA ADVISORY ID: SA44293 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44293/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44293 RELEASE DATE: 2011-04-24 DISCUSS ADVISORY: http://secunia.com/advisories/44293/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44293/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44293 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Oracle Application Server, which can be exploited by malicious users and people to manipulate certain data. 1) An error exists in the C Oracle SSL API of the Oracle Security Service component and can be exploited to manipulate certain data. For more information see vulnerability #1: SA37291 2) An unspecified error in the Oracle HTTP Server component can be exploited to manipulate certain data. 3) An error exists in the Midtier Infrastructure of the Portal component and can be exploited to manipulate certain data. For more information see vulnerability #3: SA44246 4) An unspecified error in the Single Sign On component can be exploited by authenticated users to manipulate certain data. The vulnerabilities are reported in the following products: * Oracle Application Server 10g Release 2 version 10.1.2.3.0. SOLUTION: Apply updates (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: It is currently unclear who reported these vulnerabilities as the Oracle Critical Patch Update for April 2011 only provides a bundled list of credits. ORIGINAL ADVISORY: Oracle: http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html#AppendixAS OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. Corrected: 2009-12-03 09:18:40 UTC (RELENG_8, 8.0-STABLE) 2009-12-03 09:18:40 UTC (RELENG_8_0, 8.0-RELEASE-p1) 2009-12-03 09:18:40 UTC (RELENG_7, 7.2-STABLE) 2009-12-03 09:18:40 UTC (RELENG_7_2, 7.2-RELEASE-p5) 2009-12-03 09:18:40 UTC (RELENG_7_1, 7.1-RELEASE-p9) 2009-12-03 09:18:40 UTC (RELENG_6, 6.4-STABLE) 2009-12-03 09:18:40 UTC (RELENG_6_4, 6.4-RELEASE-p8) 2009-12-03 09:18:40 UTC (RELENG_6_3, 6.3-RELEASE-p14) CVE Name: CVE-2009-3555 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:http://security.FreeBSD.org/>. The most widespread use of SSL/TLS is to add security to the HTTP protocol, thus producing HTTPS. FreeBSD includes software from the OpenSSL Project which implements SSL and TLS. II. Problem Description The SSL version 3 and TLS protocols support session renegotiation without cryptographically tying the new session parameters to the old parameters. III. Impact An attacker who can intercept a TCP connection being used for SSL or TLS can cause the initial session negotiation to take the place of a session renegotiation. This can be exploited in several ways, including: * Causing a server to interpret incoming messages as having been sent under the auspices of a client SSL key when in fact they were not; * Causing a client request to be appended to an attacker-supplied request, potentially revealing to the attacker the contents of the client request (including any authentication parameters); and * Causing a client to receive a response to an attacker-supplied request instead of a response to the request sent by the client. IV. Solution NOTE WELL: This update causes OpenSSL to reject any attempt to renegotiate SSL / TLS session parameters. As a result, connections in which the other party attempts to renegotiate session parameters will break. In practice, however, session renegotiation is a rarely-used feature, so disabling this functionality is unlikely to cause problems for most systems. Perform one of the following: 1) Upgrade your vulnerable system to 6-STABLE, 7-STABLE, or 8-STABLE, or to the RELENG_8_0, RELENG_7_2, RELENG_7_1, RELENG_6_4, or RELENG_6_3 security branch dated after the correction date. 2) To patch your present system: The following patches have been verified to apply to FreeBSD 6.3, 6.4, 7.1, 7.2, and 8.0 systems. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch http://security.FreeBSD.org/patches/SA-09:15/ssl.patch # fetch http://security.FreeBSD.org/patches/SA-09:15/ssl.patch.asc b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch # cd /usr/src/secure/lib/libcrypto # make obj && make depend && make includes && make && make install NOTE: On the amd64 platform, the above procedure will not update the lib32 (i386 compatibility) libraries. On amd64 systems where the i386 compatibility libraries are used, the operating system should instead be recompiled as described in <URL:http://www.FreeBSD.org/handbook/makeworld.html> VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. CVS: Branch Revision Path - ------------------------------------------------------------------------- RELENG_6 src/crypto/openssl/ssl/s3_pkt.c 1.1.1.10.2.1 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.14.2.3 src/crypto/openssl/ssl/s3_lib.c 1.1.1.10.2.1 RELENG_6_4 src/UPDATING 1.416.2.40.2.12 src/sys/conf/newvers.sh 1.69.2.18.2.14 src/crypto/openssl/ssl/s3_pkt.c 1.1.1.10.12.1 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.14.2.1.6.2 src/crypto/openssl/ssl/s3_lib.c 1.1.1.10.12.1 RELENG_6_3 src/UPDATING 1.416.2.37.2.19 src/sys/conf/newvers.sh 1.69.2.15.2.18 src/crypto/openssl/ssl/s3_pkt.c 1.1.1.10.10.1 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.14.2.1.4.2 src/crypto/openssl/ssl/s3_lib.c 1.1.1.10.10.1 RELENG_7 src/crypto/openssl/ssl/s3_pkt.c 1.1.1.12.2.1 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.17.2.2 src/crypto/openssl/ssl/s3_lib.c 1.1.1.13.2.1 RELENG_7_2 src/UPDATING 1.507.2.23.2.8 src/sys/conf/newvers.sh 1.72.2.11.2.9 src/crypto/openssl/ssl/s3_pkt.c 1.1.1.12.8.1 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.17.2.1.2.1 src/crypto/openssl/ssl/s3_lib.c 1.1.1.13.8.1 RELENG_7_1 src/UPDATING 1.507.2.13.2.12 src/sys/conf/newvers.sh 1.72.2.9.2.13 src/crypto/openssl/ssl/s3_pkt.c 1.1.1.12.6.1 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.17.6.2 src/crypto/openssl/ssl/s3_lib.c 1.1.1.13.6.1 RELENG_8 src/crypto/openssl/ssl/s3_pkt.c 1.2.2.1 src/crypto/openssl/ssl/s3_srvr.c 1.3.2.1 src/crypto/openssl/ssl/s3_lib.c 1.2.2.1 RELENG_8_0 src/UPDATING 1.632.2.7.2.4 src/sys/conf/newvers.sh 1.83.2.6.2.4 src/crypto/openssl/ssl/s3_pkt.c 1.2.4.1 src/crypto/openssl/ssl/s3_srvr.c 1.3.4.1 src/crypto/openssl/ssl/s3_lib.c 1.2.4.1 - ------------------------------------------------------------------------- Subversion: Branch/path Revision - ------------------------------------------------------------------------- stable/6/ r200054 releng/6.4/ r200054 releng/6.3/ r200054 stable/7/ r200054 releng/7.2/ r200054 releng/7.1/ r200054 - ------------------------------------------------------------------------- VII. The vulnerability exists in how the protocol handles session renegotiation and exposes users to a potential man-in-the-middle attack. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20091109-tls.shtml. Affected Products ================= Cisco is currently evaluating products for possible exposure to these TLS issues. Products will only be listed in the Vulnerable Products or Products Confirmed Not Vulnerable sections of this advisory when a final determination about product exposure is made. Products that are not listed in either of these two sections are still being evaluated. Vulnerable Products - ------------------- This section will be updated when more information is available. Products Confirmed Not Vulnerable - --------------------------------- The following products are confirmed not vulnerable: * Cisco AnyConnect VPN Client This section will be updated when more information is available. The vulnerability exists in how the protocol handles session renegotiation and exposes users to a potential man-in-the-middle attack. The following Cisco Bug IDs are being used to track potential exposure to the SSL and TLS issues. The bugs listed below do not confirm that a product is vulnerable, but rather that the product is under investigation by the appropriate product teams. Registered Cisco customers can view these bugs via Cisco's Bug Toolkit: http://www.cisco.com/pcgi-bin/Support/Bugtool/launch_bugtool.pl +------------------------------------------------------------+ | Product | Bug ID | |----------------------------+-------------------------------| | Cisco Adaptive Security | CSCtd01491 | | Device Manager (ASDM) | | |----------------------------+-------------------------------| | Cisco AON Software | CSCtd01646 | | | | |----------------------------+-------------------------------| | Cisco AON Healthcare for | CSCtd01652 | | HIPAA and ePrescription | | |----------------------------+-------------------------------| | Cisco Application and | CSCtd01529 | | Content Networking System | | | (ACNS) Software | | |----------------------------+-------------------------------| | Cisco Application | CSCtd01480 | | Networking Manager | | |----------------------------+-------------------------------| | Cisco ASA 5500 Series | CSCtd00697 | | Adaptive Security | | | Appliances | | |----------------------------+-------------------------------| | Cisco ASA Advanced | | | Inspection and Prevention | CSCtd01539 | | (AIP) Security Services | | | Module | | |----------------------------+-------------------------------| | Cisco AVS 3100 Series | CSCtd01566 | | Application Velocity | | | System | | |----------------------------+-------------------------------| | Cisco Catalyst 6500 Series | CSCtd06389 | | SSL Services Module | | |----------------------------+-------------------------------| | Firewall Services Module | CSCtd04061 | | FWSM | | |----------------------------+-------------------------------| | Cisco CSS 11000 Series | CSCtd01636 | | Content Services Switches | | |----------------------------+-------------------------------| | Cisco Unified SIP Phones | CSCtd01446 | | | | |----------------------------+-------------------------------| | Cisco Data Center Network | CSCtd02635 | | Manager | | |----------------------------+-------------------------------| | Cisco Data Mobility | CSCtd02642 | | Manager | | |----------------------------+-------------------------------| | Cisco Digital Media | CSCtd01703 | | Encoders | | |----------------------------+-------------------------------| | Cisco Digital Media | CSCtd01692 | | Manager | | |----------------------------+-------------------------------| | Cisco Digital Media | CSCtd01718 | | Players | | |----------------------------+-------------------------------| | Cisco Emergency Responder | CSCtd02650 | | | | |----------------------------+-------------------------------| | Cisco IOS Software | CSCtd00658 | | | | |----------------------------+-------------------------------| | Cisco IOS XE Software | CSCtd00658 | | | | |----------------------------+-------------------------------| | Cisco IOS XR Software | CSCtd02658 | | | | |----------------------------+-------------------------------| | Cisco IP Communicator | CSCtd02662 | | | | |----------------------------+-------------------------------| | CATOS | CSCtd00662 | | | | |----------------------------+-------------------------------| | Cisco IronPort Appliances | CSCtd02069 | | | | |----------------------------+-------------------------------| | Cisco Unified MeetingPlace | CSCtd02709 | | | | |----------------------------+-------------------------------| | Cisco NAC Appliance (Clean | CSCtd01453 | | Access) | | |----------------------------+-------------------------------| | Cisco NAC Guest Server | CSCtd01462 | | | | |----------------------------+-------------------------------| | Cisco NAC Profiler | CSCtd02716 | | | | |----------------------------+-------------------------------| | Cisco Network Analysis | CSCtd02729 | | Module Software (NAM) | | |----------------------------+-------------------------------| | Cisco Network Registrar | CSCtd02748 | | | | |----------------------------+-------------------------------| | Cisco ONS 15500 Series | CSCtd02769 | | | | |----------------------------+-------------------------------| | Cisco Physical Access | CSCtd02777 | | Gateways | | |----------------------------+-------------------------------| | Cisco Physical Access | CSCtd03912 | | Manager | | |----------------------------+-------------------------------| | Cisco Physical Security | CSCtd03920 | | ISM | | |----------------------------+-------------------------------| | Cisco QoS Device Manager | CSCtd03923 | | | | |----------------------------+-------------------------------| | Cisco Secure Access | CSCtd00725 | | Control Server (ACS) | | |----------------------------+-------------------------------| | Cisco Secure Desktop | CSCtd03928 | | | | |----------------------------+-------------------------------| | Cisco Secure Services | CSCtd03935 | | Client | | |----------------------------+-------------------------------| | Cisco Security Agent CSA | CSCtd02689 | | | | |----------------------------+-------------------------------| | Cisco Security Monitoring, | CSCtd02654 | | Analysis and Response | | | System (MARS) | | |----------------------------+-------------------------------| | Cisco Unified IP Phones | CSCtd04121 | | | | |----------------------------+-------------------------------| | Cisco Service Control | CSCtd04171 | | Subscriber Manager | | |----------------------------+-------------------------------| | Cisco TelePresence Manager | CSCtd01771 | | | | |----------------------------+-------------------------------| | Telepresence for Consumer | CSCtd01752 | | | | |----------------------------+-------------------------------| | Cisco TelePresence | CSCtd01742 | | Recording Server | | |----------------------------+-------------------------------| | Cisco Network Asset | CSCtd04198 | | Collector | | |----------------------------+-------------------------------| | Cisco Unified | CSCtd01282 | | Communications Manager | | | (CallManager) | | |----------------------------+-------------------------------| | Cisco Unified Business | CSCtd05731 | | Attendant Console | | |----------------------------+-------------------------------| | Cisco Unified Contact | CSCtd05790 | | Center Enterprise | | |----------------------------+-------------------------------| | Cisco Unified Contact | CSCtd05790 | | Center Express | | |----------------------------+-------------------------------| | Cisco Unified Contact | CSCtd05755 | | Center Management Portal | | |----------------------------+-------------------------------| | Cisco Unified Contact | CSCtd05790 | | Center Products | | |----------------------------+-------------------------------| | Cisco Unified Department | CSCtd05733 | | Attendant Console | | |----------------------------+-------------------------------| | Cisco Unified E-Mail | CSCtd05756 | | Interaction Manager | | |----------------------------+-------------------------------| | Cisco Unified Enterprise | CSCtd05735 | | Attendant Console | | |----------------------------+-------------------------------| | Cisco Unified Mobile | CSCtd05762 | | Communicator | | |----------------------------+-------------------------------| | Cisco Unified Mobility | CSCtd05786 | | | | |----------------------------+-------------------------------| | Cisco Unified Mobility | CSCtd05783 | | Advantage | | |----------------------------+-------------------------------| | Cisco Unified Operations | CSCtd05784 | | Manager | | |----------------------------+-------------------------------| | Cisco Unified Personal | CSCtd05759 | | Communicator | | |----------------------------+-------------------------------| | Cisco Unified Presence | CSCtd05791 | | | | |----------------------------+-------------------------------| | Cisco Unified Provisioning | CSCtd05777 | | Manager | | |----------------------------+-------------------------------| | Cisco Unified Quick | CSCtd05738 | | Connect | | |----------------------------+-------------------------------| | Cisco Unified Service | CSCtd05780 | | Monitor | | |----------------------------+-------------------------------| | Cisco Unified Service | CStCd05778 | | Statistics Manager | | |----------------------------+-------------------------------| | Cisco Unified SIP Proxy | CSCtd05765 | | | | |----------------------------+-------------------------------| | Cisco Unity | CSCtd02855 | | | | |----------------------------+-------------------------------| | Cisco NX-OS Software | CSCtd00699 and CSCtd00703 | | | | |----------------------------+-------------------------------| | Cisco Video Portal | CSCtd04097 | | | | |----------------------------+-------------------------------| | Cisco Video Surveillance | CSCtd02831 | | Media Server Software | | |----------------------------+-------------------------------| | Cisco Video Surveillance | CSCtd02780 | | Operations Manager | | | Software | | |----------------------------+-------------------------------| | Cisco Wide Area File | CSCtd04106 | | Services Software (WAFS) | | |----------------------------+-------------------------------| | Cisco Wireless Control | CSCtd01625 | | System | | |----------------------------+-------------------------------| | Cisco Wireless LAN | CSCtd01611 | | Controller (WLAN) | | |----------------------------+-------------------------------| | Cisco Wireless Location | CSCtd04115 | | Appliance | | |----------------------------+-------------------------------| | CiscoWorks Common Services | CSCtd01597 | | Software | | |----------------------------+-------------------------------| | CiscoWorks Wireless LAN | CSCtd04111 | | Solution Engine (WLSE) | | +------------------------------------------------------------+ This vulnerability has been assigned the Common Vulnerabilities and Exposures (CVE) identifier CVE-2009-3555. Vulnerability Scoring Details +---------------------------- Cisco has provided scores for the vulnerability in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss * TLS Renegotiation Vulnerability (all Cisco Bugs above) CVSS Base Score - 4.3 Access Vector - Network Access Complexity - Medium Authentication - None Confidentiality Impact - None Integrity Impact - Partial Availability Impact - None CVSS Temporal Score - 4.1 Exploitability - Functional Remediation Level - Unavailable Report Confidence - Confirmed Impact ====== This section will be updated when more information is available. Software Versions and Fixes =========================== This section will be updated to include fixed software versions for affected Cisco products as they become available. Workarounds =========== Workarounds are being investigated. This section will be updated when more information becomes available. Obtaining Fixed Software ======================== Cisco has released free software updates that address this vulnerability. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html, or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml. Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations - ------------------------------------------------- Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts - ----------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== This vulnerability was initially discovered by Marsh Ray and Steve Dispensa from PhoneFactor, Inc. Cisco is not aware of any malicious exploitation of this vulnerability. Proof-of-concept exploit code has been published for this vulnerability. Status of this Notice: INTERIM ============================== THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at: http://www.cisco.com/warp/public/707/cisco-sa-20091109-tls.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +------------------------------------------------------------+ | Revision 1.0 | 2009-November-9 | Initial public release | +------------------------------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html. This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psirt. +-------------------------------------------------------------------- Copyright 2008-2009 Cisco Systems, Inc. These vulnerabilities could allow remote execution of arbitrary code, disclosure of information, and other vulnerabilities. HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 6.0.06 or earlier HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 5.0.19 or earlier HP-UX B.11.11, B.11.23, B.11.31 running HP Java SDK and RTE 1.4.2.24 or earlier BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2009-3555 (AV:N/AC:L/Au:N/C:N/I:P/A:P) 6.4 CVE-2010-0082 (AV:N/AC:H/Au:N/C:P/I:P/A:P) 5.1 CVE-2010-0084 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2010-0085 (AV:N/AC:H/Au:N/C:P/I:P/A:P) 5.1 CVE-2010-0087 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0088 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2010-0089 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2010-0091 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2010-0092 (AV:N/AC:H/Au:N/C:P/I:P/A:P) 5.1 CVE-2010-0093 (AV:N/AC:H/Au:N/C:P/I:P/A:P) 5.1 CVE-2010-0094 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0095 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2010-0837 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0838 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0839 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0840 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0841 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0842 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0843 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0844 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0845 (AV:N/AC:H/Au:N/C:P/I:P/A:P) 5.1 CVE-2010-0846 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0847 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0848 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0849 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has provided the following upgrades to resolve these vulnerabilities The upgrades are available from the following location http://www.hp.com/go/java HP-UX B.11.31 JDK and JRE v6.0.07 or subsequent JDK and JRE v5.0.20 or subsequent SDK and JRE v1.4.2.25 or subsequent HP-UX B.11.23 JDK and JRE v6.0.07 or subsequent JDK and JRE v5.0.20 or subsequent SDK and JRE v1.4.2.25 or subsequent HP-UX B.11.11 JDK and JRE v6.0.07 or subsequent JDK and JRE v5.0.20 or subsequent SDK and JRE v1.4.2.25 or subsequent MANUAL ACTIONS: Yes - Update For Java v6.0.06 and earlier, update to Java v6.0.07 or subsequent For Java v5.0.19 and earlier, update to Java v5.0.20 or subsequent For Java v1.4.2.24 and earlier, update to Java v1.4.2.25 or subsequent PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. =========================================================== Ubuntu Security Notice USN-927-6 July 23, 2010 nss vulnerability CVE-2009-3555 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 9.04: libnss3-1d 3.12.6-0ubuntu0.9.04.1 After a standard system upgrade you need to restart your session to effect the necessary changes. Details follow: USN-927-1 fixed vulnerabilities in NSS on Ubuntu 9.10. This update provides the corresponding updates for Ubuntu 9.04. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds support for the new new renegotiation extension and will use it when the server supports it. Updated packages for Ubuntu 9.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.6-0ubuntu0.9.04.1.diff.gz Size/MD5: 36776 09e94267337a3318b4955b7a830f5244 http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.6-0ubuntu0.9.04.1.dsc Size/MD5: 1651 a682fa17ab7385f06eae108e3b8eeb76 http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.6.orig.tar.gz Size/MD5: 5947630 da42596665f226de5eb3ecfc1ec57cd1 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_amd64.deb Size/MD5: 3355322 1901b0a2e9022baccca540cb776da507 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_amd64.deb Size/MD5: 1230706 a5be600c34d6c62f3c7c7d9fe8fe6807 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_amd64.deb Size/MD5: 263110 37bf5e46dc372000a1932336ded61143 http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_amd64.deb Size/MD5: 17788 cb888df2baa2d06cf98091f1bd033496 http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_amd64.deb Size/MD5: 318718 77e6de51c2beebe6a2570e1f70069d91 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_i386.deb Size/MD5: 3181812 ab6888c9709c1101e0f07bda925ea76b http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_i386.deb Size/MD5: 1112446 64e165966e297b247e220aa017851248 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_i386.deb Size/MD5: 260434 6dc65e066be54da5a4ad7e784c37fa49 http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_i386.deb Size/MD5: 17790 6a4afb594384085b41502911476f9d27 http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_i386.deb Size/MD5: 301968 a5f1eb30b4dd64bbac568873ad700887 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_lpia.deb Size/MD5: 3220356 1bed6847d860f8dd0a845062cf227322 http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_lpia.deb Size/MD5: 1085226 c5e07d7711f257888071d97ff551f42e http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_lpia.deb Size/MD5: 259084 d6424f00ee83eaf9abb433768edb37c2 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_lpia.deb Size/MD5: 17788 217da64905b090392eb4acfa43d282c2 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_lpia.deb Size/MD5: 297772 7f223b5673372154a73cf84c9ed6bfda powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_powerpc.deb Size/MD5: 3330434 d4c4fe0a437c5f2dd20b81df2cf936b5 http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_powerpc.deb Size/MD5: 1202898 b27bda4a282c5b46733dcc21519cc4b6 http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_powerpc.deb Size/MD5: 262126 bb796b31d740e38581a37003a89c18a5 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_powerpc.deb Size/MD5: 17794 0109fab35491b7f7f6e8d9649acbd728 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_powerpc.deb Size/MD5: 323344 8e6f667e0df078a4b68d72acddfc3326 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_sparc.deb Size/MD5: 2988064 97a10a1098bc541808ead09dcb1711c5 http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_sparc.deb Size/MD5: 1074248 4de13c4f7e970d56fa65e6f0e472f320 http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_sparc.deb Size/MD5: 257214 d1ee26bd6f9e26f93f8b8af403d41b1a http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_sparc.deb Size/MD5: 17794 2f08b7d40b6069754762083051c03f27 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_sparc.deb Size/MD5: 303452 b1dc3dbcbf441a81ef5005e72ad60620 -- Jamie Strandboge | http://www.canonical.com . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02079216 Version: 1 HPSBUX02517 SSRT100058 rev.1 - HP-UX Running OpenSSL, Remote Unauthorized Information Disclosure, Unauthorized Data Modification, Denial of Service (DoS) NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2010-04-13 Last Updated: 2010-04-13 Potential Security Impact: Remote unauthorized information disclosure, unauthorized data modification, Denial of Service (DoS) Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities has been identified with HP-UX OpenSSL. These vulnerabilities could be exploited remotely for unauthorized information disclosure, unauthorized data modification, and to create a Denial of Service (DoS). HP-UX B.11.11, B.11.23, B.11.31 running OpenSSL before vA.00.09.08n. BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2009-3245 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2009-3555 (AV:N/AC:L/Au:N/C:N/I:P/A:P) 6.4 CVE-2009-4355 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2010-0433 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2010-0740 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has provided upgrades to resolve these vulnerabilities. Host / Account / Password ftp.usa.hp.com / sb02517 / Secure12 HP-UX Release / Depot Name / SHA-1 digest B.11.11 PA (32 and 64) / OpenSSL_A.00.09.08n.001_HP-UX_B.11.11_32+64.depot / 2FE85DEE859C93F9D02A69666A455E9A7442DC5D B.11.23 (PA and IA) / OpenSSL_A.00.09.08n.002_HP-UX_B.11.23_IA-PA.depot / 69F9AEE88F89C53FFE6794822F6A843F312384CD B.11.31 (PA and IA) / OpenSSL_A.00.09.08n.003_HP-UX_B.11.31_IA-PA.depot / 07A205AA57B4BDF98B65D31287CDCBE3B9F011D5 MANUAL ACTIONS: Yes - Update Install OpenSSL A.00.09.08n or subsequent PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. AFFECTED VERSIONS HP-UX B.11.11 ================== openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: install revision A.00.09.08n.001 or subsequent HP-UX B.11.23 ================== openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: install revision A.00.09.08n.002 or subsequent HP-UX B.11.31 ================== openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: install revision A.00.09.08n.003 or subsequent END AFFECTED VERSIONS HISTORY Version:1 (rev.1) 13 April 2010 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For further information, contact normal HP Services support channel. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches -check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems -verify your operating system selections are checked and save. To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections. To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do * The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. The vulnerabilities are reported in versions prior to 3.2.1. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ATTENTION: After applying this update, a patched server will allow both patched and unpatched clients to connect, but unpatched clients will not be able to renegotiate. HP Secure Web Server (SWS) for OpenVMS running CSWS_JAVA V3.1 and earlier. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. For the stable distribution (lenny), the problem has been fixed in version 1.4.19-5+lenny2. The packages for the hppa, mips, and mipsel architectures are not yet available. They will be released as soon as they have been built. For the unstable distribution (sid), and the testing distribution (squeeze), the problem has been fixed some time ago in version 1.4.26-3. We recommend that you upgrade your lighttpd packages

Trust: 3.78

sources: NVD: CVE-2009-3555 // JVNDB: JVNDB-2009-002319 // CERT/CC: VU#120541 // PACKETSTORM: 92497 // PACKETSTORM: 98419 // PACKETSTORM: 93944 // PACKETSTORM: 100761 // PACKETSTORM: 83414 // PACKETSTORM: 82657 // VULHUB: VHN-41001 // PACKETSTORM: 90262 // PACKETSTORM: 111583 // PACKETSTORM: 92095 // PACKETSTORM: 88387 // PACKETSTORM: 90344 // PACKETSTORM: 88224 // PACKETSTORM: 94087 // PACKETSTORM: 111920 // PACKETSTORM: 97489

AFFECTED PRODUCTS

vendor:opensslmodel:opensslscope:lteversion:0.9.8k

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:8.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:8.04

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:8.10

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:13

Trust: 1.0

vendor:f5model:nginxscope:lteversion:0.8.22

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:4.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:10.04

Trust: 1.0

vendor:apachemodel:http serverscope:lteversion:2.2.14

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:9.10

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:10.10

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:9.04

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:7.0

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:11

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:14

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:12

Trust: 1.0

vendor:mozillamodel:nssscope:lteversion:3.12.4

Trust: 1.0

vendor:gnumodel:gnutlsscope:lteversion:2.8.5

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:6.0

Trust: 1.0

vendor:f5model:nginxscope:gteversion:0.1.0

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:5.0

Trust: 1.0

vendor:barracudamodel: - scope: - version: -

Trust: 0.8

vendor:debian gnu linuxmodel: - scope: - version: -

Trust: 0.8

vendor:gnutlsmodel: - scope: - version: -

Trust: 0.8

vendor:hewlett packardmodel: - scope: - version: -

Trust: 0.8

vendor:ibmmodel: - scope: - version: -

Trust: 0.8

vendor:mcafeemodel: - scope: - version: -

Trust: 0.8

vendor:sun microsystemsmodel: - scope: - version: -

Trust: 0.8

vendor:apachemodel:http serverscope:ltversion:2.2.15

Trust: 0.8

vendor:apachemodel:http serverscope:ltversion:2.3.6

Trust: 0.8

vendor:ibmmodel:db2scope:ltversion:9.1 fp9

Trust: 0.8

vendor:ibmmodel:db2scope:ltversion:9.5 fp6a

Trust: 0.8

vendor:ibmmodel:db2scope:ltversion:9.7 fp2

Trust: 0.8

vendor:ibmmodel:http serverscope:eqversion:2.0.47.x

Trust: 0.8

vendor:ibmmodel:http serverscope:eqversion:6.0.2

Trust: 0.8

vendor:ibmmodel:http serverscope:eqversion:6.1

Trust: 0.8

vendor:ibmmodel:http serverscope:eqversion:7.0

Trust: 0.8

vendor:ibmmodel:sdk,scope:eqversion:1.4.2

Trust: 0.8

vendor:ibmmodel:sdk,scope:eqversion:1.5

Trust: 0.8

vendor:ibmmodel:websphere application serverscope:eqversion:6.0.2

Trust: 0.8

vendor:ibmmodel:websphere application serverscope:eqversion:6.1

Trust: 0.8

vendor:ibmmodel:websphere application serverscope:eqversion:7.0

Trust: 0.8

vendor:mozillamodel:firefoxscope:ltversion:3.5.9

Trust: 0.8

vendor:mozillamodel:firefoxscope:ltversion:3.6.2

Trust: 0.8

vendor:mozillamodel:seamonkeyscope:ltversion:2.0.4

Trust: 0.8

vendor:mozillamodel:thunderbirdscope:ltversion:3.0.4

Trust: 0.8

vendor:openofficemodel:openoffice.orgscope:eqversion:2.x

Trust: 0.8

vendor:openofficemodel:openoffice.orgscope:ltversion:3.2.1

Trust: 0.8

vendor:opensslmodel:opensslscope:ltversion:0.9.8l

Trust: 0.8

vendor:proftpdmodel:proftpdscope:ltversion:1.3.2c

Trust: 0.8

vendor:vmwaremodel:esxscope:eqversion:3.0.3

Trust: 0.8

vendor:vmwaremodel:esxscope:eqversion:3.5

Trust: 0.8

vendor:vmwaremodel:esxscope:eqversion:4.0

Trust: 0.8

vendor:vmwaremodel:esxscope:eqversion:4.1

Trust: 0.8

vendor:vmwaremodel:vcenterscope:eqversion:4.0

Trust: 0.8

vendor:vmwaremodel:vcenterscope:eqversion:4.1

Trust: 0.8

vendor:vmwaremodel:virtualcenterscope:eqversion:2.5

Trust: 0.8

vendor:vmwaremodel:vsphere update managerscope:eqversion:1.0

Trust: 0.8

vendor:vmwaremodel:vsphere update managerscope:eqversion:4.0

Trust: 0.8

vendor:vmwaremodel:vsphere update managerscope:eqversion:4.1

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:v10.5.8

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:v10.6.2

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:v10.6.3

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.5.8

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.6.2

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.6.3

Trust: 0.8

vendor:oraclemodel:opensolarisscope: - version: -

Trust: 0.8

vendor:oraclemodel:databasescope:eqversion:server 10.1.0.5

Trust: 0.8

vendor:oraclemodel:databasescope:eqversion:server 10.2.0.3

Trust: 0.8

vendor:oraclemodel:databasescope:eqversion:server 10.2.0.4

Trust: 0.8

vendor:oraclemodel:databasescope:eqversion:server 10.2.0.5

Trust: 0.8

vendor:oraclemodel:databasescope:eqversion:server 11.1.0.7

Trust: 0.8

vendor:oraclemodel:databasescope:eqversion:server 11.2.0.1

Trust: 0.8

vendor:oraclemodel:databasescope:eqversion:server 11.2.0.2

Trust: 0.8

vendor:oraclemodel:fusion middlewarescope:eqversion:10.0 mp2

Trust: 0.8

vendor:oraclemodel:fusion middlewarescope:eqversion:10.0.2

Trust: 0.8

vendor:oraclemodel:fusion middlewarescope:eqversion:10.1.2.3

Trust: 0.8

vendor:oraclemodel:fusion middlewarescope:eqversion:10.1.3.5

Trust: 0.8

vendor:oraclemodel:fusion middlewarescope:eqversion:10.1.4.0.1

Trust: 0.8

vendor:oraclemodel:fusion middlewarescope:eqversion:10.1.4.3

Trust: 0.8

vendor:oraclemodel:fusion middlewarescope:eqversion:10.3.2

Trust: 0.8

vendor:oraclemodel:fusion middlewarescope:eqversion:10.3.3

Trust: 0.8

vendor:oraclemodel:fusion middlewarescope:eqversion:11.1.1.2.0

Trust: 0.8

vendor:oraclemodel:fusion middlewarescope:eqversion:11.1.1.3.0

Trust: 0.8

vendor:oraclemodel:fusion middlewarescope:eqversion:7.0 sp7

Trust: 0.8

vendor:oraclemodel:fusion middlewarescope:eqversion:8.1 sp6

Trust: 0.8

vendor:oraclemodel:fusion middlewarescope:eqversion:8.1.6

Trust: 0.8

vendor:oraclemodel:fusion middlewarescope:eqversion:9.0

Trust: 0.8

vendor:oraclemodel:fusion middlewarescope:eqversion:9.1

Trust: 0.8

vendor:oraclemodel:fusion middlewarescope:eqversion:9.2 mp3

Trust: 0.8

vendor:oraclemodel:fusion middlewarescope:eqversion:9.2.3

Trust: 0.8

vendor:oraclemodel:fusion middlewarescope:eqversion:9.2.4

Trust: 0.8

vendor:oraclemodel:solarisscope:eqversion:10

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:3 (x86)

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:3 (x86-64)

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:3.0

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:3.0 (x86-64)

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:4.0

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:4.0 (x86-64)

Trust: 0.8

vendor:sybasemodel:sap sybase adaptive server enterprisescope: - version: -

Trust: 0.8

vendor:sun microsystemsmodel:jdkscope:lteversion:5.0 update 25

Trust: 0.8

vendor:sun microsystemsmodel:jdkscope:lteversion:6 update 21

Trust: 0.8

vendor:sun microsystemsmodel:jrescope:lteversion:1.4.2_27

Trust: 0.8

vendor:sun microsystemsmodel:jrescope:lteversion:5.0 update 25

Trust: 0.8

vendor:sun microsystemsmodel:jrescope:lteversion:6 update 21

Trust: 0.8

vendor:sun microsystemsmodel:opensolarisscope:eqversion:(sparc)

Trust: 0.8

vendor:sun microsystemsmodel:opensolarisscope:eqversion:(x86)

Trust: 0.8

vendor:sun microsystemsmodel:sdkscope:lteversion:1.4.2_27

Trust: 0.8

vendor:sun microsystemsmodel:glassfish enterprise serverscope:eqversion:v2.1.1

Trust: 0.8

vendor:sun microsystemsmodel:java enterprise systemscope:eqversion:2005q4

Trust: 0.8

vendor:sun microsystemsmodel:java enterprise systemscope:eqversion:5

Trust: 0.8

vendor:sun microsystemsmodel:java system application serverscope:eqversion:8.0

Trust: 0.8

vendor:sun microsystemsmodel:java system application serverscope:eqversion:8.1

Trust: 0.8

vendor:sun microsystemsmodel:java system application serverscope:eqversion:8.2

Trust: 0.8

vendor:sun microsystemsmodel:java system web proxy serverscope:eqversion:4.0 - 4.0.12

Trust: 0.8

vendor:sun microsystemsmodel:java system web serverscope:eqversion:6.1

Trust: 0.8

vendor:sun microsystemsmodel:java system web serverscope:eqversion:7.0

Trust: 0.8

vendor:sun microsystemsmodel:solarisscope:eqversion:10 (sparc)

Trust: 0.8

vendor:sun microsystemsmodel:solarisscope:eqversion:10 (x86)

Trust: 0.8

vendor:sun microsystemsmodel:solarisscope:eqversion:8 (sparc)

Trust: 0.8

vendor:sun microsystemsmodel:solarisscope:eqversion:8 (x86)

Trust: 0.8

vendor:sun microsystemsmodel:solarisscope:eqversion:9 (sparc)

Trust: 0.8

vendor:sun microsystemsmodel:solarisscope:eqversion:9 (x86)

Trust: 0.8

vendor:turbo linuxmodel:turbolinux appliance serverscope:eqversion:2.0

Trust: 0.8

vendor:turbo linuxmodel:turbolinux appliance serverscope:eqversion:3.0

Trust: 0.8

vendor:turbo linuxmodel:turbolinux appliance serverscope:eqversion:3.0 (x64)

Trust: 0.8

vendor:turbo linuxmodel:turbolinux clientscope:eqversion:2008

Trust: 0.8

vendor:turbo linuxmodel:turbolinux fujiscope:eqversion:( extended maintenance )

Trust: 0.8

vendor:turbo linuxmodel:turbolinux serverscope:eqversion:10 ( extended maintenance )

Trust: 0.8

vendor:turbo linuxmodel:turbolinux serverscope:eqversion:10 (x64) ( extended maintenance )

Trust: 0.8

vendor:turbo linuxmodel:turbolinux serverscope:eqversion:11

Trust: 0.8

vendor:turbo linuxmodel:turbolinux serverscope:eqversion:11 (x64)

Trust: 0.8

vendor:hewlett packardmodel:hp systems insight managerscope:ltversion:7.0

Trust: 0.8

vendor:hewlett packardmodel:hp virtual connectscope:ltversion:8gb 24 port fiber channel module 3.00 (vc ( virtual connect ) 4.40 )

Trust: 0.8

vendor:hewlett packardmodel:hp-uxscope:eqversion:11.11

Trust: 0.8

vendor:hewlett packardmodel:hp-uxscope:eqversion:11.23

Trust: 0.8

vendor:hewlett packardmodel:hp-uxscope:eqversion:11.31

Trust: 0.8

vendor:hewlett packardmodel:hpe matrix operating environmentscope: - version: -

Trust: 0.8

vendor:hewlett packardmodel:hpe systems insight managerscope: - version: -

Trust: 0.8

vendor:blue coatmodel:directorscope: - version: -

Trust: 0.8

vendor:blue coatmodel:intelligencecenterscope: - version: -

Trust: 0.8

vendor:blue coatmodel:packetshaperscope: - version: -

Trust: 0.8

vendor:blue coatmodel:proxyavscope: - version: -

Trust: 0.8

vendor:blue coatmodel:proxyclientscope: - version: -

Trust: 0.8

vendor:blue coatmodel:reporterscope: - version: -

Trust: 0.8

vendor:blue coatmodel:proxysgscope: - version: -

Trust: 0.8

vendor:blue coatmodel:sgosscope:eqversion:4

Trust: 0.8

vendor:blue coatmodel:sgosscope:eqversion:5

Trust: 0.8

vendor:blue coatmodel:sgosscope:eqversion:6

Trust: 0.8

vendor:microsoftmodel:windows 2000scope: - version: -

Trust: 0.8

vendor:microsoftmodel:windows 7scope:eqversion:(x32)

Trust: 0.8

vendor:microsoftmodel:windows 7scope:eqversion:(x64)

Trust: 0.8

vendor:microsoftmodel:windows server 2003scope:eqversion:none

Trust: 0.8

vendor:microsoftmodel:windows server 2003scope:eqversion:(itanium)

Trust: 0.8

vendor:microsoftmodel:windows server 2003scope:eqversion:(x64)

Trust: 0.8

vendor:microsoftmodel:windows server 2008scope:eqversion:(itanium)

Trust: 0.8

vendor:microsoftmodel:windows server 2008scope:eqversion:(x64)

Trust: 0.8

vendor:microsoftmodel:windows server 2008scope:eqversion:(x86)

Trust: 0.8

vendor:microsoftmodel:windows server 2008scope:eqversion:r2(itanium)

Trust: 0.8

vendor:microsoftmodel:windows server 2008scope:eqversion:r2(x64)

Trust: 0.8

vendor:microsoftmodel:windows vistascope:eqversion:none

Trust: 0.8

vendor:microsoftmodel:windows vistascope:eqversion:(x64)

Trust: 0.8

vendor:microsoftmodel:windows xpscope:eqversion:(x64)

Trust: 0.8

vendor:microsoftmodel:windows xpscope:eqversion:sp3

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:3 (as)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:3 (es)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:3 (ws)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:4 (as)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:4 (es)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:4 (ws)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:4.8 (as)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:4.8 (es)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:5 (server)

Trust: 0.8

vendor:red hatmodel:enterprise linux desktopscope:eqversion:3.0

Trust: 0.8

vendor:red hatmodel:enterprise linux desktopscope:eqversion:4.0

Trust: 0.8

vendor:red hatmodel:enterprise linux desktopscope:eqversion:5.0 (client)

Trust: 0.8

vendor:red hatmodel:enterprise linux desktopscope:eqversion:6

Trust: 0.8

vendor:red hatmodel:enterprise linux eusscope:eqversion:5.4.z (server)

Trust: 0.8

vendor:red hatmodel:enterprise linux extrasscope:eqversion:3 extras

Trust: 0.8

vendor:red hatmodel:enterprise linux extrasscope:eqversion:4 extras

Trust: 0.8

vendor:red hatmodel:enterprise linux extrasscope:eqversion:4.7.z extras

Trust: 0.8

vendor:red hatmodel:enterprise linux extrasscope:eqversion:4.8.z extras

Trust: 0.8

vendor:red hatmodel:enterprise linux hpc nodescope:eqversion:6

Trust: 0.8

vendor:red hatmodel:enterprise linux hpc node supplementaryscope:eqversion:6

Trust: 0.8

vendor:red hatmodel:enterprise linux serverscope:eqversion:6

Trust: 0.8

vendor:red hatmodel:enterprise linux server supplementaryscope:eqversion:6

Trust: 0.8

vendor:red hatmodel:enterprise linux workstationscope:eqversion:6

Trust: 0.8

vendor:red hatmodel:enterprise linux workstation supplementaryscope:eqversion:6

Trust: 0.8

vendor:red hatmodel:rhel desktop supplementaryscope:eqversion:5 (client)

Trust: 0.8

vendor:red hatmodel:rhel desktop supplementaryscope:eqversion:6

Trust: 0.8

vendor:red hatmodel:rhel desktop workstationscope:eqversion:5 (client)

Trust: 0.8

vendor:red hatmodel:rhel supplementaryscope:eqversion:5 (server)

Trust: 0.8

vendor:red hatmodel:rhel supplementary eusscope:eqversion:5.2.z (server)

Trust: 0.8

vendor:red hatmodel:rhel supplementary eusscope:eqversion:5.3.z (server)

Trust: 0.8

vendor:red hatmodel:rhel supplementary eusscope:eqversion:5.4.z (server)

Trust: 0.8

vendor:necmodel:csviewscope: - version: -

Trust: 0.8

vendor:necmodel:websam assetsuitescope: - version: -

Trust: 0.8

vendor:hitachimodel:cosminexus application serverscope:eqversion:enterprise version 6

Trust: 0.8

vendor:hitachimodel:cosminexus application serverscope:eqversion:standard version 6

Trust: 0.8

vendor:hitachimodel:cosminexus application serverscope:eqversion:version 5

Trust: 0.8

vendor:hitachimodel:cosminexus clientscope:eqversion:version 6

Trust: 0.8

vendor:hitachimodel:cosminexus developerscope:eqversion:light version 6

Trust: 0.8

vendor:hitachimodel:cosminexus developerscope:eqversion:professional version 6

Trust: 0.8

vendor:hitachimodel:cosminexus developerscope:eqversion:standard version 6

Trust: 0.8

vendor:hitachimodel:cosminexus developerscope:eqversion:version 5

Trust: 0.8

vendor:hitachimodel:cosminexus developer's kit for javascope: - version: -

Trust: 0.8

vendor:hitachimodel:cosminexus serverscope:eqversion:- standard edition version 4

Trust: 0.8

vendor:hitachimodel:cosminexus serverscope:eqversion:- web edition version 4

Trust: 0.8

vendor:hitachimodel:cosminexus studioscope:eqversion:- standard edition version 4

Trust: 0.8

vendor:hitachimodel:cosminexus studioscope:eqversion:- web edition version 4

Trust: 0.8

vendor:hitachimodel:cosminexus studioscope:eqversion:version 5

Trust: 0.8

vendor:hitachimodel:developer's kit for javascope: - version: -

Trust: 0.8

vendor:hitachimodel:web serverscope:eqversion:none

Trust: 0.8

vendor:hitachimodel:web serverscope:eqversion:- security enhancement

Trust: 0.8

vendor:hitachimodel:processing kit for xmlscope: - version: -

Trust: 0.8

vendor:hitachimodel:ucosminexus application serverscope:eqversion:enterprise

Trust: 0.8

vendor:hitachimodel:ucosminexus application serverscope:eqversion:standard

Trust: 0.8

vendor:hitachimodel:ucosminexus clientscope: - version: -

Trust: 0.8

vendor:hitachimodel:ucosminexus developerscope:eqversion:light

Trust: 0.8

vendor:hitachimodel:ucosminexus developerscope:eqversion:professional

Trust: 0.8

vendor:hitachimodel:ucosminexus developerscope:eqversion:standard

Trust: 0.8

vendor:hitachimodel:ucosminexus operatorscope: - version: -

Trust: 0.8

vendor:hitachimodel:ucosminexus portal frameworkscope:eqversion:entry set

Trust: 0.8

vendor:hitachimodel:ucosminexus servicescope:eqversion:architect

Trust: 0.8

vendor:hitachimodel:ucosminexus servicescope:eqversion:platform

Trust: 0.8

sources: CERT/CC: VU#120541 // JVNDB: JVNDB-2009-002319 // NVD: CVE-2009-3555

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2009-3555
value: MEDIUM

Trust: 1.0

NVD: CVE-2009-3555
value: 0

Trust: 0.8

NVD: CVE-2009-3555
value: MEDIUM

Trust: 0.8

VULHUB: VHN-41001
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2009-3555
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: CVE-2009-3555
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-41001
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#120541 // VULHUB: VHN-41001 // JVNDB: JVNDB-2009-002319 // NVD: CVE-2009-3555

PROBLEMTYPE DATA

problemtype:CWE-295

Trust: 1.1

problemtype:CWE-310

Trust: 0.9

sources: VULHUB: VHN-41001 // JVNDB: JVNDB-2009-002319 // NVD: CVE-2009-3555

THREAT TYPE

remote

Trust: 0.1

sources: PACKETSTORM: 90262

TYPE

arbitrary

Trust: 0.4

sources: PACKETSTORM: 90262 // PACKETSTORM: 92095 // PACKETSTORM: 88224 // PACKETSTORM: 94087

CONFIGURATIONS

sources: JVNDB: JVNDB-2009-002319

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-41001

PATCH

title:Changes with Apache 2.2.15url:http://www.apache.org/dist/httpd/CHANGES_2.2.15

Trust: 0.8

title:Changes with Apache 2.3.6url:http://www.apache.org/dist/httpd/CHANGES_2.3.6

Trust: 0.8

title:HT4170url:http://support.apple.com/kb/HT4170

Trust: 0.8

title:HT4418url:http://support.apple.com/kb/HT4418

Trust: 0.8

title:HT4171url:http://support.apple.com/kb/HT4171

Trust: 0.8

title:HT4004url:http://support.apple.com/kb/HT4004

Trust: 0.8

title:HT4417url:http://support.apple.com/kb/HT4417

Trust: 0.8

title:HT4004url:http://support.apple.com/kb/HT4004?viewlocale=ja_JP

Trust: 0.8

title:HT4417url:http://support.apple.com/kb/HT4417?viewlocale=ja_JP

Trust: 0.8

title:HT4170url:http://support.apple.com/kb/HT4170?viewlocale=ja_JP

Trust: 0.8

title:HT4418url:http://support.apple.com/kb/HT4418?viewlocale=ja_JP

Trust: 0.8

title:HT4171url:http://support.apple.com/kb/HT4171?viewlocale=ja_JP

Trust: 0.8

title:openssl097a-0.9.7a-9.AXS3.2url:https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=1011

Trust: 0.8

title:jdk-1.6.0_19url:https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=1028

Trust: 0.8

title:httpd-2.2.3-31.2.1AXS3url:https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=774

Trust: 0.8

title:nss-3.12.6-1.AXS3 and nspr-4.8.4-1.AXS3url:https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=1012

Trust: 0.8

title:gnutls-1.4.1-3.8.0.1.AXS3url:https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=1013

Trust: 0.8

title:jdk-1.6.0_22url:https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=1285

Trust: 0.8

title:openssl-0.9.8e-12.AXS3.6url:https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=1014

Trust: 0.8

title:609365url:http://search.sybase.com/kbx/changerequests?bug_id=609365

Trust: 0.8

title:cisco-sa-20091109-tlsurl:http://www.cisco.com/warp/public/707/cisco-sa-20091109-tls.shtml

Trust: 0.8

title:cpujul2010.htmlurl:http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2010.html

Trust: 0.8

title:javacpuoct2010-176258url:http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html

Trust: 0.8

title:cpuapr2011-301950url:http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html

Trust: 0.8

title:javacpumar2010url:http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html

Trust: 0.8

title:HS10-030url:http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS10-030/index.html

Trust: 0.8

title:HS10-010url:http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS10-010/index.html

Trust: 0.8

title:HS11-006url:http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-006/index.html

Trust: 0.8

title:HPSBHF03293url:http://marc.info/?l=bugtraq&amp;m=142660345230545&amp;w=2

Trust: 0.8

title:HPSBUX02517url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02079216

Trust: 0.8

title:HPSBUX02608url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748

Trust: 0.8

title:HPSBUX02498url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01963123

Trust: 0.8

title:HPSBMU02769 SSRT100846url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03298151

Trust: 0.8

title:HPSBUX02482url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686

Trust: 0.8

title:HPSBUX02524url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02122104

Trust: 0.8

title:HPSBMU03611url:https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05150888

Trust: 0.8

title:7007033url:http://www-01.ibm.com/support/docview.wss?uid=swg27007033#60239

Trust: 0.8

title:7014463url:http://www-01.ibm.com/support/docview.wss?uid=swg27014463#7009

Trust: 0.8

title:7006876url:http://www-01.ibm.com/support/docview.wss?uid=swg27006876#60239

Trust: 0.8

title:1426108url:http://www-01.ibm.com/support/docview.wss?uid=swg21426108

Trust: 0.8

title:4909url:http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4909

Trust: 0.8

title:7007951url:http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg27007951#61029

Trust: 0.8

title:4025718url:http://www-01.ibm.com/support/docview.wss?uid=swg24025718

Trust: 0.8

title:7008517url:http://www-01.ibm.com/support/docview.wss?rs=177&uid=swg27008517#61029

Trust: 0.8

title:4025719url:http://www-01.ibm.com/support/docview.wss?uid=swg24025719

Trust: 0.8

title:1444772url:http://www-01.ibm.com/support/docview.wss?uid=swg21444772

Trust: 0.8

title:4025742url:http://www-01.ibm.com/support/docview.wss?uid=swg24025742

Trust: 0.8

title:1412438url:http://www-01.ibm.com/support/docview.wss?uid=swg21412438#2

Trust: 0.8

title:IC68054url:http://www-01.ibm.com/support/docview.wss?uid=swg1IC68054

Trust: 0.8

title:1293566url:http://www-01.ibm.com/support/docview.wss?uid=swg21293566#6a

Trust: 0.8

title:4025746url:http://www-01.ibm.com/support/docview.wss?uid=swg24025746

Trust: 0.8

title:1432298url:http://www-01.ibm.com/support/docview.wss?uid=swg21432298

Trust: 0.8

title:PM10658url:http://www-01.ibm.com/support/docview.wss?uid=swg1PM10658

Trust: 0.8

title:1413714url:http://www-01.ibm.com/support/docview.wss?uid=swg21413714

Trust: 0.8

title:4025312url:http://www-01.ibm.com/support/docview.wss?uid=swg24025312

Trust: 0.8

title:977377url:http://www.microsoft.com/technet/security/advisory/977377.mspx

Trust: 0.8

title:MS10-049url:http://www.microsoft.com/technet/security/bulletin/MS10-049.mspx

Trust: 0.8

title:2043url:http://www.miraclelinux.com/support/index.php?q=node/99&errata_id=2043

Trust: 0.8

title:2046url:http://www.miraclelinux.com/support/index.php?q=node/99&errata_id=2046

Trust: 0.8

title:1819url:http://www.miraclelinux.com/support/index.php?q=node/99&errata_id=1819

Trust: 0.8

title:2047url:http://www.miraclelinux.com/support/index.php?q=node/99&errata_id=2047

Trust: 0.8

title:1820url:http://www.miraclelinux.com/support/index.php?q=node/99&errata_id=1820

Trust: 0.8

title:2048url:http://www.miraclelinux.com/support/index.php?q=node/99&errata_id=2048

Trust: 0.8

title:MFSA 2010-22url:http://www.mozilla.org/security/announce/2010/mfsa2010-22.html

Trust: 0.8

title:MFSA 2010-22url:http://www.mozilla-japan.org/security/announce/2010/mfsa2010-22.html

Trust: 0.8

title:NV10-008url:http://www.nec.co.jp/security-info/secinfo/nv10-008.html

Trust: 0.8

title:CVE-2009-3555url:http://www.openoffice.org/security/cves/CVE-2009-3555.html

Trust: 0.8

title:secadv_20091111url:http://www.openssl.org/news/secadv_20091111.txt

Trust: 0.8

title:RELEASE_NOTES-1.3.2curl:http://www.proftpd.org/docs/RELEASE_NOTES-1.3.2c

Trust: 0.8

title:RHSA-2010:0338url:https://rhn.redhat.com/errata/RHSA-2010-0338.html

Trust: 0.8

title:RHSA-2010:0164url:https://rhn.redhat.com/errata/RHSA-2010-0164.html

Trust: 0.8

title:RHSA-2010:0339url:https://rhn.redhat.com/errata/RHSA-2010-0339.html

Trust: 0.8

title:RHSA-2010:0865url:https://rhn.redhat.com/errata/RHSA-2010-0865.html

Trust: 0.8

title:RHSA-2010:0165url:https://rhn.redhat.com/errata/RHSA-2010-0165.html

Trust: 0.8

title:RHSA-2010:0166url:https://rhn.redhat.com/errata/RHSA-2010-0166.html

Trust: 0.8

title:RHSA-2010:0167url:https://rhn.redhat.com/errata/RHSA-2010-0167.html

Trust: 0.8

title:RHSA-2010:0770url:https://rhn.redhat.com/errata/RHSA-2010-0770.html

Trust: 0.8

title:RHSA-2010:0786url:https://rhn.redhat.com/errata/RHSA-2010-0786.html

Trust: 0.8

title:RHSA-2010:0130url:https://rhn.redhat.com/errata/RHSA-2010-0130.html

Trust: 0.8

title:RHSA-2010:0768url:https://rhn.redhat.com/errata/RHSA-2010-0768.html

Trust: 0.8

title:RHSA-2010:0807url:https://rhn.redhat.com/errata/RHSA-2010-0807.html

Trust: 0.8

title:RHSA-2010:0155url:http://rhn.redhat.com/errata/RHSA-2010-0155.html

Trust: 0.8

title:RHSA-2009:1579url:https://rhn.redhat.com/errata/RHSA-2009-1579.html

Trust: 0.8

title:RHSA-2010:0162url:https://rhn.redhat.com/errata/RHSA-2010-0162.html

Trust: 0.8

title:RHSA-2009:1580url:https://rhn.redhat.com/errata/RHSA-2009-1580.html

Trust: 0.8

title:RHSA-2010:0987url:https://rhn.redhat.com/errata/RHSA-2010-0987.html

Trust: 0.8

title:RHSA-2010:0337url:https://rhn.redhat.com/errata/RHSA-2010-0337.html

Trust: 0.8

title:RHSA-2010:0163url:https://rhn.redhat.com/errata/RHSA-2010-0163.html

Trust: 0.8

title:SA44url:https://kb.bluecoat.com/index?page=content&id=SA44

Trust: 0.8

title:multiple_vulnerabilities_in_the_apacheurl:http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_the_apache

Trust: 0.8

title:Multiple Vulnerabilities in the Apache 2 HTTP Server Prior to 2.2.16url:http://blogs.oracle.com/sunsecurity

Trust: 0.8

title:273029url:http://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1

Trust: 0.8

title:273350url:http://sunsolve.sun.com/search/document.do?assetkey=1-66-273350-1

Trust: 0.8

title:274990url:http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1

Trust: 0.8

title:TLSA-2010-20url:http://www.turbolinux.co.jp/security/2010/TLSA-2010-20j.txt

Trust: 0.8

title:TLSA-2010-42url:http://www.turbolinux.co.jp/security/2010/TLSA-2010-42j.txt

Trust: 0.8

title:TLSA-2009-30url:http://www.turbolinux.co.jp/security/2009/TLSA-2009-30j.txt

Trust: 0.8

title:TLSA-2009-32url:http://www.turbolinux.co.jp/security/2009/TLSA-2009-32j.txt

Trust: 0.8

title:VMSA-2010-0019url:http://www.vmware.com/security/advisories/VMSA-2010-0019.html

Trust: 0.8

title:VMSA-2011-0003url:http://www.vmware.com/security/advisories/VMSA-2011-0003.html

Trust: 0.8

title:100716_91url:http://www.oracle.com/technology/global/jp/security/100716_91/top.html

Trust: 0.8

title:HS10-010url:http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-010/index.html

Trust: 0.8

title:HS10-030url:http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030

Trust: 0.8

title:HS11-006url:http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS11-006/index.html

Trust: 0.8

title:977377url:http://www.microsoft.com/japan/technet/security/advisory/977377.mspx

Trust: 0.8

title:MS10-049url:http://www.microsoft.com/japan/technet/security/bulletin/ms10-049.mspx

Trust: 0.8

title:MS10-049eurl:http://www.microsoft.com/japan/security/bulletins/MS10-049e.mspx

Trust: 0.8

title:TA10-222Aurl:http://software.fujitsu.com/jp/security/vulnerabilities/ta10-222a.html

Trust: 0.8

title:VU#120541url:http://software.fujitsu.com/jp/security/vulnerabilities/vu120541.html

Trust: 0.8

sources: JVNDB: JVNDB-2009-002319

EXTERNAL IDS

db:NVDid:CVE-2009-3555

Trust: 4.1

db:CERT/CCid:VU#120541

Trust: 2.7

db:SECUNIAid:38020

Trust: 1.9

db:SECUNIAid:39242

Trust: 1.9

db:SECUNIAid:39243

Trust: 1.9

db:SECUNIAid:37453

Trust: 1.9

db:SECUNIAid:40747

Trust: 1.9

db:SECUNIAid:39500

Trust: 1.9

db:SECUNIAid:39136

Trust: 1.9

db:VUPENid:ADV-2010-0086

Trust: 1.9

db:VUPENid:ADV-2009-3310

Trust: 1.9

db:VUPENid:ADV-2010-0982

Trust: 1.9

db:VUPENid:ADV-2010-3126

Trust: 1.9

db:VUPENid:ADV-2009-3313

Trust: 1.9

db:VUPENid:ADV-2010-3086

Trust: 1.9

db:USCERTid:TA10-222A

Trust: 1.9

db:BIDid:36935

Trust: 1.9

db:SECUNIAid:40070

Trust: 1.3

db:SECUNIAid:38781

Trust: 1.1

db:SECUNIAid:42377

Trust: 1.1

db:SECUNIAid:37501

Trust: 1.1

db:SECUNIAid:39632

Trust: 1.1

db:SECUNIAid:37604

Trust: 1.1

db:SECUNIAid:41972

Trust: 1.1

db:SECUNIAid:43308

Trust: 1.1

db:SECUNIAid:38241

Trust: 1.1

db:SECUNIAid:37859

Trust: 1.1

db:SECUNIAid:41818

Trust: 1.1

db:SECUNIAid:39292

Trust: 1.1

db:SECUNIAid:42816

Trust: 1.1

db:SECUNIAid:42379

Trust: 1.1

db:SECUNIAid:39317

Trust: 1.1

db:SECUNIAid:42467

Trust: 1.1

db:SECUNIAid:37320

Trust: 1.1

db:SECUNIAid:37640

Trust: 1.1

db:SECUNIAid:37656

Trust: 1.1

db:SECUNIAid:37383

Trust: 1.1

db:SECUNIAid:42724

Trust: 1.1

db:SECUNIAid:38003

Trust: 1.1

db:SECUNIAid:44183

Trust: 1.1

db:SECUNIAid:42733

Trust: 1.1

db:SECUNIAid:38484

Trust: 1.1

db:SECUNIAid:40545

Trust: 1.1

db:SECUNIAid:40866

Trust: 1.1

db:SECUNIAid:38056

Trust: 1.1

db:SECUNIAid:39278

Trust: 1.1

db:SECUNIAid:42808

Trust: 1.1

db:SECUNIAid:37675

Trust: 1.1

db:SECUNIAid:39127

Trust: 1.1

db:SECUNIAid:39461

Trust: 1.1

db:SECUNIAid:39819

Trust: 1.1

db:SECUNIAid:41490

Trust: 1.1

db:SECUNIAid:39628

Trust: 1.1

db:SECUNIAid:44954

Trust: 1.1

db:SECUNIAid:48577

Trust: 1.1

db:SECUNIAid:42811

Trust: 1.1

db:SECUNIAid:37291

Trust: 1.1

db:SECUNIAid:41480

Trust: 1.1

db:SECUNIAid:37292

Trust: 1.1

db:SECUNIAid:37399

Trust: 1.1

db:SECUNIAid:39713

Trust: 1.1

db:SECUNIAid:38687

Trust: 1.1

db:SECUNIAid:37504

Trust: 1.1

db:SECUNIAid:41967

Trust: 1.1

db:SECTRACKid:1023217

Trust: 1.1

db:SECTRACKid:1023273

Trust: 1.1

db:SECTRACKid:1023274

Trust: 1.1

db:SECTRACKid:1023206

Trust: 1.1

db:SECTRACKid:1023272

Trust: 1.1

db:SECTRACKid:1023427

Trust: 1.1

db:SECTRACKid:1023218

Trust: 1.1

db:SECTRACKid:1023163

Trust: 1.1

db:SECTRACKid:1023214

Trust: 1.1

db:SECTRACKid:1023211

Trust: 1.1

db:SECTRACKid:1023219

Trust: 1.1

db:SECTRACKid:1023216

Trust: 1.1

db:SECTRACKid:1024789

Trust: 1.1

db:SECTRACKid:1023148

Trust: 1.1

db:SECTRACKid:1023213

Trust: 1.1

db:SECTRACKid:1023271

Trust: 1.1

db:SECTRACKid:1023243

Trust: 1.1

db:SECTRACKid:1023209

Trust: 1.1

db:SECTRACKid:1023215

Trust: 1.1

db:SECTRACKid:1023208

Trust: 1.1

db:SECTRACKid:1023411

Trust: 1.1

db:SECTRACKid:1023204

Trust: 1.1

db:SECTRACKid:1023224

Trust: 1.1

db:SECTRACKid:1023210

Trust: 1.1

db:SECTRACKid:1023207

Trust: 1.1

db:SECTRACKid:1023426

Trust: 1.1

db:SECTRACKid:1023428

Trust: 1.1

db:SECTRACKid:1023205

Trust: 1.1

db:SECTRACKid:1023275

Trust: 1.1

db:SECTRACKid:1023270

Trust: 1.1

db:SECTRACKid:1023212

Trust: 1.1

db:VUPENid:ADV-2010-2745

Trust: 1.1

db:VUPENid:ADV-2009-3353

Trust: 1.1

db:VUPENid:ADV-2010-3069

Trust: 1.1

db:VUPENid:ADV-2009-3354

Trust: 1.1

db:VUPENid:ADV-2009-3484

Trust: 1.1

db:VUPENid:ADV-2010-1793

Trust: 1.1

db:VUPENid:ADV-2011-0033

Trust: 1.1

db:VUPENid:ADV-2009-3220

Trust: 1.1

db:VUPENid:ADV-2010-2010

Trust: 1.1

db:VUPENid:ADV-2010-1639

Trust: 1.1

db:VUPENid:ADV-2010-1107

Trust: 1.1

db:VUPENid:ADV-2010-0916

Trust: 1.1

db:VUPENid:ADV-2009-3164

Trust: 1.1

db:VUPENid:ADV-2011-0032

Trust: 1.1

db:VUPENid:ADV-2011-0086

Trust: 1.1

db:VUPENid:ADV-2010-0748

Trust: 1.1

db:VUPENid:ADV-2010-1350

Trust: 1.1

db:VUPENid:ADV-2009-3521

Trust: 1.1

db:VUPENid:ADV-2010-0994

Trust: 1.1

db:VUPENid:ADV-2010-1191

Trust: 1.1

db:VUPENid:ADV-2010-0173

Trust: 1.1

db:VUPENid:ADV-2009-3587

Trust: 1.1

db:VUPENid:ADV-2010-0933

Trust: 1.1

db:VUPENid:ADV-2009-3205

Trust: 1.1

db:VUPENid:ADV-2010-1054

Trust: 1.1

db:VUPENid:ADV-2010-0848

Trust: 1.1

db:VUPENid:ADV-2010-1673

Trust: 1.1

db:VUPENid:ADV-2009-3165

Trust: 1.1

db:OPENWALLid:OSS-SECURITY/2009/11/05/3

Trust: 1.1

db:OPENWALLid:OSS-SECURITY/2009/11/07/3

Trust: 1.1

db:OPENWALLid:OSS-SECURITY/2009/11/23/10

Trust: 1.1

db:OPENWALLid:OSS-SECURITY/2009/11/05/5

Trust: 1.1

db:OPENWALLid:OSS-SECURITY/2009/11/20/1

Trust: 1.1

db:OPENWALLid:OSS-SECURITY/2009/11/06/3

Trust: 1.1

db:OSVDBid:65202

Trust: 1.1

db:OSVDBid:62210

Trust: 1.1

db:OSVDBid:60521

Trust: 1.1

db:OSVDBid:60972

Trust: 1.1

db:HITACHIid:HS10-030

Trust: 1.1

db:USCERTid:TA10-287A

Trust: 1.1

db:SECUNIAid:44293

Trust: 0.9

db:VUPENid:ADV-2010-0212

Trust: 0.8

db:VUPENid:ADV-2010-0125

Trust: 0.8

db:VUPENid:ADV-2011-1039

Trust: 0.8

db:VUPENid:ADV-2010-1942

Trust: 0.8

db:VUPENid:ADV-2010-2046

Trust: 0.8

db:VUPENid:ADV-2010-0457

Trust: 0.8

db:VUPENid:ADV-2010-2660

Trust: 0.8

db:VUPENid:ADV-2010-1280

Trust: 0.8

db:VUPENid:ADV-2009-3393

Trust: 0.8

db:SECUNIAid:38608

Trust: 0.8

db:SECUNIAid:38728

Trust: 0.8

db:SECUNIAid:38338

Trust: 0.8

db:SECUNIAid:44260

Trust: 0.8

db:SECUNIAid:37566

Trust: 0.8

db:SECUNIAid:40879

Trust: 0.8

db:SECUNIAid:44292

Trust: 0.8

db:USCERTid:SA10-222A

Trust: 0.8

db:JVNDBid:JVNDB-2009-002319

Trust: 0.8

db:PACKETSTORMid:82657

Trust: 0.2

db:PACKETSTORMid:90262

Trust: 0.2

db:PACKETSTORMid:83414

Trust: 0.2

db:PACKETSTORMid:92095

Trust: 0.2

db:PACKETSTORMid:94087

Trust: 0.2

db:PACKETSTORMid:97489

Trust: 0.2

db:PACKETSTORMid:92497

Trust: 0.2

db:PACKETSTORMid:88224

Trust: 0.2

db:EXPLOIT-DBid:10071

Trust: 0.1

db:EXPLOIT-DBid:10579

Trust: 0.1

db:PACKETSTORMid:82770

Trust: 0.1

db:PACKETSTORMid:130868

Trust: 0.1

db:PACKETSTORMid:83271

Trust: 0.1

db:PACKETSTORMid:88173

Trust: 0.1

db:PACKETSTORMid:91309

Trust: 0.1

db:PACKETSTORMid:120365

Trust: 0.1

db:PACKETSTORMid:106155

Trust: 0.1

db:PACKETSTORMid:83415

Trust: 0.1

db:PACKETSTORMid:111273

Trust: 0.1

db:PACKETSTORMid:88167

Trust: 0.1

db:PACKETSTORMid:124088

Trust: 0.1

db:PACKETSTORMid:120714

Trust: 0.1

db:PACKETSTORMid:82652

Trust: 0.1

db:PACKETSTORMid:131826

Trust: 0.1

db:PACKETSTORMid:95279

Trust: 0.1

db:PACKETSTORMid:137201

Trust: 0.1

db:PACKETSTORMid:102374

Trust: 0.1

db:PACKETSTORMid:106156

Trust: 0.1

db:PACKETSTORMid:89136

Trust: 0.1

db:PACKETSTORMid:88621

Trust: 0.1

db:PACKETSTORMid:94088

Trust: 0.1

db:PACKETSTORMid:89667

Trust: 0.1

db:PACKETSTORMid:88698

Trust: 0.1

db:PACKETSTORMid:84112

Trust: 0.1

db:PACKETSTORMid:90286

Trust: 0.1

db:PACKETSTORMid:127267

Trust: 0.1

db:PACKETSTORMid:84183

Trust: 0.1

db:PACKETSTORMid:86075

Trust: 0.1

db:PACKETSTORMid:114810

Trust: 0.1

db:PACKETSTORMid:123380

Trust: 0.1

db:PACKETSTORMid:84181

Trust: 0.1

db:CNNVDid:CNNVD-200911-069

Trust: 0.1

db:SEEBUGid:SSVID-67231

Trust: 0.1

db:VULHUBid:VHN-41001

Trust: 0.1

db:PACKETSTORMid:98419

Trust: 0.1

db:PACKETSTORMid:93944

Trust: 0.1

db:PACKETSTORMid:100761

Trust: 0.1

db:PACKETSTORMid:111583

Trust: 0.1

db:PACKETSTORMid:88387

Trust: 0.1

db:PACKETSTORMid:90344

Trust: 0.1

db:PACKETSTORMid:111920

Trust: 0.1

sources: CERT/CC: VU#120541 // VULHUB: VHN-41001 // JVNDB: JVNDB-2009-002319 // PACKETSTORM: 92497 // PACKETSTORM: 98419 // PACKETSTORM: 93944 // PACKETSTORM: 100761 // PACKETSTORM: 83414 // PACKETSTORM: 82657 // PACKETSTORM: 97489 // PACKETSTORM: 90262 // PACKETSTORM: 111583 // PACKETSTORM: 92095 // PACKETSTORM: 88387 // PACKETSTORM: 90344 // PACKETSTORM: 88224 // PACKETSTORM: 94087 // PACKETSTORM: 111920 // NVD: CVE-2009-3555

REFERENCES

url:http://extendedsubset.com/?p=8

Trust: 1.9

url:http://www.links.org/?p=780

Trust: 1.9

url:http://www.links.org/?p=786

Trust: 1.9

url:http://www.links.org/?p=789

Trust: 1.9

url:http://blogs.iss.net/archive/sslmitmiscsrf.html

Trust: 1.9

url:http://www.ietf.org/mail-archive/web/tls/current/msg03948.html

Trust: 1.9

url:https://bugzilla.redhat.com/show_bug.cgi?id=533125

Trust: 1.9

url:https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt

Trust: 1.9

url:http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html

Trust: 1.9

url:http://www.securityfocus.com/bid/36935

Trust: 1.9

url:http://secunia.com/advisories/37453

Trust: 1.9

url:http://secunia.com/advisories/38020

Trust: 1.9

url:http://secunia.com/advisories/39136

Trust: 1.9

url:http://secunia.com/advisories/39242

Trust: 1.9

url:http://secunia.com/advisories/39243

Trust: 1.9

url:http://secunia.com/advisories/39500

Trust: 1.9

url:http://secunia.com/advisories/40747

Trust: 1.9

url:http://www.vupen.com/english/advisories/2009/3310

Trust: 1.9

url:http://www.vupen.com/english/advisories/2009/3313

Trust: 1.9

url:http://www.vupen.com/english/advisories/2010/0086

Trust: 1.9

url:http://www.vupen.com/english/advisories/2010/0982

Trust: 1.9

url:http://www.vupen.com/english/advisories/2010/3086

Trust: 1.9

url:http://www.vupen.com/english/advisories/2010/3126

Trust: 1.9

url:http://www.us-cert.gov/cas/techalerts/ta10-222a.html

Trust: 1.9

url:http://www.kb.cert.org/vuls/id/120541

Trust: 1.9

url:https://nvd.nist.gov/vuln/detail/cve-2009-3555

Trust: 1.3

url:http://extendedsubset.com/renegotiating_tls.pdf

Trust: 1.2

url:http://www.openoffice.org/security/cves/cve-2009-3555.html

Trust: 1.2

url:http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021653.1-1

Trust: 1.1

url:http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021752.1-1

Trust: 1.1

url:http://securitytracker.com/id?1023148

Trust: 1.1

url:http://www.securitytracker.com/id?1023163

Trust: 1.1

url:http://www.securitytracker.com/id?1023204

Trust: 1.1

url:http://www.securitytracker.com/id?1023205

Trust: 1.1

url:http://www.securitytracker.com/id?1023206

Trust: 1.1

url:http://www.securitytracker.com/id?1023207

Trust: 1.1

url:http://www.securitytracker.com/id?1023208

Trust: 1.1

url:http://www.securitytracker.com/id?1023209

Trust: 1.1

url:http://www.securitytracker.com/id?1023210

Trust: 1.1

url:http://www.securitytracker.com/id?1023211

Trust: 1.1

url:http://www.securitytracker.com/id?1023212

Trust: 1.1

url:http://www.securitytracker.com/id?1023213

Trust: 1.1

url:http://www.securitytracker.com/id?1023214

Trust: 1.1

url:http://www.securitytracker.com/id?1023215

Trust: 1.1

url:http://www.securitytracker.com/id?1023216

Trust: 1.1

url:http://www.securitytracker.com/id?1023217

Trust: 1.1

url:http://www.securitytracker.com/id?1023218

Trust: 1.1

url:http://www.securitytracker.com/id?1023219

Trust: 1.1

url:http://www.securitytracker.com/id?1023224

Trust: 1.1

url:http://www.securitytracker.com/id?1023243

Trust: 1.1

url:http://www.securitytracker.com/id?1023270

Trust: 1.1

url:http://www.securitytracker.com/id?1023271

Trust: 1.1

url:http://www.securitytracker.com/id?1023272

Trust: 1.1

url:http://www.securitytracker.com/id?1023273

Trust: 1.1

url:http://www.securitytracker.com/id?1023274

Trust: 1.1

url:http://www.securitytracker.com/id?1023275

Trust: 1.1

url:http://www.securitytracker.com/id?1023411

Trust: 1.1

url:http://www.securitytracker.com/id?1023426

Trust: 1.1

url:http://www.securitytracker.com/id?1023427

Trust: 1.1

url:http://www.securitytracker.com/id?1023428

Trust: 1.1

url:http://www.securitytracker.com/id?1024789

Trust: 1.1

url:http://www.cisco.com/en/us/products/products_security_advisory09186a0080b01d1d.shtml

Trust: 1.1

url:http://seclists.org/fulldisclosure/2009/nov/139

Trust: 1.1

url:http://www.securityfocus.com/archive/1/507952/100/0/threaded

Trust: 1.1

url:http://www.securityfocus.com/archive/1/508075/100/0/threaded

Trust: 1.1

url:http://www.securityfocus.com/archive/1/508130/100/0/threaded

Trust: 1.1

url:http://www.securityfocus.com/archive/1/515055/100/0/threaded

Trust: 1.1

url:http://www.securityfocus.com/archive/1/516397/100/0/threaded

Trust: 1.1

url:http://archives.neohapsis.com/archives/bugtraq/2013-11/0120.html

Trust: 1.1

url:http://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1

Trust: 1.1

url:http://sunsolve.sun.com/search/document.do?assetkey=1-26-273350-1

Trust: 1.1

url:http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1

Trust: 1.1

url:http://secunia.com/advisories/37291

Trust: 1.1

url:http://secunia.com/advisories/37292

Trust: 1.1

url:http://secunia.com/advisories/37320

Trust: 1.1

url:http://secunia.com/advisories/37383

Trust: 1.1

url:http://secunia.com/advisories/37399

Trust: 1.1

url:http://secunia.com/advisories/37501

Trust: 1.1

url:http://secunia.com/advisories/37504

Trust: 1.1

url:http://secunia.com/advisories/37604

Trust: 1.1

url:http://secunia.com/advisories/37640

Trust: 1.1

url:http://secunia.com/advisories/37656

Trust: 1.1

url:http://secunia.com/advisories/37675

Trust: 1.1

url:http://secunia.com/advisories/37859

Trust: 1.1

url:http://secunia.com/advisories/38003

Trust: 1.1

url:http://secunia.com/advisories/38056

Trust: 1.1

url:http://secunia.com/advisories/38241

Trust: 1.1

url:http://secunia.com/advisories/38484

Trust: 1.1

url:http://secunia.com/advisories/38687

Trust: 1.1

url:http://secunia.com/advisories/38781

Trust: 1.1

url:http://secunia.com/advisories/39127

Trust: 1.1

url:http://secunia.com/advisories/39278

Trust: 1.1

url:http://secunia.com/advisories/39292

Trust: 1.1

url:http://secunia.com/advisories/39317

Trust: 1.1

url:http://secunia.com/advisories/39461

Trust: 1.1

url:http://secunia.com/advisories/39628

Trust: 1.1

url:http://secunia.com/advisories/39632

Trust: 1.1

url:http://secunia.com/advisories/39713

Trust: 1.1

url:http://secunia.com/advisories/39819

Trust: 1.1

url:http://secunia.com/advisories/40070

Trust: 1.1

url:http://secunia.com/advisories/40545

Trust: 1.1

url:http://secunia.com/advisories/40866

Trust: 1.1

url:http://secunia.com/advisories/41480

Trust: 1.1

url:http://secunia.com/advisories/41490

Trust: 1.1

url:http://secunia.com/advisories/41818

Trust: 1.1

url:http://secunia.com/advisories/41967

Trust: 1.1

url:http://secunia.com/advisories/41972

Trust: 1.1

url:http://secunia.com/advisories/42377

Trust: 1.1

url:http://secunia.com/advisories/42379

Trust: 1.1

url:http://secunia.com/advisories/42467

Trust: 1.1

url:http://secunia.com/advisories/42724

Trust: 1.1

url:http://secunia.com/advisories/42733

Trust: 1.1

url:http://secunia.com/advisories/42808

Trust: 1.1

url:http://secunia.com/advisories/42811

Trust: 1.1

url:http://secunia.com/advisories/42816

Trust: 1.1

url:http://secunia.com/advisories/43308

Trust: 1.1

url:http://secunia.com/advisories/44183

Trust: 1.1

url:http://secunia.com/advisories/44954

Trust: 1.1

url:http://secunia.com/advisories/48577

Trust: 1.1

url:http://osvdb.org/60521

Trust: 1.1

url:http://osvdb.org/60972

Trust: 1.1

url:http://osvdb.org/62210

Trust: 1.1

url:http://osvdb.org/65202

Trust: 1.1

url:http://www.vupen.com/english/advisories/2009/3164

Trust: 1.1

url:http://www.vupen.com/english/advisories/2009/3165

Trust: 1.1

url:http://www.vupen.com/english/advisories/2009/3205

Trust: 1.1

url:http://www.vupen.com/english/advisories/2009/3220

Trust: 1.1

url:http://www.vupen.com/english/advisories/2009/3353

Trust: 1.1

url:http://www.vupen.com/english/advisories/2009/3354

Trust: 1.1

url:http://www.vupen.com/english/advisories/2009/3484

Trust: 1.1

url:http://www.vupen.com/english/advisories/2009/3521

Trust: 1.1

url:http://www.vupen.com/english/advisories/2009/3587

Trust: 1.1

url:http://www.vupen.com/english/advisories/2010/0173

Trust: 1.1

url:http://www.vupen.com/english/advisories/2010/0748

Trust: 1.1

url:http://www.vupen.com/english/advisories/2010/0848

Trust: 1.1

url:http://www.vupen.com/english/advisories/2010/0916

Trust: 1.1

url:http://www.vupen.com/english/advisories/2010/0933

Trust: 1.1

url:http://www.vupen.com/english/advisories/2010/0994

Trust: 1.1

url:http://www.vupen.com/english/advisories/2010/1054

Trust: 1.1

url:http://www.vupen.com/english/advisories/2010/1107

Trust: 1.1

url:http://www.vupen.com/english/advisories/2010/1191

Trust: 1.1

url:http://www.vupen.com/english/advisories/2010/1350

Trust: 1.1

url:http://www.vupen.com/english/advisories/2010/1639

Trust: 1.1

url:http://www.vupen.com/english/advisories/2010/1673

Trust: 1.1

url:http://www.vupen.com/english/advisories/2010/1793

Trust: 1.1

url:http://www.vupen.com/english/advisories/2010/2010

Trust: 1.1

url:http://www.vupen.com/english/advisories/2010/2745

Trust: 1.1

url:http://www.vupen.com/english/advisories/2010/3069

Trust: 1.1

url:http://www.vupen.com/english/advisories/2011/0032

Trust: 1.1

url:http://www.vupen.com/english/advisories/2011/0033

Trust: 1.1

url:http://www.vupen.com/english/advisories/2011/0086

Trust: 1.1

url:http://lists.apple.com/archives/security-announce/2010/jan/msg00000.html

Trust: 1.1

url:http://lists.apple.com/archives/security-announce/2010//may/msg00001.html

Trust: 1.1

url:http://lists.apple.com/archives/security-announce/2010//may/msg00002.html

Trust: 1.1

url:http://www.debian.org/security/2009/dsa-1934

Trust: 1.1

url:http://www.debian.org/security/2011/dsa-2141

Trust: 1.1

url:http://www.debian.org/security/2015/dsa-3253

Trust: 1.1

url:https://www.redhat.com/archives/fedora-package-announce/2009-december/msg01029.html

Trust: 1.1

url:https://www.redhat.com/archives/fedora-package-announce/2009-december/msg01020.html

Trust: 1.1

url:https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00645.html

Trust: 1.1

url:https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00944.html

Trust: 1.1

url:https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00428.html

Trust: 1.1

url:https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00442.html

Trust: 1.1

url:https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00449.html

Trust: 1.1

url:https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00634.html

Trust: 1.1

url:http://lists.fedoraproject.org/pipermail/package-announce/2010-october/049702.html

Trust: 1.1

url:http://lists.fedoraproject.org/pipermail/package-announce/2010-october/049528.html

Trust: 1.1

url:http://lists.fedoraproject.org/pipermail/package-announce/2010-october/049455.html

Trust: 1.1

url:http://lists.fedoraproject.org/pipermail/package-announce/2010-april/039561.html

Trust: 1.1

url:http://lists.fedoraproject.org/pipermail/package-announce/2010-april/039957.html

Trust: 1.1

url:http://lists.fedoraproject.org/pipermail/package-announce/2010-may/040652.html

Trust: 1.1

url:http://security.gentoo.org/glsa/glsa-200912-01.xml

Trust: 1.1

url:http://security.gentoo.org/glsa/glsa-201203-22.xml

Trust: 1.1

url:http://security.gentoo.org/glsa/glsa-201406-32.xml

Trust: 1.1

url:http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c02436041

Trust: 1.1

url:http://itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02273751

Trust: 1.1

url:http://www.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02512995

Trust: 1.1

url:http://www.securityfocus.com/archive/1/522176

Trust: 1.1

url:http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01945686

Trust: 1.1

url:http://www-01.ibm.com/support/docview.wss?uid=swg1ic67848

Trust: 1.1

url:http://www-01.ibm.com/support/docview.wss?uid=swg1ic68054

Trust: 1.1

url:http://www-01.ibm.com/support/docview.wss?uid=swg1ic68055

Trust: 1.1

url:http://www.mandriva.com/security/advisories?name=mdvsa-2010:076

Trust: 1.1

url:http://www.mandriva.com/security/advisories?name=mdvsa-2010:084

Trust: 1.1

url:http://www.mandriva.com/security/advisories?name=mdvsa-2010:089

Trust: 1.1

url:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-049

Trust: 1.1

url:http://www-01.ibm.com/support/docview.wss?uid=swg1pm12247

Trust: 1.1

url:http://www.redhat.com/support/errata/rhsa-2010-0119.html

Trust: 1.1

url:http://www.redhat.com/support/errata/rhsa-2010-0130.html

Trust: 1.1

url:http://www.redhat.com/support/errata/rhsa-2010-0155.html

Trust: 1.1

url:http://www.redhat.com/support/errata/rhsa-2010-0165.html

Trust: 1.1

url:http://www.redhat.com/support/errata/rhsa-2010-0167.html

Trust: 1.1

url:http://www.redhat.com/support/errata/rhsa-2010-0337.html

Trust: 1.1

url:http://www.redhat.com/support/errata/rhsa-2010-0338.html

Trust: 1.1

url:http://www.redhat.com/support/errata/rhsa-2010-0339.html

Trust: 1.1

url:http://www.redhat.com/support/errata/rhsa-2010-0768.html

Trust: 1.1

url:http://www.redhat.com/support/errata/rhsa-2010-0770.html

Trust: 1.1

url:http://www.redhat.com/support/errata/rhsa-2010-0786.html

Trust: 1.1

url:http://www.redhat.com/support/errata/rhsa-2010-0807.html

Trust: 1.1

url:http://www.redhat.com/support/errata/rhsa-2010-0865.html

Trust: 1.1

url:http://www.redhat.com/support/errata/rhsa-2010-0986.html

Trust: 1.1

url:http://www.redhat.com/support/errata/rhsa-2010-0987.html

Trust: 1.1

url:http://www.redhat.com/support/errata/rhsa-2011-0880.html

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.html

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html

Trust: 1.1

url:http://www.us-cert.gov/cas/techalerts/ta10-287a.html

Trust: 1.1

url:http://www.ubuntu.com/usn/usn-1010-1

Trust: 1.1

url:http://ubuntu.com/usn/usn-923-1

Trust: 1.1

url:http://www.ubuntu.com/usn/usn-927-1

Trust: 1.1

url:http://www.ubuntu.com/usn/usn-927-4

Trust: 1.1

url:http://www.ubuntu.com/usn/usn-927-5

Trust: 1.1

url:http://openbsd.org/errata45.html#010_openssl

Trust: 1.1

url:http://openbsd.org/errata46.html#004_openssl

Trust: 1.1

url:http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00029.html

Trust: 1.1

url:http://www.openwall.com/lists/oss-security/2009/11/05/3

Trust: 1.1

url:http://www.openwall.com/lists/oss-security/2009/11/05/5

Trust: 1.1

url:http://www.openwall.com/lists/oss-security/2009/11/06/3

Trust: 1.1

url:http://www.openwall.com/lists/oss-security/2009/11/07/3

Trust: 1.1

url:http://www.openwall.com/lists/oss-security/2009/11/20/1

Trust: 1.1

url:http://www.openwall.com/lists/oss-security/2009/11/23/10

Trust: 1.1

url:http://www.ietf.org/mail-archive/web/tls/current/msg03928.html

Trust: 1.1

url:https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3cdev.tomcat.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3cdev.tomcat.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3cdev.tomcat.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3cdev.tomcat.apache.org%3e

Trust: 1.1

url:http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html

Trust: 1.1

url:http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_during

Trust: 1.1

url:http://clicky.me/tlsvuln

Trust: 1.1

url:http://kbase.redhat.com/faq/docs/doc-20491

Trust: 1.1

url:http://support.apple.com/kb/ht4004

Trust: 1.1

url:http://support.apple.com/kb/ht4170

Trust: 1.1

url:http://support.apple.com/kb/ht4171

Trust: 1.1

url:http://support.avaya.com/css/p8/documents/100070150

Trust: 1.1

url:http://support.avaya.com/css/p8/documents/100081611

Trust: 1.1

url:http://support.avaya.com/css/p8/documents/100114315

Trust: 1.1

url:http://support.avaya.com/css/p8/documents/100114327

Trust: 1.1

url:http://support.citrix.com/article/ctx123359

Trust: 1.1

url:http://support.zeus.com/zws/media/docs/4.3/release_notes

Trust: 1.1

url:http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_released

Trust: 1.1

url:http://sysoev.ru/nginx/patch.cve-2009-3555.txt

Trust: 1.1

url:http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html

Trust: 1.1

url:http://wiki.rpath.com/advisories:rpsa-2009-0155

Trust: 1.1

url:http://www-01.ibm.com/support/docview.wss?uid=swg21426108

Trust: 1.1

url:http://www-01.ibm.com/support/docview.wss?uid=swg21432298

Trust: 1.1

url:http://www-01.ibm.com/support/docview.wss?uid=swg24006386

Trust: 1.1

url:http://www-01.ibm.com/support/docview.wss?uid=swg24025312

Trust: 1.1

url:http://www.arubanetworks.com/support/alerts/aid-020810.txt

Trust: 1.1

url:http://www.betanews.com/article/1257452450

Trust: 1.1

url:http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs10-030/index.html

Trust: 1.1

url:http://www.ingate.com/relnote.php?ver=481

Trust: 1.1

url:http://www.mozilla.org/security/announce/2010/mfsa2010-22.html

Trust: 1.1

url:http://www.openssl.org/news/secadv_20091111.txt

Trust: 1.1

url:http://www.opera.com/docs/changelogs/unix/1060/

Trust: 1.1

url:http://www.opera.com/support/search/view/944/

Trust: 1.1

url:http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html

Trust: 1.1

url:http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html

Trust: 1.1

url:http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html

Trust: 1.1

url:http://www.proftpd.org/docs/release_notes-1.3.2c

Trust: 1.1

url:http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html

Trust: 1.1

url:http://www.tombom.co.uk/blog/?p=85

Trust: 1.1

url:http://www.vmware.com/security/advisories/vmsa-2010-0019.html

Trust: 1.1

url:http://www.vmware.com/security/advisories/vmsa-2011-0003.html

Trust: 1.1

url:http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html

Trust: 1.1

url:http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html

Trust: 1.1

url:https://bugzilla.mozilla.org/show_bug.cgi?id=526689

Trust: 1.1

url:https://bugzilla.mozilla.org/show_bug.cgi?id=545755

Trust: 1.1

url:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05150888

Trust: 1.1

url:https://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html

Trust: 1.1

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10088

Trust: 1.1

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a11578

Trust: 1.1

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a11617

Trust: 1.1

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a7315

Trust: 1.1

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a7478

Trust: 1.1

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a7973

Trust: 1.1

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a8366

Trust: 1.1

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a8535

Trust: 1.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/54158

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3555

Trust: 1.0

url:http://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2

Trust: 1.0

url:http://marc.info/?l=bugtraq&m=126150535619567&w=2

Trust: 1.0

url:http://marc.info/?l=bugtraq&m=127128920008563&w=2

Trust: 1.0

url:http://marc.info/?l=bugtraq&m=127419602507642&w=2

Trust: 1.0

url:http://marc.info/?l=bugtraq&m=127557596201693&w=2

Trust: 1.0

url:http://marc.info/?l=bugtraq&m=130497311408250&w=2

Trust: 1.0

url:http://marc.info/?l=bugtraq&m=132077688910227&w=2

Trust: 1.0

url:http://marc.info/?l=bugtraq&m=133469267822771&w=2

Trust: 1.0

url:http://marc.info/?l=bugtraq&m=134254866602253&w=2

Trust: 1.0

url:http://marc.info/?l=bugtraq&m=142660345230545&w=2

Trust: 1.0

url:http://marc.info/?l=cryptography&m=125752275331877&w=2

Trust: 1.0

url:http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.597446

Trust: 1.0

url:http://www-1.ibm.com/support/search.wss?rs=0&q=pm00675&apar=only

Trust: 1.0

url:https://kb.bluecoat.com/index?page=content&id=sa50

Trust: 1.0

url:http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00014.html

Trust: 0.8

url:http://cvs.openssl.org/chngview?cn=18790

Trust: 0.8

url:http://www.links.org/files/no-renegotiation-2.patch

Trust: 0.8

url:http://blog.zoller.lu/2009/11/new-sslv3-tls-vulnerability-mitm.html

Trust: 0.8

url:http://jvn.jp/cert/jvnvu120541

Trust: 0.8

url:http://jvn.jp/cert/jvnvu490671

Trust: 0.8

url:http://jvn.jp/tr/jvntr-2010-22

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-3555

Trust: 0.8

url:http://secunia.com/advisories/38338

Trust: 0.8

url:http://secunia.com/advisories/38728

Trust: 0.8

url:http://secunia.com/advisories/38608

Trust: 0.8

url:http://secunia.com/advisories/44292

Trust: 0.8

url:http://secunia.com/advisories/44293

Trust: 0.8

url:http://secunia.com/advisories/40879

Trust: 0.8

url:http://secunia.com/advisories/44260

Trust: 0.8

url:http://secunia.com/advisories/37566

Trust: 0.8

url:http://www.us-cert.gov/cas/alerts/sa10-222a.html

Trust: 0.8

url:http://www.vupen.com/english/advisories/2010/1280

Trust: 0.8

url:http://www.vupen.com/english/advisories/2010/2660

Trust: 0.8

url:http://www.vupen.com/english/advisories/2010/1942

Trust: 0.8

url:http://www.vupen.com/english/advisories/2009/3393

Trust: 0.8

url:http://www.vupen.com/english/advisories/2010/0125

Trust: 0.8

url:http://www.vupen.com/english/advisories/2010/0212

Trust: 0.8

url:http://www.vupen.com/english/advisories/2010/0457

Trust: 0.8

url:http://www.vupen.com/english/advisories/2010/2046

Trust: 0.8

url:http://www.vupen.com/english/advisories/2011/1039

Trust: 0.8

url:http://www.itrc.hp.com/service/cki/secbullarchive.do

Trust: 0.4

url:http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na&langcode=useng&jumpid=in_sc-gen__driveritrc&topiccode=itrc

Trust: 0.4

url:http://h30046.www3.hp.com/subsignin.php

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2010-0085

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2010-0084

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2010-0091

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2010-0089

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2010-0093

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2010-0082

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2010-0088

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2010-0092

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2010-0094

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2009-3548

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2009-2902

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2010-0087

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2009-2693

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2010-0095

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2009-2901

Trust: 0.2

url:http://secunia.com/products/corporate/evm/

Trust: 0.2

url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

Trust: 0.2

url:http://secunia.com/advisories/secunia_security_advisories/

Trust: 0.2

url:http://secunia.com/vulnerability_scanning/personal/

Trust: 0.2

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.2

url:http://secunia.com/advisories/about_secunia_advisories/

Trust: 0.2

url:https://www.hp.com/go/swa

Trust: 0.2

url:http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/

Trust: 0.2

url:http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Trust: 0.2

url:https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c02964430

Trust: 0.2

url:http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.6.orig.tar.gz

Trust: 0.2

url:http://marc.info/?l=bugtraq&amp;m=132077688910227&amp;w=2

Trust: 0.1

url:http://marc.info/?l=bugtraq&amp;m=142660345230545&amp;w=2

Trust: 0.1

url:http://marc.info/?l=bugtraq&amp;m=127419602507642&amp;w=2

Trust: 0.1

url:http://marc.info/?l=bugtraq&amp;m=134254866602253&amp;w=2

Trust: 0.1

url:http://marc.info/?l=bugtraq&amp;m=130497311408250&amp;w=2

Trust: 0.1

url:http://marc.info/?l=bugtraq&amp;m=133469267822771&amp;w=2

Trust: 0.1

url:http://marc.info/?l=bugtraq&amp;m=126150535619567&amp;w=2

Trust: 0.1

url:http://marc.info/?l=bugtraq&amp;m=127128920008563&amp;w=2

Trust: 0.1

url:http://marc.info/?l=bugtraq&amp;m=127557596201693&amp;w=2

Trust: 0.1

url:http://www-1.ibm.com/support/search.wss?rs=0&amp;q=pm00675&amp;apar=only

Trust: 0.1

url:http://slackware.com/security/viewer.php?l=slackware-security&amp;y=2009&amp;m=slackware-security.597446

Trust: 0.1

url:http://marc.info/?l=apache-httpd-announce&amp;m=125755783724966&amp;w=2

Trust: 0.1

url:http://marc.info/?l=cryptography&amp;m=125752275331877&amp;w=2

Trust: 0.1

url:https://kb.bluecoat.com/index?page=content&amp;id=sa50

Trust: 0.1

url:http://www.procurve.com/customercare/support/software/network-security.htm

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3556

Trust: 0.1

url:http://secunia.com/

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0086

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1086

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0730

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1088

Trust: 0.1

url:http://kb.vmware.com/kb/1027919

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2939

Trust: 0.1

url:http://kb.vmware.com/kb/1055

Trust: 0.1

url:http://downloads.vmware.com/support/vsphere4/doc/vsp_esxi41_u1_rel_notes.html

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3571

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0095

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0307

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0092

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0093

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3548

Trust: 0.1

url:http://kb.vmware.com/kb/1031330

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3554

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3562

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0088

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3557

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3550

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0085

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1384

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3567

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0838

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2008-0086

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-0003

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0837

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3553

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0106

Trust: 0.1

url:http://www.vmware.com/support/policies/eos_vi.html

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2227

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2008-0107

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2902

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2901

Trust: 0.1

url:http://downloads.vmware.com/support/vsphere4/doc/vsp_esx41_u1_rel_notes.html

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1085

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0091

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0841

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0840

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0291

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2248

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0415

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3561

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3541

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3559

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3565

Trust: 0.1

url:http://kb.vmware.com/kb/1027904

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0107

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0433

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0842

Trust: 0.1

url:http://www.vmware.com/support/policies/eos.html

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3574

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0886

Trust: 0.1

url:http://downloads.vmware.com/d/info/datacenter_downloads/vmware_vsphere_4/4_0

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0734

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1157

Trust: 0.1

url:http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0094

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0007

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0850

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2524

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0839

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1087

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0622

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0090

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2008-3825

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3573

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1084

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2008-5416

Trust: 0.1

url:http://www.vmware.com/security/advisories

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-1384

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-0008

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0849

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2070

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-4308

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3549

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3548

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2693

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-4308

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-0007

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3568

Trust: 0.1

url:http://www.vmware.com/support/policies/security_response.html

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0084

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-5416

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3864

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3825

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0410

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1321

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3572

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1437

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0003

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3566

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0847

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0740

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0082

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0437

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0844

Trust: 0.1

url:http://downloads.vmware.com/support/pubs/vs_pages/vsp_pubs_esx41_vc41.html

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2066

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0089

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0087

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1436

Trust: 0.1

url:http://kb.vmware.com/kb/1029353

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2008-0085

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0846

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2226

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1173

Trust: 0.1

url:http://lists.grok.org.uk/full-disclosure-charter.html

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0008

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1641

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2928

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2008-0106

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0845

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0848

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1187

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2521

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3569

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0085

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-0090

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3081

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3551

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0843

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-3010

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-4143

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-2068

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-4018

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-3011

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-4017

Trust: 0.1

url:http://www.hp.com/servers/manage/smh

Trust: 0.1

url:https://ca.secunia.com/?page=viewadvisory&vuln_id=44293

Trust: 0.1

url:http://secunia.com/advisories/44293/

Trust: 0.1

url:http://secunia.com/research/

Trust: 0.1

url:http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html#appendixas

Trust: 0.1

url:http://secunia.com/advisories/44293/#comments

Trust: 0.1

url:http://secunia.com/company/jobs/open_positions/reverse_engineer

Trust: 0.1

url:http://security.freebsd.org/>.

Trust: 0.1

url:http://security.freebsd.org/advisories/freebsd-sa-09:15.ssl.asc

Trust: 0.1

url:http://security.freebsd.org/patches/sa-09:15/ssl.patch.asc

Trust: 0.1

url:http://security.freebsd.org/patches/sa-09:15/ssl.patch

Trust: 0.1

url:http://www.freebsd.org/handbook/makeworld.html>

Trust: 0.1

url:http://www.cisco.com/en/us/products/products_security_vulnerability_policy.html.

Trust: 0.1

url:http://www.cisco.com/warp/public/707/cisco-sa-20091109-tls.shtml

Trust: 0.1

url:http://www.cisco.com/pcgi-bin/support/bugtool/launch_bugtool.pl

Trust: 0.1

url:http://www.cisco.com/en/us/support/tsd_cisco_worldwide_contacts.html

Trust: 0.1

url:http://www.cisco.com/warp/public/707/cisco-sa-20091109-tls.shtml.

Trust: 0.1

url:http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html

Trust: 0.1

url:http://www.cisco.com.

Trust: 0.1

url:http://www.cisco.com/go/psirt.

Trust: 0.1

url:http://www.cisco.com/en/us/docs/general/warranty/english/eu1ken_.html,

Trust: 0.1

url:http://www.cisco.com/public/sw-center/sw-usingswc.shtml.

Trust: 0.1

url:http://intellishield.cisco.com/security/alertmanager/cvss

Trust: 0.1

url:http://www.debian.org/security/faq

Trust: 0.1

url:http://www.debian.org/security/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-0842

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-0838

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-0841

Trust: 0.1

url:http://www.hp.com/go/java

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-0839

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-0837

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-0840

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-0130

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-0128

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-0129

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2008-7270

Trust: 0.1

url:http://h20000.www2.hp.com/bizsupport/techsupport/softwareindex.jsp?lang=en&cc=us&prodnameid=3188475&prodtypeid=329290&prodseriesid=3188465&swlang=8&taskid=135&swenvoid=1113

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.6-0ubuntu0.9.04.1.diff.gz

Trust: 0.1

url:http://www.canonical.com

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_amd64.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_powerpc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_sparc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_lpia.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.6-0ubuntu0.9.04.1.dsc

Trust: 0.1

url:http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_sparc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_i386.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_powerpc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_lpia.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_i386.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_lpia.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_amd64.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_sparc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_powerpc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_lpia.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_amd64.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_sparc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_lpia.deb

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-0740

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-0433

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-4355

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-3245

Trust: 0.1

url:http://www.openoffice.org/security/cves/cve-2010-0395.html

Trust: 0.1

url:http://secunia.com/advisories/40070/#comments

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/corporate/webinars/

Trust: 0.1

url:http://secunia.com/advisories/40070/

Trust: 0.1

url:https://ca.secunia.com/?page=viewadvisory&vuln_id=40070

Trust: 0.1

url:http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.10.1_sparc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.10.1_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.10.1_amd64.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.10.1_powerpc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.10.1_lpia.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.10.1_lpia.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.10.1_powerpc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.10.1_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.10.1_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.10.1_i386.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.10.1_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.10.1_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.10.1_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.6-0ubuntu0.9.10.1.dsc

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.10.1_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.10.1_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.6-0ubuntu0.9.10.1.diff.gz

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.10.1_sparc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.10.1_lpia.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.10.1_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.10.1_i386.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.10.1_lpia.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.10.1_amd64.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.10.1_lpia.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.10.1_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.10.1_amd64.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.10.1_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.12_powerpc.udeb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3.10_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.12_powerpc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.1_powerpc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.10_powerpc.udeb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.12_i386.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-16ubuntu3.2_lpia.udeb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-16ubuntu3.2_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8g-16ubuntu3.2_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-16ubuntu3.2.dsc

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.10_amd64.udeb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ubuntu3.10_amd64.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-15ubuntu3.5_sparc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8k-7ubuntu8.1_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.12_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.1.dsc

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.10_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.10_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-15ubuntu3.5.dsc

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8k-7ubuntu8.1_sparc.udeb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15ubuntu3.5_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15ubuntu3.5_amd64.udeb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.1_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.12_sparc.udeb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu3.10_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-15ubuntu3.5.diff.gz

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.10_lpia.udeb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8g-16ubuntu3.2_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8k-7ubuntu8.1_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.12_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl-doc_0.9.8k-7ubuntu8.1_all.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl-doc_0.9.8g-15ubuntu3.5_all.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-16ubuntu3.2_powerpc.udeb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ubuntu3.10_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu3.10_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-16ubuntu3.2_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8g-15ubuntu3.5_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a.orig.tar.gz

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-16ubuntu3.2_powerpc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-15ubuntu3.5_lpia.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ubuntu3.10_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8k-7ubuntu8.1_i386.udeb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.12_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8k-7ubuntu8.1_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15ubuntu3.5_amd64.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.10_sparc.udeb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.10_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.10.dsc

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.10_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-16ubuntu3.2_amd64.udeb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu3.10_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8g-15ubuntu3.5_i386.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15ubuntu3.5_sparc.udeb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ubuntu3.10_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g.orig.tar.gz

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3.10_lpia.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-16ubuntu3.2_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8k.orig.tar.gz

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-15ubuntu3.5_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.12_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.12_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15ubuntu3.5_i386.udeb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.12_i386.udeb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-16ubuntu3.2_lpia.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.12_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8g-16ubuntu3.2_amd64.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8k-7ubuntu8.1_powerpc.udeb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.12_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-16ubuntu3.2_i386.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-16ubuntu3.2_sparc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8k-7ubuntu8.1_powerpc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-15ubuntu3.5_powerpc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ubuntu3.10_lpia.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-16ubuntu3.2_lpia.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-16ubuntu3.2_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.12_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.12.diff.gz

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.12_sparc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-16ubuntu3.2_lpia.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-16ubuntu3.2_sparc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8k-7ubuntu8.1_powerpc.udeb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8k-7ubuntu8.1_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8k-7ubuntu8.1_amd64.udeb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl-doc_0.9.8g-4ubuntu3.10_all.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-16ubuntu3.2_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8k-7ubuntu8.1_amd64.deb

Trust: 0.1

url:http://www.openssl.org/docs/ssl/ssl_ctx_set_options.html#secure_renegotiation

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3.10_powerpc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-15ubuntu3.5_lpia.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.12_i386.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8k-7ubuntu8.1_sparc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15ubuntu3.5_lpia.udeb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-16ubuntu3.2_sparc.udeb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8k-7ubuntu8.1_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.10.diff.gz

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15ubuntu3.5_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-15ubuntu3.5_i386.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.1_sparc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-15ubuntu3.5_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8k-7ubuntu8.1_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8g-15ubuntu3.5_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.1.diff.gz

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.12.dsc

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15ubuntu3.5_powerpc.udeb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu3.10_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3.10_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3.10_amd64.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15ubuntu3.5_powerpc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8k-7ubuntu8.1_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.12_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.1_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.12_sparc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-16ubuntu3.2_lpia.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.12_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-15ubuntu3.5_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-16ubuntu3.2_i386.udeb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-15ubuntu3.5_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8g-16ubuntu3.2_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8g-15ubuntu3.5_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-16ubuntu3.2.diff.gz

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8k-7ubuntu8.1_i386.udeb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15ubuntu3.5_lpia.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.10_i386.udeb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.12_powerpc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.10_lpia.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-16ubuntu3.2_i386.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-16ubuntu3.2_powerpc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8k-7ubuntu8.1_powerpc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-15ubuntu3.5_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl-doc_0.9.8g-16ubuntu3.2_all.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8k-7ubuntu8.1_i386.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-15ubuntu3.5_lpia.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-16ubuntu3.2_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.12_amd64.udeb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8k-7ubuntu8.1_amd64.udeb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8k-7ubuntu8.1_sparc.udeb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu3.10_lpia.deb

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2204

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-0033

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2526

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-3190

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-0580

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-0781

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-4476

Trust: 0.1

url:http://h71000.www7.hp.com/openvms/products/ips/apache/csws_java.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-1184

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-1157

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2729

Trust: 0.1

sources: CERT/CC: VU#120541 // VULHUB: VHN-41001 // JVNDB: JVNDB-2009-002319 // PACKETSTORM: 92497 // PACKETSTORM: 98419 // PACKETSTORM: 93944 // PACKETSTORM: 100761 // PACKETSTORM: 83414 // PACKETSTORM: 82657 // PACKETSTORM: 97489 // PACKETSTORM: 90262 // PACKETSTORM: 111583 // PACKETSTORM: 92095 // PACKETSTORM: 88387 // PACKETSTORM: 90344 // PACKETSTORM: 88224 // PACKETSTORM: 94087 // PACKETSTORM: 111920 // NVD: CVE-2009-3555

CREDITS

Hewlett Packard

Trust: 0.4

sources: PACKETSTORM: 92497 // PACKETSTORM: 93944 // PACKETSTORM: 90262 // PACKETSTORM: 88387

SOURCES

db:CERT/CCid:VU#120541
db:VULHUBid:VHN-41001
db:JVNDBid:JVNDB-2009-002319
db:PACKETSTORMid:92497
db:PACKETSTORMid:98419
db:PACKETSTORMid:93944
db:PACKETSTORMid:100761
db:PACKETSTORMid:83414
db:PACKETSTORMid:82657
db:PACKETSTORMid:97489
db:PACKETSTORMid:90262
db:PACKETSTORMid:111583
db:PACKETSTORMid:92095
db:PACKETSTORMid:88387
db:PACKETSTORMid:90344
db:PACKETSTORMid:88224
db:PACKETSTORMid:94087
db:PACKETSTORMid:111920
db:NVDid:CVE-2009-3555

LAST UPDATE DATE

2024-11-20T19:38:55.542000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#120541date:2011-07-22T00:00:00
db:VULHUBid:VHN-41001date:2023-02-13T00:00:00
db:JVNDBid:JVNDB-2009-002319date:2016-09-08T00:00:00
db:NVDid:CVE-2009-3555date:2023-02-13T02:20:27.983

SOURCES RELEASE DATE

db:CERT/CCid:VU#120541date:2009-11-11T00:00:00
db:VULHUBid:VHN-41001date:2009-11-09T00:00:00
db:JVNDBid:JVNDB-2009-002319date:2009-12-14T00:00:00
db:PACKETSTORMid:92497date:2010-08-06T17:53:12
db:PACKETSTORMid:98419date:2011-02-11T13:13:00
db:PACKETSTORMid:93944date:2010-09-17T00:35:23
db:PACKETSTORMid:100761date:2011-04-24T07:03:07
db:PACKETSTORMid:83414date:2009-12-03T21:01:42
db:PACKETSTORMid:82657date:2009-11-17T01:21:40
db:PACKETSTORMid:97489date:2011-01-13T03:33:06
db:PACKETSTORMid:90262date:2010-06-04T04:23:32
db:PACKETSTORMid:111583date:2012-04-05T00:45:56
db:PACKETSTORMid:92095date:2010-07-23T18:03:56
db:PACKETSTORMid:88387date:2010-04-15T22:26:05
db:PACKETSTORMid:90344date:2010-06-07T16:47:06
db:PACKETSTORMid:88224date:2010-04-10T03:47:45
db:PACKETSTORMid:94087date:2010-09-21T22:54:11
db:PACKETSTORMid:111920date:2012-04-17T20:41:11
db:NVDid:CVE-2009-3555date:2009-11-09T17:30:00.407