Sign-up

ID

VAR-200911-0398


CVE

CVE-2009-3555


TITLE

SSL and TLS protocols renegotiation vulnerability

Trust: 0.8

sources: CERT/CC: VU#120541

DESCRIPTION

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) The protocol includes renegotiation A vulnerability exists in the function. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) Is a protocol that provides functions such as communication encryption and authentication. SSL and TLS The protocol includes renegotiation There are vulnerabilities due to functionality.A third party that can relay communication between the user and the server can insert arbitrary data at the beginning of the communication data under specific conditions. As a result, the attacker inserted HTTP The request may be sent to the server. HP ProCurve Threat Management Services (TMS) zl Module J9155A and J9156A ST.1.1.100330 and earlier. Product Version: ST.1.1.100430 or later. The updates are available from the following location: http://www.procurve.com/customercare/support/software/network-security.htm PRODUCT SPECIFIC INFORMATION None HISTORY: Version: 1 (rev.1) 4 August 2010 Initial release. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ VMware Security Advisory Advisory ID: VMSA-2011-0003 Synopsis: Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX Issue date: 2011-02-10 Updated on: 2011-02-10 (initial release of advisory) CVE numbers: --- Apache Tomcat --- CVE-2009-2693 CVE-2009-2901 CVE-2009-2902 CVE-2009-3548 CVE-2010-2227 CVE-2010-1157 --- Apache Tomcat Manager --- CVE-2010-2928 --- cURL --- CVE-2010-0734 --- COS Kernel --- CVE-2010-1084 CVE-2010-2066 CVE-2010-2070 CVE-2010-2226 CVE-2010-2248 CVE-2010-2521 CVE-2010-2524 CVE-2010-0008 CVE-2010-0415 CVE-2010-0437 CVE-2009-4308 CVE-2010-0003 CVE-2010-0007 CVE-2010-0307 CVE-2010-1086 CVE-2010-0410 CVE-2010-0730 CVE-2010-1085 CVE-2010-0291 CVE-2010-0622 CVE-2010-1087 CVE-2010-1173 CVE-2010-1437 CVE-2010-1088 CVE-2010-1187 CVE-2010-1436 CVE-2010-1641 CVE-2010-3081 --- Microsoft SQL Express --- CVE-2008-5416 CVE-2008-0085 CVE-2008-0086 CVE-2008-0107 CVE-2008-0106 --- OpenSSL --- CVE-2010-0740 CVE-2010-0433 CVE-2010-3864 CVE-2010-2939 --- Oracle (Sun) JRE --- CVE-2009-3555 CVE-2010-0082 CVE-2010-0084 CVE-2010-0085 CVE-2010-0087 CVE-2010-0088 CVE-2010-0089 CVE-2010-0090 CVE-2010-0091 CVE-2010-0092 CVE-2010-0093 CVE-2010-0094 CVE-2010-0095 CVE-2010-0837 CVE-2010-0838 CVE-2010-0839 CVE-2010-0840 CVE-2010-0841 CVE-2010-0842 CVE-2010-0843 CVE-2010-0844 CVE-2010-0845 CVE-2010-0846 CVE-2010-0847 CVE-2010-0848 CVE-2010-0849 CVE-2010-0850 CVE-2010-0886 CVE-2010-3556 CVE-2010-3566 CVE-2010-3567 CVE-2010-3550 CVE-2010-3561 CVE-2010-3573 CVE-2010-3565 CVE-2010-3568 CVE-2010-3569 CVE-2010-1321 CVE-2010-3548 CVE-2010-3551 CVE-2010-3562 CVE-2010-3571 CVE-2010-3554 CVE-2010-3559 CVE-2010-3572 CVE-2010-3553 CVE-2010-3549 CVE-2010-3557 CVE-2010-3541 CVE-2010-3574 --- pam_krb5 --- CVE-2008-3825 CVE-2009-1384 - ------------------------------------------------------------------------ 1. Summary Update 1 for vCenter Server 4.1, vCenter Update Manager 4.1, vSphere Hypervisor (ESXi) 4.1, ESXi 4.1, addresses several security issues. 2. Relevant releases vCenter Server 4.1 without Update 1, vCenter Update Manager 4.1 without Update 1, ESXi 4.1 without patch ESXi410-201101201-SG, ESX 4.1 without patch ESX410-201101201-SG. 3. Problem Description a. vCenter Server and vCenter Update Manager update Microsoft SQL Server 2005 Express Edition to Service Pack 3 Microsoft SQL Server 2005 Express Edition (SQL Express) distributed with vCenter Server 4.1 Update 1 and vCenter Update Manager 4.1 Update 1 is upgraded from SQL Express Service Pack 2 to SQL Express Service Pack 3, to address multiple security issues that exist in the earlier releases of Microsoft SQL Express. Customers using other database solutions need not update for these issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-5416, CVE-2008-0085, CVE-2008-0086, CVE-2008-0107 and CVE-2008-0106 to the issues addressed in MS SQL Express Service Pack 3. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter 4.1 Windows Update 1 vCenter 4.0 Windows affected, patch pending VirtualCenter 2.5 Windows affected, no patch planned Update Manager 4.1 Windows Update 1 Update Manager 4.0 Windows affected, patch pending Update Manager 1.0 Windows affected, no patch planned hosted * any any not affected ESXi any ESXi not affected ESX any ESX not affected * Hosted products are VMware Workstation, Player, ACE, Fusion. b. vCenter Apache Tomcat Management Application Credential Disclosure The Apache Tomcat Manager application configuration file contains logon credentials that can be read by unprivileged local users. The issue is resolved by removing the Manager application in vCenter 4.1 Update 1. If vCenter 4.1 is updated to vCenter 4.1 Update 1 the logon credentials are not present in the configuration file after the update. VMware would like to thank Claudio Criscione of Secure Networking for reporting this issue to us. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2010-2928 to this issue. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter 4.1 Windows Update 1 vCenter 4.0 Windows not affected VirtualCenter 2.5 Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX any ESX not affected * hosted products are VMware Workstation, Player, ACE, Fusion. c. vCenter Server and ESX, Oracle (Sun) JRE is updated to version 1.6.0_21 Oracle (Sun) JRE update to version 1.6.0_21, which addresses multiple security issues that existed in earlier releases of Oracle (Sun) JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Oracle (Sun) JRE 1.6.0_19: CVE-2009-3555, CVE-2010-0082, CVE-2010-0084, CVE-2010-0085, CVE-2010-0087, CVE-2010-0088, CVE-2010-0089, CVE-2010-0090, CVE-2010-0091, CVE-2010-0092, CVE-2010-0093, CVE-2010-0094, CVE-2010-0095, CVE-2010-0837, CVE-2010-0838, CVE-2010-0839, CVE-2010-0840, CVE-2010-0841, CVE-2010-0842, CVE-2010-0843, CVE-2010-0844, CVE-2010-0845, CVE-2010-0846, CVE-2010-0847, CVE-2010-0848, CVE-2010-0849, CVE-2010-0850. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following name to the security issue fixed in Oracle (Sun) JRE 1.6.0_20: CVE-2010-0886. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter 4.1 Windows Update 1 vCenter 4.0 Windows not applicable ** VirtualCenter 2.5 Windows not applicable ** Update Manager 4.1 Windows not applicable ** Update Manager 4.0 Windows not applicable ** Update Manager 1.0 Windows not applicable ** hosted * any any not affected ESXi any ESXi not affected ESX 4.1 ESX ESX410-201101201-SG ESX 4.0 ESX not applicable ** ESX 3.5 ESX not applicable ** ESX 3.0.3 ESX not applicable ** * hosted products are VMware Workstation, Player, ACE, Fusion. ** this product uses the Oracle (Sun) JRE 1.5.0 family d. vCenter Update Manager Oracle (Sun) JRE is updated to version 1.5.0_26 Oracle (Sun) JRE update to version 1.5.0_26, which addresses multiple security issues that existed in earlier releases of Oracle (Sun) JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Oracle (Sun) JRE 1.5.0_26: CVE-2010-3556, CVE-2010-3566, CVE-2010-3567, CVE-2010-3550, CVE-2010-3561, CVE-2010-3573, CVE-2010-3565,CVE-2010-3568, CVE-2010-3569, CVE-2009-3555, CVE-2010-1321, CVE-2010-3548, CVE-2010-3551, CVE-2010-3562, CVE-2010-3571, CVE-2010-3554, CVE-2010-3559, CVE-2010-3572, CVE-2010-3553, CVE-2010-3549, CVE-2010-3557, CVE-2010-3541, CVE-2010-3574. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter 4.1 Windows not applicable ** vCenter 4.0 Windows affected, patch pending VirtualCenter 2.5 Windows affected, no patch planned Update Manager 4.1 Windows Update 1 Update Manager 4.0 Windows affected, patch pending Update Manager 1.0 Windows affected, no patch planned hosted * any any not affected ESXi any ESXi not affected ESX 4.1 ESX not applicable ** ESX 4.0 ESX affected, patch pending ESX 3.5 ESX affected, no patch planned ESX 3.0.3 ESX affected, no patch planned * hosted products are VMware Workstation, Player, ACE, Fusion. ** this product uses the Oracle (Sun) JRE 1.6.0 family e. vCenter Server and ESX Apache Tomcat updated to version 6.0.28 Apache Tomcat updated to version 6.0.28, which addresses multiple security issues that existed in earlier releases of Apache Tomcat The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.24: CVE-2009-2693, CVE-2009-2901, CVE-2009-2902,i and CVE-2009-3548. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.28: CVE-2010-2227, CVE-2010-1157. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter 4.1 Windows Update 1 vCenter 4.0 Windows affected, patch pending VirtualCenter 2.5 Windows not applicable ** hosted * any any not affected ESXi any ESXi not affected ESX 4.1 ESX ESX410-201101201-SG ESX 4.0 ESX affected, patch pending ESX 3.5 ESX not applicable ** ESX 3.0.3 ESX not applicable ** * hosted products are VMware Workstation, Player, ACE, Fusion. ** this product uses the Apache Tomcat 5.5 family f. vCenter Server third party component OpenSSL updated to version 0.9.8n The version of the OpenSSL library in vCenter Server is updated to 0.9.8n. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-0740 and CVE-2010-0433 to the issues addressed in this version of OpenSSL. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter 4.1 Windows Update 1 vCenter 4.0 Windows affected, patch pending VirtualCenter 2.5 Windows affected, no patch planned hosted * any any not applicable ESXi any ESXi not applicable ESX any ESX not applicable * hosted products are VMware Workstation, Player, ACE, Fusion. g. ESX third party component OpenSSL updated to version 0.9.8p The version of the ESX OpenSSL library is updated to 0.9.8p. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-3864 and CVE-2010-2939 to the issues addressed in this update. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not applicable hosted * any any not applicable ESXi 4.1 ESXi ESXi410-201101201-SG ESXi 4.0 ESXi affected, patch pending ESXi 3.5 ESXi affected, patch pending ESX 4.1 ESX ESX410-201101201-SG ESX 4.0 ESX affected, patch pending ESX 3.5 ESX affected, patch pending ESX 3.0.3 ESX affected, patch pending * hosted products are VMware Workstation, Player, ACE, Fusion. h. ESXi third party component cURL updated The version of cURL library in ESXi is updated. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-0734 to the issues addressed in this update. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not affected hosted * any any not affected ESXi 4.1 ESXi ESXi410-201101201-SG ESXi 4.0 ESXi affected, patch pending ESXi 3.5 ESXi affected, patch pending ESX any ESX not applicable * hosted products are VMware Workstation, Player, ACE, Fusion. i. ESX third party component pam_krb5 updated The version of pam_krb5 library is updated. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-3825 and CVE-2009-1384 to the issues addressed in the update. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.1 ESX ESX410-201101201-SG ESX 4.0 ESX not affected ESX 3.5 ESX not affected ESX 3.0.3 ESX not affected * hosted products are VMware Workstation, Player, ACE, Fusion. j. ESX third party update for Service Console kernel The Service Console kernel is updated to include kernel version 2.6.18-194.11.1. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-1084, CVE-2010-2066, CVE-2010-2070, CVE-2010-2226, CVE-2010-2248, CVE-2010-2521, CVE-2010-2524, CVE-2010-0008, CVE-2010-0415, CVE-2010-0437, CVE-2009-4308, CVE-2010-0003, CVE-2010-0007, CVE-2010-0307, CVE-2010-1086, CVE-2010-0410, CVE-2010-0730, CVE-2010-1085, CVE-2010-0291, CVE-2010-0622, CVE-2010-1087, CVE-2010-1173, CVE-2010-1437, CVE-2010-1088, CVE-2010-1187, CVE-2010-1436, CVE-2010-1641, and CVE-2010-3081 to the issues addressed in the update. Note: This update also addresses the 64-bit compatibility mode stack pointer underflow issue identified by CVE-2010-3081. This issue was patched in an ESX 4.1 patch prior to the release of ESX 4.1 Update 1. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.1 ESX ESX410-201101201-SG ESX 4.0 ESX affected, patch pending ESX 3.5 ESX not applicable ESX 3.0.3 ESX not applicable * hosted products are VMware Workstation, Player, ACE, Fusion. 4. Solution Please review the patch/release notes for your product and version and verify the checksum of your downloaded file. VMware vCenter Server 4.1 Update 1 and modules ---------------------------------------------- http://downloads.vmware.com/d/info/datacenter_downloads/vmware_vsphere_4/4_0 Release Notes: http://downloads.vmware.com/support/pubs/vs_pages/vsp_pubs_esx41_vc41.html File type: .iso md5sum: 729cf247aa5d33ceec431c86377eee1a sha1sum: c1e10a5fcbc1ae9d13348d43541d574c563d66f0 File type: .zip md5sum: fd1441bef48a153f2807f6823790e2f0 sha1sum: 31737a816ed1c08ab3a505fb6db2483f49ad7c19 VMware vSphere Client File type: .exe md5sum: cb6aa91ada1289575355d79e8c2a9f8e sha1sum: f9e3d8eb83196ae7c31aab554e344a46b722b1e4 ESXi 4.1 Installable Update 1 ----------------------------- http://downloads.vmware.com/d/info/datacenter_downloads/vmware_vsphere_4/4_0 Release Notes: http://downloads.vmware.com/support/vsphere4/doc/vsp_esxi41_u1_rel_notes.html http://kb.vmware.com/kb/1027919 File type: .iso MD5SUM: d68d6c2e040a87cd04cd18c04c22c998 SHA1SUM: bbaacc0d34503822c14f6ccfefb6a5b62d18ae64 ESXi 4.1 Update 1 (upgrade ZIP from ESXi 4.1) File type: .zip MD5SUM: 2f1e009c046b20042fae3b7ca42a840f SHA1SUM: 1c9c644012dec657a705ddd3d033cbfb87a1fab1 ESXi 4.1 Update 1 (upgrade ZIP from ESXi 4.0) File type: .zip MD5SUM: 67b924618d196dafaf268a7691bd1a0f SHA1SUM: 9d74b639e703259d9e49c0341158e0d4e45de516 ESXi 4.1 Update 1 (upgrade ZIP from ESXi 3.5) File type: .zip MD5SUM: a6024b9f6c6b7b2c629696afc6d07cf4 SHA1SUM: b3841de1a30617ac68d5a861882aa72de3a93488 VMware Tools CD image for Linux Guest OSes File type: .iso MD5SUM: dad66fa8ece1dd121c302f45444daa70 SHA1SUM: 56535a2cfa7799607356c6fd0a7d9f041da614af VMware vSphere Client File type: .exe MD5SUM: cb6aa91ada1289575355d79e8c2a9f8e SHA1SUM: f9e3d8eb83196ae7c31aab554e344a46b722b1e4 ESXi Installable Update 1 contains the following security bulletins: ESXi410-201101201-SG. ESX 4.1 Update 1 ---------------- http://downloads.vmware.com/d/info/datacenter_downloads/vmware_vsphere_4/4_0 Release Notes: http://downloads.vmware.com/support/vsphere4/doc/vsp_esx41_u1_rel_notes.html http://kb.vmware.com/kb/1029353 ESX 4.1 Update 1 (DVD ISO) File type: .iso md5sum: b9a275b419a20c7bedf31c0bf64f504e sha1sum: 2d85edcaca8218013585e1eab00bc80db6d96e11 ESX 4.1 Update 1 (upgrade ZIP from ESX 4.1) File type: .zip md5sum: 2d81a87e994aa2b329036f11d90b4c14 sha1sum: c2bfc0cf7ac03d24afd5049ddbd09a865aad1798 Pre-upgrade package for ESX 4.0 to ESX 4.1 Update 1 File type: .zip md5sum: 75f8cebfd55d8a81deb57c27def963c2 sha1sum: 889c15aa8008fe0e29439d0ab3468c2beb1c4fe2 ESX 4.1 Update 1 (upgrade ZIP from ESX 4.0) File type: .zip md5sum: 1dc9035cd10e7e60d27e7a7aef57b4c2 sha1sum: e6d3fb65d83a3e263d0f634a3572025854ff8922 VMware Tools CD image for Linux Guest OSes File type: .iso md5sum: dad66fa8ece1dd121c302f45444daa70 sha1sum: 56535a2cfa7799607356c6fd0a7d9f041da614af VMware vSphere Client File type: .exe md5sum: cb6aa91ada1289575355d79e8c2a9f8e sha1sum: f9e3d8eb83196ae7c31aab554e344a46b722b1e4 ESX410-Update01 contains the following security bulletins: ESX410-201101201-SG (COS kernel, pam_krb5, cURL, OpenSSL, Apache Tomcat, Oracle (Sun) JRE) | http://kb.vmware.com/kb/1027904 ESX410-201101226-SG (glibc) | http://kb.vmware.com/kb/1031330 ESX410-Update01 also contains the following non-security bulletins ESX410-201101211-UG, ESX410-201101213-UG, ESX410-201101215-UG, ESX410-201101202-UG, ESX410-201101203-UG, ESX410-201101204-UG, ESX410-201101206-UG, ESX410-201101207-UG, ESX410-201101208-UG, ESX410-201101214-UG, ESX410-201101216-UG, ESX410-201101217-UG, ESX410-201101218-UG, ESX410-201101219-UG, ESX410-201101220-UG, ESX410-201101221-UG, ESX410-201101222-UG, ESX410-201101225-UG. To install an individual bulletin use esxupdate with the -b option. 5. References CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5416 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0085 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0086 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0107 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0106 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2928 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0082 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0084 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0085 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0087 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0088 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0089 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0090 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0091 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0092 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0093 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0094 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0095 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0837 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0838 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0839 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0840 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0841 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0842 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0843 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0844 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0845 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0846 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0847 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0848 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0849 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0850 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0886 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2693 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2901 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2902 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3548 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2227 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1157 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0740 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0433 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3864 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2939 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0734 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3825 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1384 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1084 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2066 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2070 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2226 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2248 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2521 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2524 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0008 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0415 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0437 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4308 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0003 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0007 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0307 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1086 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0410 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0730 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1085 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0291 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0622 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1087 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1173 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1437 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1088 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1187 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1436 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1641 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3081 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3556 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3566 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3567 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3550 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3561 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3573 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3565 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3568 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3569 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1321 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3548 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3551 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3562 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3571 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3554 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3559 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3572 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3553 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3549 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3557 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3541 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3574 - ------------------------------------------------------------------------ 6. Change log 2011-02-10 VMSA-2011-0003 Initial security advisory in conjunction with the release of vCenter Server 4.1 Update 1, vCenter Update Manager 4.1 Update 1, ESXi 4.1 Update 1, and ESX 4.1 Update 1 on 2011-02-10. - ----------------------------------------------------------------------- 7. Contact E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: * security-announce at lists.vmware.com * bugtraq at securityfocus.com * full-disclosure at lists.grok.org.uk E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055 VMware Security Advisories http://www.vmware.com/security/advisories VMware security response policy http://www.vmware.com/support/policies/security_response.html General support life cycle policy http://www.vmware.com/support/policies/eos.html VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html Copyright 2011 VMware Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) iEYEARECAAYFAk1U1eoACgkQS2KysvBH1xm3swCfeh4sWvPOubDT1K7QlRj3SjW9 dxYAmwbNLMR9IG/rKZDYh9hqcf4IldCX =2pVj -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . HP System Management Homepage v6.2 or subsequent for Linux (x86), Linux (AMD64/EM64T), and Windows can be downloaded from the following link. ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Oracle Application Server Multiple Vulnerabilities SECUNIA ADVISORY ID: SA44293 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44293/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44293 RELEASE DATE: 2011-04-24 DISCUSS ADVISORY: http://secunia.com/advisories/44293/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44293/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44293 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Oracle Application Server, which can be exploited by malicious users and people to manipulate certain data. 1) An error exists in the C Oracle SSL API of the Oracle Security Service component and can be exploited to manipulate certain data. For more information see vulnerability #1: SA37291 2) An unspecified error in the Oracle HTTP Server component can be exploited to manipulate certain data. 3) An error exists in the Midtier Infrastructure of the Portal component and can be exploited to manipulate certain data. For more information see vulnerability #3: SA44246 4) An unspecified error in the Single Sign On component can be exploited by authenticated users to manipulate certain data. The vulnerabilities are reported in the following products: * Oracle Application Server 10g Release 2 version 10.1.2.3.0. SOLUTION: Apply updates (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: It is currently unclear who reported these vulnerabilities as the Oracle Critical Patch Update for April 2011 only provides a bundled list of credits. ORIGINAL ADVISORY: Oracle: http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html#AppendixAS OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. Corrected: 2009-12-03 09:18:40 UTC (RELENG_8, 8.0-STABLE) 2009-12-03 09:18:40 UTC (RELENG_8_0, 8.0-RELEASE-p1) 2009-12-03 09:18:40 UTC (RELENG_7, 7.2-STABLE) 2009-12-03 09:18:40 UTC (RELENG_7_2, 7.2-RELEASE-p5) 2009-12-03 09:18:40 UTC (RELENG_7_1, 7.1-RELEASE-p9) 2009-12-03 09:18:40 UTC (RELENG_6, 6.4-STABLE) 2009-12-03 09:18:40 UTC (RELENG_6_4, 6.4-RELEASE-p8) 2009-12-03 09:18:40 UTC (RELENG_6_3, 6.3-RELEASE-p14) CVE Name: CVE-2009-3555 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:http://security.FreeBSD.org/>. The most widespread use of SSL/TLS is to add security to the HTTP protocol, thus producing HTTPS. FreeBSD includes software from the OpenSSL Project which implements SSL and TLS. II. Problem Description The SSL version 3 and TLS protocols support session renegotiation without cryptographically tying the new session parameters to the old parameters. III. Impact An attacker who can intercept a TCP connection being used for SSL or TLS can cause the initial session negotiation to take the place of a session renegotiation. This can be exploited in several ways, including: * Causing a server to interpret incoming messages as having been sent under the auspices of a client SSL key when in fact they were not; * Causing a client request to be appended to an attacker-supplied request, potentially revealing to the attacker the contents of the client request (including any authentication parameters); and * Causing a client to receive a response to an attacker-supplied request instead of a response to the request sent by the client. IV. Solution NOTE WELL: This update causes OpenSSL to reject any attempt to renegotiate SSL / TLS session parameters. As a result, connections in which the other party attempts to renegotiate session parameters will break. In practice, however, session renegotiation is a rarely-used feature, so disabling this functionality is unlikely to cause problems for most systems. Perform one of the following: 1) Upgrade your vulnerable system to 6-STABLE, 7-STABLE, or 8-STABLE, or to the RELENG_8_0, RELENG_7_2, RELENG_7_1, RELENG_6_4, or RELENG_6_3 security branch dated after the correction date. 2) To patch your present system: The following patches have been verified to apply to FreeBSD 6.3, 6.4, 7.1, 7.2, and 8.0 systems. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch http://security.FreeBSD.org/patches/SA-09:15/ssl.patch # fetch http://security.FreeBSD.org/patches/SA-09:15/ssl.patch.asc b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch # cd /usr/src/secure/lib/libcrypto # make obj && make depend && make includes && make && make install NOTE: On the amd64 platform, the above procedure will not update the lib32 (i386 compatibility) libraries. On amd64 systems where the i386 compatibility libraries are used, the operating system should instead be recompiled as described in <URL:http://www.FreeBSD.org/handbook/makeworld.html> VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. CVS: Branch Revision Path - ------------------------------------------------------------------------- RELENG_6 src/crypto/openssl/ssl/s3_pkt.c 1.1.1.10.2.1 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.14.2.3 src/crypto/openssl/ssl/s3_lib.c 1.1.1.10.2.1 RELENG_6_4 src/UPDATING 1.416.2.40.2.12 src/sys/conf/newvers.sh 1.69.2.18.2.14 src/crypto/openssl/ssl/s3_pkt.c 1.1.1.10.12.1 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.14.2.1.6.2 src/crypto/openssl/ssl/s3_lib.c 1.1.1.10.12.1 RELENG_6_3 src/UPDATING 1.416.2.37.2.19 src/sys/conf/newvers.sh 1.69.2.15.2.18 src/crypto/openssl/ssl/s3_pkt.c 1.1.1.10.10.1 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.14.2.1.4.2 src/crypto/openssl/ssl/s3_lib.c 1.1.1.10.10.1 RELENG_7 src/crypto/openssl/ssl/s3_pkt.c 1.1.1.12.2.1 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.17.2.2 src/crypto/openssl/ssl/s3_lib.c 1.1.1.13.2.1 RELENG_7_2 src/UPDATING 1.507.2.23.2.8 src/sys/conf/newvers.sh 1.72.2.11.2.9 src/crypto/openssl/ssl/s3_pkt.c 1.1.1.12.8.1 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.17.2.1.2.1 src/crypto/openssl/ssl/s3_lib.c 1.1.1.13.8.1 RELENG_7_1 src/UPDATING 1.507.2.13.2.12 src/sys/conf/newvers.sh 1.72.2.9.2.13 src/crypto/openssl/ssl/s3_pkt.c 1.1.1.12.6.1 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.17.6.2 src/crypto/openssl/ssl/s3_lib.c 1.1.1.13.6.1 RELENG_8 src/crypto/openssl/ssl/s3_pkt.c 1.2.2.1 src/crypto/openssl/ssl/s3_srvr.c 1.3.2.1 src/crypto/openssl/ssl/s3_lib.c 1.2.2.1 RELENG_8_0 src/UPDATING 1.632.2.7.2.4 src/sys/conf/newvers.sh 1.83.2.6.2.4 src/crypto/openssl/ssl/s3_pkt.c 1.2.4.1 src/crypto/openssl/ssl/s3_srvr.c 1.3.4.1 src/crypto/openssl/ssl/s3_lib.c 1.2.4.1 - ------------------------------------------------------------------------- Subversion: Branch/path Revision - ------------------------------------------------------------------------- stable/6/ r200054 releng/6.4/ r200054 releng/6.3/ r200054 stable/7/ r200054 releng/7.2/ r200054 releng/7.1/ r200054 - ------------------------------------------------------------------------- VII. The vulnerability exists in how the protocol handles session renegotiation and exposes users to a potential man-in-the-middle attack. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20091109-tls.shtml. Affected Products ================= Cisco is currently evaluating products for possible exposure to these TLS issues. Products will only be listed in the Vulnerable Products or Products Confirmed Not Vulnerable sections of this advisory when a final determination about product exposure is made. Products that are not listed in either of these two sections are still being evaluated. Vulnerable Products - ------------------- This section will be updated when more information is available. Products Confirmed Not Vulnerable - --------------------------------- The following products are confirmed not vulnerable: * Cisco AnyConnect VPN Client This section will be updated when more information is available. The vulnerability exists in how the protocol handles session renegotiation and exposes users to a potential man-in-the-middle attack. The following Cisco Bug IDs are being used to track potential exposure to the SSL and TLS issues. The bugs listed below do not confirm that a product is vulnerable, but rather that the product is under investigation by the appropriate product teams. Registered Cisco customers can view these bugs via Cisco's Bug Toolkit: http://www.cisco.com/pcgi-bin/Support/Bugtool/launch_bugtool.pl +------------------------------------------------------------+ | Product | Bug ID | |----------------------------+-------------------------------| | Cisco Adaptive Security | CSCtd01491 | | Device Manager (ASDM) | | |----------------------------+-------------------------------| | Cisco AON Software | CSCtd01646 | | | | |----------------------------+-------------------------------| | Cisco AON Healthcare for | CSCtd01652 | | HIPAA and ePrescription | | |----------------------------+-------------------------------| | Cisco Application and | CSCtd01529 | | Content Networking System | | | (ACNS) Software | | |----------------------------+-------------------------------| | Cisco Application | CSCtd01480 | | Networking Manager | | |----------------------------+-------------------------------| | Cisco ASA 5500 Series | CSCtd00697 | | Adaptive Security | | | Appliances | | |----------------------------+-------------------------------| | Cisco ASA Advanced | | | Inspection and Prevention | CSCtd01539 | | (AIP) Security Services | | | Module | | |----------------------------+-------------------------------| | Cisco AVS 3100 Series | CSCtd01566 | | Application Velocity | | | System | | |----------------------------+-------------------------------| | Cisco Catalyst 6500 Series | CSCtd06389 | | SSL Services Module | | |----------------------------+-------------------------------| | Firewall Services Module | CSCtd04061 | | FWSM | | |----------------------------+-------------------------------| | Cisco CSS 11000 Series | CSCtd01636 | | Content Services Switches | | |----------------------------+-------------------------------| | Cisco Unified SIP Phones | CSCtd01446 | | | | |----------------------------+-------------------------------| | Cisco Data Center Network | CSCtd02635 | | Manager | | |----------------------------+-------------------------------| | Cisco Data Mobility | CSCtd02642 | | Manager | | |----------------------------+-------------------------------| | Cisco Digital Media | CSCtd01703 | | Encoders | | |----------------------------+-------------------------------| | Cisco Digital Media | CSCtd01692 | | Manager | | |----------------------------+-------------------------------| | Cisco Digital Media | CSCtd01718 | | Players | | |----------------------------+-------------------------------| | Cisco Emergency Responder | CSCtd02650 | | | | |----------------------------+-------------------------------| | Cisco IOS Software | CSCtd00658 | | | | |----------------------------+-------------------------------| | Cisco IOS XE Software | CSCtd00658 | | | | |----------------------------+-------------------------------| | Cisco IOS XR Software | CSCtd02658 | | | | |----------------------------+-------------------------------| | Cisco IP Communicator | CSCtd02662 | | | | |----------------------------+-------------------------------| | CATOS | CSCtd00662 | | | | |----------------------------+-------------------------------| | Cisco IronPort Appliances | CSCtd02069 | | | | |----------------------------+-------------------------------| | Cisco Unified MeetingPlace | CSCtd02709 | | | | |----------------------------+-------------------------------| | Cisco NAC Appliance (Clean | CSCtd01453 | | Access) | | |----------------------------+-------------------------------| | Cisco NAC Guest Server | CSCtd01462 | | | | |----------------------------+-------------------------------| | Cisco NAC Profiler | CSCtd02716 | | | | |----------------------------+-------------------------------| | Cisco Network Analysis | CSCtd02729 | | Module Software (NAM) | | |----------------------------+-------------------------------| | Cisco Network Registrar | CSCtd02748 | | | | |----------------------------+-------------------------------| | Cisco ONS 15500 Series | CSCtd02769 | | | | |----------------------------+-------------------------------| | Cisco Physical Access | CSCtd02777 | | Gateways | | |----------------------------+-------------------------------| | Cisco Physical Access | CSCtd03912 | | Manager | | |----------------------------+-------------------------------| | Cisco Physical Security | CSCtd03920 | | ISM | | |----------------------------+-------------------------------| | Cisco QoS Device Manager | CSCtd03923 | | | | |----------------------------+-------------------------------| | Cisco Secure Access | CSCtd00725 | | Control Server (ACS) | | |----------------------------+-------------------------------| | Cisco Secure Desktop | CSCtd03928 | | | | |----------------------------+-------------------------------| | Cisco Secure Services | CSCtd03935 | | Client | | |----------------------------+-------------------------------| | Cisco Security Agent CSA | CSCtd02689 | | | | |----------------------------+-------------------------------| | Cisco Security Monitoring, | CSCtd02654 | | Analysis and Response | | | System (MARS) | | |----------------------------+-------------------------------| | Cisco Unified IP Phones | CSCtd04121 | | | | |----------------------------+-------------------------------| | Cisco Service Control | CSCtd04171 | | Subscriber Manager | | |----------------------------+-------------------------------| | Cisco TelePresence Manager | CSCtd01771 | | | | |----------------------------+-------------------------------| | Telepresence for Consumer | CSCtd01752 | | | | |----------------------------+-------------------------------| | Cisco TelePresence | CSCtd01742 | | Recording Server | | |----------------------------+-------------------------------| | Cisco Network Asset | CSCtd04198 | | Collector | | |----------------------------+-------------------------------| | Cisco Unified | CSCtd01282 | | Communications Manager | | | (CallManager) | | |----------------------------+-------------------------------| | Cisco Unified Business | CSCtd05731 | | Attendant Console | | |----------------------------+-------------------------------| | Cisco Unified Contact | CSCtd05790 | | Center Enterprise | | |----------------------------+-------------------------------| | Cisco Unified Contact | CSCtd05790 | | Center Express | | |----------------------------+-------------------------------| | Cisco Unified Contact | CSCtd05755 | | Center Management Portal | | |----------------------------+-------------------------------| | Cisco Unified Contact | CSCtd05790 | | Center Products | | |----------------------------+-------------------------------| | Cisco Unified Department | CSCtd05733 | | Attendant Console | | |----------------------------+-------------------------------| | Cisco Unified E-Mail | CSCtd05756 | | Interaction Manager | | |----------------------------+-------------------------------| | Cisco Unified Enterprise | CSCtd05735 | | Attendant Console | | |----------------------------+-------------------------------| | Cisco Unified Mobile | CSCtd05762 | | Communicator | | |----------------------------+-------------------------------| | Cisco Unified Mobility | CSCtd05786 | | | | |----------------------------+-------------------------------| | Cisco Unified Mobility | CSCtd05783 | | Advantage | | |----------------------------+-------------------------------| | Cisco Unified Operations | CSCtd05784 | | Manager | | |----------------------------+-------------------------------| | Cisco Unified Personal | CSCtd05759 | | Communicator | | |----------------------------+-------------------------------| | Cisco Unified Presence | CSCtd05791 | | | | |----------------------------+-------------------------------| | Cisco Unified Provisioning | CSCtd05777 | | Manager | | |----------------------------+-------------------------------| | Cisco Unified Quick | CSCtd05738 | | Connect | | |----------------------------+-------------------------------| | Cisco Unified Service | CSCtd05780 | | Monitor | | |----------------------------+-------------------------------| | Cisco Unified Service | CStCd05778 | | Statistics Manager | | |----------------------------+-------------------------------| | Cisco Unified SIP Proxy | CSCtd05765 | | | | |----------------------------+-------------------------------| | Cisco Unity | CSCtd02855 | | | | |----------------------------+-------------------------------| | Cisco NX-OS Software | CSCtd00699 and CSCtd00703 | | | | |----------------------------+-------------------------------| | Cisco Video Portal | CSCtd04097 | | | | |----------------------------+-------------------------------| | Cisco Video Surveillance | CSCtd02831 | | Media Server Software | | |----------------------------+-------------------------------| | Cisco Video Surveillance | CSCtd02780 | | Operations Manager | | | Software | | |----------------------------+-------------------------------| | Cisco Wide Area File | CSCtd04106 | | Services Software (WAFS) | | |----------------------------+-------------------------------| | Cisco Wireless Control | CSCtd01625 | | System | | |----------------------------+-------------------------------| | Cisco Wireless LAN | CSCtd01611 | | Controller (WLAN) | | |----------------------------+-------------------------------| | Cisco Wireless Location | CSCtd04115 | | Appliance | | |----------------------------+-------------------------------| | CiscoWorks Common Services | CSCtd01597 | | Software | | |----------------------------+-------------------------------| | CiscoWorks Wireless LAN | CSCtd04111 | | Solution Engine (WLSE) | | +------------------------------------------------------------+ This vulnerability has been assigned the Common Vulnerabilities and Exposures (CVE) identifier CVE-2009-3555. Vulnerability Scoring Details +---------------------------- Cisco has provided scores for the vulnerability in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss * TLS Renegotiation Vulnerability (all Cisco Bugs above) CVSS Base Score - 4.3 Access Vector - Network Access Complexity - Medium Authentication - None Confidentiality Impact - None Integrity Impact - Partial Availability Impact - None CVSS Temporal Score - 4.1 Exploitability - Functional Remediation Level - Unavailable Report Confidence - Confirmed Impact ====== This section will be updated when more information is available. Software Versions and Fixes =========================== This section will be updated to include fixed software versions for affected Cisco products as they become available. Workarounds =========== Workarounds are being investigated. This section will be updated when more information becomes available. Obtaining Fixed Software ======================== Cisco has released free software updates that address this vulnerability. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html, or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml. Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations - ------------------------------------------------- Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts - ----------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== This vulnerability was initially discovered by Marsh Ray and Steve Dispensa from PhoneFactor, Inc. Cisco is not aware of any malicious exploitation of this vulnerability. Proof-of-concept exploit code has been published for this vulnerability. Status of this Notice: INTERIM ============================== THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at: http://www.cisco.com/warp/public/707/cisco-sa-20091109-tls.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +------------------------------------------------------------+ | Revision 1.0 | 2009-November-9 | Initial public release | +------------------------------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html. This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psirt. +-------------------------------------------------------------------- Copyright 2008-2009 Cisco Systems, Inc. These vulnerabilities could allow remote execution of arbitrary code, disclosure of information, and other vulnerabilities. HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 6.0.06 or earlier HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 5.0.19 or earlier HP-UX B.11.11, B.11.23, B.11.31 running HP Java SDK and RTE 1.4.2.24 or earlier BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2009-3555 (AV:N/AC:L/Au:N/C:N/I:P/A:P) 6.4 CVE-2010-0082 (AV:N/AC:H/Au:N/C:P/I:P/A:P) 5.1 CVE-2010-0084 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2010-0085 (AV:N/AC:H/Au:N/C:P/I:P/A:P) 5.1 CVE-2010-0087 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0088 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2010-0089 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2010-0091 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2010-0092 (AV:N/AC:H/Au:N/C:P/I:P/A:P) 5.1 CVE-2010-0093 (AV:N/AC:H/Au:N/C:P/I:P/A:P) 5.1 CVE-2010-0094 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0095 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2010-0837 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0838 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0839 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0840 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0841 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0842 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0843 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0844 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0845 (AV:N/AC:H/Au:N/C:P/I:P/A:P) 5.1 CVE-2010-0846 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0847 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0848 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0849 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has provided the following upgrades to resolve these vulnerabilities The upgrades are available from the following location http://www.hp.com/go/java HP-UX B.11.31 JDK and JRE v6.0.07 or subsequent JDK and JRE v5.0.20 or subsequent SDK and JRE v1.4.2.25 or subsequent HP-UX B.11.23 JDK and JRE v6.0.07 or subsequent JDK and JRE v5.0.20 or subsequent SDK and JRE v1.4.2.25 or subsequent HP-UX B.11.11 JDK and JRE v6.0.07 or subsequent JDK and JRE v5.0.20 or subsequent SDK and JRE v1.4.2.25 or subsequent MANUAL ACTIONS: Yes - Update For Java v6.0.06 and earlier, update to Java v6.0.07 or subsequent For Java v5.0.19 and earlier, update to Java v5.0.20 or subsequent For Java v1.4.2.24 and earlier, update to Java v1.4.2.25 or subsequent PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. =========================================================== Ubuntu Security Notice USN-927-6 July 23, 2010 nss vulnerability CVE-2009-3555 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 9.04: libnss3-1d 3.12.6-0ubuntu0.9.04.1 After a standard system upgrade you need to restart your session to effect the necessary changes. Details follow: USN-927-1 fixed vulnerabilities in NSS on Ubuntu 9.10. This update provides the corresponding updates for Ubuntu 9.04. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds support for the new new renegotiation extension and will use it when the server supports it. Updated packages for Ubuntu 9.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.6-0ubuntu0.9.04.1.diff.gz Size/MD5: 36776 09e94267337a3318b4955b7a830f5244 http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.6-0ubuntu0.9.04.1.dsc Size/MD5: 1651 a682fa17ab7385f06eae108e3b8eeb76 http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.6.orig.tar.gz Size/MD5: 5947630 da42596665f226de5eb3ecfc1ec57cd1 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_amd64.deb Size/MD5: 3355322 1901b0a2e9022baccca540cb776da507 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_amd64.deb Size/MD5: 1230706 a5be600c34d6c62f3c7c7d9fe8fe6807 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_amd64.deb Size/MD5: 263110 37bf5e46dc372000a1932336ded61143 http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_amd64.deb Size/MD5: 17788 cb888df2baa2d06cf98091f1bd033496 http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_amd64.deb Size/MD5: 318718 77e6de51c2beebe6a2570e1f70069d91 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_i386.deb Size/MD5: 3181812 ab6888c9709c1101e0f07bda925ea76b http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_i386.deb Size/MD5: 1112446 64e165966e297b247e220aa017851248 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_i386.deb Size/MD5: 260434 6dc65e066be54da5a4ad7e784c37fa49 http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_i386.deb Size/MD5: 17790 6a4afb594384085b41502911476f9d27 http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_i386.deb Size/MD5: 301968 a5f1eb30b4dd64bbac568873ad700887 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_lpia.deb Size/MD5: 3220356 1bed6847d860f8dd0a845062cf227322 http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_lpia.deb Size/MD5: 1085226 c5e07d7711f257888071d97ff551f42e http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_lpia.deb Size/MD5: 259084 d6424f00ee83eaf9abb433768edb37c2 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_lpia.deb Size/MD5: 17788 217da64905b090392eb4acfa43d282c2 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_lpia.deb Size/MD5: 297772 7f223b5673372154a73cf84c9ed6bfda powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_powerpc.deb Size/MD5: 3330434 d4c4fe0a437c5f2dd20b81df2cf936b5 http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_powerpc.deb Size/MD5: 1202898 b27bda4a282c5b46733dcc21519cc4b6 http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_powerpc.deb Size/MD5: 262126 bb796b31d740e38581a37003a89c18a5 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_powerpc.deb Size/MD5: 17794 0109fab35491b7f7f6e8d9649acbd728 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_powerpc.deb Size/MD5: 323344 8e6f667e0df078a4b68d72acddfc3326 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_sparc.deb Size/MD5: 2988064 97a10a1098bc541808ead09dcb1711c5 http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_sparc.deb Size/MD5: 1074248 4de13c4f7e970d56fa65e6f0e472f320 http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_sparc.deb Size/MD5: 257214 d1ee26bd6f9e26f93f8b8af403d41b1a http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_sparc.deb Size/MD5: 17794 2f08b7d40b6069754762083051c03f27 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_sparc.deb Size/MD5: 303452 b1dc3dbcbf441a81ef5005e72ad60620 -- Jamie Strandboge | http://www.canonical.com . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02079216 Version: 1 HPSBUX02517 SSRT100058 rev.1 - HP-UX Running OpenSSL, Remote Unauthorized Information Disclosure, Unauthorized Data Modification, Denial of Service (DoS) NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2010-04-13 Last Updated: 2010-04-13 Potential Security Impact: Remote unauthorized information disclosure, unauthorized data modification, Denial of Service (DoS) Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities has been identified with HP-UX OpenSSL. These vulnerabilities could be exploited remotely for unauthorized information disclosure, unauthorized data modification, and to create a Denial of Service (DoS). HP-UX B.11.11, B.11.23, B.11.31 running OpenSSL before vA.00.09.08n. BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2009-3245 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2009-3555 (AV:N/AC:L/Au:N/C:N/I:P/A:P) 6.4 CVE-2009-4355 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2010-0433 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2010-0740 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has provided upgrades to resolve these vulnerabilities. Host / Account / Password ftp.usa.hp.com / sb02517 / Secure12 HP-UX Release / Depot Name / SHA-1 digest B.11.11 PA (32 and 64) / OpenSSL_A.00.09.08n.001_HP-UX_B.11.11_32+64.depot / 2FE85DEE859C93F9D02A69666A455E9A7442DC5D B.11.23 (PA and IA) / OpenSSL_A.00.09.08n.002_HP-UX_B.11.23_IA-PA.depot / 69F9AEE88F89C53FFE6794822F6A843F312384CD B.11.31 (PA and IA) / OpenSSL_A.00.09.08n.003_HP-UX_B.11.31_IA-PA.depot / 07A205AA57B4BDF98B65D31287CDCBE3B9F011D5 MANUAL ACTIONS: Yes - Update Install OpenSSL A.00.09.08n or subsequent PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. AFFECTED VERSIONS HP-UX B.11.11 ================== openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: install revision A.00.09.08n.001 or subsequent HP-UX B.11.23 ================== openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: install revision A.00.09.08n.002 or subsequent HP-UX B.11.31 ================== openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: install revision A.00.09.08n.003 or subsequent END AFFECTED VERSIONS HISTORY Version:1 (rev.1) 13 April 2010 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For further information, contact normal HP Services support channel. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches -check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems -verify your operating system selections are checked and save. To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections. To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do * The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. The vulnerabilities are reported in versions prior to 3.2.1. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ATTENTION: After applying this update, a patched server will allow both patched and unpatched clients to connect, but unpatched clients will not be able to renegotiate. HP Secure Web Server (SWS) for OpenVMS running CSWS_JAVA V3.1 and earlier. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. For the stable distribution (lenny), the problem has been fixed in version 1.4.19-5+lenny2. The packages for the hppa, mips, and mipsel architectures are not yet available. They will be released as soon as they have been built. For the unstable distribution (sid), and the testing distribution (squeeze), the problem has been fixed some time ago in version 1.4.26-3. We recommend that you upgrade your lighttpd packages

Trust: 3.78

sources: NVD: CVE-2009-3555 // JVNDB: JVNDB-2009-002319 // CERT/CC: VU#120541 // PACKETSTORM: 92497 // PACKETSTORM: 98419 // PACKETSTORM: 93944 // PACKETSTORM: 100761 // PACKETSTORM: 83414 // PACKETSTORM: 82657 // VULHUB: VHN-41001 // PACKETSTORM: 90262 // PACKETSTORM: 111583 // PACKETSTORM: 92095 // PACKETSTORM: 88387 // PACKETSTORM: 90344 // PACKETSTORM: 88224 // PACKETSTORM: 94087 // PACKETSTORM: 111920 // PACKETSTORM: 97489

AFFECTED PRODUCTS

vendor:opensslmodel:opensslscope:lteversion:0.9.8k

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:8.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:8.04

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:8.10

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:13

Trust: 1.0

vendor:f5model:nginxscope:lteversion:0.8.22

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:4.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:10.04

Trust: 1.0

vendor:apachemodel:http serverscope:lteversion:2.2.14

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:9.10

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:10.10

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:9.04

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:7.0

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:11

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:14

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:12

Trust: 1.0

vendor:mozillamodel:nssscope:lteversion:3.12.4

Trust: 1.0

vendor:gnumodel:gnutlsscope:lteversion:2.8.5

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:6.0

Trust: 1.0

vendor:f5model:nginxscope:gteversion:0.1.0

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:5.0

Trust: 1.0

vendor:barracudamodel: - scope: - version: -

Trust: 0.8

vendor:debian gnu linuxmodel: - scope: - version: -

Trust: 0.8

vendor:gnutlsmodel: - scope: - version: -

Trust: 0.8

vendor:hewlett packardmodel: - scope: - version: -

Trust: 0.8

vendor:ibmmodel: - scope: - version: -

Trust: 0.8

vendor:mcafeemodel: - scope: - version: -

Trust: 0.8

vendor:sun microsystemsmodel: - scope: - version: -

Trust: 0.8

vendor:apachemodel:http serverscope:ltversion:2.2.15

Trust: 0.8

vendor:apachemodel:http serverscope:ltversion:2.3.6

Trust: 0.8

vendor:ibmmodel:db2scope:ltversion:9.1 fp9

Trust: 0.8

vendor:ibmmodel:db2scope:ltversion:9.5 fp6a

Trust: 0.8

vendor:ibmmodel:db2scope:ltversion:9.7 fp2

Trust: 0.8

vendor:ibmmodel:http serverscope:eqversion:2.0.47.x

Trust: 0.8

vendor:ibmmodel:http serverscope:eqversion:6.0.2

Trust: 0.8

vendor:ibmmodel:http serverscope:eqversion:6.1

Trust: 0.8

vendor:ibmmodel:http serverscope:eqversion:7.0

Trust: 0.8

vendor:ibmmodel:sdk,scope:eqversion:1.4.2

Trust: 0.8

vendor:ibmmodel:sdk,scope:eqversion:1.5

Trust: 0.8

vendor:ibmmodel:websphere application serverscope:eqversion:6.0.2

Trust: 0.8

vendor:ibmmodel:websphere application serverscope:eqversion:6.1

Trust: 0.8

vendor:ibmmodel:websphere application serverscope:eqversion:7.0

Trust: 0.8

vendor:mozillamodel:firefoxscope:ltversion:3.5.9

Trust: 0.8

vendor:mozillamodel:firefoxscope:ltversion:3.6.2

Trust: 0.8

vendor:mozillamodel:seamonkeyscope:ltversion:2.0.4

Trust: 0.8

vendor:mozillamodel:thunderbirdscope:ltversion:3.0.4

Trust: 0.8

vendor:openofficemodel:openoffice.orgscope:eqversion:2.x

Trust: 0.8

vendor:openofficemodel:openoffice.orgscope:ltversion:3.2.1

Trust: 0.8

vendor:opensslmodel:opensslscope:ltversion:0.9.8l

Trust: 0.8

vendor:proftpdmodel:proftpdscope:ltversion:1.3.2c

Trust: 0.8

vendor:vmwaremodel:esxscope:eqversion:3.0.3

Trust: 0.8

vendor:vmwaremodel:esxscope:eqversion:3.5

Trust: 0.8

vendor:vmwaremodel:esxscope:eqversion:4.0

Trust: 0.8

vendor:vmwaremodel:esxscope:eqversion:4.1

Trust: 0.8

vendor:vmwaremodel:vcenterscope:eqversion:4.0

Trust: 0.8

vendor:vmwaremodel:vcenterscope:eqversion:4.1

Trust: 0.8

vendor:vmwaremodel:virtualcenterscope:eqversion:2.5

Trust: 0.8

vendor:vmwaremodel:vsphere update managerscope:eqversion:1.0

Trust: 0.8

vendor:vmwaremodel:vsphere update managerscope:eqversion:4.0

Trust: 0.8

vendor:vmwaremodel:vsphere update managerscope:eqversion:4.1

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:v10.5.8

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:v10.6.2

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:v10.6.3

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.5.8

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.6.2

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.6.3

Trust: 0.8

vendor:oraclemodel:opensolarisscope: - version: -

Trust: 0.8

vendor:oraclemodel:databasescope:eqversion:server 10.1.0.5

Trust: 0.8

vendor:oraclemodel:databasescope:eqversion:server 10.2.0.3

Trust: 0.8

vendor:oraclemodel:databasescope:eqversion:server 10.2.0.4

Trust: 0.8

vendor:oraclemodel:databasescope:eqversion:server 10.2.0.5

Trust: 0.8

vendor:oraclemodel:databasescope:eqversion:server 11.1.0.7

Trust: 0.8

vendor:oraclemodel:databasescope:eqversion:server 11.2.0.1

Trust: 0.8

vendor:oraclemodel:databasescope:eqversion:server 11.2.0.2

Trust: 0.8

vendor:oraclemodel:fusion middlewarescope:eqversion:10.0 mp2

Trust: 0.8

vendor:oraclemodel:fusion middlewarescope:eqversion:10.0.2

Trust: 0.8

vendor:oraclemodel:fusion middlewarescope:eqversion:10.1.2.3

Trust: 0.8

vendor:oraclemodel:fusion middlewarescope:eqversion:10.1.3.5

Trust: 0.8

vendor:oraclemodel:fusion middlewarescope:eqversion:10.1.4.0.1

Trust: 0.8

vendor:oraclemodel:fusion middlewarescope:eqversion:10.1.4.3

Trust: 0.8

vendor:oraclemodel:fusion middlewarescope:eqversion:10.3.2

Trust: 0.8

vendor:oraclemodel:fusion middlewarescope:eqversion:10.3.3

Trust: 0.8

vendor:oraclemodel:fusion middlewarescope:eqversion:11.1.1.2.0

Trust: 0.8

vendor:oraclemodel:fusion middlewarescope:eqversion:11.1.1.3.0

Trust: 0.8

vendor:oraclemodel:fusion middlewarescope:eqversion:7.0 sp7

Trust: 0.8

vendor:oraclemodel:fusion middlewarescope:eqversion:8.1 sp6

Trust: 0.8

vendor:oraclemodel:fusion middlewarescope:eqversion:8.1.6

Trust: 0.8

vendor:oraclemodel:fusion middlewarescope:eqversion:9.0

Trust: 0.8

vendor:oraclemodel:fusion middlewarescope:eqversion:9.1

Trust: 0.8

vendor:oraclemodel:fusion middlewarescope:eqversion:9.2 mp3

Trust: 0.8

vendor:oraclemodel:fusion middlewarescope:eqversion:9.2.3

Trust: 0.8

vendor:oraclemodel:fusion middlewarescope:eqversion:9.2.4

Trust: 0.8

vendor:oraclemodel:solarisscope:eqversion:10

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:3 (x86)

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:3 (x86-64)

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:3.0

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:3.0 (x86-64)

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:4.0

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:4.0 (x86-64)

Trust: 0.8

vendor:sybasemodel:sap sybase adaptive server enterprisescope: - version: -

Trust: 0.8

vendor:sun microsystemsmodel:jdkscope:lteversion:5.0 update 25

Trust: 0.8

vendor:sun microsystemsmodel:jdkscope:lteversion:6 update 21

Trust: 0.8

vendor:sun microsystemsmodel:jrescope:lteversion:1.4.2_27

Trust: 0.8

vendor:sun microsystemsmodel:jrescope:lteversion:5.0 update 25

Trust: 0.8

vendor:sun microsystemsmodel:jrescope:lteversion:6 update 21

Trust: 0.8

vendor:sun microsystemsmodel:opensolarisscope:eqversion:(sparc)

Trust: 0.8

vendor:sun microsystemsmodel:opensolarisscope:eqversion:(x86)

Trust: 0.8

vendor:sun microsystemsmodel:sdkscope:lteversion:1.4.2_27

Trust: 0.8

vendor:sun microsystemsmodel:glassfish enterprise serverscope:eqversion:v2.1.1

Trust: 0.8

vendor:sun microsystemsmodel:java enterprise systemscope:eqversion:2005q4

Trust: 0.8

vendor:sun microsystemsmodel:java enterprise systemscope:eqversion:5

Trust: 0.8

vendor:sun microsystemsmodel:java system application serverscope:eqversion:8.0

Trust: 0.8

vendor:sun microsystemsmodel:java system application serverscope:eqversion:8.1

Trust: 0.8

vendor:sun microsystemsmodel:java system application serverscope:eqversion:8.2

Trust: 0.8

vendor:sun microsystemsmodel:java system web proxy serverscope:eqversion:4.0 - 4.0.12

Trust: 0.8

vendor:sun microsystemsmodel:java system web serverscope:eqversion:6.1

Trust: 0.8

vendor:sun microsystemsmodel:java system web serverscope:eqversion:7.0

Trust: 0.8

vendor:sun microsystemsmodel:solarisscope:eqversion:10 (sparc)

Trust: 0.8

vendor:sun microsystemsmodel:solarisscope:eqversion:10 (x86)

Trust: 0.8

vendor:sun microsystemsmodel:solarisscope:eqversion:8 (sparc)

Trust: 0.8

vendor:sun microsystemsmodel:solarisscope:eqversion:8 (x86)

Trust: 0.8

vendor:sun microsystemsmodel:solarisscope:eqversion:9 (sparc)

Trust: 0.8

vendor:sun microsystemsmodel:solarisscope:eqversion:9 (x86)

Trust: 0.8

vendor:turbo linuxmodel:turbolinux appliance serverscope:eqversion:2.0

Trust: 0.8

vendor:turbo linuxmodel:turbolinux appliance serverscope:eqversion:3.0

Trust: 0.8

vendor:turbo linuxmodel:turbolinux appliance serverscope:eqversion:3.0 (x64)

Trust: 0.8

vendor:turbo linuxmodel:turbolinux clientscope:eqversion:2008

Trust: 0.8

vendor:turbo linuxmodel:turbolinux fujiscope:eqversion:( extended maintenance )

Trust: 0.8

vendor:turbo linuxmodel:turbolinux serverscope:eqversion:10 ( extended maintenance )

Trust: 0.8

vendor:turbo linuxmodel:turbolinux serverscope:eqversion:10 (x64) ( extended maintenance )

Trust: 0.8

vendor:turbo linuxmodel:turbolinux serverscope:eqversion:11

Trust: 0.8

vendor:turbo linuxmodel:turbolinux serverscope:eqversion:11 (x64)

Trust: 0.8

vendor:hewlett packardmodel:hp systems insight managerscope:ltversion:7.0

Trust: 0.8

vendor:hewlett packardmodel:hp virtual connectscope:ltversion:8gb 24 port fiber channel module 3.00 (vc ( virtual connect ) 4.40 )

Trust: 0.8

vendor:hewlett packardmodel:hp-uxscope:eqversion:11.11

Trust: 0.8

vendor:hewlett packardmodel:hp-uxscope:eqversion:11.23

Trust: 0.8

vendor:hewlett packardmodel:hp-uxscope:eqversion:11.31

Trust: 0.8

vendor:hewlett packardmodel:hpe matrix operating environmentscope: - version: -

Trust: 0.8

vendor:hewlett packardmodel:hpe systems insight managerscope: - version: -

Trust: 0.8

vendor:blue coatmodel:directorscope: - version: -

Trust: 0.8

vendor:blue coatmodel:intelligencecenterscope: - version: -

Trust: 0.8

vendor:blue coatmodel:packetshaperscope: - version: -

Trust: 0.8

vendor:blue coatmodel:proxyavscope: - version: -

Trust: 0.8

vendor:blue coatmodel:proxyclientscope: - version: -

Trust: 0.8

vendor:blue coatmodel:reporterscope: - version: -

Trust: 0.8

vendor:blue coatmodel:proxysgscope: - version: -

Trust: 0.8

vendor:blue coatmodel:sgosscope:eqversion:4

Trust: 0.8

vendor:blue coatmodel:sgosscope:eqversion:5

Trust: 0.8

vendor:blue coatmodel:sgosscope:eqversion:6

Trust: 0.8

vendor:microsoftmodel:windows 2000scope: - version: -

Trust: 0.8

vendor:microsoftmodel:windows 7scope:eqversion:(x32)

Trust: 0.8

vendor:microsoftmodel:windows 7scope:eqversion:(x64)

Trust: 0.8

vendor:microsoftmodel:windows server 2003scope:eqversion:none

Trust: 0.8

vendor:microsoftmodel:windows server 2003scope:eqversion:(itanium)

Trust: 0.8

vendor:microsoftmodel:windows server 2003scope:eqversion:(x64)

Trust: 0.8

vendor:microsoftmodel:windows server 2008scope:eqversion:(itanium)

Trust: 0.8

vendor:microsoftmodel:windows server 2008scope:eqversion:(x64)

Trust: 0.8

vendor:microsoftmodel:windows server 2008scope:eqversion:(x86)

Trust: 0.8

vendor:microsoftmodel:windows server 2008scope:eqversion:r2(itanium)

Trust: 0.8

vendor:microsoftmodel:windows server 2008scope:eqversion:r2(x64)

Trust: 0.8

vendor:microsoftmodel:windows vistascope:eqversion:none

Trust: 0.8

vendor:microsoftmodel:windows vistascope:eqversion:(x64)

Trust: 0.8

vendor:microsoftmodel:windows xpscope:eqversion:(x64)

Trust: 0.8

vendor:microsoftmodel:windows xpscope:eqversion:sp3

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:3 (as)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:3 (es)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:3 (ws)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:4 (as)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:4 (es)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:4 (ws)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:4.8 (as)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:4.8 (es)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:5 (server)

Trust: 0.8

vendor:red hatmodel:enterprise linux desktopscope:eqversion:3.0

Trust: 0.8

vendor:red hatmodel:enterprise linux desktopscope:eqversion:4.0

Trust: 0.8

vendor:red hatmodel:enterprise linux desktopscope:eqversion:5.0 (client)

Trust: 0.8

vendor:red hatmodel:enterprise linux desktopscope:eqversion:6

Trust: 0.8

vendor:red hatmodel:enterprise linux eusscope:eqversion:5.4.z (server)

Trust: 0.8

vendor:red hatmodel:enterprise linux extrasscope:eqversion:3 extras

Trust: 0.8

vendor:red hatmodel:enterprise linux extrasscope:eqversion:4 extras

Trust: 0.8

vendor:red hatmodel:enterprise linux extrasscope:eqversion:4.7.z extras

Trust: 0.8

vendor:red hatmodel:enterprise linux extrasscope:eqversion:4.8.z extras

Trust: 0.8

vendor:red hatmodel:enterprise linux hpc nodescope:eqversion:6

Trust: 0.8

vendor:red hatmodel:enterprise linux hpc node supplementaryscope:eqversion:6

Trust: 0.8

vendor:red hatmodel:enterprise linux serverscope:eqversion:6

Trust: 0.8

vendor:red hatmodel:enterprise linux server supplementaryscope:eqversion:6

Trust: 0.8

vendor:red hatmodel:enterprise linux workstationscope:eqversion:6

Trust: 0.8

vendor:red hatmodel:enterprise linux workstation supplementaryscope:eqversion:6

Trust: 0.8

vendor:red hatmodel:rhel desktop supplementaryscope:eqversion:5 (client)

Trust: 0.8

vendor:red hatmodel:rhel desktop supplementaryscope:eqversion:6

Trust: 0.8

vendor:red hatmodel:rhel desktop workstationscope:eqversion:5 (client)

Trust: 0.8

vendor:red hatmodel:rhel supplementaryscope:eqversion:5 (server)

Trust: 0.8

vendor:red hatmodel:rhel supplementary eusscope:eqversion:5.2.z (server)

Trust: 0.8

vendor:red hatmodel:rhel supplementary eusscope:eqversion:5.3.z (server)

Trust: 0.8

vendor:red hatmodel:rhel supplementary eusscope:eqversion:5.4.z (server)

Trust: 0.8

vendor:necmodel:csviewscope: - version: -

Trust: 0.8

vendor:necmodel:websam assetsuitescope: - version: -

Trust: 0.8

vendor:hitachimodel:cosminexus application serverscope:eqversion:enterprise version 6

Trust: 0.8

vendor:hitachimodel:cosminexus application serverscope:eqversion:standard version 6

Trust: 0.8

vendor:hitachimodel:cosminexus application serverscope:eqversion:version 5

Trust: 0.8

vendor:hitachimodel:cosminexus clientscope:eqversion:version 6

Trust: 0.8

vendor:hitachimodel:cosminexus developerscope:eqversion:light version 6

Trust: 0.8

vendor:hitachimodel:cosminexus developerscope:eqversion:professional version 6

Trust: 0.8

vendor:hitachimodel:cosminexus developerscope:eqversion:standard version 6

Trust: 0.8

vendor:hitachimodel:cosminexus developerscope:eqversion:version 5

Trust: 0.8

vendor:hitachimodel:cosminexus developer's kit for javascope: - version: -

Trust: 0.8

vendor:hitachimodel:cosminexus serverscope:eqversion:- standard edition version 4

Trust: 0.8

vendor:hitachimodel:cosminexus serverscope:eqversion:- web edition version 4

Trust: 0.8

vendor:hitachimodel:cosminexus studioscope:eqversion:- standard edition version 4

Trust: 0.8

vendor:hitachimodel:cosminexus studioscope:eqversion:- web edition version 4

Trust: 0.8

vendor:hitachimodel:cosminexus studioscope:eqversion:version 5

Trust: 0.8

vendor:hitachimodel:developer's kit for javascope: - version: -

Trust: 0.8

vendor:hitachimodel:web serverscope:eqversion:none

Trust: 0.8

vendor:hitachimodel:web serverscope:eqversion:- security enhancement

Trust: 0.8

vendor:hitachimodel:processing kit for xmlscope: - version: -

Trust: 0.8

vendor:hitachimodel:ucosminexus application serverscope:eqversion:enterprise

Trust: 0.8

vendor:hitachimodel:ucosminexus application serverscope:eqversion:standard

Trust: 0.8

vendor:hitachimodel:ucosminexus clientscope: - version: -

Trust: 0.8

vendor:hitachimodel:ucosminexus developerscope:eqversion:light

Trust: 0.8

vendor:hitachimodel:ucosminexus developerscope:eqversion:professional

Trust: 0.8

vendor:hitachimodel:ucosminexus developerscope:eqversion:standard

Trust: 0.8

vendor:hitachimodel:ucosminexus operatorscope: - version: -

Trust: 0.8

vendor:hitachimodel:ucosminexus portal frameworkscope:eqversion:entry set

Trust: 0.8

vendor:hitachimodel:ucosminexus servicescope:eqversion:architect

Trust: 0.8

vendor:hitachimodel:ucosminexus servicescope:eqversion:platform

Trust: 0.8

sources: CERT/CC: VU#120541 // JVNDB: JVNDB-2009-002319 // NVD: CVE-2009-3555

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2009-3555
value: MEDIUM

Trust: 1.0

NVD: CVE-2009-3555
value: 0

Trust: 0.8

NVD: CVE-2009-3555
value: MEDIUM

Trust: 0.8

VULHUB: VHN-41001
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2009-3555
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: CVE-2009-3555
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-41001
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#120541 // VULHUB: VHN-41001 // JVNDB: JVNDB-2009-002319 // NVD: CVE-2009-3555

PROBLEMTYPE DATA

problemtype:CWE-295

Trust: 1.1

problemtype:CWE-310

Trust: 0.9

sources: VULHUB: VHN-41001 // JVNDB: JVNDB-2009-002319 // NVD: CVE-2009-3555

THREAT TYPE

remote

Trust: 0.1

sources: PACKETSTORM: 90262

TYPE

arbitrary

Trust: 0.4

sources: PACKETSTORM: 90262 // PACKETSTORM: 92095 // PACKETSTORM: 88224 // PACKETSTORM: 94087

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2009-002319

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-41001

PATCH
title:Changes with Apache 2.2.15url:http://www.apache.org/dist/httpd/CHANGES_2.2.15
Trust: 0.8
title:Changes with Apache 2.3.6url:http://www.apache.org/dist/httpd/CHANGES_2.3.6
Trust: 0.8
title:HT4170url:http://support.apple.com/kb/HT4170
Trust: 0.8
title:HT4418url:http://support.apple.com/kb/HT4418
Trust: 0.8
title:HT4171url:http://support.apple.com/kb/HT4171
Trust: 0.8
title:HT4004url:http://support.apple.com/kb/HT4004
Trust: 0.8
title:HT4417url:http://support.apple.com/kb/HT4417
Trust: 0.8
title:HT4004url:http://support.apple.com/kb/HT4004?viewlocale=ja_JP
Trust: 0.8
title:HT4417url:http://support.apple.com/kb/HT4417?viewlocale=ja_JP
Trust: 0.8
title:HT4170url:http://support.apple.com/kb/HT4170?viewlocale=ja_JP
Trust: 0.8
title:HT4418url:http://support.apple.com/kb/HT4418?viewlocale=ja_JP
Trust: 0.8
title:HT4171url:http://support.apple.com/kb/HT4171?viewlocale=ja_JP
Trust: 0.8
title:openssl097a-0.9.7a-9.AXS3.2url:https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=1011
Trust: 0.8
title:jdk-1.6.0_19url:https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=1028
Trust: 0.8
title:httpd-2.2.3-31.2.1AXS3url:https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=774
Trust: 0.8
title:nss-3.12.6-1.AXS3 and nspr-4.8.4-1.AXS3url:https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=1012
Trust: 0.8
title:gnutls-1.4.1-3.8.0.1.AXS3url:https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=1013
Trust: 0.8
title:jdk-1.6.0_22url:https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=1285
Trust: 0.8
title:openssl-0.9.8e-12.AXS3.6url:https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=1014
Trust: 0.8
title:609365url:http://search.sybase.com/kbx/changerequests?bug_id=609365
Trust: 0.8
title:cisco-sa-20091109-tlsurl:http://www.cisco.com/warp/public/707/cisco-sa-20091109-tls.shtml
Trust: 0.8
title:cpujul2010.htmlurl:http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2010.html
Trust: 0.8
title:javacpuoct2010-176258url:http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html
Trust: 0.8
title:cpuapr2011-301950url:http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html
Trust: 0.8
title:javacpumar2010url:http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html
Trust: 0.8
title:HS10-030url:http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS10-030/index.html
Trust: 0.8
title:HS10-010url:http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS10-010/index.html
Trust: 0.8
title:HS11-006url:http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-006/index.html
Trust: 0.8
title:HPSBHF03293url:http://marc.info/?l=bugtraq&amp;m=142660345230545&amp;w=2
Trust: 0.8
title:HPSBUX02517url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02079216
Trust: 0.8
title:HPSBUX02608url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748
Trust: 0.8
title:HPSBUX02498url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01963123
Trust: 0.8
title:HPSBMU02769 SSRT100846url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03298151
Trust: 0.8
title:HPSBUX02482url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686
Trust: 0.8
title:HPSBUX02524url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02122104
Trust: 0.8
title:HPSBMU03611url:https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05150888
Trust: 0.8
title:7007033url:http://www-01.ibm.com/support/docview.wss?uid=swg27007033#60239
Trust: 0.8
title:7014463url:http://www-01.ibm.com/support/docview.wss?uid=swg27014463#7009
Trust: 0.8
title:7006876url:http://www-01.ibm.com/support/docview.wss?uid=swg27006876#60239
Trust: 0.8
title:1426108url:http://www-01.ibm.com/support/docview.wss?uid=swg21426108
Trust: 0.8
title:4909url:http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4909
Trust: 0.8
title:7007951url:http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg27007951#61029
Trust: 0.8
title:4025718url:http://www-01.ibm.com/support/docview.wss?uid=swg24025718
Trust: 0.8
title:7008517url:http://www-01.ibm.com/support/docview.wss?rs=177&uid=swg27008517#61029
Trust: 0.8
title:4025719url:http://www-01.ibm.com/support/docview.wss?uid=swg24025719
Trust: 0.8
title:1444772url:http://www-01.ibm.com/support/docview.wss?uid=swg21444772
Trust: 0.8
title:4025742url:http://www-01.ibm.com/support/docview.wss?uid=swg24025742
Trust: 0.8
title:1412438url:http://www-01.ibm.com/support/docview.wss?uid=swg21412438#2
Trust: 0.8
title:IC68054url:http://www-01.ibm.com/support/docview.wss?uid=swg1IC68054
Trust: 0.8
title:1293566url:http://www-01.ibm.com/support/docview.wss?uid=swg21293566#6a
Trust: 0.8
title:4025746url:http://www-01.ibm.com/support/docview.wss?uid=swg24025746
Trust: 0.8
title:1432298url:http://www-01.ibm.com/support/docview.wss?uid=swg21432298
Trust: 0.8
title:PM10658url:http://www-01.ibm.com/support/docview.wss?uid=swg1PM10658
Trust: 0.8
title:1413714url:http://www-01.ibm.com/support/docview.wss?uid=swg21413714
Trust: 0.8
title:4025312url:http://www-01.ibm.com/support/docview.wss?uid=swg24025312
Trust: 0.8
title:977377url:http://www.microsoft.com/technet/security/advisory/977377.mspx
Trust: 0.8
title:MS10-049url:http://www.microsoft.com/technet/security/bulletin/MS10-049.mspx
Trust: 0.8
title:2043url:http://www.miraclelinux.com/support/index.php?q=node/99&errata_id=2043
Trust: 0.8
title:2046url:http://www.miraclelinux.com/support/index.php?q=node/99&errata_id=2046
Trust: 0.8
title:1819url:http://www.miraclelinux.com/support/index.php?q=node/99&errata_id=1819
Trust: 0.8
title:2047url:http://www.miraclelinux.com/support/index.php?q=node/99&errata_id=2047
Trust: 0.8
title:1820url:http://www.miraclelinux.com/support/index.php?q=node/99&errata_id=1820
Trust: 0.8
title:2048url:http://www.miraclelinux.com/support/index.php?q=node/99&errata_id=2048
Trust: 0.8
title:MFSA 2010-22url:http://www.mozilla.org/security/announce/2010/mfsa2010-22.html
Trust: 0.8
title:MFSA 2010-22url:http://www.mozilla-japan.org/security/announce/2010/mfsa2010-22.html
Trust: 0.8
title:NV10-008url:http://www.nec.co.jp/security-info/secinfo/nv10-008.html
Trust: 0.8
title:CVE-2009-3555url:http://www.openoffice.org/security/cves/CVE-2009-3555.html
Trust: 0.8
title:secadv_20091111url:http://www.openssl.org/news/secadv_20091111.txt
Trust: 0.8
title:RELEASE_NOTES-1.3.2curl:http://www.proftpd.org/docs/RELEASE_NOTES-1.3.2c
Trust: 0.8
title:RHSA-2010:0338url:https://rhn.redhat.com/errata/RHSA-2010-0338.html
Trust: 0.8
title:RHSA-2010:0164url:https://rhn.redhat.com/errata/RHSA-2010-0164.html
Trust: 0.8
title:RHSA-2010:0339url:https://rhn.redhat.com/errata/RHSA-2010-0339.html
Trust: 0.8
title:RHSA-2010:0865url:https://rhn.redhat.com/errata/RHSA-2010-0865.html
Trust: 0.8
title:RHSA-2010:0165url:https://rhn.redhat.com/errata/RHSA-2010-0165.html
Trust: 0.8
title:RHSA-2010:0166url:https://rhn.redhat.com/errata/RHSA-2010-0166.html
Trust: 0.8
title:RHSA-2010:0167url:https://rhn.redhat.com/errata/RHSA-2010-0167.html
Trust: 0.8
title:RHSA-2010:0770url:https://rhn.redhat.com/errata/RHSA-2010-0770.html
Trust: 0.8
title:RHSA-2010:0786url:https://rhn.redhat.com/errata/RHSA-2010-0786.html
Trust: 0.8
title:RHSA-2010:0130url:https://rhn.redhat.com/errata/RHSA-2010-0130.html
Trust: 0.8
title:RHSA-2010:0768url:https://rhn.redhat.com/errata/RHSA-2010-0768.html
Trust: 0.8
title:RHSA-2010:0807url:https://rhn.redhat.com/errata/RHSA-2010-0807.html
Trust: 0.8
title:RHSA-2010:0155url:http://rhn.redhat.com/errata/RHSA-2010-0155.html
Trust: 0.8
title:RHSA-2009:1579url:https://rhn.redhat.com/errata/RHSA-2009-1579.html
Trust: 0.8
title:RHSA-2010:0162url:https://rhn.redhat.com/errata/RHSA-2010-0162.html
Trust: 0.8
title:RHSA-2009:1580url:https://rhn.redhat.com/errata/RHSA-2009-1580.html
Trust: 0.8
title:RHSA-2010:0987url:https://rhn.redhat.com/errata/RHSA-2010-0987.html
Trust: 0.8
title:RHSA-2010:0337url:https://rhn.redhat.com/errata/RHSA-2010-0337.html
Trust: 0.8
title:RHSA-2010:0163url:https://rhn.redhat.com/errata/RHSA-2010-0163.html
Trust: 0.8
title:SA44url:https://kb.bluecoat.com/index?page=content&id=SA44
Trust: 0.8
title:multiple_vulnerabilities_in_the_apacheurl:http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_the_apache
Trust: 0.8
title:Multiple Vulnerabilities in the Apache 2 HTTP Server Prior to 2.2.16url:http://blogs.oracle.com/sunsecurity
Trust: 0.8
title:273029url:http://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1
Trust: 0.8
title:273350url:http://sunsolve.sun.com/search/document.do?assetkey=1-66-273350-1
Trust: 0.8
title:274990url:http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1
Trust: 0.8
title:TLSA-2010-20url:http://www.turbolinux.co.jp/security/2010/TLSA-2010-20j.txt
Trust: 0.8
title:TLSA-2010-42url:http://www.turbolinux.co.jp/security/2010/TLSA-2010-42j.txt
Trust: 0.8
title:TLSA-2009-30url:http://www.turbolinux.co.jp/security/2009/TLSA-2009-30j.txt
Trust: 0.8
title:TLSA-2009-32url:http://www.turbolinux.co.jp/security/2009/TLSA-2009-32j.txt
Trust: 0.8
title:VMSA-2010-0019url:http://www.vmware.com/security/advisories/VMSA-2010-0019.html
Trust: 0.8
title:VMSA-2011-0003url:http://www.vmware.com/security/advisories/VMSA-2011-0003.html
Trust: 0.8
title:100716_91url:http://www.oracle.com/technology/global/jp/security/100716_91/top.html
Trust: 0.8
title:HS10-010url:http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-010/index.html
Trust: 0.8
title:HS10-030url:http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030
Trust: 0.8
title:HS11-006url:http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS11-006/index.html
Trust: 0.8
title:977377url:http://www.microsoft.com/japan/technet/security/advisory/977377.mspx
Trust: 0.8
title:MS10-049url:http://www.microsoft.com/japan/technet/security/bulletin/ms10-049.mspx
Trust: 0.8
title:MS10-049eurl:http://www.microsoft.com/japan/security/bulletins/MS10-049e.mspx
Trust: 0.8
title:TA10-222Aurl:http://software.fujitsu.com/jp/security/vulnerabilities/ta10-222a.html
Trust: 0.8
title:VU#120541url:http://software.fujitsu.com/jp/security/vulnerabilities/vu120541.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2009-002319

EXTERNAL IDS
db:NVDid:CVE-2009-3555
Trust: 4.1
db:CERT/CCid:VU#120541
Trust: 2.7
db:SECUNIAid:38020
Trust: 1.9
db:SECUNIAid:39242
Trust: 1.9
db:SECUNIAid:39243
Trust: 1.9
db:SECUNIAid:37453
Trust: 1.9
db:SECUNIAid:40747
Trust: 1.9
db:SECUNIAid:39500
Trust: 1.9
db:SECUNIAid:39136
Trust: 1.9
db:VUPENid:ADV-2010-0086
Trust: 1.9
db:VUPENid:ADV-2009-3310
Trust: 1.9
db:VUPENid:ADV-2010-0982
Trust: 1.9
db:VUPENid:ADV-2010-3126
Trust: 1.9
db:VUPENid:ADV-2009-3313
Trust: 1.9
db:VUPENid:ADV-2010-3086
Trust: 1.9
db:USCERTid:TA10-222A
Trust: 1.9
db:BIDid:36935
Trust: 1.9
db:SECUNIAid:40070
Trust: 1.3
db:SECUNIAid:38781
Trust: 1.1
db:SECUNIAid:42377
Trust: 1.1
db:SECUNIAid:37501
Trust: 1.1
db:SECUNIAid:39632
Trust: 1.1
db:SECUNIAid:37604
Trust: 1.1
db:SECUNIAid:41972
Trust: 1.1
db:SECUNIAid:43308
Trust: 1.1
db:SECUNIAid:38241
Trust: 1.1
db:SECUNIAid:37859
Trust: 1.1
db:SECUNIAid:41818
Trust: 1.1
db:SECUNIAid:39292
Trust: 1.1
db:SECUNIAid:42816
Trust: 1.1
db:SECUNIAid:42379
Trust: 1.1
db:SECUNIAid:39317
Trust: 1.1
db:SECUNIAid:42467
Trust: 1.1
db:SECUNIAid:37320
Trust: 1.1
db:SECUNIAid:37640
Trust: 1.1
db:SECUNIAid:37656
Trust: 1.1
db:SECUNIAid:37383
Trust: 1.1
db:SECUNIAid:42724
Trust: 1.1
db:SECUNIAid:38003
Trust: 1.1
db:SECUNIAid:44183
Trust: 1.1
db:SECUNIAid:42733
Trust: 1.1
db:SECUNIAid:38484
Trust: 1.1
db:SECUNIAid:40545
Trust: 1.1
db:SECUNIAid:40866
Trust: 1.1
db:SECUNIAid:38056
Trust: 1.1
db:SECUNIAid:39278
Trust: 1.1
db:SECUNIAid:42808
Trust: 1.1
db:SECUNIAid:37675
Trust: 1.1
db:SECUNIAid:39127
Trust: 1.1
db:SECUNIAid:39461
Trust: 1.1
db:SECUNIAid:39819
Trust: 1.1
db:SECUNIAid:41490
Trust: 1.1
db:SECUNIAid:39628
Trust: 1.1
db:SECUNIAid:44954
Trust: 1.1
db:SECUNIAid:48577
Trust: 1.1
db:SECUNIAid:42811
Trust: 1.1
db:SECUNIAid:37291
Trust: 1.1
db:SECUNIAid:41480
Trust: 1.1
db:SECUNIAid:37292
Trust: 1.1
db:SECUNIAid:37399
Trust: 1.1
db:SECUNIAid:39713
Trust: 1.1
db:SECUNIAid:38687
Trust: 1.1
db:SECUNIAid:37504
Trust: 1.1
db:SECUNIAid:41967
Trust: 1.1
db:SECTRACKid:1023217
Trust: 1.1
db:SECTRACKid:1023273
Trust: 1.1
db:SECTRACKid:1023274
Trust: 1.1
db:SECTRACKid:1023206
Trust: 1.1
db:SECTRACKid:1023272
Trust: 1.1
db:SECTRACKid:1023427
Trust: 1.1
db:SECTRACKid:1023218
Trust: 1.1
db:SECTRACKid:1023163
Trust: 1.1
db:SECTRACKid:1023214
Trust: 1.1
db:SECTRACKid:1023211
Trust: 1.1
db:SECTRACKid:1023219
Trust: 1.1
db:SECTRACKid:1023216
Trust: 1.1
db:SECTRACKid:1024789
Trust: 1.1
db:SECTRACKid:1023148
Trust: 1.1
db:SECTRACKid:1023213
Trust: 1.1
db:SECTRACKid:1023271
Trust: 1.1
db:SECTRACKid:1023243
Trust: 1.1
db:SECTRACKid:1023209
Trust: 1.1
db:SECTRACKid:1023215
Trust: 1.1
db:SECTRACKid:1023208
Trust: 1.1
db:SECTRACKid:1023411
Trust: 1.1
db:SECTRACKid:1023204
Trust: 1.1
db:SECTRACKid:1023224
Trust: 1.1
db:SECTRACKid:1023210
Trust: 1.1
db:SECTRACKid:1023207
Trust: 1.1
db:SECTRACKid:1023426
Trust: 1.1
db:SECTRACKid:1023428
Trust: 1.1
db:SECTRACKid:1023205
Trust: 1.1
db:SECTRACKid:1023275
Trust: 1.1
db:SECTRACKid:1023270
Trust: 1.1
db:SECTRACKid:1023212
Trust: 1.1
db:VUPENid:ADV-2010-2745
Trust: 1.1
db:VUPENid:ADV-2009-3353
Trust: 1.1
db:VUPENid:ADV-2010-3069
Trust: 1.1
db:VUPENid:ADV-2009-3354
Trust: 1.1
db:VUPENid:ADV-2009-3484
Trust: 1.1
db:VUPENid:ADV-2010-1793
Trust: 1.1
db:VUPENid:ADV-2011-0033
Trust: 1.1
db:VUPENid:ADV-2009-3220
Trust: 1.1
db:VUPENid:ADV-2010-2010
Trust: 1.1
db:VUPENid:ADV-2010-1639
Trust: 1.1
db:VUPENid:ADV-2010-1107
Trust: 1.1
db:VUPENid:ADV-2010-0916
Trust: 1.1
db:VUPENid:ADV-2009-3164
Trust: 1.1
db:VUPENid:ADV-2011-0032
Trust: 1.1
db:VUPENid:ADV-2011-0086
Trust: 1.1
db:VUPENid:ADV-2010-0748
Trust: 1.1
db:VUPENid:ADV-2010-1350
Trust: 1.1
db:VUPENid:ADV-2009-3521
Trust: 1.1
db:VUPENid:ADV-2010-0994
Trust: 1.1
db:VUPENid:ADV-2010-1191
Trust: 1.1
db:VUPENid:ADV-2010-0173
Trust: 1.1
db:VUPENid:ADV-2009-3587
Trust: 1.1
db:VUPENid:ADV-2010-0933
Trust: 1.1
db:VUPENid:ADV-2009-3205
Trust: 1.1
db:VUPENid:ADV-2010-1054
Trust: 1.1
db:VUPENid:ADV-2010-0848
Trust: 1.1
db:VUPENid:ADV-2010-1673
Trust: 1.1
db:VUPENid:ADV-2009-3165
Trust: 1.1
db:OPENWALLid:OSS-SECURITY/2009/11/05/3
Trust: 1.1
db:OPENWALLid:OSS-SECURITY/2009/11/07/3
Trust: 1.1
db:OPENWALLid:OSS-SECURITY/2009/11/23/10
Trust: 1.1
db:OPENWALLid:OSS-SECURITY/2009/11/05/5
Trust: 1.1
db:OPENWALLid:OSS-SECURITY/2009/11/20/1
Trust: 1.1
db:OPENWALLid:OSS-SECURITY/2009/11/06/3
Trust: 1.1
db:OSVDBid:65202
Trust: 1.1
db:OSVDBid:62210
Trust: 1.1
db:OSVDBid:60521
Trust: 1.1
db:OSVDBid:60972
Trust: 1.1
db:HITACHIid:HS10-030
Trust: 1.1
db:USCERTid:TA10-287A
Trust: 1.1
db:SECUNIAid:44293
Trust: 0.9
db:VUPENid:ADV-2010-0212
Trust: 0.8
db:VUPENid:ADV-2010-0125
Trust: 0.8
db:VUPENid:ADV-2011-1039
Trust: 0.8
db:VUPENid:ADV-2010-1942
Trust: 0.8
db:VUPENid:ADV-2010-2046
Trust: 0.8
db:VUPENid:ADV-2010-0457
Trust: 0.8
db:VUPENid:ADV-2010-2660
Trust: 0.8
db:VUPENid:ADV-2010-1280
Trust: 0.8
db:VUPENid:ADV-2009-3393
Trust: 0.8
db:SECUNIAid:38608
Trust: 0.8
db:SECUNIAid:38728
Trust: 0.8
db:SECUNIAid:38338
Trust: 0.8
db:SECUNIAid:44260
Trust: 0.8
db:SECUNIAid:37566
Trust: 0.8
db:SECUNIAid:40879
Trust: 0.8
db:SECUNIAid:44292
Trust: 0.8
db:USCERTid:SA10-222A
Trust: 0.8
db:JVNDBid:JVNDB-2009-002319
Trust: 0.8
db:PACKETSTORMid:82657
Trust: 0.2
db:PACKETSTORMid:90262
Trust: 0.2
db:PACKETSTORMid:83414
Trust: 0.2
db:PACKETSTORMid:92095
Trust: 0.2
db:PACKETSTORMid:94087
Trust: 0.2
db:PACKETSTORMid:97489
Trust: 0.2
db:PACKETSTORMid:92497
Trust: 0.2
db:PACKETSTORMid:88224
Trust: 0.2
db:EXPLOIT-DBid:10071
Trust: 0.1
db:EXPLOIT-DBid:10579
Trust: 0.1
db:PACKETSTORMid:82770
Trust: 0.1
db:PACKETSTORMid:130868
Trust: 0.1
db:PACKETSTORMid:83271
Trust: 0.1
db:PACKETSTORMid:88173
Trust: 0.1
db:PACKETSTORMid:91309
Trust: 0.1
db:PACKETSTORMid:120365
Trust: 0.1
db:PACKETSTORMid:106155
Trust: 0.1
db:PACKETSTORMid:83415
Trust: 0.1
db:PACKETSTORMid:111273
Trust: 0.1
db:PACKETSTORMid:88167
Trust: 0.1
db:PACKETSTORMid:124088
Trust: 0.1
db:PACKETSTORMid:120714
Trust: 0.1
db:PACKETSTORMid:82652
Trust: 0.1
db:PACKETSTORMid:131826
Trust: 0.1
db:PACKETSTORMid:95279
Trust: 0.1
db:PACKETSTORMid:137201
Trust: 0.1
db:PACKETSTORMid:102374
Trust: 0.1
db:PACKETSTORMid:106156
Trust: 0.1
db:PACKETSTORMid:89136
Trust: 0.1
db:PACKETSTORMid:88621
Trust: 0.1
db:PACKETSTORMid:94088
Trust: 0.1
db:PACKETSTORMid:89667
Trust: 0.1
db:PACKETSTORMid:88698
Trust: 0.1
db:PACKETSTORMid:84112
Trust: 0.1
db:PACKETSTORMid:90286
Trust: 0.1
db:PACKETSTORMid:127267
Trust: 0.1
db:PACKETSTORMid:84183
Trust: 0.1
db:PACKETSTORMid:86075
Trust: 0.1
db:PACKETSTORMid:114810
Trust: 0.1
db:PACKETSTORMid:123380
Trust: 0.1
db:PACKETSTORMid:84181
Trust: 0.1
db:CNNVDid:CNNVD-200911-069
Trust: 0.1
db:SEEBUGid:SSVID-67231
Trust: 0.1
db:VULHUBid:VHN-41001
Trust: 0.1
db:PACKETSTORMid:98419
Trust: 0.1
db:PACKETSTORMid:93944
Trust: 0.1
db:PACKETSTORMid:100761
Trust: 0.1
db:PACKETSTORMid:111583
Trust: 0.1
db:PACKETSTORMid:88387
Trust: 0.1
db:PACKETSTORMid:90344
Trust: 0.1
db:PACKETSTORMid:111920
Trust: 0.1
sources:
            
            
            CERT/CC: VU#120541 // 
            
            
            
            VULHUB: VHN-41001 // 
            
            
            
            JVNDB: JVNDB-2009-002319 // 
            
            
            
            PACKETSTORM: 92497 // 
            
            
            
            PACKETSTORM: 98419 // 
            
            
            
            PACKETSTORM: 93944 // 
            
            
            
            PACKETSTORM: 100761 // 
            
            
            
            PACKETSTORM: 83414 // 
            
            
            
            PACKETSTORM: 82657 // 
            
            
            
            PACKETSTORM: 97489 // 
            
            
            
            PACKETSTORM: 90262 // 
            
            
            
            PACKETSTORM: 111583 // 
            
            
            
            PACKETSTORM: 92095 // 
            
            
            
            PACKETSTORM: 88387 // 
            
            
            
            PACKETSTORM: 90344 // 
            
            
            
            PACKETSTORM: 88224 // 
            
            
            
            PACKETSTORM: 94087 // 
            
            
            
            PACKETSTORM: 111920 // 
            
            
            
            NVD: CVE-2009-3555

REFERENCES
url:http://extendedsubset.com/?p=8
Trust: 1.9
url:http://www.links.org/?p=780
Trust: 1.9
url:http://www.links.org/?p=786
Trust: 1.9
url:http://www.links.org/?p=789
Trust: 1.9
url:http://blogs.iss.net/archive/sslmitmiscsrf.html
Trust: 1.9
url:http://www.ietf.org/mail-archive/web/tls/current/msg03948.html
Trust: 1.9
url:https://bugzilla.redhat.com/show_bug.cgi?id=533125
Trust: 1.9
url:https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt
Trust: 1.9
url:http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html
Trust: 1.9
url:http://www.securityfocus.com/bid/36935
Trust: 1.9
url:http://secunia.com/advisories/37453
Trust: 1.9
url:http://secunia.com/advisories/38020
Trust: 1.9
url:http://secunia.com/advisories/39136
Trust: 1.9
url:http://secunia.com/advisories/39242
Trust: 1.9
url:http://secunia.com/advisories/39243
Trust: 1.9
url:http://secunia.com/advisories/39500
Trust: 1.9
url:http://secunia.com/advisories/40747
Trust: 1.9
url:http://www.vupen.com/english/advisories/2009/3310
Trust: 1.9
url:http://www.vupen.com/english/advisories/2009/3313
Trust: 1.9
url:http://www.vupen.com/english/advisories/2010/0086
Trust: 1.9
url:http://www.vupen.com/english/advisories/2010/0982
Trust: 1.9
url:http://www.vupen.com/english/advisories/2010/3086
Trust: 1.9
url:http://www.vupen.com/english/advisories/2010/3126
Trust: 1.9
url:http://www.us-cert.gov/cas/techalerts/ta10-222a.html
Trust: 1.9
url:http://www.kb.cert.org/vuls/id/120541
Trust: 1.9
url:https://nvd.nist.gov/vuln/detail/cve-2009-3555
Trust: 1.3
url:http://extendedsubset.com/renegotiating_tls.pdf
Trust: 1.2
url:http://www.openoffice.org/security/cves/cve-2009-3555.html
Trust: 1.2
url:http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021653.1-1
Trust: 1.1
url:http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021752.1-1
Trust: 1.1
url:http://securitytracker.com/id?1023148
Trust: 1.1
url:http://www.securitytracker.com/id?1023163
Trust: 1.1
url:http://www.securitytracker.com/id?1023204
Trust: 1.1
url:http://www.securitytracker.com/id?1023205
Trust: 1.1
url:http://www.securitytracker.com/id?1023206
Trust: 1.1
url:http://www.securitytracker.com/id?1023207
Trust: 1.1
url:http://www.securitytracker.com/id?1023208
Trust: 1.1
url:http://www.securitytracker.com/id?1023209
Trust: 1.1
url:http://www.securitytracker.com/id?1023210
Trust: 1.1
url:http://www.securitytracker.com/id?1023211
Trust: 1.1
url:http://www.securitytracker.com/id?1023212
Trust: 1.1
url:http://www.securitytracker.com/id?1023213
Trust: 1.1
url:http://www.securitytracker.com/id?1023214
Trust: 1.1
url:http://www.securitytracker.com/id?1023215
Trust: 1.1
url:http://www.securitytracker.com/id?1023216
Trust: 1.1
url:http://www.securitytracker.com/id?1023217
Trust: 1.1
url:http://www.securitytracker.com/id?1023218
Trust: 1.1
url:http://www.securitytracker.com/id?1023219
Trust: 1.1
url:http://www.securitytracker.com/id?1023224
Trust: 1.1
url:http://www.securitytracker.com/id?1023243
Trust: 1.1
url:http://www.securitytracker.com/id?1023270
Trust: 1.1
url:http://www.securitytracker.com/id?1023271
Trust: 1.1
url:http://www.securitytracker.com/id?1023272
Trust: 1.1
url:http://www.securitytracker.com/id?1023273
Trust: 1.1
url:http://www.securitytracker.com/id?1023274
Trust: 1.1
url:http://www.securitytracker.com/id?1023275
Trust: 1.1
url:http://www.securitytracker.com/id?1023411
Trust: 1.1
url:http://www.securitytracker.com/id?1023426
Trust: 1.1
url:http://www.securitytracker.com/id?1023427
Trust: 1.1
url:http://www.securitytracker.com/id?1023428
Trust: 1.1
url:http://www.securitytracker.com/id?1024789
Trust: 1.1
url:http://www.cisco.com/en/us/products/products_security_advisory09186a0080b01d1d.shtml
Trust: 1.1
url:http://seclists.org/fulldisclosure/2009/nov/139
Trust: 1.1
url:http://www.securityfocus.com/archive/1/507952/100/0/threaded
Trust: 1.1
url:http://www.securityfocus.com/archive/1/508075/100/0/threaded
Trust: 1.1
url:http://www.securityfocus.com/archive/1/508130/100/0/threaded
Trust: 1.1
url:http://www.securityfocus.com/archive/1/515055/100/0/threaded
Trust: 1.1
url:http://www.securityfocus.com/archive/1/516397/100/0/threaded
Trust: 1.1
url:http://archives.neohapsis.com/archives/bugtraq/2013-11/0120.html
Trust: 1.1
url:http://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1
Trust: 1.1
url:http://sunsolve.sun.com/search/document.do?assetkey=1-26-273350-1
Trust: 1.1
url:http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1
Trust: 1.1
url:http://secunia.com/advisories/37291
Trust: 1.1
url:http://secunia.com/advisories/37292
Trust: 1.1
url:http://secunia.com/advisories/37320
Trust: 1.1
url:http://secunia.com/advisories/37383
Trust: 1.1
url:http://secunia.com/advisories/37399
Trust: 1.1
url:http://secunia.com/advisories/37501
Trust: 1.1
url:http://secunia.com/advisories/37504
Trust: 1.1
url:http://secunia.com/advisories/37604
Trust: 1.1
url:http://secunia.com/advisories/37640
Trust: 1.1
url:http://secunia.com/advisories/37656
Trust: 1.1
url:http://secunia.com/advisories/37675
Trust: 1.1
url:http://secunia.com/advisories/37859
Trust: 1.1
url:http://secunia.com/advisories/38003
Trust: 1.1
url:http://secunia.com/advisories/38056
Trust: 1.1
url:http://secunia.com/advisories/38241
Trust: 1.1
url:http://secunia.com/advisories/38484
Trust: 1.1
url:http://secunia.com/advisories/38687
Trust: 1.1
url:http://secunia.com/advisories/38781
Trust: 1.1
url:http://secunia.com/advisories/39127
Trust: 1.1
url:http://secunia.com/advisories/39278
Trust: 1.1
url:http://secunia.com/advisories/39292
Trust: 1.1
url:http://secunia.com/advisories/39317
Trust: 1.1
url:http://secunia.com/advisories/39461
Trust: 1.1
url:http://secunia.com/advisories/39628
Trust: 1.1
url:http://secunia.com/advisories/39632
Trust: 1.1
url:http://secunia.com/advisories/39713
Trust: 1.1
url:http://secunia.com/advisories/39819
Trust: 1.1
url:http://secunia.com/advisories/40070
Trust: 1.1
url:http://secunia.com/advisories/40545
Trust: 1.1
url:http://secunia.com/advisories/40866
Trust: 1.1
url:http://secunia.com/advisories/41480
Trust: 1.1
url:http://secunia.com/advisories/41490
Trust: 1.1
url:http://secunia.com/advisories/41818
Trust: 1.1
url:http://secunia.com/advisories/41967
Trust: 1.1
url:http://secunia.com/advisories/41972
Trust: 1.1
url:http://secunia.com/advisories/42377
Trust: 1.1
url:http://secunia.com/advisories/42379
Trust: 1.1
url:http://secunia.com/advisories/42467
Trust: 1.1
url:http://secunia.com/advisories/42724
Trust: 1.1
url:http://secunia.com/advisories/42733
Trust: 1.1
url:http://secunia.com/advisories/42808
Trust: 1.1
url:http://secunia.com/advisories/42811
Trust: 1.1
url:http://secunia.com/advisories/42816
Trust: 1.1
url:http://secunia.com/advisories/43308
Trust: 1.1
url:http://secunia.com/advisories/44183
Trust: 1.1
url:http://secunia.com/advisories/44954
Trust: 1.1
url:http://secunia.com/advisories/48577
Trust: 1.1
url:http://osvdb.org/60521
Trust: 1.1
url:http://osvdb.org/60972
Trust: 1.1
url:http://osvdb.org/62210
Trust: 1.1
url:http://osvdb.org/65202
Trust: 1.1
url:http://www.vupen.com/english/advisories/2009/3164
Trust: 1.1
url:http://www.vupen.com/english/advisories/2009/3165
Trust: 1.1
url:http://www.vupen.com/english/advisories/2009/3205
Trust: 1.1
url:http://www.vupen.com/english/advisories/2009/3220
Trust: 1.1
url:http://www.vupen.com/english/advisories/2009/3353
Trust: 1.1
url:http://www.vupen.com/english/advisories/2009/3354
Trust: 1.1
url:http://www.vupen.com/english/advisories/2009/3484
Trust: 1.1
url:http://www.vupen.com/english/advisories/2009/3521
Trust: 1.1
url:http://www.vupen.com/english/advisories/2009/3587
Trust: 1.1
url:http://www.vupen.com/english/advisories/2010/0173
Trust: 1.1
url:http://www.vupen.com/english/advisories/2010/0748
Trust: 1.1
url:http://www.vupen.com/english/advisories/2010/0848
Trust: 1.1
url:http://www.vupen.com/english/advisories/2010/0916
Trust: 1.1
url:http://www.vupen.com/english/advisories/2010/0933
Trust: 1.1
url:http://www.vupen.com/english/advisories/2010/0994
Trust: 1.1
url:http://www.vupen.com/english/advisories/2010/1054
Trust: 1.1
url:http://www.vupen.com/english/advisories/2010/1107
Trust: 1.1
url:http://www.vupen.com/english/advisories/2010/1191
Trust: 1.1
url:http://www.vupen.com/english/advisories/2010/1350
Trust: 1.1
url:http://www.vupen.com/english/advisories/2010/1639
Trust: 1.1
url:http://www.vupen.com/english/advisories/2010/1673
Trust: 1.1
url:http://www.vupen.com/english/advisories/2010/1793
Trust: 1.1
url:http://www.vupen.com/english/advisories/2010/2010
Trust: 1.1
url:http://www.vupen.com/english/advisories/2010/2745
Trust: 1.1
url:http://www.vupen.com/english/advisories/2010/3069
Trust: 1.1
url:http://www.vupen.com/english/advisories/2011/0032
Trust: 1.1
url:http://www.vupen.com/english/advisories/2011/0033
Trust: 1.1
url:http://www.vupen.com/english/advisories/2011/0086
Trust: 1.1
url:http://lists.apple.com/archives/security-announce/2010/jan/msg00000.html
Trust: 1.1
url:http://lists.apple.com/archives/security-announce/2010//may/msg00001.html
Trust: 1.1
url:http://lists.apple.com/archives/security-announce/2010//may/msg00002.html
Trust: 1.1
url:http://www.debian.org/security/2009/dsa-1934
Trust: 1.1
url:http://www.debian.org/security/2011/dsa-2141
Trust: 1.1
url:http://www.debian.org/security/2015/dsa-3253
Trust: 1.1
url:https://www.redhat.com/archives/fedora-package-announce/2009-december/msg01029.html
Trust: 1.1
url:https://www.redhat.com/archives/fedora-package-announce/2009-december/msg01020.html
Trust: 1.1
url:https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00645.html
Trust: 1.1
url:https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00944.html
Trust: 1.1
url:https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00428.html
Trust: 1.1
url:https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00442.html
Trust: 1.1
url:https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00449.html
Trust: 1.1
url:https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00634.html
Trust: 1.1
url:http://lists.fedoraproject.org/pipermail/package-announce/2010-october/049702.html
Trust: 1.1
url:http://lists.fedoraproject.org/pipermail/package-announce/2010-october/049528.html
Trust: 1.1
url:http://lists.fedoraproject.org/pipermail/package-announce/2010-october/049455.html
Trust: 1.1
url:http://lists.fedoraproject.org/pipermail/package-announce/2010-april/039561.html
Trust: 1.1
url:http://lists.fedoraproject.org/pipermail/package-announce/2010-april/039957.html
Trust: 1.1
url:http://lists.fedoraproject.org/pipermail/package-announce/2010-may/040652.html
Trust: 1.1
url:http://security.gentoo.org/glsa/glsa-200912-01.xml
Trust: 1.1
url:http://security.gentoo.org/glsa/glsa-201203-22.xml
Trust: 1.1
url:http://security.gentoo.org/glsa/glsa-201406-32.xml
Trust: 1.1
url:http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c02436041
Trust: 1.1
url:http://itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02273751
Trust: 1.1
url:http://www.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02512995
Trust: 1.1
url:http://www.securityfocus.com/archive/1/522176
Trust: 1.1
url:http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01945686
Trust: 1.1
url:http://www-01.ibm.com/support/docview.wss?uid=swg1ic67848
Trust: 1.1
url:http://www-01.ibm.com/support/docview.wss?uid=swg1ic68054
Trust: 1.1
url:http://www-01.ibm.com/support/docview.wss?uid=swg1ic68055
Trust: 1.1
url:http://www.mandriva.com/security/advisories?name=mdvsa-2010:076
Trust: 1.1
url:http://www.mandriva.com/security/advisories?name=mdvsa-2010:084
Trust: 1.1
url:http://www.mandriva.com/security/advisories?name=mdvsa-2010:089
Trust: 1.1
url:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-049
Trust: 1.1
url:http://www-01.ibm.com/support/docview.wss?uid=swg1pm12247
Trust: 1.1
url:http://www.redhat.com/support/errata/rhsa-2010-0119.html
Trust: 1.1
url:http://www.redhat.com/support/errata/rhsa-2010-0130.html
Trust: 1.1
url:http://www.redhat.com/support/errata/rhsa-2010-0155.html
Trust: 1.1
url:http://www.redhat.com/support/errata/rhsa-2010-0165.html
Trust: 1.1
url:http://www.redhat.com/support/errata/rhsa-2010-0167.html
Trust: 1.1
url:http://www.redhat.com/support/errata/rhsa-2010-0337.html
Trust: 1.1
url:http://www.redhat.com/support/errata/rhsa-2010-0338.html
Trust: 1.1
url:http://www.redhat.com/support/errata/rhsa-2010-0339.html
Trust: 1.1
url:http://www.redhat.com/support/errata/rhsa-2010-0768.html
Trust: 1.1
url:http://www.redhat.com/support/errata/rhsa-2010-0770.html
Trust: 1.1
url:http://www.redhat.com/support/errata/rhsa-2010-0786.html
Trust: 1.1
url:http://www.redhat.com/support/errata/rhsa-2010-0807.html
Trust: 1.1
url:http://www.redhat.com/support/errata/rhsa-2010-0865.html
Trust: 1.1
url:http://www.redhat.com/support/errata/rhsa-2010-0986.html
Trust: 1.1
url:http://www.redhat.com/support/errata/rhsa-2010-0987.html
Trust: 1.1
url:http://www.redhat.com/support/errata/rhsa-2011-0880.html
Trust: 1.1
url:http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.html
Trust: 1.1
url:http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html
Trust: 1.1
url:http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html
Trust: 1.1
url:http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
Trust: 1.1
url:http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html
Trust: 1.1
url:http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
Trust: 1.1
url:http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html
Trust: 1.1
url:http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
Trust: 1.1
url:http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html
Trust: 1.1
url:http://www.us-cert.gov/cas/techalerts/ta10-287a.html
Trust: 1.1
url:http://www.ubuntu.com/usn/usn-1010-1
Trust: 1.1
url:http://ubuntu.com/usn/usn-923-1
Trust: 1.1
url:http://www.ubuntu.com/usn/usn-927-1
Trust: 1.1
url:http://www.ubuntu.com/usn/usn-927-4
Trust: 1.1
url:http://www.ubuntu.com/usn/usn-927-5
Trust: 1.1
url:http://openbsd.org/errata45.html#010_openssl
Trust: 1.1
url:http://openbsd.org/errata46.html#004_openssl
Trust: 1.1
url:http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00029.html
Trust: 1.1
url:http://www.openwall.com/lists/oss-security/2009/11/05/3
Trust: 1.1
url:http://www.openwall.com/lists/oss-security/2009/11/05/5
Trust: 1.1
url:http://www.openwall.com/lists/oss-security/2009/11/06/3
Trust: 1.1
url:http://www.openwall.com/lists/oss-security/2009/11/07/3
Trust: 1.1
url:http://www.openwall.com/lists/oss-security/2009/11/20/1
Trust: 1.1
url:http://www.openwall.com/lists/oss-security/2009/11/23/10
Trust: 1.1
url:http://www.ietf.org/mail-archive/web/tls/current/msg03928.html
Trust: 1.1
url:https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3cdev.tomcat.apache.org%3e
Trust: 1.1
url:https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3cdev.tomcat.apache.org%3e
Trust: 1.1
url:https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3cdev.tomcat.apache.org%3e
Trust: 1.1
url:https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3cdev.tomcat.apache.org%3e
Trust: 1.1
url:http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html
Trust: 1.1
url:http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_during
Trust: 1.1
url:http://clicky.me/tlsvuln
Trust: 1.1
url:http://kbase.redhat.com/faq/docs/doc-20491
Trust: 1.1
url:http://support.apple.com/kb/ht4004
Trust: 1.1
url:http://support.apple.com/kb/ht4170
Trust: 1.1
url:http://support.apple.com/kb/ht4171
Trust: 1.1
url:http://support.avaya.com/css/p8/documents/100070150
Trust: 1.1
url:http://support.avaya.com/css/p8/documents/100081611
Trust: 1.1
url:http://support.avaya.com/css/p8/documents/100114315
Trust: 1.1
url:http://support.avaya.com/css/p8/documents/100114327
Trust: 1.1
url:http://support.citrix.com/article/ctx123359
Trust: 1.1
url:http://support.zeus.com/zws/media/docs/4.3/release_notes
Trust: 1.1
url:http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_released
Trust: 1.1
url:http://sysoev.ru/nginx/patch.cve-2009-3555.txt
Trust: 1.1
url:http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html
Trust: 1.1
url:http://wiki.rpath.com/advisories:rpsa-2009-0155
Trust: 1.1
url:http://www-01.ibm.com/support/docview.wss?uid=swg21426108
Trust: 1.1
url:http://www-01.ibm.com/support/docview.wss?uid=swg21432298
Trust: 1.1
url:http://www-01.ibm.com/support/docview.wss?uid=swg24006386
Trust: 1.1
url:http://www-01.ibm.com/support/docview.wss?uid=swg24025312
Trust: 1.1
url:http://www.arubanetworks.com/support/alerts/aid-020810.txt
Trust: 1.1
url:http://www.betanews.com/article/1257452450
Trust: 1.1
url:http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs10-030/index.html
Trust: 1.1
url:http://www.ingate.com/relnote.php?ver=481
Trust: 1.1
url:http://www.mozilla.org/security/announce/2010/mfsa2010-22.html
Trust: 1.1
url:http://www.openssl.org/news/secadv_20091111.txt
Trust: 1.1
url:http://www.opera.com/docs/changelogs/unix/1060/
Trust: 1.1
url:http://www.opera.com/support/search/view/944/
Trust: 1.1
url:http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html
Trust: 1.1
url:http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html
Trust: 1.1
url:http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html
Trust: 1.1
url:http://www.proftpd.org/docs/release_notes-1.3.2c
Trust: 1.1
url:http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html
Trust: 1.1
url:http://www.tombom.co.uk/blog/?p=85
Trust: 1.1
url:http://www.vmware.com/security/advisories/vmsa-2010-0019.html
Trust: 1.1
url:http://www.vmware.com/security/advisories/vmsa-2011-0003.html
Trust: 1.1
url:http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html
Trust: 1.1
url:http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html
Trust: 1.1
url:https://bugzilla.mozilla.org/show_bug.cgi?id=526689
Trust: 1.1
url:https://bugzilla.mozilla.org/show_bug.cgi?id=545755
Trust: 1.1
url:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05150888
Trust: 1.1
url:https://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html
Trust: 1.1
url:http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html
Trust: 1.1
url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10088
Trust: 1.1
url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a11578
Trust: 1.1
url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a11617
Trust: 1.1
url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a7315
Trust: 1.1
url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a7478
Trust: 1.1
url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a7973
Trust: 1.1
url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a8366
Trust: 1.1
url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a8535
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/54158
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3555
Trust: 1.0
url:http://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2
Trust: 1.0
url:http://marc.info/?l=bugtraq&m=126150535619567&w=2
Trust: 1.0
url:http://marc.info/?l=bugtraq&m=127128920008563&w=2
Trust: 1.0
url:http://marc.info/?l=bugtraq&m=127419602507642&w=2
Trust: 1.0
url:http://marc.info/?l=bugtraq&m=127557596201693&w=2
Trust: 1.0
url:http://marc.info/?l=bugtraq&m=130497311408250&w=2
Trust: 1.0
url:http://marc.info/?l=bugtraq&m=132077688910227&w=2
Trust: 1.0
url:http://marc.info/?l=bugtraq&m=133469267822771&w=2
Trust: 1.0
url:http://marc.info/?l=bugtraq&m=134254866602253&w=2
Trust: 1.0
url:http://marc.info/?l=bugtraq&m=142660345230545&w=2
Trust: 1.0
url:http://marc.info/?l=cryptography&m=125752275331877&w=2
Trust: 1.0
url:http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.597446
Trust: 1.0
url:http://www-1.ibm.com/support/search.wss?rs=0&q=pm00675&apar=only
Trust: 1.0
url:https://kb.bluecoat.com/index?page=content&id=sa50
Trust: 1.0
url:http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00014.html
Trust: 0.8
url:http://cvs.openssl.org/chngview?cn=18790
Trust: 0.8
url:http://www.links.org/files/no-renegotiation-2.patch
Trust: 0.8
url:http://blog.zoller.lu/2009/11/new-sslv3-tls-vulnerability-mitm.html
Trust: 0.8
url:http://jvn.jp/cert/jvnvu120541
Trust: 0.8
url:http://jvn.jp/cert/jvnvu490671
Trust: 0.8
url:http://jvn.jp/tr/jvntr-2010-22
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-3555
Trust: 0.8
url:http://secunia.com/advisories/38338
Trust: 0.8
url:http://secunia.com/advisories/38728
Trust: 0.8
url:http://secunia.com/advisories/38608
Trust: 0.8
url:http://secunia.com/advisories/44292
Trust: 0.8
url:http://secunia.com/advisories/44293
Trust: 0.8
url:http://secunia.com/advisories/40879
Trust: 0.8
url:http://secunia.com/advisories/44260
Trust: 0.8
url:http://secunia.com/advisories/37566
Trust: 0.8
url:http://www.us-cert.gov/cas/alerts/sa10-222a.html
Trust: 0.8
url:http://www.vupen.com/english/advisories/2010/1280
Trust: 0.8
url:http://www.vupen.com/english/advisories/2010/2660
Trust: 0.8
url:http://www.vupen.com/english/advisories/2010/1942
Trust: 0.8
url:http://www.vupen.com/english/advisories/2009/3393
Trust: 0.8
url:http://www.vupen.com/english/advisories/2010/0125
Trust: 0.8
url:http://www.vupen.com/english/advisories/2010/0212
Trust: 0.8
url:http://www.vupen.com/english/advisories/2010/0457
Trust: 0.8
url:http://www.vupen.com/english/advisories/2010/2046
Trust: 0.8
url:http://www.vupen.com/english/advisories/2011/1039
Trust: 0.8
url:http://www.itrc.hp.com/service/cki/secbullarchive.do
Trust: 0.4
url:http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na&langcode=useng&jumpid=in_sc-gen__driveritrc&topiccode=itrc
Trust: 0.4
url:http://h30046.www3.hp.com/subsignin.php
Trust: 0.4
url:https://nvd.nist.gov/vuln/detail/cve-2010-0085
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2010-0084
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2010-0091
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2010-0089
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2010-0093
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2010-0082
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2010-0088
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2010-0092
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2010-0094
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2009-3548
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2009-2902
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2010-0087
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2009-2693
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2010-0095
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2009-2901
Trust: 0.2
url:http://secunia.com/products/corporate/evm/
Trust: 0.2
url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
Trust: 0.2
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.2
url:http://secunia.com/vulnerability_scanning/personal/
Trust: 0.2
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.2
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.2
url:https://www.hp.com/go/swa
Trust: 0.2
url:http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/
Trust: 0.2
url:http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Trust: 0.2
url:https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c02964430
Trust: 0.2
url:http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.6.orig.tar.gz
Trust: 0.2
url:http://marc.info/?l=bugtraq&amp;m=132077688910227&amp;w=2
Trust: 0.1
url:http://marc.info/?l=bugtraq&amp;m=142660345230545&amp;w=2
Trust: 0.1
url:http://marc.info/?l=bugtraq&amp;m=127419602507642&amp;w=2
Trust: 0.1
url:http://marc.info/?l=bugtraq&amp;m=134254866602253&amp;w=2
Trust: 0.1
url:http://marc.info/?l=bugtraq&amp;m=130497311408250&amp;w=2
Trust: 0.1
url:http://marc.info/?l=bugtraq&amp;m=133469267822771&amp;w=2
Trust: 0.1
url:http://marc.info/?l=bugtraq&amp;m=126150535619567&amp;w=2
Trust: 0.1
url:http://marc.info/?l=bugtraq&amp;m=127128920008563&amp;w=2
Trust: 0.1
url:http://marc.info/?l=bugtraq&amp;m=127557596201693&amp;w=2
Trust: 0.1
url:http://www-1.ibm.com/support/search.wss?rs=0&amp;q=pm00675&amp;apar=only
Trust: 0.1
url:http://slackware.com/security/viewer.php?l=slackware-security&amp;y=2009&amp;m=slackware-security.597446
Trust: 0.1
url:http://marc.info/?l=apache-httpd-announce&amp;m=125755783724966&amp;w=2
Trust: 0.1
url:http://marc.info/?l=cryptography&amp;m=125752275331877&amp;w=2
Trust: 0.1
url:https://kb.bluecoat.com/index?page=content&amp;id=sa50
Trust: 0.1
url:http://www.procurve.com/customercare/support/software/network-security.htm
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3556
Trust: 0.1
url:http://secunia.com/
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0086
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1086
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0730
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1088
Trust: 0.1
url:http://kb.vmware.com/kb/1027919
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2939
Trust: 0.1
url:http://kb.vmware.com/kb/1055
Trust: 0.1
url:http://downloads.vmware.com/support/vsphere4/doc/vsp_esxi41_u1_rel_notes.html
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3571
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0095
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0307
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0092
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0093
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3548
Trust: 0.1
url:http://kb.vmware.com/kb/1031330
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3554
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3562
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0088
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3557
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3550
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0085
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1384
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3567
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0838
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2008-0086
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-0003
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0837
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3553
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0106
Trust: 0.1
url:http://www.vmware.com/support/policies/eos_vi.html
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2227
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2008-0107
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2902
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2901
Trust: 0.1
url:http://downloads.vmware.com/support/vsphere4/doc/vsp_esx41_u1_rel_notes.html
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1085
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0091
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0841
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0840
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0291
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2248
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0415
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3561
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3541
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3559
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3565
Trust: 0.1
url:http://kb.vmware.com/kb/1027904
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0107
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0433
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0842
Trust: 0.1
url:http://www.vmware.com/support/policies/eos.html
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3574
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0886
Trust: 0.1
url:http://downloads.vmware.com/d/info/datacenter_downloads/vmware_vsphere_4/4_0
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0734
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1157
Trust: 0.1
url:http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0094
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0007
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0850
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2524
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0839
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1087
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0622
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0090
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2008-3825
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3573
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1084
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2008-5416
Trust: 0.1
url:http://www.vmware.com/security/advisories
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2009-1384
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-0008
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0849
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2070
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-4308
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3549
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3548
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2693
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2009-4308
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-0007
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3568
Trust: 0.1
url:http://www.vmware.com/support/policies/security_response.html
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0084
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-5416
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3864
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3825
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0410
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1321
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3572
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1437
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0003
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3566
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0847
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0740
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0082
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0437
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0844
Trust: 0.1
url:http://downloads.vmware.com/support/pubs/vs_pages/vsp_pubs_esx41_vc41.html
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2066
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0089
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0087
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1436
Trust: 0.1
url:http://kb.vmware.com/kb/1029353
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2008-0085
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0846
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2226
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1173
Trust: 0.1
url:http://lists.grok.org.uk/full-disclosure-charter.html
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0008
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1641
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2928
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2008-0106
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0845
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0848
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1187
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2521
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3569
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0085
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-0090
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3081
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3551
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0843
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-3010
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2009-4143
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-2068
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2009-4018
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-3011
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2009-4017
Trust: 0.1
url:http://www.hp.com/servers/manage/smh
Trust: 0.1
url:https://ca.secunia.com/?page=viewadvisory&vuln_id=44293
Trust: 0.1
url:http://secunia.com/advisories/44293/
Trust: 0.1
url:http://secunia.com/research/
Trust: 0.1
url:http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html#appendixas
Trust: 0.1
url:http://secunia.com/advisories/44293/#comments
Trust: 0.1
url:http://secunia.com/company/jobs/open_positions/reverse_engineer
Trust: 0.1
url:http://security.freebsd.org/>.
Trust: 0.1
url:http://security.freebsd.org/advisories/freebsd-sa-09:15.ssl.asc
Trust: 0.1
url:http://security.freebsd.org/patches/sa-09:15/ssl.patch.asc
Trust: 0.1
url:http://security.freebsd.org/patches/sa-09:15/ssl.patch
Trust: 0.1
url:http://www.freebsd.org/handbook/makeworld.html>
Trust: 0.1
url:http://www.cisco.com/en/us/products/products_security_vulnerability_policy.html.
Trust: 0.1
url:http://www.cisco.com/warp/public/707/cisco-sa-20091109-tls.shtml
Trust: 0.1
url:http://www.cisco.com/pcgi-bin/support/bugtool/launch_bugtool.pl
Trust: 0.1
url:http://www.cisco.com/en/us/support/tsd_cisco_worldwide_contacts.html
Trust: 0.1
url:http://www.cisco.com/warp/public/707/cisco-sa-20091109-tls.shtml.
Trust: 0.1
url:http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html
Trust: 0.1
url:http://www.cisco.com.
Trust: 0.1
url:http://www.cisco.com/go/psirt.
Trust: 0.1
url:http://www.cisco.com/en/us/docs/general/warranty/english/eu1ken_.html,
Trust: 0.1
url:http://www.cisco.com/public/sw-center/sw-usingswc.shtml.
Trust: 0.1
url:http://intellishield.cisco.com/security/alertmanager/cvss
Trust: 0.1
url:http://www.debian.org/security/faq
Trust: 0.1
url:http://www.debian.org/security/
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-0842
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-0838
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-0841
Trust: 0.1
url:http://www.hp.com/go/java
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-0839
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-0837
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-0840
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2012-0130
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2012-0128
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2012-0129
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2008-7270
Trust: 0.1
url:http://h20000.www2.hp.com/bizsupport/techsupport/softwareindex.jsp?lang=en&cc=us&prodnameid=3188475&prodtypeid=329290&prodseriesid=3188465&swlang=8&taskid=135&swenvoid=1113
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.6-0ubuntu0.9.04.1.diff.gz
Trust: 0.1
url:http://www.canonical.com
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_i386.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_amd64.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_powerpc.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_sparc.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_lpia.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_powerpc.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_amd64.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_i386.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.6-0ubuntu0.9.04.1.dsc
Trust: 0.1
url:http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_sparc.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_powerpc.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_i386.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_powerpc.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_lpia.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_i386.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_amd64.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_i386.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_lpia.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_sparc.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_amd64.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_sparc.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_powerpc.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_lpia.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_amd64.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_sparc.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_lpia.deb
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-0740
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-0433
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2009-4355
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2009-3245
Trust: 0.1
url:http://www.openoffice.org/security/cves/cve-2010-0395.html
Trust: 0.1
url:http://secunia.com/advisories/40070/#comments
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/corporate/webinars/
Trust: 0.1
url:http://secunia.com/advisories/40070/
Trust: 0.1
url:https://ca.secunia.com/?page=viewadvisory&vuln_id=40070
Trust: 0.1
url:http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.10.1_sparc.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.10.1_powerpc.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.10.1_amd64.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.10.1_powerpc.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.10.1_lpia.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.10.1_lpia.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.10.1_powerpc.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.10.1_sparc.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.10.1_i386.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.10.1_i386.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.10.1_sparc.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.10.1_amd64.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.10.1_i386.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.6-0ubuntu0.9.10.1.dsc
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.10.1_i386.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.10.1_amd64.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.6-0ubuntu0.9.10.1.diff.gz
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.10.1_sparc.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.10.1_lpia.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.10.1_powerpc.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.10.1_i386.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.10.1_lpia.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.10.1_amd64.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.10.1_lpia.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.10.1_powerpc.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.10.1_amd64.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.10.1_sparc.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.12_powerpc.udeb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3.10_sparc.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.12_powerpc.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.1_powerpc.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.10_powerpc.udeb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.12_i386.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-16ubuntu3.2_lpia.udeb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-16ubuntu3.2_powerpc.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8g-16ubuntu3.2_i386.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-16ubuntu3.2.dsc
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.10_amd64.udeb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ubuntu3.10_amd64.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-15ubuntu3.5_sparc.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8k-7ubuntu8.1_sparc.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.12_amd64.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.1.dsc
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.10_i386.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.10_amd64.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-15ubuntu3.5.dsc
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8k-7ubuntu8.1_sparc.udeb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15ubuntu3.5_i386.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15ubuntu3.5_amd64.udeb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.1_i386.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.12_sparc.udeb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu3.10_i386.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-15ubuntu3.5.diff.gz
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.10_lpia.udeb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8g-16ubuntu3.2_i386.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8k-7ubuntu8.1_amd64.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.12_powerpc.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl-doc_0.9.8k-7ubuntu8.1_all.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl-doc_0.9.8g-15ubuntu3.5_all.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-16ubuntu3.2_powerpc.udeb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ubuntu3.10_powerpc.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu3.10_amd64.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-16ubuntu3.2_amd64.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8g-15ubuntu3.5_i386.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a.orig.tar.gz
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-16ubuntu3.2_powerpc.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-15ubuntu3.5_lpia.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ubuntu3.10_sparc.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8k-7ubuntu8.1_i386.udeb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.12_i386.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8k-7ubuntu8.1_i386.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15ubuntu3.5_amd64.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.10_sparc.udeb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.10_sparc.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.10.dsc
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.10_powerpc.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-16ubuntu3.2_amd64.udeb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu3.10_powerpc.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8g-15ubuntu3.5_i386.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15ubuntu3.5_sparc.udeb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ubuntu3.10_i386.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g.orig.tar.gz
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3.10_lpia.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-16ubuntu3.2_sparc.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8k.orig.tar.gz
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-15ubuntu3.5_powerpc.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.12_amd64.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.12_sparc.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15ubuntu3.5_i386.udeb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.12_i386.udeb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-16ubuntu3.2_lpia.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.12_amd64.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8g-16ubuntu3.2_amd64.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8k-7ubuntu8.1_powerpc.udeb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.12_i386.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-16ubuntu3.2_i386.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-16ubuntu3.2_sparc.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8k-7ubuntu8.1_powerpc.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-15ubuntu3.5_powerpc.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ubuntu3.10_lpia.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-16ubuntu3.2_lpia.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-16ubuntu3.2_sparc.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.12_sparc.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.12.diff.gz
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.12_sparc.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-16ubuntu3.2_lpia.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-16ubuntu3.2_sparc.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8k-7ubuntu8.1_powerpc.udeb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8k-7ubuntu8.1_powerpc.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8k-7ubuntu8.1_amd64.udeb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl-doc_0.9.8g-4ubuntu3.10_all.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-16ubuntu3.2_amd64.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8k-7ubuntu8.1_amd64.deb
Trust: 0.1
url:http://www.openssl.org/docs/ssl/ssl_ctx_set_options.html#secure_renegotiation
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3.10_powerpc.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-15ubuntu3.5_lpia.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.12_i386.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8k-7ubuntu8.1_sparc.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15ubuntu3.5_lpia.udeb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-16ubuntu3.2_sparc.udeb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8k-7ubuntu8.1_i386.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.10.diff.gz
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15ubuntu3.5_sparc.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-15ubuntu3.5_i386.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.1_sparc.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-15ubuntu3.5_powerpc.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8k-7ubuntu8.1_amd64.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8g-15ubuntu3.5_amd64.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.1.diff.gz
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.12.dsc
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15ubuntu3.5_powerpc.udeb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu3.10_sparc.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3.10_i386.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3.10_amd64.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15ubuntu3.5_powerpc.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8k-7ubuntu8.1_sparc.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.12_powerpc.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.1_amd64.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.12_sparc.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-16ubuntu3.2_lpia.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.12_amd64.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-15ubuntu3.5_amd64.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-16ubuntu3.2_i386.udeb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-15ubuntu3.5_sparc.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8g-16ubuntu3.2_amd64.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8g-15ubuntu3.5_amd64.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-16ubuntu3.2.diff.gz
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8k-7ubuntu8.1_i386.udeb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15ubuntu3.5_lpia.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.10_i386.udeb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.12_powerpc.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.10_lpia.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-16ubuntu3.2_i386.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-16ubuntu3.2_powerpc.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8k-7ubuntu8.1_powerpc.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-15ubuntu3.5_sparc.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl-doc_0.9.8g-16ubuntu3.2_all.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8k-7ubuntu8.1_i386.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-15ubuntu3.5_lpia.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-16ubuntu3.2_powerpc.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.12_amd64.udeb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8k-7ubuntu8.1_amd64.udeb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8k-7ubuntu8.1_sparc.udeb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu3.10_lpia.deb
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2011-2204
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2009-0033
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2011-2526
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2011-3190
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2009-0580
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2009-0781
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-4476
Trust: 0.1
url:http://h71000.www7.hp.com/openvms/products/ips/apache/csws_java.html
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2011-1184
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-1157
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2011-2729
Trust: 0.1
sources:
            
            
            CERT/CC: VU#120541 // 
            
            
            
            VULHUB: VHN-41001 // 
            
            
            
            JVNDB: JVNDB-2009-002319 // 
            
            
            
            PACKETSTORM: 92497 // 
            
            
            
            PACKETSTORM: 98419 // 
            
            
            
            PACKETSTORM: 93944 // 
            
            
            
            PACKETSTORM: 100761 // 
            
            
            
            PACKETSTORM: 83414 // 
            
            
            
            PACKETSTORM: 82657 // 
            
            
            
            PACKETSTORM: 97489 // 
            
            
            
            PACKETSTORM: 90262 // 
            
            
            
            PACKETSTORM: 111583 // 
            
            
            
            PACKETSTORM: 92095 // 
            
            
            
            PACKETSTORM: 88387 // 
            
            
            
            PACKETSTORM: 90344 // 
            
            
            
            PACKETSTORM: 88224 // 
            
            
            
            PACKETSTORM: 94087 // 
            
            
            
            PACKETSTORM: 111920 // 
            
            
            
            NVD: CVE-2009-3555

CREDITS
Hewlett Packard
Trust: 0.4
sources:
            
            
            PACKETSTORM: 92497 // 
            
            
            
            PACKETSTORM: 93944 // 
            
            
            
            PACKETSTORM: 90262 // 
            
            
            
            PACKETSTORM: 88387

SOURCES
db:CERT/CCid:VU#120541
db:VULHUBid:VHN-41001
db:JVNDBid:JVNDB-2009-002319
db:PACKETSTORMid:92497
db:PACKETSTORMid:98419
db:PACKETSTORMid:93944
db:PACKETSTORMid:100761
db:PACKETSTORMid:83414
db:PACKETSTORMid:82657
db:PACKETSTORMid:97489
db:PACKETSTORMid:90262
db:PACKETSTORMid:111583
db:PACKETSTORMid:92095
db:PACKETSTORMid:88387
db:PACKETSTORMid:90344
db:PACKETSTORMid:88224
db:PACKETSTORMid:94087
db:PACKETSTORMid:111920
db:NVDid:CVE-2009-3555

LAST UPDATE DATE
2024-11-20T19:38:55.542000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#120541date:2011-07-22T00:00:00
db:VULHUBid:VHN-41001date:2023-02-13T00:00:00
db:JVNDBid:JVNDB-2009-002319date:2016-09-08T00:00:00
db:NVDid:CVE-2009-3555date:2023-02-13T02:20:27.983

SOURCES RELEASE DATE
db:CERT/CCid:VU#120541date:2009-11-11T00:00:00
db:VULHUBid:VHN-41001date:2009-11-09T00:00:00
db:JVNDBid:JVNDB-2009-002319date:2009-12-14T00:00:00
db:PACKETSTORMid:92497date:2010-08-06T17:53:12
db:PACKETSTORMid:98419date:2011-02-11T13:13:00
db:PACKETSTORMid:93944date:2010-09-17T00:35:23
db:PACKETSTORMid:100761date:2011-04-24T07:03:07
db:PACKETSTORMid:83414date:2009-12-03T21:01:42
db:PACKETSTORMid:82657date:2009-11-17T01:21:40
db:PACKETSTORMid:97489date:2011-01-13T03:33:06
db:PACKETSTORMid:90262date:2010-06-04T04:23:32
db:PACKETSTORMid:111583date:2012-04-05T00:45:56
db:PACKETSTORMid:92095date:2010-07-23T18:03:56
db:PACKETSTORMid:88387date:2010-04-15T22:26:05
db:PACKETSTORMid:90344date:2010-06-07T16:47:06
db:PACKETSTORMid:88224date:2010-04-10T03:47:45
db:PACKETSTORMid:94087date:2010-09-21T22:54:11
db:PACKETSTORMid:111920date:2012-04-17T20:41:11
db:NVDid:CVE-2009-3555date:2009-11-09T17:30:00.407