ID

VAR-201201-0312


CVE

CVE-2011-4577


TITLE

Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier use a vulnerable version of OpenSSL

Trust: 0.8

sources: CERT/CC: VU#737740

DESCRIPTION

OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC 3779 support is enabled, allows remote attackers to cause a denial of service (assertion failure) via an X.509 certificate containing certificate-extension data associated with (1) IP address blocks or (2) Autonomous System (AS) identifiers. Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier use a vulnerable version of OpenSSL (0.9.8o). OpenSSL prone to multiple security vulnerabilities. An attacker may leverage these issues to obtain sensitive information, cause a denial-of-service condition and perform unauthorized actions. HP SSL for OpenVMS v 1.4-453 (based on OpenSSL 0.9.8o stream) and earlier. HP System Management Homepage (SMH) before v7.1.1 running on Linux and Windows. HP System Management Homepage v7.1.1 is available here: HP System Management Homepage for Windows x64 [Download here] or enter the following URL into the browser address window. http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail s/?sp4ts.oid=4091409&spf_p.tpst=psiSwdMain&spf_p.prp_psiSwdMain=wsrp-navigati onalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa meId%253D4091409%257CswEnvOID%253D4064%257CswLang%253D8%257CswItem%253DMTX-ab 0d4e9bb4654a8da503eccfd9%257Cmode%253D3%257Caction%253DdriverDocument&javax.p ortlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vign ette.cachetoken HP System Management Homepage for Windows x86 [Download here] or enter the following URL into the browser address window. http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail s/?sp4ts.oid=4091409&spf_p.tpst=psiSwdMain&spf_p.prp_psiSwdMain=wsrp-navigati onalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa meId%253D4091409%257CswEnvOID%253D4022%257CswLang%253D8%257CswItem%253DMTX-f7 c0d15d28474255bd0ec23136%257Cmode%253D3%257Caction%253DdriverDocument&javax.p ortlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vign ette.cachetoken HP System Management Homepage for Linux (AMD64/EM64T) [Download here] or enter the following URL into the browser address window. http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail s/?sp4ts.oid=4091409&spf_p.tpst=psiSwdMain&spf_p.prp_psiSwdMain=wsrp-navigati onalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa meId%253D4091409%257CswEnvOID%253D4035%257CswLang%253D8%257CswItem%253DMTX-18 d373dd1361400fbaca892942%257Cmode%253D3%257Caction%253DdriverDocument&javax.p ortlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vign ette.cachetoken HP System Management Homepage for Linux (x86) [Download here] or enter the following URL into the browser address window. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201203-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: OpenSSL: Multiple vulnerabilities Date: March 06, 2012 Bugs: #397695, #399365 ID: 201203-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in OpenSSL, allowing remote attackers to cause a Denial of Service or obtain sensitive information. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/openssl < 1.0.0g *>= 0.9.8t >= 1.0.0g Description =========== Multiple vulnerabilities have been found in OpenSSL: * Timing differences for decryption are exposed by CBC mode encryption in OpenSSL's implementation of DTLS (CVE-2011-4108). * Invalid parameters in the GOST block cipher are not properly handled by the GOST ENGINE(CVE-2012-0027). * An incorrect fix for CVE-2011-4108 creates an unspecified vulnerability for DTLS applications using OpenSSL (CVE-2012-0050). Workaround ========== There is no known workaround at this time. Resolution ========== All OpenSSL users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.0g" References ========== [ 1 ] CVE-2011-4108 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4108 [ 2 ] CVE-2011-4109 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4109 [ 3 ] CVE-2011-4576 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4576 [ 4 ] CVE-2011-4577 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4577 [ 5 ] CVE-2011-4619 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4619 [ 6 ] CVE-2012-0027 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0027 [ 7 ] CVE-2012-0050 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0050 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201203-12.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openssl security update Advisory ID: RHSA-2012:0059-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0059.html Issue date: 2012-01-24 CVE Names: CVE-2011-4108 CVE-2011-4576 CVE-2011-4577 CVE-2011-4619 ===================================================================== 1. Summary: Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was discovered that the Datagram Transport Layer Security (DTLS) protocol implementation in OpenSSL leaked timing information when performing certain operations. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a DTLS server as a padding oracle. (CVE-2011-4108) An information leak flaw was found in the SSL 3.0 protocol implementation in OpenSSL. Incorrect initialization of SSL record padding bytes could cause an SSL client or server to send a limited amount of possibly sensitive data to its SSL peer via the encrypted connection. (CVE-2011-4576) A denial of service flaw was found in the RFC 3779 implementation in OpenSSL. A remote attacker could use this flaw to make an application using OpenSSL exit unexpectedly by providing a specially-crafted X.509 certificate that has malformed RFC 3779 extension data. (CVE-2011-4577) It was discovered that OpenSSL did not limit the number of TLS/SSL handshake restarts required to support Server Gated Cryptography. A remote attacker could use this flaw to make a TLS/SSL server using OpenSSL consume an excessive amount of CPU by continuously restarting the handshake. (CVE-2011-4619) All OpenSSL users should upgrade to these updated packages, which contain backported patches to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 771770 - CVE-2011-4108 openssl: DTLS plaintext recovery attack 771775 - CVE-2011-4576 openssl: uninitialized SSL 3.0 padding 771778 - CVE-2011-4577 openssl: malformed RFC 3779 data can cause assertion failures 771780 - CVE-2011-4619 openssl: SGC restart DoS attack 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm i386: openssl-1.0.0-20.el6_2.1.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm x86_64: openssl-1.0.0-20.el6_2.1.i686.rpm openssl-1.0.0-20.el6_2.1.x86_64.rpm openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm i386: openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-devel-1.0.0-20.el6_2.1.i686.rpm openssl-perl-1.0.0-20.el6_2.1.i686.rpm openssl-static-1.0.0-20.el6_2.1.i686.rpm x86_64: openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm openssl-devel-1.0.0-20.el6_2.1.i686.rpm openssl-devel-1.0.0-20.el6_2.1.x86_64.rpm openssl-perl-1.0.0-20.el6_2.1.x86_64.rpm openssl-static-1.0.0-20.el6_2.1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm x86_64: openssl-1.0.0-20.el6_2.1.i686.rpm openssl-1.0.0-20.el6_2.1.x86_64.rpm openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm x86_64: openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm openssl-devel-1.0.0-20.el6_2.1.i686.rpm openssl-devel-1.0.0-20.el6_2.1.x86_64.rpm openssl-perl-1.0.0-20.el6_2.1.x86_64.rpm openssl-static-1.0.0-20.el6_2.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm i386: openssl-1.0.0-20.el6_2.1.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-devel-1.0.0-20.el6_2.1.i686.rpm ppc64: openssl-1.0.0-20.el6_2.1.ppc.rpm openssl-1.0.0-20.el6_2.1.ppc64.rpm openssl-debuginfo-1.0.0-20.el6_2.1.ppc.rpm openssl-debuginfo-1.0.0-20.el6_2.1.ppc64.rpm openssl-devel-1.0.0-20.el6_2.1.ppc.rpm openssl-devel-1.0.0-20.el6_2.1.ppc64.rpm s390x: openssl-1.0.0-20.el6_2.1.s390.rpm openssl-1.0.0-20.el6_2.1.s390x.rpm openssl-debuginfo-1.0.0-20.el6_2.1.s390.rpm openssl-debuginfo-1.0.0-20.el6_2.1.s390x.rpm openssl-devel-1.0.0-20.el6_2.1.s390.rpm openssl-devel-1.0.0-20.el6_2.1.s390x.rpm x86_64: openssl-1.0.0-20.el6_2.1.i686.rpm openssl-1.0.0-20.el6_2.1.x86_64.rpm openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm openssl-devel-1.0.0-20.el6_2.1.i686.rpm openssl-devel-1.0.0-20.el6_2.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm i386: openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-perl-1.0.0-20.el6_2.1.i686.rpm openssl-static-1.0.0-20.el6_2.1.i686.rpm ppc64: openssl-debuginfo-1.0.0-20.el6_2.1.ppc64.rpm openssl-perl-1.0.0-20.el6_2.1.ppc64.rpm openssl-static-1.0.0-20.el6_2.1.ppc64.rpm s390x: openssl-debuginfo-1.0.0-20.el6_2.1.s390x.rpm openssl-perl-1.0.0-20.el6_2.1.s390x.rpm openssl-static-1.0.0-20.el6_2.1.s390x.rpm x86_64: openssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm openssl-perl-1.0.0-20.el6_2.1.x86_64.rpm openssl-static-1.0.0-20.el6_2.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm i386: openssl-1.0.0-20.el6_2.1.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-devel-1.0.0-20.el6_2.1.i686.rpm x86_64: openssl-1.0.0-20.el6_2.1.i686.rpm openssl-1.0.0-20.el6_2.1.x86_64.rpm openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm openssl-devel-1.0.0-20.el6_2.1.i686.rpm openssl-devel-1.0.0-20.el6_2.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm i386: openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-perl-1.0.0-20.el6_2.1.i686.rpm openssl-static-1.0.0-20.el6_2.1.i686.rpm x86_64: openssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm openssl-perl-1.0.0-20.el6_2.1.x86_64.rpm openssl-static-1.0.0-20.el6_2.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-4108.html https://www.redhat.com/security/data/cve/CVE-2011-4576.html https://www.redhat.com/security/data/cve/CVE-2011-4577.html https://www.redhat.com/security/data/cve/CVE-2011-4619.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFPHySOXlSAg2UNWIIRAlYpAKCQCY5k4gZ5VKOHZekEaWFHDNjGZwCZAdR3 CJl5iUxU4cxJLOsSBESSRVs= =PMiS -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Relevant releases/architectures: RHEV Hypervisor for RHEL-6 - noarch 3. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. A heap overflow flaw was found in the way QEMU-KVM emulated the e1000 network interface card. A privileged guest user in a virtual machine whose network interface is configured to use the e1000 emulated driver could use this flaw to crash the host or, possibly, escalate their privileges on the host. The security fixes included in this update address the following CVE numbers: CVE-2009-5029 and CVE-2011-4609 (glibc issues) CVE-2012-0056 (kernel issue) CVE-2011-4108 and CVE-2012-0050 (openssl issues) This update also fixes the following bugs: * Previously, it was possible to begin a Hypervisor installation without any valid disks to install to. Now, if no valid disks are found for Hypervisor installation, a message is displayed informing the user that there are no valid disks for installation. (BZ#781471) * Previously, the user interface for the Hypervisor did not indicate whether the system was registered with Red Hat Network (RHN) Classic or RHN Satellite. As a result, customers could not easily determine the registration status of their Hypervisor installations. The TUI has been updated to display the registration status of the Hypervisor. (BZ#788223) * Previously, autoinstall would fail if the firstboot or reinstall options were passed but local_boot or upgrade were not passed. Now, neither the local_boot or upgrade parameters are required for autoinstall. 788225 - autoinstall fails when local_boot or upgrade not passed on command line 788226 - rhev-hypervisor6 6.2 Update 2 Release bugzilla 6. Release Date: 2012-01-19 Last Updated: 2012-01-19 ------------------------------------------------------------------------------ Potential Security Impact: Remote Denial of Service (DoS), unauthorized access Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP-UX OpenSSL. This vulnerability could be exploited remotely to create a Denial of Service (DoS) or to gain unauthorized access. SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, B.11.31 running OpenSSL before vA.00.09.08s. BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2011-3210 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2011-4108 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2011-4109 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 9.3 CVE-2011-4576 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2011-4577 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2011-4619 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has provided upgrades to resolve this vulnerability. The upgrades are available from the following location ftp://ossl098s:Secure12@ftp.usa.hp.com HP-UX Release / Depot Name B.11.11 PA (32 and 64) / OpenSSL_A.00.09.08s.001_HP-UX_B.11.11_32+64.depot B.11.23 (PA and IA) / OpenSSL_A.00.09.08s.002_HP-UX_B.11.23_IA-PA.depot B.11.31 (PA and IA) / OpenSSL_A.00.09.08s.003_HP-UX_B.11.31_IA-PA.depot MANUAL ACTIONS: Yes - Update Install OpenSSL A.00.09.08s or subsequent PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant. AFFECTED VERSIONS HP-UX B.11.11 ================== openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: Install revision A.00.09.08s.001 or subsequent HP-UX B.11.23 ================== openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: Install revision A.00.09.08s.002 or subsequent HP-UX B.11.31 ================== openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: Install revision A.00.09.08s.003 or subsequent END AFFECTED VERSIONS HISTORY Version:1 (rev.1) 19 January 2012 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430 Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. DTLS Plaintext Recovery Attack (CVE-2011-4108) ============================================== Nadhem Alfardan and Kenny Paterson have discovered an extension of the Vaudenay padding oracle attack on CBC mode encryption which enables an efficient plaintext recovery attack against the OpenSSL implementation of DTLS. Their attack exploits timing differences arising during decryption processing. A research paper describing this attack can be found at http://www.isg.rhul.ac.uk/~kp/dtls.pdf Thanks go to Nadhem Alfardan and Kenny Paterson of the Information Security Group at Royal Holloway, University of London (www.isg.rhul.ac.uk) for discovering this flaw and to Robin Seggelmann <seggelmann@fh-muenster.de> and Michael Tuexen <tuexen@fh-muenster.de> for preparing the fix. Double-free in Policy Checks (CVE-2011-4109) ============================================ If X509_V_FLAG_POLICY_CHECK is set in OpenSSL 0.9.8, then a policy check failure can lead to a double-free. The bug does not occur unless this flag is set. Users of OpenSSL 1.0.0 are not affected. This flaw was discovered by Ben Laurie and a fix provided by Emilia Kasper <ekasper@google.com> of Google. This affects both clients and servers that accept SSL 3.0 handshakes: those that call SSL_CTX_new with SSLv3_{server|client}_method or SSLv23_{server|client}_method. It does not affect TLS. This could include sensitive contents of previously freed memory. However, in practice, most deployments do not use SSL_MODE_RELEASE_BUFFERS and therefore have a single write buffer per connection. That write buffer is partially filled with non-sensitive, handshake data at the beginning of the connection and, thereafter, only records which are longer any any previously sent record leak any non-encrypted data. This, combined with the small number of bytes leaked per record, serves to limit to severity of this issue. Thanks to Adam Langley <agl@chromium.org> for identifying and fixing this issue. Malformed RFC 3779 Data Can Cause Assertion Failures (CVE-2011-4577) ==================================================================== RFC 3779 data can be included in certificates, and if it is malformed, may trigger an assertion failure. This could be used in a denial-of-service attack. Note, however, that in the standard release of OpenSSL, RFC 3779 support is disabled by default, and in this case OpenSSL is not vulnerable. Builds of OpenSSL are vulnerable if configured with "enable-rfc3779". Thanks to Andrew Chi, BBN Technologies, for discovering the flaw, and Rob Austein <sra@hactrn.net> for fixing it. Thanks to George Kadianakis <desnacked@gmail.com> for identifying this issue and to Adam Langley <agl@chromium.org> for fixing it. Invalid GOST parameters DoS Attack (CVE-2012-0027) =================================================== A malicious TLS client can send an invalid set of GOST parameters which will cause the server to crash due to lack of error checking. This could be used in a denial-of-service attack. Only users of the OpenSSL GOST ENGINE are affected by this bug. Thanks to Andrey Kulikov <amdeich@gmail.com> for identifying and fixing this issue. References ========== URL for this Security Advisory: https://www.openssl.org/news/secadv_20120104.txt

Trust: 2.61

sources: NVD: CVE-2011-4577 // CERT/CC: VU#737740 // BID: 51281 // VULMON: CVE-2011-4577 // PACKETSTORM: 114105 // PACKETSTORM: 114272 // PACKETSTORM: 110482 // PACKETSTORM: 109053 // PACKETSTORM: 109788 // PACKETSTORM: 109073 // PACKETSTORM: 169679

AFFECTED PRODUCTS

vendor:opensslmodel:opensslscope:eqversion:1.0.0

Trust: 1.6

vendor:opensslmodel:opensslscope:eqversion:1.0.0b

Trust: 1.6

vendor:opensslmodel:opensslscope:eqversion:1.0.0a

Trust: 1.6

vendor:opensslmodel:opensslscope:eqversion:1.0.0c

Trust: 1.6

vendor:opensslmodel:opensslscope:eqversion:0.9.6i

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6b

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.5a

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6e

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6d

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.7a

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.8m

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.8

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.8f

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.7m

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6f

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.8p

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.7l

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6m

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6g

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.4

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.7i

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.8b

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.7h

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.8c

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.7f

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.8g

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.8q

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6k

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.8k

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6h

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.8i

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.1c

Trust: 1.0

vendor:opensslmodel:opensslscope:lteversion:0.9.8r

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.2b

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.7g

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.7e

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.8e

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.7j

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.8n

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.0d

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.7c

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.8a

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6l

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.8d

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.5

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6j

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6c

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.7d

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.8h

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.8o

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.7k

Trust: 1.0

vendor:opensslmodel:opensslscope:lteversion:1.0.0e

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.8l

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.8j

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.7

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6a

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.7b

Trust: 1.0

vendor:efimodel: - scope: - version: -

Trust: 0.8

vendor:opensslmodel:project openssl 0.9.8mscope: - version: -

Trust: 0.6

vendor:opensslmodel:project openssl 0.9.8nscope: - version: -

Trust: 0.6

vendor:opensslmodel:project openssl 0.9.8oscope: - version: -

Trust: 0.6

vendor:opensslmodel:opensslscope:eqversion:1.0.0e

Trust: 0.6

vendor:ibmmodel:informix generoscope:eqversion:2.32

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention systemscope:eqversion:4.1

Trust: 0.3

vendor:f5model:big-ip wom hf3scope:eqversion:11.2.1

Trust: 0.3

vendor:avayamodel:ip deskphonescope:eqversion:96x16.2

Trust: 0.3

vendor:avayamodel:aura system platformscope:neversion:6.2.1.0.9

Trust: 0.3

vendor:ibmmodel:hardware management console 7r7.7.0scope:neversion: -

Trust: 0.3

vendor:opensslmodel:project openssl 0.9.8fscope: - version: -

Trust: 0.3

vendor:f5model:big-ip psmscope:eqversion:11.4.1

Trust: 0.3

vendor:redhatmodel:enterprise linux serverscope:eqversion:6

Trust: 0.3

vendor:susemodel:linux enterprise sdk sp1scope:eqversion:11

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.0dscope: - version: -

Trust: 0.3

vendor:f5model:big-ip psmscope:eqversion:10.0

Trust: 0.3

vendor:f5model:big-ip apm hf5scope:eqversion:11.2.0

Trust: 0.3

vendor:ibmmodel:informix generoscope:eqversion:2.41

Trust: 0.3

vendor:f5model:big-ip psmscope:eqversion:10.2.4

Trust: 0.3

vendor:avayamodel:proactive contactscope:eqversion:4.1.1

Trust: 0.3

vendor:f5model:big-ip webaccelerator hf7scope:eqversion:11.1.0

Trust: 0.3

vendor:ibmmodel:tivoli netcool/omnibusscope:eqversion:7.3.1

Trust: 0.3

vendor:ibmmodel:tivoli composite application manager for transactionsscope:eqversion:7.3.0.1

Trust: 0.3

vendor:avayamodel:aura system managerscope:neversion:6.3

Trust: 0.3

vendor:opensslmodel:project openssl bscope:eqversion:0.9.8

Trust: 0.3

vendor:s u s emodel:opensusescope:eqversion:11.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:6.1

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:11.10

Trust: 0.3

vendor:redhatmodel:enterprise linux esscope:eqversion:4

Trust: 0.3

vendor:f5model:big-ip womscope:eqversion:10.0

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.2.1

Trust: 0.3

vendor:ibmmodel:hardware management console 7r7.2.0scope: - version: -

Trust: 0.3

vendor:ibmmodel:hardware management console 7r7.1.0 sp4scope: - version: -

Trust: 0.3

vendor:avayamodel:messaging storage serverscope:eqversion:5.0

Trust: 0.3

vendor:freebsdmodel:8.1-stablescope: - version: -

Trust: 0.3

vendor:ibmmodel:ds8870scope:eqversion:7.0

Trust: 0.3

vendor:f5model:big-ip asmscope:eqversion:11.3.0

Trust: 0.3

vendor:avayamodel:meeting exchange sp1scope:eqversion:5.1

Trust: 0.3

vendor:opensslmodel:project openssl kscope:eqversion:0.9.8

Trust: 0.3

vendor:f5model:big-ip ltmscope:eqversion:10.2.1

Trust: 0.3

vendor:junipermodel:junos space ja1500 appliancescope:eqversion: -

Trust: 0.3

vendor:ibmmodel:sterling connect:enterprise for unixscope:eqversion:2.5

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:10.04

Trust: 0.3

vendor:f5model:big-ip psmscope:eqversion:11.0

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:1.1

Trust: 0.3

vendor:f5model:big-ip asmscope:eqversion:11.4.1

Trust: 0.3

vendor:f5model:big-ip asm hf7scope:eqversion:11.1.0

Trust: 0.3

vendor:avayamodel:proactive contactscope:neversion:5.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.8.1

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:10.04

Trust: 0.3

vendor:f5model:big-ip asmscope:eqversion:10.0

Trust: 0.3

vendor:avayamodel:aura system managerscope:eqversion:6.1.3

Trust: 0.3

vendor:debianmodel:linux sparcscope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura system platformscope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:messaging storage serverscope:eqversion:5.2.8

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:1.1

Trust: 0.3

vendor:f5model:big-ip apm hf1scope:eqversion:10.2.1

Trust: 0.3

vendor:ibmmodel:tivoli composite application manager for transactionsscope:eqversion:7.1.0.1

Trust: 0.3

vendor:avayamodel:ip deskphonescope:eqversion:96x16

Trust: 0.3

vendor:avayamodel:aura system platform sp2scope:eqversion:6.0

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention systemscope:eqversion:2.5

Trust: 0.3

vendor:f5model:big-ip ltm hf2scope:eqversion:11.2.1

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:10.10

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.2

Trust: 0.3

vendor:ibmmodel:service delivery managerscope:eqversion:7.2.1

Trust: 0.3

vendor:avayamodel:voice portalscope:neversion:5.1.3

Trust: 0.3

vendor:f5model:big-ip psm hf1scope:eqversion:10.2.1

Trust: 0.3

vendor:avayamodel:aura session manager sp1scope:eqversion:5.2

Trust: 0.3

vendor:avayamodel:aura communication managerscope:eqversion:5.1

Trust: 0.3

vendor:junipermodel:junos space ja2500 appliancescope:eqversion: -

Trust: 0.3

vendor:ibmmodel:xiv storage system gen3 mtmscope:neversion:2812-11411.2

Trust: 0.3

vendor:susemodel:linux enterprise server sp4scope:eqversion:10

Trust: 0.3

vendor:ibmmodel:tivoli composite application manager for transactionsscope:eqversion:7.1.0

Trust: 0.3

vendor:f5model:big-ip asmscope:eqversion:11.0

Trust: 0.3

vendor:avayamodel:ip office application serverscope:eqversion:6.1

Trust: 0.3

vendor:ibmmodel:tivoli endpoint manager for remote controlscope:eqversion:8.2.1

Trust: 0.3

vendor:attachmatemodel:reflection sp1scope:eqversion:14.0

Trust: 0.3

vendor:avayamodel:aura communication manager sp4scope:neversion:5.2.1

Trust: 0.3

vendor:ubuntumodel:linux sparcscope:eqversion:10.04

Trust: 0.3

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:2010.1

Trust: 0.3

vendor:opensslmodel:project openssl jscope:eqversion:0.9.8

Trust: 0.3

vendor:ibmmodel:security virtual server protection for vmwarescope:eqversion:1.1.0.1

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:5.1.2

Trust: 0.3

vendor:f5model:big-ip apmscope:eqversion:10.2.1

Trust: 0.3

vendor:avayamodel:meeting exchange sp2scope:eqversion:5.0

Trust: 0.3

vendor:f5model:big-ip apm hf2scope:eqversion:11.2.1

Trust: 0.3

vendor:avayamodel:aura application server sip corescope:eqversion:53002.0

Trust: 0.3

vendor:f5model:big-ip ltm hf1scope:eqversion:10.2.1

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention systemscope:eqversion:3.3

Trust: 0.3

vendor:avayamodel:meeting exchangescope:eqversion:5.0.0.52

Trust: 0.3

vendor:ibmmodel:tivoli netcool/system service monitor fp11scope:eqversion:4.0.0

Trust: 0.3

vendor:f5model:big-ip webaccelerator hf1scope:eqversion:10.2.1

Trust: 0.3

vendor:freebsdmodel:8.2-stablescope: - version: -

Trust: 0.3

vendor:f5model:big-ip webacceleratorscope:eqversion:10.0

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:ip office application serverscope:eqversion:8.0

Trust: 0.3

vendor:avayamodel:aura sip enablement servicesscope:eqversion:5.0

Trust: 0.3

vendor:ibmmodel:xiv storage system gen3 mtm 11.1.0.ascope:eqversion:2810-114

Trust: 0.3

vendor:junipermodel:junos spacescope:eqversion:13.1

Trust: 0.3

vendor:f5model:big-ip analyticsscope:eqversion:11.1.0

Trust: 0.3

vendor:f5model:big-ip psmscope:eqversion:11.3

Trust: 0.3

vendor:ibmmodel:tivoli netcool/system service monitor fp12scope:eqversion:4.0.0

Trust: 0.3

vendor:f5model:arxscope:eqversion:6.0

Trust: 0.3

vendor:ibmmodel:tivoli composite application manager for transactionsscope:eqversion:7.2.0

Trust: 0.3

vendor:f5model:enterprise managerscope:eqversion:2.1

Trust: 0.3

vendor:ibmmodel:sterling connect:express for unixscope:eqversion:1.4.6

Trust: 0.3

vendor:ibmmodel:sterling connect:enterprise for unixscope:eqversion:2.44

Trust: 0.3

vendor:vmwaremodel:esxscope:eqversion:3.5

Trust: 0.3

vendor:ibmmodel:hardware management console 7r7.1.0 sp3scope: - version: -

Trust: 0.3

vendor:avayamodel:aura messagingscope:eqversion:6.0

Trust: 0.3

vendor:f5model:big-ip apmscope:eqversion:10.1

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.1.2

Trust: 0.3

vendor:f5model:big-ip gtmscope:eqversion:10.2.2

Trust: 0.3

vendor:f5model:big-ip asmscope:eqversion:10.2.40

Trust: 0.3

vendor:f5model:arxscope:eqversion:6.4

Trust: 0.3

vendor:avayamodel:aura system managerscope:eqversion:5.2

Trust: 0.3

vendor:f5model:big-ip analyticsscope:eqversion:11.2.1

Trust: 0.3

vendor:opensslmodel:project openssl 0.9.8rscope: - version: -

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.0

Trust: 0.3

vendor:f5model:big-ip edge gatewayscope:eqversion:11.1

Trust: 0.3

vendor:f5model:big-ip gtmscope:eqversion:11.1.0

Trust: 0.3

vendor:junipermodel:junos space 14.1r1scope:neversion: -

Trust: 0.3

vendor:f5model:big-ip ltm hf3scope:eqversion:11.2.1

Trust: 0.3

vendor:f5model:big-ip analytics hf4scope:eqversion:11.3.0

Trust: 0.3

vendor:f5model:big-ip link controller hf1scope:eqversion:10.2.1

Trust: 0.3

vendor:freebsdmodel:8.3-stablescope: - version: -

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.7.4

Trust: 0.3

vendor:ibmmodel:tivoli network manager fp7scope:eqversion:3.8

Trust: 0.3

vendor:avayamodel:messaging storage serverscope:eqversion:5.2

Trust: 0.3

vendor:bsdperimetermodel:pfsensescope:neversion:2.0.2

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention systemscope:eqversion:4.3

Trust: 0.3

vendor:f5model:arxscope:eqversion:6.3

Trust: 0.3

vendor:avayamodel:aura system managerscope:eqversion:6.1.1

Trust: 0.3

vendor:f5model:big-ip asm hf1scope:eqversion:11.2.1

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:8.1

Trust: 0.3

vendor:f5model:big-ip ltm hf7scope:eqversion:11.1.0

Trust: 0.3

vendor:redhatmodel:enterprise linux desktopscope:eqversion:6

Trust: 0.3

vendor:ibmmodel:tivoli netcool/system service monitor fp2scope:eqversion:4.0.0

Trust: 0.3

vendor:f5model:big-ip ltmscope:eqversion:11.4.1

Trust: 0.3

vendor:f5model:big-ip edge gatewayscope:eqversion:10.2.4

Trust: 0.3

vendor:junipermodel:junos space 13.1p1.14scope: - version: -

Trust: 0.3

vendor:ibmmodel:tivoli netcool/omnibusscope:eqversion:7.2.1

Trust: 0.3

vendor:f5model:big-ip womscope:eqversion:10.2.2

Trust: 0.3

vendor:f5model:big-ip ltmscope:eqversion:10.0

Trust: 0.3

vendor:avayamodel:proactive contactscope:eqversion:4.2.2

Trust: 0.3

vendor:f5model:arxscope:eqversion:6.2

Trust: 0.3

vendor:f5model:big-ip womscope:eqversion:11.1.0

Trust: 0.3

vendor:avayamodel:meeting exchange sp1scope:eqversion:5.0

Trust: 0.3

vendor:opensslmodel:project openssl 0.9.8pscope: - version: -

Trust: 0.3

vendor:attachmatemodel:reflection for ibmscope:eqversion:20070

Trust: 0.3

vendor:f5model:big-ip afmscope:eqversion:11.3

Trust: 0.3

vendor:f5model:enterprise managerscope:eqversion:3.0

Trust: 0.3

vendor:avayamodel:message networkingscope:eqversion:5.2.3

Trust: 0.3

vendor:ibmmodel:hardware management console 7r7.3.0scope: - version: -

Trust: 0.3

vendor:hpmodel:ssl for openvmsscope:eqversion:1.3

Trust: 0.3

vendor:f5model:big-ip psmscope:eqversion:11.2.1

Trust: 0.3

vendor:f5model:big-ip gtm hf1scope:eqversion:10.2.1

Trust: 0.3

vendor:ibmmodel:cloudburstscope:eqversion:2.1

Trust: 0.3

vendor:debianmodel:linux ia-64scope:eqversion:6.0

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:6.2

Trust: 0.3

vendor:f5model:big-ip ltm hf4scope:eqversion:11.3.0

Trust: 0.3

vendor:avayamodel:voice portal sp1scope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:messaging storage serverscope:neversion:5.2.14

Trust: 0.3

vendor:opensslmodel:project openssl 0.9.8sscope:neversion: -

Trust: 0.3

vendor:f5model:big-ip edge gatewayscope:eqversion:11.0

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:5.1

Trust: 0.3

vendor:vmwaremodel:esxiscope:eqversion:5.0

Trust: 0.3

vendor:susemodel:linux enterprise server sp3 ltssscope:eqversion:10

Trust: 0.3

vendor:f5model:big-ip analytics hf5scope:eqversion:11.2.0

Trust: 0.3

vendor:f5model:big-ip womscope:eqversion:11.2.1

Trust: 0.3

vendor:avayamodel:aura sip enablement servicesscope:eqversion:5.1

Trust: 0.3

vendor:ibmmodel:sterling connect:direct for microsoft windowsscope:eqversion:4.5.01

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention systemscope:eqversion:4.5

Trust: 0.3

vendor:avayamodel:voice portal sp2scope:eqversion:5.0

Trust: 0.3

vendor:f5model:big-ip apmscope:eqversion:11.3.0

Trust: 0.3

vendor:ibmmodel:cloudburstscope:eqversion:2.1.1

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop versionscope:eqversion:4

Trust: 0.3

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:2011

Trust: 0.3

vendor:f5model:big-ip asm hf5scope:eqversion:10.2.4

Trust: 0.3

vendor:redhatmodel:enterprise linux workstationscope:eqversion:6

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:10.10

Trust: 0.3

vendor:avayamodel:meeting exchange sp2scope:eqversion:5.2

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop clientscope:eqversion:5

Trust: 0.3

vendor:avayamodel:aura messagingscope:eqversion:6.0.1

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention systemscope:eqversion:4.4

Trust: 0.3

vendor:opensslmodel:project openssl 0.9.8qscope: - version: -

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.4

Trust: 0.3

vendor:f5model:big-ip apmscope:eqversion:11.4.1

Trust: 0.3

vendor:avayamodel:aura session manager sp1scope:eqversion:6.1

Trust: 0.3

vendor:avayamodel:aura sip enablement servicesscope:eqversion:5.2

Trust: 0.3

vendor:f5model:big-ip aamscope:eqversion:11.4.0

Trust: 0.3

vendor:s u s emodel:opensusescope:eqversion:11.4

Trust: 0.3

vendor:avayamodel:aura presence servicesscope:eqversion:6.1

Trust: 0.3

vendor:f5model:big-ip apmscope:eqversion:10.2.4

Trust: 0.3

vendor:hpmodel:ssl for openvmsscope:eqversion:1.4-453

Trust: 0.3

vendor:f5model:big-ip ltm hf5scope:eqversion:11.2.0

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.0fscope:neversion: -

Trust: 0.3

vendor:ubuntumodel:linux lts sparcscope:eqversion:8.04

Trust: 0.3

vendor:hpmodel:onboard administratorscope:eqversion:3.50

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.1

Trust: 0.3

vendor:ibmmodel:tivoli netcool/system service monitor fp10scope:eqversion:4.0.0

Trust: 0.3

vendor:f5model:big-ip aamscope:eqversion:11.4.1

Trust: 0.3

vendor:ubuntumodel:linux lts i386scope:eqversion:8.04

Trust: 0.3

vendor:f5model:big-ip webacceleratorscope:eqversion:11.2.00

Trust: 0.3

vendor:hpmodel:onboard administratorscope:eqversion:3.55

Trust: 0.3

vendor:f5model:big-ip asm hf3scope:eqversion:11.2.1

Trust: 0.3

vendor:f5model:big-ip analyticsscope:eqversion:11.0.0

Trust: 0.3

vendor:avayamodel:messaging storage server sp2scope:eqversion:5.2

Trust: 0.3

vendor:avayamodel:messaging storage server sp1scope:eqversion:5.1

Trust: 0.3

vendor:ibmmodel:smart analytics systemscope:eqversion:56001

Trust: 0.3

vendor:vmwaremodel:esxiscope:eqversion:3.5

Trust: 0.3

vendor:f5model:big-ip psm hf4scope:eqversion:11.3.0

Trust: 0.3

vendor:f5model:big-ip apm hf7scope:eqversion:11.1.0

Trust: 0.3

vendor:f5model:big-ip edge gatewayscope:eqversion:10.2.1

Trust: 0.3

vendor:f5model:big-ip psm hf5scope:eqversion:11.2.0

Trust: 0.3

vendor:ibmmodel:sterling connect:direct for microsoft windowsscope:eqversion:4.5.00

Trust: 0.3

vendor:ibmmodel:infosphere balanced warehouse c4000scope: - version: -

Trust: 0.3

vendor:f5model:big-ip wom hf5scope:eqversion:11.2.0

Trust: 0.3

vendor:f5model:big-ip apmscope:eqversion:11.0

Trust: 0.3

vendor:f5model:big-ip asm hf4scope:eqversion:11.3.0

Trust: 0.3

vendor:ibmmodel:service delivery managerscope:eqversion:7.2.4

Trust: 0.3

vendor:ibmmodel:tivoli composite application manager for transactionsscope:eqversion:7.2.0.1

Trust: 0.3

vendor:opensslmodel:project openssl 0.9.8gscope: - version: -

Trust: 0.3

vendor:avayamodel:meeting exchangescope:eqversion:5.0

Trust: 0.3

vendor:f5model:big-ip webacceleratorscope:eqversion:11.2.1

Trust: 0.3

vendor:avayamodel:voice portal sp1scope:eqversion:5.1

Trust: 0.3

vendor:debianmodel:linux amd64scope:eqversion:6.0

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:4

Trust: 0.3

vendor:f5model:big-ip link controllerscope:eqversion:10.2.2

Trust: 0.3

vendor:redhatmodel:jboss enterprise application platformscope:eqversion:5.1.2

Trust: 0.3

vendor:f5model:big-ip edge gatewayscope:eqversion:10.1

Trust: 0.3

vendor:f5model:big-ip webaccelerator hf5scope:eqversion:11.2.0

Trust: 0.3

vendor:avayamodel:meeting exchange sp1scope:eqversion:5.2

Trust: 0.3

vendor:ubuntumodel:linux armscope:eqversion:10.04

Trust: 0.3

vendor:ibmmodel:tivoli workload scheduler for applications fp02scope:eqversion:8.4

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:11.04

Trust: 0.3

vendor:f5model:big-ip asm hf4scope:eqversion:10.2.4

Trust: 0.3

vendor:ibmmodel:xiv storage system gen3 mtmscope:eqversion:2812-11411.1.1

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention systemscope:eqversion:2.4

Trust: 0.3

vendor:avayamodel:meeting exchangescope:neversion:6.2

Trust: 0.3

vendor:redhatmodel:jboss enterprise web server for solarisscope:eqversion:1.0.2

Trust: 0.3

vendor:f5model:big-ip afmscope:eqversion:11.4.1

Trust: 0.3

vendor:ibmmodel:tivoli composite application manager for transactionsscope:eqversion:7.1.0.2

Trust: 0.3

vendor:ibmmodel:xiv storage system gen3 mtmscope:neversion:2810-11411.2

Trust: 0.3

vendor:f5model:big-ip wom hf3scope:eqversion:11.2.0

Trust: 0.3

vendor:debianmodel:linux mipsscope:eqversion:6.0

Trust: 0.3

vendor:junipermodel:junos spacescope:eqversion:13.3

Trust: 0.3

vendor:avayamodel:aura sip enablement servicesscope:eqversion:5.2.1

Trust: 0.3

vendor:ibmmodel:tivoli netcool/system service monitor fp13scope:eqversion:4.0.0

Trust: 0.3

vendor:hpmodel:hp-ux b.11.11scope: - version: -

Trust: 0.3

vendor:ibmmodel:tivoli remote controlscope:eqversion:5.1.2

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:1.4

Trust: 0.3

vendor:f5model:big-ip edge gateway hf1scope:eqversion:10.2.1

Trust: 0.3

vendor:f5model:big-ip ltmscope:eqversion:10.2.2

Trust: 0.3

vendor:avayamodel:message networking sp1scope:eqversion:5.2

Trust: 0.3

vendor:susemodel:linux enterprise server for vmware sp1scope:eqversion:11

Trust: 0.3

vendor:f5model:big-ip ltmscope:eqversion:11.1.0

Trust: 0.3

vendor:ibmmodel:infosphere balanced warehouse d5100scope: - version: -

Trust: 0.3

vendor:redhatmodel:enterprise linux wsscope:eqversion:4

Trust: 0.3

vendor:f5model:big-ip psm hf2scope:eqversion:11.2.1

Trust: 0.3

vendor:ibmmodel:tivoli netcool/system service monitor fp6scope:eqversion:4.0.0

Trust: 0.3

vendor:f5model:big-ip webaccelerator hf3scope:eqversion:11.2.1

Trust: 0.3

vendor:ibmmodel:cloudburstscope:eqversion:1.2

Trust: 0.3

vendor:ibmmodel:hardware management console 7r7.2.0 sp2scope: - version: -

Trust: 0.3

vendor:avayamodel:aura system managerscope:eqversion:6.1

Trust: 0.3

vendor:avayamodel:ip office application serverscope:eqversion:6.0

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention systemscope:eqversion:1.7

Trust: 0.3

vendor:avayamodel:proactive contactscope:eqversion:4.0

Trust: 0.3

vendor:avayamodel:aura system manager sp2scope:eqversion:6.1

Trust: 0.3

vendor:opensslmodel:project openssl 0.9.8lscope: - version: -

Trust: 0.3

vendor:f5model:big-ip wom hf7scope:eqversion:11.1.0

Trust: 0.3

vendor:avayamodel:messaging storage server sp3scope:eqversion:5.2

Trust: 0.3

vendor:f5model:big-ip analytics 11.0.0-hf2scope: - version: -

Trust: 0.3

vendor:f5model:big-ip ltmscope:eqversion:11.2.1

Trust: 0.3

vendor:junipermodel:junos spacescope:eqversion:0

Trust: 0.3

vendor:vmwaremodel:esxscope:eqversion:4.0

Trust: 0.3

vendor:mandrakesoftmodel:enterprise server x86 64scope:eqversion:5

Trust: 0.3

vendor:avayamodel:aura communication managerscope:eqversion:5.2

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:7.1

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.1

Trust: 0.3

vendor:opensslmodel:project openssl hscope:eqversion:0.9.8

Trust: 0.3

vendor:f5model:big-ip afm hf4scope:eqversion:11.3.0

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.1.3

Trust: 0.3

vendor:avayamodel:aura session manager sp2scope:eqversion:5.2

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention systemscope:eqversion:1.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.8.2

Trust: 0.3

vendor:f5model:big-ip asm hf1scope:eqversion:10.2.1

Trust: 0.3

vendor:opensslmodel:project openssl iscope:eqversion:0.9.8

Trust: 0.3

vendor:f5model:big-ip gtmscope:eqversion:10.2.1

Trust: 0.3

vendor:avayamodel:message networkingscope:eqversion:5.2

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:2010.1

Trust: 0.3

vendor:f5model:big-ip analytics hf2scope:eqversion:11.2.0

Trust: 0.3

vendor:redhatmodel:jboss enterprise application platformscope:eqversion:6.0

Trust: 0.3

vendor:f5model:big-ip analytics hf3scope:eqversion:11.2.1

Trust: 0.3

vendor:avayamodel:proactive contactscope:eqversion:4.2

Trust: 0.3

vendor:avayamodel:meeting exchangescope:eqversion:5.1

Trust: 0.3

vendor:avayamodel:aura system platformscope:eqversion:1.0

Trust: 0.3

vendor:redhatmodel:enterprise linux hpc node optionalscope:eqversion:6

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:5.2

Trust: 0.3

vendor:f5model:big-ip apm hf1scope:eqversion:11.2.1

Trust: 0.3

vendor:hpmodel:onboard administratorscope:neversion:3.56

Trust: 0.3

vendor:avayamodel:messaging storage serverscope:eqversion:5.2.12

Trust: 0.3

vendor:ibmmodel:tivoli endpoint manager for remote controlscope:eqversion:9.0

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:5

Trust: 0.3

vendor:ibmmodel:tivoli workload scheduler for applicationsscope:eqversion:8.6

Trust: 0.3

vendor:f5model:big-ip analyticsscope:eqversion:11.2

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:5.2.3

Trust: 0.3

vendor:mandrakesoftmodel:enterprise serverscope:eqversion:5

Trust: 0.3

vendor:f5model:big-ip psm hf1scope:eqversion:11.2.1

Trust: 0.3

vendor:f5model:big-ip ltm hf3scope:eqversion:11.2

Trust: 0.3

vendor:ibmmodel:security virtual server protection for vmwarescope:eqversion:1.1

Trust: 0.3

vendor:avayamodel:proactive contactscope:eqversion:4.1

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.0escope: - version: -

Trust: 0.3

vendor:avayamodel:iqscope:eqversion:4.0

Trust: 0.3

vendor:avayamodel:meeting exchangescope:eqversion:5.2

Trust: 0.3

vendor:avayamodel:aura communication manager utility servicesscope:eqversion:6.1

Trust: 0.3

vendor:hpmodel:ssl for openvmsscope:neversion:1.4-467

Trust: 0.3

vendor:opensslmodel:project openssl ascope:eqversion:0.9.8

Trust: 0.3

vendor:vmwaremodel:esxscope:eqversion:4.1

Trust: 0.3

vendor:attachmatemodel:reflectionscope:eqversion:14.1

Trust: 0.3

vendor:ibmmodel:infosphere balanced warehouse c3000scope: - version: -

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:5.3

Trust: 0.3

vendor:opensslmodel:project openssl cscope:eqversion:0.9.8

Trust: 0.3

vendor:hpmodel:ssl for openvmsscope:eqversion:1.4

Trust: 0.3

vendor:f5model:big-ip apm hf3scope:eqversion:11.2.0

Trust: 0.3

vendor:f5model:big-ip apmscope:eqversion:11.2.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.7.3

Trust: 0.3

vendor:ibmmodel:xiv storage system gen3 mtm 11.0.1.ascope:eqversion:2810-114

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.8

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:11.04

Trust: 0.3

vendor:redhatmodel:enterprise linux workstation optionalscope:eqversion:6

Trust: 0.3

vendor:f5model:big-ip asm hf5scope:eqversion:11.2.0

Trust: 0.3

vendor:efimodel:fiery print controllerscope:eqversion:2.0

Trust: 0.3

vendor:avayamodel:message networkingscope:eqversion:5.2.2

Trust: 0.3

vendor:avayamodel:iqscope:eqversion:4.2

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.2

Trust: 0.3

vendor:xeroxmodel:docucolor dc260scope:eqversion:0

Trust: 0.3

vendor:ibmmodel:tivoli netcool/system service monitor fp8scope:eqversion:4.0.0

Trust: 0.3

vendor:ibmmodel:tivoli netcool/omnibusscope:eqversion:7.3

Trust: 0.3

vendor:f5model:arxscope:eqversion:6.1.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.7.1

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:10.10

Trust: 0.3

vendor:f5model:big-ip asmscope:eqversion:11.2.00

Trust: 0.3

vendor:ibmmodel:service delivery managerscope:eqversion:7.2.2

Trust: 0.3

vendor:f5model:big-ip psmscope:eqversion:11.2

Trust: 0.3

vendor:f5model:big-ip ltm hf5scope:eqversion:11.2.1

Trust: 0.3

vendor:f5model:big-ip asmscope:eqversion:10.2.2

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:11.04

Trust: 0.3

vendor:xeroxmodel:docucolor dc242scope:eqversion:0

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.0cscope: - version: -

Trust: 0.3

vendor:f5model:big-ip asmscope:eqversion:11.1.0

Trust: 0.3

vendor:f5model:big-ip apm hf5scope:eqversion:11.2.1

Trust: 0.3

vendor:avayamodel:message networkingscope:eqversion:5.2.1

Trust: 0.3

vendor:ibmmodel:tivoli workload scheduler distributed fp03scope:eqversion:8.5

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.1.1

Trust: 0.3

vendor:f5model:big-ip womscope:eqversion:11.2

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:8.0

Trust: 0.3

vendor:f5model:big-ip apmscope:eqversion:11.4.0

Trust: 0.3

vendor:susemodel:linux enterprise server sp1scope:eqversion:11

Trust: 0.3

vendor:ibmmodel:smart analytics systemscope:eqversion:20500

Trust: 0.3

vendor:avayamodel:iqscope:eqversion:4.1

Trust: 0.3

vendor:ubuntumodel:linux armscope:eqversion:10.10

Trust: 0.3

vendor:avayamodel:messaging storage serverscope:eqversion:5.2.13

Trust: 0.3

vendor:avayamodel:aura sip enablement services sp4scope:neversion:5.2.1

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:6

Trust: 0.3

vendor:f5model:big-ip wom hf5scope:eqversion:11.2.1

Trust: 0.3

vendor:f5model:big-ip asmscope:eqversion:11.2.1

Trust: 0.3

vendor:attachmatemodel:reflection for ibmscope:eqversion:20080

Trust: 0.3

vendor:avayamodel:communication server 1000mscope:eqversion:7.0

Trust: 0.3

vendor:avayamodel:aura communication manager utility servicesscope:neversion:6.2.5.0.15

Trust: 0.3

vendor:opensslmodel:project openssl dscope:eqversion:0.9.8

Trust: 0.3

vendor:avayamodel:proactive contactscope:eqversion:4.2.1

Trust: 0.3

vendor:freebsdmodel:7.4-stablescope: - version: -

Trust: 0.3

vendor:avayamodel:messaging storage serverscope:eqversion:5.2.9

Trust: 0.3

vendor:ibmmodel:tivoli netcool/system service monitor fp4scope:eqversion:4.0.0

Trust: 0.3

vendor:ibmmodel:sterling connect:direct for unixscope:eqversion:4.0

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:2011

Trust: 0.3

vendor:f5model:big-ip asm hf2scope:eqversion:11.2.00

Trust: 0.3

vendor:ubuntumodel:linux lts lpiascope:eqversion:8.04

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.0bscope: - version: -

Trust: 0.3

vendor:f5model:big-ip analytics hf1scope:eqversion:11.2.1

Trust: 0.3

vendor:avayamodel:aura presence servicesscope:eqversion:6.0

Trust: 0.3

vendor:ibmmodel:smart analytics systemscope:eqversion:57100

Trust: 0.3

vendor:f5model:big-ip webaccelerator hf5scope:eqversion:11.2.1

Trust: 0.3

vendor:f5model:big-ip gtmscope:eqversion:10.0

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.0

Trust: 0.3

vendor:f5model:big-ip gtmscope:eqversion:10.2.4

Trust: 0.3

vendor:redhatmodel:enterprise linux asscope:eqversion:4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.3

Trust: 0.3

vendor:avayamodel:aura system manager sp1scope:eqversion:6.0

Trust: 0.3

vendor:bsdperimetermodel:pfsensescope:eqversion:2.0

Trust: 0.3

vendor:ibmmodel:tivoli netcool/system service monitor fp9scope:eqversion:4.0.0

Trust: 0.3

vendor:f5model:big-ip womscope:eqversion:11.3.0

Trust: 0.3

vendor:ibmmodel:tivoli workload scheduler distributed fp07scope:eqversion:8.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.8.3

Trust: 0.3

vendor:avayamodel:aura system manager sp1scope:eqversion:6.1

Trust: 0.3

vendor:avayamodel:aura communication managerscope:eqversion:4.0

Trust: 0.3

vendor:hpmodel:hp-ux b.11.31scope: - version: -

Trust: 0.3

vendor:avayamodel:aura system platformscope:eqversion:6.0.2

Trust: 0.3

vendor:ibmmodel:sterling connect:directscope:eqversion:3.5

Trust: 0.3

vendor:debianmodel:linux s/390scope:eqversion:6.0

Trust: 0.3

vendor:f5model:big-ip asm hf2scope:eqversion:11.2.1

Trust: 0.3

vendor:avayamodel:communication server 1000m signaling serverscope:eqversion:7.0

Trust: 0.3

vendor:avayamodel:aura experience portalscope:eqversion:6.0

Trust: 0.3

vendor:f5model:big-ip link controllerscope:eqversion:10.2.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.1

Trust: 0.3

vendor:avayamodel:messaging storage server sp1scope:eqversion:5.2

Trust: 0.3

vendor:opensslmodel:project openssl fscope:eqversion:0.9.8

Trust: 0.3

vendor:avayamodel:communication server 1000escope:eqversion:7.0

Trust: 0.3

vendor:ibmmodel:tivoli netcool/system service monitor fp5scope:eqversion:4.0.0

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.8.4

Trust: 0.3

vendor:f5model:big-ip gtmscope:eqversion:11.0

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.3

Trust: 0.3

vendor:ibmmodel:tivoli workload scheduler for applications fp01scope:eqversion:8.5

Trust: 0.3

vendor:f5model:big-ip psm hf3scope:eqversion:11.2.0

Trust: 0.3

vendor:avayamodel:aura session manager sp1scope:eqversion:6.0

Trust: 0.3

vendor:vmwaremodel:esxiscope:eqversion:4.1

Trust: 0.3

vendor:f5model:big-ip womscope:eqversion:10.2.4

Trust: 0.3

vendor:ibmmodel:sterling connect:direct for unixscope:eqversion:4.1

Trust: 0.3

vendor:ibmmodel:tivoli workload scheduler distributed fp02scope:eqversion:8.6

Trust: 0.3

vendor:ibmmodel:ds8870scope:eqversion:7.1

Trust: 0.3

vendor:f5model:big-ip pemscope:eqversion:11.3

Trust: 0.3

vendor:f5model:big-ip edge gatewayscope:eqversion:10.2.2

Trust: 0.3

vendor:avayamodel:proactive contactscope:eqversion:4.1.2

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:11.10

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.2

Trust: 0.3

vendor:f5model:big-ip apm hf4scope:eqversion:11.3.0

Trust: 0.3

vendor:avayamodel:aura session manager sp2scope:eqversion:6.1

Trust: 0.3

vendor:f5model:big-ip analytics hf2scope:eqversion:11.2.1

Trust: 0.3

vendor:debianmodel:linux armscope:eqversion:6.0

Trust: 0.3

vendor:ibmmodel:xiv storage system gen3 mtmscope:eqversion:2810-11411.1.1

Trust: 0.3

vendor:attachmatemodel:reflection sp1scope:eqversion:14.1

Trust: 0.3

vendor:f5model:big-ip psm hf7scope:eqversion:11.1.0

Trust: 0.3

vendor:avayamodel:aura presence servicesscope:eqversion:6.1.1

Trust: 0.3

vendor:f5model:big-ip womscope:eqversion:11.0

Trust: 0.3

vendor:f5model:big-ip asm hf3scope:eqversion:11.2.0

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:5.2

Trust: 0.3

vendor:redhatmodel:enterprise linux server optionalscope:eqversion:6

Trust: 0.3

vendor:avayamodel:aura application server sip core pb26scope:neversion:53002.0

Trust: 0.3

vendor:f5model:big-ip analyticsscope:eqversion:11.3

Trust: 0.3

vendor:ibmmodel:sterling connect:directscope:eqversion:3.6

Trust: 0.3

vendor:avayamodel:aura system managerscope:eqversion:6.1.2

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:1.5

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:7.0

Trust: 0.3

vendor:f5model:big-ip webaccelerator hf3scope:eqversion:11.2

Trust: 0.3

vendor:ibmmodel:xiv storage system gen3 mtm 11.1.0.ascope:eqversion:2812-114

Trust: 0.3

vendor:freebsdmodel:9.0-stablescope: - version: -

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:6.1.1

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.0

Trust: 0.3

vendor:ubuntumodel:linux lts amd64scope:eqversion:8.04

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.8

Trust: 0.3

vendor:avayamodel:aura system managerscope:eqversion:6.0

Trust: 0.3

vendor:f5model:big-ip webacceleratorscope:eqversion:11.1

Trust: 0.3

vendor:ibmmodel:xiv storage system gen3 mtmscope:eqversion:2810-11411

Trust: 0.3

vendor:ibmmodel:sterling connect:directscope:neversion:3.61

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.7.5

Trust: 0.3

vendor:ubuntumodel:linux lts powerpcscope:eqversion:8.04

Trust: 0.3

vendor:redhatmodel:enterprise virtualization hypervisor for rhelscope:eqversion:60

Trust: 0.3

vendor:f5model:big-ip ltmscope:eqversion:11.2

Trust: 0.3

vendor:susemodel:linux enterprise sdk sp4scope:eqversion:10

Trust: 0.3

vendor:f5model:big-ip apm hf3scope:eqversion:11.2.1

Trust: 0.3

vendor:ibmmodel:smart analytics systemscope:eqversion:56002

Trust: 0.3

vendor:ibmmodel:smart analytics systemscope:eqversion:76000

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:5.1.1

Trust: 0.3

vendor:avayamodel:aura experience portal sp1scope:eqversion:6.0

Trust: 0.3

vendor:ibmmodel:tivoli netcool/system service monitor fp3scope:eqversion:4.0.0

Trust: 0.3

vendor:f5model:arxscope:eqversion:6.1

Trust: 0.3

vendor:junipermodel:junos space r1.8scope:eqversion:13.1

Trust: 0.3

vendor:f5model:big-ip analytics hf3scope:eqversion:11.2

Trust: 0.3

vendor:f5model:big-ip apmscope:eqversion:10.2.2

Trust: 0.3

vendor:f5model:big-ip webacceleratorscope:eqversion:10.2.4

Trust: 0.3

vendor:ibmmodel:informix generoscope:eqversion:2.40

Trust: 0.3

vendor:f5model:big-ip psmscope:eqversion:10.2.1

Trust: 0.3

vendor:f5model:big-ip asmscope:eqversion:10.0.00

Trust: 0.3

vendor:avayamodel:aura messagingscope:eqversion:6.1

Trust: 0.3

vendor:f5model:big-ip asm hf5scope:eqversion:11.2.1

Trust: 0.3

vendor:f5model:big-ip ltm hf2scope:eqversion:11.2.0

Trust: 0.3

vendor:f5model:big-ip apmscope:eqversion:11.1.0

Trust: 0.3

vendor:avayamodel:messaging storage serverscope:eqversion:5.1

Trust: 0.3

vendor:opensslmodel:project openssl escope:eqversion:0.9.8

Trust: 0.3

vendor:avayamodel:aura system platform sp3scope:eqversion:6.0

Trust: 0.3

vendor:f5model:big-ip analytics hf5scope:eqversion:11.2.1

Trust: 0.3

vendor:susemodel:linux enterprise desktop sp1scope:eqversion:11

Trust: 0.3

vendor:f5model:big-ip link controllerscope:eqversion:11.1

Trust: 0.3

vendor:avayamodel:aura sip enablement servicesscope:eqversion:4.0

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.1

Trust: 0.3

vendor:f5model:big-ip womscope:eqversion:10.2.1

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:5.2.2

Trust: 0.3

vendor:f5model:enterprise managerscope:eqversion:2.3

Trust: 0.3

vendor:attachmatemodel:reflection for unix and openvmsscope:eqversion:20080

Trust: 0.3

vendor:ibmmodel:sterling connect:direct for microsoft windowsscope:eqversion:4.6.0

Trust: 0.3

vendor:redhatmodel:enterprise virtualization hypervisor for rhelscope:eqversion:50

Trust: 0.3

vendor:avayamodel:aura system managerscope:eqversion:6.2

Trust: 0.3

vendor:f5model:big-ip psm hf2scope:eqversion:11.2.0

Trust: 0.3

vendor:ibmmodel:tivoli netcool/system service monitor fp1scope:eqversion:4.0.0

Trust: 0.3

vendor:ibmmodel:tivoli network manager fp3scope:eqversion:3.9

Trust: 0.3

vendor:redhatmodel:jboss enterprise web server for windowsscope:eqversion:1.0.2

Trust: 0.3

vendor:f5model:big-ip webacceleratorscope:eqversion:11.0

Trust: 0.3

vendor:ibmmodel:sterling connect:express for unixscope:eqversion:1.5.0

Trust: 0.3

vendor:f5model:big-ip ltm hf1scope:eqversion:11.2.1

Trust: 0.3

vendor:ibmmodel:tivoli netcool/system service monitor fp7scope:eqversion:4.0.0

Trust: 0.3

vendor:freebsdmodel:9.0-releasescope: - version: -

Trust: 0.3

vendor:f5model:big-ip apm hf2scope:eqversion:11.2.0

Trust: 0.3

vendor:f5model:big-ip wom hf1scope:eqversion:10.2.1

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:5.2.1

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:7.4

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop optionalscope:eqversion:6

Trust: 0.3

vendor:ibmmodel:smart analytics systemscope:eqversion:77100

Trust: 0.3

vendor:avayamodel:aura communication manager utility servicesscope:eqversion:6.0

Trust: 0.3

vendor:ibmmodel:hardware management console 7r7.1.0scope: - version: -

Trust: 0.3

vendor:ibmmodel:xiv storage system gen3 mtm 11.0.1.ascope:eqversion:2812-114

Trust: 0.3

vendor:ibmmodel:tivoli composite application manager for transactionsscope:eqversion:7.3.0

Trust: 0.3

vendor:ibmmodel:smart analytics systemscope:eqversion:10500

Trust: 0.3

vendor:f5model:big-ip ltmscope:eqversion:11.3.0

Trust: 0.3

vendor:f5model:big-ip link controllerscope:eqversion:10.0

Trust: 0.3

vendor:avayamodel:ip office application serverscope:eqversion:7.0

Trust: 0.3

vendor:gentoomodel:linuxscope: - version: -

Trust: 0.3

vendor:f5model:big-ip link controllerscope:eqversion:10.2.4

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:10.04

Trust: 0.3

vendor:f5model:big-ip analytics hf7scope:eqversion:11.1.0

Trust: 0.3

vendor:redhatmodel:enterprise linux hpc nodescope:eqversion:6

Trust: 0.3

vendor:f5model:big-ip apmscope:eqversion:11.2

Trust: 0.3

vendor:ibmmodel:smart analytics systemscope:eqversion:77000

Trust: 0.3

vendor:f5model:big-ip asmscope:eqversion:10.2.1

Trust: 0.3

vendor:avayamodel:message networkingscope:eqversion:5.2.4

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:5.2

Trust: 0.3

vendor:avayamodel:aura system platformscope:eqversion:6.0.1

Trust: 0.3

vendor:f5model:big-ip pemscope:eqversion:11.4.1

Trust: 0.3

vendor:avayamodel:communication server 1000e signaling serverscope:eqversion:7.5

Trust: 0.3

vendor:avayamodel:ip deskphonescope:eqversion:96x16.3

Trust: 0.3

vendor:attachmatemodel:reflectionscope:eqversion:14.0

Trust: 0.3

vendor:redhatmodel:enterprise linux serverscope:eqversion:5

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:7.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.7

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.5

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:1.0

Trust: 0.3

vendor:debianmodel:linux ia-32scope:eqversion:6.0

Trust: 0.3

vendor:ibmmodel:tivoli composite application manager for transactionsscope:eqversion:7.2.0.2

Trust: 0.3

vendor:ubuntumodel:linux armscope:eqversion:11.04

Trust: 0.3

vendor:f5model:big-ip ltmscope:eqversion:10.2.4

Trust: 0.3

vendor:f5model:big-ip asmscope:eqversion:11.0.00

Trust: 0.3

vendor:f5model:big-ip link controllerscope:eqversion:11.0

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention systemscope:eqversion:3.2

Trust: 0.3

vendor:f5model:big-ip psm hf5scope:eqversion:11.2.1

Trust: 0.3

vendor:avayamodel:communication server 1000mscope:eqversion:7.5

Trust: 0.3

vendor:f5model:big-ip analyticsscope:eqversion:11.4.1

Trust: 0.3

vendor:ibmmodel:tivoli workload scheduler distributed fp04scope:eqversion:8.5.1

Trust: 0.3

vendor:avayamodel:communication server 1000e signaling serverscope:eqversion:7.0

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop workstation clientscope:eqversion:5

Trust: 0.3

vendor:xeroxmodel:docucolor dc252scope:eqversion:0

Trust: 0.3

vendor:avayamodel:proactive contactscope:eqversion:4.0.1

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:neversion:6.2

Trust: 0.3

vendor:ibmmodel:tivoli netcool/omnibusscope:eqversion:7.4

Trust: 0.3

vendor:ibmmodel:ds8870scope:neversion:7.2

Trust: 0.3

vendor:susemodel:linux enterprise desktop sp4scope:eqversion:10

Trust: 0.3

vendor:f5model:big-ip pem hf4scope:eqversion:11.3.0

Trust: 0.3

vendor:debianmodel:linux powerpcscope:eqversion:6.0

Trust: 0.3

vendor:f5model:big-ip ltmscope:eqversion:11.0

Trust: 0.3

vendor:avayamodel:aura conferencing standardscope:eqversion:6.0

Trust: 0.3

vendor:f5model:big-ip webacceleratorscope:eqversion:10.2.1

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention systemscope:eqversion:4.2

Trust: 0.3

vendor:vmwaremodel:esxiscope:eqversion:4.0

Trust: 0.3

vendor:ibmmodel:hardware management console 7r7.2.0 sp1scope: - version: -

Trust: 0.3

vendor:avayamodel:communication server 1000m signaling serverscope:eqversion:7.5

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:8.2

Trust: 0.3

vendor:f5model:big-ip webacceleratorscope:eqversion:11.3

Trust: 0.3

vendor:bsdperimetermodel:pfsensescope:eqversion:2.0.1

Trust: 0.3

vendor:avayamodel:messaging storage serverscope:eqversion:5.2.2

Trust: 0.3

vendor:avayamodel:message networkingscope:neversion:5.2.5

Trust: 0.3

vendor:avayamodel:aura application server sip corescope:eqversion:53002.1

Trust: 0.3

vendor:hpmodel:system management homepagescope:neversion:7.1.1

Trust: 0.3

vendor:avayamodel:communication server 1000escope:eqversion:7.5

Trust: 0.3

vendor:f5model:big-ip psm hf3scope:eqversion:11.2.1

Trust: 0.3

vendor:f5model:big-ip psmscope:eqversion:11.1

Trust: 0.3

vendor:avayamodel:messaging storage server sp2scope:eqversion:5.1

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.0ascope: - version: -

Trust: 0.3

vendor:ibmmodel:xiv storage system gen3 mtmscope:eqversion:2812-11411

Trust: 0.3

sources: CERT/CC: VU#737740 // BID: 51281 // CNNVD: CNNVD-201201-060 // NVD: CVE-2011-4577

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-4577
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-201201-060
value: MEDIUM

Trust: 0.6

VULMON: CVE-2011-4577
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2011-4577
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

sources: VULMON: CVE-2011-4577 // CNNVD: CNNVD-201201-060 // NVD: CVE-2011-4577

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.0

sources: NVD: CVE-2011-4577

THREAT TYPE

remote

Trust: 0.8

sources: PACKETSTORM: 110482 // PACKETSTORM: 109053 // CNNVD: CNNVD-201201-060

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201201-060

PATCH

title:openssl-1.0.0furl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=42348

Trust: 0.6

title:openssl-0.9.8surl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=42347

Trust: 0.6

title:Red Hat: Important: rhev-hypervisor6 security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20120109 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: openssl security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20120059 - Security Advisory

Trust: 0.1

title:Debian CVElist Bug Report Logs: Potential DTLS crasher bugurl:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=42b9da1ce27bbcacbdb9142890b6ad6b

Trust: 0.1

title:Debian CVElist Bug Report Logs: CVE-2011-4354: OpenSSL 0.9.8g (32-bit builds) bug leaks ECC private keysurl:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=ea25fd33228ddfe870d0eb9177265369

Trust: 0.1

title:Amazon Linux AMI: ALAS-2012-038url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2012-038

Trust: 0.1

title:Ubuntu Security Notice: openssl vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-1357-1

Trust: 0.1

title:VMware Security Advisories: VMware vSphere and vCOps updates to third party librariesurl:https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories&qid=ebfa7ecfec1f973ff975279d7fce2976

Trust: 0.1

title:git-vuln-finderurl:https://github.com/cve-search/git-vuln-finder

Trust: 0.1

title:vuln-finderurl:https://github.com/Ananya-0306/vuln-finder

Trust: 0.1

title:git-vuln-2url:https://github.com/darknsparkly777S/git-vuln-2

Trust: 0.1

sources: VULMON: CVE-2011-4577 // CNNVD: CNNVD-201201-060

EXTERNAL IDS

db:NVDid:CVE-2011-4577

Trust: 2.8

db:CERT/CCid:VU#737740

Trust: 2.2

db:SECUNIAid:57353

Trust: 1.1

db:AUSCERTid:ESB-2022.0696

Trust: 0.6

db:LENOVOid:LEN-24443

Trust: 0.6

db:CNNVDid:CNNVD-201201-060

Trust: 0.6

db:JUNIPERid:JSA10659

Trust: 0.3

db:BIDid:51281

Trust: 0.3

db:VULMONid:CVE-2011-4577

Trust: 0.1

db:PACKETSTORMid:116124

Trust: 0.1

db:PACKETSTORMid:114105

Trust: 0.1

db:PACKETSTORMid:114272

Trust: 0.1

db:PACKETSTORMid:110482

Trust: 0.1

db:PACKETSTORMid:109053

Trust: 0.1

db:PACKETSTORMid:109788

Trust: 0.1

db:PACKETSTORMid:109073

Trust: 0.1

db:PACKETSTORMid:169679

Trust: 0.1

sources: CERT/CC: VU#737740 // VULMON: CVE-2011-4577 // BID: 51281 // PACKETSTORM: 116124 // PACKETSTORM: 114105 // PACKETSTORM: 114272 // PACKETSTORM: 110482 // PACKETSTORM: 109053 // PACKETSTORM: 109788 // PACKETSTORM: 109073 // PACKETSTORM: 169679 // CNNVD: CNNVD-201201-060 // NVD: CVE-2011-4577

REFERENCES

url:http://www.kb.cert.org/vuls/id/737740

Trust: 1.5

url:http://www.openssl.org/news/secadv_20120104.txt

Trust: 1.5

url:http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03360041

Trust: 1.4

url:http://support.apple.com/kb/ht5784

Trust: 1.4

url:http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004564

Trust: 1.4

url:http://w3.efi.com/fiery

Trust: 1.1

url:http://lists.apple.com/archives/security-announce/2013/jun/msg00000.html

Trust: 1.1

url:http://lists.fedoraproject.org/pipermail/package-announce/2012-november/092905.html

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=132750648501816&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=134039053214295&w=2

Trust: 1.1

url:http://secunia.com/advisories/57353

Trust: 1.1

url:http://www.support.xerox.com/support/docucolor-242-252-260/downloads/enus.html?associatedproduct=fiery-exp260&operatingsystem=win7x64

Trust: 0.8

url:https://www.openssl.org/news/vulnerabilities.html

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2011-4577

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2011-4576

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2011-4108

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2011-4619

Trust: 0.7

url:https://www.auscert.org.au/bulletins/esb-2022.0696

Trust: 0.6

url:https://support.lenovo.com/us/en/solutions/len-24443

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2011-4109

Trust: 0.5

url:http://www.attachmate.com/

Trust: 0.3

url:http://www.ibm.com/support/docview.wss?uid=isg400001530

Trust: 0.3

url:http://www.ibm.com/support/docview.wss?uid=isg400001529

Trust: 0.3

url:https://www-304.ibm.com/connections/blogs/psirt/entry/security_bulletin_potential_security_exposure_when_using_ibm_infosphere_streams_due_to_vulnerabilities_in_ibm_java_se_version_6_sdk6?lang=en_us

Trust: 0.3

url:https://www14.software.ibm.com/webapp/iwm/web/prelogin.do?source=aixbp

Trust: 0.3

url:http://www.openssl.org

Trust: 0.3

url:http://support.avaya.com/css/p8/documents/100157565

Trust: 0.3

url:http://blog.pfsense.org/?p=676

Trust: 0.3

url:http://www.ibm.com/support/docview.wss?uid=swg21637929

Trust: 0.3

url:https://www.ibm.com/connections/blogs/psirt/entry/security_bulletin_ibm_tivoli_netcool_system_service_monitors_application_service_monitors_is_affected_by_multiple_openssl_vulnerabilities?lang=en_us

Trust: 0.3

url:http://support.attachmate.com/techdocs/1708.html

Trust: 0.3

url:http://support.attachmate.com/techdocs/2502.html

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21631429

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21626257

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21651196

Trust: 0.3

url:http://kb.juniper.net/infocenter/index?page=content&id=jsa10659

Trust: 0.3

url:http://support.avaya.com/css/p8/documents/100156631

Trust: 0.3

url:http://support.avaya.com/css/p8/documents/100156392

Trust: 0.3

url:http://support.avaya.com/css/p8/documents/100157969

Trust: 0.3

url:https://downloads.avaya.com/css/p8/documents/100161892

Trust: 0.3

url:https://downloads.avaya.com/css/p8/documents/100161590

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21650623

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21643698

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=nas12088ececb530423186257b410072035e

Trust: 0.3

url:http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03315912

Trust: 0.3

url:http://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c03383940

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21638022

Trust: 0.3

url:https://www.ibm.com/support/docview.wss?uid=swg21619837

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21631322

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=isg400001560

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg24030251

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg24033501

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004323

Trust: 0.3

url:http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc

Trust: 0.3

url:https://rhn.redhat.com/errata/rhsa-2012-1306.html

Trust: 0.3

url:https://rhn.redhat.com/errata/rhsa-2012-1307.html

Trust: 0.3

url:https://rhn.redhat.com/errata/rhsa-2012-1308.html

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21643442

Trust: 0.3

url:https://www-304.ibm.com/support/docview.wss?uid=swg21625170

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21651176

Trust: 0.3

url:https://www-304.ibm.com/support/docview.wss?uid=swg21627934

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21633107

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21635888

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21638669

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21638670

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21643439

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21643437

Trust: 0.3

url:http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15314.html

Trust: 0.3

url:http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15388.html?ref=rss

Trust: 0.3

url:http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15389.html?ref=rss

Trust: 0.3

url:http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15395.html?ref=rss

Trust: 0.3

url:http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15460.html?ref=rss

Trust: 0.3

url:http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15461.html?ref=rss

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21643316

Trust: 0.3

url:http://www.vmware.com/security/advisories/vmsa-2012-0013.html

Trust: 0.3

url:https://downloads.avaya.com/css/p8/documents/100158312

Trust: 0.3

url:https://downloads.avaya.com/css/p8/documents/100150578

Trust: 0.3

url:https://downloads.avaya.com/css/p8/documents/100156392

Trust: 0.3

url:http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/

Trust: 0.3

url:http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2012-0027

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2012-0050

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2012-1165

Trust: 0.2

url:https://h20566.www2.hp.com/portal/site/hpsc/public/kb/

Trust: 0.2

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.2

url:https://access.redhat.com/kb/docs/doc-11259

Trust: 0.2

url:https://access.redhat.com/security/team/key/#package

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2011-4577.html

Trust: 0.2

url:http://bugzilla.redhat.com/):

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2011-4619.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2011-4576.html

Trust: 0.2

url:https://access.redhat.com/security/team/contact/

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/399.html

Trust: 0.1

url:https://www.rapid7.com/db/vulnerabilities/hpsmh-cve-2011-4577

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2012:0109

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/cve-search/git-vuln-finder

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-4410

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-1020

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-4325

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-3209

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-0830

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-4110

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-4128

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-3363

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-5029

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-1833

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2496

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-2761

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-3188

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-5064

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-4180

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0014

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-1089

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2699

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-4252

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-4609

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-3597

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-4132

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-4324

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2484

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-2110

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-0884

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-2131

Trust: 0.1

url:http://h71000.www7.hp.com/openvms/products/ssl/ssl.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-0036

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-2016

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-0057

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-4078

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-0031

Trust: 0.1

url:http://h20566.www2.hp.com/portal/site/hpsc/template.page/public/psi/swddetail

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-4885

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2834

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-4317

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-1944

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-2014

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-0830

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-4153

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-1823

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-2013

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-4415

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-3607

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-0021

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-0053

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-2012

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-2015

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-3379

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2821

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4577

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4576

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0027

Trust: 0.1

url:http://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4619

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0050

Trust: 0.1

url:http://security.gentoo.org/glsa/glsa-201203-12.xml

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4109

Trust: 0.1

url:http://security.gentoo.org/

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4108

Trust: 0.1

url:https://rhn.redhat.com/errata/rhsa-2012-0059.html

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2011-4108.html

Trust: 0.1

url:https://rhn.redhat.com/errata/rhsa-2012-0109.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-0029

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2012-0029.html

Trust: 0.1

url:http://docs.redhat.com/docs/en-us/red_hat_enterprise_virtualization/3.0/html/technical_notes/

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-3210

Trust: 0.1

url:https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c02964430

Trust: 0.1

url:https://www.hp.com/go/swa

Trust: 0.1

url:http://www.isg.rhul.ac.uk/~kp/dtls.pdf

Trust: 0.1

url:https://www.isg.rhul.ac.uk)

Trust: 0.1

sources: CERT/CC: VU#737740 // VULMON: CVE-2011-4577 // BID: 51281 // PACKETSTORM: 116124 // PACKETSTORM: 114105 // PACKETSTORM: 114272 // PACKETSTORM: 110482 // PACKETSTORM: 109053 // PACKETSTORM: 109788 // PACKETSTORM: 109073 // PACKETSTORM: 169679 // CNNVD: CNNVD-201201-060 // NVD: CVE-2011-4577

CREDITS

Nadhem Alfardan and Kenny Paterson, Information Security Group at Royal Holloway, University of London, Ben Laurie, Adam Langley, Andrew Chi, BBN Technologies and Andrey Kulikov

Trust: 0.3

sources: BID: 51281

SOURCES

db:CERT/CCid:VU#737740
db:VULMONid:CVE-2011-4577
db:BIDid:51281
db:PACKETSTORMid:116124
db:PACKETSTORMid:114105
db:PACKETSTORMid:114272
db:PACKETSTORMid:110482
db:PACKETSTORMid:109053
db:PACKETSTORMid:109788
db:PACKETSTORMid:109073
db:PACKETSTORMid:169679
db:CNNVDid:CNNVD-201201-060
db:NVDid:CVE-2011-4577

LAST UPDATE DATE

2024-11-20T19:38:54.866000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#737740date:2013-05-02T00:00:00
db:VULMONid:CVE-2011-4577date:2014-03-26T00:00:00
db:BIDid:51281date:2015-04-13T21:31:00
db:CNNVDid:CNNVD-201201-060date:2022-02-18T00:00:00
db:NVDid:CVE-2011-4577date:2014-03-26T04:25:16.987

SOURCES RELEASE DATE

db:CERT/CCid:VU#737740date:2013-03-18T00:00:00
db:VULMONid:CVE-2011-4577date:2012-01-06T00:00:00
db:BIDid:51281date:2012-01-05T00:00:00
db:PACKETSTORMid:116124date:2012-09-01T00:00:25
db:PACKETSTORMid:114105date:2012-06-23T01:42:26
db:PACKETSTORMid:114272date:2012-06-28T03:39:12
db:PACKETSTORMid:110482date:2012-03-06T23:57:33
db:PACKETSTORMid:109053date:2012-01-24T23:58:58
db:PACKETSTORMid:109788date:2012-02-15T22:44:29
db:PACKETSTORMid:109073date:2012-01-25T16:35:29
db:PACKETSTORMid:169679date:2012-01-04T12:12:12
db:CNNVDid:CNNVD-201201-060date:2012-01-10T00:00:00
db:NVDid:CVE-2011-4577date:2012-01-06T01:55:00.957