ID

VAR-201410-1418


CVE

CVE-2014-3566


TITLE

HP Security Bulletin HPSBST03265

Trust: 0.1

sources: PACKETSTORM: 130644

DESCRIPTION

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. SSL protocol is the abbreviation of Secure Socket Layer protocol (Secure Socket Layer) developed by Netscape, which provides security and data integrity guarantee for Internet communication. There is a security vulnerability in the SSL protocol 3.0 version used in OpenSSL 1.0.1i and earlier versions. The vulnerability is caused by the program's use of non-deterministic CBC padding. Attackers can use padding-oracle attacks to exploit this vulnerability to implement man-in-the-middle attacks and obtain plaintext data. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.7.0-oracle security update Advisory ID: RHSA-2015:0079-01 Product: Oracle Java for Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0079.html Issue date: 2015-01-22 CVE Names: CVE-2014-3566 CVE-2014-6585 CVE-2014-6587 CVE-2014-6591 CVE-2014-6593 CVE-2014-6601 CVE-2015-0383 CVE-2015-0395 CVE-2015-0403 CVE-2015-0406 CVE-2015-0407 CVE-2015-0408 CVE-2015-0410 CVE-2015-0412 CVE-2015-0413 ===================================================================== 1. Summary: Updated java-1.7.0-oracle packages that fix several security issues are now available for Oracle Java for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. 2. Relevant releases/architectures: Oracle Java for Red Hat Enterprise Linux Client (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Client 5 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Desktop 5 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Desktop 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux HPC Node 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Server (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Server 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Workstation 6 - i386, x86_64 3. Description: Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2014-3566, CVE-2014-6585, CVE-2014-6587, CVE-2014-6591, CVE-2014-6593, CVE-2014-6601, CVE-2015-0383, CVE-2015-0395, CVE-2015-0403, CVE-2015-0406, CVE-2015-0407, CVE-2015-0408, CVE-2015-0410, CVE-2015-0412, CVE-2015-0413) The CVE-2015-0383 issue was discovered by Red Hat. Note: With this update, the Oracle Java SE now disables the SSL 3.0 protocol to address the CVE-2014-3566 issue (also known as POODLE). Refer to the Red Hat Bugzilla bug linked to in the References section for instructions on how to re-enable SSL 3.0 support if needed. All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 75 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1123870 - CVE-2015-0383 OpenJDK: insecure hsperfdata temporary file handling (Hotspot, 8050807) 1152789 - CVE-2014-3566 SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack 1183020 - CVE-2014-6601 OpenJDK: class verifier insufficient invokespecial calls verification (Hotspot, 8058982) 1183021 - CVE-2015-0412 OpenJDK: insufficient code privileges checks (JAX-WS, 8054367) 1183023 - CVE-2015-0408 OpenJDK: incorrect context class loader use in RMI transport (RMI, 8055309) 1183031 - CVE-2015-0395 OpenJDK: phantom references handling issue in garbage collector (Hotspot, 8047125) 1183043 - CVE-2015-0407 OpenJDK: directory information leak via file chooser (Swing, 8055304) 1183044 - CVE-2015-0410 OpenJDK: DER decoder infinite loop (Security, 8059485) 1183049 - CVE-2014-6593 OpenJDK: incorrect tracking of ChangeCipherSpec during SSL/TLS handshake (JSSE, 8057555) 1183645 - CVE-2014-6585 ICU: font parsing OOB read (OpenJDK 2D, 8055489) 1183646 - CVE-2014-6591 ICU: font parsing OOB read (OpenJDK 2D, 8056276) 1183715 - CVE-2014-6587 OpenJDK: MulticastSocket NULL pointer dereference (Libraries, 8056264) 1184275 - CVE-2015-0403 Oracle JDK: unspecified vulnerability fixed in 6u91, 7u75 and 8u31 (Deployment) 1184277 - CVE-2015-0406 Oracle JDK: unspecified vulnerability fixed in 6u91, 7u75 and 8u31 (Deployment) 1184278 - CVE-2015-0413 Oracle JDK: unspecified vulnerability fixed in 7u75 and 8u31 (Serviceability) 6. Package List: Oracle Java for Red Hat Enterprise Linux Client 5: i386: java-1.7.0-oracle-1.7.0.75-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-devel-1.7.0.75-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-javafx-1.7.0.75-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-jdbc-1.7.0.75-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-plugin-1.7.0.75-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-src-1.7.0.75-1jpp.1.el5_11.i586.rpm x86_64: java-1.7.0-oracle-1.7.0.75-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.75-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.75-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.75-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.75-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-src-1.7.0.75-1jpp.1.el5_11.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Desktop 5: i386: java-1.7.0-oracle-1.7.0.75-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-devel-1.7.0.75-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-javafx-1.7.0.75-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-jdbc-1.7.0.75-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-plugin-1.7.0.75-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-src-1.7.0.75-1jpp.1.el5_11.i586.rpm x86_64: java-1.7.0-oracle-1.7.0.75-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.75-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.75-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.75-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.75-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-src-1.7.0.75-1jpp.1.el5_11.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Desktop 6: i386: java-1.7.0-oracle-1.7.0.75-1jpp.1.el6.i686.rpm java-1.7.0-oracle-devel-1.7.0.75-1jpp.1.el6.i686.rpm java-1.7.0-oracle-javafx-1.7.0.75-1jpp.1.el6.i686.rpm java-1.7.0-oracle-jdbc-1.7.0.75-1jpp.1.el6.i686.rpm java-1.7.0-oracle-plugin-1.7.0.75-1jpp.1.el6.i686.rpm java-1.7.0-oracle-src-1.7.0.75-1jpp.1.el6.i686.rpm x86_64: java-1.7.0-oracle-1.7.0.75-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.75-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.75-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.75-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.75-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-src-1.7.0.75-1jpp.1.el6.x86_64.rpm Oracle Java for Red Hat Enterprise Linux HPC Node 6: i386: java-1.7.0-oracle-1.7.0.75-1jpp.1.el6.i686.rpm java-1.7.0-oracle-devel-1.7.0.75-1jpp.1.el6.i686.rpm java-1.7.0-oracle-javafx-1.7.0.75-1jpp.1.el6.i686.rpm java-1.7.0-oracle-jdbc-1.7.0.75-1jpp.1.el6.i686.rpm java-1.7.0-oracle-plugin-1.7.0.75-1jpp.1.el6.i686.rpm java-1.7.0-oracle-src-1.7.0.75-1jpp.1.el6.i686.rpm x86_64: java-1.7.0-oracle-1.7.0.75-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.75-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.75-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.75-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.75-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-src-1.7.0.75-1jpp.1.el6.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Server 6: i386: java-1.7.0-oracle-1.7.0.75-1jpp.1.el6.i686.rpm java-1.7.0-oracle-devel-1.7.0.75-1jpp.1.el6.i686.rpm java-1.7.0-oracle-javafx-1.7.0.75-1jpp.1.el6.i686.rpm java-1.7.0-oracle-jdbc-1.7.0.75-1jpp.1.el6.i686.rpm java-1.7.0-oracle-plugin-1.7.0.75-1jpp.1.el6.i686.rpm java-1.7.0-oracle-src-1.7.0.75-1jpp.1.el6.i686.rpm x86_64: java-1.7.0-oracle-1.7.0.75-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.75-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.75-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.75-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.75-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-src-1.7.0.75-1jpp.1.el6.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Workstation 6: i386: java-1.7.0-oracle-1.7.0.75-1jpp.1.el6.i686.rpm java-1.7.0-oracle-devel-1.7.0.75-1jpp.1.el6.i686.rpm java-1.7.0-oracle-javafx-1.7.0.75-1jpp.1.el6.i686.rpm java-1.7.0-oracle-jdbc-1.7.0.75-1jpp.1.el6.i686.rpm java-1.7.0-oracle-plugin-1.7.0.75-1jpp.1.el6.i686.rpm java-1.7.0-oracle-src-1.7.0.75-1jpp.1.el6.i686.rpm x86_64: java-1.7.0-oracle-1.7.0.75-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.75-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.75-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.75-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.75-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-src-1.7.0.75-1jpp.1.el6.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Client (v. 7): Source: java-1.7.0-oracle-1.7.0.75-1jpp.2.el7.src.rpm x86_64: java-1.7.0-oracle-1.7.0.75-1jpp.2.el7.i686.rpm java-1.7.0-oracle-1.7.0.75-1jpp.2.el7.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.75-1jpp.2.el7.i686.rpm java-1.7.0-oracle-devel-1.7.0.75-1jpp.2.el7.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.75-1jpp.2.el7.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.75-1jpp.2.el7.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.75-1jpp.2.el7.x86_64.rpm java-1.7.0-oracle-src-1.7.0.75-1jpp.2.el7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7): Source: java-1.7.0-oracle-1.7.0.75-1jpp.2.el7.src.rpm x86_64: java-1.7.0-oracle-1.7.0.75-1jpp.2.el7.i686.rpm java-1.7.0-oracle-1.7.0.75-1jpp.2.el7.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.75-1jpp.2.el7.i686.rpm java-1.7.0-oracle-devel-1.7.0.75-1jpp.2.el7.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.75-1jpp.2.el7.x86_64.rpm java-1.7.0-oracle-src-1.7.0.75-1jpp.2.el7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Server (v. 7): Source: java-1.7.0-oracle-1.7.0.75-1jpp.2.el7.src.rpm x86_64: java-1.7.0-oracle-1.7.0.75-1jpp.2.el7.i686.rpm java-1.7.0-oracle-1.7.0.75-1jpp.2.el7.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.75-1jpp.2.el7.i686.rpm java-1.7.0-oracle-devel-1.7.0.75-1jpp.2.el7.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.75-1jpp.2.el7.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.75-1jpp.2.el7.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.75-1jpp.2.el7.x86_64.rpm java-1.7.0-oracle-src-1.7.0.75-1jpp.2.el7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Workstation (v. 7): Source: java-1.7.0-oracle-1.7.0.75-1jpp.2.el7.src.rpm x86_64: java-1.7.0-oracle-1.7.0.75-1jpp.2.el7.i686.rpm java-1.7.0-oracle-1.7.0.75-1jpp.2.el7.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.75-1jpp.2.el7.i686.rpm java-1.7.0-oracle-devel-1.7.0.75-1jpp.2.el7.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.75-1jpp.2.el7.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.75-1jpp.2.el7.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.75-1jpp.2.el7.x86_64.rpm java-1.7.0-oracle-src-1.7.0.75-1jpp.2.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-3566 https://access.redhat.com/security/cve/CVE-2014-6585 https://access.redhat.com/security/cve/CVE-2014-6587 https://access.redhat.com/security/cve/CVE-2014-6591 https://access.redhat.com/security/cve/CVE-2014-6593 https://access.redhat.com/security/cve/CVE-2014-6601 https://access.redhat.com/security/cve/CVE-2015-0383 https://access.redhat.com/security/cve/CVE-2015-0395 https://access.redhat.com/security/cve/CVE-2015-0403 https://access.redhat.com/security/cve/CVE-2015-0406 https://access.redhat.com/security/cve/CVE-2015-0407 https://access.redhat.com/security/cve/CVE-2015-0408 https://access.redhat.com/security/cve/CVE-2015-0410 https://access.redhat.com/security/cve/CVE-2015-0412 https://access.redhat.com/security/cve/CVE-2015-0413 https://access.redhat.com/security/updates/classification/#critical http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA https://bugzilla.redhat.com/show_bug.cgi?id=1152789#c82 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04762334 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04762334 Version: 1 HPSBGN03391 rev.1 - HP Universal CMDB Foundation, Discovery, Configuration Manager, and CMDB Browser running OpenSSL, Remote Disclosure of Information NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2015-09-21 Last Updated: 2015-09-21 Potential Security Impact: Remote disclosure of information Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP Universal CMDB Foundation, HP Universal Discovery, HP Universal CMDB Configuration Manager, and HP Universal CMDB Browser. This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE", which could be exploited remotely to allow disclosure of information. References: CVE-2014-3566 (POODLE) SSRT102186 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Universal CMDB Foundation v10.0, v10.01, v10.10, v10.11. HP Universal Discovery v10.01, v10.10x, v10.11, v10.20. HP Universal CMDB Configuration Manager - all supported versions. HP Universal CMDB Browser - all supported versions. BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2014-3566 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has made the following instructions available to resolve the vulnerability in HP Universal CMDB Foundation, HP Universal Discovery, HP Universal CMDB Configuration Manager, and HP Universal CMDB Browser. Product: HP Universal CMDB Foundation Affected Version Platform / Required Patch Level Information HP Universal CMDB Foundation v10.0 and v10.01 UCMDB 10.01CUP11 Windows https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse arch/document/LID/UCMDB_00152?lang=en&cc=us&hpappid=113963_OSP_PRO_HPE Linux https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse arch/document/LID/UCMDB_00153?lang=en&cc=us&hpappid=113963_OSP_PRO_HPE https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse arch/document/KM01819922?lang=en&cc=us&hpappid=113963_OSP_PRO_HPE HP Universal CMDB Foundation v10.10 and v10.11 UCMDB 10.11CUP3 Windows https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse arch/document/LID/UCMDB_00154?lang=en&cc=us&hpappid=113963_OSP_PRO_HPE Linux https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse arch/document/LID/UCMDB_00155?lang=iw&cc=il&hpappid=113963_OSP_PRO_HPE https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse arch/document/KM01819922?lang=en&cc=us&hpappid=113963_OSP_PRO_HPE Product: HP Universal Discovery Affected Version Required Patch Level Information HP Universal Discovery v10.0 and v10.01 CP12 update15: https://hpln.hp.com/node/11274/contentfiles/?dir=25775 https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse arch/document/KM01821139?lang=iw&cc=il&hpappid=113963_OSP_PRO_HPE HP Universal Discovery v10.10 and v10.11 CP14 update 5: https://hpln.hp.com/node/11274/contentfiles/?dir=25186 https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse arch/document/KM01821139?lang=iw&cc=il&hpappid=113963_OSP_PRO_HPE HP Universal Discovery 10.20 CP15 update 2: https://hpln.hp.com/node/11274/contentfiles/?dir=24690 https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse arch/document/KM01821139?lang=iw&cc=il&hpappid=113963_OSP_PRO_HPE Product: HP Universal CMDB Configuration Manager Affected Version Required Patch level Information HP Universal CMDB Configuration Manager - all supported versions Configuration change as documented in the information section https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse arch/document/KM01821174?lang=iw&cc=il&hpappid=113963_OSP_PRO_HPE Product: HP Universal CMDB Browser Affected Version Required Patch level Information HP Universal CMDB Browser - all supported versions Configuration change as documented in the information section https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04507636 HISTORY Version:1 (rev.1) - 21 September 2015 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-043: RSA\xae Validation Manager Security Update for Multiple Vulnerabilities EMC Identifier: ESA-2015-043 CVE Identifier: CVE-2014-3566, CVE-2014-0098, CVE-2014-0231, CVE-2014-0226, CVE-2013-1862, CVE-2012-3499, CVE-2015-0526, CVE-2013-2566 Severity Rating: CVSSv2 Base Score: See below for details Affected Products: RSA Validation Manager 3.2 prior to Build 201 Unaffected Products: RSA Validation Manager 3.2 Build 201 or above Summary: RSA Validation Manager (RVM) requires a security update to address potential multiple vulnerabilities. See https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3566 for more details. CVSSv2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N) CVE-2014-0098: The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation. See http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0098 for more details. CVSSv2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) CVE-2014-0231: The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script that does not read from its stdin file descriptor. See https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0231 CVSSv2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) CVE-2014-0226: Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker function in modules/lua/lua_request.c. See https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0226for more details. CVSSv2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2013-1862: mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator. See https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1862 for more details. CVSSv2 Base Score: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P) CVE-2012-3499: Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules. See https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3499 for more details. CVSSv2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N) CVE-2013-2566: The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext. See https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2566 for more details. CVSSv2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N) Reflected Cross-Site Scripting Vulnerability (CVE-2015-0526): A cross-site scripting vulnerability affecting the displayMode and wrapPreDisplayMode parameter could potentially be exploited by an attacker to execute arbitrary HTML and script code in RVM user\x92s browser session. CVSSv2 Base Score:7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) For more information about any of the Common Vulnerabilities and Exposures (CVEs) mentioned here, consult the National Vulnerability Database (NVD) at http://nvd.nist.gov/home.cfm. To search for a particular CVE, use the database\x92s search utility at http://web.nvd.nist.gov/view/vuln/search. Recommendation: The following RVM release contains the resolution to these issues: RSA Validation Manager 3.2 Build 201 or later RSA recommends all customers upgrade to the version mentioned above at the earliest opportunity. Credit: RSA would like to thank Ken Cijsouw (ken.cijsouw@sincerus.nl) for reporting CVE-2015-0526. Obtaining Downloads: To obtain the latest RSA product downloads, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com and click Products in the top navigation menu. Select the specific product whose download you want to obtain. Scroll to the section for the product download that you want and click on the link. Obtaining Documentation: To obtain RSA documentation, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com and click Products in the top navigation menu. Select the specific product whose documentation you want to obtain. Scroll to the section for the product version that you want and click the set link. Severity Rating: For an explanation of Severity Ratings, refer to the Knowledge Base Article, \x93Security Advisories Severity Rating\x94 at https://knowledge.rsasecurity.com/scolcms/knowledge.aspx?solution=a46604. RSA recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability. Obtaining More Information: For more information about RSA products, visit the RSA web site at http://www.rsa.com. Getting Support and Service: For customers with current maintenance contracts, contact your local RSA Customer Support center with any additional questions regarding this RSA SecurCare Note. For contact telephone numbers or e-mail addresses, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com, click Help & Contact, and then click the Contact Us - Phone tab or the Contact Us - Email tab. General Customer Support Information: http://www.emc.com/support/rsa/index.htm RSA SecurCare Online: https://knowledge.rsasecurity.com EOPS Policy: RSA has a defined End of Primary Support policy associated with all major versions. Please refer to the link below for additional details. http://www.emc.com/support/rsa/eops/index.htm SecurCare Online Security Advisories RSA, The Security Division of EMC, distributes SCOL Security Advisories in order to bring to the attention of users of the affected RSA products important security information. RSA recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. RSA disclaim all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall RSA or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if RSA or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. About RSA SecurCare Notes & Security Advisories Subscription RSA SecurCare Notes & Security Advisories are targeted e-mail messages that RSA sends you based on the RSA product family you currently use. If you\x92d like to stop receiving RSA SecurCare Notes & Security Advisories, or if you\x92d like to change which RSA product family Notes & Security Advisories you currently receive, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com/scolcms/help.aspx?_v=view3. Following the instructions on the page, remove the check mark next to the RSA product family whose Notes & Security Advisories you no longer want to receive. Click the Submit button to save your selection. Sincerely, RSA Customer Support -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (Cygwin) iEYEARECAAYFAlWALXgACgkQtjd2rKp+ALxPSwCfSnzb7SBzwIpgfPQoKsSrlbuy ipMAnA7F3OLvOOMH3yFsWhk3RcMQ23Av =XRnt -----END PGP SIGNATURE----- . For Debian 7 (wheezy) this update adds a missing part to make it actually possible to disable client-initiated renegotiation and disables it by default (CVE-2009-3555). TLS compression is disabled (CVE-2012-4929), although this is normally already disabled by the OpenSSL system library. Finally it adds the ability to disable the SSLv3 protocol (CVE-2014-3566) entirely via the new "DisableSSLv3" configuration directive, although it will not disabled by default in this update. Additionally a non-security sensitive issue in redirect encoding is addressed. For Debian 8 (jessie) these issues have been fixed prior to the release, with the exception of client-initiated renegotiation (CVE-2009-3555). This update addresses that issue for jessie. For the oldstable distribution (wheezy), these problems have been fixed in version 2.6-2+deb7u1. For the stable distribution (jessie), these problems have been fixed in version 2.6-6+deb8u1. For the unstable distribution (sid), these problems have been fixed in version 2.6-6.1. We recommend that you upgrade your pound packages. Open the /opt/sdn/virgo/configuration/tomcat-server.xml file for editing Change the following line from this: clientAuth="false" sslEnabledProtocols="TLSv1.0, TLSv1.1,TLSv1.2" to this: clientAuth="false" sslEnabledProtocols=" TLSv1.1,TLSv1.2" Restart the controller. ============================================================================ Ubuntu Security Notice USN-2487-1 January 28, 2015 openjdk-7 vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.10 - Ubuntu 14.04 LTS Summary: Several security issues were fixed in OpenJDK 7. Software Description: - openjdk-7: Open Source Java implementation Details: Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2014-3566, CVE-2014-6587, CVE-2014-6601, CVE-2015-0395, CVE-2015-0408, CVE-2015-0412) Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure. An attacker could exploit these to expose sensitive data over the network. (CVE-2014-6585, CVE-2014-6591, CVE-2015-0400, CVE-2015-0407) A vulnerability was discovered in the OpenJDK JRE related to information disclosure and integrity. An attacker could exploit this to expose sensitive data over the network. (CVE-2014-6593) A vulnerability was discovered in the OpenJDK JRE related to integrity and availability. An attacker could exploit this to cause a denial of service. (CVE-2015-0383) A vulnerability was discovered in the OpenJDK JRE related to availability. An attacker could this exploit to cause a denial of service. (CVE-2015-0410) A vulnerability was discovered in the OpenJDK JRE related to data integrity. (CVE-2015-0413) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.10: icedtea-7-jre-jamvm 7u75-2.5.4-1~utopic1 openjdk-7-jre 7u75-2.5.4-1~utopic1 openjdk-7-jre-headless 7u75-2.5.4-1~utopic1 openjdk-7-jre-lib 7u75-2.5.4-1~utopic1 openjdk-7-jre-zero 7u75-2.5.4-1~utopic1 openjdk-7-source 7u75-2.5.4-1~utopic1 Ubuntu 14.04 LTS: icedtea-7-jre-jamvm 7u75-2.5.4-1~trusty1 openjdk-7-jre 7u75-2.5.4-1~trusty1 openjdk-7-jre-headless 7u75-2.5.4-1~trusty1 openjdk-7-jre-lib 7u75-2.5.4-1~trusty1 openjdk-7-jre-zero 7u75-2.5.4-1~trusty1 openjdk-7-source 7u75-2.5.4-1~trusty1 This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any Java applications or applets to make all the necessary changes. This update contains a known regression in the Zero alternative Java Virtual Machine on PowerPC and a future update will correct this issue. We apologize for the inconvenience

Trust: 2.16

sources: NVD: CVE-2014-3566 // VULHUB: VHN-71506 // PACKETSTORM: 130644 // PACKETSTORM: 130184 // PACKETSTORM: 130072 // PACKETSTORM: 133640 // PACKETSTORM: 130181 // PACKETSTORM: 132330 // PACKETSTORM: 130304 // PACKETSTORM: 129263 // PACKETSTORM: 132082 // PACKETSTORM: 130070 // PACKETSTORM: 131826 // PACKETSTORM: 139063 // PACKETSTORM: 130141

AFFECTED PRODUCTS

vendor:ibmmodel:viosscope:eqversion:2.2.1.5

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:20

Trust: 1.0

vendor:ibmmodel:viosscope:eqversion:2.2.1.0

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.8m

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.0f

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.1d

Trust: 1.0

vendor:redhatmodel:enterprise linux workstation supplementaryscope:eqversion:6.0

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.8

Trust: 1.0

vendor:redhatmodel:enterprise linuxscope:eqversion:5

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.0n

Trust: 1.0

vendor:ibmmodel:viosscope:eqversion:2.2.3.0

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.1e

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.0m

Trust: 1.0

vendor:redhatmodel:enterprise linux serverscope:eqversion:7.0

Trust: 1.0

vendor:ibmmodel:viosscope:eqversion:2.2.2.3

Trust: 1.0

vendor:redhatmodel:enterprise linux server supplementaryscope:eqversion:5.0

Trust: 1.0

vendor:ibmmodel:viosscope:eqversion:2.2.2.2

Trust: 1.0

vendor:novellmodel:suse linux enterprise desktopscope:eqversion:11.0

Trust: 1.0

vendor:redhatmodel:enterprise linux workstationscope:eqversion:7.0

Trust: 1.0

vendor:redhatmodel:enterprise linux desktop supplementaryscope:eqversion:6.0

Trust: 1.0

vendor:novellmodel:suse linux enterprise serverscope:eqversion:11.0

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.8b

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.8za

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.0k

Trust: 1.0

vendor:ibmmodel:viosscope:eqversion:2.2.0.11

Trust: 1.0

vendor:netbsdmodel:netbsdscope:eqversion:5.1.3

Trust: 1.0

vendor:netbsdmodel:netbsdscope:eqversion:6.1

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.8s

Trust: 1.0

vendor:redhatmodel:enterprise linux desktop supplementaryscope:eqversion:5.0

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.8z

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.8q

Trust: 1.0

vendor:redhatmodel:enterprise linux workstation supplementaryscope:eqversion:7.0

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.8y

Trust: 1.0

vendor:ibmmodel:aixscope:eqversion:5.3

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.8zb

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.1f

Trust: 1.0

vendor:netbsdmodel:netbsdscope:eqversion:6.1.1

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.8i

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.8v

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.0i

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.8e

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.8x

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.0h

Trust: 1.0

vendor:ibmmodel:viosscope:eqversion:2.2.1.3

Trust: 1.0

vendor:ibmmodel:viosscope:eqversion:2.2.2.0

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.8a

Trust: 1.0

vendor:novellmodel:suse linux enterprise serverscope:eqversion:12.0

Trust: 1.0

vendor:ibmmodel:viosscope:eqversion:2.2.1.1

Trust: 1.0

vendor:ibmmodel:viosscope:eqversion:2.2.3.4

Trust: 1.0

vendor:netbsdmodel:netbsdscope:eqversion:5.2.1

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.1c

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.8w

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.1g

Trust: 1.0

vendor:ibmmodel:aixscope:eqversion:7.1

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.8o

Trust: 1.0

vendor:netbsdmodel:netbsdscope:eqversion:6.1.2

Trust: 1.0

vendor:novellmodel:suse linux enterprise desktopscope:eqversion:9.0

Trust: 1.0

vendor:ibmmodel:viosscope:eqversion:2.2.1.8

Trust: 1.0

vendor:netbsdmodel:netbsdscope:eqversion:5.1.4

Trust: 1.0

vendor:netbsdmodel:netbsdscope:eqversion:5.2.2

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.0a

Trust: 1.0

vendor:netbsdmodel:netbsdscope:eqversion:6.0.6

Trust: 1.0

vendor:netbsdmodel:netbsdscope:eqversion:6.1.4

Trust: 1.0

vendor:redhatmodel:enterprise linux workstationscope:eqversion:6.0

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.0l

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:8.0

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.8r

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.8f

Trust: 1.0

vendor:netbsdmodel:netbsdscope:eqversion:6.0.3

Trust: 1.0

vendor:ibmmodel:viosscope:eqversion:2.2.1.7

Trust: 1.0

vendor:ibmmodel:viosscope:eqversion:2.2.3.1

Trust: 1.0

vendor:redhatmodel:enterprise linux desktopscope:eqversion:6.0

Trust: 1.0

vendor:opensusemodel:opensusescope:eqversion:12.3

Trust: 1.0

vendor:novellmodel:suse linux enterprise software development kitscope:eqversion:11.0

Trust: 1.0

vendor:oraclemodel:databasescope:eqversion:11.2.0.4

Trust: 1.0

vendor:redhatmodel:enterprise linux server supplementaryscope:eqversion:6.0

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.8p

Trust: 1.0

vendor:mageiamodel:mageiascope:eqversion:3.0

Trust: 1.0

vendor:ibmmodel:viosscope:eqversion:2.2.1.6

Trust: 1.0

vendor:novellmodel:suse linux enterprise desktopscope:eqversion:10.0

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:7.0

Trust: 1.0

vendor:ibmmodel:aixscope:eqversion:6.1

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:19

Trust: 1.0

vendor:mageiamodel:mageiascope:eqversion:4.0

Trust: 1.0

vendor:ibmmodel:viosscope:eqversion:2.2.0.10

Trust: 1.0

vendor:ibmmodel:viosscope:eqversion:2.2.2.5

Trust: 1.0

vendor:netbsdmodel:netbsdscope:eqversion:6.1.3

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.0b

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.8c

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.8t

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.0c

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.0e

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.0g

Trust: 1.0

vendor:netbsdmodel:netbsdscope:eqversion:6.0.2

Trust: 1.0

vendor:opensusemodel:opensusescope:eqversion:13.1

Trust: 1.0

vendor:netbsdmodel:netbsdscope:eqversion:6.0.4

Trust: 1.0

vendor:ibmmodel:viosscope:eqversion:2.2.1.4

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.8g

Trust: 1.0

vendor:ibmmodel:viosscope:eqversion:2.2.3.3

Trust: 1.0

vendor:netbsdmodel:netbsdscope:eqversion:6.0.1

Trust: 1.0

vendor:netbsdmodel:netbsdscope:eqversion:6.1.5

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.8k

Trust: 1.0

vendor:novellmodel:suse linux enterprise software development kitscope:eqversion:12.0

Trust: 1.0

vendor:redhatmodel:enterprise linux desktopscope:eqversion:7.0

Trust: 1.0

vendor:netbsdmodel:netbsdscope:eqversion:5.1.2

Trust: 1.0

vendor:netbsdmodel:netbsdscope:eqversion:6.0.5

Trust: 1.0

vendor:netbsdmodel:netbsdscope:eqversion:5.1

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.1b

Trust: 1.0

vendor:ibmmodel:viosscope:eqversion:2.2.3.2

Trust: 1.0

vendor:redhatmodel:enterprise linux server supplementaryscope:eqversion:7.0

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.8n

Trust: 1.0

vendor:ibmmodel:viosscope:eqversion:2.2.2.1

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.1h

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.0d

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:21

Trust: 1.0

vendor:novellmodel:suse linux enterprise desktopscope:eqversion:12.0

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.8d

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.1a

Trust: 1.0

vendor:netbsdmodel:netbsdscope:eqversion:6.0

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.1i

Trust: 1.0

vendor:netbsdmodel:netbsdscope:eqversion:5.1.1

Trust: 1.0

vendor:oraclemodel:databasescope:eqversion:12.1.0.2

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.8u

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.8h

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.0

Trust: 1.0

vendor:ibmmodel:viosscope:eqversion:2.2.0.12

Trust: 1.0

vendor:applemodel:mac os xscope:lteversion:10.10.1

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.1

Trust: 1.0

vendor:ibmmodel:viosscope:eqversion:2.2.2.4

Trust: 1.0

vendor:redhatmodel:enterprise linux serverscope:eqversion:6.0

Trust: 1.0

vendor:netbsdmodel:netbsdscope:eqversion:5.2

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.8l

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.8j

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.0j

Trust: 1.0

vendor:ibmmodel:viosscope:eqversion:2.2.0.13

Trust: 1.0

vendor:ibmmodel:viosscope:eqversion:2.2.1.9

Trust: 1.0

sources: NVD: CVE-2014-3566

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-3566
value: LOW

Trust: 1.0

VULHUB: VHN-71506
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-3566
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-71506
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2014-3566
baseSeverity: LOW
baseScore: 3.4
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.6
impactScore: 1.4
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-71506 // NVD: CVE-2014-3566

PROBLEMTYPE DATA

problemtype:CWE-310

Trust: 1.1

sources: VULHUB: VHN-71506 // NVD: CVE-2014-3566

TYPE

arbitrary, info disclosure

Trust: 0.2

sources: PACKETSTORM: 130184 // PACKETSTORM: 130181

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-71506

EXTERNAL IDS

db:NVDid:CVE-2014-3566

Trust: 2.4

db:ICS CERTid:ICSMA-18-058-02

Trust: 1.1

db:SECUNIAid:61130

Trust: 1.1

db:SECUNIAid:61995

Trust: 1.1

db:SECUNIAid:60792

Trust: 1.1

db:SECUNIAid:61019

Trust: 1.1

db:SECUNIAid:61316

Trust: 1.1

db:SECUNIAid:61827

Trust: 1.1

db:SECUNIAid:61782

Trust: 1.1

db:SECUNIAid:60056

Trust: 1.1

db:SECUNIAid:61810

Trust: 1.1

db:SECUNIAid:61819

Trust: 1.1

db:SECUNIAid:61825

Trust: 1.1

db:SECUNIAid:60206

Trust: 1.1

db:SECUNIAid:61303

Trust: 1.1

db:SECUNIAid:61359

Trust: 1.1

db:SECUNIAid:61345

Trust: 1.1

db:SECUNIAid:59627

Trust: 1.1

db:SECUNIAid:60859

Trust: 1.1

db:SECUNIAid:61926

Trust: 1.1

db:SECTRACKid:1031120

Trust: 1.1

db:SECTRACKid:1031106

Trust: 1.1

db:SECTRACKid:1031124

Trust: 1.1

db:SECTRACKid:1031091

Trust: 1.1

db:SECTRACKid:1031095

Trust: 1.1

db:SECTRACKid:1031088

Trust: 1.1

db:SECTRACKid:1031093

Trust: 1.1

db:SECTRACKid:1031105

Trust: 1.1

db:SECTRACKid:1031094

Trust: 1.1

db:SECTRACKid:1031087

Trust: 1.1

db:SECTRACKid:1031090

Trust: 1.1

db:SECTRACKid:1031107

Trust: 1.1

db:SECTRACKid:1031132

Trust: 1.1

db:SECTRACKid:1031085

Trust: 1.1

db:SECTRACKid:1031039

Trust: 1.1

db:SECTRACKid:1031096

Trust: 1.1

db:SECTRACKid:1031131

Trust: 1.1

db:SECTRACKid:1031029

Trust: 1.1

db:SECTRACKid:1031123

Trust: 1.1

db:SECTRACKid:1031086

Trust: 1.1

db:SECTRACKid:1031130

Trust: 1.1

db:SECTRACKid:1031092

Trust: 1.1

db:SECTRACKid:1031089

Trust: 1.1

db:USCERTid:TA14-290A

Trust: 1.1

db:MCAFEEid:SB10091

Trust: 1.1

db:MCAFEEid:SB10104

Trust: 1.1

db:MCAFEEid:SB10090

Trust: 1.1

db:CERT/CCid:VU#577193

Trust: 1.1

db:JUNIPERid:JSA10705

Trust: 1.1

db:BIDid:70574

Trust: 1.1

db:PACKETSTORMid:130184

Trust: 0.2

db:PACKETSTORMid:133640

Trust: 0.2

db:PACKETSTORMid:129263

Trust: 0.2

db:PACKETSTORMid:139063

Trust: 0.2

db:PACKETSTORMid:130304

Trust: 0.2

db:PACKETSTORMid:130141

Trust: 0.2

db:PACKETSTORMid:130181

Trust: 0.2

db:PACKETSTORMid:130070

Trust: 0.2

db:PACKETSTORMid:130072

Trust: 0.2

db:PACKETSTORMid:131009

Trust: 0.1

db:PACKETSTORMid:131051

Trust: 0.1

db:PACKETSTORMid:128838

Trust: 0.1

db:PACKETSTORMid:130217

Trust: 0.1

db:PACKETSTORMid:130296

Trust: 0.1

db:PACKETSTORMid:129150

Trust: 0.1

db:PACKETSTORMid:132084

Trust: 0.1

db:PACKETSTORMid:132573

Trust: 0.1

db:PACKETSTORMid:131354

Trust: 0.1

db:PACKETSTORMid:128969

Trust: 0.1

db:PACKETSTORMid:132469

Trust: 0.1

db:PACKETSTORMid:128669

Trust: 0.1

db:PACKETSTORMid:128866

Trust: 0.1

db:PACKETSTORMid:129265

Trust: 0.1

db:PACKETSTORMid:129217

Trust: 0.1

db:PACKETSTORMid:136599

Trust: 0.1

db:PACKETSTORMid:128921

Trust: 0.1

db:PACKETSTORMid:129614

Trust: 0.1

db:PACKETSTORMid:130759

Trust: 0.1

db:PACKETSTORMid:131011

Trust: 0.1

db:PACKETSTORMid:129065

Trust: 0.1

db:PACKETSTORMid:129266

Trust: 0.1

db:PACKETSTORMid:128863

Trust: 0.1

db:PACKETSTORMid:130332

Trust: 0.1

db:PACKETSTORMid:128730

Trust: 0.1

db:PACKETSTORMid:130298

Trust: 0.1

db:PACKETSTORMid:131690

Trust: 0.1

db:PACKETSTORMid:128770

Trust: 0.1

db:PACKETSTORMid:130125

Trust: 0.1

db:PACKETSTORMid:132641

Trust: 0.1

db:PACKETSTORMid:128732

Trust: 0.1

db:PACKETSTORMid:128733

Trust: 0.1

db:PACKETSTORMid:130816

Trust: 0.1

db:PACKETSTORMid:129528

Trust: 0.1

db:PACKETSTORMid:130052

Trust: 0.1

db:PACKETSTORMid:129294

Trust: 0.1

db:PACKETSTORMid:132470

Trust: 0.1

db:PACKETSTORMid:133836

Trust: 0.1

db:PACKETSTORMid:136577

Trust: 0.1

db:PACKETSTORMid:129242

Trust: 0.1

db:PACKETSTORMid:129401

Trust: 0.1

db:PACKETSTORMid:130334

Trust: 0.1

db:PACKETSTORMid:130549

Trust: 0.1

db:PACKETSTORMid:129427

Trust: 0.1

db:PACKETSTORMid:130085

Trust: 0.1

db:PACKETSTORMid:131008

Trust: 0.1

db:PACKETSTORMid:137652

Trust: 0.1

db:PACKETSTORMid:129071

Trust: 0.1

db:PACKETSTORMid:130046

Trust: 0.1

db:PACKETSTORMid:135908

Trust: 0.1

db:PACKETSTORMid:130086

Trust: 0.1

db:PACKETSTORMid:128769

Trust: 0.1

db:PACKETSTORMid:131535

Trust: 0.1

db:PACKETSTORMid:133368

Trust: 0.1

db:PACKETSTORMid:132942

Trust: 0.1

db:PACKETSTORMid:129318

Trust: 0.1

db:PACKETSTORMid:132965

Trust: 0.1

db:PACKETSTORMid:131790

Trust: 0.1

db:PACKETSTORMid:130818

Trust: 0.1

db:PACKETSTORMid:130817

Trust: 0.1

db:PACKETSTORMid:128771

Trust: 0.1

db:PACKETSTORMid:130050

Trust: 0.1

db:PACKETSTORMid:133600

Trust: 0.1

db:PACKETSTORMid:129120

Trust: 0.1

db:PACKETSTORMid:129426

Trust: 0.1

db:CNNVDid:CNNVD-201410-267

Trust: 0.1

db:SEEBUGid:SSVID-92692

Trust: 0.1

db:VULHUBid:VHN-71506

Trust: 0.1

db:PACKETSTORMid:130644

Trust: 0.1

db:PACKETSTORMid:132330

Trust: 0.1

db:PACKETSTORMid:132082

Trust: 0.1

db:PACKETSTORMid:131826

Trust: 0.1

sources: VULHUB: VHN-71506 // PACKETSTORM: 130644 // PACKETSTORM: 130184 // PACKETSTORM: 130072 // PACKETSTORM: 133640 // PACKETSTORM: 130181 // PACKETSTORM: 132330 // PACKETSTORM: 130304 // PACKETSTORM: 129263 // PACKETSTORM: 132082 // PACKETSTORM: 130070 // PACKETSTORM: 131826 // PACKETSTORM: 139063 // PACKETSTORM: 130141 // NVD: CVE-2014-3566

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2014-3566

Trust: 1.3

url:http://rhn.redhat.com/errata/rhsa-2015-0079.html

Trust: 1.2

url:http://rhn.redhat.com/errata/rhsa-2015-0080.html

Trust: 1.2

url:http://www.ubuntu.com/usn/usn-2487-1

Trust: 1.2

url:http://www.securitytracker.com/id/1031029

Trust: 1.1

url:http://www.securitytracker.com/id/1031039

Trust: 1.1

url:http://www.securitytracker.com/id/1031085

Trust: 1.1

url:http://www.securitytracker.com/id/1031086

Trust: 1.1

url:http://www.securitytracker.com/id/1031087

Trust: 1.1

url:http://www.securitytracker.com/id/1031088

Trust: 1.1

url:http://www.securitytracker.com/id/1031089

Trust: 1.1

url:http://www.securitytracker.com/id/1031090

Trust: 1.1

url:http://www.securitytracker.com/id/1031091

Trust: 1.1

url:http://www.securitytracker.com/id/1031092

Trust: 1.1

url:http://www.securitytracker.com/id/1031093

Trust: 1.1

url:http://www.securitytracker.com/id/1031094

Trust: 1.1

url:http://www.securitytracker.com/id/1031095

Trust: 1.1

url:http://www.securitytracker.com/id/1031096

Trust: 1.1

url:http://www.securitytracker.com/id/1031105

Trust: 1.1

url:http://www.securitytracker.com/id/1031106

Trust: 1.1

url:http://www.securitytracker.com/id/1031107

Trust: 1.1

url:http://www.securitytracker.com/id/1031120

Trust: 1.1

url:http://www.securitytracker.com/id/1031123

Trust: 1.1

url:http://www.securitytracker.com/id/1031124

Trust: 1.1

url:http://www.securitytracker.com/id/1031130

Trust: 1.1

url:http://www.securitytracker.com/id/1031131

Trust: 1.1

url:http://www.securitytracker.com/id/1031132

Trust: 1.1

url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20141015-poodle

Trust: 1.1

url:http://secunia.com/advisories/59627

Trust: 1.1

url:http://secunia.com/advisories/60056

Trust: 1.1

url:http://secunia.com/advisories/60206

Trust: 1.1

url:http://secunia.com/advisories/60792

Trust: 1.1

url:http://secunia.com/advisories/60859

Trust: 1.1

url:http://secunia.com/advisories/61019

Trust: 1.1

url:http://secunia.com/advisories/61130

Trust: 1.1

url:http://secunia.com/advisories/61303

Trust: 1.1

url:http://secunia.com/advisories/61316

Trust: 1.1

url:http://secunia.com/advisories/61345

Trust: 1.1

url:http://secunia.com/advisories/61359

Trust: 1.1

url:http://secunia.com/advisories/61782

Trust: 1.1

url:http://secunia.com/advisories/61810

Trust: 1.1

url:http://secunia.com/advisories/61819

Trust: 1.1

url:http://secunia.com/advisories/61825

Trust: 1.1

url:http://secunia.com/advisories/61827

Trust: 1.1

url:http://secunia.com/advisories/61926

Trust: 1.1

url:http://secunia.com/advisories/61995

Trust: 1.1

url:http://www.securityfocus.com/bid/70574

Trust: 1.1

url:http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html

Trust: 1.1

url:http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html

Trust: 1.1

url:http://www.securityfocus.com/archive/1/533724/100/0/threaded

Trust: 1.1

url:http://www.securityfocus.com/archive/1/533747

Trust: 1.1

url:http://www.securityfocus.com/archive/1/533746

Trust: 1.1

url:http://lists.apple.com/archives/security-announce/2015/jan/msg00003.html

Trust: 1.1

url:http://lists.apple.com/archives/security-announce/2015/sep/msg00002.html

Trust: 1.1

url:http://www.debian.org/security/2014/dsa-3053

Trust: 1.1

url:http://www.debian.org/security/2015/dsa-3144

Trust: 1.1

url:http://www.debian.org/security/2015/dsa-3147

Trust: 1.1

url:http://www.debian.org/security/2015/dsa-3253

Trust: 1.1

url:http://www.debian.org/security/2016/dsa-3489

Trust: 1.1

url:http://lists.fedoraproject.org/pipermail/package-announce/2014-november/142330.html

Trust: 1.1

url:http://lists.fedoraproject.org/pipermail/package-announce/2014-october/141158.html

Trust: 1.1

url:http://lists.fedoraproject.org/pipermail/package-announce/2014-october/141114.html

Trust: 1.1

url:http://lists.fedoraproject.org/pipermail/package-announce/2015-october/169374.html

Trust: 1.1

url:http://lists.fedoraproject.org/pipermail/package-announce/2015-october/169361.html

Trust: 1.1

url:https://security.gentoo.org/glsa/201507-14

Trust: 1.1

url:https://security.gentoo.org/glsa/201606-11

Trust: 1.1

url:http://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04583581

Trust: 1.1

url:http://www.mandriva.com/security/advisories?name=mdvsa-2014:203

Trust: 1.1

url:http://www.mandriva.com/security/advisories?name=mdvsa-2015:062

Trust: 1.1

url:ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2014-015.txt.asc

Trust: 1.1

url:http://rhn.redhat.com/errata/rhsa-2014-1652.html

Trust: 1.1

url:http://rhn.redhat.com/errata/rhsa-2014-1653.html

Trust: 1.1

url:http://rhn.redhat.com/errata/rhsa-2014-1692.html

Trust: 1.1

url:http://rhn.redhat.com/errata/rhsa-2014-1876.html

Trust: 1.1

url:http://rhn.redhat.com/errata/rhsa-2014-1877.html

Trust: 1.1

url:http://rhn.redhat.com/errata/rhsa-2014-1880.html

Trust: 1.1

url:http://rhn.redhat.com/errata/rhsa-2014-1881.html

Trust: 1.1

url:http://rhn.redhat.com/errata/rhsa-2014-1882.html

Trust: 1.1

url:http://rhn.redhat.com/errata/rhsa-2014-1920.html

Trust: 1.1

url:http://rhn.redhat.com/errata/rhsa-2014-1948.html

Trust: 1.1

url:http://rhn.redhat.com/errata/rhsa-2015-0068.html

Trust: 1.1

url:http://rhn.redhat.com/errata/rhsa-2015-0085.html

Trust: 1.1

url:http://rhn.redhat.com/errata/rhsa-2015-0086.html

Trust: 1.1

url:http://rhn.redhat.com/errata/rhsa-2015-0264.html

Trust: 1.1

url:http://rhn.redhat.com/errata/rhsa-2015-0698.html

Trust: 1.1

url:http://rhn.redhat.com/errata/rhsa-2015-1545.html

Trust: 1.1

url:http://rhn.redhat.com/errata/rhsa-2015-1546.html

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00003.html

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00021.html

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00002.html

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00027.html

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.html

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00018.html

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00066.html

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00000.html

Trust: 1.1

url:http://www.us-cert.gov/ncas/alerts/ta14-290a

Trust: 1.1

url:http://www.ubuntu.com/usn/usn-2486-1

Trust: 1.1

url:http://www.kb.cert.org/vuls/id/577193

Trust: 1.1

url:https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3ccommits.cxf.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3ccommits.cxf.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3ccommits.cxf.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3ccommits.cxf.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3ccommits.cxf.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3ccommits.cxf.apache.org%3e

Trust: 1.1

url:http://advisories.mageia.org/mgasa-2014-0416.html

Trust: 1.1

url:http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc

Trust: 1.1

url:http://askubuntu.com/questions/537196/how-do-i-patch-workaround-sslv3-poodle-vulnerability-cve-2014-3566

Trust: 1.1

url:http://blog.cryptographyengineering.com/2014/10/attack-of-week-poodle.html

Trust: 1.1

url:http://blog.nodejs.org/2014/10/23/node-v0-10-33-stable/

Trust: 1.1

url:http://blogs.technet.com/b/msrc/archive/2014/10/14/security-advisory-3009008-released.aspx

Trust: 1.1

url:http://docs.ipswitch.com/moveit/dmz82/releasenotes/moveitreleasenotes82.pdf

Trust: 1.1

url:http://downloads.asterisk.org/pub/security/ast-2014-011.html

Trust: 1.1

url:http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html

Trust: 1.1

url:http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04779034

Trust: 1.1

url:http://people.canonical.com/~ubuntu-security/cve/2014/cve-2014-3566.html

Trust: 1.1

url:http://support.apple.com/ht204244

Trust: 1.1

url:http://support.citrix.com/article/ctx200238

Trust: 1.1

url:http://www-01.ibm.com/support/docview.wss?uid=isg3t1021431

Trust: 1.1

url:http://www-01.ibm.com/support/docview.wss?uid=isg3t1021439

Trust: 1.1

url:http://www-01.ibm.com/support/docview.wss?uid=swg21686997

Trust: 1.1

url:http://www-01.ibm.com/support/docview.wss?uid=swg21687172

Trust: 1.1

url:http://www-01.ibm.com/support/docview.wss?uid=swg21687611

Trust: 1.1

url:http://www-01.ibm.com/support/docview.wss?uid=swg21688283

Trust: 1.1

url:http://www-01.ibm.com/support/docview.wss?uid=swg21692299

Trust: 1.1

url:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html

Trust: 1.1

url:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

Trust: 1.1

url:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

Trust: 1.1

url:http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html

Trust: 1.1

url:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Trust: 1.1

url:http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

Trust: 1.1

url:http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html

Trust: 1.1

url:http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html

Trust: 1.1

url:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

Trust: 1.1

url:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html

Trust: 1.1

url:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

Trust: 1.1

url:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

Trust: 1.1

url:http://www.vmware.com/security/advisories/vmsa-2015-0003.html

Trust: 1.1

url:http://www.websense.com/support/article/kbarticle/vulnerabilities-resolved-in-triton-apx-version-8-0

Trust: 1.1

url:http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-405500.htm

Trust: 1.1

url:https://access.redhat.com/articles/1232123

Trust: 1.1

url:https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/

Trust: 1.1

url:https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6

Trust: 1.1

url:https://bto.bluecoat.com/security-advisory/sa83

Trust: 1.1

url:https://bugzilla.mozilla.org/show_bug.cgi?id=1076983

Trust: 1.1

url:https://bugzilla.redhat.com/show_bug.cgi?id=1152789

Trust: 1.1

url:https://devcentral.f5.com/articles/cve-2014-3566-removing-sslv3-from-big-ip

Trust: 1.1

url:https://github.com/mpgn/poodle-poc

Trust: 1.1

url:https://groups.google.com/forum/#%21topic/docker-user/oym0i3xshju

Trust: 1.1

url:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04819635

Trust: 1.1

url:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05068681

Trust: 1.1

url:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05157667

Trust: 1.1

url:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05301946

Trust: 1.1

url:https://ics-cert.us-cert.gov/advisories/icsma-18-058-02

Trust: 1.1

url:https://puppet.com/security/cve/poodle-sslv3-vulnerability

Trust: 1.1

url:https://security.netapp.com/advisory/ntap-20141015-0001/

Trust: 1.1

url:https://support.apple.com/ht205217

Trust: 1.1

url:https://support.apple.com/kb/ht6527

Trust: 1.1

url:https://support.apple.com/kb/ht6529

Trust: 1.1

url:https://support.apple.com/kb/ht6531

Trust: 1.1

url:https://support.apple.com/kb/ht6535

Trust: 1.1

url:https://support.apple.com/kb/ht6536

Trust: 1.1

url:https://support.apple.com/kb/ht6541

Trust: 1.1

url:https://support.apple.com/kb/ht6542

Trust: 1.1

url:https://support.citrix.com/article/ctx216642

Trust: 1.1

url:https://support.lenovo.com/product_security/poodle

Trust: 1.1

url:https://support.lenovo.com/us/en/product_security/poodle

Trust: 1.1

url:https://technet.microsoft.com/library/security/3009008.aspx

Trust: 1.1

url:https://www-01.ibm.com/support/docview.wss?uid=swg21688165

Trust: 1.1

url:https://www.arista.com/en/support/advisories-notices/security-advisories/1015-security-advisory-7

Trust: 1.1

url:https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html

Trust: 1.1

url:https://www.dfranke.us/posts/2014-10-14-how-poodle-happened.html

Trust: 1.1

url:https://www.elastic.co/blog/logstash-1-4-3-released

Trust: 1.1

url:https://www.imperialviolet.org/2014/10/14/poodle.html

Trust: 1.1

url:https://www.openssl.org/news/secadv_20141015.txt

Trust: 1.1

url:https://www.openssl.org/~bodo/ssl-poodle.pdf

Trust: 1.1

url:https://www.suse.com/support/kb/doc.php?id=7015773

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00001.html

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html

Trust: 1.1

url:http://kb.juniper.net/infocenter/index?page=content&id=jsa10705

Trust: 1.0

url:http://marc.info/?l=bugtraq&m=141450452204552&w=2

Trust: 1.0

url:http://marc.info/?l=bugtraq&m=141450973807288&w=2

Trust: 1.0

url:http://marc.info/?l=bugtraq&m=141477196830952&w=2

Trust: 1.0

url:http://marc.info/?l=bugtraq&m=141576815022399&w=2

Trust: 1.0

url:http://marc.info/?l=bugtraq&m=141577087123040&w=2

Trust: 1.0

url:http://marc.info/?l=bugtraq&m=141577350823734&w=2

Trust: 1.0

url:http://marc.info/?l=bugtraq&m=141620103726640&w=2

Trust: 1.0

url:http://marc.info/?l=bugtraq&m=141628688425177&w=2

Trust: 1.0

url:http://marc.info/?l=bugtraq&m=141694355519663&w=2

Trust: 1.0

url:http://marc.info/?l=bugtraq&m=141697638231025&w=2

Trust: 1.0

url:http://marc.info/?l=bugtraq&m=141697676231104&w=2

Trust: 1.0

url:http://marc.info/?l=bugtraq&m=141703183219781&w=2

Trust: 1.0

url:http://marc.info/?l=bugtraq&m=141715130023061&w=2

Trust: 1.0

url:http://marc.info/?l=bugtraq&m=141775427104070&w=2

Trust: 1.0

url:http://marc.info/?l=bugtraq&m=141813976718456&w=2

Trust: 1.0

url:http://marc.info/?l=bugtraq&m=141814011518700&w=2

Trust: 1.0

url:http://marc.info/?l=bugtraq&m=141879378918327&w=2

Trust: 1.0

url:http://marc.info/?l=bugtraq&m=142103967620673&w=2

Trust: 1.0

url:http://marc.info/?l=bugtraq&m=142118135300698&w=2

Trust: 1.0

url:http://marc.info/?l=bugtraq&m=142296755107581&w=2

Trust: 1.0

url:http://marc.info/?l=bugtraq&m=142350196615714&w=2

Trust: 1.0

url:http://marc.info/?l=bugtraq&m=142350298616097&w=2

Trust: 1.0

url:http://marc.info/?l=bugtraq&m=142350743917559&w=2

Trust: 1.0

url:http://marc.info/?l=bugtraq&m=142354438527235&w=2

Trust: 1.0

url:http://marc.info/?l=bugtraq&m=142357976805598&w=2

Trust: 1.0

url:http://marc.info/?l=bugtraq&m=142495837901899&w=2

Trust: 1.0

url:http://marc.info/?l=bugtraq&m=142496355704097&w=2

Trust: 1.0

url:http://marc.info/?l=bugtraq&m=142546741516006&w=2

Trust: 1.0

url:http://marc.info/?l=bugtraq&m=142607790919348&w=2

Trust: 1.0

url:http://marc.info/?l=bugtraq&m=142624590206005&w=2

Trust: 1.0

url:http://marc.info/?l=bugtraq&m=142624619906067

Trust: 1.0

url:http://marc.info/?l=bugtraq&m=142624619906067&w=2

Trust: 1.0

url:http://marc.info/?l=bugtraq&m=142624679706236&w=2

Trust: 1.0

url:http://marc.info/?l=bugtraq&m=142624719706349&w=2

Trust: 1.0

url:http://marc.info/?l=bugtraq&m=142660345230545&w=2

Trust: 1.0

url:http://marc.info/?l=bugtraq&m=142721830231196&w=2

Trust: 1.0

url:http://marc.info/?l=bugtraq&m=142721887231400&w=2

Trust: 1.0

url:http://marc.info/?l=bugtraq&m=142740155824959&w=2

Trust: 1.0

url:http://marc.info/?l=bugtraq&m=142791032306609&w=2

Trust: 1.0

url:http://marc.info/?l=bugtraq&m=142804214608580&w=2

Trust: 1.0

url:http://marc.info/?l=bugtraq&m=142805027510172&w=2

Trust: 1.0

url:http://marc.info/?l=bugtraq&m=142962817202793&w=2

Trust: 1.0

url:http://marc.info/?l=bugtraq&m=143039249603103&w=2

Trust: 1.0

url:http://marc.info/?l=bugtraq&m=143101048219218&w=2

Trust: 1.0

url:http://marc.info/?l=bugtraq&m=143290371927178&w=2

Trust: 1.0

url:http://marc.info/?l=bugtraq&m=143290437727362&w=2

Trust: 1.0

url:http://marc.info/?l=bugtraq&m=143290522027658&w=2

Trust: 1.0

url:http://marc.info/?l=bugtraq&m=143290583027876&w=2

Trust: 1.0

url:http://marc.info/?l=bugtraq&m=143558137709884&w=2

Trust: 1.0

url:http://marc.info/?l=bugtraq&m=143558192010071&w=2

Trust: 1.0

url:http://marc.info/?l=bugtraq&m=143628269912142&w=2

Trust: 1.0

url:http://marc.info/?l=bugtraq&m=144101915224472&w=2

Trust: 1.0

url:http://marc.info/?l=bugtraq&m=144251162130364&w=2

Trust: 1.0

url:http://marc.info/?l=bugtraq&m=144294141001552&w=2

Trust: 1.0

url:http://marc.info/?l=bugtraq&m=145983526810210&w=2

Trust: 1.0

url:http://marc.info/?l=openssl-dev&m=141333049205629&w=2

Trust: 1.0

url:https://kc.mcafee.com/corporate/index?page=content&id=sb10090

Trust: 1.0

url:https://kc.mcafee.com/corporate/index?page=content&id=sb10091

Trust: 1.0

url:https://kc.mcafee.com/corporate/index?page=content&id=sb10104

Trust: 1.0

url:http://www.debian.org/security/

Trust: 0.6

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/

Trust: 0.5

url:http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2014-6585

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2015-0407

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2014-6587

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2015-0412

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2014-6591

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2015-0408

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2015-0383

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2014-6593

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2014-6601

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2015-0395

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2015-0410

Trust: 0.5

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/

Trust: 0.4

url:http://www.debian.org/security/faq

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2015-0413

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2015-0403

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2014-6587

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2015-0403

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2015-0407

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2015-0406

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#critical

Trust: 0.2

url:https://bugzilla.redhat.com/show_bug.cgi?id=1152789#c82

Trust: 0.2

url:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#appendixjava

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2014-6593

Trust: 0.2

url:https://access.redhat.com/articles/11258

Trust: 0.2

url:https://access.redhat.com/security/team/contact/

Trust: 0.2

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2014-3566

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2015-0406

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2015-0413

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2015-0412

Trust: 0.2

url:https://bugzilla.redhat.com/):

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2015-0395

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2014-6601

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2015-0383

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2015-0408

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2014-6585

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2015-0410

Trust: 0.2

url:https://access.redhat.com/security/team/key/

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2014-6591

Trust: 0.2

url:https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse

Trust: 0.2

url:http://marc.info/?l=bugtraq&amp;m=141577350823734&amp;w=2

Trust: 0.1

url:http://marc.info/?l=bugtraq&amp;m=141576815022399&amp;w=2

Trust: 0.1

url:http://marc.info/?l=bugtraq&amp;m=141620103726640&amp;w=2

Trust: 0.1

url:http://marc.info/?l=bugtraq&amp;m=141697638231025&amp;w=2

Trust: 0.1

url:http://marc.info/?l=bugtraq&amp;m=141703183219781&amp;w=2

Trust: 0.1

url:http://marc.info/?l=bugtraq&amp;m=141697676231104&amp;w=2

Trust: 0.1

url:http://marc.info/?l=bugtraq&amp;m=141775427104070&amp;w=2

Trust: 0.1

url:http://marc.info/?l=bugtraq&amp;m=141814011518700&amp;w=2

Trust: 0.1

url:http://marc.info/?l=bugtraq&amp;m=141715130023061&amp;w=2

Trust: 0.1

url:http://marc.info/?l=bugtraq&amp;m=141813976718456&amp;w=2

Trust: 0.1

url:http://marc.info/?l=bugtraq&amp;m=142118135300698&amp;w=2

Trust: 0.1

url:http://marc.info/?l=bugtraq&amp;m=142296755107581&amp;w=2

Trust: 0.1

url:http://marc.info/?l=bugtraq&amp;m=142354438527235&amp;w=2

Trust: 0.1

url:http://marc.info/?l=bugtraq&amp;m=142350743917559&amp;w=2

Trust: 0.1

url:http://marc.info/?l=bugtraq&amp;m=142350196615714&amp;w=2

Trust: 0.1

url:http://marc.info/?l=bugtraq&amp;m=142350298616097&amp;w=2

Trust: 0.1

url:http://marc.info/?l=bugtraq&amp;m=142357976805598&amp;w=2

Trust: 0.1

url:http://marc.info/?l=bugtraq&amp;m=142962817202793&amp;w=2

Trust: 0.1

url:http://marc.info/?l=bugtraq&amp;m=143290371927178&amp;w=2

Trust: 0.1

url:http://marc.info/?l=bugtraq&amp;m=144294141001552&amp;w=2

Trust: 0.1

url:http://marc.info/?l=bugtraq&amp;m=145983526810210&amp;w=2

Trust: 0.1

url:http://marc.info/?l=bugtraq&amp;m=141450973807288&amp;w=2

Trust: 0.1

url:http://marc.info/?l=bugtraq&amp;m=142721887231400&amp;w=2

Trust: 0.1

url:http://marc.info/?l=bugtraq&amp;m=142660345230545&amp;w=2

Trust: 0.1

url:http://marc.info/?l=bugtraq&amp;m=142804214608580&amp;w=2

Trust: 0.1

url:http://marc.info/?l=bugtraq&amp;m=141450452204552&amp;w=2

Trust: 0.1

url:http://marc.info/?l=bugtraq&amp;m=141628688425177&amp;w=2

Trust: 0.1

url:http://marc.info/?l=bugtraq&amp;m=141577087123040&amp;w=2

Trust: 0.1

url:http://marc.info/?l=bugtraq&amp;m=141694355519663&amp;w=2

Trust: 0.1

url:http://marc.info/?l=bugtraq&amp;m=141879378918327&amp;w=2

Trust: 0.1

url:http://marc.info/?l=bugtraq&amp;m=143290583027876&amp;w=2

Trust: 0.1

url:http://marc.info/?l=bugtraq&amp;m=143628269912142&amp;w=2

Trust: 0.1

url:http://marc.info/?l=bugtraq&amp;m=143039249603103&amp;w=2

Trust: 0.1

url:http://marc.info/?l=bugtraq&amp;m=142624619906067&amp;w=2

Trust: 0.1

url:http://marc.info/?l=bugtraq&amp;m=142495837901899&amp;w=2

Trust: 0.1

url:http://marc.info/?l=bugtraq&amp;m=143290522027658&amp;w=2

Trust: 0.1

url:http://marc.info/?l=bugtraq&amp;m=142624719706349&amp;w=2

Trust: 0.1

url:http://marc.info/?l=bugtraq&amp;m=143290437727362&amp;w=2

Trust: 0.1

url:http://marc.info/?l=bugtraq&amp;m=142624590206005&amp;w=2

Trust: 0.1

url:http://marc.info/?l=bugtraq&amp;m=142624679706236&amp;w=2

Trust: 0.1

url:http://marc.info/?l=bugtraq&amp;m=142740155824959&amp;w=2

Trust: 0.1

url:http://marc.info/?l=bugtraq&amp;m=142721830231196&amp;w=2

Trust: 0.1

url:http://marc.info/?l=bugtraq&amp;m=142791032306609&amp;w=2

Trust: 0.1

url:http://marc.info/?l=bugtraq&amp;m=144101915224472&amp;w=2

Trust: 0.1

url:http://marc.info/?l=bugtraq&amp;m=142103967620673&amp;w=2

Trust: 0.1

url:http://marc.info/?l=bugtraq&amp;m=143558137709884&amp;w=2

Trust: 0.1

url:http://marc.info/?l=bugtraq&amp;m=143558192010071&amp;w=2

Trust: 0.1

url:http://marc.info/?l=bugtraq&amp;m=142805027510172&amp;w=2

Trust: 0.1

url:http://marc.info/?l=bugtraq&amp;m=142546741516006&amp;w=2

Trust: 0.1

url:http://marc.info/?l=bugtraq&amp;m=144251162130364&amp;w=2

Trust: 0.1

url:http://marc.info/?l=bugtraq&amp;m=141477196830952&amp;w=2

Trust: 0.1

url:http://marc.info/?l=bugtraq&amp;m=143101048219218&amp;w=2

Trust: 0.1

url:http://marc.info/?l=bugtraq&amp;m=142496355704097&amp;w=2

Trust: 0.1

url:http://marc.info/?l=bugtraq&amp;m=142624619906067

Trust: 0.1

url:http://marc.info/?l=bugtraq&amp;m=142607790919348&amp;w=2

Trust: 0.1

url:http://marc.info/?l=openssl-dev&amp;m=141333049205629&amp;w=2

Trust: 0.1

url:http://kb.juniper.net/infocenter/index?page=content&amp;id=jsa10705

Trust: 0.1

url:https://kc.mcafee.com/corporate/index?page=content&amp;id=sb10090

Trust: 0.1

url:https://kc.mcafee.com/corporate/index?page=content&amp;id=sb10091

Trust: 0.1

url:https://kc.mcafee.com/corporate/index?page=content&amp;id=sb10104

Trust: 0.1

url:http://h20564.www2.hp.com/hpsc/swd/public/readindex?sp4ts.oid=5263732&swlango

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-0224

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-6271

Trust: 0.1

url:http://h20564.www2.hp.com/hpsc/swd/public/readindex?sp4ts.oid=5331223&swlango

Trust: 0.1

url:https://hpln.hp.com/node/11274/contentfiles/?dir=25186

Trust: 0.1

url:https://hpln.hp.com/node/11274/contentfiles/?dir=24690

Trust: 0.1

url:https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/

Trust: 0.1

url:https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04507636

Trust: 0.1

url:https://hpln.hp.com/node/11274/contentfiles/?dir=25775

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-3499

Trust: 0.1

url:http://www.rsa.com.

Trust: 0.1

url:https://knowledge.rsasecurity.com/scolcms/help.aspx?_v=view3.

Trust: 0.1

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0098

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-0226

Trust: 0.1

url:https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-2566

Trust: 0.1

url:http://www.emc.com/support/rsa/index.htm

Trust: 0.1

url:https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-1862

Trust: 0.1

url:http://web.nvd.nist.gov/view/vuln/search.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-2566

Trust: 0.1

url:https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0226for

Trust: 0.1

url:https://knowledge.rsasecurity.com/scolcms/knowledge.aspx?solution=a46604.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-0098

Trust: 0.1

url:https://knowledge.rsasecurity.com

Trust: 0.1

url:https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0231

Trust: 0.1

url:https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-3499

Trust: 0.1

url:https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3566

Trust: 0.1

url:http://www.emc.com/support/rsa/eops/index.htm

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-1862

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0526

Trust: 0.1

url:http://nvd.nist.gov/home.cfm.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-0231

Trust: 0.1

url:https://knowledge.rsasecurity.com,

Trust: 0.1

url:https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facets

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3567

Trust: 0.1

url:http://www.hp.com/go/insightupdates

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3513

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-0437

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0437

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-6549

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0421

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-0421

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2014-6549

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-4929

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-3555

Trust: 0.1

url:http://www.hpe.com/support/security_bulletin_archive

Trust: 0.1

url:https://www.hpe.com/info/report-security-vulnerability

Trust: 0.1

url:https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04819635

Trust: 0.1

url:https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-8730

Trust: 0.1

url:http://www.hpe.com/support/subscriber_choice

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/openjdk-7/7u75-2.5.4-1~trusty1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/openjdk-7/7u75-2.5.4-1~utopic1

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0400

Trust: 0.1

url:https://launchpad.net/bugs/1415282

Trust: 0.1

sources: VULHUB: VHN-71506 // PACKETSTORM: 130644 // PACKETSTORM: 130184 // PACKETSTORM: 130072 // PACKETSTORM: 133640 // PACKETSTORM: 130181 // PACKETSTORM: 132330 // PACKETSTORM: 130304 // PACKETSTORM: 129263 // PACKETSTORM: 132082 // PACKETSTORM: 130070 // PACKETSTORM: 131826 // PACKETSTORM: 139063 // PACKETSTORM: 130141 // NVD: CVE-2014-3566

CREDITS

HP

Trust: 0.6

sources: PACKETSTORM: 130644 // PACKETSTORM: 133640 // PACKETSTORM: 130304 // PACKETSTORM: 129263 // PACKETSTORM: 132082 // PACKETSTORM: 139063

SOURCES

db:VULHUBid:VHN-71506
db:PACKETSTORMid:130644
db:PACKETSTORMid:130184
db:PACKETSTORMid:130072
db:PACKETSTORMid:133640
db:PACKETSTORMid:130181
db:PACKETSTORMid:132330
db:PACKETSTORMid:130304
db:PACKETSTORMid:129263
db:PACKETSTORMid:132082
db:PACKETSTORMid:130070
db:PACKETSTORMid:131826
db:PACKETSTORMid:139063
db:PACKETSTORMid:130141
db:NVDid:CVE-2014-3566

LAST UPDATE DATE

2024-11-07T20:32:39.568000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-71506date:2023-02-13T00:00:00
db:NVDid:CVE-2014-3566date:2023-09-12T14:55:31.563

SOURCES RELEASE DATE

db:VULHUBid:VHN-71506date:2014-10-15T00:00:00
db:PACKETSTORMid:130644date:2015-03-05T14:44:00
db:PACKETSTORMid:130184date:2015-01-30T22:37:22
db:PACKETSTORMid:130072date:2015-01-23T01:52:53
db:PACKETSTORMid:133640date:2015-09-23T04:36:17
db:PACKETSTORMid:130181date:2015-01-30T22:36:45
db:PACKETSTORMid:132330date:2015-06-16T19:42:22
db:PACKETSTORMid:130304date:2015-02-09T21:10:31
db:PACKETSTORMid:129263date:2014-11-26T15:07:50
db:PACKETSTORMid:132082date:2015-05-29T23:37:23
db:PACKETSTORMid:130070date:2015-01-23T01:51:41
db:PACKETSTORMid:131826date:2015-05-08T13:32:34
db:PACKETSTORMid:139063date:2016-10-12T04:50:49
db:PACKETSTORMid:130141date:2015-01-29T06:07:43
db:NVDid:CVE-2014-3566date:2014-10-15T00:55:02.137