Details of VAR-201410-1418

ID

VAR-201410-1418

CVE

CVE-2014-3566

TITLE

Red Hat Security Advisory 2014-1880-01

Trust: 0.1

sources: PACKETSTORM: 129194

DESCRIPTION

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. SSL protocol is the abbreviation of Secure Socket Layer protocol (Secure Socket Layer) developed by Netscape, which provides security and data integrity guarantee for Internet communication. There is a security vulnerability in the SSL protocol 3.0 version used in OpenSSL 1.0.1i and earlier versions. The vulnerability is caused by the program's use of non-deterministic CBC padding. Attackers can use padding-oracle attacks to exploit this vulnerability to implement man-in-the-middle attacks and obtain plaintext data. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.7.1-ibm security update Advisory ID: RHSA-2014:1880-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1880.html Issue date: 2014-11-20 CVE Names: CVE-2014-3065 CVE-2014-3566 CVE-2014-4288 CVE-2014-6456 CVE-2014-6457 CVE-2014-6458 CVE-2014-6476 CVE-2014-6492 CVE-2014-6493 CVE-2014-6502 CVE-2014-6503 CVE-2014-6506 CVE-2014-6511 CVE-2014-6512 CVE-2014-6515 CVE-2014-6527 CVE-2014-6531 CVE-2014-6532 CVE-2014-6558 ===================================================================== 1. Summary: Updated java-1.7.1-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 6 and 7 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client Supplementary (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Supplementary (v. 7) - x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 7) - x86_64 3. Description: IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2014-3065, CVE-2014-3566, CVE-2014-4288, CVE-2014-6456, CVE-2014-6457, CVE-2014-6458, CVE-2014-6476, CVE-2014-6492, CVE-2014-6493, CVE-2014-6502, CVE-2014-6503, CVE-2014-6506, CVE-2014-6511, CVE-2014-6512, CVE-2014-6515, CVE-2014-6527, CVE-2014-6531, CVE-2014-6532, CVE-2014-6558) The CVE-2014-6512 issue was discovered by Florian Weimer of Red Hat Product Security. Note: With this update, the IBM SDK now disables the SSL 3.0 protocol to address the CVE-2014-3566 issue (also known as POODLE). Refer to the IBM article linked to in the References section for additional details about this change and instructions on how to re-enable SSL 3.0 support if needed. All users of java-1.7.1-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 7R1 SR2 release. All running instances of IBM Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1071210 - CVE-2014-6512 OpenJDK: DatagramSocket connected socket missing source check (Libraries, 8039509) 1150155 - CVE-2014-6506 OpenJDK: insufficient permission checks when setting resource bundle on system logger (Libraries, 8041564) 1150651 - CVE-2014-6531 OpenJDK: insufficient ResourceBundle name check (Libraries, 8044274) 1150669 - CVE-2014-6502 OpenJDK: LogRecord use of incorrect CL when loading ResourceBundle (Libraries, 8042797) 1151046 - CVE-2014-6457 OpenJDK: Triple Handshake attack against TLS/SSL connections (JSSE, 8037066) 1151063 - CVE-2014-6558 OpenJDK: CipherInputStream incorrect exception handling (Security, 8037846) 1151517 - CVE-2014-6511 ICU: Layout Engine ContextualSubstitution missing boundary checks (JDK 2D, 8041540) 1152756 - CVE-2014-6532 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment) 1152757 - CVE-2014-6503 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment) 1152758 - CVE-2014-6456 Oracle JDK: unspecified vulnerability fixed in 7u71 and 8u25 (Deployment) 1152759 - CVE-2014-6492 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment) 1152760 - CVE-2014-6493 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment) 1152761 - CVE-2014-4288 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment) 1152763 - CVE-2014-6458 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment) 1152765 - CVE-2014-6476 Oracle JDK: unspecified vulnerability fixed in 7u71 and 8u25 (Deployment) 1152766 - CVE-2014-6515 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment) 1152767 - CVE-2014-6527 Oracle JDK: unspecified vulnerability fixed in 7u71 and 8u25 (Deployment) 1152789 - CVE-2014-3566 SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack 1162554 - CVE-2014-3065 IBM JDK: privilege escalation via shared class cache 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.7.1-ibm-1.7.1.2.0-1jpp.3.el6_6.i686.rpm java-1.7.1-ibm-demo-1.7.1.2.0-1jpp.3.el6_6.i686.rpm java-1.7.1-ibm-devel-1.7.1.2.0-1jpp.3.el6_6.i686.rpm java-1.7.1-ibm-jdbc-1.7.1.2.0-1jpp.3.el6_6.i686.rpm java-1.7.1-ibm-plugin-1.7.1.2.0-1jpp.3.el6_6.i686.rpm java-1.7.1-ibm-src-1.7.1.2.0-1jpp.3.el6_6.i686.rpm x86_64: java-1.7.1-ibm-1.7.1.2.0-1jpp.3.el6_6.i686.rpm java-1.7.1-ibm-1.7.1.2.0-1jpp.3.el6_6.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.2.0-1jpp.3.el6_6.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.2.0-1jpp.3.el6_6.i686.rpm java-1.7.1-ibm-devel-1.7.1.2.0-1jpp.3.el6_6.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.2.0-1jpp.3.el6_6.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.2.0-1jpp.3.el6_6.x86_64.rpm java-1.7.1-ibm-src-1.7.1.2.0-1jpp.3.el6_6.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.7.1-ibm-1.7.1.2.0-1jpp.3.el6_6.i686.rpm java-1.7.1-ibm-1.7.1.2.0-1jpp.3.el6_6.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.2.0-1jpp.3.el6_6.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.2.0-1jpp.3.el6_6.i686.rpm java-1.7.1-ibm-devel-1.7.1.2.0-1jpp.3.el6_6.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.2.0-1jpp.3.el6_6.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.2.0-1jpp.3.el6_6.x86_64.rpm java-1.7.1-ibm-src-1.7.1.2.0-1jpp.3.el6_6.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.7.1-ibm-1.7.1.2.0-1jpp.3.el6_6.i686.rpm java-1.7.1-ibm-demo-1.7.1.2.0-1jpp.3.el6_6.i686.rpm java-1.7.1-ibm-devel-1.7.1.2.0-1jpp.3.el6_6.i686.rpm java-1.7.1-ibm-jdbc-1.7.1.2.0-1jpp.3.el6_6.i686.rpm java-1.7.1-ibm-plugin-1.7.1.2.0-1jpp.3.el6_6.i686.rpm java-1.7.1-ibm-src-1.7.1.2.0-1jpp.3.el6_6.i686.rpm ppc64: java-1.7.1-ibm-1.7.1.2.0-1jpp.3.el6_6.ppc.rpm java-1.7.1-ibm-1.7.1.2.0-1jpp.3.el6_6.ppc64.rpm java-1.7.1-ibm-demo-1.7.1.2.0-1jpp.3.el6_6.ppc64.rpm java-1.7.1-ibm-devel-1.7.1.2.0-1jpp.3.el6_6.ppc.rpm java-1.7.1-ibm-devel-1.7.1.2.0-1jpp.3.el6_6.ppc64.rpm java-1.7.1-ibm-jdbc-1.7.1.2.0-1jpp.3.el6_6.ppc64.rpm java-1.7.1-ibm-plugin-1.7.1.2.0-1jpp.3.el6_6.ppc.rpm java-1.7.1-ibm-src-1.7.1.2.0-1jpp.3.el6_6.ppc64.rpm s390x: java-1.7.1-ibm-1.7.1.2.0-1jpp.3.el6_6.s390.rpm java-1.7.1-ibm-1.7.1.2.0-1jpp.3.el6_6.s390x.rpm java-1.7.1-ibm-demo-1.7.1.2.0-1jpp.3.el6_6.s390x.rpm java-1.7.1-ibm-devel-1.7.1.2.0-1jpp.3.el6_6.s390.rpm java-1.7.1-ibm-devel-1.7.1.2.0-1jpp.3.el6_6.s390x.rpm java-1.7.1-ibm-jdbc-1.7.1.2.0-1jpp.3.el6_6.s390x.rpm java-1.7.1-ibm-src-1.7.1.2.0-1jpp.3.el6_6.s390x.rpm x86_64: java-1.7.1-ibm-1.7.1.2.0-1jpp.3.el6_6.i686.rpm java-1.7.1-ibm-1.7.1.2.0-1jpp.3.el6_6.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.2.0-1jpp.3.el6_6.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.2.0-1jpp.3.el6_6.i686.rpm java-1.7.1-ibm-devel-1.7.1.2.0-1jpp.3.el6_6.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.2.0-1jpp.3.el6_6.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.2.0-1jpp.3.el6_6.x86_64.rpm java-1.7.1-ibm-src-1.7.1.2.0-1jpp.3.el6_6.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: java-1.7.1-ibm-1.7.1.2.0-1jpp.3.el6_6.i686.rpm java-1.7.1-ibm-demo-1.7.1.2.0-1jpp.3.el6_6.i686.rpm java-1.7.1-ibm-devel-1.7.1.2.0-1jpp.3.el6_6.i686.rpm java-1.7.1-ibm-jdbc-1.7.1.2.0-1jpp.3.el6_6.i686.rpm java-1.7.1-ibm-plugin-1.7.1.2.0-1jpp.3.el6_6.i686.rpm java-1.7.1-ibm-src-1.7.1.2.0-1jpp.3.el6_6.i686.rpm x86_64: java-1.7.1-ibm-1.7.1.2.0-1jpp.3.el6_6.i686.rpm java-1.7.1-ibm-1.7.1.2.0-1jpp.3.el6_6.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.2.0-1jpp.3.el6_6.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.2.0-1jpp.3.el6_6.i686.rpm java-1.7.1-ibm-devel-1.7.1.2.0-1jpp.3.el6_6.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.2.0-1jpp.3.el6_6.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.2.0-1jpp.3.el6_6.x86_64.rpm java-1.7.1-ibm-src-1.7.1.2.0-1jpp.3.el6_6.x86_64.rpm Red Hat Enterprise Linux Client Supplementary (v. 7): x86_64: java-1.7.1-ibm-1.7.1.2.0-1jpp.3.el7_0.i686.rpm java-1.7.1-ibm-1.7.1.2.0-1jpp.3.el7_0.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.2.0-1jpp.3.el7_0.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.2.0-1jpp.3.el7_0.i686.rpm java-1.7.1-ibm-devel-1.7.1.2.0-1jpp.3.el7_0.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.2.0-1jpp.3.el7_0.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.2.0-1jpp.3.el7_0.x86_64.rpm java-1.7.1-ibm-src-1.7.1.2.0-1jpp.3.el7_0.x86_64.rpm Red Hat Enterprise Linux ComputeNode Supplementary (v. 7): x86_64: java-1.7.1-ibm-1.7.1.2.0-1jpp.3.el7_0.i686.rpm java-1.7.1-ibm-1.7.1.2.0-1jpp.3.el7_0.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.2.0-1jpp.3.el7_0.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.2.0-1jpp.3.el7_0.i686.rpm java-1.7.1-ibm-devel-1.7.1.2.0-1jpp.3.el7_0.x86_64.rpm java-1.7.1-ibm-src-1.7.1.2.0-1jpp.3.el7_0.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 7): ppc64: java-1.7.1-ibm-1.7.1.2.0-1jpp.3.el7_0.ppc.rpm java-1.7.1-ibm-1.7.1.2.0-1jpp.3.el7_0.ppc64.rpm java-1.7.1-ibm-demo-1.7.1.2.0-1jpp.3.el7_0.ppc64.rpm java-1.7.1-ibm-devel-1.7.1.2.0-1jpp.3.el7_0.ppc.rpm java-1.7.1-ibm-devel-1.7.1.2.0-1jpp.3.el7_0.ppc64.rpm java-1.7.1-ibm-jdbc-1.7.1.2.0-1jpp.3.el7_0.ppc64.rpm java-1.7.1-ibm-plugin-1.7.1.2.0-1jpp.3.el7_0.ppc.rpm java-1.7.1-ibm-src-1.7.1.2.0-1jpp.3.el7_0.ppc64.rpm s390x: java-1.7.1-ibm-1.7.1.2.0-1jpp.3.el7_0.s390.rpm java-1.7.1-ibm-1.7.1.2.0-1jpp.3.el7_0.s390x.rpm java-1.7.1-ibm-demo-1.7.1.2.0-1jpp.3.el7_0.s390x.rpm java-1.7.1-ibm-devel-1.7.1.2.0-1jpp.3.el7_0.s390.rpm java-1.7.1-ibm-devel-1.7.1.2.0-1jpp.3.el7_0.s390x.rpm java-1.7.1-ibm-jdbc-1.7.1.2.0-1jpp.3.el7_0.s390x.rpm java-1.7.1-ibm-src-1.7.1.2.0-1jpp.3.el7_0.s390x.rpm x86_64: java-1.7.1-ibm-1.7.1.2.0-1jpp.3.el7_0.i686.rpm java-1.7.1-ibm-1.7.1.2.0-1jpp.3.el7_0.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.2.0-1jpp.3.el7_0.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.2.0-1jpp.3.el7_0.i686.rpm java-1.7.1-ibm-devel-1.7.1.2.0-1jpp.3.el7_0.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.2.0-1jpp.3.el7_0.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.2.0-1jpp.3.el7_0.x86_64.rpm java-1.7.1-ibm-src-1.7.1.2.0-1jpp.3.el7_0.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 7): x86_64: java-1.7.1-ibm-1.7.1.2.0-1jpp.3.el7_0.i686.rpm java-1.7.1-ibm-1.7.1.2.0-1jpp.3.el7_0.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.2.0-1jpp.3.el7_0.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.2.0-1jpp.3.el7_0.i686.rpm java-1.7.1-ibm-devel-1.7.1.2.0-1jpp.3.el7_0.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.2.0-1jpp.3.el7_0.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.2.0-1jpp.3.el7_0.x86_64.rpm java-1.7.1-ibm-src-1.7.1.2.0-1jpp.3.el7_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-3065 https://access.redhat.com/security/cve/CVE-2014-3566 https://access.redhat.com/security/cve/CVE-2014-4288 https://access.redhat.com/security/cve/CVE-2014-6456 https://access.redhat.com/security/cve/CVE-2014-6457 https://access.redhat.com/security/cve/CVE-2014-6458 https://access.redhat.com/security/cve/CVE-2014-6476 https://access.redhat.com/security/cve/CVE-2014-6492 https://access.redhat.com/security/cve/CVE-2014-6493 https://access.redhat.com/security/cve/CVE-2014-6502 https://access.redhat.com/security/cve/CVE-2014-6503 https://access.redhat.com/security/cve/CVE-2014-6506 https://access.redhat.com/security/cve/CVE-2014-6511 https://access.redhat.com/security/cve/CVE-2014-6512 https://access.redhat.com/security/cve/CVE-2014-6515 https://access.redhat.com/security/cve/CVE-2014-6527 https://access.redhat.com/security/cve/CVE-2014-6531 https://access.redhat.com/security/cve/CVE-2014-6532 https://access.redhat.com/security/cve/CVE-2014-6558 https://access.redhat.com/security/updates/classification/#critical https://www.ibm.com/developerworks/java/jdk/alerts/ https://www-01.ibm.com/support/docview.wss?uid=swg21688165 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUbh0WXlSAg2UNWIIRAi2fAKDExQmcZYqy6INJOtUbpQK5QrXWUgCgmnhC K/vkNngAOzoTqWX0yFnSTr0= =nHUV -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . HP-UX B.11.11, B.11.23, and B.11.31 running HP JDK and JRE v6.0.24 and earlier. All HP TippingPoint Intrusion Prevention System (IPS) Local Security Manager (LSM) versions including and prior to v3.7.1.4231. The HP Insight Control 7.2.1 Update kit applicable to HP Insight Control 7.2.x installations is available at the following location: https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber =HPICE NOTE: Please read the readme.txt file before proceeding with the installation. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04492722 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04492722 Version: 3 HPSBUX03162 SSRT101767 rev.3 - HP-UX Running OpenSSL, Remote Denial of Service (DoS), Unauthorized Access, Man-in-the-Middle (MitM) Attack NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2014-10-28 Last Updated: 2014-12-11 Potential Security Impact: Remote Denial of Service (DoS), unauthorized access, man-in-the-middle (MitM) attack Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP-UX running OpenSSL. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS), allow unauthorized access, or a man-in-the-middle (MitM) attack. This is the SSLv3 vulnerability known as "Padding Oracle On Downgraded Legacy Encryption" also known as "POODLE", which could be exploited remotely to allow disclosure of information. References: CVE-2014-3566 Man-in-the-Middle (MitM) attack CVE-2014-3567 Remote Unauthorized Access CVE-2014-3568 Remote Denial of Service (DoS) SSRT101767 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, B.11.31 running OpenSSL versions before v0.9.8zc BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2014-3566 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2014-3567 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1 CVE-2014-3568 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has provided the following updates to resolve these vulnerabilities. The updates are available from the following site. https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber =OPENSSL11I HP-UX Release HP-UX OpenSSL version B.11.11 (11i v1) A.00.09.08zc.001_HP-UX_B.11.11_32+64.depot B.11.23 (11i v2) A.00.09.08zc.002a_HP-UX_B.11.23_IA-PA.depot B.11.31 (11i v3) A.00.09.08zc.003_HP-UX_B.11.31_IA-PA.depot MANUAL ACTIONS: Yes - Update Install OpenSSL A.00.09.08zc or subsequent PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant. AFFECTED VERSIONS HP-UX B.11.11 ================== openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: install revision A.00.09.08zc.001 or subsequent HP-UX B.11.23 ================== openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: install revision A.00.09.08zc.002a or subsequent HP-UX B.11.31 ================== openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: install revision A.00.09.08zc.003 or subsequent END AFFECTED VERSIONS HISTORY Version:1 (rev.1) - 28 October 2014 Initial release Version:2 (rev.2) - 3 November 2014 Updated download location Version:3 (rev.3) - 11 December 2014 updated version of 11i v2 depot for revised code Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners

Trust: 1.44

sources: NVD: CVE-2014-3566 // VULHUB: VHN-71506 // PACKETSTORM: 129194 // PACKETSTORM: 130549 // PACKETSTORM: 128866 // PACKETSTORM: 132085 // PACKETSTORM: 129528

AFFECTED PRODUCTS

vendor:	ibm	model:	vios	scope:	eq	version:	2.2.2.4	Trust: 1.0
vendor:	netbsd	model:	netbsd	scope:	eq	version:	6.0	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	0.9.8o	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	0.9.8h	Trust: 1.0
vendor:	ibm	model:	vios	scope:	eq	version:	2.2.1.7	Trust: 1.0
vendor:	novell	model:	suse linux enterprise server	scope:	eq	version:	11.0	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.0j	Trust: 1.0
vendor:	redhat	model:	enterprise linux	scope:	eq	version:	5	Trust: 1.0
vendor:	novell	model:	suse linux enterprise desktop	scope:	eq	version:	12.0	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.0l	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.0m	Trust: 1.0
vendor:	ibm	model:	vios	scope:	eq	version:	2.2.3.2	Trust: 1.0
vendor:	netbsd	model:	netbsd	scope:	eq	version:	6.0.4	Trust: 1.0
vendor:	ibm	model:	vios	scope:	eq	version:	2.2.1.5	Trust: 1.0
vendor:	ibm	model:	vios	scope:	eq	version:	2.2.3.4	Trust: 1.0
vendor:	netbsd	model:	netbsd	scope:	eq	version:	5.1.4	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	0.9.8	Trust: 1.0
vendor:	ibm	model:	vios	scope:	eq	version:	2.2.2.5	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1h	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	0.9.8l	Trust: 1.0
vendor:	redhat	model:	enterprise linux desktop supplementary	scope:	eq	version:	5.0	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1i	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.0d	Trust: 1.0
vendor:	ibm	model:	vios	scope:	eq	version:	2.2.1.8	Trust: 1.0
vendor:	redhat	model:	enterprise linux server supplementary	scope:	eq	version:	5.0	Trust: 1.0
vendor:	novell	model:	suse linux enterprise software development kit	scope:	eq	version:	12.0	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	0.9.8x	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1d	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	0.9.8v	Trust: 1.0
vendor:	novell	model:	suse linux enterprise desktop	scope:	eq	version:	10.0	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	20	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	8.0	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.0b	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.0f	Trust: 1.0
vendor:	novell	model:	suse linux enterprise desktop	scope:	eq	version:	11.0	Trust: 1.0
vendor:	ibm	model:	vios	scope:	eq	version:	2.2.3.3	Trust: 1.0
vendor:	netbsd	model:	netbsd	scope:	eq	version:	6.1.5	Trust: 1.0
vendor:	netbsd	model:	netbsd	scope:	eq	version:	6.0.2	Trust: 1.0
vendor:	opensuse	model:	opensuse	scope:	eq	version:	13.1	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	0.9.8e	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	0.9.8m	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1g	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	19	Trust: 1.0
vendor:	ibm	model:	vios	scope:	eq	version:	2.2.0.10	Trust: 1.0
vendor:	ibm	model:	aix	scope:	eq	version:	7.1	Trust: 1.0
vendor:	netbsd	model:	netbsd	scope:	eq	version:	6.1.3	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	0.9.8c	Trust: 1.0
vendor:	netbsd	model:	netbsd	scope:	eq	version:	5.1.3	Trust: 1.0
vendor:	netbsd	model:	netbsd	scope:	eq	version:	6.0.6	Trust: 1.0
vendor:	mageia	model:	mageia	scope:	eq	version:	3.0	Trust: 1.0
vendor:	novell	model:	suse linux enterprise software development kit	scope:	eq	version:	11.0	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	7.0	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lte	version:	10.10.1	Trust: 1.0
vendor:	ibm	model:	aix	scope:	eq	version:	5.3	Trust: 1.0
vendor:	ibm	model:	vios	scope:	eq	version:	2.2.1.6	Trust: 1.0
vendor:	redhat	model:	enterprise linux server	scope:	eq	version:	7.0	Trust: 1.0
vendor:	mageia	model:	mageia	scope:	eq	version:	4.0	Trust: 1.0
vendor:	ibm	model:	vios	scope:	eq	version:	2.2.2.1	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	0.9.8s	Trust: 1.0
vendor:	ibm	model:	vios	scope:	eq	version:	2.2.2.3	Trust: 1.0
vendor:	oracle	model:	database	scope:	eq	version:	12.1.0.2	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	0.9.8a	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	0.9.8r	Trust: 1.0
vendor:	oracle	model:	database	scope:	eq	version:	11.2.0.4	Trust: 1.0
vendor:	novell	model:	suse linux enterprise desktop	scope:	eq	version:	9.0	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	0.9.8j	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	0.9.8b	Trust: 1.0
vendor:	ibm	model:	vios	scope:	eq	version:	2.2.3.1	Trust: 1.0
vendor:	netbsd	model:	netbsd	scope:	eq	version:	5.1	Trust: 1.0
vendor:	redhat	model:	enterprise linux server	scope:	eq	version:	6.0	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	0.9.8f	Trust: 1.0
vendor:	netbsd	model:	netbsd	scope:	eq	version:	6.1.1	Trust: 1.0
vendor:	netbsd	model:	netbsd	scope:	eq	version:	6.0.1	Trust: 1.0
vendor:	opensuse	model:	opensuse	scope:	eq	version:	12.3	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	0.9.8k	Trust: 1.0
vendor:	redhat	model:	enterprise linux server supplementary	scope:	eq	version:	7.0	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	0.9.8y	Trust: 1.0
vendor:	ibm	model:	vios	scope:	eq	version:	2.2.1.1	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	0.9.8d	Trust: 1.0
vendor:	ibm	model:	vios	scope:	eq	version:	2.2.1.3	Trust: 1.0
vendor:	netbsd	model:	netbsd	scope:	eq	version:	5.2.1	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.0e	Trust: 1.0
vendor:	redhat	model:	enterprise linux desktop supplementary	scope:	eq	version:	6.0	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	21	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.0k	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1e	Trust: 1.0
vendor:	ibm	model:	vios	scope:	eq	version:	2.2.0.13	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.0	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.0h	Trust: 1.0
vendor:	redhat	model:	enterprise linux server supplementary	scope:	eq	version:	6.0	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	0.9.8n	Trust: 1.0
vendor:	netbsd	model:	netbsd	scope:	eq	version:	5.1.1	Trust: 1.0
vendor:	ibm	model:	vios	scope:	eq	version:	2.2.0.11	Trust: 1.0
vendor:	netbsd	model:	netbsd	scope:	eq	version:	5.2	Trust: 1.0
vendor:	netbsd	model:	netbsd	scope:	eq	version:	6.0.5	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1b	Trust: 1.0
vendor:	ibm	model:	vios	scope:	eq	version:	2.2.1.9	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1a	Trust: 1.0
vendor:	ibm	model:	vios	scope:	eq	version:	2.2.2.2	Trust: 1.0
vendor:	netbsd	model:	netbsd	scope:	eq	version:	5.1.2	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1	Trust: 1.0
vendor:	ibm	model:	vios	scope:	eq	version:	2.2.0.12	Trust: 1.0
vendor:	netbsd	model:	netbsd	scope:	eq	version:	6.1	Trust: 1.0
vendor:	netbsd	model:	netbsd	scope:	eq	version:	5.2.2	Trust: 1.0
vendor:	netbsd	model:	netbsd	scope:	eq	version:	6.0.3	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	0.9.8q	Trust: 1.0
vendor:	redhat	model:	enterprise linux workstation supplementary	scope:	eq	version:	7.0	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	0.9.8g	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.0a	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1f	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	0.9.8z	Trust: 1.0
vendor:	ibm	model:	vios	scope:	eq	version:	2.2.1.4	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	0.9.8za	Trust: 1.0
vendor:	ibm	model:	vios	scope:	eq	version:	2.2.2.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux workstation	scope:	eq	version:	7.0	Trust: 1.0
vendor:	netbsd	model:	netbsd	scope:	eq	version:	6.1.4	Trust: 1.0
vendor:	redhat	model:	enterprise linux desktop	scope:	eq	version:	7.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux workstation supplementary	scope:	eq	version:	6.0	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	0.9.8u	Trust: 1.0
vendor:	novell	model:	suse linux enterprise server	scope:	eq	version:	12.0	Trust: 1.0
vendor:	netbsd	model:	netbsd	scope:	eq	version:	6.1.2	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	0.9.8p	Trust: 1.0
vendor:	redhat	model:	enterprise linux workstation	scope:	eq	version:	6.0	Trust: 1.0
vendor:	ibm	model:	aix	scope:	eq	version:	6.1	Trust: 1.0
vendor:	ibm	model:	vios	scope:	eq	version:	2.2.1.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux desktop	scope:	eq	version:	6.0	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	0.9.8t	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	0.9.8zb	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	0.9.8w	Trust: 1.0
vendor:	ibm	model:	vios	scope:	eq	version:	2.2.3.0	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.0c	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.0g	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.0i	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.0n	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	0.9.8i	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1c	Trust: 1.0

sources: NVD: CVE-2014-3566

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-3566
value:	LOW
Trust: 1.0
VULHUB:	VHN-71506
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-3566
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-71506
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2014-3566
baseSeverity:	LOW
baseScore:	3.4
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.6
impactScore:	1.4
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-71506 // NVD: CVE-2014-3566

PROBLEMTYPE DATA

problemtype:

CWE-310

Trust: 1.1

sources: VULHUB: VHN-71506 // NVD: CVE-2014-3566

THREAT TYPE

remote

Trust: 0.1

sources: PACKETSTORM: 130549

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-71506

EXTERNAL IDS

db:	NVD	id:	CVE-2014-3566	Trust: 1.6
db:	ICS CERT	id:	ICSMA-18-058-02	Trust: 1.1
db:	SECUNIA	id:	61130	Trust: 1.1
db:	SECUNIA	id:	61995	Trust: 1.1
db:	SECUNIA	id:	60792	Trust: 1.1
db:	SECUNIA	id:	61019	Trust: 1.1
db:	SECUNIA	id:	61316	Trust: 1.1
db:	SECUNIA	id:	61827	Trust: 1.1
db:	SECUNIA	id:	61782	Trust: 1.1
db:	SECUNIA	id:	60056	Trust: 1.1
db:	SECUNIA	id:	61810	Trust: 1.1
db:	SECUNIA	id:	61819	Trust: 1.1
db:	SECUNIA	id:	61825	Trust: 1.1
db:	SECUNIA	id:	60206	Trust: 1.1
db:	SECUNIA	id:	61303	Trust: 1.1
db:	SECUNIA	id:	61359	Trust: 1.1
db:	SECUNIA	id:	61345	Trust: 1.1
db:	SECUNIA	id:	59627	Trust: 1.1
db:	SECUNIA	id:	60859	Trust: 1.1
db:	SECUNIA	id:	61926	Trust: 1.1
db:	SECTRACK	id:	1031120	Trust: 1.1
db:	SECTRACK	id:	1031106	Trust: 1.1
db:	SECTRACK	id:	1031124	Trust: 1.1
db:	SECTRACK	id:	1031091	Trust: 1.1
db:	SECTRACK	id:	1031095	Trust: 1.1
db:	SECTRACK	id:	1031088	Trust: 1.1
db:	SECTRACK	id:	1031093	Trust: 1.1
db:	SECTRACK	id:	1031105	Trust: 1.1
db:	SECTRACK	id:	1031094	Trust: 1.1
db:	SECTRACK	id:	1031087	Trust: 1.1
db:	SECTRACK	id:	1031090	Trust: 1.1
db:	SECTRACK	id:	1031107	Trust: 1.1
db:	SECTRACK	id:	1031132	Trust: 1.1
db:	SECTRACK	id:	1031085	Trust: 1.1
db:	SECTRACK	id:	1031039	Trust: 1.1
db:	SECTRACK	id:	1031096	Trust: 1.1
db:	SECTRACK	id:	1031131	Trust: 1.1
db:	SECTRACK	id:	1031029	Trust: 1.1
db:	SECTRACK	id:	1031123	Trust: 1.1
db:	SECTRACK	id:	1031086	Trust: 1.1
db:	SECTRACK	id:	1031130	Trust: 1.1
db:	SECTRACK	id:	1031092	Trust: 1.1
db:	SECTRACK	id:	1031089	Trust: 1.1
db:	USCERT	id:	TA14-290A	Trust: 1.1
db:	MCAFEE	id:	SB10091	Trust: 1.1
db:	MCAFEE	id:	SB10104	Trust: 1.1
db:	MCAFEE	id:	SB10090	Trust: 1.1
db:	CERT/CC	id:	VU#577193	Trust: 1.1
db:	JUNIPER	id:	JSA10705	Trust: 1.1
db:	BID	id:	70574	Trust: 1.1
db:	PACKETSTORM	id:	128866	Trust: 0.2
db:	PACKETSTORM	id:	129528	Trust: 0.2
db:	PACKETSTORM	id:	130549	Trust: 0.2
db:	PACKETSTORM	id:	131009	Trust: 0.1
db:	PACKETSTORM	id:	130184	Trust: 0.1
db:	PACKETSTORM	id:	131051	Trust: 0.1
db:	PACKETSTORM	id:	128838	Trust: 0.1
db:	PACKETSTORM	id:	130217	Trust: 0.1
db:	PACKETSTORM	id:	130296	Trust: 0.1
db:	PACKETSTORM	id:	129150	Trust: 0.1
db:	PACKETSTORM	id:	132084	Trust: 0.1
db:	PACKETSTORM	id:	132573	Trust: 0.1
db:	PACKETSTORM	id:	131354	Trust: 0.1
db:	PACKETSTORM	id:	128969	Trust: 0.1
db:	PACKETSTORM	id:	132469	Trust: 0.1
db:	PACKETSTORM	id:	128669	Trust: 0.1
db:	PACKETSTORM	id:	129265	Trust: 0.1
db:	PACKETSTORM	id:	129217	Trust: 0.1
db:	PACKETSTORM	id:	136599	Trust: 0.1
db:	PACKETSTORM	id:	133640	Trust: 0.1
db:	PACKETSTORM	id:	129263	Trust: 0.1
db:	PACKETSTORM	id:	128921	Trust: 0.1
db:	PACKETSTORM	id:	129614	Trust: 0.1
db:	PACKETSTORM	id:	130759	Trust: 0.1
db:	PACKETSTORM	id:	131011	Trust: 0.1
db:	PACKETSTORM	id:	129065	Trust: 0.1
db:	PACKETSTORM	id:	139063	Trust: 0.1
db:	PACKETSTORM	id:	129266	Trust: 0.1
db:	PACKETSTORM	id:	128863	Trust: 0.1
db:	PACKETSTORM	id:	130332	Trust: 0.1
db:	PACKETSTORM	id:	128730	Trust: 0.1
db:	PACKETSTORM	id:	130298	Trust: 0.1
db:	PACKETSTORM	id:	131690	Trust: 0.1
db:	PACKETSTORM	id:	128770	Trust: 0.1
db:	PACKETSTORM	id:	130125	Trust: 0.1
db:	PACKETSTORM	id:	132641	Trust: 0.1
db:	PACKETSTORM	id:	128732	Trust: 0.1
db:	PACKETSTORM	id:	128733	Trust: 0.1
db:	PACKETSTORM	id:	130816	Trust: 0.1
db:	PACKETSTORM	id:	130052	Trust: 0.1
db:	PACKETSTORM	id:	129294	Trust: 0.1
db:	PACKETSTORM	id:	132470	Trust: 0.1
db:	PACKETSTORM	id:	133836	Trust: 0.1
db:	PACKETSTORM	id:	136577	Trust: 0.1
db:	PACKETSTORM	id:	129242	Trust: 0.1
db:	PACKETSTORM	id:	129401	Trust: 0.1
db:	PACKETSTORM	id:	130304	Trust: 0.1
db:	PACKETSTORM	id:	130334	Trust: 0.1
db:	PACKETSTORM	id:	129427	Trust: 0.1
db:	PACKETSTORM	id:	130085	Trust: 0.1
db:	PACKETSTORM	id:	131008	Trust: 0.1
db:	PACKETSTORM	id:	137652	Trust: 0.1
db:	PACKETSTORM	id:	129071	Trust: 0.1
db:	PACKETSTORM	id:	130046	Trust: 0.1
db:	PACKETSTORM	id:	135908	Trust: 0.1
db:	PACKETSTORM	id:	130086	Trust: 0.1
db:	PACKETSTORM	id:	128769	Trust: 0.1
db:	PACKETSTORM	id:	130141	Trust: 0.1
db:	PACKETSTORM	id:	131535	Trust: 0.1
db:	PACKETSTORM	id:	130181	Trust: 0.1
db:	PACKETSTORM	id:	133368	Trust: 0.1
db:	PACKETSTORM	id:	132942	Trust: 0.1
db:	PACKETSTORM	id:	130070	Trust: 0.1
db:	PACKETSTORM	id:	129318	Trust: 0.1
db:	PACKETSTORM	id:	132965	Trust: 0.1
db:	PACKETSTORM	id:	131790	Trust: 0.1
db:	PACKETSTORM	id:	130818	Trust: 0.1
db:	PACKETSTORM	id:	130817	Trust: 0.1
db:	PACKETSTORM	id:	128771	Trust: 0.1
db:	PACKETSTORM	id:	130050	Trust: 0.1
db:	PACKETSTORM	id:	133600	Trust: 0.1
db:	PACKETSTORM	id:	130072	Trust: 0.1
db:	PACKETSTORM	id:	129120	Trust: 0.1
db:	PACKETSTORM	id:	129426	Trust: 0.1
db:	CNNVD	id:	CNNVD-201410-267	Trust: 0.1
db:	SEEBUG	id:	SSVID-92692	Trust: 0.1
db:	VULHUB	id:	VHN-71506	Trust: 0.1
db:	PACKETSTORM	id:	129194	Trust: 0.1
db:	PACKETSTORM	id:	132085	Trust: 0.1

sources: VULHUB: VHN-71506 // PACKETSTORM: 129194 // PACKETSTORM: 130549 // PACKETSTORM: 128866 // PACKETSTORM: 132085 // PACKETSTORM: 129528 // NVD: CVE-2014-3566

REFERENCES

url:	http://rhn.redhat.com/errata/rhsa-2014-1880.html	Trust: 1.2
url:	https://www-01.ibm.com/support/docview.wss?uid=swg21688165	Trust: 1.2
url:	http://www.securitytracker.com/id/1031029	Trust: 1.1
url:	http://www.securitytracker.com/id/1031039	Trust: 1.1
url:	http://www.securitytracker.com/id/1031085	Trust: 1.1
url:	http://www.securitytracker.com/id/1031086	Trust: 1.1
url:	http://www.securitytracker.com/id/1031087	Trust: 1.1
url:	http://www.securitytracker.com/id/1031088	Trust: 1.1
url:	http://www.securitytracker.com/id/1031089	Trust: 1.1
url:	http://www.securitytracker.com/id/1031090	Trust: 1.1
url:	http://www.securitytracker.com/id/1031091	Trust: 1.1
url:	http://www.securitytracker.com/id/1031092	Trust: 1.1
url:	http://www.securitytracker.com/id/1031093	Trust: 1.1
url:	http://www.securitytracker.com/id/1031094	Trust: 1.1
url:	http://www.securitytracker.com/id/1031095	Trust: 1.1
url:	http://www.securitytracker.com/id/1031096	Trust: 1.1
url:	http://www.securitytracker.com/id/1031105	Trust: 1.1
url:	http://www.securitytracker.com/id/1031106	Trust: 1.1
url:	http://www.securitytracker.com/id/1031107	Trust: 1.1
url:	http://www.securitytracker.com/id/1031120	Trust: 1.1
url:	http://www.securitytracker.com/id/1031123	Trust: 1.1
url:	http://www.securitytracker.com/id/1031124	Trust: 1.1
url:	http://www.securitytracker.com/id/1031130	Trust: 1.1
url:	http://www.securitytracker.com/id/1031131	Trust: 1.1
url:	http://www.securitytracker.com/id/1031132	Trust: 1.1
url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20141015-poodle	Trust: 1.1
url:	http://secunia.com/advisories/59627	Trust: 1.1
url:	http://secunia.com/advisories/60056	Trust: 1.1
url:	http://secunia.com/advisories/60206	Trust: 1.1
url:	http://secunia.com/advisories/60792	Trust: 1.1
url:	http://secunia.com/advisories/60859	Trust: 1.1
url:	http://secunia.com/advisories/61019	Trust: 1.1
url:	http://secunia.com/advisories/61130	Trust: 1.1
url:	http://secunia.com/advisories/61303	Trust: 1.1
url:	http://secunia.com/advisories/61316	Trust: 1.1
url:	http://secunia.com/advisories/61345	Trust: 1.1
url:	http://secunia.com/advisories/61359	Trust: 1.1
url:	http://secunia.com/advisories/61782	Trust: 1.1
url:	http://secunia.com/advisories/61810	Trust: 1.1
url:	http://secunia.com/advisories/61819	Trust: 1.1
url:	http://secunia.com/advisories/61825	Trust: 1.1
url:	http://secunia.com/advisories/61827	Trust: 1.1
url:	http://secunia.com/advisories/61926	Trust: 1.1
url:	http://secunia.com/advisories/61995	Trust: 1.1
url:	http://www.securityfocus.com/bid/70574	Trust: 1.1
url:	http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html	Trust: 1.1
url:	http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html	Trust: 1.1
url:	http://www.securityfocus.com/archive/1/533724/100/0/threaded	Trust: 1.1
url:	http://www.securityfocus.com/archive/1/533747	Trust: 1.1
url:	http://www.securityfocus.com/archive/1/533746	Trust: 1.1
url:	http://lists.apple.com/archives/security-announce/2015/jan/msg00003.html	Trust: 1.1
url:	http://lists.apple.com/archives/security-announce/2015/sep/msg00002.html	Trust: 1.1
url:	http://www.debian.org/security/2014/dsa-3053	Trust: 1.1
url:	http://www.debian.org/security/2015/dsa-3144	Trust: 1.1
url:	http://www.debian.org/security/2015/dsa-3147	Trust: 1.1
url:	http://www.debian.org/security/2015/dsa-3253	Trust: 1.1
url:	http://www.debian.org/security/2016/dsa-3489	Trust: 1.1
url:	http://lists.fedoraproject.org/pipermail/package-announce/2014-november/142330.html	Trust: 1.1
url:	http://lists.fedoraproject.org/pipermail/package-announce/2014-october/141158.html	Trust: 1.1
url:	http://lists.fedoraproject.org/pipermail/package-announce/2014-october/141114.html	Trust: 1.1
url:	http://lists.fedoraproject.org/pipermail/package-announce/2015-october/169374.html	Trust: 1.1
url:	http://lists.fedoraproject.org/pipermail/package-announce/2015-october/169361.html	Trust: 1.1
url:	https://security.gentoo.org/glsa/201507-14	Trust: 1.1
url:	https://security.gentoo.org/glsa/201606-11	Trust: 1.1
url:	http://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04583581	Trust: 1.1
url:	http://www.mandriva.com/security/advisories?name=mdvsa-2014:203	Trust: 1.1
url:	http://www.mandriva.com/security/advisories?name=mdvsa-2015:062	Trust: 1.1
url:	ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2014-015.txt.asc	Trust: 1.1
url:	http://rhn.redhat.com/errata/rhsa-2014-1652.html	Trust: 1.1
url:	http://rhn.redhat.com/errata/rhsa-2014-1653.html	Trust: 1.1
url:	http://rhn.redhat.com/errata/rhsa-2014-1692.html	Trust: 1.1
url:	http://rhn.redhat.com/errata/rhsa-2014-1876.html	Trust: 1.1
url:	http://rhn.redhat.com/errata/rhsa-2014-1877.html	Trust: 1.1
url:	http://rhn.redhat.com/errata/rhsa-2014-1881.html	Trust: 1.1
url:	http://rhn.redhat.com/errata/rhsa-2014-1882.html	Trust: 1.1
url:	http://rhn.redhat.com/errata/rhsa-2014-1920.html	Trust: 1.1
url:	http://rhn.redhat.com/errata/rhsa-2014-1948.html	Trust: 1.1
url:	http://rhn.redhat.com/errata/rhsa-2015-0068.html	Trust: 1.1
url:	http://rhn.redhat.com/errata/rhsa-2015-0079.html	Trust: 1.1
url:	http://rhn.redhat.com/errata/rhsa-2015-0080.html	Trust: 1.1
url:	http://rhn.redhat.com/errata/rhsa-2015-0085.html	Trust: 1.1
url:	http://rhn.redhat.com/errata/rhsa-2015-0086.html	Trust: 1.1
url:	http://rhn.redhat.com/errata/rhsa-2015-0264.html	Trust: 1.1
url:	http://rhn.redhat.com/errata/rhsa-2015-0698.html	Trust: 1.1
url:	http://rhn.redhat.com/errata/rhsa-2015-1545.html	Trust: 1.1
url:	http://rhn.redhat.com/errata/rhsa-2015-1546.html	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00003.html	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00021.html	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00002.html	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00027.html	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.html	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00018.html	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00066.html	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00000.html	Trust: 1.1
url:	http://www.us-cert.gov/ncas/alerts/ta14-290a	Trust: 1.1
url:	http://www.ubuntu.com/usn/usn-2486-1	Trust: 1.1
url:	http://www.ubuntu.com/usn/usn-2487-1	Trust: 1.1
url:	http://www.kb.cert.org/vuls/id/577193	Trust: 1.1
url:	https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3ccommits.cxf.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3ccommits.cxf.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3ccommits.cxf.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3ccommits.cxf.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3ccommits.cxf.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3ccommits.cxf.apache.org%3e	Trust: 1.1
url:	http://advisories.mageia.org/mgasa-2014-0416.html	Trust: 1.1
url:	http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc	Trust: 1.1
url:	http://askubuntu.com/questions/537196/how-do-i-patch-workaround-sslv3-poodle-vulnerability-cve-2014-3566	Trust: 1.1
url:	http://blog.cryptographyengineering.com/2014/10/attack-of-week-poodle.html	Trust: 1.1
url:	http://blog.nodejs.org/2014/10/23/node-v0-10-33-stable/	Trust: 1.1
url:	http://blogs.technet.com/b/msrc/archive/2014/10/14/security-advisory-3009008-released.aspx	Trust: 1.1
url:	http://docs.ipswitch.com/moveit/dmz82/releasenotes/moveitreleasenotes82.pdf	Trust: 1.1
url:	http://downloads.asterisk.org/pub/security/ast-2014-011.html	Trust: 1.1
url:	http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html	Trust: 1.1
url:	http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04779034	Trust: 1.1
url:	http://people.canonical.com/~ubuntu-security/cve/2014/cve-2014-3566.html	Trust: 1.1
url:	http://support.apple.com/ht204244	Trust: 1.1
url:	http://support.citrix.com/article/ctx200238	Trust: 1.1
url:	http://www-01.ibm.com/support/docview.wss?uid=isg3t1021431	Trust: 1.1
url:	http://www-01.ibm.com/support/docview.wss?uid=isg3t1021439	Trust: 1.1
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21686997	Trust: 1.1
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21687172	Trust: 1.1
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21687611	Trust: 1.1
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21688283	Trust: 1.1
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21692299	Trust: 1.1
url:	http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html	Trust: 1.1
url:	http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html	Trust: 1.1
url:	http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html	Trust: 1.1
url:	http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html	Trust: 1.1
url:	http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html	Trust: 1.1
url:	http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html	Trust: 1.1
url:	http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html	Trust: 1.1
url:	http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html	Trust: 1.1
url:	http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html	Trust: 1.1
url:	http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html	Trust: 1.1
url:	http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html	Trust: 1.1
url:	http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html	Trust: 1.1
url:	http://www.vmware.com/security/advisories/vmsa-2015-0003.html	Trust: 1.1
url:	http://www.websense.com/support/article/kbarticle/vulnerabilities-resolved-in-triton-apx-version-8-0	Trust: 1.1
url:	http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-405500.htm	Trust: 1.1
url:	https://access.redhat.com/articles/1232123	Trust: 1.1
url:	https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/	Trust: 1.1
url:	https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6	Trust: 1.1
url:	https://bto.bluecoat.com/security-advisory/sa83	Trust: 1.1
url:	https://bugzilla.mozilla.org/show_bug.cgi?id=1076983	Trust: 1.1
url:	https://bugzilla.redhat.com/show_bug.cgi?id=1152789	Trust: 1.1
url:	https://devcentral.f5.com/articles/cve-2014-3566-removing-sslv3-from-big-ip	Trust: 1.1
url:	https://github.com/mpgn/poodle-poc	Trust: 1.1
url:	https://groups.google.com/forum/#%21topic/docker-user/oym0i3xshju	Trust: 1.1
url:	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04819635	Trust: 1.1
url:	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05068681	Trust: 1.1
url:	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05157667	Trust: 1.1
url:	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05301946	Trust: 1.1
url:	https://ics-cert.us-cert.gov/advisories/icsma-18-058-02	Trust: 1.1
url:	https://puppet.com/security/cve/poodle-sslv3-vulnerability	Trust: 1.1
url:	https://security.netapp.com/advisory/ntap-20141015-0001/	Trust: 1.1
url:	https://support.apple.com/ht205217	Trust: 1.1
url:	https://support.apple.com/kb/ht6527	Trust: 1.1
url:	https://support.apple.com/kb/ht6529	Trust: 1.1
url:	https://support.apple.com/kb/ht6531	Trust: 1.1
url:	https://support.apple.com/kb/ht6535	Trust: 1.1
url:	https://support.apple.com/kb/ht6536	Trust: 1.1
url:	https://support.apple.com/kb/ht6541	Trust: 1.1
url:	https://support.apple.com/kb/ht6542	Trust: 1.1
url:	https://support.citrix.com/article/ctx216642	Trust: 1.1
url:	https://support.lenovo.com/product_security/poodle	Trust: 1.1
url:	https://support.lenovo.com/us/en/product_security/poodle	Trust: 1.1
url:	https://technet.microsoft.com/library/security/3009008.aspx	Trust: 1.1
url:	https://www.arista.com/en/support/advisories-notices/security-advisories/1015-security-advisory-7	Trust: 1.1
url:	https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html	Trust: 1.1
url:	https://www.dfranke.us/posts/2014-10-14-how-poodle-happened.html	Trust: 1.1
url:	https://www.elastic.co/blog/logstash-1-4-3-released	Trust: 1.1
url:	https://www.imperialviolet.org/2014/10/14/poodle.html	Trust: 1.1
url:	https://www.openssl.org/news/secadv_20141015.txt	Trust: 1.1
url:	https://www.openssl.org/~bodo/ssl-poodle.pdf	Trust: 1.1
url:	https://www.suse.com/support/kb/doc.php?id=7015773	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00001.html	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=141577087123040&w=2	Trust: 1.0
url:	http://marc.info/?l=bugtraq&m=142660345230545&w=2	Trust: 1.0
url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10104	Trust: 1.0
url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10091	Trust: 1.0
url:	http://marc.info/?l=bugtraq&m=141576815022399&w=2	Trust: 1.0
url:	http://marc.info/?l=bugtraq&m=141813976718456&w=2	Trust: 1.0
url:	http://marc.info/?l=bugtraq&m=142296755107581&w=2	Trust: 1.0
url:	http://marc.info/?l=openssl-dev&m=141333049205629&w=2	Trust: 1.0
url:	http://marc.info/?l=bugtraq&m=142721830231196&w=2	Trust: 1.0
url:	http://marc.info/?l=bugtraq&m=142103967620673&w=2	Trust: 1.0
url:	http://marc.info/?l=bugtraq&m=143628269912142&w=2	Trust: 1.0
url:	http://marc.info/?l=bugtraq&m=142804214608580&w=2	Trust: 1.0
url:	http://marc.info/?l=bugtraq&m=144101915224472&w=2	Trust: 1.0
url:	http://marc.info/?l=bugtraq&m=143558192010071&w=2	Trust: 1.0
url:	http://marc.info/?l=bugtraq&m=143290371927178&w=2	Trust: 1.0
url:	http://marc.info/?l=bugtraq&m=142624719706349&w=2	Trust: 1.0
url:	http://marc.info/?l=bugtraq&m=141628688425177&w=2	Trust: 1.0
url:	http://marc.info/?l=bugtraq&m=141814011518700&w=2	Trust: 1.0
url:	http://marc.info/?l=bugtraq&m=142118135300698&w=2	Trust: 1.0
url:	http://marc.info/?l=bugtraq&m=142607790919348&w=2	Trust: 1.0
url:	http://marc.info/?l=bugtraq&m=142350298616097&w=2	Trust: 1.0
url:	http://marc.info/?l=bugtraq&m=142354438527235&w=2	Trust: 1.0
url:	http://marc.info/?l=bugtraq&m=142546741516006&w=2	Trust: 1.0
url:	http://marc.info/?l=bugtraq&m=143558137709884&w=2	Trust: 1.0
url:	http://marc.info/?l=bugtraq&m=142791032306609&w=2	Trust: 1.0
url:	http://marc.info/?l=bugtraq&m=141879378918327&w=2	Trust: 1.0
url:	http://marc.info/?l=bugtraq&m=142740155824959&w=2	Trust: 1.0
url:	http://marc.info/?l=bugtraq&m=142357976805598&w=2	Trust: 1.0
url:	http://marc.info/?l=bugtraq&m=141703183219781&w=2	Trust: 1.0
url:	http://marc.info/?l=bugtraq&m=141694355519663&w=2	Trust: 1.0
url:	http://marc.info/?l=bugtraq&m=142496355704097&w=2	Trust: 1.0
url:	http://marc.info/?l=bugtraq&m=143039249603103&w=2	Trust: 1.0
url:	http://marc.info/?l=bugtraq&m=143101048219218&w=2	Trust: 1.0
url:	http://marc.info/?l=bugtraq&m=142624619906067	Trust: 1.0
url:	http://marc.info/?l=bugtraq&m=142624619906067&w=2	Trust: 1.0
url:	http://marc.info/?l=bugtraq&m=142350196615714&w=2	Trust: 1.0
url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10090	Trust: 1.0
url:	http://marc.info/?l=bugtraq&m=144251162130364&w=2	Trust: 1.0
url:	http://marc.info/?l=bugtraq&m=141697638231025&w=2	Trust: 1.0
url:	http://marc.info/?l=bugtraq&m=141577350823734&w=2	Trust: 1.0
url:	http://marc.info/?l=bugtraq&m=145983526810210&w=2	Trust: 1.0
url:	http://marc.info/?l=bugtraq&m=143290437727362&w=2	Trust: 1.0
url:	http://marc.info/?l=bugtraq&m=141450973807288&w=2	Trust: 1.0
url:	http://marc.info/?l=bugtraq&m=143290522027658&w=2	Trust: 1.0
url:	http://marc.info/?l=bugtraq&m=141715130023061&w=2	Trust: 1.0
url:	https://templatelab.com/ssl-poodle/	Trust: 1.0
url:	http://marc.info/?l=bugtraq&m=141620103726640&w=2	Trust: 1.0
url:	http://marc.info/?l=bugtraq&m=142624590206005&w=2	Trust: 1.0
url:	http://marc.info/?l=bugtraq&m=142350743917559&w=2	Trust: 1.0
url:	http://marc.info/?l=bugtraq&m=142624679706236&w=2	Trust: 1.0
url:	http://marc.info/?l=bugtraq&m=142721887231400&w=2	Trust: 1.0
url:	http://marc.info/?l=bugtraq&m=141450452204552&w=2	Trust: 1.0
url:	http://marc.info/?l=bugtraq&m=144294141001552&w=2	Trust: 1.0
url:	http://marc.info/?l=bugtraq&m=142805027510172&w=2	Trust: 1.0
url:	http://marc.info/?l=bugtraq&m=141775427104070&w=2	Trust: 1.0
url:	http://marc.info/?l=bugtraq&m=141477196830952&w=2	Trust: 1.0
url:	http://marc.info/?l=bugtraq&m=143290583027876&w=2	Trust: 1.0
url:	http://marc.info/?l=bugtraq&m=141697676231104&w=2	Trust: 1.0
url:	http://marc.info/?l=bugtraq&m=142495837901899&w=2	Trust: 1.0
url:	http://marc.info/?l=bugtraq&m=142962817202793&w=2	Trust: 1.0
url:	http://kb.juniper.net/infocenter/index?page=content&id=jsa10705	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2014-3566	Trust: 0.5
url:	http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins	Trust: 0.4
url:	https://h20564.www2.hp.com/portal/site/hpsc/public/kb/	Trust: 0.4
url:	https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/	Trust: 0.4
url:	https://www.hp.com/go/swa	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2014-3567	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2014-3568	Trust: 0.2
url:	https://h20392.www2.hp.com/portal/swdepot/displayproductinfo.do?productnumber	Trust: 0.2
url:	http://marc.info/?l=bugtraq&m=141577350823734&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=141576815022399&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=141620103726640&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=141697638231025&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=141703183219781&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=141697676231104&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=141775427104070&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=141814011518700&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=141715130023061&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=141813976718456&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=142118135300698&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=142296755107581&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=142354438527235&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=142350743917559&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=142350196615714&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=142350298616097&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=142357976805598&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=142962817202793&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=143290371927178&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=144294141001552&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=145983526810210&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=141450973807288&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=142721887231400&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=142660345230545&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=142804214608580&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=141450452204552&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=141628688425177&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=141577087123040&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=141694355519663&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=141879378918327&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=143290583027876&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=143628269912142&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=143039249603103&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=142624619906067&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=142495837901899&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=143290522027658&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=142624719706349&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=143290437727362&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=142624590206005&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=142624679706236&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=142740155824959&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=142721830231196&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=142791032306609&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=144101915224472&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=142103967620673&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=143558137709884&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=143558192010071&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=142805027510172&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=142546741516006&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=144251162130364&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=141477196830952&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=143101048219218&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=142496355704097&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=142624619906067	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=142607790919348&w=2	Trust: 0.1
url:	http://marc.info/?l=openssl-dev&m=141333049205629&w=2	Trust: 0.1
url:	http://kb.juniper.net/infocenter/index?page=content&id=jsa10705	Trust: 0.1
url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10090	Trust: 0.1
url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10091	Trust: 0.1
url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10104	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2014-6531	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2014-6532	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6511	Trust: 0.1
url:	https://access.redhat.com/security/updates/classification/#critical	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6558	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2014-6457	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-3065	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2014-6493	Trust: 0.1
url:	https://www.ibm.com/developerworks/java/jdk/alerts/	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2014-4288	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2014-6503	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-4288	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6532	Trust: 0.1
url:	https://access.redhat.com/articles/11258	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6457	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2014-6512	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6531	Trust: 0.1
url:	https://access.redhat.com/security/team/contact/	Trust: 0.1
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2014-3566	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2014-6511	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2014-3065	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2014-6458	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6527	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6502	Trust: 0.1
url:	https://bugzilla.redhat.com/):	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6493	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6503	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2014-6492	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2014-6502	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6476	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6506	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2014-6558	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2014-6476	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6515	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2014-6506	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2014-6456	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2014-6515	Trust: 0.1
url:	https://access.redhat.com/security/team/key/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6456	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2014-6527	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6458	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6492	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6512	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-0403	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-0407	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-0406	Trust: 0.1
url:	http://www.hp.com/java	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6593	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6585	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6587	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6591	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-0410	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-0408	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-0412	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-0400	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-0383	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6601	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-0395	Trust: 0.1
url:	https://tmc.tippingpoint.com/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-3508	Trust: 0.1
url:	https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-3513	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-3509	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-5139	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-3511	Trust: 0.1

sources: VULHUB: VHN-71506 // PACKETSTORM: 129194 // PACKETSTORM: 130549 // PACKETSTORM: 128866 // PACKETSTORM: 132085 // PACKETSTORM: 129528 // NVD: CVE-2014-3566

CREDITS

Trust: 0.4

sources: PACKETSTORM: 130549 // PACKETSTORM: 128866 // PACKETSTORM: 132085 // PACKETSTORM: 129528

SOURCES

db:	VULHUB	id:	VHN-71506
db:	PACKETSTORM	id:	129194
db:	PACKETSTORM	id:	130549
db:	PACKETSTORM	id:	128866
db:	PACKETSTORM	id:	132085
db:	PACKETSTORM	id:	129528
db:	NVD	id:	CVE-2014-3566

LAST UPDATE DATE

2025-01-10T22:19:39.148000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-71506	date:	2023-02-13T00:00:00
db:	NVD	id:	CVE-2014-3566	date:	2024-11-27T20:15:18.447

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-71506	date:	2014-10-15T00:00:00
db:	PACKETSTORM	id:	129194	date:	2014-11-21T00:48:49
db:	PACKETSTORM	id:	130549	date:	2015-02-26T17:13:55
db:	PACKETSTORM	id:	128866	date:	2014-10-28T17:08:24
db:	PACKETSTORM	id:	132085	date:	2015-05-29T23:37:43
db:	PACKETSTORM	id:	129528	date:	2014-12-12T17:44:21
db:	NVD	id:	CVE-2014-3566	date:	2014-10-15T00:55:02.137