ID

VAR-201501-0340


CVE

CVE-2015-0206


TITLE

OpenSSL of d1_pkt.c of dtls1_buffer_record Service disruption in functions (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2015-001011

DESCRIPTION

Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate records for the next epoch, leading to failure of replay detection. ( Memory consumption ) There is a possibility of being put into a state. OpenSSL is prone to denial-of-service vulnerability. An attacker may exploit this issue to cause the memory exhaustion, resulting in denial-of-service conditions. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-15:01.openssl Security Advisory The FreeBSD Project Topic: OpenSSL multiple vulnerabilities Category: contrib Module: openssl Announced: 2015-01-14 Affects: All supported versions of FreeBSD. Corrected: 2015-01-09 00:58:20 UTC (stable/10, 10.1-STABLE) 2015-01-14 21:27:46 UTC (releng/10.1, 10.1-RELEASE-p4) 2015-01-14 21:27:46 UTC (releng/10.0, 10.0-RELEASE-p16) 2015-01-09 01:11:43 UTC (stable/9, 9.3-STABLE) 2015-01-14 21:27:46 UTC (releng/9.3, 9.3-RELEASE-p8) 2015-01-09 01:11:43 UTC (stable/8, 8.4-STABLE) 2015-01-14 21:27:46 UTC (releng/8.4, 8.4-RELEASE-p22) CVE Name: CVE-2014-3571, CVE-2015-0206, CVE-2014-3569, CVE-2014-3572 CVE-2015-0204, CVE-2015-0205, CVE-2014-8275, CVE-2014-3570 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:https://security.FreeBSD.org/>. I. Background FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. II. [CVE-2014-3569] This does not affect FreeBSD's default build. [CVE-2014-3570] III. Impact An attacker who can send a carefully crafted DTLS message can cause server daemons that uses OpenSSL to crash, resulting a Denial of Service. [CVE-2014-8275] IV. Workaround No workaround is available. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. 2) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install 3) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 8.4 and FreeBSD 9.3] # fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-9.3.patch # fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-9.3.patch.asc # gpg --verify openssl-9.3.patch.asc [FreeBSD 10.0] # fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.0.patch # fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.0.patch.asc # gpg --verify openssl-10.0.patch.asc [FreeBSD 10.1] # fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.1.patch # fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.1.patch.asc # gpg --verify openssl-10.1.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. Restart all deamons using the library, or reboot the system. VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/8/ r276865 releng/8.4/ r277195 stable/9/ r276865 releng/9.3/ r277195 stable/10/ r276864 releng/10.0/ r277195 releng/10.1/ r277195 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: <URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> VII. References <URL:https://www.openssl.org/news/secadv_20150108.txt> <URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569> <URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570> <URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571> <URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572> <URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275> <URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204> <URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205> <URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206> The latest revision of this advisory is available at <URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-15:01.openssl.asc> -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.1.1 (FreeBSD) iQIcBAEBCgAGBQJUtuEaAAoJEO1n7NZdz2rnQCcP/A19v5HUUhjz5nMbUumRwAmB QCxNKEy6SbAuxtIwGNYJyyxKIK3R9vTHwlgyQZVb4q8FgMHcu4yABeRfov10mO5Q U7RkLOJyca6eqEngkrh+AFfbhqfxtccIMUQkDdegsQcqZd2Ya0VeNfjA8H0XIDoL JSEoCifmxjv6v8ZcpugahsUOBmEWx+vyHJUSPVSv/AsLubzV3hqi4iLpzLky3/dR 4LHGzPny07NkGPVqOBU7mjTs76SzCTS2c4NIVfvbphx8UojMvREbZ8ogCMEVGBXY fIWesi7Y6lhqbSgWj1EXyZF9NTo/Z4nr7Oh1ER5VSAfmhZAdyhEEEGQrg4Jq0VL3 DJ1Y35Up79xXmVjB14COxodI5UO+55wWnXb8r/zy/eh+wv0sHwlTz56wxo7SxAOa xOrQj0VJ7zghLhBO7azacbVYIKpfQkJafb7XRUOqu4wt2y3/jeL+0UkWJnNMROrq aQUB6SdGUVDwQsmodgF0rsGcQYXhaQBPu4KQo8yG8+rpqc2zewi537BJr/PWJvH0 sJ6yYcD7VGyIleVRDpxsg7uBWelnGn+AqHignbyUcic4j/N9lYlF00AVgka2TdOp i5eZtp7m95v53S4fEX2HGwWpOv+AfCrSKQZGpvdNx+9JyD3LyOvFBxs4k0oZWa6J 6FLFZ38YkLcUIzW6I6Kc =ztFk -----END PGP SIGNATURE----- . The updated packages have been upgraded to the 1.0.0p version where these security flaws has been fixed. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570 https://www.openssl.org/news/secadv_20150108.txt _______________________________________________________________________ Updated Packages: Mandriva Business Server 1/X86_64: 08baba1b5ee61bdd0bfbcf81d465f154 mbs1/x86_64/lib64openssl1.0.0-1.0.0p-1.mbs1.x86_64.rpm 51198a2b577e182d10ad72d28b67288e mbs1/x86_64/lib64openssl-devel-1.0.0p-1.mbs1.x86_64.rpm aa34fd335001d83bc71810d6c0b14e85 mbs1/x86_64/lib64openssl-engines1.0.0-1.0.0p-1.mbs1.x86_64.rpm c8b6fdaba18364b315e78761a5aa0c1c mbs1/x86_64/lib64openssl-static-devel-1.0.0p-1.mbs1.x86_64.rpm fc67f3da9fcd1077128845ce85be93e2 mbs1/x86_64/openssl-1.0.0p-1.mbs1.x86_64.rpm ab8f672de2bf2f0f412034f89624aa32 mbs1/SRPMS/openssl-1.0.0p-1.mbs1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFUr+PRmqjQ0CJFipgRAtFXAJ46+q0aetnJkb6I9RuYmX5xFeGx9wCgt1rb LHbCdAkBpYHYSuaUwpiAu1w= =ePa9 -----END PGP SIGNATURE----- . Release Date: 2015-08-24 Last Updated: 2015-08-24 Potential Security Impact: Remote unauthorized modification, unauthorized access, or unauthorized disclosure of information. Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP Matrix Operating Environment. The vulnerabilities could be exploited remotely resulting in unauthorized modification, unauthorized access, or unauthorized disclosure of information. References: CVE-2010-5107 CVE-2013-0248 CVE-2014-0118 CVE-2014-0226 CVE-2014-0231 CVE-2014-1692 CVE-2014-3523 CVE-2014-3569 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8142 CVE-2014-8275 CVE-2014-9427 CVE-2014-9652 CVE-2014-9653 CVE-2014-9705 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206 CVE-2015-0207 CVE-2015-0208 CVE-2015-0209 CVE-2015-0231 CVE-2015-0232 CVE-2015-0273 CVE-2015-0285 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-0290 CVE-2015-0291 CVE-2015-0292 CVE-2015-0293 CVE-2015-1787 CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 CVE-2015-2134 CVE-2015-2139 CVE-2015-2140 CVE-2015-2301 CVE-2015-2331 CVE-2015-2348 CVE-2015-2787 CVE-2015-3113 CVE-2015-5122 CVE-2015-5123 CVE-2015-5402 CVE-2015-5403 CVE-2015-5404 CVE-2015-5405 CVE-2015-5427 CVE-2015-5428 CVE-2015-5429 CVE-2015-5430 CVE-2015-5431 CVE-2015-5432 CVE-2015-5433 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Matrix Operating Environment impacted software components and versions: HP Systems Insight Manager (SIM) prior to version 7.5.0 HP System Management Homepage (SMH) prior to version 7.5.0 HP Version Control Agent (VCA) prior to version 7.5.0 HP Version Control Repository Manager (VCRM) prior to version 7.5.0 HP Insight Orchestration prior to version 7.5.0 HP Virtual Connect Enterprise Manager (VCEM) prior to version 7.5.0 BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2010-5107 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2013-0248 (AV:L/AC:M/Au:N/C:N/I:P/A:P) 3.3 CVE-2014-0118 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2014-0226 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-0231 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-1692 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-3523 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3569 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3570 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2014-3571 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3572 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2014-8142 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-8275 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2014-9427 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9652 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-9653 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9705 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0204 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2015-0205 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2015-0206 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0207 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0208 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-0209 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-0231 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0232 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-0273 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0285 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2015-0286 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0287 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0288 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0289 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0290 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0291 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0293 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-1787 (AV:N/AC:H/Au:N/C:N/I:N/A:P) 2.6 CVE-2015-1788 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-1789 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-1790 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-1791 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-1792 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-2134 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0 CVE-2015-2139 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5 CVE-2015-2140 (AV:N/AC:M/Au:S/C:P/I:P/A:N) 4.9 CVE-2015-2301 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-2331 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-2348 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2015-2787 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-3113 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2015-5122 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2015-5123 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2015-5402 (AV:L/AC:M/Au:N/C:C/I:C/A:C) 6.9 CVE-2015-5403 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5 CVE-2015-5404 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5405 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0 CVE-2015-5427 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5428 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5429 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5430 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2015-5431 (AV:N/AC:M/Au:S/C:P/I:P/A:N) 4.9 CVE-2015-5432 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5433 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has made the following software updates available to resolve the vulnerabilities in the impacted versions of HP Matrix Operating Environment HP Matrix Operating Environment 7.5.0 is only available on DVD. Please order the latest version of the HP Matrix Operating Environment 7.5.0 DVD #2 ISO from the following location: http://www.hp.com/go/insightupdates Choose the orange Select button. This presents the HP Insight Management Media order page. Choose Insight Management 7.5 DVD-2-ZIP August 2015 from the Software specification list. Fill out the rest of the form and submit it. HP has addressed these vulnerabilities for the affected software components bundled with the HP Matrix Operating Environment in the following HP Security Bulletins. HP Matrix Operating Environment component HP Security Bulletin Number Security Bulletin Location HP Systems Insight Manager (SIM) HPSBMU03394 HPSBMU03394 https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04762744 HP System Management Homepage (SMH) HPSBMU03380 http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04746490&la ng=en-us&cc= HP Version Control Agent (VCA) HPSBMU03397 https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04765169 HP Version Control Repository Manager (VCRM) HPSBMU03396 https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr _na-c04765115 HP Virtual Connect Enterprise Manager (VCEM) SDK HPSBMU03413 https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr _na-c04774021 HISTORY Version:1 (rev.1) - 24 August 2015 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. References: CVE-2014-0118 - Remote Denial of Service (DoS) CVE-2014-0226 - Remote Denial of Service (DoS) CVE-2014-0231 - Remote Denial of Service (DoS) CVE-2014-3523 - Remote Denial of Service (DoS) CVE-2014-3569 - Remote Denial of Service (DoS) CVE-2014-3570 - Remote Disclosure of Information CVE-2014-3571 - Remote Denial of Service (DoS) CVE-2014-3572 - Remote Disclosure of Information CVE-2014-8142 - Remote Code Execution CVE-2014-8275 - Unauthorized Modification CVE-2014-9427 - Remote Disclosure of Information CVE-2014-9652 - Remote Denial of Service (DoS) CVE-2014-9653 - Remote Denial of Service (DoS) CVE-2014-9705 - Remote Code Execution CVE-2015-0204 - Remote Disclosure of Information CVE-2015-0205 - Remote Unauthorized Access CVE-2015-0206 - Remote Denial of Service (DoS) CVE-2015-0207 - Remote Denial of Service (DoS) CVE-2015-0208 - Remote Denial of Service (DoS) CVE-2015-0209 - Remote Denial of Service (DoS) CVE-2015-0231 - Remote Denial of Service (DoS) CVE-2015-0232 - Remote Denial of Service (DoS), Execution of Arbitrary Code CVE-2015-0273 - Remote Execution of Arbitrary Code CVE-2015-0285 - Remote Disclosure of Information CVE-2015-0286 - Remote Denial of Service (DoS) CVE-2015-0287 - Remote Denial of Service (DoS) CVE-2015-0288 - Remote Denial of Service (DoS) CVE-2015-0289 - Remote Denial of Service (DoS) CVE-2015-0290 - Remote Denial of Service (DoS) CVE-2015-0291 - Remote Denial of Service (DoS) CVE-2015-0292 - Remote Denial of Service (DoS) CVE-2015-0293 - Remote Denial of Service (DoS) CVE-2015-1787 - Remote Denial of Service (DoS) CVE-2015-2301 - Remote Execution of Arbitrary Code CVE-2015-2331 - Remote Denial of Service (DoS), Execution of Arbitrary Code CVE-2015-2348 - Unauthorized Modification CVE-2015-2787 - Remote Execution of Arbitrary Code CVE-2015-2134 - Cross-site Request Forgery (CSRF) SSRT102109 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. OpenSSL Security Advisory [08 Jan 2015] ======================================= DTLS segmentation fault in dtls1_get_record (CVE-2014-3571) =========================================================== Severity: Moderate A carefully crafted DTLS message can cause a segmentation fault in OpenSSL due to a NULL pointer dereference. This could lead to a Denial Of Service attack. This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8. OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1k. OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0p. OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8zd. This issue was reported to OpenSSL on 22nd October 2014 by Markus Stenberg of Cisco Systems, Inc. The fix was developed by Stephen Henson of the OpenSSL core team. DTLS memory leak in dtls1_buffer_record (CVE-2015-0206) ======================================================= Severity: Moderate A memory leak can occur in the dtls1_buffer_record function under certain conditions. In particular this could occur if an attacker sent repeated DTLS records with the same sequence number but for the next epoch. This issue affects OpenSSL versions: 1.0.1 and 1.0.0. OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1k. OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0p. This issue was reported to OpenSSL on 7th January 2015 by Chris Mueller who also provided an initial patch. Further analysis was performed by Matt Caswell of the OpenSSL development team, who also developed the final patch. no-ssl3 configuration sets method to NULL (CVE-2014-3569) ========================================================= Severity: Low When openssl is built with the no-ssl3 option and a SSL v3 ClientHello is received the ssl method would be set to NULL which could later result in a NULL pointer dereference. This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8. OpenSSL 1.0.1 users should upgrade to 1.0.1k. OpenSSL 1.0.0 users should upgrade to 1.0.0p. OpenSSL 0.9.8 users should upgrade to 0.9.8zd. This issue was reported to OpenSSL on 17th October 2014 by Frank Schmirler. The fix was developed by Kurt Roeckx. ECDHE silently downgrades to ECDH [Client] (CVE-2014-3572) ========================================================== Severity: Low An OpenSSL client will accept a handshake using an ephemeral ECDH ciphersuite using an ECDSA certificate if the server key exchange message is omitted. This effectively removes forward secrecy from the ciphersuite. This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8. OpenSSL 1.0.1 users should upgrade to 1.0.1k. OpenSSL 1.0.0 users should upgrade to 1.0.0p. OpenSSL 0.9.8 users should upgrade to 0.9.8zd. This issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan Bhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen Henson of the OpenSSL core team. RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204) ============================================================== Severity: Low An OpenSSL client will accept the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. A server could present a weak temporary key and downgrade the security of the session. This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8. OpenSSL 1.0.1 users should upgrade to 1.0.1k. OpenSSL 1.0.0 users should upgrade to 1.0.0p. OpenSSL 0.9.8 users should upgrade to 0.9.8zd. This issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan Bhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen Henson of the OpenSSL core team. DH client certificates accepted without verification [Server] (CVE-2015-0205) ============================================================================= Severity: Low An OpenSSL server will accept a DH certificate for client authentication without the certificate verify message. This effectively allows a client to authenticate without the use of a private key. This only affects servers which trust a client certificate authority which issues certificates containing DH keys: these are extremely rare and hardly ever encountered. This issue affects OpenSSL versions: 1.0.1 and 1.0.0. OpenSSL 1.0.1 users should upgrade to 1.0.1k. OpenSSL 1.0.0 users should upgrade to 1.0.0p. This issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan Bhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen Henson of the OpenSSL core team. Certificate fingerprints can be modified (CVE-2014-8275) ======================================================== Severity: Low OpenSSL accepts several non-DER-variations of certificate signature algorithm and signature encodings. OpenSSL also does not enforce a match between the signature algorithm between the signed and unsigned portions of the certificate. By modifying the contents of the signature algorithm or the encoding of the signature, it is possible to change the certificate's fingerprint. This does not allow an attacker to forge certificates, and does not affect certificate verification or OpenSSL servers/clients in any other way. It also does not affect common revocation mechanisms. Only custom applications that rely on the uniqueness of the fingerprint (e.g. certificate blacklists) may be affected. This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8. OpenSSL 1.0.1 users should upgrade to 1.0.1k. OpenSSL 1.0.0 users should upgrade to 1.0.0p. OpenSSL 0.9.8 users should upgrade to 0.9.8zd. One variant of this issue was discovered by Antti Karjalainen and Tuomo Untinen from the Codenomicon CROSS program and reported to OpenSSL on 1st December 2014 by NCSC-FI Vulnerability Co-ordination. Another variant was independently reported to OpenSSL on 12th December 2014 by Konrad Kraszewski from Google. Further analysis was conducted and fixes were developed by Stephen Henson of the OpenSSL core team. Bignum squaring may produce incorrect results (CVE-2014-3570) ============================================================= Severity: Low Bignum squaring (BN_sqr) may produce incorrect results on some platforms, including x86_64. This bug occurs at random with a very low probability, and is not known to be exploitable in any way, though its exact impact is difficult to determine. The following has been determined: *) The probability of BN_sqr producing an incorrect result at random is very low: 1/2^64 on the single affected 32-bit platform (MIPS) and 1/2^128 on affected 64-bit platforms. *) On most platforms, RSA follows a different code path and RSA operations are not affected at all. For the remaining platforms (e.g. OpenSSL built without assembly support), pre-existing countermeasures thwart bug attacks [1]. *) Static ECDH is theoretically affected: it is possible to construct elliptic curve points that would falsely appear to be on the given curve. However, there is no known computationally feasible way to construct such points with low order, and so the security of static ECDH private keys is believed to be unaffected. *) Other routines known to be theoretically affected are modular exponentiation, primality testing, DSA, RSA blinding, JPAKE and SRP. No exploits are known and straightforward bug attacks fail - either the attacker cannot control when the bug triggers, or no private key material is involved. This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8. OpenSSL 1.0.1 users should upgrade to 1.0.1k. OpenSSL 1.0.0 users should upgrade to 1.0.0p. OpenSSL 0.9.8 users should upgrade to 0.9.8zd. This issue was reported to OpenSSL on 2nd November 2014 by Pieter Wuille (Blockstream) who also suggested an initial fix. Further analysis was conducted by the OpenSSL development team and Adam Langley of Google. The final fix was developed by Andy Polyakov of the OpenSSL core team. [1] http://css.csail.mit.edu/6.858/2013/readings/rsa-bug-attacks.pdf Note ==== As per our previous announcements and our Release Strategy (https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions 1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these releases will be provided after that date. Users of these releases are advised to upgrade. References ========== URL for this Security Advisory: https://www.openssl.org/news/secadv_20150108.txt Note: the online version of the advisory may be updated with additional details over time. For details of OpenSSL severity classifications please see: https://www.openssl.org/about/secpolicy.html

Trust: 2.61

sources: NVD: CVE-2015-0206 // JVNDB: JVNDB-2015-001011 // BID: 71940 // VULMON: CVE-2015-0206 // PACKETSTORM: 133318 // PACKETSTORM: 133317 // PACKETSTORM: 129973 // PACKETSTORM: 129870 // PACKETSTORM: 133325 // PACKETSTORM: 132763 // PACKETSTORM: 129867

AFFECTED PRODUCTS

vendor:oraclemodel:communications core session managerscope:eqversion:7.3.5

Trust: 1.1

vendor:oraclemodel:communications core session managerscope:eqversion:7.2.5

Trust: 1.1

vendor:opensslmodel:opensslscope:eqversion:1.0.0k

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.1e

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.1g

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.0j

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.0d

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.1f

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.1d

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.0o

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.1c

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.0f

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.1b

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.1j

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.0i

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.0c

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.0b

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.1a

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.0l

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.0h

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.0n

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.1h

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.0g

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.0a

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.1i

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.0m

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.0e

Trust: 1.0

vendor:oraclemodel:virtualizationscope:eqversion:of oracle secure global desktop 4.71

Trust: 0.8

vendor:opensslmodel:opensslscope:eqversion:1.0.0p

Trust: 0.8

vendor:opensslmodel:opensslscope:eqversion:1.0.1k

Trust: 0.8

vendor:opensslmodel:opensslscope:ltversion:1.0.1

Trust: 0.8

vendor:opensslmodel:opensslscope:ltversion:1.0.0

Trust: 0.8

vendor:oraclemodel:virtualizationscope:eqversion:of oracle secure global desktop 5.1

Trust: 0.8

vendor:oraclemodel:mysqlscope:lteversion:5.6.22 and earlier

Trust: 0.8

vendor:oraclemodel:virtualizationscope:eqversion:of oracle secure global desktop 4.63

Trust: 0.8

vendor:oraclemodel:fusion middlewarescope:eqversion:of oracle mobile security suite mss 3.0

Trust: 0.8

vendor:oraclemodel:solarisscope:eqversion:11.2

Trust: 0.8

vendor:ciscomodel:paging serverscope:eqversion:0

Trust: 0.6

vendor:hpmodel:system management homepagescope:eqversion:7.4

Trust: 0.6

vendor:ibmmodel:cognos controllerscope:eqversion:8.5.1

Trust: 0.3

vendor:ciscomodel:mate collectorscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:ata series analog terminal adaptorscope:eqversion:1900

Trust: 0.3

vendor:avayamodel:aura collaboration environmentscope:eqversion:3.0

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.3.1

Trust: 0.3

vendor:ciscomodel:video surveillance series ip camerasscope:eqversion:30000

Trust: 0.3

vendor:ibmmodel:bladecenter advanced management module 25r5778scope: - version: -

Trust: 0.3

vendor:ibmmodel:es750scope:eqversion:2.3

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:2.1.10.186

Trust: 0.3

vendor:ciscomodel:telepresence server on virtual machinescope:eqversion:4.1

Trust: 0.3

vendor:ibmmodel:bladecenter -sscope:eqversion:1948

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:2.2.6

Trust: 0.3

vendor:hpmodel:systems insight managerscope:eqversion:7.0

Trust: 0.3

vendor:ciscomodel:proactive network operations centerscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:flex system compute node typescope:eqversion:x22025850

Trust: 0.3

vendor:pexipmodel:as infinityscope:eqversion:6

Trust: 0.3

vendor:hpmodel:thinpro linuxscope:eqversion:4.4

Trust: 0.3

vendor:oraclemodel:mysql serverscope:eqversion:5.6

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.0dscope: - version: -

Trust: 0.3

vendor:ciscomodel:nexus series switchesscope:eqversion:90000

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.1escope: - version: -

Trust: 0.3

vendor:ibmmodel:idataplex dx360 m4 typescope:eqversion:79120

Trust: 0.3

vendor:hpmodel:version control repository managerscope:eqversion:7.2.2

Trust: 0.3

vendor:hpmodel:insight orchestrationscope:eqversion:6.2

Trust: 0.3

vendor:hpmodel:version control repository managerscope:eqversion:2.1.8.780

Trust: 0.3

vendor:ciscomodel:tandberg codian isdn gwscope:eqversion:32400

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.1ascope: - version: -

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:3.2.2

Trust: 0.3

vendor:ciscomodel:telepresence mcuscope:eqversion:85100

Trust: 0.3

vendor:hpmodel:thinpro linuxscope:eqversion:(x86)4.2

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:2.1.2

Trust: 0.3

vendor:ciscomodel:ip interoperability and collaboration systemscope:eqversion:0

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.0pscope:neversion: -

Trust: 0.3

vendor:ciscomodel:edge digital media playerscope:eqversion:3400

Trust: 0.3

vendor:hpmodel:systems insight manager 7.3.0ascope: - version: -

Trust: 0.3

vendor:ibmmodel:flex system managerscope:eqversion:1.2.0.0

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.0gscope: - version: -

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:10.04

Trust: 0.3

vendor:ciscomodel:telepresence serverscope:eqversion:70104.1

Trust: 0.3

vendor:ciscomodel:prime security manager 04.8 qa08scope: - version: -

Trust: 0.3

vendor:ibmmodel:ns oncommand core packagescope:eqversion:5.2

Trust: 0.3

vendor:ibmmodel:cognos business intelligence serverscope:eqversion:10.1.1

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:2.1.7

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:3.0.0-68

Trust: 0.3

vendor:ciscomodel:prime license managerscope:eqversion:0

Trust: 0.3

vendor:hpmodel:version control agentscope:eqversion:6.1.0.842

Trust: 0.3

vendor:ibmmodel:flex system manager node typesscope:eqversion:79550

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:3.0.0

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:10.04

Trust: 0.3

vendor:splunkmodel:app for netapp data ontapscope:eqversion:0

Trust: 0.3

vendor:hpmodel:version control repository managerscope:eqversion:6.3.0.870

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:7.2.2

Trust: 0.3

vendor:debianmodel:linux sparcscope:eqversion:6.0

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:3.0.2-77

Trust: 0.3

vendor:ciscomodel:telepresence te softwarescope:eqversion:-0

Trust: 0.3

vendor:susemodel:linux enterprise software development kit sp3scope:eqversion:11

Trust: 0.3

vendor:ibmmodel:real-time compression appliancescope:eqversion:3.9.1.11

Trust: 0.3

vendor:ibmmodel:system m4 typescope:eqversion:x350073830

Trust: 0.3

vendor:pexipmodel:as infinityscope:eqversion:7

Trust: 0.3

vendor:ibmmodel:rational insightscope:eqversion:1.1.1

Trust: 0.3

vendor:ciscomodel:prime network registrarscope:eqversion:8.2.2.2

Trust: 0.3

vendor:ciscomodel:network configuration and change management servicescope:eqversion:0

Trust: 0.3

vendor:hpmodel:systems insight manager sp2scope:eqversion:4.2

Trust: 0.3

vendor:ciscomodel:prime collaboration assurancescope:eqversion:0

Trust: 0.3

vendor:hpmodel:version control agentscope:eqversion:6.0.0.840

Trust: 0.3

vendor:ibmmodel:data ontap smi-s agentscope:eqversion:5.2

Trust: 0.3

vendor:hpmodel:systems insight manager sp1scope:eqversion:5.0

Trust: 0.3

vendor:ciscomodel:telepresence content serverscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:tandberg codian mse modelscope:eqversion:83200

Trust: 0.3

vendor:ciscomodel:local collector appliancescope:eqversion:2.2.8

Trust: 0.3

vendor:hpmodel:version control agentscope:eqversion:7.2

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:3.0.2.77

Trust: 0.3

vendor:ibmmodel:system m4 typescope:eqversion:x310025820

Trust: 0.3

vendor:pexipmodel:as infinityscope:eqversion:1

Trust: 0.3

vendor:ibmmodel:service delivery managerscope:eqversion:7.2.1

Trust: 0.3

vendor:ibmmodel:data ontap operating in 7-modescope:eqversion:8.2.3

Trust: 0.3

vendor:ibmmodel:flex system fc3171 8gb san switch and san pass-thruscope:eqversion:9.1.2.00

Trust: 0.3

vendor:ibmmodel:flex system managerscope:eqversion:1.3.1.0

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.0mscope: - version: -

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.2.27

Trust: 0.3

vendor:mandrivamodel:business serverscope:eqversion:1

Trust: 0.3

vendor:ibmmodel:flex system compute node typescope:eqversion:x24087380

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.1gscope: - version: -

Trust: 0.3

vendor:hpmodel:systems insight managerscope:eqversion:5.0

Trust: 0.3

vendor:ubuntumodel:linux sparcscope:eqversion:10.04

Trust: 0.3

vendor:ciscomodel:prime lan management solutionscope:eqversion:0

Trust: 0.3

vendor:avayamodel:aura experience portalscope:eqversion:7.0

Trust: 0.3

vendor:ciscomodel:wide area application servicesscope:eqversion:0

Trust: 0.3

vendor:hpmodel:systems insight managerscope:eqversion:7.2.1

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.0.96

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.1kscope:neversion: -

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.2.4

Trust: 0.3

vendor:ibmmodel:bladecenter -tscope:eqversion:8720

Trust: 0.3

vendor:ibmmodel:es1500scope:eqversion:2.3

Trust: 0.3

vendor:ibmmodel:tivoli common reportingscope:eqversion:2.1.1.2

Trust: 0.3

vendor:ibmmodel:cognos business intelligence serverscope:eqversion:10.2.1

Trust: 0.3

vendor:ciscomodel:media services interfacescope:eqversion:0

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:2.1.6.156

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.2.0

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.1iscope: - version: -

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:2.1.12

Trust: 0.3

vendor:ibmmodel:flex system managerscope:eqversion:1.3.2

Trust: 0.3

vendor:ciscomodel:unified attendant console advancedscope:eqversion:0

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.0hscope: - version: -

Trust: 0.3

vendor:ibmmodel:tivoli provisioning manager for os deploymentscope:eqversion:5.1

Trust: 0.3

vendor:ibmmodel:initiate master data servicescope:neversion:8.1

Trust: 0.3

vendor:hpmodel:thinpro linuxscope:eqversion:(x86)4.3

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:2.1.10

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:2.1.6

Trust: 0.3

vendor:opensslmodel:project opensslscope:eqversion:1.0

Trust: 0.3

vendor:ibmmodel:sterling connect:express for unixscope:eqversion:1.4.6

Trust: 0.3

vendor:ibmmodel:ns oncommand core packagescope:eqversion:5.2.1

Trust: 0.3

vendor:ubuntumodel:linuxscope:eqversion:14.10

Trust: 0.3

vendor:hpmodel:system management homepage cscope:eqversion:2.1.10.186

Trust: 0.3

vendor:ciscomodel:jabber for androidscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:cognos business intelligence serverscope:eqversion:8.4.1

Trust: 0.3

vendor:ciscomodel:enterprise content delivery servicescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.4(7.26)

Trust: 0.3

vendor:ibmmodel:real-time compression appliancescope:eqversion:3.8.0.10

Trust: 0.3

vendor:ibmmodel:bladecenter -sscope:eqversion:8886

Trust: 0.3

vendor:ciscomodel:unified sip proxyscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:telepresence advanced media gateway seriesscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:data ontap operating in 7-modescope:eqversion:8.1.4

Trust: 0.3

vendor:ciscomodel:unified attendant console premium editionscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:tandberg codian isdn gwscope:eqversion:32100

Trust: 0.3

vendor:ibmmodel:cognos business intelligence serverscope:eqversion:10.1

Trust: 0.3

vendor:ibmmodel:initiate master data service provider hubscope:neversion:9.7

Trust: 0.3

vendor:ciscomodel:firesight system softwarescope:eqversion:5.4.1.2

Trust: 0.3

vendor:splunkmodel:app for streamscope:eqversion:0

Trust: 0.3

vendor:hpmodel:version control agentscope:eqversion:7.2.1

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.14

Trust: 0.3

vendor:hpmodel:virtual connect enterprise manager sdkscope:eqversion:7.4

Trust: 0.3

vendor:hpmodel:systems insight manager sp5scope:eqversion:5.0

Trust: 0.3

vendor:hpmodel:version control repository managerscope:eqversion:7.3

Trust: 0.3

vendor:hpmodel:version control repository managerscope:eqversion:2.2.0.820

Trust: 0.3

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:9.1(5.106)

Trust: 0.3

vendor:hpmodel:systems insight manager sp1scope:eqversion:5.1

Trust: 0.3

vendor:ibmmodel:flex system compute node typescope:eqversion:x22079060

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.0.11

Trust: 0.3

vendor:ciscomodel:physical access gatewayscope:eqversion:0

Trust: 0.3

vendor:pexipmodel:as infinityscope:eqversion:5

Trust: 0.3

vendor:ibmmodel:system typescope:eqversion:x3850x638370

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:2.0.1

Trust: 0.3

vendor:ibmmodel:flex system compute node typescope:eqversion:x88042590

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.0lscope: - version: -

Trust: 0.3

vendor:ciscomodel:wireless lan controllerscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:bladecenter -escope:eqversion:7967

Trust: 0.3

vendor:ibmmodel:dx360 m4 water cooled typescope:eqversion:79180

Trust: 0.3

vendor:ibmmodel:flex system managerscope:eqversion:1.3.0.1

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.3

Trust: 0.3

vendor:hpmodel:version control agentscope:eqversion:7.3.3

Trust: 0.3

vendor:ibmmodel:initiate master data service patient hubscope:neversion:9.5

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:7.2.3

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:3.0.68

Trust: 0.3

vendor:s u s emodel:opensusescope:eqversion:13.2

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.1.0.102

Trust: 0.3

vendor:ciscomodel:anyres livescope:eqversion:0

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.3.4

Trust: 0.3

vendor:hpmodel:systems insight managerscope:eqversion:7.3.1

Trust: 0.3

vendor:ciscomodel:application policy infrastructure controller 1.0scope: - version: -

Trust: 0.3

vendor:hpmodel:version control repository managerscope:eqversion:2.2.1.830

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:2.0

Trust: 0.3

vendor:ibmmodel:bladecenter -hscope:eqversion:8852

Trust: 0.3

vendor:ciscomodel:unified attendant console business editionscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:nextscale nx360 m4 typescope:eqversion:54550

Trust: 0.3

vendor:ibmmodel:bladecenter -htscope:eqversion:8750

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:2.1.15-210

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.0.13

Trust: 0.3

vendor:ciscomodel:tandberg codian isdn gwscope:eqversion:32200

Trust: 0.3

vendor:debianmodel:linux ia-64scope:eqversion:6.0

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:6.2

Trust: 0.3

vendor:ibmmodel:initiate master data servicescope:neversion:9.2

Trust: 0.3

vendor:ibmmodel:tivoli common reportingscope:eqversion:3.1.0.2

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:2.2.9.1

Trust: 0.3

vendor:ciscomodel:jabber video for telepresencescope:eqversion:0

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.3.2

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.1.0-103

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:2.1.12.201

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.0.0.95

Trust: 0.3

vendor:ibmmodel:rational insightscope:eqversion:1.1.1.4

Trust: 0.3

vendor:ibmmodel:cognos business intelligence serverscope:eqversion:10.2.11

Trust: 0.3

vendor:ciscomodel:prime network registrarscope:eqversion:8.1.3.3

Trust: 0.3

vendor:hpmodel:version control agentscope:eqversion:2.1.7.770

Trust: 0.3

vendor:ciscomodel:prime collaboration deploymentscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:dx series ip phonesscope:eqversion:0

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.0.0-95

Trust: 0.3

vendor:ciscomodel:virtualization experience media enginescope:eqversion:0

Trust: 0.3

vendor:hpmodel:systems insight managerscope:eqversion:7.2.2

Trust: 0.3

vendor:hpmodel:version control agentscope:eqversion:7.3.1

Trust: 0.3

vendor:ciscomodel:ace30 application control engine module 3.0 a5scope: - version: -

Trust: 0.3

vendor:ciscomodel:unified computing system b-series serversscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:sterling connect:express for unixscope:eqversion:1.5.0.11

Trust: 0.3

vendor:hpmodel:systems insight managerscope:eqversion:6.0.0.96

Trust: 0.3

vendor:ibmmodel:system m4 typescope:eqversion:x365079150

Trust: 0.3

vendor:ibmmodel:data ontap operating in 7-modescope:eqversion:7.3.7

Trust: 0.3

vendor:hpmodel:thinpro linuxscope:eqversion:(x86)4.1

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:2.1.2.127

Trust: 0.3

vendor:ciscomodel:jabber software development kitscope:eqversion:0

Trust: 0.3

vendor:hpmodel:version control repository managerscope:eqversion:2.1.10.800

Trust: 0.3

vendor:hpmodel:systems insight managerscope:eqversion:5.3

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.1

Trust: 0.3

vendor:avayamodel:ip office server editionscope:eqversion:9.0

Trust: 0.3

vendor:ciscomodel:firesight system softwarescope:eqversion:5.4.0.2

Trust: 0.3

vendor:ibmmodel:initiate master data servicescope:neversion:9.0

Trust: 0.3

vendor:avayamodel:cms r17 r4scope: - version: -

Trust: 0.3

vendor:oraclemodel:mysql serverscope:eqversion:5.6.21

Trust: 0.3

vendor:ibmmodel:system m4 typescope:eqversion:x375087220

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.1cscope: - version: -

Trust: 0.3

vendor:ibmmodel:bluemix workflowscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:bladecenter -escope:eqversion:1881

Trust: 0.3

vendor:ibmmodel:flex system fc3171 8gb san switch and san pass-thruscope:eqversion:9.1.0.00

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.1fscope: - version: -

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:3.0.1-73

Trust: 0.3

vendor:ibmmodel:infosphere balanced warehouse c4000scope: - version: -

Trust: 0.3

vendor:ibmmodel:infosphere master data management patient hubscope:neversion:10.0

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:7.2.4.1

Trust: 0.3

vendor:hpmodel:version control agentscope:eqversion:2.1.8.780

Trust: 0.3

vendor:ibmmodel:tivoli provisioning manager for imagesscope:eqversion:7.1.1.0

Trust: 0.3

vendor:ibmmodel:service delivery managerscope:eqversion:7.2.4

Trust: 0.3

vendor:ciscomodel:identity service enginescope:eqversion:0

Trust: 0.3

vendor:oraclemodel:mysql serverscope:eqversion:5.6.15

Trust: 0.3

vendor:avayamodel:cms r17scope: - version: -

Trust: 0.3

vendor:hpmodel:virtual connect enterprise manager sdkscope:eqversion:7.4.1

Trust: 0.3

vendor:ibmmodel:flex system fc3171 8gb san switch and san pass-thruscope:neversion:9.1.5.03.00

Trust: 0.3

vendor:ibmmodel:flex system managerscope:eqversion:1.1.0.0

Trust: 0.3

vendor:ciscomodel:wag310g residential gatewayscope:eqversion:0

Trust: 0.3

vendor:hpmodel:version control agentscope:eqversion:2.1.5

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:3.0.1

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:7.2.0-14

Trust: 0.3

vendor:debianmodel:linux amd64scope:eqversion:6.0

Trust: 0.3

vendor:ibmmodel:infosphere master data managementscope:neversion:11.4

Trust: 0.3

vendor:ibmmodel:cognos controller if1scope:neversion:10.1.1.3

Trust: 0.3

vendor:pexipmodel:as infinityscope:neversion:8.1

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:2.1.15

Trust: 0.3

vendor:ibmmodel:data ontap operating in 7-modescope:eqversion:8.2.2

Trust: 0.3

vendor:ibmmodel:initiate master data servicescope:neversion:9.5

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.0oscope: - version: -

Trust: 0.3

vendor:hpmodel:version control repository managerscope:eqversion:6.2.0.860

Trust: 0.3

vendor:ubuntumodel:linux armscope:eqversion:10.04

Trust: 0.3

vendor:susemodel:linux enterprise server for vmware sp3scope:eqversion:11

Trust: 0.3

vendor:ubuntumodel:linux lts amd64scope:eqversion:12.04

Trust: 0.3

vendor:susemodel:linux enterprise server sp3scope:eqversion:11

Trust: 0.3

vendor:hpmodel:system management homepage bscope:eqversion:2.1.5.146

Trust: 0.3

vendor:ciscomodel:email security appliancescope:eqversion:7.6

Trust: 0.3

vendor:ciscomodel:application policy infrastructure controllerscope:eqversion:1.1(0.625)

Trust: 0.3

vendor:ibmmodel:bladecenter -sscope:eqversion:7779

Trust: 0.3

vendor:ciscomodel:agent desktopscope:eqversion:10.0(2)

Trust: 0.3

vendor:ibmmodel:flex system compute node typescope:eqversion:x88079030

Trust: 0.3

vendor:hpmodel:version control agentscope:eqversion:6.3.0.870

Trust: 0.3

vendor:ibmmodel:flex system compute node typescope:eqversion:x24087370

Trust: 0.3

vendor:hpmodel:system management homepage bscope:eqversion:3.0.2.77

Trust: 0.3

vendor:ibmmodel:snapdrive for unixscope:eqversion:5.2.2

Trust: 0.3

vendor:ciscomodel:jabber voice for androidscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:onepk all-in-one vmscope:eqversion:0

Trust: 0.3

vendor:debianmodel:linux mipsscope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura conferencingscope:eqversion:8.0

Trust: 0.3

vendor:ciscomodel:unified attendant console department editionscope:eqversion:0

Trust: 0.3

vendor:hpmodel:version control repository managerscope:eqversion:6.0.0.840

Trust: 0.3

vendor:hpmodel:system management homepage ascope:eqversion:2.1.11.197

Trust: 0.3

vendor:hpmodel:version control repository managerscope:eqversion:7.4.1

Trust: 0.3

vendor:ciscomodel:prime data center network managerscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:initiate master data servicescope:neversion:10.1

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:2.1.14

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:2.1.8

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:2.1.15210

Trust: 0.3

vendor:hpmodel:version control repository managerscope:eqversion:7.2

Trust: 0.3

vendor:ciscomodel:network performance analyticsscope:eqversion:0

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:3.0.64

Trust: 0.3

vendor:ibmmodel:flex system managerscope:eqversion:1.3.0.0

Trust: 0.3

vendor:ibmmodel:system m4 hd typescope:eqversion:x365054600

Trust: 0.3

vendor:hpmodel:thinpro linuxscope:eqversion:(x86)5.0

Trust: 0.3

vendor:ibmmodel:infosphere master data management provider hubscope:neversion:10.0

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:2.2.8

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.1.0

Trust: 0.3

vendor:ibmmodel:tivoli provisioning manager for os deploymentscope:eqversion:5.1.116

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:7.1.1

Trust: 0.3

vendor:hpmodel:version control repository manager 7.4.0ascope: - version: -

Trust: 0.3

vendor:hpmodel:version control repository managerscope:eqversion:2.1.3.740

Trust: 0.3

vendor:ibmmodel:flex system managerscope:eqversion:1.3.20

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:7.1

Trust: 0.3

vendor:ciscomodel:video surveillance series ip camerasscope:eqversion:70000

Trust: 0.3

vendor:hpmodel:virtual connect enterprise managerscope:eqversion:6.0

Trust: 0.3

vendor:hpmodel:systems insight manager updatescope:eqversion:5.31

Trust: 0.3

vendor:hpmodel:system management homepage 7.4.0ascope: - version: -

Trust: 0.3

vendor:ciscomodel:telepresence server on multiparty mediascope:eqversion:3204.1

Trust: 0.3

vendor:avayamodel:ip office server editionscope:eqversion:8.1

Trust: 0.3

vendor:hpmodel:systems insight managerscope:eqversion:7.3

Trust: 0.3

vendor:ciscomodel:video surveillance series ip camerasscope:eqversion:60000

Trust: 0.3

vendor:avayamodel:one-x client enablement servicesscope:eqversion:6.2

Trust: 0.3

vendor:avayamodel:cms r17 r3scope: - version: -

Trust: 0.3

vendor:ibmmodel:flex system compute node typescope:eqversion:x22279160

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.0iscope: - version: -

Trust: 0.3

vendor:hpmodel:version control repository managerscope:eqversion:7.3.2

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:7.4.1

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:7.2

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.3.1

Trust: 0.3

vendor:hpmodel:systems insight manager sp2scope:eqversion:5.2

Trust: 0.3

vendor:ibmmodel:cognos business intelligence serverscope:eqversion:10.2.2

Trust: 0.3

vendor:ibmmodel:cognos controller interim fixscope:neversion:10.2.0.1

Trust: 0.3

vendor:ibmmodel:rational insightscope:eqversion:1.1.13

Trust: 0.3

vendor:hpmodel:version control agentscope:eqversion:2.0

Trust: 0.3

vendor:ciscomodel:unified ip conference phonescope:eqversion:88310

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.0escope: - version: -

Trust: 0.3

vendor:hpmodel:version control agentscope:eqversion:7.3

Trust: 0.3

vendor:ibmmodel:clustered data ontapscope:eqversion:8.2

Trust: 0.3

vendor:ibmmodel:tivoli common reportingscope:eqversion:3.1.0.1

Trust: 0.3

vendor:hpmodel:virtual connect enterprise managerscope:eqversion:6.2

Trust: 0.3

vendor:hpmodel:version control agentscope:eqversion:2.2.0.820

Trust: 0.3

vendor:hpmodel:version control agentscope:eqversion:2.1.4

Trust: 0.3

vendor:mandrivamodel:business serverscope:eqversion:1x8664

Trust: 0.3

vendor:ibmmodel:business process manager advancedscope:eqversion:8.5.6

Trust: 0.3

vendor:ibmmodel:infosphere balanced warehouse c3000scope: - version: -

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:5.3

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.0.10

Trust: 0.3

vendor:hpmodel:version control repository managerscope:eqversion:2.2.2.835

Trust: 0.3

vendor:avayamodel:aura collaboration environmentscope:eqversion:2.0

Trust: 0.3

vendor:hpmodel:system management homepagescope:neversion:7.5

Trust: 0.3

vendor:ibmmodel:system m4 bd typescope:eqversion:x365054660

Trust: 0.3

vendor:hpmodel:systems insight managerscope:eqversion:6.1

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:7.3.2

Trust: 0.3

vendor:ibmmodel:openssh for gpfsscope:eqversion:3.5

Trust: 0.3

vendor:ciscomodel:telepresence supervisor msescope:eqversion:80500

Trust: 0.3

vendor:ciscomodel:iptvscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:rational insightscope:eqversion:1.1.12

Trust: 0.3

vendor:susemodel:linux enterprise desktop sp3scope:eqversion:11

Trust: 0.3

vendor:ibmmodel:rational insightscope:eqversion:1.1.11

Trust: 0.3

vendor:ibmmodel:system m4 typescope:eqversion:x325025830

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.3.3

Trust: 0.3

vendor:ibmmodel:ns oncommand core packagescope:eqversion:5.1.2

Trust: 0.3

vendor:hpmodel:version control repository managerscope:eqversion:7.4

Trust: 0.3

vendor:hpmodel:version control repository managerscope:eqversion:7.3.3

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:2.0.2.106

Trust: 0.3

vendor:ciscomodel:web security appliance 9.0.0 -fcsscope: - version: -

Trust: 0.3

vendor:ibmmodel:initiate master data servicescope:neversion:10.0

Trust: 0.3

vendor:hpmodel:systems insight manager sp3scope:eqversion:5.0

Trust: 0.3

vendor:hpmodel:version control agentscope:eqversion:2.2.1.830

Trust: 0.3

vendor:ibmmodel:service delivery managerscope:eqversion:7.2.2

Trust: 0.3

vendor:ciscomodel:telepresence mcuscope:eqversion:42000

Trust: 0.3

vendor:ciscomodel:hosted collaboration mediation fulfillmentscope:eqversion:0

Trust: 0.3

vendor:splunkmodel:mintscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:application networking managerscope:eqversion:0

Trust: 0.3

vendor:hpmodel:system management homepage 7.3.2.1scope: - version: -

Trust: 0.3

vendor:ciscomodel:socialminerscope:eqversion:0

Trust: 0.3

vendor:pexipmodel:as infinityscope:eqversion:3

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.0cscope: - version: -

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:2.1.14.20

Trust: 0.3

vendor:hpmodel:version control repository managerscope:eqversion:2.1.5.760

Trust: 0.3

vendor:ciscomodel:video surveillance media serverscope:eqversion:7.7

Trust: 0.3

vendor:ibmmodel:data ontap smi-s agentscope:eqversion:5.1.2

Trust: 0.3

vendor:ciscomodel:telepresence mcuscope:eqversion:84200

Trust: 0.3

vendor:ibmmodel:smart analytics systemscope:eqversion:20500

Trust: 0.3

vendor:hpmodel:insight orchestrationscope:eqversion:6.1

Trust: 0.3

vendor:ibmmodel:flex system fc3171 8gb san switch and san pass-thruscope:eqversion:9.1.3.0

Trust: 0.3

vendor:ciscomodel:telepresence video communication serverscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:prime network registrarscope:eqversion:8.3

Trust: 0.3

vendor:avayamodel:aura experience portalscope:eqversion:6.0.2

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:6

Trust: 0.3

vendor:ciscomodel:telepresence sx seriesscope:eqversion:0

Trust: 0.3

vendor:hpmodel:version control agentscope:eqversion:7.3.4

Trust: 0.3

vendor:hpmodel:system management homepage bscope:eqversion:2.1.10.186

Trust: 0.3

vendor:ibmmodel:flex system managerscope:eqversion:1.1

Trust: 0.3

vendor:ubuntumodel:linux ltsscope:eqversion:14.04

Trust: 0.3

vendor:ibmmodel:system m4 typescope:eqversion:x330073820

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.0fscope: - version: -

Trust: 0.3

vendor:ibmmodel:rational insightscope:eqversion:1.1

Trust: 0.3

vendor:ubuntumodel:linux lts i386scope:eqversion:12.04

Trust: 0.3

vendor:ciscomodel:meetingplacescope:eqversion:0

Trust: 0.3

vendor:pexipmodel:as infinityscope:eqversion:2

Trust: 0.3

vendor:hpmodel:version control agentscope:eqversion:2.1.9.790

Trust: 0.3

vendor:hpmodel:version control repository managerscope:eqversion:7.3.1

Trust: 0.3

vendor:ibmmodel:tivoli provisioning manager for os deploymentscope:eqversion:5.1.0.2

Trust: 0.3

vendor:hpmodel:version control repository managerscope:eqversion:2.1.1.730

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.0.12

Trust: 0.3

vendor:ibmmodel:system m4 typescope:eqversion:x363071580

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.0jscope: - version: -

Trust: 0.3

vendor:ciscomodel:nexus series switchesscope:eqversion:35000

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.0bscope: - version: -

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.1.1

Trust: 0.3

vendor:ibmmodel:initiate master data service patient hubscope:neversion:9.7

Trust: 0.3

vendor:ciscomodel:expressway seriesscope:eqversion:0

Trust: 0.3

vendor:hpmodel:version control agentscope:eqversion:7.3.5

Trust: 0.3

vendor:ibmmodel:bladecenter t advanced management module 32r0835scope: - version: -

Trust: 0.3

vendor:ibmmodel:smart analytics systemscope:eqversion:57100

Trust: 0.3

vendor:hpmodel:version control agentscope:eqversion:2.1.10.801

Trust: 0.3

vendor:hpmodel:thinpro linuxscope:eqversion:4.2

Trust: 0.3

vendor:ibmmodel:flex system manager nodescope:eqversion:8734-

Trust: 0.3

vendor:ibmmodel:tivoli common reportingscope:eqversion:3.1

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:3.0.2

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:2.1.11

Trust: 0.3

vendor:hpmodel:systems insight manager sp2scope:eqversion:5.0

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.0

Trust: 0.3

vendor:hpmodel:version control agentscope:eqversion:7.2.2

Trust: 0.3

vendor:ciscomodel:edge digital media playerscope:eqversion:3000

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.3.3

Trust: 0.3

vendor:ciscomodel:mobile wireless transport managerscope:eqversion:0

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:7.1.2

Trust: 0.3

vendor:ibmmodel:rational insightscope:eqversion:1.1.1.6

Trust: 0.3

vendor:hpmodel:systems insight managerscope:eqversion:7.1.1

Trust: 0.3

vendor:opensslmodel:project opensslscope:eqversion:1.0.1

Trust: 0.3

vendor:ciscomodel:mate designscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:infosphere master data managementscope:neversion:11.0

Trust: 0.3

vendor:ibmmodel:flex system compute node typescope:eqversion:x24078630

Trust: 0.3

vendor:ibmmodel:rational insightscope:eqversion:1.1.1.5

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:2.1.4.143

Trust: 0.3

vendor:ibmmodel:clustered data ontap antivirus connectorscope:eqversion:1.0

Trust: 0.3

vendor:ibmmodel:business process manager advancedscope:eqversion:8.5.5

Trust: 0.3

vendor:ibmmodel:system m4 typescope:eqversion:x375087330

Trust: 0.3

vendor:debianmodel:linux s/390scope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura experience portalscope:eqversion:6.0

Trust: 0.3

vendor:ibmmodel:flex system compute node typescope:eqversion:x24089560

Trust: 0.3

vendor:ciscomodel:powervu d9190 conditional access managerscope:eqversion:0

Trust: 0.3

vendor:hpmodel:thinpro linuxscope:eqversion:4.1

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.1jscope: - version: -

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:7.3.1

Trust: 0.3

vendor:ibmmodel:bladecenter -tscope:eqversion:8730

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.3

Trust: 0.3

vendor:ibmmodel:data ontap operating in 7-modescope:eqversion:8.2.1

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:2.1.3.132

Trust: 0.3

vendor:ibmmodel:system m4 typescope:eqversion:x353071600

Trust: 0.3

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:9.0(4.29)

Trust: 0.3

vendor:hpmodel:systems insight managerscope:eqversion:7.2

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.3.0

Trust: 0.3

vendor:ciscomodel:mate livescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:telepresence integrator c seriesscope:eqversion:0

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.1dscope: - version: -

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.2.0-12

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.1.9

Trust: 0.3

vendor:ibmmodel:bladecenter -hscope:eqversion:7989

Trust: 0.3

vendor:oraclemodel:mobile security suite mssscope:eqversion:3.0

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:2.0.1.104

Trust: 0.3

vendor:ibmmodel:cognos controller if3scope:neversion:10.1

Trust: 0.3

vendor:ibmmodel:bladecenter -htscope:eqversion:8740

Trust: 0.3

vendor:ibmmodel:flex system managerscope:eqversion:1.2.1.0

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.2

Trust: 0.3

vendor:hpmodel:version control agentscope:eqversion:6.2.0.860

Trust: 0.3

vendor:ibmmodel:cognos controllerscope:eqversion:8.5

Trust: 0.3

vendor:ibmmodel:cognos controllerscope:eqversion:10.1.1

Trust: 0.3

vendor:debianmodel:linux armscope:eqversion:6.0

Trust: 0.3

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:initiate master data service provider hubscope:neversion:9.5

Trust: 0.3

vendor:ibmmodel:flex system fc3171 8gb san switch and san pass-thruscope:eqversion:9.1.1.00

Trust: 0.3

vendor:ibmmodel:system m4 typescope:eqversion:x375087180

Trust: 0.3

vendor:ibmmodel:flex system manager nodescope:eqversion:8731-

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.1.8

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:2.1.5.146

Trust: 0.3

vendor:ibmmodel:idataplex dx360 m4 typescope:eqversion:79130

Trust: 0.3

vendor:hpmodel:systems insight manager sp6scope:eqversion:5.0

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:3.0.1.73

Trust: 0.3

vendor:pexipmodel:as infinityscope:eqversion:4

Trust: 0.3

vendor:hpmodel:systems insight managerscope:eqversion:7.3.2

Trust: 0.3

vendor:ciscomodel:telepresence mcuscope:eqversion:45000

Trust: 0.3

vendor:ciscomodel:telepresence isdn gwscope:eqversion:32410

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.0nscope: - version: -

Trust: 0.3

vendor:ibmmodel:system m5 typescope:eqversion:x310054570

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:7.0

Trust: 0.3

vendor:ibmmodel:infosphere master data managementscope:neversion:11.3

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:2.1.5

Trust: 0.3

vendor:ciscomodel:telepresence server on multiparty mediascope:eqversion:3104.1

Trust: 0.3

vendor:ciscomodel:telepresence ex seriesscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:webex meetings for androidscope:eqversion:0

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.2.0

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:7.3.3.1

Trust: 0.3

vendor:hpmodel:version control agentscope:eqversion:6.1841

Trust: 0.3

vendor:ibmmodel:tivoli provisioning manager for os deploymentscope:eqversion:5.1.3

Trust: 0.3

vendor:ibmmodel:cognos controller fp1scope:neversion:10.2.1

Trust: 0.3

vendor:ibmmodel:sterling connect:express for unixscope:eqversion:1.4

Trust: 0.3

vendor:hpmodel:virtual connect enterprise managerscope:eqversion:6.1

Trust: 0.3

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:9.2(3.1)

Trust: 0.3

vendor:hpmodel:thinpro linuxscope:eqversion:(x86)4.4

Trust: 0.3

vendor:avayamodel:aura experience portalscope:eqversion:6.0.1

Trust: 0.3

vendor:ibmmodel:initiate master data servicescope:neversion:9.7

Trust: 0.3

vendor:ibmmodel:cognos controllerscope:eqversion:10.2.1

Trust: 0.3

vendor:hpmodel:systems insight manager sp1scope:eqversion:4.2

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:2.1.8.179

Trust: 0.3

vendor:pexipmodel:as infinityscope:eqversion:8

Trust: 0.3

vendor:hpmodel:version control agentscope:eqversion:7.3.2

Trust: 0.3

vendor:ibmmodel:system m4 typescope:eqversion:x355079140

Trust: 0.3

vendor:oraclemodel:mysql serverscope:eqversion:5.6.16

Trust: 0.3

vendor:ibmmodel:bladecenter -hscope:eqversion:1886

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.1bscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.0kscope: - version: -

Trust: 0.3

vendor:ibmmodel:system m4 typescope:eqversion:x375087520

Trust: 0.3

vendor:ciscomodel:vds service brokerscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:telepresence conductorscope:eqversion:0

Trust: 0.3

vendor:hpmodel:version control repository managerscope:eqversion:7.2.1

Trust: 0.3

vendor:hpmodel:systems insight managerscope:eqversion:7.4

Trust: 0.3

vendor:ciscomodel:d9036 modular encoding platformscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:video surveillance 4300e/4500e high-definition ip camerasscope:eqversion:0

Trust: 0.3

vendor:hpmodel:systems insight managerscope:eqversion:4.2

Trust: 0.3

vendor:ibmmodel:system typescope:eqversion:x3950x638370

Trust: 0.3

vendor:centosmodel:centosscope:eqversion:6

Trust: 0.3

vendor:splunkmodel:app for vmwarescope:eqversion:0

Trust: 0.3

vendor:avayamodel:ip office server editionscope:eqversion:8.0

Trust: 0.3

vendor:ibmmodel:sterling connect:express for unixscope:eqversion:1.5.0

Trust: 0.3

vendor:ibmmodel:cognos controllerscope:eqversion:10.1

Trust: 0.3

vendor:ibmmodel:cognos business intelligence serverscope:eqversion:10.2

Trust: 0.3

vendor:ibmmodel:bladecenter -escope:eqversion:8677

Trust: 0.3

vendor:ibmmodel:cognos controllerscope:eqversion:10.2

Trust: 0.3

vendor:ibmmodel:snapdrive for windowsscope:eqversion:7.1.1

Trust: 0.3

vendor:ibmmodel:smart analytics systemscope:eqversion:10500

Trust: 0.3

vendor:avayamodel:one-x client enablement services sp2scope:eqversion:6.2

Trust: 0.3

vendor:ciscomodel:video surveillance ptz ip camerasscope:eqversion:0

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:10.04

Trust: 0.3

vendor:ibmmodel:tivoli common reportingscope:eqversion:2.1

Trust: 0.3

vendor:ciscomodel:anyconnect secure mobility client for iosscope:eqversion:004.000(1233)

Trust: 0.3

vendor:hpmodel:version control agentscope:eqversion:2.2.2.835

Trust: 0.3

vendor:ibmmodel:real-time compression appliancescope:eqversion:4.1.2.10

Trust: 0.3

vendor:ciscomodel:telepresence serial gateway seriesscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:clustered data ontap antivirus connectorscope:eqversion:1.0.1

Trust: 0.3

vendor:hpmodel:version control repository managerscope:eqversion:6.1.0.841

Trust: 0.3

vendor:hpmodel:systems insight managerscope:eqversion:6.0

Trust: 0.3

vendor:splunkmodel:cloudscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:webex meetings server 2.5mr2scope: - version: -

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.2.5

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.1.0.103

Trust: 0.3

vendor:ibmmodel:open systems snapvaultscope:eqversion:3.0.1

Trust: 0.3

vendor:hpmodel:thinpro linuxscope:eqversion:4.3

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:7.1

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:2.1.3

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:7.2.1

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:2.1.9

Trust: 0.3

vendor:ibmmodel:tivoli common reportingscope:eqversion:2.1.1

Trust: 0.3

vendor:ciscomodel:unified attendant console enterprise editionscope:eqversion:0

Trust: 0.3

vendor:debianmodel:linux ia-32scope:eqversion:6.0

Trust: 0.3

vendor:ibmmodel:tivoli provisioning manager for os deploymentscope:eqversion:7.1.1

Trust: 0.3

vendor:oraclemodel:mysql serverscope:eqversion:5.6.22

Trust: 0.3

vendor:ciscomodel:telepresence serverscope:eqversion:87104.1

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:3.2.7

Trust: 0.3

vendor:avayamodel:ip office application serverscope:eqversion:9.0

Trust: 0.3

vendor:ciscomodel:telepresence mcuscope:eqversion:53000

Trust: 0.3

vendor:ibmmodel:clustered data ontap antivirus connectorscope:eqversion:1.0.2

Trust: 0.3

vendor:ibmmodel:flex system managerscope:eqversion:1.2.1

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:2.1

Trust: 0.3

vendor:hpmodel:systems insight managerscope:eqversion:6.3

Trust: 0.3

vendor:ibmmodel:flex system managerscope:eqversion:1.3.3.0

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:2.1.0.121

Trust: 0.3

vendor:ciscomodel:ios 15.5 sscope: - version: -

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:2.0.2

Trust: 0.3

vendor:ciscomodel:prime performance manager for sps ppm sp1scope:eqversion:1.6

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:7.3

Trust: 0.3

vendor:ciscomodel:telepresence mx seriesscope:eqversion:0

Trust: 0.3

vendor:avayamodel:session border controller for enterprisescope:eqversion:6.3.0

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:2.1.4

Trust: 0.3

vendor:hpmodel:version control repository managerscope:eqversion:2.1.7.770

Trust: 0.3

vendor:hpmodel:insight orchestrationscope:eqversion:6.0

Trust: 0.3

vendor:ciscomodel:telepresence isdn gw msescope:eqversion:83210

Trust: 0.3

vendor:ciscomodel:ucs centralscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:telepresence profile seriesscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.3.0

Trust: 0.3

vendor:debianmodel:linux powerpcscope:eqversion:6.0

Trust: 0.3

vendor:ciscomodel:unified communications domain managerscope:eqversion:10.1.2

Trust: 0.3

vendor:ibmmodel:flex system compute node typescope:eqversion:x44079170

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:2.1.1

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.1.3

Trust: 0.3

vendor:hpmodel:systems insight manager 7.4.0ascope: - version: -

Trust: 0.3

vendor:hpmodel:systems insight managerscope:eqversion:6.2

Trust: 0.3

vendor:ciscomodel:emergency responderscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:dx360 m4 water cooled typescope:eqversion:79190

Trust: 0.3

vendor:ciscomodel:im and presence servicescope:eqversion:0

Trust: 0.3

vendor:hpmodel:version control repository managerscope:eqversion:2.1.4.750

Trust: 0.3

vendor:ciscomodel:nac guest serverscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:system m5 typescope:eqversion:x325054580

Trust: 0.3

vendor:hpmodel:version control repository managerscope:eqversion:7.3.4

Trust: 0.3

vendor:ibmmodel:tivoli provisioning manager for images system editionscope:eqversion:x7.1.1.0

Trust: 0.3

vendor:hpmodel:version control agentscope:eqversion:2.1.10.800

Trust: 0.3

vendor:hpmodel:thinpro linuxscope:eqversion:(x86)5.1

Trust: 0.3

vendor:ciscomodel:cloud object storescope:eqversion:0

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.1hscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.0ascope: - version: -

Trust: 0.3

vendor:hpmodel:version control repository managerscope:eqversion:2.1.9.790

Trust: 0.3

sources: BID: 71940 // JVNDB: JVNDB-2015-001011 // NVD: CVE-2015-0206

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-0206
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-0206
value: MEDIUM

Trust: 0.8

VULMON: CVE-2015-0206
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-0206
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

sources: VULMON: CVE-2015-0206 // JVNDB: JVNDB-2015-001011 // NVD: CVE-2015-0206

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.8

sources: JVNDB: JVNDB-2015-001011 // NVD: CVE-2015-0206

THREAT TYPE

network

Trust: 0.3

sources: BID: 71940

TYPE

Design Error

Trust: 0.3

sources: BID: 71940

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-001011

PATCH

title:cisco-sa-20150310-sslurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl

Trust: 0.8

title:A memory leak can occur in dtls1_buffer_record if either of the calls to ssl3_setup_buffers or pqueue_insert fail.url:https://github.com/openssl/openssl/commit/103b171d8fc282ef435f8de9afbf7782e312961f

Trust: 0.8

title:HPSBHF03289url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04602055

Trust: 0.8

title:NV15-017url:http://jpn.nec.com/security-info/secinfo/nv15-017.html

Trust: 0.8

title:DTLS memory leak in dtls1_buffer_record (CVE-2015-0206)url:https://www.openssl.org/news/secadv_20150108.txt

Trust: 0.8

title:Oracle Critical Patch Update Advisory - April 2015url:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html

Trust: 0.8

title:Oracle Critical Patch Update Advisory - October 2015url:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html

Trust: 0.8

title:Text Form of Oracle Critical Patch Update - April 2015 Risk Matricesurl:http://www.oracle.com/technetwork/topics/security/cpuapr2015verbose-2365613.html

Trust: 0.8

title:Text Form of Oracle Critical Patch Update - October 2015 Risk Matricesurl:http://www.oracle.com/technetwork/topics/security/cpuoct2015verbose-2367954.html

Trust: 0.8

title:Oracle Critical Patch Update Advisory - July 2016url:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

Trust: 0.8

title:Oracle Critical Patch Update Advisory - July 2015url:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

Trust: 0.8

title:Text Form of Oracle Critical Patch Update - July 2016 Risk Matricesurl:http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html

Trust: 0.8

title:Text Form of Oracle Critical Patch Update - July 2015 Risk Matricesurl:http://www.oracle.com/technetwork/topics/security/cpujul2015verbose-2367947.html

Trust: 0.8

title:Oracle Third Party Bulletin - January 2015url:http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

Trust: 0.8

title:RHSA-2015:0066url:https://rhn.redhat.com/errata/RHSA-2015-0066.html

Trust: 0.8

title:April 2015 Critical Patch Update Releasedurl:https://blogs.oracle.com/security/entry/april_2015_critical_patch_update

Trust: 0.8

title:October 2015 Critical Patch Update Releasedurl:https://blogs.oracle.com/security/entry/october_2015_critical_patch_update

Trust: 0.8

title:July 2016 Critical Patch Update Releasedurl:https://blogs.oracle.com/security/entry/july_2016_critical_patch_update

Trust: 0.8

title:July 2015 Critical Patch Update Releasedurl:https://blogs.oracle.com/security/entry/july_2015_critical_patch_update

Trust: 0.8

title:cisco-sa-20150310-sslurl:http://www.cisco.com/cisco/web/support/JP/112/1128/1128755_cisco-sa-20150310-ssl-j.html

Trust: 0.8

title:株式会社バッファロー の告知ページurl:http://buffalo.jp/support_s/s20150327b.html

Trust: 0.8

title:Red Hat: Moderate: openssl security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20150066 - Security Advisory

Trust: 0.1

title:Red Hat: CVE-2015-0206url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2015-0206

Trust: 0.1

title:Ubuntu Security Notice: openssl vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-2459-1

Trust: 0.1

title:Debian Security Advisories: DSA-3125-1 openssl -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=a3210fee56d96657bbff4ad44c3d0807

Trust: 0.1

title:Tenable Security Advisories: [R7] OpenSSL '20150108' Advisory Affects Tenable Productsurl:https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2015-03

Trust: 0.1

title:Amazon Linux AMI: ALAS-2015-469url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2015-469

Trust: 0.1

title:Symantec Security Advisories: SA88 : OpenSSL Security Advisory 08-Jan-2015url:https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories&qid=9281dc3b1a760e1cf2711cdf82cf64d7

Trust: 0.1

title:Cisco: Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Productsurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20150310-ssl

Trust: 0.1

title:Oracle: Oracle Critical Patch Update Advisory - April 2015url:https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=4b527561ba1a5de7a529c8a93679f585

Trust: 0.1

title:Splunk Security Announcements: Splunk response to January 2015 OpenSSL vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=splunk_security_announcements&qid=21b119528a2fb8c78850a17027b71424

Trust: 0.1

title:Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2015url:https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=eaf98750f1130c39e83765575c69e165

Trust: 0.1

title:Oracle: Oracle Critical Patch Update Advisory - October 2017url:https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=523d3f220a64ff01dd95e064bd37566a

Trust: 0.1

title:Oracle: Oracle Critical Patch Update Advisory - October 2015url:https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=744c19dc9f4f70ad58059bf8733ec9c1

Trust: 0.1

title:Oracle: Oracle Critical Patch Update Advisory - July 2015url:https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=459961024c4bdce7bb3a1a40a65a6f2e

Trust: 0.1

title:Oracle: Oracle Critical Patch Update Advisory - July 2016url:https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=3a04485ebb79f7fbc2472bf9af5ce489

Trust: 0.1

title:The Registerurl:https://www.theregister.co.uk/2015/01/09/dead_openssl_bugs_more_fleas_than_poodles/

Trust: 0.1

sources: VULMON: CVE-2015-0206 // JVNDB: JVNDB-2015-001011

EXTERNAL IDS

db:NVDid:CVE-2015-0206

Trust: 2.9

db:BIDid:71940

Trust: 1.4

db:MCAFEEid:SB10102

Trust: 1.1

db:MCAFEEid:SB10108

Trust: 1.1

db:BIDid:91787

Trust: 1.1

db:SECTRACKid:1033378

Trust: 1.1

db:JVNid:JVNVU98974537

Trust: 0.8

db:JVNDBid:JVNDB-2015-001011

Trust: 0.8

db:VULMONid:CVE-2015-0206

Trust: 0.1

db:PACKETSTORMid:133318

Trust: 0.1

db:PACKETSTORMid:133317

Trust: 0.1

db:PACKETSTORMid:129973

Trust: 0.1

db:PACKETSTORMid:129870

Trust: 0.1

db:PACKETSTORMid:133325

Trust: 0.1

db:PACKETSTORMid:132763

Trust: 0.1

db:PACKETSTORMid:129867

Trust: 0.1

sources: VULMON: CVE-2015-0206 // BID: 71940 // JVNDB: JVNDB-2015-001011 // PACKETSTORM: 133318 // PACKETSTORM: 133317 // PACKETSTORM: 129973 // PACKETSTORM: 129870 // PACKETSTORM: 133325 // PACKETSTORM: 132763 // PACKETSTORM: 129867 // NVD: CVE-2015-0206

REFERENCES

url:https://www.openssl.org/news/secadv_20150108.txt

Trust: 1.6

url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150310-ssl

Trust: 1.4

url:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html

Trust: 1.4

url:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

Trust: 1.4

url:https://github.com/openssl/openssl/commit/103b171d8fc282ef435f8de9afbf7782e312961f

Trust: 1.1

url:http://lists.fedoraproject.org/pipermail/package-announce/2015-january/147938.html

Trust: 1.1

url:http://lists.fedoraproject.org/pipermail/package-announce/2015-january/148363.html

Trust: 1.1

url:http://www.mandriva.com/security/advisories?name=mdvsa-2015:019

Trust: 1.1

url:http://www.debian.org/security/2015/dsa-3125

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html

Trust: 1.1

url:http://rhn.redhat.com/errata/rhsa-2015-0066.html

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=142721102728110&w=2

Trust: 1.1

url:http://www.mandriva.com/security/advisories?name=mdvsa-2015:062

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html

Trust: 1.1

url:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

Trust: 1.1

url:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html

Trust: 1.1

url:http://www.securityfocus.com/bid/91787

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=144050297101809&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=144050205101530&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=144050254401665&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=143748090628601&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=144050155601375&w=2

Trust: 1.1

url:http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

Trust: 1.1

url:https://bto.bluecoat.com/security-advisory/sa88

Trust: 1.1

url:http://www.securitytracker.com/id/1033378

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html

Trust: 1.1

url:https://kc.mcafee.com/corporate/index?page=content&id=sb10108

Trust: 1.1

url:https://kc.mcafee.com/corporate/index?page=content&id=sb10102

Trust: 1.1

url:http://www.securityfocus.com/bid/71940

Trust: 1.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/99704

Trust: 1.1

url:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0206

Trust: 0.9

url:http://jvn.jp/cert/jvnvu98974537

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0206

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2014-3571

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2014-3572

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2015-0204

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2015-0205

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2014-3570

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2014-8275

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2014-3569

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2015-0206

Trust: 0.7

url:https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04765169

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2015-0209

Trust: 0.4

url:http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Trust: 0.4

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2015-0286

Trust: 0.4

url:http://www.pexip.com/sites/pexip/files/pexip_security_bulletin_2015-01-30.pdf

Trust: 0.3

url:http://openssl.org/

Trust: 0.3

url:http://www.splunk.com/view/sp-caaanu5#affectedproductsandcomponents

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21699883

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21699667

Trust: 0.3

url:https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04746490

Trust: 0.3

url:https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04602055

Trust: 0.3

url:https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04765115

Trust: 0.3

url:https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04774019

Trust: 0.3

url:https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04774021

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21698818

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21883857

Trust: 0.3

url:https://aix.software.ibm.com/aix/efixes/security/openssl_advisory12.asc

Trust: 0.3

url:https://downloads.avaya.com/css/p8/documents/101008182

Trust: 0.3

url:https://www.openssl.org/news/vulnerabilities.html

Trust: 0.3

url:https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098593

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21903299

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005159

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21700275

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21699938

Trust: 0.3

url:https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097503

Trust: 0.3

url:https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097811

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21902694

Trust: 0.3

url:https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097796

Trust: 0.3

url:https://www-304.ibm.com/support/docview.wss?uid=swg21697162

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=ssg1s1009328

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21695985

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=isg3t1022074

Trust: 0.3

url:https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098358

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21694849

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21698506

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2015-0207

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2015-0288

Trust: 0.3

url:https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2015-0285

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2015-0208

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2015-0287

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2015-0289

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2014-0118

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2014-8142

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2014-0226

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2015-0231

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2014-3523

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2014-9653

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2014-9705

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2015-0232

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2014-9427

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2015-0273

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2014-0231

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2014-9652

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/119.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2015:0066

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-0206

Trust: 0.1

url:https://usn.ubuntu.com/2459-1/

Trust: 0.1

url:http://www.hp.com/swpublishing/mtx-c54de3da8602433283d55e7369

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0291

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-1787

Trust: 0.1

url:http://www.hp.com/swpublishing/mtx-676ddad17a06423589ee8889d0

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0290

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0292

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0293

Trust: 0.1

url:http://www.hp.com/swpublishing/mtx-72d53359c85340f899e81986a7

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-5432

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-5433

Trust: 0.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3572>

Trust: 0.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0205>

Trust: 0.1

url:https://security.freebsd.org/patches/sa-15:01/openssl-9.3.patch

Trust: 0.1

url:https://svnweb.freebsd.org/base?view=revision&revision=nnnnnn>

Trust: 0.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0206>

Trust: 0.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3571>

Trust: 0.1

url:https://www.openssl.org/news/secadv_20150108.txt>

Trust: 0.1

url:https://security.freebsd.org/>.

Trust: 0.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8275>

Trust: 0.1

url:https://security.freebsd.org/patches/sa-15:01/openssl-10.0.patch.asc

Trust: 0.1

url:https://security.freebsd.org/patches/sa-15:01/openssl-10.1.patch

Trust: 0.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3569>

Trust: 0.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3570>

Trust: 0.1

url:https://security.freebsd.org/advisories/freebsd-sa-15:01.openssl.asc>

Trust: 0.1

url:https://www.freebsd.org/handbook/makeworld.html>.

Trust: 0.1

url:https://security.freebsd.org/patches/sa-15:01/openssl-10.0.patch

Trust: 0.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0204>

Trust: 0.1

url:https://security.freebsd.org/patches/sa-15:01/openssl-9.3.patch.asc

Trust: 0.1

url:https://security.freebsd.org/patches/sa-15:01/openssl-10.1.patch.asc

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8275

Trust: 0.1

url:http://www.mandriva.com/en/support/security/

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0204

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3570

Trust: 0.1

url:http://www.mandriva.com/en/support/security/advisories/

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3571

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0205

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3572

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3569

Trust: 0.1

url:http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04746490&la

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-1692

Trust: 0.1

url:http://www.hp.com/go/insightupdates

Trust: 0.1

url:https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-0248

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-5107

Trust: 0.1

url:https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04762744

Trust: 0.1

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/

Trust: 0.1

url:http://www.hp.com/go/smh

Trust: 0.1

url:https://www.openssl.org/about/releasestrat.html),

Trust: 0.1

url:https://www.openssl.org/about/secpolicy.html

Trust: 0.1

url:http://css.csail.mit.edu/6.858/2013/readings/rsa-bug-attacks.pdf

Trust: 0.1

sources: VULMON: CVE-2015-0206 // BID: 71940 // JVNDB: JVNDB-2015-001011 // PACKETSTORM: 133318 // PACKETSTORM: 133317 // PACKETSTORM: 129973 // PACKETSTORM: 129870 // PACKETSTORM: 133325 // PACKETSTORM: 132763 // PACKETSTORM: 129867 // NVD: CVE-2015-0206

CREDITS

HP

Trust: 0.4

sources: PACKETSTORM: 133318 // PACKETSTORM: 133317 // PACKETSTORM: 133325 // PACKETSTORM: 132763

SOURCES

db:VULMONid:CVE-2015-0206
db:BIDid:71940
db:JVNDBid:JVNDB-2015-001011
db:PACKETSTORMid:133318
db:PACKETSTORMid:133317
db:PACKETSTORMid:129973
db:PACKETSTORMid:129870
db:PACKETSTORMid:133325
db:PACKETSTORMid:132763
db:PACKETSTORMid:129867
db:NVDid:CVE-2015-0206

LAST UPDATE DATE

2024-11-23T19:52:16.868000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2015-0206date:2017-10-20T00:00:00
db:BIDid:71940date:2017-01-23T00:09:00
db:JVNDBid:JVNDB-2015-001011date:2016-08-09T00:00:00
db:NVDid:CVE-2015-0206date:2024-11-21T02:22:32.597

SOURCES RELEASE DATE

db:VULMONid:CVE-2015-0206date:2015-01-09T00:00:00
db:BIDid:71940date:2015-01-07T00:00:00
db:JVNDBid:JVNDB-2015-001011date:2015-01-13T00:00:00
db:PACKETSTORMid:133318date:2015-08-26T01:33:25
db:PACKETSTORMid:133317date:2015-08-26T01:33:18
db:PACKETSTORMid:129973date:2015-01-15T16:53:07
db:PACKETSTORMid:129870date:2015-01-09T17:43:35
db:PACKETSTORMid:133325date:2015-08-26T01:35:08
db:PACKETSTORMid:132763date:2015-07-21T13:37:51
db:PACKETSTORMid:129867date:2015-01-09T02:01:10
db:NVDid:CVE-2015-0206date:2015-01-09T02:59:12.117