ID

VAR-201512-0482


CVE

CVE-2015-3193


TITLE

BN_mod_exp Used in x86_64 Run on the platform OpenSSL of crypto/bn/asm/x86_64-mont5.pl Vulnerabilities in which important private key information is obtained

Trust: 0.8

sources: JVNDB: JVNDB-2015-006114

DESCRIPTION

The Montgomery squaring implementation in crypto/bn/asm/x86_64-mont5.pl in OpenSSL 1.0.2 before 1.0.2e on the x86_64 platform, as used by the BN_mod_exp function, mishandles carry propagation and produces incorrect output, which makes it easier for remote attackers to obtain sensitive private-key information via an attack against use of a (1) Diffie-Hellman (DH) or (2) Diffie-Hellman Ephemeral (DHE) ciphersuite. OpenSSL is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] bind (SSA:2015-349-01) New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/bind-9.9.8_P2-x86_64-1_slack14.1.txz: Upgraded. Insufficient testing when parsing a message allowed records with an incorrect class to be be accepted, triggering a REQUIRE failure when those records were subsequently cached. (CVE-2015-8000) Address fetch context reference count handling error on socket error. (CVE-2015-8461) For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3193 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8000 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8461 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/bind-9.9.8_P2-i486-1_slack13.0.txz Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/bind-9.9.8_P2-x86_64-1_slack13.0.txz Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/bind-9.9.8_P2-i486-1_slack13.1.txz Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/bind-9.9.8_P2-x86_64-1_slack13.1.txz Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/bind-9.9.8_P2-i486-1_slack13.37.txz Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/bind-9.9.8_P2-x86_64-1_slack13.37.txz Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/bind-9.9.8_P2-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/bind-9.9.8_P2-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/bind-9.9.8_P2-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/bind-9.9.8_P2-x86_64-1_slack14.1.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/bind-9.10.3_P2-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/bind-9.10.3_P2-x86_64-1.txz MD5 signatures: +-------------+ Slackware 13.0 package: ef466df7b5c30de3b1823ae2ef7c0820 bind-9.9.8_P2-i486-1_slack13.0.txz Slackware x86_64 13.0 package: 4d6fd1a921302be279fb00b8f3c5209f bind-9.9.8_P2-x86_64-1_slack13.0.txz Slackware 13.1 package: de9cea0aaf0123e1b480582a97b5a483 bind-9.9.8_P2-i486-1_slack13.1.txz Slackware x86_64 13.1 package: 3d06836402ee2265194d819bf59ebef5 bind-9.9.8_P2-x86_64-1_slack13.1.txz Slackware 13.37 package: 084270843411521f1d5f7dfee0faf05a bind-9.9.8_P2-i486-1_slack13.37.txz Slackware x86_64 13.37 package: 2cb2bfdb94e52725bccecea29e5a5bc1 bind-9.9.8_P2-x86_64-1_slack13.37.txz Slackware 14.0 package: b653a7dd7b8591ccbd434bb2ec2e395f bind-9.9.8_P2-i486-1_slack14.0.txz Slackware x86_64 14.0 package: d6db5ba1f2c1ae0c99457b1866d9b752 bind-9.9.8_P2-x86_64-1_slack14.0.txz Slackware 14.1 package: ffaf96b22a3148f23d6cb0349c4fa745 bind-9.9.8_P2-i486-1_slack14.1.txz Slackware x86_64 14.1 package: 5382418d8d2044f567934b24f280592b bind-9.9.8_P2-x86_64-1_slack14.1.txz Slackware -current package: 8a998dd407304fb10e8df8c92655ff54 n/bind-9.10.3_P2-i586-1.txz Slackware x86_64 -current package: 545b71ea3107b6a7796fb21cf1dfd311 n/bind-9.10.3_P2-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg bind-9.9.8_P2-i486-1_slack14.1.txz Then, restart the name server: # /etc/rc.d/rc.bind restart +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. | +------------------------------------------------------------------------+ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEARECAAYFAlZw+UcACgkQakRjwEAQIjOMAwCgjzSOs/3EsTbWu/ykUePEAat2 OhsAn1I4L5Sgs42gKDPTuf/hhCoBZpsf =b9cA -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-10-27-1 Xcode 8.1 Xcode 8.1 is now available and addresses the following: IDE Xcode Server Available for: OS X El Capitan v10.11.5 and later Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: Multiple issues existed in Node.js in Xcode Server. These issues were addressed by updating to Node.js version 4.5.0. CVE-2016-1669 CVE-2016-0705 CVE-2016-0797 CVE-2016-0702 CVE-2016-2086 CVE-2016-2216 CVE-2015-8027 CVE-2015-3193 CVE-2015-3194 CVE-2015-6764 Xcode 8.1 may be obtained from: https://developer.apple.com/xcode/downloads/ To check that the Xcode has been updated: * Select Xcode in the menu bar * Select About Xcode * The version after applying this update will be "8.1". ============================================================================ Ubuntu Security Notice USN-2830-1 December 07, 2015 openssl vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 15.10 - Ubuntu 15.04 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: Several security issues were fixed in OpenSSL. Software Description: - openssl: Secure Socket Layer (SSL) cryptographic library and tools Details: Guy Leaver discovered that OpenSSL incorrectly handled a ServerKeyExchange for an anonymous DH ciphersuite with the value of p set to 0. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only applied to Ubuntu 15.10. A remote attacker could possibly use this issue to break encryption. This issue only applied to Ubuntu 15.10. (CVE-2015-3193) Lo=C3=AFc Jonas Etienne discovered that OpenSSL incorrectly handled ASN.1 signatures with a missing PSS parameter. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2015-3194) Adam Langley discovered that OpenSSL incorrectly handled malformed X509_ATTRIBUTE structures. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, resulting in a denial of service. (CVE-2015-3195) It was discovered that OpenSSL incorrectly handled PSK identity hints. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-3196) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 15.10: libssl1.0.0 1.0.2d-0ubuntu1.2 Ubuntu 15.04: libssl1.0.0 1.0.1f-1ubuntu11.5 Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.16 Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.32 After a standard system update you need to reboot your computer to make all the necessary changes. References: http://www.ubuntu.com/usn/usn-2830-1 CVE-2015-1794, CVE-2015-3193, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196 Package Information: https://launchpad.net/ubuntu/+source/openssl/1.0.2d-0ubuntu1.2 https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu11.5 https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.16 https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.32 . OpenSSL Security Advisory [3 Dec 2015] - Updated [4 Dec 2015] ============================================================= [Updated 4 Dec 2015]: This advisory has been updated to include the details of CVE-2015-1794, a Low severity issue affecting OpenSSL 1.0.2 which had a fix included in the released packages but was missed from the advisory text. NOTE: WE ANTICIPATE THAT 1.0.0t AND 0.9.8zh WILL BE THE LAST RELEASES FOR THE 0.9.8 AND 1.0.0 VERSIONS AND THAT NO MORE SECURITY FIXES WILL BE PROVIDED (AS PER PREVIOUS ANNOUNCEMENTS). USERS ARE ADVISED TO UPGRADE TO LATER VERSIONS. BN_mod_exp may produce incorrect results on x86_64 (CVE-2015-3193) ================================================================== Severity: Moderate There is a carry propagating bug in the x86_64 Montgomery squaring procedure. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites. This issue affects OpenSSL version 1.0.2. OpenSSL 1.0.2 users should upgrade to 1.0.2e This issue was reported to OpenSSL on August 13 2015 by Hanno Böck. The fix was developed by Andy Polyakov of the OpenSSL development team. Certificate verify crash with missing PSS parameter (CVE-2015-3194) =================================================================== Severity: Moderate The signature verification routines will crash with a NULL pointer dereference if presented with an ASN.1 signature using the RSA PSS algorithm and absent mask generation function parameter. Since these routines are used to verify certificate signature algorithms this can be used to crash any certificate verification operation and exploited in a DoS attack. Any application which performs certificate verification is vulnerable including OpenSSL clients and servers which enable client authentication. This issue affects OpenSSL versions 1.0.2 and 1.0.1. OpenSSL 1.0.2 users should upgrade to 1.0.2e OpenSSL 1.0.1 users should upgrade to 1.0.1q This issue was reported to OpenSSL on August 27 2015 by Loïc Jonas Etienne (Qnective AG). The fix was developed by Dr. Stephen Henson of the OpenSSL development team. X509_ATTRIBUTE memory leak (CVE-2015-3195) ========================================== Severity: Moderate When presented with a malformed X509_ATTRIBUTE structure OpenSSL will leak memory. This structure is used by the PKCS#7 and CMS routines so any application which reads PKCS#7 or CMS data from untrusted sources is affected. SSL/TLS is not affected. This issue affects OpenSSL versions 1.0.2 and 1.0.1, 1.0.0 and 0.9.8. OpenSSL 1.0.2 users should upgrade to 1.0.2e OpenSSL 1.0.1 users should upgrade to 1.0.1q OpenSSL 1.0.0 users should upgrade to 1.0.0t OpenSSL 0.9.8 users should upgrade to 0.9.8zh This issue was reported to OpenSSL on November 9 2015 by Adam Langley (Google/BoringSSL) using libFuzzer. The fix was developed by Dr. Stephen Henson of the OpenSSL development team. Race condition handling PSK identify hint (CVE-2015-3196) ========================================================= Severity: Low If PSK identity hints are received by a multi-threaded client then the values are wrongly updated in the parent SSL_CTX structure. This can result in a race condition potentially leading to a double free of the identify hint data. This issue was fixed in OpenSSL 1.0.2d and 1.0.1p but has not been previously listed in an OpenSSL security advisory. This issue also affects OpenSSL 1.0.0 and has not been previously fixed in an OpenSSL 1.0.0 release. OpenSSL 1.0.2 users should upgrade to 1.0.2d OpenSSL 1.0.1 users should upgrade to 1.0.1p OpenSSL 1.0.0 users should upgrade to 1.0.0t The fix for this issue can be identified in the OpenSSL git repository by commit ids 3c66a669dfc7 (1.0.2), d6be3124f228 (1.0.1) and 1392c238657e (1.0.0). The fix was developed by Dr. Stephen Henson of the OpenSSL development team. Anon DH ServerKeyExchange with 0 p parameter (CVE-2015-1794) ============================================================ Severity: Low If a client receives a ServerKeyExchange for an anonymous DH ciphersuite with the value of p set to 0 then a seg fault can occur leading to a possible denial of service attack. This issue affects OpenSSL version 1.0.2. OpenSSL 1.0.2 users should upgrade to 1.0.2e This issue was reported to OpenSSL on August 3 2015 by Guy Leaver (Cisco). The fix was developed by Matt Caswell of the OpenSSL development team. Note ==== As per our previous announcements and our Release Strategy (https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions 1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these versions will be provided after that date. In the absence of significant security issues being identified prior to that date, the 1.0.0t and 0.9.8zh releases will be the last for those versions. Users of these versions are advised to upgrade. References ========== URL for this Security Advisory: https://www.openssl.org/news/secadv/20151203.txt Note: the online version of the advisory may be updated with additional details over time. For details of OpenSSL severity classifications please see: https://www.openssl.org/about/secpolicy.html . OpenSSL Security Advisory [26 Jan 2017] ======================================== Truncated packet could crash via OOB read (CVE-2017-3731) ========================================================= Severity: Moderate If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. Bad (EC)DHE parameters cause a client crash (CVE-2017-3730) =========================================================== Severity: Moderate If a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial of Service attack. This means the git commit with the fix does not contain the CVE identifier. The relevant fix commit can be identified by commit hash efbe126e3. UPDATE 31 Jan 2017. This is not true. DHE key re-use was removed by commit c5b831f for 1.0.2 or commit ffaef3f for 1.1.0 on 17 December 2015 Note: This issue is very similar to CVE-2015-3193 but must be treated as a separate problem. OpenSSL Security Advisory [27 Mar 2018] ======================================== Constructed ASN.1 types with a recursive definition could exceed the stack (CVE-2018-0739) ========================================================================================== Severity: Moderate Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. This allows an attacker to forge messages that would be considered as authenticated in an amount of tries lower than that guaranteed by the security claims of the scheme. The module can only be compiled by the HP-UX assembler, so that only HP-UX PA-RISC targets are affected. There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). The issue was originally found via the OSS-Fuzz project

Trust: 2.61

sources: NVD: CVE-2015-3193 // JVNDB: JVNDB-2015-006114 // BID: 78705 // VULMON: CVE-2015-3193 // PACKETSTORM: 134875 // PACKETSTORM: 139380 // PACKETSTORM: 134652 // PACKETSTORM: 169632 // PACKETSTORM: 169650 // PACKETSTORM: 169631 // PACKETSTORM: 169626

AFFECTED PRODUCTS

vendor:opensslmodel:opensslscope:eqversion:1.0.2b

Trust: 1.6

vendor:opensslmodel:opensslscope:eqversion:1.0.2

Trust: 1.6

vendor:opensslmodel:opensslscope:eqversion:1.0.2a

Trust: 1.6

vendor:opensslmodel:opensslscope:eqversion:1.0.2c

Trust: 1.6

vendor:opensslmodel:opensslscope:eqversion:1.0.2d

Trust: 1.6

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:eqversion:8.4

Trust: 1.1

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:eqversion:8.3

Trust: 1.1

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:eqversion:15.2

Trust: 1.1

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:eqversion:15.1

Trust: 1.1

vendor:canonicalmodel:ubuntu linuxscope:eqversion:15.04

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:12.04

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:4.2.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:14.04

Trust: 1.0

vendor:nodejsmodel:node.jsscope:ltversion:4.2.3

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:15.10

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:5.0.0

Trust: 1.0

vendor:nodejsmodel:node.jsscope:lteversion:4.1.2

Trust: 1.0

vendor:nodejsmodel:node.jsscope:ltversion:5.1.1

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:4.0.0

Trust: 1.0

vendor:opensslmodel:opensslscope:ltversion:1.0.2

Trust: 0.8

vendor:oraclemodel:sun ray softwarescope:eqversion:11.1

Trust: 0.8

vendor:oraclemodel:secure global desktopscope:eqversion:4.71

Trust: 0.8

vendor:opensslmodel:opensslscope:eqversion:1.0.2e

Trust: 0.8

vendor:oraclemodel:secure global desktopscope:eqversion:5.2

Trust: 0.8

vendor:oraclemodel:secure global desktopscope:eqversion:4.63

Trust: 0.8

vendor:opensslmodel:project opensslscope:eqversion:1.0.2

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.2dscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.2cscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.2bscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.2ascope: - version: -

Trust: 0.3

vendor:netappmodel:oncommand unified manager host packagescope:eqversion:0

Trust: 0.3

vendor:netappmodel:oncommand unified manager for clustered data ontapscope:eqversion:6.0

Trust: 0.3

vendor:netappmodel:oncommand reportscope:eqversion:0

Trust: 0.3

vendor:netappmodel:oncommand performance managerscope:eqversion:0

Trust: 0.3

vendor:netappmodel:manageability sdkscope:eqversion:0

Trust: 0.3

vendor:netappmodel:altavaultscope:eqversion:0

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.6.4

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.6.3

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.6.2

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.6.3.2

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.6.3.1

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.6.1

Trust: 0.3

vendor:junipermodel:ctpviewscope:eqversion:7.3

Trust: 0.3

vendor:junipermodel:ctpview 7.1r2scope: - version: -

Trust: 0.3

vendor:junipermodel:ctpview 7.1r1scope: - version: -

Trust: 0.3

vendor:ibmmodel:workload deployerscope:eqversion:3.17

Trust: 0.3

vendor:ibmmodel:websphere message brokerscope:eqversion:8

Trust: 0.3

vendor:ibmmodel:security network controllerscope:eqversion:1.0.3387

Trust: 0.3

vendor:ibmmodel:security network controllerscope:eqversion:1.0.3381

Trust: 0.3

vendor:ibmmodel:security network controllerscope:eqversion:1.0.3379

Trust: 0.3

vendor:ibmmodel:security network controllerscope:eqversion:1.0.3376

Trust: 0.3

vendor:ibmmodel:security network controllerscope:eqversion:1.0.3361

Trust: 0.3

vendor:ibmmodel:security network controllerscope:eqversion:1.0.1768

Trust: 0.3

vendor:ibmmodel:security network controllerscope:eqversion:1.0.1209

Trust: 0.3

vendor:ibmmodel:security network controllerscope:eqversion:1.0.913

Trust: 0.3

vendor:ibmmodel:security network controller 1.0.3394mscope: - version: -

Trust: 0.3

vendor:ibmmodel:security network controllerscope:eqversion:1.0.3394

Trust: 0.3

vendor:ibmmodel:security network controller 1.0.3387mscope: - version: -

Trust: 0.3

vendor:ibmmodel:security network controller 1.0.3381mscope: - version: -

Trust: 0.3

vendor:ibmmodel:security network controller 1.0.3379mscope: - version: -

Trust: 0.3

vendor:ibmmodel:security network controller 1.0.3376mscope: - version: -

Trust: 0.3

vendor:ibmmodel:security network controller 1.0.3361mscope: - version: -

Trust: 0.3

vendor:ibmmodel:security network controller 1.0.3352mscope: - version: -

Trust: 0.3

vendor:ibmmodel:security network controller 1.0.3350mscope: - version: -

Trust: 0.3

vendor:ibmmodel:rational clearquestscope:eqversion:8.0.13

Trust: 0.3

vendor:ibmmodel:rational clearquestscope:eqversion:8.010

Trust: 0.3

vendor:ibmmodel:rational clearquestscope:eqversion:7.1.28

Trust: 0.3

vendor:ibmmodel:rational clearquestscope:eqversion:7.1.25

Trust: 0.3

vendor:ibmmodel:rational clearquestscope:eqversion:7.1.23

Trust: 0.3

vendor:ibmmodel:rational clearquestscope:eqversion:7.1.213

Trust: 0.3

vendor:ibmmodel:rational clearquestscope:eqversion:7.1.211

Trust: 0.3

vendor:ibmmodel:rational clearquestscope:eqversion:7.1.18

Trust: 0.3

vendor:ibmmodel:rational clearquestscope:eqversion:7.1.13

Trust: 0.3

vendor:ibmmodel:rational clearquestscope:eqversion:7.1.12

Trust: 0.3

vendor:ibmmodel:rational clearquestscope:eqversion:7.1.11

Trust: 0.3

vendor:ibmmodel:rational clearquestscope:eqversion:7.1.1

Trust: 0.3

vendor:ibmmodel:rational clearquestscope:eqversion:9.0

Trust: 0.3

vendor:ibmmodel:rational clearquestscope:eqversion:8.0.1.9

Trust: 0.3

vendor:ibmmodel:rational clearquestscope:eqversion:8.0.1.8

Trust: 0.3

vendor:ibmmodel:rational clearquestscope:eqversion:8.0.1.7

Trust: 0.3

vendor:ibmmodel:rational clearquestscope:eqversion:8.0.1.6

Trust: 0.3

vendor:ibmmodel:rational clearquestscope:eqversion:8.0.1.5

Trust: 0.3

vendor:ibmmodel:rational clearquestscope:eqversion:8.0.1.4

Trust: 0.3

vendor:ibmmodel:rational clearquestscope:eqversion:8.0.1.2

Trust: 0.3

vendor:ibmmodel:rational clearquestscope:eqversion:8.0.1.10

Trust: 0.3

vendor:ibmmodel:rational clearquestscope:eqversion:8.0.1.1

Trust: 0.3

vendor:ibmmodel:rational clearquestscope:eqversion:8.0.1

Trust: 0.3

vendor:ibmmodel:rational clearquestscope:eqversion:8.0.0.9

Trust: 0.3

vendor:ibmmodel:rational clearquestscope:eqversion:8.0.0.8

Trust: 0.3

vendor:ibmmodel:rational clearquestscope:eqversion:8.0.0.7

Trust: 0.3

vendor:ibmmodel:rational clearquestscope:eqversion:8.0.0.5

Trust: 0.3

vendor:ibmmodel:rational clearquestscope:eqversion:8.0.0.4

Trust: 0.3

vendor:ibmmodel:rational clearquestscope:eqversion:8.0.0.3

Trust: 0.3

vendor:ibmmodel:rational clearquestscope:eqversion:8.0.0.2

Trust: 0.3

vendor:ibmmodel:rational clearquestscope:eqversion:8.0.0.17

Trust: 0.3

vendor:ibmmodel:rational clearquestscope:eqversion:8.0.0.16

Trust: 0.3

vendor:ibmmodel:rational clearquestscope:eqversion:8.0.0.15

Trust: 0.3

vendor:ibmmodel:rational clearquestscope:eqversion:8.0.0.14

Trust: 0.3

vendor:ibmmodel:rational clearquestscope:eqversion:8.0.0.13

Trust: 0.3

vendor:ibmmodel:rational clearquestscope:eqversion:8.0.0.12

Trust: 0.3

vendor:ibmmodel:rational clearquestscope:eqversion:8.0.0.11

Trust: 0.3

vendor:ibmmodel:rational clearquestscope:eqversion:8.0.0.1

Trust: 0.3

vendor:ibmmodel:rational clearquestscope:eqversion:8.0.06

Trust: 0.3

vendor:ibmmodel:rational clearquestscope:eqversion:8.0

Trust: 0.3

vendor:ibmmodel:rational clearquestscope:eqversion:7.1.2.9

Trust: 0.3

vendor:ibmmodel:rational clearquestscope:eqversion:7.1.2.7

Trust: 0.3

vendor:ibmmodel:rational clearquestscope:eqversion:7.1.2.6

Trust: 0.3

vendor:ibmmodel:rational clearquestscope:eqversion:7.1.2.4

Trust: 0.3

vendor:ibmmodel:rational clearquestscope:eqversion:7.1.2.2

Trust: 0.3

vendor:ibmmodel:rational clearquestscope:eqversion:7.1.2.19

Trust: 0.3

vendor:ibmmodel:rational clearquestscope:eqversion:7.1.2.18

Trust: 0.3

vendor:ibmmodel:rational clearquestscope:eqversion:7.1.2.16

Trust: 0.3

vendor:ibmmodel:rational clearquestscope:eqversion:7.1.2.15

Trust: 0.3

vendor:ibmmodel:rational clearquestscope:eqversion:7.1.2.14

Trust: 0.3

vendor:ibmmodel:rational clearquestscope:eqversion:7.1.2.12

Trust: 0.3

vendor:ibmmodel:rational clearquestscope:eqversion:7.1.2.10

Trust: 0.3

vendor:ibmmodel:rational clearquestscope:eqversion:7.1.2.1

Trust: 0.3

vendor:ibmmodel:rational clearquestscope:eqversion:7.1.2

Trust: 0.3

vendor:ibmmodel:rational clearquestscope:eqversion:7.1.1.9

Trust: 0.3

vendor:ibmmodel:rational clearquestscope:eqversion:7.1.1.7

Trust: 0.3

vendor:ibmmodel:rational clearquestscope:eqversion:7.1.1.6

Trust: 0.3

vendor:ibmmodel:rational clearquestscope:eqversion:7.1.1.5

Trust: 0.3

vendor:ibmmodel:rational clearquestscope:eqversion:7.1.1.4

Trust: 0.3

vendor:ibmmodel:rational clearquestscope:eqversion:7.1.0.2

Trust: 0.3

vendor:ibmmodel:rational clearquestscope:eqversion:7.1.0.1

Trust: 0.3

vendor:ibmmodel:rational clearquestscope:eqversion:7.1

Trust: 0.3

vendor:ibmmodel:qlogic virtual fabric extension module for ibm bladecenterscope:eqversion:9.0

Trust: 0.3

vendor:ibmmodel:qlogic 8gb intelligent pass-thru module & san switch module forscope:eqversion:7.10

Trust: 0.3

vendor:ibmmodel:proventia network enterprise scannerscope:eqversion:2.3

Trust: 0.3

vendor:ibmmodel:power hmcscope:eqversion:8.4.0.0

Trust: 0.3

vendor:ibmmodel:power hmcscope:eqversion:8.3.0.0

Trust: 0.3

vendor:ibmmodel:power hmcscope:eqversion:8.2.0.0

Trust: 0.3

vendor:ibmmodel:power hmcscope:eqversion:8.1.0.0

Trust: 0.3

vendor:ibmmodel:power hmcscope:eqversion:7.9.0.0

Trust: 0.3

vendor:ibmmodel:power hmcscope:eqversion:7.3.0.0

Trust: 0.3

vendor:ibmmodel:mq light client module for node.jsscope:eqversion:1.0.2014111002

Trust: 0.3

vendor:ibmmodel:mq light client module for node.jsscope:eqversion:1.0.2014091001

Trust: 0.3

vendor:ibmmodel:mq light client module for node.jsscope:eqversion:1.0.2014090801

Trust: 0.3

vendor:ibmmodel:mq light client module for node.jsscope:eqversion:1.0.2014090800

Trust: 0.3

vendor:ibmmodel:mq light client module for node.jsscope:eqversion:1.0.2014090300

Trust: 0.3

vendor:ibmmodel:mq light client module for node.js 1.0.2014091000-redscope: - version: -

Trust: 0.3

vendor:ibmmodel:integration busscope:eqversion:9

Trust: 0.3

vendor:ibmmodel:integration busscope:eqversion:10

Trust: 0.3

vendor:ibmmodel:image construction and composition toolscope:eqversion:2.3.2.0

Trust: 0.3

vendor:ibmmodel:image construction and composition toolscope:eqversion:2.3.1.0

Trust: 0.3

vendor:ibmmodel:flex system fc3171 8gb san switchscope:eqversion:9.1

Trust: 0.3

vendor:ibmmodel:flex system fc3171 8gb san pass-thruscope:eqversion:9.1

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.2.0.5

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.1.0.9

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:eqversion:7.0.0.12

Trust: 0.3

vendor:ibmmodel:cognos tm1scope:eqversion:10.2.2

Trust: 0.3

vendor:ibmmodel:cognos tm1scope:eqversion:10.2

Trust: 0.3

vendor:ibmmodel:cognos tm1scope:eqversion:10.1.0

Trust: 0.3

vendor:ibmmodel:cognos insightscope:eqversion:10.2.2

Trust: 0.3

vendor:ibmmodel:cognos insightscope:eqversion:10.2.1

Trust: 0.3

vendor:ibmmodel:cognos insightscope:eqversion:10.2

Trust: 0.3

vendor:hpmodel:vcxscope:eqversion:0

Trust: 0.3

vendor:hpmodel:intelligent management centerscope:eqversion:0

Trust: 0.3

vendor:hpmodel:comwarescope:eqversion:70

Trust: 0.3

vendor:hpmodel:comwarescope:eqversion:50

Trust: 0.3

vendor:fortinetmodel:fortiwebscope:eqversion:5.3.5

Trust: 0.3

vendor:fortinetmodel:fortiwebscope:eqversion:5.3.4

Trust: 0.3

vendor:fortinetmodel:fortiwebscope:eqversion:5.3.3

Trust: 0.3

vendor:fortinetmodel:fortiwebscope:eqversion:5.3.2

Trust: 0.3

vendor:fortinetmodel:fortiwebscope:eqversion:5.3.1

Trust: 0.3

vendor:fortinetmodel:fortiwebscope:eqversion:5.2.1

Trust: 0.3

vendor:fortinetmodel:fortiwebscope:eqversion:5.2.0

Trust: 0.3

vendor:fortinetmodel:fortiwebscope:eqversion:5.1.4

Trust: 0.3

vendor:fortinetmodel:fortiwebscope:eqversion:5.0

Trust: 0.3

vendor:fortinetmodel:fortiwanscope:eqversion:0

Trust: 0.3

vendor:fortinetmodel:fortivoiceosscope:eqversion:0

Trust: 0.3

vendor:fortinetmodel:fortiswitchscope:eqversion:0

Trust: 0.3

vendor:fortinetmodel:fortisandboxscope:eqversion:2.0

Trust: 0.3

vendor:fortinetmodel:fortisandboxscope:eqversion:2.1

Trust: 0.3

vendor:fortinetmodel:fortisandboxscope:eqversion:2.0.3

Trust: 0.3

vendor:fortinetmodel:fortisandboxscope:eqversion:2.0.2

Trust: 0.3

vendor:fortinetmodel:fortirecorderscope:eqversion:2.0.1

Trust: 0.3

vendor:fortinetmodel:fortirecorderscope:eqversion:1.5

Trust: 0.3

vendor:fortinetmodel:fortirecorderscope:eqversion:1.4.2

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.2.4

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.2.3

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.2.2

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.2.1

Trust: 0.3

vendor:fortinetmodel:fortiosscope:eqversion:5.0.0

Trust: 0.3

vendor:fortinetmodel:fortimanagerscope:eqversion:5.2.2

Trust: 0.3

vendor:fortinetmodel:fortimanagerscope:eqversion:5.2.1

Trust: 0.3

vendor:fortinetmodel:fortimanagerscope:eqversion:5.2

Trust: 0.3

vendor:fortinetmodel:fortimanagerscope:eqversion:5.2.4

Trust: 0.3

vendor:fortinetmodel:fortimanagerscope:eqversion:5.2.3

Trust: 0.3

vendor:fortinetmodel:fortimailscope:eqversion:0

Trust: 0.3

vendor:fortinetmodel:fortiddosscope:eqversion:0

Trust: 0.3

vendor:fortinetmodel:fortidbscope:eqversion:0

Trust: 0.3

vendor:fortinetmodel:forticlient iosscope:eqversion:5.2.1

Trust: 0.3

vendor:fortinetmodel:forticlient androidscope:eqversion:5.2.6

Trust: 0.3

vendor:fortinetmodel:forticlientscope:eqversion:5.2.4.0650

Trust: 0.3

vendor:fortinetmodel:forticlientscope:eqversion:5.2.3.633

Trust: 0.3

vendor:fortinetmodel:forticlientscope:eqversion:5.2.3.091

Trust: 0.3

vendor:fortinetmodel:forticachescope:eqversion:0

Trust: 0.3

vendor:fortinetmodel:fortiauthenticatorscope:eqversion:0

Trust: 0.3

vendor:fortinetmodel:fortiapscope:eqversion:5.0.8

Trust: 0.3

vendor:fortinetmodel:fortiapscope:eqversion:0

Trust: 0.3

vendor:fortinetmodel:fortianalyzerscope:eqversion:0

Trust: 0.3

vendor:fortinetmodel:fortiadcscope:eqversion:4.2

Trust: 0.3

vendor:fortinetmodel:fortiadcscope:eqversion:3.2.1

Trust: 0.3

vendor:fortinetmodel:fortiadcscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:7.3.1

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:6.0.1

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:2.4.1

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:8

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:7.3

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:7.2

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:7.1

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:7.0

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:6.3

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:6.2

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:6.0

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:5.0

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:4.4

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:4.3.3

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:4.3.2

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:4.3.1

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:4.3

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:4.2.1

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:4.2

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:4.1.1

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:4.0

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:3.2.5

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:3.2.4

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:3.2.3

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:3.2.2

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:3.2.1

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:3.1.4

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:3.1.3

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:3.1.2

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:3.1.1

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:3.1

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:3.0

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:2.3

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:2.2

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:2.1

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:2.0

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:1.5

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.2escope:neversion: -

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:neversion:7.6.404

Trust: 0.3

vendor:junipermodel:ctpview 7.3r1scope:neversion: -

Trust: 0.3

vendor:junipermodel:ctpview 7.1r3scope:neversion: -

Trust: 0.3

vendor:ibmmodel:rational clearquestscope:neversion:9.0.0.1

Trust: 0.3

vendor:ibmmodel:rational clearquestscope:neversion:8.0.1.11

Trust: 0.3

vendor:ibmmodel:rational clearquestscope:neversion:8.0.0.18

Trust: 0.3

vendor:ibmmodel:qlogic virtual fabric extension module for ibm bladecenterscope:neversion:9.0.3.16.00

Trust: 0.3

vendor:ibmmodel:qlogic 8gb intelligent pass-thru module & san switch module forscope:neversion:7.10.1.38.00

Trust: 0.3

vendor:ibmmodel:flex system fc3171 8gb san switchscope:neversion:9.1.8.01.00

Trust: 0.3

vendor:ibmmodel:flex system fc3171 8gb san pass-thruscope:neversion:9.1.8.01.00

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:neversion:7.2.0.6

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:neversion:7.1.0.10

Trust: 0.3

vendor:ibmmodel:datapower gatewayscope:neversion:7.0.0.13

Trust: 0.3

vendor:hpmodel:wx5004-ei (comware r2507p44scope:neversion:5)

Trust: 0.3

vendor:hpmodel:vsr (comware e0322p01scope:neversion:7)

Trust: 0.3

vendor:hpmodel:vcxscope:neversion:9.8.19

Trust: 0.3

vendor:hpmodel:(comware r1517p01scope:neversion:v19105)

Trust: 0.3

vendor:hpmodel:u200s and cs (comware f5123p33scope:neversion:5)

Trust: 0.3

vendor:hpmodel:u200a and m (comware f5123p33scope:neversion:5)

Trust: 0.3

vendor:hpmodel:smb1920 (comware r1112scope:neversion:5)

Trust: 0.3

vendor:hpmodel:smb1910 (comware r1113scope:neversion:5)

Trust: 0.3

vendor:hpmodel:smb (comware r1110scope:neversion:16205)

Trust: 0.3

vendor:hpmodel:secblade fw (comware r3181p07scope:neversion:5)

Trust: 0.3

vendor:hpmodel:nj5000 r1107scope:neversion: -

Trust: 0.3

vendor:hpmodel:msr4000 (comware r0306p12scope:neversion:7)

Trust: 0.3

vendor:hpmodel:msr3000 (comware r0306p12scope:neversion:7)

Trust: 0.3

vendor:hpmodel:msr2000 (comware r0306p12scope:neversion:7)

Trust: 0.3

vendor:hpmodel:msr20-1x (comware r2516scope:neversion:5)

Trust: 0.3

vendor:hpmodel:msr20 (comware r2516scope:neversion:5)

Trust: 0.3

vendor:hpmodel:msr1000 (comware r0306p12scope:neversion:7)

Trust: 0.3

vendor:hpmodel:msr (comware r2516scope:neversion:9xx5)

Trust: 0.3

vendor:hpmodel:msr (comware r2516scope:neversion:93x5)

Trust: 0.3

vendor:hpmodel:msr 50-g2 (comware r2516scope:neversion:5)

Trust: 0.3

vendor:hpmodel:msr (comware r2516scope:neversion:505)

Trust: 0.3

vendor:hpmodel:msr (comware r2516scope:neversion:30-1x5)

Trust: 0.3

vendor:hpmodel:msr (comware r2516scope:neversion:30-165)

Trust: 0.3

vendor:hpmodel:msr (comware r2516scope:neversion:305)

Trust: 0.3

vendor:hpmodel:moonshot r2432p01scope:neversion: -

Trust: 0.3

vendor:hpmodel:imc wsm e0502p04scope:neversion:7.2

Trust: 0.3

vendor:hpmodel:imc uam tam e0406scope:neversion:7.1

Trust: 0.3

vendor:hpmodel:imc plat e0403p04scope:neversion:7.2

Trust: 0.3

vendor:hpmodel:imc inode e0407scope:neversion:7.2

Trust: 0.3

vendor:hpmodel:hsr6800 ru r3303p28.ruscope:neversion:5

Trust: 0.3

vendor:hpmodel:hsr6800 (comware r7103p09scope:neversion:7)

Trust: 0.3

vendor:hpmodel:hsr6800 (comware r3303p28scope:neversion:5)

Trust: 0.3

vendor:hpmodel:hsr6602 ru r3303p28.ruscope:neversion:5

Trust: 0.3

vendor:hpmodel:hsr6602 (comware r3303p28scope:neversion:5)

Trust: 0.3

vendor:hpmodel:hsr6600 (comware r7103p09scope:neversion:7)

Trust: 0.3

vendor:hpmodel:hp870 (comware r2607p51scope:neversion:5)

Trust: 0.3

vendor:hpmodel:hp850 (comware r2607p51scope:neversion:5)

Trust: 0.3

vendor:hpmodel:hp830 (comware r3507p51scope:neversion:5)

Trust: 0.3

vendor:hpmodel:hp6000 (comware r2507p44scope:neversion:5)

Trust: 0.3

vendor:hpmodel:f5000-a (comware f3210p26scope:neversion:5)

Trust: 0.3

vendor:hpmodel:a6600 (comware r3303p28scope:neversion:5)

Trust: 0.3

vendor:hpmodel:9500e (comware r1829p02scope:neversion:5)

Trust: 0.3

vendor:hpmodel:(comware r2150scope:neversion:79007)

Trust: 0.3

vendor:hpmodel:(comware r7180scope:neversion:75007)

Trust: 0.3

vendor:hpmodel:(comware r6710p02scope:neversion:75005)

Trust: 0.3

vendor:hpmodel:ru r3303p28.ruscope:neversion:66025

Trust: 0.3

vendor:hpmodel:rse ru r3303p28.ruscope:neversion:66005

Trust: 0.3

vendor:hpmodel:rpe ru r3303p28.ruscope:neversion:66005

Trust: 0.3

vendor:hpmodel:6127xlg r2432p01scope:neversion: -

Trust: 0.3

vendor:hpmodel:6125xlg r2432p01scope:neversion: -

Trust: 0.3

vendor:hpmodel:6125g/xg blade switch r2112p05scope:neversion: -

Trust: 0.3

vendor:hpmodel:(comware r2432p01scope:neversion:59307)

Trust: 0.3

vendor:hpmodel:(comware r2432p01scope:neversion:59007)

Trust: 0.3

vendor:hpmodel:(comware r1118p13scope:neversion:58305)

Trust: 0.3

vendor:hpmodel:(comware r1810p03scope:neversion:58005)

Trust: 0.3

vendor:hpmodel:(comware r2432p01scope:neversion:57007)

Trust: 0.3

vendor:hpmodel:5510hi (comware r1120scope:neversion:7)

Trust: 0.3

vendor:hpmodel:5500si (comware r2221p22scope:neversion:5)

Trust: 0.3

vendor:hpmodel:hi (comware r5501p21scope:neversion:55005)

Trust: 0.3

vendor:hpmodel:ei (comware r2221p22scope:neversion:55005)

Trust: 0.3

vendor:hpmodel:5130hi (comware r1120scope:neversion:7)

Trust: 0.3

vendor:hpmodel:(comware r3113p02scope:neversion:51307)

Trust: 0.3

vendor:hpmodel:si (comware r1517scope:neversion:51205)

Trust: 0.3

vendor:hpmodel:ei (comware r2221p22scope:neversion:51205)

Trust: 0.3

vendor:hpmodel:4800g (comware r2221p22scope:neversion:5)

Trust: 0.3

vendor:hpmodel:4500g (comware r2221p22scope:neversion:5)

Trust: 0.3

vendor:hpmodel:4210g (comware r2221p22scope:neversion:5)

Trust: 0.3

vendor:hpmodel:(comware r5319p15scope:neversion:36105)

Trust: 0.3

vendor:hpmodel:(comware r2111p01scope:neversion:3600v25)

Trust: 0.3

vendor:hpmodel:(comware r5213p01scope:neversion:3100v25)

Trust: 0.3

vendor:hpmodel:(comware r3113p02scope:neversion:19507)

Trust: 0.3

vendor:hpmodel:(comware r1150scope:neversion:129007)

Trust: 0.3

vendor:hpmodel:(comware r7377scope:neversion:125007)

Trust: 0.3

vendor:hpmodel:(comware r1829p02scope:neversion:125005)

Trust: 0.3

vendor:hpmodel:(comware r7180scope:neversion:105007)

Trust: 0.3

vendor:hpmodel:(comware r1210p02scope:neversion:105005)

Trust: 0.3

vendor:applemodel:xcodescope:neversion:8.1

Trust: 0.3

sources: BID: 78705 // JVNDB: JVNDB-2015-006114 // CNNVD: CNNVD-201512-073 // NVD: CVE-2015-3193

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-3193
value: HIGH

Trust: 1.0

NVD: CVE-2015-3193
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201512-073
value: HIGH

Trust: 0.6

VULMON: CVE-2015-3193
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-3193
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

nvd@nist.gov: CVE-2015-3193
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: VULMON: CVE-2015-3193 // JVNDB: JVNDB-2015-006114 // CNNVD: CNNVD-201512-073 // NVD: CVE-2015-3193

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.8

sources: JVNDB: JVNDB-2015-006114 // NVD: CVE-2015-3193

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 134652 // CNNVD: CNNVD-201512-073

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201512-073

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-006114

PATCH

title:Release Strategyurl:https://www.openssl.org/policies/releasestrat.html

Trust: 0.8

title:OpenSSL 1.0.2 Series Release Notesurl:https://www.openssl.org/news/openssl-1.0.2-notes.html

Trust: 0.8

title:bn/asm/x86_64-mont5.pl: fix carry propagating bug (CVE-2015-3193).url:https://git.openssl.org/?p=openssl.git;a=commit;h=d73cc256c8e256c32ed959456101b73ba9842f72

Trust: 0.8

title:BN_mod_exp may produce incorrect results on x86_64 (CVE-2015-3193)url:http://openssl.org/news/secadv/20151203.txt

Trust: 0.8

title:Oracle Critical Patch Update CVSS V2 Risk Matrices - April 2016url:http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html

Trust: 0.8

title:Text Form of Oracle Critical Patch Update - April 2016 Risk Matricesurl:http://www.oracle.com/technetwork/topics/security/cpuapr2016verbose-2881709.html

Trust: 0.8

title:Oracle Critical Patch Update Advisory - July 2016url:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

Trust: 0.8

title:Text Form of Oracle Critical Patch Update - July 2016 Risk Matricesurl:http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html

Trust: 0.8

title:Oracle Critical Patch Update Advisory - April 2016url:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html

Trust: 0.8

title:Bug 1288317url:https://bugzilla.redhat.com/show_bug.cgi?id=1288317

Trust: 0.8

title:April 2016 Critical Patch Update Releasedurl:https://blogs.oracle.com/security/entry/april_2016_critical_patch_update

Trust: 0.8

title:July 2016 Critical Patch Update Releasedurl:https://blogs.oracle.com/security/entry/july_2016_critical_patch_update

Trust: 0.8

title:OpenSSL'BN_mod_exp' Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=58935

Trust: 0.6

title:Arch Linux Advisories: [ASA-201701-37] openssl: multiple issuesurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201701-37

Trust: 0.1

title:Arch Linux Advisories: [ASA-201701-36] lib32-openssl: multiple issuesurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201701-36

Trust: 0.1

title:Red Hat: CVE-2015-3193url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2015-3193

Trust: 0.1

title:Ubuntu Security Notice: openssl vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-2830-1

Trust: 0.1

title:Cisco: Multiple Vulnerabilities in OpenSSL (December 2015) Affecting Cisco Productsurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20151204-openssl

Trust: 0.1

title:Symantec Security Advisories: SA105 : OpenSSL Vulnerabilities 3-Dec-2015url:https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories&qid=a924415f718a299b2d1e8046890941f3

Trust: 0.1

title:Oracle: Oracle Critical Patch Update Advisory - October 2017url:https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=523d3f220a64ff01dd95e064bd37566a

Trust: 0.1

title:Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2018url:https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=525e4e31765e47b9e53b24e880af9d6e

Trust: 0.1

title:Oracle: Oracle Critical Patch Update Advisory - April 2016url:https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=122319027ae43d6d626710f1b1bb1d43

Trust: 0.1

title:Oracle: Oracle Critical Patch Update Advisory - July 2016url:https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=3a04485ebb79f7fbc2472bf9af5ce489

Trust: 0.1

title:bignum-fuzzurl:https://github.com/hannob/bignum-fuzz

Trust: 0.1

title: - url:https://github.com/Live-Hack-CVE/CVE-2015-3193

Trust: 0.1

title: - url:https://github.com/Live-Hack-CVE/CVE-2017-3732

Trust: 0.1

title: - url:https://github.com/Live-Hack-CVE/CVE-2017-3738

Trust: 0.1

title:fuzzing-stuffurl:https://github.com/alphaSeclab/fuzzing-stuff

Trust: 0.1

title: - url:https://github.com/imhunterand/hackerone-publicy-disclosed

Trust: 0.1

title: - url:https://github.com/aravindb26/new.txt

Trust: 0.1

title:afl-cveurl:https://github.com/mrash/afl-cve

Trust: 0.1

sources: VULMON: CVE-2015-3193 // JVNDB: JVNDB-2015-006114 // CNNVD: CNNVD-201512-073

EXTERNAL IDS

db:NVDid:CVE-2015-3193

Trust: 3.5

db:BIDid:78705

Trust: 2.0

db:JUNIPERid:JSA10761

Trust: 2.0

db:BIDid:91787

Trust: 1.7

db:SECTRACKid:1034294

Trust: 1.7

db:SIEMENSid:SSA-412672

Trust: 1.7

db:JUNIPERid:JSA10759

Trust: 1.7

db:PULSESECUREid:SA40100

Trust: 1.7

db:ISCid:AA-01438

Trust: 1.7

db:JVNid:JVNVU95113540

Trust: 0.8

db:JVNDBid:JVNDB-2015-006114

Trust: 0.8

db:AUSCERTid:ESB-2019.4645

Trust: 0.6

db:AUSCERTid:ESB-2019.4325

Trust: 0.6

db:CNNVDid:CNNVD-201512-073

Trust: 0.6

db:MCAFEEid:SB10203

Trust: 0.3

db:ICS CERTid:ICSA-22-349-21

Trust: 0.1

db:VULMONid:CVE-2015-3193

Trust: 0.1

db:PACKETSTORMid:134875

Trust: 0.1

db:PACKETSTORMid:139380

Trust: 0.1

db:PACKETSTORMid:134652

Trust: 0.1

db:PACKETSTORMid:169632

Trust: 0.1

db:PACKETSTORMid:169650

Trust: 0.1

db:PACKETSTORMid:169631

Trust: 0.1

db:PACKETSTORMid:169626

Trust: 0.1

sources: VULMON: CVE-2015-3193 // BID: 78705 // JVNDB: JVNDB-2015-006114 // PACKETSTORM: 134875 // PACKETSTORM: 139380 // PACKETSTORM: 134652 // PACKETSTORM: 169632 // PACKETSTORM: 169650 // PACKETSTORM: 169631 // PACKETSTORM: 169626 // CNNVD: CNNVD-201512-073 // NVD: CVE-2015-3193

REFERENCES

url:https://blog.fuzzing-project.org/31-fuzzing-math-miscalculations-in-openssls-bn_mod_exp-cve-2015-3193.html

Trust: 2.5

url:http://openssl.org/news/secadv/20151203.txt

Trust: 2.0

url:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

Trust: 2.0

url:http://www.fortiguard.com/advisory/openssl-advisory-december-2015

Trust: 2.0

url:http://www.ubuntu.com/usn/usn-2830-1

Trust: 1.8

url:https://bugzilla.redhat.com/show_bug.cgi?id=1288317

Trust: 1.7

url:https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40100

Trust: 1.7

url:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html

Trust: 1.7

url:http://www.securityfocus.com/bid/91787

Trust: 1.7

url:http://fortiguard.com/advisory/openssl-advisory-december-2015

Trust: 1.7

url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151204-openssl

Trust: 1.7

url:http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.754583

Trust: 1.7

url:http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.539966

Trust: 1.7

url:http://kb.juniper.net/infocenter/index?page=content&id=jsa10759

Trust: 1.7

url:https://kb.isc.org/article/aa-01438

Trust: 1.7

url:http://kb.juniper.net/infocenter/index?page=content&id=jsa10761

Trust: 1.7

url:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05398322

Trust: 1.7

url:http://www.securitytracker.com/id/1034294

Trust: 1.7

url:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

Trust: 1.7

url:http://www.securityfocus.com/bid/78705

Trust: 1.7

url:https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

Trust: 1.7

url:https://git.openssl.org/?p=openssl.git%3ba=commit%3bh=d73cc256c8e256c32ed959456101b73ba9842f72

Trust: 1.7

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3193

Trust: 0.9

url:http://jvn.jp/vu/jvnvu95113540/index.html

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3193

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2015-3193

Trust: 0.7

url:https://git.openssl.org/?p=openssl.git;a=commit;h=d73cc256c8e256c32ed959456101b73ba9842f72

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-201914246-1.html

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1106811

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4645/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4325/

Trust: 0.6

url:https://kb.netapp.com/support/index?page=content&id=9010051&actp=rss

Trust: 0.3

url:http://openssl.org/

Trust: 0.3

url:https://kb.juniper.net/infocenter/index?page=content&id=jsa10761&cat=sirt_1&actp=list

Trust: 0.3

url:http://prod.lists.apple.com/archives/security-announce/2016/oct/msg00005.html

Trust: 0.3

url:https://kc.mcafee.com/corporate/index?page=content&id=sb10203

Trust: 0.3

url:https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05398322

Trust: 0.3

url:https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099426

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=nas8n1021091

Trust: 0.3

url:http://www.ibm.com/support/docview.wss?uid=swg21979528

Trust: 0.3

url:http://www.ibm.com/support/docview.wss?uid=swg21979761

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21974168

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21980969

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21982172

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21982608

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21982877

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21982883

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21983532

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21982347

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2015-3194

Trust: 0.3

url:https://www.openssl.org/policies/secpolicy.html

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2017-3732

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2015-3196

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2015-1794

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2015-3195

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2017-3736

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/200.html

Trust: 0.1

url:https://github.com/hannob/bignum-fuzz

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21

Trust: 0.1

url:http://tools.cisco.com/security/center/viewalert.x?alertid=42528

Trust: 0.1

url:https://usn.ubuntu.com/2830-1/

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8461

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-8000

Trust: 0.1

url:http://slackware.com

Trust: 0.1

url:http://osuosl.org)

Trust: 0.1

url:http://slackware.com/gpg-key

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8000

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-8461

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-2086

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-0797

Trust: 0.1

url:https://www.apple.com/support/security/pgp/

Trust: 0.1

url:https://gpgtools.org

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-8027

Trust: 0.1

url:https://developer.apple.com/xcode/downloads/

Trust: 0.1

url:https://support.apple.com/kb/ht1222

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-0702

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-2216

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-0705

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-6764

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1669

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.16

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu11.5

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/openssl/1.0.2d-0ubuntu1.2

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.32

Trust: 0.1

url:https://www.openssl.org/about/secpolicy.html

Trust: 0.1

url:https://www.openssl.org/about/releasestrat.html),

Trust: 0.1

url:https://www.openssl.org/news/secadv/20151203.txt

Trust: 0.1

url:https://www.openssl.org/news/secadv/20161110.txt

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-7055

Trust: 0.1

url:https://www.openssl.org/news/secadv/20170126.txt

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-3731

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-3730

Trust: 0.1

url:https://www.openssl.org/news/secadv/20170828.txt,

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-3735

Trust: 0.1

url:https://www.openssl.org/news/secadv/20171102.txt

Trust: 0.1

url:https://www.openssl.org/news/secadv/20180327.txt

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-0701

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-3738

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-0739

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-0733

Trust: 0.1

sources: VULMON: CVE-2015-3193 // BID: 78705 // JVNDB: JVNDB-2015-006114 // PACKETSTORM: 134875 // PACKETSTORM: 139380 // PACKETSTORM: 134652 // PACKETSTORM: 169632 // PACKETSTORM: 169650 // PACKETSTORM: 169631 // PACKETSTORM: 169626 // CNNVD: CNNVD-201512-073 // NVD: CVE-2015-3193

CREDITS

Hanno Böck

Trust: 0.3

sources: BID: 78705

SOURCES

db:VULMONid:CVE-2015-3193
db:BIDid:78705
db:JVNDBid:JVNDB-2015-006114
db:PACKETSTORMid:134875
db:PACKETSTORMid:139380
db:PACKETSTORMid:134652
db:PACKETSTORMid:169632
db:PACKETSTORMid:169650
db:PACKETSTORMid:169631
db:PACKETSTORMid:169626
db:CNNVDid:CNNVD-201512-073
db:NVDid:CVE-2015-3193

LAST UPDATE DATE

2024-11-07T21:13:11.775000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2015-3193date:2023-02-13T00:00:00
db:BIDid:78705date:2017-12-19T22:37:00
db:JVNDBid:JVNDB-2015-006114date:2016-08-22T00:00:00
db:CNNVDid:CNNVD-201512-073date:2023-02-13T00:00:00
db:NVDid:CVE-2015-3193date:2023-02-13T00:47:51.587

SOURCES RELEASE DATE

db:VULMONid:CVE-2015-3193date:2015-12-06T00:00:00
db:BIDid:78705date:2015-12-03T00:00:00
db:JVNDBid:JVNDB-2015-006114date:2015-12-08T00:00:00
db:PACKETSTORMid:134875date:2015-12-16T20:23:20
db:PACKETSTORMid:139380date:2016-10-28T12:22:22
db:PACKETSTORMid:134652date:2015-12-07T16:36:58
db:PACKETSTORMid:169632date:2015-12-03T12:12:12
db:PACKETSTORMid:169650date:2017-01-26T12:12:12
db:PACKETSTORMid:169631date:2017-11-02T12:12:12
db:PACKETSTORMid:169626date:2018-03-27T12:12:12
db:CNNVDid:CNNVD-201512-073date:2015-12-07T00:00:00
db:NVDid:CVE-2015-3193date:2015-12-06T20:59:02.613