ID

VAR-201705-3649


CVE

CVE-2017-3732


TITLE

OpenSSL Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2017-003156

DESCRIPTION

There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very similar to CVE-2015-3193 but must be treated as a separate problem. OpenSSL There is a service disruption ( crash ) There are vulnerabilities that are put into a state.Service operation interruption ( crash ) There is a possibility of being put into a state. OpenSSL is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. Versions prior to OpenSSL 1.1.0d and 1.0.2k are vulnerable. OpenSSL Security Advisory [07 Dec 2017] ======================================== Read/write after SSL object in error state (CVE-2017-3737) ========================================================== Severity: Moderate OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. OpenSSL 1.0.2 users should upgrade to 1.0.2n This issue was reported to OpenSSL on 10th November 2017 by David Benjamin (Google). The fix was proposed by David Benjamin and implemented by Matt Caswell of the OpenSSL development team. rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738) ========================================================= Severity: Low There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). Due to the low severity of this issue we are not issuing a new release of OpenSSL 1.1.0 at this time. The fix will be included in OpenSSL 1.1.0h when it becomes available. The fix is also available in commit e502cc86d in the OpenSSL git repository. OpenSSL 1.0.2 users should upgrade to 1.0.2n This issue was reported to OpenSSL on 22nd November 2017 by David Benjamin (Google). The issue was originally found via the OSS-Fuzz project. The fix was developed by Andy Polyakov of the OpenSSL development team. Note ==== Support for version 1.0.1 ended on 31st December 2016. Support for versions 0.9.8 and 1.0.0 ended on 31st December 2015. Those versions are no longer receiving security updates. References ========== URL for this Security Advisory: https://www.openssl.org/news/secadv/20171207.txt Note: the online version of the advisory may be updated with additional details over time. For details of OpenSSL severity classifications please see: https://www.openssl.org/policies/secpolicy.html . Solution: The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files). After installing the updated packages, the httpd daemon will be restarted automatically. Description: This release adds the new Apache HTTP Server 2.4.29 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.23, and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes, enhancements and component upgrades included in this release. This release upgrades OpenSSL to version 1.0.2.n Security Fix(es): * openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec() (CVE-2016-2182) * openssl: Insufficient TLS session ticket HMAC length checks (CVE-2016-6302) * openssl: certificate message OOB reads (CVE-2016-6306) * openssl: Carry propagating bug in Montgomery multiplication (CVE-2016-7055) * openssl: Truncated packet could crash via OOB read (CVE-2017-3731) * openssl: BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732) * openssl: bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736) * openssl: Read/write after SSL object in error state (CVE-2017-3737) * openssl: rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738) Red Hat would like to thank the OpenSSL project for reporting CVE-2016-6306 and CVE-2016-7055. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/): 1367340 - CVE-2016-2182 openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec() 1369855 - CVE-2016-6302 openssl: Insufficient TLS session ticket HMAC length checks 1377594 - CVE-2016-6306 openssl: certificate message OOB reads 1393929 - CVE-2016-7055 openssl: Carry propagating bug in Montgomery multiplication 1416852 - CVE-2017-3731 openssl: Truncated packet could crash via OOB read 1416856 - CVE-2017-3732 openssl: BN_mod_exp may produce incorrect results on x86_64 1509169 - CVE-2017-3736 openssl: bn_sqrx8x_internal carry bug on x86_64 1523504 - CVE-2017-3737 openssl: Read/write after SSL object in error state 1523510 - CVE-2017-3738 openssl: rsaz_1024_mul_avx2 overflow bug on x86_64 6. JIRA issues fixed (https://issues.jboss.org/): JBCS-372 - Errata for httpd 2.4.29 GA RHEL 6 7. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201702-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: OpenSSL: Multiple vulnerabilities Date: February 14, 2017 Bugs: #607318 ID: 201702-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in OpenSSL, the worst of which might allow attackers to access sensitive information. Background ========== OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general purpose cryptography library. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/openssl < 1.0.2k >= 1.0.2k Description =========== Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker is able to crash applications linked against OpenSSL or could obtain sensitive private-key information via an attack against the Diffie-Hellman (DH) ciphersuite. Workaround ========== There is no known workaround at this time. Resolution ========== All OpenSSL users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.2k" References ========== [ 1 ] CVE-2016-7055 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7055 [ 2 ] CVE-2017-3730 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3730 [ 3 ] CVE-2017-3731 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3731 [ 4 ] CVE-2017-3732 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3732 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201702-07 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2017 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 --6TxcaqolfH5V8d0tqHGgGlj1v2tmUA9I9-- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: java-1.8.0-ibm security update Advisory ID: RHSA-2018:2568-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://access.redhat.com/errata/RHSA-2018:2568 Issue date: 2018-08-27 CVE Names: CVE-2016-0705 CVE-2017-3732 CVE-2017-3736 CVE-2018-1517 CVE-2018-1656 CVE-2018-2940 CVE-2018-2952 CVE-2018-2973 CVE-2018-12539 ===================================================================== 1. Summary: An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client Supplementary (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Supplementary (v. 7) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 7) - x86_64 3. Description: IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP20. Security Fix(es): * IBM JDK: privilege escalation via insufficiently restricted access to Attach API (CVE-2018-12539) * openssl: BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732) * openssl: bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736) * IBM JDK: DoS in the java.math component (CVE-2018-1517) * IBM JDK: path traversal flaw in the Diagnostic Tooling Framework (CVE-2018-1656) * Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (Libraries) (CVE-2018-2940) * OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547) (CVE-2018-2952) * Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (JSSE) (CVE-2018-2973) * OpenSSL: Double-free in DSA code (CVE-2016-0705) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the OpenSSL project for reporting CVE-2016-0705. Upstream acknowledges Adam Langley (Google/BoringSSL) as the original reporter of CVE-2016-0705. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of IBM Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1310596 - CVE-2016-0705 OpenSSL: Double-free in DSA code 1416856 - CVE-2017-3732 openssl: BN_mod_exp may produce incorrect results on x86_64 1509169 - CVE-2017-3736 openssl: bn_sqrx8x_internal carry bug on x86_64 1600925 - CVE-2018-2952 OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547) 1602145 - CVE-2018-2973 Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (JSSE) 1602146 - CVE-2018-2940 Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (Libraries) 1618767 - CVE-2018-12539 IBM JDK: privilege escalation via insufficiently restricted access to Attach API 1618869 - CVE-2018-1656 IBM JDK: path traversal flaw in the Diagnostic Tooling Framework 1618871 - CVE-2018-1517 IBM JDK: DoS in the java.math component 6. Package List: Red Hat Enterprise Linux Client Supplementary (v. 7): x86_64: java-1.8.0-ibm-1.8.0.5.20-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-demo-1.8.0.5.20-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-devel-1.8.0.5.20-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-plugin-1.8.0.5.20-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-src-1.8.0.5.20-1jpp.1.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Supplementary (v. 7): x86_64: java-1.8.0-ibm-1.8.0.5.20-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-demo-1.8.0.5.20-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-devel-1.8.0.5.20-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-src-1.8.0.5.20-1jpp.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 7): ppc64: java-1.8.0-ibm-1.8.0.5.20-1jpp.1.el7.ppc64.rpm java-1.8.0-ibm-demo-1.8.0.5.20-1jpp.1.el7.ppc64.rpm java-1.8.0-ibm-devel-1.8.0.5.20-1jpp.1.el7.ppc64.rpm java-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el7.ppc64.rpm java-1.8.0-ibm-plugin-1.8.0.5.20-1jpp.1.el7.ppc64.rpm java-1.8.0-ibm-src-1.8.0.5.20-1jpp.1.el7.ppc64.rpm ppc64le: java-1.8.0-ibm-1.8.0.5.20-1jpp.1.el7.ppc64le.rpm java-1.8.0-ibm-demo-1.8.0.5.20-1jpp.1.el7.ppc64le.rpm java-1.8.0-ibm-devel-1.8.0.5.20-1jpp.1.el7.ppc64le.rpm java-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el7.ppc64le.rpm java-1.8.0-ibm-src-1.8.0.5.20-1jpp.1.el7.ppc64le.rpm s390x: java-1.8.0-ibm-1.8.0.5.20-1jpp.1.el7.s390x.rpm java-1.8.0-ibm-demo-1.8.0.5.20-1jpp.1.el7.s390x.rpm java-1.8.0-ibm-devel-1.8.0.5.20-1jpp.1.el7.s390x.rpm java-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el7.s390x.rpm java-1.8.0-ibm-src-1.8.0.5.20-1jpp.1.el7.s390x.rpm x86_64: java-1.8.0-ibm-1.8.0.5.20-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-demo-1.8.0.5.20-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-devel-1.8.0.5.20-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-plugin-1.8.0.5.20-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-src-1.8.0.5.20-1jpp.1.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 7): x86_64: java-1.8.0-ibm-1.8.0.5.20-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-demo-1.8.0.5.20-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-devel-1.8.0.5.20-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-plugin-1.8.0.5.20-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-src-1.8.0.5.20-1jpp.1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-0705 https://access.redhat.com/security/cve/CVE-2017-3732 https://access.redhat.com/security/cve/CVE-2017-3736 https://access.redhat.com/security/cve/CVE-2018-1517 https://access.redhat.com/security/cve/CVE-2018-1656 https://access.redhat.com/security/cve/CVE-2018-2940 https://access.redhat.com/security/cve/CVE-2018-2952 https://access.redhat.com/security/cve/CVE-2018-2973 https://access.redhat.com/security/cve/CVE-2018-12539 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBW4QI1dzjgjWX9erEAQgiBRAApZ4yMTz6VaYwLOqGPcoQdZzEkg64CARM k1LrzpzgD6tRbaKya/LqvJvIhQlJ4LWs0AAlOM0VNrwdx8ntZ4lGHURqSM1Y14L/ TScLgA22CTbL4u+8BEOrsNCcjnp+5YALbfPv1DCdYvbRwi1J503w4ccwBfttb+1/ EaYh7nrWooa6R6qlkopmk1zprZGCgv3azYOqphcnrooeCC3ZqcBEWZNo/H1TnxWv kXfgxmZS3Rq5399umMOuWh2HDme2tO1OWTdY1+REfZh0Ex5v1rqYm/s+8d2FrEWm Oqk5Azstjt/l5OZfVg/WJd/iy1ob2m5yRUp5mhLFfkctIN/stxqbqLzO17dimdEn mhBwG/IkaGkMqQgEEZ65SXNyS+kW7hS8P4F0BuzmHIfaO3ALpCWOczyyiKHPHMng ZPYeV+roqRVeZ7TY8dfcUOh3eOKivfQBL921x4YdciCgPxBR7eRx8/aw8QL7VFot CRFMkS36Q2YqgfP9XH06AZdUEVJp/dpB1/f+EtR8e6YDdHSSgJvoV9pP0S2DhWnA o5V5efe12Jv3MQgiy5n0Ws4/mhcxthZSTcdBKQfyTsfqngCr1TTnGotN9GI1B0qe XX7pry5RkLnq/l/0T4d6JJceMnK5n/DebajHM+4B1rWQZS+4KUPDN5rYuo4OkI6L KZ2NcbK0Lfw= =5oM3 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 6) - i386, x86_64 3

Trust: 2.61

sources: NVD: CVE-2017-3732 // JVNDB: JVNDB-2017-003156 // BID: 95814 // VULMON: CVE-2017-3732 // PACKETSTORM: 169631 // PACKETSTORM: 169655 // PACKETSTORM: 148521 // PACKETSTORM: 148525 // PACKETSTORM: 141088 // PACKETSTORM: 149110 // PACKETSTORM: 149130

AFFECTED PRODUCTS

vendor:opensslmodel:opensslscope:eqversion:1.0.2a

Trust: 1.6

vendor:opensslmodel:opensslscope:eqversion:1.0.2d

Trust: 1.6

vendor:opensslmodel:opensslscope:eqversion:1.0.2b

Trust: 1.6

vendor:opensslmodel:opensslscope:eqversion:1.0.2e

Trust: 1.6

vendor:opensslmodel:opensslscope:eqversion:1.0.2c

Trust: 1.6

vendor:opensslmodel:opensslscope:eqversion:1.0.2f

Trust: 1.6

vendor:opensslmodel:opensslscope:eqversion:1.0.2

Trust: 1.6

vendor:nodejsmodel:node.jsscope:gteversion:6.9.0

Trust: 1.0

vendor:nodejsmodel:node.jsscope:ltversion:4.7.3

Trust: 1.0

vendor:nodejsmodel:node.jsscope:lteversion:6.8.1

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.2h

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:5.0.0

Trust: 1.0

vendor:nodejsmodel:node.jsscope:ltversion:7.5.0

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:4.0.0

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:7.0.0

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:6.0.0

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.1.0a

Trust: 1.0

vendor:nodejsmodel:node.jsscope:lteversion:4.1.2

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.1.0c

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.1.0b

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.2i

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:4.2.0

Trust: 1.0

vendor:nodejsmodel:node.jsscope:ltversion:6.9.5

Trust: 1.0

vendor:nodejsmodel:node.jsscope:lteversion:5.12.0

Trust: 1.0

vendor:hitachimodel:jp1/automatic job management system 3scope:eqversion:- manager web console

Trust: 0.8

vendor:hitachimodel:jp1/integrated managementscope:eqversion:- service support starter edition

Trust: 0.8

vendor:opensslmodel:opensslscope:eqversion:1.1.0d

Trust: 0.8

vendor:hitachimodel:jp1/it desktop managementscope:eqversion:2 - operations director

Trust: 0.8

vendor:hitachimodel:ucosminexus application serverscope:eqversion:(64)

Trust: 0.8

vendor:opensslmodel:opensslscope:ltversion:1.1.0

Trust: 0.8

vendor:necmodel:systemdirector enterprisescope: - version: -

Trust: 0.8

vendor:necmodel:enterprisedirectoryserverscope:eqversion:all versions

Trust: 0.8

vendor:hitachimodel:job management partner 1/integrated managementscope:eqversion:- service support

Trust: 0.8

vendor:necmodel:webotx application serverscope:eqversion:foundation

Trust: 0.8

vendor:hitachimodel:job management partner 1/it desktop managementscope:eqversion:2 - smart device manager

Trust: 0.8

vendor:hitachimodel:jp1/performance managementscope:eqversion:- web console

Trust: 0.8

vendor:necmodel:express5800scope:eqversion:/sg all versions

Trust: 0.8

vendor:necmodel:webotx enterprise service busscope: - version: -

Trust: 0.8

vendor:opensslmodel:opensslscope:eqversion:1.0.2k

Trust: 0.8

vendor:hitachimodel:ucosminexus service platformscope:eqversion:(64)

Trust: 0.8

vendor:hitachimodel:jp1/performance managementscope:eqversion:- manager

Trust: 0.8

vendor:hitachimodel:jp1/it desktop management - managerscope: - version: -

Trust: 0.8

vendor:hitachimodel:jp1/automatic operationscope: - version: -

Trust: 0.8

vendor:hitachimodel:job management partner 1/performance management - web consolescope: - version: -

Trust: 0.8

vendor:hitachimodel:job management partner 1/it desktop managementscope:eqversion:2 - manager

Trust: 0.8

vendor:necmodel:webotx application serverscope:eqversion:st ard

Trust: 0.8

vendor:hitachimodel:ucosminexus application serverscope:eqversion:none

Trust: 0.8

vendor:hitachimodel:jp1/it desktop managementscope:eqversion:2 - smart device manager

Trust: 0.8

vendor:hitachimodel:jp1/integrated managementscope:eqversion:- service support

Trust: 0.8

vendor:hitachimodel:ucosminexus primary serverscope:eqversion:base

Trust: 0.8

vendor:hitachimodel:ucosminexus primary serverscope:eqversion:base(64)

Trust: 0.8

vendor:hitachimodel:job management partner 1/integrated managementscope:eqversion:- service support advanced edition

Trust: 0.8

vendor:hitachimodel:ucosminexus service platformscope:eqversion:none

Trust: 0.8

vendor:hitachimodel:it operations directorscope: - version: -

Trust: 0.8

vendor:hitachimodel:jp1/service supportscope:eqversion:none

Trust: 0.8

vendor:hitachimodel:jp1/operations analyticsscope: - version: -

Trust: 0.8

vendor:hitachimodel:jp1/service supportscope:eqversion:starter edition

Trust: 0.8

vendor:hitachimodel:cosminexus http serverscope: - version: -

Trust: 0.8

vendor:hitachimodel:ucosminexus application serverscope:eqversion:-r

Trust: 0.8

vendor:hitachimodel:jp1/it desktop managementscope:eqversion:2 - manager

Trust: 0.8

vendor:hitachimodel:job management partner 1/it desktop management - managerscope: - version: -

Trust: 0.8

vendor:hitachimodel:ucosminexus service architectscope: - version: -

Trust: 0.8

vendor:necmodel:webotx application serverscope:eqversion:express

Trust: 0.8

vendor:necmodel:esmpro/serveragentservicescope:eqversion:all versions (linux edition )

Trust: 0.8

vendor:hitachimodel:jp1/performance managementscope:eqversion:- manager web console

Trust: 0.8

vendor:opensslmodel:opensslscope:ltversion:1.0.2

Trust: 0.8

vendor:necmodel:webotx portalscope: - version: -

Trust: 0.8

vendor:hitachimodel:ucosminexus developerscope: - version: -

Trust: 0.8

vendor:necmodel:webotx application serverscope:eqversion:enterprise

Trust: 0.8

vendor:hitachimodel:jp1/integrated managementscope:eqversion:- service support advanced edition

Trust: 0.8

vendor:ubuntumodel:linuxscope:eqversion:16.10

Trust: 0.3

vendor:ubuntumodel:linux ltsscope:eqversion:16.04

Trust: 0.3

vendor:ubuntumodel:linux ltsscope:eqversion:14.04

Trust: 0.3

vendor:ubuntumodel:linux lts i386scope:eqversion:12.04

Trust: 0.3

vendor:ubuntumodel:linux lts amd64scope:eqversion:12.04

Trust: 0.3

vendor:oraclemodel:vm virtualboxscope:eqversion:5.1.16

Trust: 0.3

vendor:oraclemodel:vm virtualboxscope:eqversion:5.1.14

Trust: 0.3

vendor:oraclemodel:vm virtualboxscope:eqversion:5.1.10

Trust: 0.3

vendor:oraclemodel:vm virtualboxscope:eqversion:5.0.34

Trust: 0.3

vendor:oraclemodel:vm virtualboxscope:eqversion:5.0.32

Trust: 0.3

vendor:oraclemodel:vm virtualboxscope:eqversion:5.0.28

Trust: 0.3

vendor:oraclemodel:vm virtualboxscope:eqversion:5.0.26

Trust: 0.3

vendor:oraclemodel:vm virtualboxscope:eqversion:5.0.22

Trust: 0.3

vendor:oraclemodel:vm virtualboxscope:eqversion:5.0.16

Trust: 0.3

vendor:oraclemodel:vm virtualboxscope:eqversion:5.0.14

Trust: 0.3

vendor:oraclemodel:vm virtualboxscope:eqversion:5.0.13

Trust: 0.3

vendor:oraclemodel:vm virtualboxscope:eqversion:5.0.12

Trust: 0.3

vendor:oraclemodel:vm virtualboxscope:eqversion:5.0.11

Trust: 0.3

vendor:oraclemodel:vm virtualboxscope:eqversion:5.0.10

Trust: 0.3

vendor:oraclemodel:vm virtualboxscope:eqversion:5.0.9

Trust: 0.3

vendor:oraclemodel:vm virtualboxscope:eqversion:5.0.8

Trust: 0.3

vendor:oraclemodel:vm virtualboxscope:eqversion:5.0.18

Trust: 0.3

vendor:oraclemodel:tuxedoscope:eqversion:12.1.1.0

Trust: 0.3

vendor:oraclemodel:retail predictive application serverscope:eqversion:16.0

Trust: 0.3

vendor:oraclemodel:retail predictive application serverscope:eqversion:15.0.2

Trust: 0.3

vendor:oraclemodel:retail predictive application serverscope:eqversion:14.1.3

Trust: 0.3

vendor:oraclemodel:retail predictive application serverscope:eqversion:14.0.3

Trust: 0.3

vendor:oraclemodel:retail predictive application serverscope:eqversion:13.4.3

Trust: 0.3

vendor:oraclemodel:retail predictive application serverscope:eqversion:13.3.3

Trust: 0.3

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:eqversion:8.4

Trust: 0.3

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:eqversion:8.3

Trust: 0.3

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:eqversion:16.2

Trust: 0.3

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:eqversion:16.1

Trust: 0.3

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:eqversion:15.2

Trust: 0.3

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:eqversion:15.1

Trust: 0.3

vendor:oraclemodel:transportation managementscope:eqversion:6.2

Trust: 0.3

vendor:oraclemodel:transportation managementscope:eqversion:6.1

Trust: 0.3

vendor:oraclemodel:explorerscope:eqversion:8.15

Trust: 0.3

vendor:oraclemodel:mysql serverscope:eqversion:5.7.17

Trust: 0.3

vendor:oraclemodel:mysql serverscope:eqversion:5.7.16

Trust: 0.3

vendor:oraclemodel:mysql serverscope:eqversion:5.7.15

Trust: 0.3

vendor:oraclemodel:mysql serverscope:eqversion:5.7.12

Trust: 0.3

vendor:oraclemodel:mysql serverscope:eqversion:5.7

Trust: 0.3

vendor:oraclemodel:mysql serverscope:eqversion:5.6.35

Trust: 0.3

vendor:oraclemodel:mysql serverscope:eqversion:5.6.34

Trust: 0.3

vendor:oraclemodel:mysql serverscope:eqversion:5.6.33

Trust: 0.3

vendor:oraclemodel:mysql serverscope:eqversion:5.6.30

Trust: 0.3

vendor:oraclemodel:mysql serverscope:eqversion:5.6.29

Trust: 0.3

vendor:oraclemodel:mysql serverscope:eqversion:5.6.28

Trust: 0.3

vendor:oraclemodel:mysql serverscope:eqversion:5.6.27

Trust: 0.3

vendor:oraclemodel:mysql serverscope:eqversion:5.6.26

Trust: 0.3

vendor:oraclemodel:mysql serverscope:eqversion:5.6.23

Trust: 0.3

vendor:oraclemodel:mysql serverscope:eqversion:5.6.22

Trust: 0.3

vendor:oraclemodel:mysql serverscope:eqversion:5.6.21

Trust: 0.3

vendor:oraclemodel:mysql serverscope:eqversion:5.6.25

Trust: 0.3

vendor:oraclemodel:mysql serverscope:eqversion:5.6.24

Trust: 0.3

vendor:oraclemodel:mysql serverscope:eqversion:5.6.20

Trust: 0.3

vendor:oraclemodel:mysql serverscope:eqversion:5.6.16

Trust: 0.3

vendor:oraclemodel:mysql serverscope:eqversion:5.6.15

Trust: 0.3

vendor:oraclemodel:mysql enterprise monitorscope:eqversion:3.2.1182

Trust: 0.3

vendor:oraclemodel:mysql enterprise monitorscope:eqversion:3.3.2.1162

Trust: 0.3

vendor:oraclemodel:mysql enterprise monitorscope:eqversion:3.3.0.1098

Trust: 0.3

vendor:oraclemodel:mysql enterprise monitorscope:eqversion:3.2.1.1049

Trust: 0.3

vendor:oraclemodel:mysql enterprise monitorscope:eqversion:3.1.6.8003

Trust: 0.3

vendor:oraclemodel:mysql enterprise monitorscope:eqversion:3.1.5.7958

Trust: 0.3

vendor:oraclemodel:mysql enterprise monitorscope:eqversion:3.1.4.7895

Trust: 0.3

vendor:oraclemodel:mysql enterprise monitorscope:eqversion:3.1.3.7856

Trust: 0.3

vendor:oraclemodel:mysql enterprise backupscope:eqversion:4.0.3

Trust: 0.3

vendor:oraclemodel:mysql enterprise backupscope:eqversion:3.12.3

Trust: 0.3

vendor:oraclemodel:mysql enterprise backupscope:eqversion:3.10.1

Trust: 0.3

vendor:oraclemodel:mysql enterprise backupscope:eqversion:3.10

Trust: 0.3

vendor:oraclemodel:mysql connectorsscope:eqversion:6.1.9

Trust: 0.3

vendor:oraclemodel:mysql connectorsscope:eqversion:5.3.7

Trust: 0.3

vendor:oraclemodel:jd edwards world security a9.4scope: - version: -

Trust: 0.3

vendor:oraclemodel:jd edwards world security a9.3scope: - version: -

Trust: 0.3

vendor:oraclemodel:jd edwards world security a9.2scope: - version: -

Trust: 0.3

vendor:oraclemodel:jd edwards world security a9.1scope: - version: -

Trust: 0.3

vendor:oraclemodel:jd edwards enterpriseone toolsscope:eqversion:9.2

Trust: 0.3

vendor:oraclemodel:enterprise manager ops centerscope:eqversion:12.3.2

Trust: 0.3

vendor:oraclemodel:enterprise manager ops centerscope:eqversion:12.2.2

Trust: 0.3

vendor:oraclemodel:enterprise manager base platformscope:eqversion:12.1

Trust: 0.3

vendor:oraclemodel:enterprise manager base platformscope:eqversion:13.2.0.0

Trust: 0.3

vendor:oraclemodel:enterprise manager base platformscope:eqversion:13.1.0.0

Trust: 0.3

vendor:oraclemodel:endeca serverscope:eqversion:7.4

Trust: 0.3

vendor:oraclemodel:endeca serverscope:eqversion:7.7.0

Trust: 0.3

vendor:oraclemodel:endeca serverscope:eqversion:7.6.1.0.0

Trust: 0.3

vendor:oraclemodel:endeca serverscope:eqversion:7.6.0

Trust: 0.3

vendor:oraclemodel:endeca serverscope:eqversion:7.5.1.1

Trust: 0.3

vendor:oraclemodel:endeca serverscope:eqversion:7.5.0

Trust: 0.3

vendor:oraclemodel:endeca serverscope:eqversion:7.3.0

Trust: 0.3

vendor:oraclemodel:communications session border controller scz7.4.0scope: - version: -

Trust: 0.3

vendor:oraclemodel:communications session border controller scz7.3.0scope: - version: -

Trust: 0.3

vendor:oraclemodel:communications security gatewayscope:eqversion:3.0

Trust: 0.3

vendor:oraclemodel:communications network charging and controlscope:eqversion:5.0.1

Trust: 0.3

vendor:oraclemodel:communications network charging and controlscope:eqversion:5.0.2.0

Trust: 0.3

vendor:oraclemodel:communications network charging and controlscope:eqversion:5.0.1.0.0

Trust: 0.3

vendor:oraclemodel:communications network charging and controlscope:eqversion:5.0.1.0

Trust: 0.3

vendor:oraclemodel:communications network charging and controlscope:eqversion:5.0.0.2.0

Trust: 0.3

vendor:oraclemodel:communications network charging and controlscope:eqversion:5.0.0.2

Trust: 0.3

vendor:oraclemodel:communications network charging and controlscope:eqversion:5.0.0.1.0

Trust: 0.3

vendor:oraclemodel:communications network charging and controlscope:eqversion:5.0.0.1

Trust: 0.3

vendor:oraclemodel:communications network charging and controlscope:eqversion:4.4.1.5.0

Trust: 0.3

vendor:oraclemodel:communications eagle lnp application processorscope:eqversion:10.0

Trust: 0.3

vendor:oraclemodel:commerce guided searchscope:eqversion:6.5.2

Trust: 0.3

vendor:oraclemodel:commerce guided searchscope:eqversion:6.5.1

Trust: 0.3

vendor:oraclemodel:commerce guided searchscope:eqversion:6.5

Trust: 0.3

vendor:oraclemodel:commerce guided searchscope:eqversion:6.3

Trust: 0.3

vendor:oraclemodel:commerce guided searchscope:eqversion:6.2.2

Trust: 0.3

vendor:oraclemodel:commerce guided searchscope:eqversion:6.1.4

Trust: 0.3

vendor:oraclemodel:commerce guided searchscope:eqversion:6.4.1.2

Trust: 0.3

vendor:oraclemodel:commerce experience managerscope:eqversion:6.5.2

Trust: 0.3

vendor:oraclemodel:commerce experience managerscope:eqversion:6.5.1

Trust: 0.3

vendor:oraclemodel:commerce experience managerscope:eqversion:6.5

Trust: 0.3

vendor:oraclemodel:commerce experience managerscope:eqversion:6.3

Trust: 0.3

vendor:oraclemodel:commerce experience managerscope:eqversion:6.2.2

Trust: 0.3

vendor:oraclemodel:commerce experience managerscope:eqversion:6.4.1.2

Trust: 0.3

vendor:oraclemodel:commerce experience managerscope:eqversion:11.2

Trust: 0.3

vendor:oraclemodel:commerce experience managerscope:eqversion:11.1

Trust: 0.3

vendor:oraclemodel:commerce experience managerscope:eqversion:11.0

Trust: 0.3

vendor:oraclemodel:api gatewayscope:eqversion:11.1.2.4.0

Trust: 0.3

vendor:oraclemodel:agile engineering data managementscope:eqversion:6.2

Trust: 0.3

vendor:oraclemodel:agile engineering data managementscope:eqversion:6.1.3

Trust: 0.3

vendor:oraclemodel:access managerscope:eqversion:10.1.4.3.0

Trust: 0.3

vendor:opensslmodel:project opensslscope:eqversion:1.1

Trust: 0.3

vendor:opensslmodel:project opensslscope:eqversion:1.0.2

Trust: 0.3

vendor:opensslmodel:project openssl 1.1.0cscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.1.0bscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.1.0ascope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.2jscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.2iscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.2hscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.2gscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.2fscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.2escope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.2dscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.2cscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.2bscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.2ascope: - version: -

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.6.405

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.6.404

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.6.403

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.6.402

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.6.401

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.6.400

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.6.4

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.6.3

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.6.2

Trust: 0.3

vendor:mcafeemodel:email gateway 7.6.405h1165239scope: - version: -

Trust: 0.3

vendor:mcafeemodel:email gateway 7.6.405h1157986scope: - version: -

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.6.3.2

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.6.3.1

Trust: 0.3

vendor:mcafeemodel:email gateway 7.6.2h968406scope: - version: -

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.6.1

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.6

Trust: 0.3

vendor:ibmmodel:sdk for node.jsscope:eqversion:6.9.4.0

Trust: 0.3

vendor:ibmmodel:sdk for node.jsscope:eqversion:6.7.0.0

Trust: 0.3

vendor:ibmmodel:sdk for node.jsscope:eqversion:6.6.0.0

Trust: 0.3

vendor:ibmmodel:sdk for node.jsscope:eqversion:6.2.0.0

Trust: 0.3

vendor:ibmmodel:sdk for node.jsscope:eqversion:6.1.0.0

Trust: 0.3

vendor:ibmmodel:sdk for node.jsscope:eqversion:6.0.0.0

Trust: 0.3

vendor:ibmmodel:sdk for node.jsscope:eqversion:4.7.2.0

Trust: 0.3

vendor:ibmmodel:sdk for node.jsscope:eqversion:4.4.6.0

Trust: 0.3

vendor:ibmmodel:sdk for node.jsscope:eqversion:4.4.5.0

Trust: 0.3

vendor:ibmmodel:sdk for node.jsscope:eqversion:4.4.4.0

Trust: 0.3

vendor:ibmmodel:sdk for node.jsscope:eqversion:4.4.3.0

Trust: 0.3

vendor:ibmmodel:sdk for node.jsscope:eqversion:4.4.2.0

Trust: 0.3

vendor:ibmmodel:sdk for node.jsscope:eqversion:4.4.1.0

Trust: 0.3

vendor:ibmmodel:sdk for node.jsscope:eqversion:4.4.0.0

Trust: 0.3

vendor:ibmmodel:sdk for node.jsscope:eqversion:4.3.2.0

Trust: 0.3

vendor:ibmmodel:db2scope:eqversion:9.8

Trust: 0.3

vendor:ibmmodel:db2scope:eqversion:9.7

Trust: 0.3

vendor:ibmmodel:db2scope:eqversion:11.1

Trust: 0.3

vendor:ibmmodel:db2scope:eqversion:10.5

Trust: 0.3

vendor:ibmmodel:db2scope:eqversion:10.1

Trust: 0.3

vendor:gentoomodel:linuxscope: - version: -

Trust: 0.3

vendor:oraclemodel:vm virtualboxscope:neversion:5.1.20

Trust: 0.3

vendor:oraclemodel:vm virtualboxscope:neversion:5.0.38

Trust: 0.3

vendor:oraclemodel:explorerscope:neversion:8.16

Trust: 0.3

vendor:opensslmodel:project openssl 1.1.0dscope:neversion: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.2kscope:neversion: -

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:neversion:7.6.406-3402.103

Trust: 0.3

sources: BID: 95814 // JVNDB: JVNDB-2017-003156 // CNNVD: CNNVD-201702-216 // NVD: CVE-2017-3732

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-3732
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-3732
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201702-216
value: MEDIUM

Trust: 0.6

VULMON: CVE-2017-3732
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-3732
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

nvd@nist.gov: CVE-2017-3732
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2017-3732
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2017-3732 // JVNDB: JVNDB-2017-003156 // CNNVD: CNNVD-201702-216 // NVD: CVE-2017-3732

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.8

sources: JVNDB: JVNDB-2017-003156 // NVD: CVE-2017-3732

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 148525 // CNNVD: CNNVD-201702-216

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201702-216

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-003156

PATCH

title:hitachi-sec-2018-103url:http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2018-103/index.html

Trust: 0.8

title:hitachi-sec-2017-115url:http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2017-115/index.html

Trust: 0.8

title:NV17-011url:http://jpn.nec.com/security-info/secinfo/nv17-011.html

Trust: 0.8

title:BN_mod_exp may produce incorrect results on x86_64url:https://www.openssl.org/news/secadv/20170126.txt

Trust: 0.8

title:hitachi-sec-2018-103url:http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2018-103/index.html

Trust: 0.8

title:hitachi-sec-2017-115url:http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2017-115/index.html

Trust: 0.8

title:OpenSSL Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=67520

Trust: 0.6

title:The Registerurl:https://www.theregister.co.uk/2017/01/31/openssl_patches/

Trust: 0.2

title:Red Hat: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 RHEL 7 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20182185 - Security Advisory

Trust: 0.1

title:Red Hat: Important: java-1.8.0-ibm security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20182575 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 RHEL 6 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20182186 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: java-1.8.0-ibm security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20182713 - Security Advisory

Trust: 0.1

title:Red Hat: Important: java-1.8.0-ibm security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20182568 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20182187 - Security Advisory

Trust: 0.1

title:Red Hat: CVE-2017-3732url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2017-3732

Trust: 0.1

title:Arch Linux Issues: url:https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2017-3732

Trust: 0.1

title:IBM: Security Bulletin: OpenSSL vulnerabilites impacting IBM Aspera Connect 3.7.4 and earlier (CVE-2017-3732, CVE-2016-7055)url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=030cb7ac9266aec85453c1d2339fbc00

Trust: 0.1

title:Ubuntu Security Notice: openssl vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3181-1

Trust: 0.1

title:Arch Linux Advisories: [ASA-201701-37] openssl: multiple issuesurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201701-37

Trust: 0.1

title:Huawei Security Advisories: Security Advisory - Three OpenSSL Vulnerabilities in Huawei Productsurl:https://vulmon.com/vendoradvisory?qidtp=huawei_security_advisories&qid=1181e052a6a83786d4182d45ddb56d5d

Trust: 0.1

title:Symantec Security Advisories: SA141 : OpenSSL Vulnerabilities 26-Jan-2017url:https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories&qid=117bc0d26e74d755d85acf15af842eaf

Trust: 0.1

title:Arch Linux Advisories: [ASA-201701-36] lib32-openssl: multiple issuesurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201701-36

Trust: 0.1

title:IBM: IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect Operations Center and Client Management Service (CVE-2016-0705, CVE-2017-3732, CVE-2017-3736, CVE-2018-1656, CVE-2018-12539)url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=3d9ab13c871ea2142681c7977b25c5ff

Trust: 0.1

title:IBM: IBM Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU – Jul 2018 – Includes Oracle Jul 2018 CPU affects DB2 Recovery Expert for Linux, Unix and Windowsurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=af4ddb95056d65a4af347aec0f652f0e

Trust: 0.1

title:Cisco: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017url:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20170130-openssl

Trust: 0.1

title:IBM: IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cognos Planningurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=62ef85c9034c17315b7d0a712483c5ea

Trust: 0.1

title:IBM: IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Reporting for Development Intelligenceurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=03b0267d78cd8ac1bbb43afc737474f0

Trust: 0.1

title:IBM: IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM InfoSphere Information Serverurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=63bbfc68418161b36080acd59a541d45

Trust: 0.1

title:IBM: IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Privileged Identity Managerurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=42a34f9348fc5f34065c6d25764eb2a2

Trust: 0.1

title:Debian CVElist Bug Report Logs: Security fixes from the July 2017 CPUurl:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=adc1e0c986afd5f2f3b0797ba936d072

Trust: 0.1

title:IBM: IBM Security Bulletin: IBM Cognos Controller 2019Q2 Security Updater: Multiple vulnerabilities have been identified in IBM Cognos Controllerurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=38227211accce022b0a3d9b56a974186

Trust: 0.1

title:Forcepoint Security Advisories: CVE-2017-3730, -3731, -3732 OpenSSL Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=forcepoint_security_advisories&qid=16a227df38f44014c9520f3b6cb5344e

Trust: 0.1

title:Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2017url:https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=a2bac27fb002bed513645d4775c7275b

Trust: 0.1

title:Tenable Security Advisories: [R5] SecurityCenter 5.4.3 Fixes Multiple Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2017-04

Trust: 0.1

title:Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2017url:https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=a31bff03e9909229fd67996884614fdf

Trust: 0.1

title:Oracle: Oracle Critical Patch Update Advisory - July 2017url:https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=2f446a7e1ea263c0c3a365776c6713f2

Trust: 0.1

title:Oracle: Oracle Critical Patch Update Advisory - July 2018url:https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=5f8c525f1408011628af1792207b2099

Trust: 0.1

title:Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2018url:https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=586e6062440cdd312211d748e028164e

Trust: 0.1

title:IBM: IBM Security Bulletin: IBM Security Privileged Identity Manager is affected by multiple vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=dd8c9d5928cc3b1ac8c35b4b24703e38

Trust: 0.1

title:Oracle: Oracle Critical Patch Update Advisory - April 2017url:https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=143b3fb255063c81571469eaa3cf0a87

Trust: 0.1

title:Oracle: Oracle Critical Patch Update Advisory - October 2017url:https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=523d3f220a64ff01dd95e064bd37566a

Trust: 0.1

title:Oracle: Oracle Critical Patch Update Advisory - January 2018url:https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=e2a7f287e9acc8c64ab3df71130bc64d

Trust: 0.1

title:IBM: Security Bulletin: Multiple vulnerabilities in IBM Java affect IBM Netezza Analytics for NPSurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=c36fc403a4c2c6439b732d2fca738f58

Trust: 0.1

title:Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2018url:https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=525e4e31765e47b9e53b24e880af9d6e

Trust: 0.1

title:Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2017url:https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=6283337cd31f81f24d445925f2138c0e

Trust: 0.1

sources: VULMON: CVE-2017-3732 // JVNDB: JVNDB-2017-003156 // CNNVD: CNNVD-201702-216

EXTERNAL IDS

db:NVDid:CVE-2017-3732

Trust: 3.5

db:BIDid:95814

Trust: 2.0

db:SECTRACKid:1037717

Trust: 1.7

db:TENABLEid:TNS-2017-04

Trust: 1.7

db:JVNid:JVNVU92830136

Trust: 0.8

db:JVNDBid:JVNDB-2017-003156

Trust: 0.8

db:AUSCERTid:ESB-2022.0696

Trust: 0.6

db:AUSCERTid:ESB-2019.1415

Trust: 0.6

db:AUSCERTid:ESB-2019.4325

Trust: 0.6

db:AUSCERTid:ESB-2019.0258.3

Trust: 0.6

db:AUSCERTid:ESB-2019.1613

Trust: 0.6

db:AUSCERTid:ESB-2019.0733

Trust: 0.6

db:CNNVDid:CNNVD-201702-216

Trust: 0.6

db:VULMONid:CVE-2017-3732

Trust: 0.1

db:PACKETSTORMid:169631

Trust: 0.1

db:PACKETSTORMid:169655

Trust: 0.1

db:PACKETSTORMid:148521

Trust: 0.1

db:PACKETSTORMid:148525

Trust: 0.1

db:PACKETSTORMid:141088

Trust: 0.1

db:PACKETSTORMid:149110

Trust: 0.1

db:PACKETSTORMid:149130

Trust: 0.1

sources: VULMON: CVE-2017-3732 // BID: 95814 // PACKETSTORM: 169631 // PACKETSTORM: 169655 // PACKETSTORM: 148521 // PACKETSTORM: 148525 // PACKETSTORM: 141088 // PACKETSTORM: 149110 // PACKETSTORM: 149130 // JVNDB: JVNDB-2017-003156 // CNNVD: CNNVD-201702-216 // NVD: CVE-2017-3732

REFERENCES

url:http://www.securityfocus.com/bid/95814

Trust: 2.3

url:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

Trust: 2.0

url:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

Trust: 2.0

url:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

Trust: 2.0

url:https://security.gentoo.org/glsa/201702-07

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2018:2187

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2018:2186

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2018:2568

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2018:2575

Trust: 1.8

url:https://www.openssl.org/news/secadv/20170126.txt

Trust: 1.7

url:http://www.securitytracker.com/id/1037717

Trust: 1.7

url:https://www.tenable.com/security/tns-2017-04

Trust: 1.7

url:https://security.freebsd.org/advisories/freebsd-sa-17:02.openssl.asc

Trust: 1.7

url:https://github.com/openssl/openssl/commit/a59b90bf491410f1f2bc4540cc21f1980fd14c5b

Trust: 1.7

url:https://access.redhat.com/errata/rhsa-2018:2185

Trust: 1.7

url:https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf03838en_us

Trust: 1.7

url:https://access.redhat.com/errata/rhsa-2018:2713

Trust: 1.7

url:https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2017-3732

Trust: 1.5

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3732

Trust: 0.8

url:https://jvn.jp/vu/jvnvu92830136/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2017-3736

Trust: 0.6

url:http://www.ibm.com/support/docview.wss?uid=ibm10715641

Trust: 0.6

url:http://www.ibm.com/support/docview.wss?uid=ibm10871356

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.0696

Trust: 0.6

url:https://www-01.ibm.com/support/docview.wss?uid=ibm10882734

Trust: 0.6

url:https://www.auscert.org.au/bulletins/76710

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4325/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-affect-ibm-netezza-analytics/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-affect-ibm-netezza-analytics-for-nps/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-jre-8-0-1-1-affect-ibm-netezza-platform-software-clients/

Trust: 0.6

url:http://www.ibm.com/support/docview.wss?uid=ibm10882292

Trust: 0.6

url:https://www.auscert.org.au/bulletins/80494

Trust: 0.6

url:http://www.ibm.com/support/docview.wss?uid=ibm10882754

Trust: 0.6

url:https://www.auscert.org.au/bulletins/79678

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1106811

Trust: 0.6

url:http://www.ibm.com/support/docview.wss?uid=ibm10734877

Trust: 0.6

url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20170503-01-openssl-cn

Trust: 0.6

url:https://www.auscert.org.au/bulletins/74714

Trust: 0.6

url:https://access.redhat.com/security/team/contact/

Trust: 0.4

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2017-3732

Trust: 0.4

url:https://bugzilla.redhat.com/):

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2017-3736

Trust: 0.4

url:http://openssl.org/

Trust: 0.3

url:https://www.openssl.org/news/secadv/20170126.txt

Trust: 0.3

url:https://www.openssl.org/news/vulnerabilities.html

Trust: 0.3

url:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21984819

Trust: 0.3

url:https://kc.mcafee.com/resources/sites/mcafee/content/live/product_documentation/27000/pd27128/en_us/meg_7_6_406_3402_103_release_notes_en_us.pdf

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21999842

Trust: 0.3

url:https://www-01.ibm.com/support/docview.wss?uid=ibm10731657

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2017-3738

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2017-3737

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2017-3731

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2016-7055

Trust: 0.3

url:https://access.redhat.com/articles/11258

Trust: 0.3

url:https://access.redhat.com/security/team/key/

Trust: 0.3

url:https://www.openssl.org/policies/secpolicy.html

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2015-3193

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2016-2182

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2016-6302

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2017-3731

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2017-3737

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2016-6306

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2017-3738

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2016-6306

Trust: 0.2

url:https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.29/

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2016-2182

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2016-7055

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2016-6302

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-2940

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-2952

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-12539

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2016-0705

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2016-0705

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-2973

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-1656

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-2940

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-1517

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-1517

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-2952

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-1656

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-2973

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-12539

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/200.html

Trust: 0.1

url:https://tools.cisco.com/security/center/viewalert.x?alertid=52438

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://usn.ubuntu.com/3181-1/

Trust: 0.1

url:https://www.openssl.org/news/secadv/20170828.txt,

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-3735

Trust: 0.1

url:https://www.openssl.org/news/secadv/20171102.txt

Trust: 0.1

url:https://www.openssl.org/news/secadv/20171207.txt

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-0701

Trust: 0.1

url:https://issues.jboss.org/):

Trust: 0.1

url:http://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-3730

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-3732

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-3731

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-3730

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7055

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

sources: VULMON: CVE-2017-3732 // BID: 95814 // PACKETSTORM: 169631 // PACKETSTORM: 169655 // PACKETSTORM: 148521 // PACKETSTORM: 148525 // PACKETSTORM: 141088 // PACKETSTORM: 149110 // PACKETSTORM: 149130 // JVNDB: JVNDB-2017-003156 // CNNVD: CNNVD-201702-216 // NVD: CVE-2017-3732

CREDITS

The vulnerability is caused by OpenSSL Official website disclosure.

Trust: 0.6

sources: CNNVD: CNNVD-201702-216

SOURCES

db:VULMONid:CVE-2017-3732
db:BIDid:95814
db:PACKETSTORMid:169631
db:PACKETSTORMid:169655
db:PACKETSTORMid:148521
db:PACKETSTORMid:148525
db:PACKETSTORMid:141088
db:PACKETSTORMid:149110
db:PACKETSTORMid:149130
db:JVNDBid:JVNDB-2017-003156
db:CNNVDid:CNNVD-201702-216
db:NVDid:CVE-2017-3732

LAST UPDATE DATE

2025-07-10T22:23:29.924000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2017-3732date:2022-08-29T00:00:00
db:BIDid:95814date:2018-10-15T09:00:00
db:JVNDBid:JVNDB-2017-003156date:2018-02-07T00:00:00
db:CNNVDid:CNNVD-201702-216date:2022-08-30T00:00:00
db:NVDid:CVE-2017-3732date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:VULMONid:CVE-2017-3732date:2017-05-04T00:00:00
db:BIDid:95814date:2017-01-26T00:00:00
db:PACKETSTORMid:169631date:2017-11-02T12:12:12
db:PACKETSTORMid:169655date:2017-12-07T12:12:12
db:PACKETSTORMid:148521date:2018-07-12T21:45:18
db:PACKETSTORMid:148525date:2018-07-12T21:48:57
db:PACKETSTORMid:141088date:2017-02-14T17:07:17
db:PACKETSTORMid:149110date:2018-08-28T16:46:26
db:PACKETSTORMid:149130date:2018-08-29T00:28:49
db:JVNDBid:JVNDB-2017-003156date:2017-05-18T00:00:00
db:CNNVDid:CNNVD-201702-216date:2017-01-26T00:00:00
db:NVDid:CVE-2017-3732date:2017-05-04T19:29:00.400