ID

VAR-201705-3649


CVE

CVE-2017-3732


TITLE

OpenSSL Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2017-003156

DESCRIPTION

There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very similar to CVE-2015-3193 but must be treated as a separate problem. OpenSSL There is a service disruption ( crash ) There are vulnerabilities that are put into a state.Service operation interruption ( crash ) There is a possibility of being put into a state. OpenSSL is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. Versions prior to OpenSSL 1.1.0d and 1.0.2k are vulnerable. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] openssl (SSA:2017-041-02) New openssl packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/openssl-1.0.2k-i586-1_slack14.2.txz: Upgraded. +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated packages for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-1.0.2k-i586-1_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-solibs-1.0.2k-i586-1_slack14.2.txz Updated packages for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-1.0.2k-x86_64-1_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-solibs-1.0.2k-x86_64-1_slack14.2.txz Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.2k-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.2k-i586-1.txz Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.2k-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.2k-x86_64-1.txz MD5 signatures: +-------------+ Slackware 14.2 packages: 1d03d7f59dece41b97104cbe8341b812 openssl-1.0.2k-i586-1_slack14.2.txz c5e689d9ac1c1675c5059b8e7cd42594 openssl-solibs-1.0.2k-i586-1_slack14.2.txz Slackware x86_64 14.2 packages: 5e075d516ab7ccc1ef14f430e599bdef openssl-1.0.2k-x86_64-1_slack14.2.txz 110479b47a4208bcdb43fee59b9f06ca openssl-solibs-1.0.2k-x86_64-1_slack14.2.txz Slackware -current packages: 8eca7a113cf58688dc6203c4091fd0ac a/openssl-solibs-1.0.2k-i586-1.txz 1ee03441f6409e48dda42c006ae5a7ad n/openssl-1.0.2k-i586-1.txz Slackware x86_64 -current packages: 51ed87062d6898bd50705b2c2abc2c68 a/openssl-solibs-1.0.2k-x86_64-1.txz d9e56ff59fd7aa5791bf6809ccea0f92 n/openssl-1.0.2k-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the packages as root: # upgradepkg openssl-1.0.2k-i586-1_slack14.2.txz openssl-solibs-1.0.2k-i586-1_slack14.2.txz +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. Background ========== A fast, multi-threaded, multi-user SQL database server. https://creativecommons.org/licenses/by-sa/2.5 . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201702-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: OpenSSL: Multiple vulnerabilities Date: February 14, 2017 Bugs: #607318 ID: 201702-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in OpenSSL, the worst of which might allow attackers to access sensitive information. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/openssl < 1.0.2k >= 1.0.2k Description =========== Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker is able to crash applications linked against OpenSSL or could obtain sensitive private-key information via an attack against the Diffie-Hellman (DH) ciphersuite. Workaround ========== There is no known workaround at this time. Resolution ========== All OpenSSL users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.2k" References ========== [ 1 ] CVE-2016-7055 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7055 [ 2 ] CVE-2017-3730 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3730 [ 3 ] CVE-2017-3731 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3731 [ 4 ] CVE-2017-3732 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3732 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201702-07 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2017 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 --6TxcaqolfH5V8d0tqHGgGlj1v2tmUA9I9-- . Description: This release adds the new Apache HTTP Server 2.4.29 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.23, and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes, enhancements and component upgrades included in this release. This release upgrades OpenSSL to version 1.0.2.n Security Fix(es): * openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec() (CVE-2016-2182) * openssl: Insufficient TLS session ticket HMAC length checks (CVE-2016-6302) * openssl: certificate message OOB reads (CVE-2016-6306) * openssl: Carry propagating bug in Montgomery multiplication (CVE-2016-7055) * openssl: Truncated packet could crash via OOB read (CVE-2017-3731) * openssl: BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732) * openssl: bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736) * openssl: Read/write after SSL object in error state (CVE-2017-3737) * openssl: rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738) Red Hat would like to thank the OpenSSL project for reporting CVE-2016-6306 and CVE-2016-7055. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/): 1367340 - CVE-2016-2182 openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec() 1369855 - CVE-2016-6302 openssl: Insufficient TLS session ticket HMAC length checks 1377594 - CVE-2016-6306 openssl: certificate message OOB reads 1393929 - CVE-2016-7055 openssl: Carry propagating bug in Montgomery multiplication 1416852 - CVE-2017-3731 openssl: Truncated packet could crash via OOB read 1416856 - CVE-2017-3732 openssl: BN_mod_exp may produce incorrect results on x86_64 1509169 - CVE-2017-3736 openssl: bn_sqrx8x_internal carry bug on x86_64 1523504 - CVE-2017-3737 openssl: Read/write after SSL object in error state 1523510 - CVE-2017-3738 openssl: rsaz_1024_mul_avx2 overflow bug on x86_64 6. JIRA issues fixed (https://issues.jboss.org/): JBCS-373 - Errata for httpd 2.4.29 GA RHEL 7 7. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: java-1.8.0-ibm security update Advisory ID: RHSA-2018:2568-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://access.redhat.com/errata/RHSA-2018:2568 Issue date: 2018-08-27 CVE Names: CVE-2016-0705 CVE-2017-3732 CVE-2017-3736 CVE-2018-1517 CVE-2018-1656 CVE-2018-2940 CVE-2018-2952 CVE-2018-2973 CVE-2018-12539 ===================================================================== 1. Summary: An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client Supplementary (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Supplementary (v. 7) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 7) - x86_64 3. Description: IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP20. Security Fix(es): * IBM JDK: privilege escalation via insufficiently restricted access to Attach API (CVE-2018-12539) * openssl: BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732) * openssl: bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736) * IBM JDK: DoS in the java.math component (CVE-2018-1517) * IBM JDK: path traversal flaw in the Diagnostic Tooling Framework (CVE-2018-1656) * Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (Libraries) (CVE-2018-2940) * OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547) (CVE-2018-2952) * Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (JSSE) (CVE-2018-2973) * OpenSSL: Double-free in DSA code (CVE-2016-0705) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the OpenSSL project for reporting CVE-2016-0705. Upstream acknowledges Adam Langley (Google/BoringSSL) as the original reporter of CVE-2016-0705. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of IBM Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1310596 - CVE-2016-0705 OpenSSL: Double-free in DSA code 1416856 - CVE-2017-3732 openssl: BN_mod_exp may produce incorrect results on x86_64 1509169 - CVE-2017-3736 openssl: bn_sqrx8x_internal carry bug on x86_64 1600925 - CVE-2018-2952 OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547) 1602145 - CVE-2018-2973 Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (JSSE) 1602146 - CVE-2018-2940 Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (Libraries) 1618767 - CVE-2018-12539 IBM JDK: privilege escalation via insufficiently restricted access to Attach API 1618869 - CVE-2018-1656 IBM JDK: path traversal flaw in the Diagnostic Tooling Framework 1618871 - CVE-2018-1517 IBM JDK: DoS in the java.math component 6. Package List: Red Hat Enterprise Linux Client Supplementary (v. 7): x86_64: java-1.8.0-ibm-1.8.0.5.20-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-demo-1.8.0.5.20-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-devel-1.8.0.5.20-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-plugin-1.8.0.5.20-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-src-1.8.0.5.20-1jpp.1.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Supplementary (v. 7): x86_64: java-1.8.0-ibm-1.8.0.5.20-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-demo-1.8.0.5.20-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-devel-1.8.0.5.20-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-src-1.8.0.5.20-1jpp.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 7): ppc64: java-1.8.0-ibm-1.8.0.5.20-1jpp.1.el7.ppc64.rpm java-1.8.0-ibm-demo-1.8.0.5.20-1jpp.1.el7.ppc64.rpm java-1.8.0-ibm-devel-1.8.0.5.20-1jpp.1.el7.ppc64.rpm java-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el7.ppc64.rpm java-1.8.0-ibm-plugin-1.8.0.5.20-1jpp.1.el7.ppc64.rpm java-1.8.0-ibm-src-1.8.0.5.20-1jpp.1.el7.ppc64.rpm ppc64le: java-1.8.0-ibm-1.8.0.5.20-1jpp.1.el7.ppc64le.rpm java-1.8.0-ibm-demo-1.8.0.5.20-1jpp.1.el7.ppc64le.rpm java-1.8.0-ibm-devel-1.8.0.5.20-1jpp.1.el7.ppc64le.rpm java-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el7.ppc64le.rpm java-1.8.0-ibm-src-1.8.0.5.20-1jpp.1.el7.ppc64le.rpm s390x: java-1.8.0-ibm-1.8.0.5.20-1jpp.1.el7.s390x.rpm java-1.8.0-ibm-demo-1.8.0.5.20-1jpp.1.el7.s390x.rpm java-1.8.0-ibm-devel-1.8.0.5.20-1jpp.1.el7.s390x.rpm java-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el7.s390x.rpm java-1.8.0-ibm-src-1.8.0.5.20-1jpp.1.el7.s390x.rpm x86_64: java-1.8.0-ibm-1.8.0.5.20-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-demo-1.8.0.5.20-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-devel-1.8.0.5.20-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-plugin-1.8.0.5.20-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-src-1.8.0.5.20-1jpp.1.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 7): x86_64: java-1.8.0-ibm-1.8.0.5.20-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-demo-1.8.0.5.20-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-devel-1.8.0.5.20-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-plugin-1.8.0.5.20-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-src-1.8.0.5.20-1jpp.1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-0705 https://access.redhat.com/security/cve/CVE-2017-3732 https://access.redhat.com/security/cve/CVE-2017-3736 https://access.redhat.com/security/cve/CVE-2018-1517 https://access.redhat.com/security/cve/CVE-2018-1656 https://access.redhat.com/security/cve/CVE-2018-2940 https://access.redhat.com/security/cve/CVE-2018-2952 https://access.redhat.com/security/cve/CVE-2018-2973 https://access.redhat.com/security/cve/CVE-2018-12539 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBW4QI1dzjgjWX9erEAQgiBRAApZ4yMTz6VaYwLOqGPcoQdZzEkg64CARM k1LrzpzgD6tRbaKya/LqvJvIhQlJ4LWs0AAlOM0VNrwdx8ntZ4lGHURqSM1Y14L/ TScLgA22CTbL4u+8BEOrsNCcjnp+5YALbfPv1DCdYvbRwi1J503w4ccwBfttb+1/ EaYh7nrWooa6R6qlkopmk1zprZGCgv3azYOqphcnrooeCC3ZqcBEWZNo/H1TnxWv kXfgxmZS3Rq5399umMOuWh2HDme2tO1OWTdY1+REfZh0Ex5v1rqYm/s+8d2FrEWm Oqk5Azstjt/l5OZfVg/WJd/iy1ob2m5yRUp5mhLFfkctIN/stxqbqLzO17dimdEn mhBwG/IkaGkMqQgEEZ65SXNyS+kW7hS8P4F0BuzmHIfaO3ALpCWOczyyiKHPHMng ZPYeV+roqRVeZ7TY8dfcUOh3eOKivfQBL921x4YdciCgPxBR7eRx8/aw8QL7VFot CRFMkS36Q2YqgfP9XH06AZdUEVJp/dpB1/f+EtR8e6YDdHSSgJvoV9pP0S2DhWnA o5V5efe12Jv3MQgiy5n0Ws4/mhcxthZSTcdBKQfyTsfqngCr1TTnGotN9GI1B0qe XX7pry5RkLnq/l/0T4d6JJceMnK5n/DebajHM+4B1rWQZS+4KUPDN5rYuo4OkI6L KZ2NcbK0Lfw= =5oM3 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 6) - i386, x86_64 3. =========================================================================== Ubuntu Security Notice USN-3181-1 January 31, 2017 openssl vulnerabilities =========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.10 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: Several security issues were fixed in OpenSSL. Software Description: - openssl: Secure Socket Layer (SSL) cryptographic library and tools Details: Guido Vranken discovered that OpenSSL used undefined behaviour when performing pointer arithmetic. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS as other releases were fixed in a previous security update. (CVE-2016-2177) It was discovered that OpenSSL did not properly handle Montgomery multiplication, resulting in incorrect results leading to transient failures. This issue only applied to Ubuntu 16.04 LTS, and Ubuntu 16.10. (CVE-2016-7055) It was discovered that OpenSSL did not properly use constant-time operations when performing ECDSA P-256 signing. A remote attacker could possibly use this issue to perform a timing attack and recover private ECDSA keys. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-7056) Shi Lei discovered that OpenSSL incorrectly handled certain warning alerts. A remote attacker could possibly use this issue to cause OpenSSL to stop responding, resulting in a denial of service. (CVE-2016-8610) Robert =C5=9Awi=C4=99cki discovered that OpenSSL incorrectly handled certain truncated packets. While unlikely, a remote attacker could possibly use this issue to recover private keys. This issue only applied to Ubuntu 16.04 LTS, and Ubuntu 16.10. (CVE-2017-3732) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.10: libssl1.0.0 1.0.2g-1ubuntu9.1 Ubuntu 16.04 LTS: libssl1.0.0 1.0.2g-1ubuntu4.6 Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.22 Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.39 After a standard system update you need to reboot your computer to make all the necessary changes. OpenSSL Security Advisory [26 Jan 2017] ======================================== Truncated packet could crash via OOB read (CVE-2017-3731) ========================================================= Severity: Moderate If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; users should upgrade to 1.1.0d For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have not disabled that algorithm should update to 1.0.2k This issue was reported to OpenSSL on 13th November 2016 by Robert Święcki of Google. The fix was developed by Andy Polyakov of the OpenSSL development team. Bad (EC)DHE parameters cause a client crash (CVE-2017-3730) =========================================================== Severity: Moderate If a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial of Service attack. This means the git commit with the fix does not contain the CVE identifier. The relevant fix commit can be identified by commit hash efbe126e3. This issue was reported to OpenSSL on 14th January 2017 by Guido Vranken. The fix was developed by Matt Caswell of the OpenSSL development team. UPDATE 31 Jan 2017. This is not true. OpenSSL 1.1.0 users should upgrade to 1.1.0d OpenSSL 1.0.2 users should upgrade to 1.0.2k This issue was reported to OpenSSL on 15th January 2017 by the OSS-Fuzz project. The fix was developed by Andy Polyakov of the OpenSSL development team. Montgomery multiplication may produce incorrect results (CVE-2016-7055) ======================================================================= Severity: Low This issue was previously fixed in 1.1.0c and covered in security advisory https://www.openssl.org/news/secadv/20161110.txt OpenSSL 1.0.2 users should upgrade to 1.0.2k Note ==== Support for version 1.0.1 ended on 31st December 2016. Support for versions 0.9.8 and 1.0.0 ended on 31st December 2015. Those versions are no longer receiving security updates. References ========== URL for this Security Advisory: https://www.openssl.org/news/secadv/20170126.txt Note: the online version of the advisory may be updated with additional details over time. For details of OpenSSL severity classifications please see: https://www.openssl.org/policies/secpolicy.html . OpenSSL Security Advisory [07 Dec 2017] ======================================== Read/write after SSL object in error state (CVE-2017-3737) ========================================================== Severity: Moderate OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). Due to the low severity of this issue we are not issuing a new release of OpenSSL 1.1.0 at this time. The issue was originally found via the OSS-Fuzz project

Trust: 2.79

sources: NVD: CVE-2017-3732 // JVNDB: JVNDB-2017-003156 // BID: 95814 // VULMON: CVE-2017-3732 // PACKETSTORM: 141025 // PACKETSTORM: 146486 // PACKETSTORM: 141088 // PACKETSTORM: 148524 // PACKETSTORM: 149110 // PACKETSTORM: 149130 // PACKETSTORM: 140850 // PACKETSTORM: 169650 // PACKETSTORM: 169655

AFFECTED PRODUCTS

vendor:opensslmodel:opensslscope:eqversion:1.0.2d

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.2i

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.2e

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:4.2.0

Trust: 1.0

vendor:nodejsmodel:node.jsscope:lteversion:6.8.1

Trust: 1.0

vendor:nodejsmodel:node.jsscope:ltversion:6.9.5

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:5.0.0

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:7.0.0

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.2a

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.2f

Trust: 1.0

vendor:nodejsmodel:node.jsscope:ltversion:4.7.3

Trust: 1.0

vendor:nodejsmodel:node.jsscope:ltversion:7.5.0

Trust: 1.0

vendor:nodejsmodel:node.jsscope:lteversion:5.12.0

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:4.0.0

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.2

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.1.0b

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:6.0.0

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.2b

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.2h

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:6.9.0

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.1.0c

Trust: 1.0

vendor:nodejsmodel:node.jsscope:lteversion:4.1.2

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.2c

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.1.0a

Trust: 1.0

vendor:hitachimodel:jp1/automatic job management system 3scope:eqversion:- manager web console

Trust: 0.8

vendor:hitachimodel:jp1/integrated managementscope:eqversion:- service support starter edition

Trust: 0.8

vendor:opensslmodel:opensslscope:eqversion:1.1.0d

Trust: 0.8

vendor:hitachimodel:jp1/it desktop managementscope:eqversion:2 - operations director

Trust: 0.8

vendor:hitachimodel:ucosminexus application serverscope:eqversion:(64)

Trust: 0.8

vendor:opensslmodel:opensslscope:ltversion:1.1.0

Trust: 0.8

vendor:necmodel:systemdirector enterprisescope: - version: -

Trust: 0.8

vendor:necmodel:enterprisedirectoryserverscope:eqversion:all versions

Trust: 0.8

vendor:hitachimodel:job management partner 1/integrated managementscope:eqversion:- service support

Trust: 0.8

vendor:necmodel:webotx application serverscope:eqversion:foundation

Trust: 0.8

vendor:hitachimodel:job management partner 1/it desktop managementscope:eqversion:2 - smart device manager

Trust: 0.8

vendor:hitachimodel:jp1/performance managementscope:eqversion:- web console

Trust: 0.8

vendor:necmodel:express5800scope:eqversion:/sg all versions

Trust: 0.8

vendor:necmodel:webotx enterprise service busscope: - version: -

Trust: 0.8

vendor:opensslmodel:opensslscope:eqversion:1.0.2k

Trust: 0.8

vendor:hitachimodel:ucosminexus service platformscope:eqversion:(64)

Trust: 0.8

vendor:hitachimodel:jp1/performance managementscope:eqversion:- manager

Trust: 0.8

vendor:hitachimodel:jp1/it desktop management - managerscope: - version: -

Trust: 0.8

vendor:hitachimodel:jp1/automatic operationscope: - version: -

Trust: 0.8

vendor:hitachimodel:job management partner 1/performance management - web consolescope: - version: -

Trust: 0.8

vendor:hitachimodel:job management partner 1/it desktop managementscope:eqversion:2 - manager

Trust: 0.8

vendor:necmodel:webotx application serverscope:eqversion:st ard

Trust: 0.8

vendor:hitachimodel:ucosminexus application serverscope:eqversion:none

Trust: 0.8

vendor:hitachimodel:jp1/it desktop managementscope:eqversion:2 - smart device manager

Trust: 0.8

vendor:hitachimodel:jp1/integrated managementscope:eqversion:- service support

Trust: 0.8

vendor:hitachimodel:ucosminexus primary serverscope:eqversion:base

Trust: 0.8

vendor:hitachimodel:ucosminexus primary serverscope:eqversion:base(64)

Trust: 0.8

vendor:hitachimodel:job management partner 1/integrated managementscope:eqversion:- service support advanced edition

Trust: 0.8

vendor:hitachimodel:ucosminexus service platformscope:eqversion:none

Trust: 0.8

vendor:hitachimodel:it operations directorscope: - version: -

Trust: 0.8

vendor:hitachimodel:jp1/service supportscope:eqversion:none

Trust: 0.8

vendor:hitachimodel:jp1/operations analyticsscope: - version: -

Trust: 0.8

vendor:hitachimodel:jp1/service supportscope:eqversion:starter edition

Trust: 0.8

vendor:hitachimodel:cosminexus http serverscope: - version: -

Trust: 0.8

vendor:hitachimodel:ucosminexus application serverscope:eqversion:-r

Trust: 0.8

vendor:hitachimodel:jp1/it desktop managementscope:eqversion:2 - manager

Trust: 0.8

vendor:hitachimodel:job management partner 1/it desktop management - managerscope: - version: -

Trust: 0.8

vendor:hitachimodel:ucosminexus service architectscope: - version: -

Trust: 0.8

vendor:necmodel:webotx application serverscope:eqversion:express

Trust: 0.8

vendor:necmodel:esmpro/serveragentservicescope:eqversion:all versions (linux edition )

Trust: 0.8

vendor:hitachimodel:jp1/performance managementscope:eqversion:- manager web console

Trust: 0.8

vendor:opensslmodel:opensslscope:ltversion:1.0.2

Trust: 0.8

vendor:necmodel:webotx portalscope: - version: -

Trust: 0.8

vendor:hitachimodel:ucosminexus developerscope: - version: -

Trust: 0.8

vendor:necmodel:webotx application serverscope:eqversion:enterprise

Trust: 0.8

vendor:hitachimodel:jp1/integrated managementscope:eqversion:- service support advanced edition

Trust: 0.8

vendor:ubuntumodel:linuxscope:eqversion:16.10

Trust: 0.3

vendor:ubuntumodel:linux ltsscope:eqversion:16.04

Trust: 0.3

vendor:ubuntumodel:linux ltsscope:eqversion:14.04

Trust: 0.3

vendor:ubuntumodel:linux lts i386scope:eqversion:12.04

Trust: 0.3

vendor:ubuntumodel:linux lts amd64scope:eqversion:12.04

Trust: 0.3

vendor:oraclemodel:vm virtualboxscope:eqversion:5.1.16

Trust: 0.3

vendor:oraclemodel:vm virtualboxscope:eqversion:5.1.14

Trust: 0.3

vendor:oraclemodel:vm virtualboxscope:eqversion:5.1.10

Trust: 0.3

vendor:oraclemodel:vm virtualboxscope:eqversion:5.0.34

Trust: 0.3

vendor:oraclemodel:vm virtualboxscope:eqversion:5.0.32

Trust: 0.3

vendor:oraclemodel:vm virtualboxscope:eqversion:5.0.28

Trust: 0.3

vendor:oraclemodel:vm virtualboxscope:eqversion:5.0.26

Trust: 0.3

vendor:oraclemodel:vm virtualboxscope:eqversion:5.0.22

Trust: 0.3

vendor:oraclemodel:vm virtualboxscope:eqversion:5.0.16

Trust: 0.3

vendor:oraclemodel:vm virtualboxscope:eqversion:5.0.14

Trust: 0.3

vendor:oraclemodel:vm virtualboxscope:eqversion:5.0.13

Trust: 0.3

vendor:oraclemodel:vm virtualboxscope:eqversion:5.0.12

Trust: 0.3

vendor:oraclemodel:vm virtualboxscope:eqversion:5.0.11

Trust: 0.3

vendor:oraclemodel:vm virtualboxscope:eqversion:5.0.10

Trust: 0.3

vendor:oraclemodel:vm virtualboxscope:eqversion:5.0.9

Trust: 0.3

vendor:oraclemodel:vm virtualboxscope:eqversion:5.0.8

Trust: 0.3

vendor:oraclemodel:vm virtualboxscope:eqversion:5.0.18

Trust: 0.3

vendor:oraclemodel:tuxedoscope:eqversion:12.1.1.0

Trust: 0.3

vendor:oraclemodel:retail predictive application serverscope:eqversion:16.0

Trust: 0.3

vendor:oraclemodel:retail predictive application serverscope:eqversion:15.0.2

Trust: 0.3

vendor:oraclemodel:retail predictive application serverscope:eqversion:14.1.3

Trust: 0.3

vendor:oraclemodel:retail predictive application serverscope:eqversion:14.0.3

Trust: 0.3

vendor:oraclemodel:retail predictive application serverscope:eqversion:13.4.3

Trust: 0.3

vendor:oraclemodel:retail predictive application serverscope:eqversion:13.3.3

Trust: 0.3

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:eqversion:8.4

Trust: 0.3

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:eqversion:8.3

Trust: 0.3

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:eqversion:16.2

Trust: 0.3

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:eqversion:16.1

Trust: 0.3

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:eqversion:15.2

Trust: 0.3

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:eqversion:15.1

Trust: 0.3

vendor:oraclemodel:transportation managementscope:eqversion:6.2

Trust: 0.3

vendor:oraclemodel:transportation managementscope:eqversion:6.1

Trust: 0.3

vendor:oraclemodel:explorerscope:eqversion:8.15

Trust: 0.3

vendor:oraclemodel:mysql serverscope:eqversion:5.7.17

Trust: 0.3

vendor:oraclemodel:mysql serverscope:eqversion:5.7.16

Trust: 0.3

vendor:oraclemodel:mysql serverscope:eqversion:5.7.15

Trust: 0.3

vendor:oraclemodel:mysql serverscope:eqversion:5.7.12

Trust: 0.3

vendor:oraclemodel:mysql serverscope:eqversion:5.7

Trust: 0.3

vendor:oraclemodel:mysql serverscope:eqversion:5.6.35

Trust: 0.3

vendor:oraclemodel:mysql serverscope:eqversion:5.6.34

Trust: 0.3

vendor:oraclemodel:mysql serverscope:eqversion:5.6.33

Trust: 0.3

vendor:oraclemodel:mysql serverscope:eqversion:5.6.30

Trust: 0.3

vendor:oraclemodel:mysql serverscope:eqversion:5.6.29

Trust: 0.3

vendor:oraclemodel:mysql serverscope:eqversion:5.6.28

Trust: 0.3

vendor:oraclemodel:mysql serverscope:eqversion:5.6.27

Trust: 0.3

vendor:oraclemodel:mysql serverscope:eqversion:5.6.26

Trust: 0.3

vendor:oraclemodel:mysql serverscope:eqversion:5.6.23

Trust: 0.3

vendor:oraclemodel:mysql serverscope:eqversion:5.6.22

Trust: 0.3

vendor:oraclemodel:mysql serverscope:eqversion:5.6.21

Trust: 0.3

vendor:oraclemodel:mysql serverscope:eqversion:5.6.25

Trust: 0.3

vendor:oraclemodel:mysql serverscope:eqversion:5.6.24

Trust: 0.3

vendor:oraclemodel:mysql serverscope:eqversion:5.6.20

Trust: 0.3

vendor:oraclemodel:mysql serverscope:eqversion:5.6.16

Trust: 0.3

vendor:oraclemodel:mysql serverscope:eqversion:5.6.15

Trust: 0.3

vendor:oraclemodel:mysql enterprise monitorscope:eqversion:3.2.1182

Trust: 0.3

vendor:oraclemodel:mysql enterprise monitorscope:eqversion:3.3.2.1162

Trust: 0.3

vendor:oraclemodel:mysql enterprise monitorscope:eqversion:3.3.0.1098

Trust: 0.3

vendor:oraclemodel:mysql enterprise monitorscope:eqversion:3.2.1.1049

Trust: 0.3

vendor:oraclemodel:mysql enterprise monitorscope:eqversion:3.1.6.8003

Trust: 0.3

vendor:oraclemodel:mysql enterprise monitorscope:eqversion:3.1.5.7958

Trust: 0.3

vendor:oraclemodel:mysql enterprise monitorscope:eqversion:3.1.4.7895

Trust: 0.3

vendor:oraclemodel:mysql enterprise monitorscope:eqversion:3.1.3.7856

Trust: 0.3

vendor:oraclemodel:mysql enterprise backupscope:eqversion:4.0.3

Trust: 0.3

vendor:oraclemodel:mysql enterprise backupscope:eqversion:3.12.3

Trust: 0.3

vendor:oraclemodel:mysql enterprise backupscope:eqversion:3.10.1

Trust: 0.3

vendor:oraclemodel:mysql enterprise backupscope:eqversion:3.10

Trust: 0.3

vendor:oraclemodel:mysql connectorsscope:eqversion:6.1.9

Trust: 0.3

vendor:oraclemodel:mysql connectorsscope:eqversion:5.3.7

Trust: 0.3

vendor:oraclemodel:jd edwards world security a9.4scope: - version: -

Trust: 0.3

vendor:oraclemodel:jd edwards world security a9.3scope: - version: -

Trust: 0.3

vendor:oraclemodel:jd edwards world security a9.2scope: - version: -

Trust: 0.3

vendor:oraclemodel:jd edwards world security a9.1scope: - version: -

Trust: 0.3

vendor:oraclemodel:jd edwards enterpriseone toolsscope:eqversion:9.2

Trust: 0.3

vendor:oraclemodel:enterprise manager ops centerscope:eqversion:12.3.2

Trust: 0.3

vendor:oraclemodel:enterprise manager ops centerscope:eqversion:12.2.2

Trust: 0.3

vendor:oraclemodel:enterprise manager base platformscope:eqversion:12.1

Trust: 0.3

vendor:oraclemodel:enterprise manager base platformscope:eqversion:13.2.0.0

Trust: 0.3

vendor:oraclemodel:enterprise manager base platformscope:eqversion:13.1.0.0

Trust: 0.3

vendor:oraclemodel:endeca serverscope:eqversion:7.4

Trust: 0.3

vendor:oraclemodel:endeca serverscope:eqversion:7.7.0

Trust: 0.3

vendor:oraclemodel:endeca serverscope:eqversion:7.6.1.0.0

Trust: 0.3

vendor:oraclemodel:endeca serverscope:eqversion:7.6.0

Trust: 0.3

vendor:oraclemodel:endeca serverscope:eqversion:7.5.1.1

Trust: 0.3

vendor:oraclemodel:endeca serverscope:eqversion:7.5.0

Trust: 0.3

vendor:oraclemodel:endeca serverscope:eqversion:7.3.0

Trust: 0.3

vendor:oraclemodel:communications session border controller scz7.4.0scope: - version: -

Trust: 0.3

vendor:oraclemodel:communications session border controller scz7.3.0scope: - version: -

Trust: 0.3

vendor:oraclemodel:communications security gatewayscope:eqversion:3.0

Trust: 0.3

vendor:oraclemodel:communications network charging and controlscope:eqversion:5.0.1

Trust: 0.3

vendor:oraclemodel:communications network charging and controlscope:eqversion:5.0.2.0

Trust: 0.3

vendor:oraclemodel:communications network charging and controlscope:eqversion:5.0.1.0.0

Trust: 0.3

vendor:oraclemodel:communications network charging and controlscope:eqversion:5.0.1.0

Trust: 0.3

vendor:oraclemodel:communications network charging and controlscope:eqversion:5.0.0.2.0

Trust: 0.3

vendor:oraclemodel:communications network charging and controlscope:eqversion:5.0.0.2

Trust: 0.3

vendor:oraclemodel:communications network charging and controlscope:eqversion:5.0.0.1.0

Trust: 0.3

vendor:oraclemodel:communications network charging and controlscope:eqversion:5.0.0.1

Trust: 0.3

vendor:oraclemodel:communications network charging and controlscope:eqversion:4.4.1.5.0

Trust: 0.3

vendor:oraclemodel:communications eagle lnp application processorscope:eqversion:10.0

Trust: 0.3

vendor:oraclemodel:commerce guided searchscope:eqversion:6.5.2

Trust: 0.3

vendor:oraclemodel:commerce guided searchscope:eqversion:6.5.1

Trust: 0.3

vendor:oraclemodel:commerce guided searchscope:eqversion:6.5

Trust: 0.3

vendor:oraclemodel:commerce guided searchscope:eqversion:6.3

Trust: 0.3

vendor:oraclemodel:commerce guided searchscope:eqversion:6.2.2

Trust: 0.3

vendor:oraclemodel:commerce guided searchscope:eqversion:6.1.4

Trust: 0.3

vendor:oraclemodel:commerce guided searchscope:eqversion:6.4.1.2

Trust: 0.3

vendor:oraclemodel:commerce experience managerscope:eqversion:6.5.2

Trust: 0.3

vendor:oraclemodel:commerce experience managerscope:eqversion:6.5.1

Trust: 0.3

vendor:oraclemodel:commerce experience managerscope:eqversion:6.5

Trust: 0.3

vendor:oraclemodel:commerce experience managerscope:eqversion:6.3

Trust: 0.3

vendor:oraclemodel:commerce experience managerscope:eqversion:6.2.2

Trust: 0.3

vendor:oraclemodel:commerce experience managerscope:eqversion:6.4.1.2

Trust: 0.3

vendor:oraclemodel:commerce experience managerscope:eqversion:11.2

Trust: 0.3

vendor:oraclemodel:commerce experience managerscope:eqversion:11.1

Trust: 0.3

vendor:oraclemodel:commerce experience managerscope:eqversion:11.0

Trust: 0.3

vendor:oraclemodel:api gatewayscope:eqversion:11.1.2.4.0

Trust: 0.3

vendor:oraclemodel:agile engineering data managementscope:eqversion:6.2

Trust: 0.3

vendor:oraclemodel:agile engineering data managementscope:eqversion:6.1.3

Trust: 0.3

vendor:oraclemodel:access managerscope:eqversion:10.1.4.3.0

Trust: 0.3

vendor:opensslmodel:project opensslscope:eqversion:1.1

Trust: 0.3

vendor:opensslmodel:project opensslscope:eqversion:1.0.2

Trust: 0.3

vendor:opensslmodel:project openssl 1.1.0cscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.1.0bscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.1.0ascope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.2jscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.2iscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.2hscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.2gscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.2fscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.2escope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.2dscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.2cscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.2bscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.2ascope: - version: -

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.6.405

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.6.404

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.6.403

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.6.402

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.6.401

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.6.400

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.6.4

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.6.3

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.6.2

Trust: 0.3

vendor:mcafeemodel:email gateway 7.6.405h1165239scope: - version: -

Trust: 0.3

vendor:mcafeemodel:email gateway 7.6.405h1157986scope: - version: -

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.6.3.2

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.6.3.1

Trust: 0.3

vendor:mcafeemodel:email gateway 7.6.2h968406scope: - version: -

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.6.1

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.6

Trust: 0.3

vendor:ibmmodel:sdk for node.jsscope:eqversion:6.9.4.0

Trust: 0.3

vendor:ibmmodel:sdk for node.jsscope:eqversion:6.7.0.0

Trust: 0.3

vendor:ibmmodel:sdk for node.jsscope:eqversion:6.6.0.0

Trust: 0.3

vendor:ibmmodel:sdk for node.jsscope:eqversion:6.2.0.0

Trust: 0.3

vendor:ibmmodel:sdk for node.jsscope:eqversion:6.1.0.0

Trust: 0.3

vendor:ibmmodel:sdk for node.jsscope:eqversion:6.0.0.0

Trust: 0.3

vendor:ibmmodel:sdk for node.jsscope:eqversion:4.7.2.0

Trust: 0.3

vendor:ibmmodel:sdk for node.jsscope:eqversion:4.4.6.0

Trust: 0.3

vendor:ibmmodel:sdk for node.jsscope:eqversion:4.4.5.0

Trust: 0.3

vendor:ibmmodel:sdk for node.jsscope:eqversion:4.4.4.0

Trust: 0.3

vendor:ibmmodel:sdk for node.jsscope:eqversion:4.4.3.0

Trust: 0.3

vendor:ibmmodel:sdk for node.jsscope:eqversion:4.4.2.0

Trust: 0.3

vendor:ibmmodel:sdk for node.jsscope:eqversion:4.4.1.0

Trust: 0.3

vendor:ibmmodel:sdk for node.jsscope:eqversion:4.4.0.0

Trust: 0.3

vendor:ibmmodel:sdk for node.jsscope:eqversion:4.3.2.0

Trust: 0.3

vendor:ibmmodel:db2scope:eqversion:9.8

Trust: 0.3

vendor:ibmmodel:db2scope:eqversion:9.7

Trust: 0.3

vendor:ibmmodel:db2scope:eqversion:11.1

Trust: 0.3

vendor:ibmmodel:db2scope:eqversion:10.5

Trust: 0.3

vendor:ibmmodel:db2scope:eqversion:10.1

Trust: 0.3

vendor:gentoomodel:linuxscope: - version: -

Trust: 0.3

vendor:oraclemodel:vm virtualboxscope:neversion:5.1.20

Trust: 0.3

vendor:oraclemodel:vm virtualboxscope:neversion:5.0.38

Trust: 0.3

vendor:oraclemodel:explorerscope:neversion:8.16

Trust: 0.3

vendor:opensslmodel:project openssl 1.1.0dscope:neversion: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.2kscope:neversion: -

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:neversion:7.6.406-3402.103

Trust: 0.3

sources: BID: 95814 // JVNDB: JVNDB-2017-003156 // NVD: CVE-2017-3732

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-3732
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-3732
value: MEDIUM

Trust: 0.8

VULMON: CVE-2017-3732
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-3732
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

nvd@nist.gov: CVE-2017-3732
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2017-3732
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2017-3732 // JVNDB: JVNDB-2017-003156 // NVD: CVE-2017-3732

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.8

sources: JVNDB: JVNDB-2017-003156 // NVD: CVE-2017-3732

THREAT TYPE

network

Trust: 0.3

sources: BID: 95814

TYPE

Design Error

Trust: 0.3

sources: BID: 95814

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-003156

PATCH

title:hitachi-sec-2018-103url:http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2018-103/index.html

Trust: 0.8

title:hitachi-sec-2017-115url:http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2017-115/index.html

Trust: 0.8

title:NV17-011url:http://jpn.nec.com/security-info/secinfo/nv17-011.html

Trust: 0.8

title:BN_mod_exp may produce incorrect results on x86_64url:https://www.openssl.org/news/secadv/20170126.txt

Trust: 0.8

title:hitachi-sec-2018-103url:http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2018-103/index.html

Trust: 0.8

title:hitachi-sec-2017-115url:http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2017-115/index.html

Trust: 0.8

title:The Registerurl:https://www.theregister.co.uk/2017/01/31/openssl_patches/

Trust: 0.2

title:Red Hat: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 RHEL 7 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20182185 - Security Advisory

Trust: 0.1

title:Red Hat: Important: java-1.8.0-ibm security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20182575 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 RHEL 6 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20182186 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: java-1.8.0-ibm security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20182713 - Security Advisory

Trust: 0.1

title:Red Hat: Important: java-1.8.0-ibm security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20182568 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20182187 - Security Advisory

Trust: 0.1

title:Red Hat: CVE-2017-3732url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2017-3732

Trust: 0.1

title:Arch Linux Issues: url:https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2017-3732

Trust: 0.1

title:IBM: Security Bulletin: OpenSSL vulnerabilites impacting IBM Aspera Connect 3.7.4 and earlier (CVE-2017-3732, CVE-2016-7055)url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=030cb7ac9266aec85453c1d2339fbc00

Trust: 0.1

title:Ubuntu Security Notice: openssl vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3181-1

Trust: 0.1

title:Arch Linux Advisories: [ASA-201701-37] openssl: multiple issuesurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201701-37

Trust: 0.1

title:Huawei Security Advisories: Security Advisory - Three OpenSSL Vulnerabilities in Huawei Productsurl:https://vulmon.com/vendoradvisory?qidtp=huawei_security_advisories&qid=1181e052a6a83786d4182d45ddb56d5d

Trust: 0.1

title:Symantec Security Advisories: SA141 : OpenSSL Vulnerabilities 26-Jan-2017url:https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories&qid=117bc0d26e74d755d85acf15af842eaf

Trust: 0.1

title:Arch Linux Advisories: [ASA-201701-36] lib32-openssl: multiple issuesurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201701-36

Trust: 0.1

title:IBM: IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect Operations Center and Client Management Service (CVE-2016-0705, CVE-2017-3732, CVE-2017-3736, CVE-2018-1656, CVE-2018-12539)url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=3d9ab13c871ea2142681c7977b25c5ff

Trust: 0.1

title:IBM: IBM Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU – Jul 2018 – Includes Oracle Jul 2018 CPU affects DB2 Recovery Expert for Linux, Unix and Windowsurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=af4ddb95056d65a4af347aec0f652f0e

Trust: 0.1

title:Cisco: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017url:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20170130-openssl

Trust: 0.1

title:IBM: IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cognos Planningurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=62ef85c9034c17315b7d0a712483c5ea

Trust: 0.1

title:IBM: IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Reporting for Development Intelligenceurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=03b0267d78cd8ac1bbb43afc737474f0

Trust: 0.1

title:IBM: IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM InfoSphere Information Serverurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=63bbfc68418161b36080acd59a541d45

Trust: 0.1

title:IBM: IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Privileged Identity Managerurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=42a34f9348fc5f34065c6d25764eb2a2

Trust: 0.1

title:Debian CVElist Bug Report Logs: Security fixes from the July 2017 CPUurl:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=adc1e0c986afd5f2f3b0797ba936d072

Trust: 0.1

title:IBM: IBM Security Bulletin: IBM Cognos Controller 2019Q2 Security Updater: Multiple vulnerabilities have been identified in IBM Cognos Controllerurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=38227211accce022b0a3d9b56a974186

Trust: 0.1

title:Forcepoint Security Advisories: CVE-2017-3730, -3731, -3732 OpenSSL Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=forcepoint_security_advisories&qid=16a227df38f44014c9520f3b6cb5344e

Trust: 0.1

title:Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2017url:https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=a2bac27fb002bed513645d4775c7275b

Trust: 0.1

title:Tenable Security Advisories: [R5] SecurityCenter 5.4.3 Fixes Multiple Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2017-04

Trust: 0.1

title:Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2017url:https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=a31bff03e9909229fd67996884614fdf

Trust: 0.1

title:Oracle: Oracle Critical Patch Update Advisory - July 2017url:https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=2f446a7e1ea263c0c3a365776c6713f2

Trust: 0.1

title:Oracle: Oracle Critical Patch Update Advisory - July 2018url:https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=5f8c525f1408011628af1792207b2099

Trust: 0.1

title:Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2018url:https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=586e6062440cdd312211d748e028164e

Trust: 0.1

title:IBM: IBM Security Bulletin: IBM Security Privileged Identity Manager is affected by multiple vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=dd8c9d5928cc3b1ac8c35b4b24703e38

Trust: 0.1

title:Oracle: Oracle Critical Patch Update Advisory - April 2017url:https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=143b3fb255063c81571469eaa3cf0a87

Trust: 0.1

title:Oracle: Oracle Critical Patch Update Advisory - October 2017url:https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=523d3f220a64ff01dd95e064bd37566a

Trust: 0.1

title:Oracle: Oracle Critical Patch Update Advisory - January 2018url:https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=e2a7f287e9acc8c64ab3df71130bc64d

Trust: 0.1

title:IBM: Security Bulletin: Multiple vulnerabilities in IBM Java affect IBM Netezza Analytics for NPSurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=c36fc403a4c2c6439b732d2fca738f58

Trust: 0.1

title:Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2018url:https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=525e4e31765e47b9e53b24e880af9d6e

Trust: 0.1

title:Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2017url:https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=6283337cd31f81f24d445925f2138c0e

Trust: 0.1

sources: VULMON: CVE-2017-3732 // JVNDB: JVNDB-2017-003156

EXTERNAL IDS

db:NVDid:CVE-2017-3732

Trust: 3.1

db:BIDid:95814

Trust: 1.4

db:SECTRACKid:1037717

Trust: 1.1

db:TENABLEid:TNS-2017-04

Trust: 1.1

db:JVNid:JVNVU92830136

Trust: 0.8

db:JVNDBid:JVNDB-2017-003156

Trust: 0.8

db:VULMONid:CVE-2017-3732

Trust: 0.1

db:PACKETSTORMid:141025

Trust: 0.1

db:PACKETSTORMid:146486

Trust: 0.1

db:PACKETSTORMid:141088

Trust: 0.1

db:PACKETSTORMid:148524

Trust: 0.1

db:PACKETSTORMid:149110

Trust: 0.1

db:PACKETSTORMid:149130

Trust: 0.1

db:PACKETSTORMid:140850

Trust: 0.1

db:PACKETSTORMid:169650

Trust: 0.1

db:PACKETSTORMid:169655

Trust: 0.1

sources: VULMON: CVE-2017-3732 // BID: 95814 // JVNDB: JVNDB-2017-003156 // PACKETSTORM: 141025 // PACKETSTORM: 146486 // PACKETSTORM: 141088 // PACKETSTORM: 148524 // PACKETSTORM: 149110 // PACKETSTORM: 149130 // PACKETSTORM: 140850 // PACKETSTORM: 169650 // PACKETSTORM: 169655 // NVD: CVE-2017-3732

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2017-3732

Trust: 1.7

url:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

Trust: 1.4

url:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

Trust: 1.4

url:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

Trust: 1.4

url:https://www.openssl.org/news/secadv/20170126.txt

Trust: 1.3

url:https://security.gentoo.org/glsa/201702-07

Trust: 1.2

url:https://access.redhat.com/errata/rhsa-2018:2185

Trust: 1.2

url:https://access.redhat.com/errata/rhsa-2018:2568

Trust: 1.2

url:https://access.redhat.com/errata/rhsa-2018:2575

Trust: 1.2

url:http://www.securityfocus.com/bid/95814

Trust: 1.1

url:http://www.securitytracker.com/id/1037717

Trust: 1.1

url:https://www.tenable.com/security/tns-2017-04

Trust: 1.1

url:https://security.freebsd.org/advisories/freebsd-sa-17:02.openssl.asc

Trust: 1.1

url:https://github.com/openssl/openssl/commit/a59b90bf491410f1f2bc4540cc21f1980fd14c5b

Trust: 1.1

url:https://access.redhat.com/errata/rhsa-2018:2187

Trust: 1.1

url:https://access.redhat.com/errata/rhsa-2018:2186

Trust: 1.1

url:https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf03838en_us

Trust: 1.1

url:https://access.redhat.com/errata/rhsa-2018:2713

Trust: 1.1

url:https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3732

Trust: 0.9

url:https://jvn.jp/vu/jvnvu92830136/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2017-3731

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2016-7055

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2017-3736

Trust: 0.4

url:http://openssl.org/

Trust: 0.3

url:https://www.openssl.org/news/secadv/20170126.txt

Trust: 0.3

url:https://www.openssl.org/news/vulnerabilities.html

Trust: 0.3

url:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21984819

Trust: 0.3

url:https://kc.mcafee.com/resources/sites/mcafee/content/live/product_documentation/27000/pd27128/en_us/meg_7_6_406_3402_103_release_notes_en_us.pdf

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21999842

Trust: 0.3

url:https://www-01.ibm.com/support/docview.wss?uid=ibm10731657

Trust: 0.3

url:https://access.redhat.com/articles/11258

Trust: 0.3

url:https://access.redhat.com/security/team/contact/

Trust: 0.3

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2017-3732

Trust: 0.3

url:https://bugzilla.redhat.com/):

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2017-3736

Trust: 0.3

url:https://access.redhat.com/security/team/key/

Trust: 0.3

url:https://bugs.gentoo.org.

Trust: 0.2

url:https://security.gentoo.org/

Trust: 0.2

url:https://creativecommons.org/licenses/by-sa/2.5

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2017-3730

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2017-3738

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2017-3737

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-2940

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-2952

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-12539

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2016-0705

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2016-0705

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-2973

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-1656

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-2940

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-1517

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-1517

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-2952

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-1656

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-2973

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-12539

Trust: 0.2

url:https://www.openssl.org/policies/secpolicy.html

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2015-3193

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/200.html

Trust: 0.1

url:https://tools.cisco.com/security/center/viewalert.x?alertid=52438

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://usn.ubuntu.com/3181-1/

Trust: 0.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7055

Trust: 0.1

url:http://slackware.com

Trust: 0.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3731

Trust: 0.1

url:http://osuosl.org)

Trust: 0.1

url:http://slackware.com/gpg-key

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-2645

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-3653

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-10227

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-3635

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-3637

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-3634

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-3648

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-2591

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-2668

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-3456

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-3652

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-10379

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-10314

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-10268

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-3452

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-2622

Trust: 0.1

url:https://security.gentoo.org/glsa/201802-04

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-3329

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-2590

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-3649

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-3450

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-10283

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-10286

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-2647

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-10294

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-3651

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-3647

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-3462

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-2583

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-3309

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-2612

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-2703

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-3308

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-2640

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-3636

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-3461

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-10276

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-2696

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-10378

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-10384

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-2562

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-2665

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-3453

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-2573

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-3464

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-3633

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-3599

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-10155

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-3641

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-3600

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-3463

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-3732

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-3731

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-3730

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7055

Trust: 0.1

url:https://issues.jboss.org/):

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-2182

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-6302

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2017-3731

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2017-3737

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-6306

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2017-3738

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-6306

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.29/

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-2182

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-7055

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-6302

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.6

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu9.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.22

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-2177

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-8610

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.39

Trust: 0.1

url:http://www.ubuntu.com/usn/usn-3181-1

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-7056

Trust: 0.1

url:https://www.openssl.org/news/secadv/20161110.txt

Trust: 0.1

url:https://www.openssl.org/news/secadv/20171207.txt

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-0701

Trust: 0.1

sources: VULMON: CVE-2017-3732 // BID: 95814 // JVNDB: JVNDB-2017-003156 // PACKETSTORM: 141025 // PACKETSTORM: 146486 // PACKETSTORM: 141088 // PACKETSTORM: 148524 // PACKETSTORM: 149110 // PACKETSTORM: 149130 // PACKETSTORM: 140850 // PACKETSTORM: 169650 // PACKETSTORM: 169655 // NVD: CVE-2017-3732

CREDITS

OSS-Fuzz project

Trust: 0.3

sources: BID: 95814

SOURCES

db:VULMONid:CVE-2017-3732
db:BIDid:95814
db:JVNDBid:JVNDB-2017-003156
db:PACKETSTORMid:141025
db:PACKETSTORMid:146486
db:PACKETSTORMid:141088
db:PACKETSTORMid:148524
db:PACKETSTORMid:149110
db:PACKETSTORMid:149130
db:PACKETSTORMid:140850
db:PACKETSTORMid:169650
db:PACKETSTORMid:169655
db:NVDid:CVE-2017-3732

LAST UPDATE DATE

2024-11-06T21:28:41.525000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2017-3732date:2022-08-29T00:00:00
db:BIDid:95814date:2018-10-15T09:00:00
db:JVNDBid:JVNDB-2017-003156date:2018-02-07T00:00:00
db:NVDid:CVE-2017-3732date:2022-08-29T20:43:33.220

SOURCES RELEASE DATE

db:VULMONid:CVE-2017-3732date:2017-05-04T00:00:00
db:BIDid:95814date:2017-01-26T00:00:00
db:JVNDBid:JVNDB-2017-003156date:2017-05-18T00:00:00
db:PACKETSTORMid:141025date:2017-02-13T16:38:20
db:PACKETSTORMid:146486date:2018-02-20T14:04:53
db:PACKETSTORMid:141088date:2017-02-14T17:07:17
db:PACKETSTORMid:148524date:2018-07-12T21:48:49
db:PACKETSTORMid:149110date:2018-08-28T16:46:26
db:PACKETSTORMid:149130date:2018-08-29T00:28:49
db:PACKETSTORMid:140850date:2017-02-01T00:36:45
db:PACKETSTORMid:169650date:2017-01-26T12:12:12
db:PACKETSTORMid:169655date:2017-12-07T12:12:12
db:NVDid:CVE-2017-3732date:2017-05-04T19:29:00.400