ID

VAR-201711-0923


CVE

CVE-2017-3736


TITLE

OpenSSL Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2017-010189

DESCRIPTION

There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen. OpenSSL is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. Versions prior to OpenSSL 1.1.0g and 1.0.2m are vulnerable. Solution: The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files). After installing the updated packages, the httpd daemon will be restarted automatically. Description: This release adds the new Apache HTTP Server 2.4.29 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.23, and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes, enhancements and component upgrades included in this release. This release upgrades OpenSSL to version 1.0.2.n Security Fix(es): * openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec() (CVE-2016-2182) * openssl: Insufficient TLS session ticket HMAC length checks (CVE-2016-6302) * openssl: certificate message OOB reads (CVE-2016-6306) * openssl: Carry propagating bug in Montgomery multiplication (CVE-2016-7055) * openssl: Truncated packet could crash via OOB read (CVE-2017-3731) * openssl: BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732) * openssl: bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736) * openssl: Read/write after SSL object in error state (CVE-2017-3737) * openssl: rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738) Red Hat would like to thank the OpenSSL project for reporting CVE-2016-6306 and CVE-2016-7055. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/): 1367340 - CVE-2016-2182 openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec() 1369855 - CVE-2016-6302 openssl: Insufficient TLS session ticket HMAC length checks 1377594 - CVE-2016-6306 openssl: certificate message OOB reads 1393929 - CVE-2016-7055 openssl: Carry propagating bug in Montgomery multiplication 1416852 - CVE-2017-3731 openssl: Truncated packet could crash via OOB read 1416856 - CVE-2017-3732 openssl: BN_mod_exp may produce incorrect results on x86_64 1509169 - CVE-2017-3736 openssl: bn_sqrx8x_internal carry bug on x86_64 1523504 - CVE-2017-3737 openssl: Read/write after SSL object in error state 1523510 - CVE-2017-3738 openssl: rsaz_1024_mul_avx2 overflow bug on x86_64 6. JIRA issues fixed (https://issues.jboss.org/): JBCS-372 - Errata for httpd 2.4.29 GA RHEL 6 7. ========================================================================== Ubuntu Security Notice USN-3475-1 November 06, 2017 openssl vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 17.10 - Ubuntu 17.04 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Several security issues were fixed in OpenSSL. Software Description: - openssl: Secure Socket Layer (SSL) cryptographic library and tools Details: It was discovered that OpenSSL incorrectly parsed the IPAddressFamily extension in X.509 certificates, resulting in an erroneous display of the certificate in text format. While unlikely, a remote attacker could possibly use this issue to recover private keys. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 16.10 and Ubuntu 17.04. (CVE-2017-3736) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 17.10: libssl1.0.0 1.0.2g-1ubuntu13.2 Ubuntu 17.04: libssl1.0.0 1.0.2g-1ubuntu11.3 Ubuntu 16.04 LTS: libssl1.0.0 1.0.2g-1ubuntu4.9 Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.23 After a standard system update you need to reboot your computer to make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201712-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: OpenSSL: Multiple vulnerabilities Date: December 14, 2017 Bugs: #629290, #636264, #640172 ID: 201712-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in OpenSSL, the worst of which may lead to a Denial of Service condition. Background ========== OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/openssl < 1.0.2n >= 1.0.2n Description =========== Multiple vulnerabilities have been discovered in OpenSSL. Please review the referenced CVE identifiers for details. Impact ====== A remote attacker could cause a Denial of Service condition, recover a private key in unlikely circumstances, circumvent security restrictions to perform unauthorized actions, or gain access to sensitive information. Workaround ========== There are no known workarounds at this time. Resolution ========== All OpenSSL users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.2n" References ========== [ 1 ] CVE-2017-3735 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3735 [ 2 ] CVE-2017-3736 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3736 [ 3 ] CVE-2017-3737 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3737 [ 4 ] CVE-2017-3738 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3738 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201712-03 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2017 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 --IrEhWFjxIJsFtqH1v1HHQsLm3nLmhNeP4-- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: java-1.8.0-ibm security update Advisory ID: RHSA-2018:2568-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://access.redhat.com/errata/RHSA-2018:2568 Issue date: 2018-08-27 CVE Names: CVE-2016-0705 CVE-2017-3732 CVE-2017-3736 CVE-2018-1517 CVE-2018-1656 CVE-2018-2940 CVE-2018-2952 CVE-2018-2973 CVE-2018-12539 ===================================================================== 1. Summary: An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client Supplementary (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Supplementary (v. 7) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 7) - x86_64 3. Description: IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP20. Security Fix(es): * IBM JDK: privilege escalation via insufficiently restricted access to Attach API (CVE-2018-12539) * openssl: BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732) * openssl: bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736) * IBM JDK: DoS in the java.math component (CVE-2018-1517) * IBM JDK: path traversal flaw in the Diagnostic Tooling Framework (CVE-2018-1656) * Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (Libraries) (CVE-2018-2940) * OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547) (CVE-2018-2952) * Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (JSSE) (CVE-2018-2973) * OpenSSL: Double-free in DSA code (CVE-2016-0705) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the OpenSSL project for reporting CVE-2016-0705. Upstream acknowledges Adam Langley (Google/BoringSSL) as the original reporter of CVE-2016-0705. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of IBM Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1310596 - CVE-2016-0705 OpenSSL: Double-free in DSA code 1416856 - CVE-2017-3732 openssl: BN_mod_exp may produce incorrect results on x86_64 1509169 - CVE-2017-3736 openssl: bn_sqrx8x_internal carry bug on x86_64 1600925 - CVE-2018-2952 OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547) 1602145 - CVE-2018-2973 Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (JSSE) 1602146 - CVE-2018-2940 Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (Libraries) 1618767 - CVE-2018-12539 IBM JDK: privilege escalation via insufficiently restricted access to Attach API 1618869 - CVE-2018-1656 IBM JDK: path traversal flaw in the Diagnostic Tooling Framework 1618871 - CVE-2018-1517 IBM JDK: DoS in the java.math component 6. Package List: Red Hat Enterprise Linux Client Supplementary (v. 7): x86_64: java-1.8.0-ibm-1.8.0.5.20-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-demo-1.8.0.5.20-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-devel-1.8.0.5.20-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-plugin-1.8.0.5.20-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-src-1.8.0.5.20-1jpp.1.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Supplementary (v. 7): x86_64: java-1.8.0-ibm-1.8.0.5.20-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-demo-1.8.0.5.20-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-devel-1.8.0.5.20-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-src-1.8.0.5.20-1jpp.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 7): ppc64: java-1.8.0-ibm-1.8.0.5.20-1jpp.1.el7.ppc64.rpm java-1.8.0-ibm-demo-1.8.0.5.20-1jpp.1.el7.ppc64.rpm java-1.8.0-ibm-devel-1.8.0.5.20-1jpp.1.el7.ppc64.rpm java-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el7.ppc64.rpm java-1.8.0-ibm-plugin-1.8.0.5.20-1jpp.1.el7.ppc64.rpm java-1.8.0-ibm-src-1.8.0.5.20-1jpp.1.el7.ppc64.rpm ppc64le: java-1.8.0-ibm-1.8.0.5.20-1jpp.1.el7.ppc64le.rpm java-1.8.0-ibm-demo-1.8.0.5.20-1jpp.1.el7.ppc64le.rpm java-1.8.0-ibm-devel-1.8.0.5.20-1jpp.1.el7.ppc64le.rpm java-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el7.ppc64le.rpm java-1.8.0-ibm-src-1.8.0.5.20-1jpp.1.el7.ppc64le.rpm s390x: java-1.8.0-ibm-1.8.0.5.20-1jpp.1.el7.s390x.rpm java-1.8.0-ibm-demo-1.8.0.5.20-1jpp.1.el7.s390x.rpm java-1.8.0-ibm-devel-1.8.0.5.20-1jpp.1.el7.s390x.rpm java-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el7.s390x.rpm java-1.8.0-ibm-src-1.8.0.5.20-1jpp.1.el7.s390x.rpm x86_64: java-1.8.0-ibm-1.8.0.5.20-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-demo-1.8.0.5.20-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-devel-1.8.0.5.20-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-plugin-1.8.0.5.20-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-src-1.8.0.5.20-1jpp.1.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 7): x86_64: java-1.8.0-ibm-1.8.0.5.20-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-demo-1.8.0.5.20-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-devel-1.8.0.5.20-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-plugin-1.8.0.5.20-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-src-1.8.0.5.20-1jpp.1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-0705 https://access.redhat.com/security/cve/CVE-2017-3732 https://access.redhat.com/security/cve/CVE-2017-3736 https://access.redhat.com/security/cve/CVE-2018-1517 https://access.redhat.com/security/cve/CVE-2018-1656 https://access.redhat.com/security/cve/CVE-2018-2940 https://access.redhat.com/security/cve/CVE-2018-2952 https://access.redhat.com/security/cve/CVE-2018-2973 https://access.redhat.com/security/cve/CVE-2018-12539 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBW4QI1dzjgjWX9erEAQgiBRAApZ4yMTz6VaYwLOqGPcoQdZzEkg64CARM k1LrzpzgD6tRbaKya/LqvJvIhQlJ4LWs0AAlOM0VNrwdx8ntZ4lGHURqSM1Y14L/ TScLgA22CTbL4u+8BEOrsNCcjnp+5YALbfPv1DCdYvbRwi1J503w4ccwBfttb+1/ EaYh7nrWooa6R6qlkopmk1zprZGCgv3azYOqphcnrooeCC3ZqcBEWZNo/H1TnxWv kXfgxmZS3Rq5399umMOuWh2HDme2tO1OWTdY1+REfZh0Ex5v1rqYm/s+8d2FrEWm Oqk5Azstjt/l5OZfVg/WJd/iy1ob2m5yRUp5mhLFfkctIN/stxqbqLzO17dimdEn mhBwG/IkaGkMqQgEEZ65SXNyS+kW7hS8P4F0BuzmHIfaO3ALpCWOczyyiKHPHMng ZPYeV+roqRVeZ7TY8dfcUOh3eOKivfQBL921x4YdciCgPxBR7eRx8/aw8QL7VFot CRFMkS36Q2YqgfP9XH06AZdUEVJp/dpB1/f+EtR8e6YDdHSSgJvoV9pP0S2DhWnA o5V5efe12Jv3MQgiy5n0Ws4/mhcxthZSTcdBKQfyTsfqngCr1TTnGotN9GI1B0qe XX7pry5RkLnq/l/0T4d6JJceMnK5n/DebajHM+4B1rWQZS+4KUPDN5rYuo4OkI6L KZ2NcbK0Lfw= =5oM3 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 6) - i386, x86_64 3. OpenSSL Security Advisory [07 Dec 2017] ======================================== Read/write after SSL object in error state (CVE-2017-3737) ========================================================== Severity: Moderate OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. OpenSSL 1.0.2 users should upgrade to 1.0.2n This issue was reported to OpenSSL on 10th November 2017 by David Benjamin (Google). The fix was proposed by David Benjamin and implemented by Matt Caswell of the OpenSSL development team. rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738) ========================================================= Severity: Low There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732 and CVE-2015-3193. Due to the low severity of this issue we are not issuing a new release of OpenSSL 1.1.0 at this time. The fix will be included in OpenSSL 1.1.0h when it becomes available. The fix is also available in commit e502cc86d in the OpenSSL git repository. OpenSSL 1.0.2 users should upgrade to 1.0.2n This issue was reported to OpenSSL on 22nd November 2017 by David Benjamin (Google). The issue was originally found via the OSS-Fuzz project. The fix was developed by Andy Polyakov of the OpenSSL development team. Note ==== Support for version 1.0.1 ended on 31st December 2016. Support for versions 0.9.8 and 1.0.0 ended on 31st December 2015. Those versions are no longer receiving security updates. References ========== URL for this Security Advisory: https://www.openssl.org/news/secadv/20171207.txt Note: the online version of the advisory may be updated with additional details over time. For details of OpenSSL severity classifications please see: https://www.openssl.org/policies/secpolicy.html . OpenSSL Security Advisory [27 Mar 2018] ======================================== Constructed ASN.1 types with a recursive definition could exceed the stack (CVE-2018-0739) ========================================================================================== Severity: Moderate Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Incorrect CRYPTO_memcmp on HP-UX PA-RISC (CVE-2018-0733) ======================================================== Severity: Moderate Because of an implementation bug the PA-RISC CRYPTO_memcmp function is effectively reduced to only comparing the least significant bit of each byte. This allows an attacker to forge messages that would be considered as authenticated in an amount of tries lower than that guaranteed by the security claims of the scheme. The module can only be compiled by the HP-UX assembler, so that only HP-UX PA-RISC targets are affected

Trust: 2.79

sources: NVD: CVE-2017-3736 // JVNDB: JVNDB-2017-010189 // BID: 101666 // VULMON: CVE-2017-3736 // PACKETSTORM: 148521 // PACKETSTORM: 148525 // PACKETSTORM: 149403 // PACKETSTORM: 144899 // PACKETSTORM: 145423 // PACKETSTORM: 149110 // PACKETSTORM: 149130 // PACKETSTORM: 169655 // PACKETSTORM: 169626

AFFECTED PRODUCTS

vendor:opensslmodel:opensslscope:gteversion:1.0.2

Trust: 1.0

vendor:opensslmodel:opensslscope:gteversion:1.1.0

Trust: 1.0

vendor:opensslmodel:opensslscope:ltversion:1.0.2m

Trust: 1.0

vendor:opensslmodel:opensslscope:ltversion:1.1.0g

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.1.0g

Trust: 0.8

vendor:opensslmodel:opensslscope:ltversion:1.1.0

Trust: 0.8

vendor:hitachimodel:compute systems managerscope: - version: -

Trust: 0.8

vendor:hitachimodel:infrastructure analytics advisorscope: - version: -

Trust: 0.8

vendor:hitachimodel:jp1/performance managementscope:eqversion:- web console

Trust: 0.8

vendor:hitachimodel:jp1/automatic job management system 3scope:eqversion:- web console (windows

Trust: 0.8

vendor:hitachimodel:automation directorscope:eqversion:( domestic version )

Trust: 0.8

vendor:hitachimodel:global link managerscope: - version: -

Trust: 0.8

vendor:hitachimodel:jp1/automatic job management system 3scope:eqversion:linux)

Trust: 0.8

vendor:hitachimodel:jp1/automatic operationscope: - version: -

Trust: 0.8

vendor:hitachimodel:ucosminexus application serverscope:eqversion:none

Trust: 0.8

vendor:hitachimodel:device managerscope: - version: -

Trust: 0.8

vendor:hitachimodel:jp1/it desktop managementscope:eqversion:2 - smart device manager

Trust: 0.8

vendor:hitachimodel:configuration managerscope: - version: -

Trust: 0.8

vendor:hitachimodel:ucosminexus primary serverscope:eqversion:base

Trust: 0.8

vendor:hitachimodel:ucosminexus service platformscope: - version: -

Trust: 0.8

vendor:hitachimodel:tuning managerscope: - version: -

Trust: 0.8

vendor:hitachimodel:jp1/operations analyticsscope: - version: -

Trust: 0.8

vendor:hitachimodel:cosminexus http serverscope: - version: -

Trust: 0.8

vendor:hitachimodel:jp1/snmp system observerscope: - version: -

Trust: 0.8

vendor:hitachimodel:ucosminexus application serverscope:eqversion:-r

Trust: 0.8

vendor:hitachimodel:ucosminexus service architectscope: - version: -

Trust: 0.8

vendor:hitachimodel:tiered storage managerscope: - version: -

Trust: 0.8

vendor:hitachimodel:automation directorscope:eqversion:( overseas edition )

Trust: 0.8

vendor:hitachimodel:replication managerscope: - version: -

Trust: 0.8

vendor:hitachimodel:ucosminexus developerscope: - version: -

Trust: 0.8

vendor:bluecoatmodel:unified agentscope:eqversion:4.8

Trust: 0.3

vendor:bluecoatmodel:intelligencecenter data collectorscope:eqversion:3.3

Trust: 0.3

vendor:oraclemodel:jd edwards world security a9.4scope: - version: -

Trust: 0.3

vendor:oraclemodel:mysql enterprise monitorscope:eqversion:3.3.6.3293

Trust: 0.3

vendor:opensslmodel:project openssl 1.1.0bscope: - version: -

Trust: 0.3

vendor:oraclemodel:linuxscope:eqversion:7.0

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.2escope: - version: -

Trust: 0.3

vendor:mcafeemodel:web gatewayscope:eqversion:7.7.2.6

Trust: 0.3

vendor:oraclemodel:mysql enterprise monitorscope:eqversion:4.0.0.5135

Trust: 0.3

vendor:oraclemodel:mysql enterprise monitorscope:eqversion:3.4.4.4226

Trust: 0.3

vendor:bluecoatmodel:unified agentscope:eqversion:4.6

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.2iscope: - version: -

Trust: 0.3

vendor:oraclemodel:communications eaglescope:eqversion:46.5

Trust: 0.3

vendor:ibmmodel:db2scope:eqversion:9.7

Trust: 0.3

vendor:oraclemodel:mysql connectorsscope:eqversion:5.1.30

Trust: 0.3

vendor:opensslmodel:project openssl 1.1.0fscope: - version: -

Trust: 0.3

vendor:mcafeemodel:web gatewayscope:eqversion:7.7.2.3

Trust: 0.3

vendor:oraclemodel:secure global desktopscope:eqversion:5.3

Trust: 0.3

vendor:mcafeemodel:web gatewayscope:eqversion:7.6.2.1

Trust: 0.3

vendor:mcafeemodel:web gatewayscope:eqversion:7.6.2.0

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.2gscope: - version: -

Trust: 0.3

vendor:oraclemodel:mysql enterprise monitorscope:eqversion:3.0.20

Trust: 0.3

vendor:bluecoatmodel:advanced secure gatewayscope:eqversion:6.6

Trust: 0.3

vendor:redhatmodel:jboss core servicesscope:eqversion:1

Trust: 0.3

vendor:bluecoatmodel:unified agentscope:eqversion:4.9

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.2hscope: - version: -

Trust: 0.3

vendor:bluecoatmodel:security analyticsscope:eqversion:7.3

Trust: 0.3

vendor:oraclemodel:vm virtualboxscope:eqversion:5.1.14

Trust: 0.3

vendor:bluecoatmodel:proxysgscope:eqversion:6.7

Trust: 0.3

vendor:redhatmodel:jboss eapscope:eqversion:6

Trust: 0.3

vendor:oraclemodel:vm virtualboxscope:eqversion:5.1.10

Trust: 0.3

vendor:oraclemodel:mysql enterprise monitorscope:eqversion:3.3.0.1098

Trust: 0.3

vendor:oraclemodel:mysql enterprise monitorscope:eqversion:3.2.1182

Trust: 0.3

vendor:opensslmodel:project openssl 1.1.0gscope:neversion: -

Trust: 0.3

vendor:bluecoatmodel:proxyavscope:eqversion:3.5

Trust: 0.3

vendor:oraclemodel:mysql enterprise monitorscope:eqversion:3.1.4.7895

Trust: 0.3

vendor:bluecoatmodel:intelligencecenterscope:eqversion:3.3

Trust: 0.3

vendor:oraclemodel:vm virtualboxscope:eqversion:5.2

Trust: 0.3

vendor:oraclemodel:mysql enterprise monitorscope:eqversion:3.0.10

Trust: 0.3

vendor:opensslmodel:project openssl 1.1.0escope: - version: -

Trust: 0.3

vendor:oraclemodel:mysql connectorsscope:eqversion:5.3.9

Trust: 0.3

vendor:mcafeemodel:web gatewayscope:eqversion:7.6.2.17

Trust: 0.3

vendor:oraclemodel:mysql enterprise monitorscope:eqversion:3.3.4.3247

Trust: 0.3

vendor:ibmmodel:db2scope:eqversion:9.8

Trust: 0.3

vendor:bluecoatmodel:advanced secure gatewayscope:eqversion:6.7

Trust: 0.3

vendor:oraclemodel:mysql enterprise monitorscope:eqversion:3.4.2.4181

Trust: 0.3

vendor:oraclemodel:vm virtualboxscope:eqversion:5.2.2

Trust: 0.3

vendor:oraclemodel:mysql enterprise monitorscope:eqversion:3.0.25

Trust: 0.3

vendor:bluecoatmodel:security analyticsscope:eqversion:7.2

Trust: 0.3

vendor:oraclemodel:mysql enterprise monitorscope:eqversion:3.2.5.1141

Trust: 0.3

vendor:oraclemodel:mysql enterprise monitorscope:eqversion:3.4.1

Trust: 0.3

vendor:bluecoatmodel:android mobile agentscope:eqversion:1.3

Trust: 0.3

vendor:mcafeemodel:web gatewayscope:eqversion:7.6.2.2

Trust: 0.3

vendor:oraclemodel:mysql enterprise monitorscope:eqversion:3.2.1.1049

Trust: 0.3

vendor:oraclemodel:mysql enterprise monitorscope:eqversion:3.3.2.1162

Trust: 0.3

vendor:mcafeemodel:web gatewayscope:eqversion:7.7

Trust: 0.3

vendor:mcafeemodel:web gatewayscope:eqversion:7.6.2.15

Trust: 0.3

vendor:bluecoatmodel:proxysgscope:eqversion:6.5

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.2ascope: - version: -

Trust: 0.3

vendor:oraclemodel:vm virtualboxscope:eqversion:5.1.32

Trust: 0.3

vendor:bluecoatmodel:directorscope:eqversion:6.1

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.2mscope:neversion: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.2jscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.2fscope: - version: -

Trust: 0.3

vendor:oraclemodel:communications eaglescope:eqversion:46.7

Trust: 0.3

vendor:oraclemodel:mysql enterprise monitorscope:eqversion:3.0.9

Trust: 0.3

vendor:opensslmodel:project openssl 1.1.0cscope: - version: -

Trust: 0.3

vendor:oraclemodel:jd edwards world security a9.3scope: - version: -

Trust: 0.3

vendor:ibmmodel:db2scope:eqversion:10.1

Trust: 0.3

vendor:redhatmodel:enterprise linuxscope:eqversion:7

Trust: 0.3

vendor:oraclemodel:mysql enterprise monitorscope:eqversion:3.0.22

Trust: 0.3

vendor:oraclemodel:mysql enterprise monitorscope:eqversion:3.1.6.8003

Trust: 0.3

vendor:opensslmodel:project opensslscope:eqversion:1.1

Trust: 0.3

vendor:oraclemodel:mysql enterprise monitorscope:eqversion:3.3.3.1199

Trust: 0.3

vendor:mcafeemodel:web gatewayscope:eqversion:7.6.2.14

Trust: 0.3

vendor:oraclemodel:vm virtualboxscope:eqversion:5.1.16

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.2cscope: - version: -

Trust: 0.3

vendor:oraclemodel:communications eaglescope:eqversion:46.6

Trust: 0.3

vendor:oraclemodel:vm virtualboxscope:eqversion:5.1.24

Trust: 0.3

vendor:oraclemodel:mysql enterprise monitorscope:eqversion:3.2.7.1204

Trust: 0.3

vendor:oraclemodel:vm virtualboxscope:eqversion:5.2.4

Trust: 0.3

vendor:opensslmodel:project opensslscope:eqversion:1.0.2

Trust: 0.3

vendor:bluecoatmodel:proxysgscope:eqversion:6.6

Trust: 0.3

vendor:oraclemodel:mysql connectorsscope:eqversion:5.3.7

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.2dscope: - version: -

Trust: 0.3

vendor:mcafeemodel:web gatewayscope:eqversion:7.6.2.4

Trust: 0.3

vendor:oraclemodel:mysql connectorsscope:eqversion:5.1.34

Trust: 0.3

vendor:oraclemodel:mysql connectorsscope:eqversion:5.1.40

Trust: 0.3

vendor:redhatmodel:jboss ewsscope:eqversion:2

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.2bscope: - version: -

Trust: 0.3

vendor:mcafeemodel:web gatewayscope:neversion:7.7.2.7

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.2lscope: - version: -

Trust: 0.3

vendor:oraclemodel:mysql enterprise monitorscope:eqversion:3.2.8.2223

Trust: 0.3

vendor:ibmmodel:db2scope:eqversion:10.5

Trust: 0.3

vendor:oraclemodel:mysql connectorsscope:eqversion:5.1.41

Trust: 0.3

vendor:mcafeemodel:web gatewayscope:eqversion:7.6.2.3

Trust: 0.3

vendor:oraclemodel:mysql enterprise monitorscope:eqversion:3.2.4.1102

Trust: 0.3

vendor:oraclemodel:e-business suitescope:eqversion:12.1.3

Trust: 0.3

vendor:mcafeemodel:web gatewayscope:eqversion:7.8.0.1

Trust: 0.3

vendor:oraclemodel:vm virtualboxscope:eqversion:5.1.20

Trust: 0.3

vendor:mcafeemodel:web gatewayscope:eqversion:7.7.2.2

Trust: 0.3

vendor:opensslmodel:project openssl 1.1.0ascope: - version: -

Trust: 0.3

vendor:oraclemodel:mysql enterprise monitorscope:eqversion:3.0.8

Trust: 0.3

vendor:opensslmodel:project openssl 1.1.0dscope: - version: -

Trust: 0.3

vendor:oraclemodel:mysql enterprise monitorscope:eqversion:3.0

Trust: 0.3

vendor:bluecoatmodel:bcaaascope:eqversion:6.1

Trust: 0.3

vendor:oraclemodel:mysql connectorsscope:eqversion:5.1.33

Trust: 0.3

vendor:bluecoatmodel:unified agentscope:eqversion:4.7

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.2kscope: - version: -

Trust: 0.3

vendor:bluecoatmodel:reporterscope:eqversion:9.5

Trust: 0.3

vendor:mcafeemodel:web gatewayscope:neversion:7.8.0.2

Trust: 0.3

vendor:oraclemodel:mysql enterprise monitorscope:eqversion:3.1.2

Trust: 0.3

vendor:oraclemodel:vm virtualboxscope:eqversion:5.1.8

Trust: 0.3

vendor:mcafeemodel:web gatewayscope:eqversion:7.8

Trust: 0.3

vendor:oraclemodel:mysql enterprise monitorscope:eqversion:3.1.3.7856

Trust: 0.3

vendor:oraclemodel:mysql enterprise monitorscope:eqversion:3.1.5.7958

Trust: 0.3

vendor:ibmmodel:db2scope:eqversion:11.1

Trust: 0.3

vendor:oraclemodel:vm virtualboxscope:eqversion:5.1.30

Trust: 0.3

vendor:oraclemodel:mysql enterprise monitorscope:eqversion:3.4.0

Trust: 0.3

vendor:oraclemodel:mysql enterprise monitorscope:eqversion:3.0.18

Trust: 0.3

vendor:oraclemodel:mysql enterprise monitorscope:eqversion:3.0.4

Trust: 0.3

vendor:oraclemodel:jd edwards world security a9.3.1scope: - version: -

Trust: 0.3

sources: BID: 101666 // JVNDB: JVNDB-2017-010189 // NVD: CVE-2017-3736

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-3736
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-3736
value: MEDIUM

Trust: 0.8

VULMON: CVE-2017-3736
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-3736
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

nvd@nist.gov: CVE-2017-3736
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULMON: CVE-2017-3736 // JVNDB: JVNDB-2017-010189 // NVD: CVE-2017-3736

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.8

sources: JVNDB: JVNDB-2017-010189 // NVD: CVE-2017-3736

THREAT TYPE

network

Trust: 0.3

sources: BID: 101666

TYPE

Design Error

Trust: 0.3

sources: BID: 101666

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-010189

PATCH

title:hitachi-sec-2018-106url:http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2018-106/index.html

Trust: 0.8

title:hitachi-sec-2018-124url:http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2018-124/index.html

Trust: 0.8

title:hitachi-sec-2019-105url:http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2019-105/index.html

Trust: 0.8

title:NTAP-20171107-0002url:https://security.netapp.com/advisory/ntap-20171107-0002/

Trust: 0.8

title:bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)url:https://www.openssl.org/news/secadv/20171102.txt

Trust: 0.8

title:TNS-2017-14url:https://www.tenable.com/security/tns-2017-14

Trust: 0.8

title:hitachi-sec-2018-106url:http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2018-106/index.html

Trust: 0.8

title:hitachi-sec-2018-124url:http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2018-124/index.html

Trust: 0.8

title:hitachi-sec-2019-105url:http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2019-105/index.html

Trust: 0.8

title:Red Hat: Moderate: openssl security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20180998 - Security Advisory

Trust: 0.1

title:Ubuntu Security Notice: openssl vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3475-1

Trust: 0.1

title:Debian Security Advisories: DSA-4017-1 openssl1.0 -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=c59b0b63bafaa6def9e5da50acf68ca8

Trust: 0.1

title:Red Hat: Important: java-1.8.0-ibm security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20182575 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 RHEL 7 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20182185 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 RHEL 6 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20182186 - Security Advisory

Trust: 0.1

title:Debian Security Advisories: DSA-4018-1 openssl -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=ac7ab332aa094dcdde4da9f7cb2a19f1

Trust: 0.1

title:Red Hat: Important: java-1.8.0-ibm security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20182568 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: java-1.8.0-ibm security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20182713 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20182187 - Security Advisory

Trust: 0.1

title:Red Hat: CVE-2017-3736url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2017-3736

Trust: 0.1

title:Arch Linux Issues: url:https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2017-3736

Trust: 0.1

title:Amazon Linux AMI: ALAS-2018-1016url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2018-1016

Trust: 0.1

title:Symantec Security Advisories: SA157: OpenSSL Vulnerabilities 28-Aug-2017 and 2-Nov-2017url:https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories&qid=7d613a491eb4632d0bd09811cbeaee1e

Trust: 0.1

title:Arch Linux Advisories: [ASA-201712-9] openssl-1.0: multiple issuesurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201712-9

Trust: 0.1

title:Arch Linux Advisories: [ASA-201711-14] openssl: multiple issuesurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201711-14

Trust: 0.1

title:Arch Linux Advisories: [ASA-201711-15] lib32-openssl: multiple issuesurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201711-15

Trust: 0.1

title:IBM: IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect Operations Center and Client Management Service (CVE-2016-0705, CVE-2017-3732, CVE-2017-3736, CVE-2018-1656, CVE-2018-12539)url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=3d9ab13c871ea2142681c7977b25c5ff

Trust: 0.1

title:Hitachi Security Advisories: Multiple Vulnerabilities in JP1url:https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories&qid=hitachi-sec-2019-105

Trust: 0.1

title:Arch Linux Advisories: [ASA-201712-11] lib32-openssl-1.0: multiple issuesurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201712-11

Trust: 0.1

title:IBM: IBM Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU – Jul 2018 – Includes Oracle Jul 2018 CPU affects DB2 Recovery Expert for Linux, Unix and Windowsurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=af4ddb95056d65a4af347aec0f652f0e

Trust: 0.1

title:Tenable Security Advisories: [R1] Nessus 6.11.3 Fixes Multiple Third-party Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2017-15

Trust: 0.1

title:Amazon Linux 2: ALAS2-2018-1004url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2018-1004

Trust: 0.1

title:IBM: IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cognos Planningurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=62ef85c9034c17315b7d0a712483c5ea

Trust: 0.1

title:Tenable Security Advisories: [R1] SecurityCenter 5.6.0.1 Fixes Multiple Third-party Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2017-14

Trust: 0.1

title:IBM: IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Reporting for Development Intelligenceurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=03b0267d78cd8ac1bbb43afc737474f0

Trust: 0.1

title:IBM: IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM InfoSphere Information Serverurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=63bbfc68418161b36080acd59a541d45

Trust: 0.1

title:IBM: IBM Security Bulletin: IBM Cognos Controller 2019Q2 Security Updater: Multiple vulnerabilities have been identified in IBM Cognos Controllerurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=38227211accce022b0a3d9b56a974186

Trust: 0.1

title:Oracle: Oracle Critical Patch Update Advisory - July 2018url:https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=5f8c525f1408011628af1792207b2099

Trust: 0.1

title:Oracle: Oracle Critical Patch Update Advisory - April 2018url:https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=4019ca77f50c7a34e4d97833e6f3321e

Trust: 0.1

title:Oracle: Oracle Critical Patch Update Advisory - January 2019url:https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=f655264a6935505d167bbf45f409a57b

Trust: 0.1

title:Oracle: Oracle Critical Patch Update Advisory - October 2018url:https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=81c63752a6f26433af2128b2e8c02385

Trust: 0.1

title:Oracle Linux Bulletins: Oracle Linux Bulletin - April 2018url:https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins&qid=ae57a14ec914f60b7203332a77613077

Trust: 0.1

title:IBM: IBM Security Bulletin: Multiple Security Vulnerabilities have been fixed in IBM Security Privileged Identity Manager Appliance.url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=f5bb2b180c7c77e5a02747a1f31830d9

Trust: 0.1

title:Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2018url:https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=72fe5ebf222112c8481815fd7cefc7af

Trust: 0.1

title:Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2018url:https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=525e4e31765e47b9e53b24e880af9d6e

Trust: 0.1

title:IBM: IBM Security Bulletin: IBM Security Privileged Identity Manager is affected by multiple vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=dd8c9d5928cc3b1ac8c35b4b24703e38

Trust: 0.1

title:Oracle: Oracle Critical Patch Update Advisory - January 2018url:https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=e2a7f287e9acc8c64ab3df71130bc64d

Trust: 0.1

title:IBM: Security Bulletin: Multiple vulnerabilities in IBM Java affect IBM Netezza Analytics for NPSurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=c36fc403a4c2c6439b732d2fca738f58

Trust: 0.1

title:cp4s-car-schemaurl:https://github.com/IBM/cp4s-car-schema

Trust: 0.1

title:core-kiturl:https://github.com/funtoo/core-kit

Trust: 0.1

sources: VULMON: CVE-2017-3736 // JVNDB: JVNDB-2017-010189

EXTERNAL IDS

db:NVDid:CVE-2017-3736

Trust: 3.1

db:BIDid:101666

Trust: 1.4

db:TENABLEid:TNS-2017-15

Trust: 1.1

db:TENABLEid:TNS-2017-14

Trust: 1.1

db:SECTRACKid:1039727

Trust: 1.1

db:JVNDBid:JVNDB-2017-010189

Trust: 0.8

db:MCAFEEid:SB10211

Trust: 0.3

db:VULMONid:CVE-2017-3736

Trust: 0.1

db:PACKETSTORMid:148521

Trust: 0.1

db:PACKETSTORMid:148525

Trust: 0.1

db:PACKETSTORMid:149403

Trust: 0.1

db:PACKETSTORMid:144899

Trust: 0.1

db:PACKETSTORMid:145423

Trust: 0.1

db:PACKETSTORMid:149110

Trust: 0.1

db:PACKETSTORMid:149130

Trust: 0.1

db:PACKETSTORMid:169655

Trust: 0.1

db:PACKETSTORMid:169626

Trust: 0.1

sources: VULMON: CVE-2017-3736 // BID: 101666 // JVNDB: JVNDB-2017-010189 // PACKETSTORM: 148521 // PACKETSTORM: 148525 // PACKETSTORM: 149403 // PACKETSTORM: 144899 // PACKETSTORM: 145423 // PACKETSTORM: 149110 // PACKETSTORM: 149130 // PACKETSTORM: 169655 // PACKETSTORM: 169626 // NVD: CVE-2017-3736

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2017-3736

Trust: 1.7

url:https://www.openssl.org/news/secadv/20171102.txt

Trust: 1.4

url:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

Trust: 1.4

url:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

Trust: 1.4

url:https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

Trust: 1.4

url:http://www.securityfocus.com/bid/101666

Trust: 1.2

url:https://security.gentoo.org/glsa/201712-03

Trust: 1.2

url:https://access.redhat.com/errata/rhsa-2018:0998

Trust: 1.2

url:https://access.redhat.com/errata/rhsa-2018:2187

Trust: 1.2

url:https://access.redhat.com/errata/rhsa-2018:2186

Trust: 1.2

url:https://access.redhat.com/errata/rhsa-2018:2568

Trust: 1.2

url:https://access.redhat.com/errata/rhsa-2018:2575

Trust: 1.2

url:https://access.redhat.com/errata/rhsa-2018:2713

Trust: 1.2

url:http://www.securitytracker.com/id/1039727

Trust: 1.1

url:https://www.debian.org/security/2017/dsa-4018

Trust: 1.1

url:https://www.debian.org/security/2017/dsa-4017

Trust: 1.1

url:https://security.netapp.com/advisory/ntap-20171107-0002/

Trust: 1.1

url:https://www.tenable.com/security/tns-2017-14

Trust: 1.1

url:https://security.freebsd.org/advisories/freebsd-sa-17:11.openssl.asc

Trust: 1.1

url:https://www.tenable.com/security/tns-2017-15

Trust: 1.1

url:https://security.netapp.com/advisory/ntap-20180117-0002/

Trust: 1.1

url:https://github.com/openssl/openssl/commit/4443cf7aa0099e5ce615c18cee249fff77fb0871

Trust: 1.1

url:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

Trust: 1.1

url:https://access.redhat.com/errata/rhsa-2018:2185

Trust: 1.1

url:https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbst03881en_us

Trust: 1.1

url:http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

Trust: 1.1

url:https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

Trust: 1.1

url:https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

Trust: 1.1

url:https://access.redhat.com/security/cve/cve-2017-3736

Trust: 0.8

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3736

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2017-3732

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2017-3738

Trust: 0.5

url:https://access.redhat.com/security/team/contact/

Trust: 0.5

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2017-3732

Trust: 0.5

url:https://bugzilla.redhat.com/):

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2017-3737

Trust: 0.4

url:https://access.redhat.com/articles/11258

Trust: 0.4

url:https://access.redhat.com/security/team/key/

Trust: 0.4

url:https://github.com/openssl/openssl/commit/668a709a8d7ea374ee72ad2d43ac72ec60a80eee

Trust: 0.3

url:https://bugzilla.redhat.com/show_bug.cgi?id=1509169

Trust: 0.3

url:http://openssl.org/

Trust: 0.3

url:https://kc.mcafee.com/corporate/index?page=content&id=sb10211

Trust: 0.3

url:https://www.oracle.com/technetwork/topics/security/linuxbulletinapr2018-4431087.html

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21984819

Trust: 0.3

url:https://www.symantec.com/security-center/network-protection-security-advisories/sa157

Trust: 0.3

url:https://www-01.ibm.com/support/docview.wss?uid=ssg1s1012049

Trust: 0.3

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2018-2940

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2018-2952

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2018-12539

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2016-0705

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2016-0705

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2018-2973

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2018-1656

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2018-2940

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2018-1517

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2018-1517

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2018-2952

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2018-1656

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2018-2973

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2018-12539

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2016-2182

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2017-3731

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2016-7055

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2016-6302

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2017-3731

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2017-3737

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2016-6306

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2017-3738

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2016-6306

Trust: 0.2

url:https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.29/

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2016-2182

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2016-7055

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2016-6302

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2017-3735

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.2

url:https://www.openssl.org/policies/secpolicy.html

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2016-0701

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2015-3193

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/200.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://usn.ubuntu.com/3475-1/

Trust: 0.1

url:https://tools.cisco.com/security/center/viewalert.x?alertid=57518

Trust: 0.1

url:https://issues.jboss.org/):

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.9

Trust: 0.1

url:https://www.ubuntu.com/usn/usn-3475-1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.23

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu11.3

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu13.2

Trust: 0.1

url:http://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:https://nvd.nist.gov/nvd.cfm?cvename=cve-2017-3737

Trust: 0.1

url:https://nvd.nist.gov/nvd.cfm?cvename=cve-2017-3736

Trust: 0.1

url:https://nvd.nist.gov/nvd.cfm?cvename=cve-2017-3738

Trust: 0.1

url:https://nvd.nist.gov/nvd.cfm?cvename=cve-2017-3735

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:https://www.openssl.org/news/secadv/20171207.txt

Trust: 0.1

url:https://www.openssl.org/news/secadv/20180327.txt

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-0739

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-0733

Trust: 0.1

sources: VULMON: CVE-2017-3736 // BID: 101666 // JVNDB: JVNDB-2017-010189 // PACKETSTORM: 148521 // PACKETSTORM: 148525 // PACKETSTORM: 149403 // PACKETSTORM: 144899 // PACKETSTORM: 145423 // PACKETSTORM: 149110 // PACKETSTORM: 149130 // PACKETSTORM: 169655 // PACKETSTORM: 169626 // NVD: CVE-2017-3736

CREDITS

Red Hat

Trust: 0.5

sources: PACKETSTORM: 148521 // PACKETSTORM: 148525 // PACKETSTORM: 149403 // PACKETSTORM: 149110 // PACKETSTORM: 149130

SOURCES

db:VULMONid:CVE-2017-3736
db:BIDid:101666
db:JVNDBid:JVNDB-2017-010189
db:PACKETSTORMid:148521
db:PACKETSTORMid:148525
db:PACKETSTORMid:149403
db:PACKETSTORMid:144899
db:PACKETSTORMid:145423
db:PACKETSTORMid:149110
db:PACKETSTORMid:149130
db:PACKETSTORMid:169655
db:PACKETSTORMid:169626
db:NVDid:CVE-2017-3736

LAST UPDATE DATE

2024-11-20T22:21:19.727000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2017-3736date:2019-04-23T00:00:00
db:BIDid:101666date:2019-07-17T09:00:00
db:JVNDBid:JVNDB-2017-010189date:2019-08-01T00:00:00
db:NVDid:CVE-2017-3736date:2019-04-23T19:30:04.427

SOURCES RELEASE DATE

db:VULMONid:CVE-2017-3736date:2017-11-02T00:00:00
db:BIDid:101666date:2017-11-02T00:00:00
db:JVNDBid:JVNDB-2017-010189date:2017-12-07T00:00:00
db:PACKETSTORMid:148521date:2018-07-12T21:45:18
db:PACKETSTORMid:148525date:2018-07-12T21:48:57
db:PACKETSTORMid:149403date:2018-09-18T02:18:55
db:PACKETSTORMid:144899date:2017-11-06T22:24:00
db:PACKETSTORMid:145423date:2017-12-15T14:15:17
db:PACKETSTORMid:149110date:2018-08-28T16:46:26
db:PACKETSTORMid:149130date:2018-08-29T00:28:49
db:PACKETSTORMid:169655date:2017-12-07T12:12:12
db:PACKETSTORMid:169626date:2018-03-27T12:12:12
db:NVDid:CVE-2017-3736date:2017-11-02T17:29:00.243