Details of VAR-201712-0248

ID

VAR-201712-0248

CVE

CVE-2017-3738

TITLE

OpenSSL Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2017-011252

DESCRIPTION

There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732 and CVE-2015-3193. OpenSSL version 1.0.2-1.0.2m and 1.1.0-1.1.0g are affected. Fixed in OpenSSL 1.0.2n. Due to the low severity of this issue we are not issuing a new release of OpenSSL 1.1.0 at this time. The fix will be included in OpenSSL 1.1.0h when it becomes available. The fix is also available in commit e502cc86d in the OpenSSL git repository. This vulnerability CVE-2017-3736 , CVE-2017-3732 and CVE-2015-3193 Similar problem.It may be affected unspecified. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. Solution: The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files). After installing the updated packages, the httpd daemon will be restarted automatically. =========================================================================== Ubuntu Security Notice USN-3512-1 December 11, 2017 openssl vulnerabilities =========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 17.10 - Ubuntu 17.04 - Ubuntu 16.04 LTS Summary: Several security issues were fixed in OpenSSL. Software Description: - openssl: Secure Socket Layer (SSL) cryptographic library and tools Details: David Benjamin discovered that OpenSSL did not correctly prevent buggy applications that ignore handshake errors from subsequently calling certain functions. While unlikely, a remote attacker could possibly use this issue to recover private keys. (CVE-2017-3738) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 17.10: libssl1.0.0 1.0.2g-1ubuntu13.3 Ubuntu 17.04: libssl1.0.0 1.0.2g-1ubuntu11.4 Ubuntu 16.04 LTS: libssl1.0.0 1.0.2g-1ubuntu4.10 After a standard system update you need to reboot your computer to make all the necessary changes. Corrected: 2017-12-07 18:04:48 UTC (stable/11, 11.1-STABLE) 2017-12-09 03:44:26 UTC (releng/11.1, 11.1-RELEASE-p6) 2017-12-09 03:41:31 UTC (stable/10, 10.4-STABLE) 2017-12-09 03:45:23 UTC (releng/10.4, 10.4-RELEASE-p5) 2017-12-09 03:45:23 UTC (releng/10.3, 10.3-RELEASE-p26) CVE Name: CVE-2017-3737, CVE-2017-3738 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:https://security.FreeBSD.org/>. Background FreeBSD includes software from the OpenSSL Project. It is also a full-strength general purpose cryptography library. II. Problem Description Invoking SSL_read()/SSL_write() while in an error state causes data to be passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. [CVE-2017-3738] This bug only affects FreeBSD 11.x. III. Impact Applications with incorrect error handling may inappropriately pass unencrypted data. [CVE-2017-3737] Mishandling of carry propagation will produce incorrect output, and make it easier for a remote attacker to obtain sensitive private-key information. [CVE-2017-3738] IV. Workaround No workaround is available. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. Restart all daemons that use the library, or reboot the system. 2) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install Restart all daemons that use the library, or reboot the system. 3) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 10.x] # fetch https://security.FreeBSD.org/patches/SA-17:12/openssl-10.patch # fetch https://security.FreeBSD.org/patches/SA-17:12/openssl-10.patch.asc # gpg --verify openssl-10.patch.asc [FreeBSD 11.x] # fetch https://security.FreeBSD.org/patches/SA-17:12/openssl-11.patch # fetch https://security.FreeBSD.org/patches/SA-17:12/openssl-11.patch.asc # gpg --verify openssl-11.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. Restart all daemons that use the library, or reboot the system. VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/10/ r326721 releng/10.3/ r326723 releng/10.4/ r326723 stable/11/ r326663 releng/11.1/ r326722 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: <URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> VII. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openssl security and bug fix update Advisory ID: RHSA-2018:0998-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:0998 Issue date: 2018-04-10 CVE Names: CVE-2017-3736 CVE-2017-3737 CVE-2017-3738 ===================================================================== 1. Summary: An update for openssl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x 3. Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es): * openssl: bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736) * openssl: Read/write after SSL object in error state (CVE-2017-3737) * openssl: rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.5 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. 5. Package List: Red Hat Enterprise Linux Client (v. 7): Source: openssl-1.0.2k-12.el7.src.rpm x86_64: openssl-1.0.2k-12.el7.x86_64.rpm openssl-debuginfo-1.0.2k-12.el7.i686.rpm openssl-debuginfo-1.0.2k-12.el7.x86_64.rpm openssl-libs-1.0.2k-12.el7.i686.rpm openssl-libs-1.0.2k-12.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: openssl-debuginfo-1.0.2k-12.el7.i686.rpm openssl-debuginfo-1.0.2k-12.el7.x86_64.rpm openssl-devel-1.0.2k-12.el7.i686.rpm openssl-devel-1.0.2k-12.el7.x86_64.rpm openssl-perl-1.0.2k-12.el7.x86_64.rpm openssl-static-1.0.2k-12.el7.i686.rpm openssl-static-1.0.2k-12.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: openssl-1.0.2k-12.el7.src.rpm x86_64: openssl-1.0.2k-12.el7.x86_64.rpm openssl-debuginfo-1.0.2k-12.el7.i686.rpm openssl-debuginfo-1.0.2k-12.el7.x86_64.rpm openssl-libs-1.0.2k-12.el7.i686.rpm openssl-libs-1.0.2k-12.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: openssl-debuginfo-1.0.2k-12.el7.i686.rpm openssl-debuginfo-1.0.2k-12.el7.x86_64.rpm openssl-devel-1.0.2k-12.el7.i686.rpm openssl-devel-1.0.2k-12.el7.x86_64.rpm openssl-perl-1.0.2k-12.el7.x86_64.rpm openssl-static-1.0.2k-12.el7.i686.rpm openssl-static-1.0.2k-12.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: openssl-1.0.2k-12.el7.src.rpm ppc64: openssl-1.0.2k-12.el7.ppc64.rpm openssl-debuginfo-1.0.2k-12.el7.ppc.rpm openssl-debuginfo-1.0.2k-12.el7.ppc64.rpm openssl-devel-1.0.2k-12.el7.ppc.rpm openssl-devel-1.0.2k-12.el7.ppc64.rpm openssl-libs-1.0.2k-12.el7.ppc.rpm openssl-libs-1.0.2k-12.el7.ppc64.rpm ppc64le: openssl-1.0.2k-12.el7.ppc64le.rpm openssl-debuginfo-1.0.2k-12.el7.ppc64le.rpm openssl-devel-1.0.2k-12.el7.ppc64le.rpm openssl-libs-1.0.2k-12.el7.ppc64le.rpm s390x: openssl-1.0.2k-12.el7.s390x.rpm openssl-debuginfo-1.0.2k-12.el7.s390.rpm openssl-debuginfo-1.0.2k-12.el7.s390x.rpm openssl-devel-1.0.2k-12.el7.s390.rpm openssl-devel-1.0.2k-12.el7.s390x.rpm openssl-libs-1.0.2k-12.el7.s390.rpm openssl-libs-1.0.2k-12.el7.s390x.rpm x86_64: openssl-1.0.2k-12.el7.x86_64.rpm openssl-debuginfo-1.0.2k-12.el7.i686.rpm openssl-debuginfo-1.0.2k-12.el7.x86_64.rpm openssl-devel-1.0.2k-12.el7.i686.rpm openssl-devel-1.0.2k-12.el7.x86_64.rpm openssl-libs-1.0.2k-12.el7.i686.rpm openssl-libs-1.0.2k-12.el7.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7): Source: openssl-1.0.2k-12.el7.src.rpm aarch64: openssl-1.0.2k-12.el7.aarch64.rpm openssl-debuginfo-1.0.2k-12.el7.aarch64.rpm openssl-devel-1.0.2k-12.el7.aarch64.rpm openssl-libs-1.0.2k-12.el7.aarch64.rpm ppc64le: openssl-1.0.2k-12.el7.ppc64le.rpm openssl-debuginfo-1.0.2k-12.el7.ppc64le.rpm openssl-devel-1.0.2k-12.el7.ppc64le.rpm openssl-libs-1.0.2k-12.el7.ppc64le.rpm s390x: openssl-1.0.2k-12.el7.s390x.rpm openssl-debuginfo-1.0.2k-12.el7.s390.rpm openssl-debuginfo-1.0.2k-12.el7.s390x.rpm openssl-devel-1.0.2k-12.el7.s390.rpm openssl-devel-1.0.2k-12.el7.s390x.rpm openssl-libs-1.0.2k-12.el7.s390.rpm openssl-libs-1.0.2k-12.el7.s390x.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7): aarch64: openssl-debuginfo-1.0.2k-12.el7.aarch64.rpm openssl-perl-1.0.2k-12.el7.aarch64.rpm openssl-static-1.0.2k-12.el7.aarch64.rpm ppc64le: openssl-debuginfo-1.0.2k-12.el7.ppc64le.rpm openssl-perl-1.0.2k-12.el7.ppc64le.rpm openssl-static-1.0.2k-12.el7.ppc64le.rpm s390x: openssl-debuginfo-1.0.2k-12.el7.s390.rpm openssl-debuginfo-1.0.2k-12.el7.s390x.rpm openssl-perl-1.0.2k-12.el7.s390x.rpm openssl-static-1.0.2k-12.el7.s390.rpm openssl-static-1.0.2k-12.el7.s390x.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: openssl-debuginfo-1.0.2k-12.el7.ppc.rpm openssl-debuginfo-1.0.2k-12.el7.ppc64.rpm openssl-perl-1.0.2k-12.el7.ppc64.rpm openssl-static-1.0.2k-12.el7.ppc.rpm openssl-static-1.0.2k-12.el7.ppc64.rpm ppc64le: openssl-debuginfo-1.0.2k-12.el7.ppc64le.rpm openssl-perl-1.0.2k-12.el7.ppc64le.rpm openssl-static-1.0.2k-12.el7.ppc64le.rpm s390x: openssl-debuginfo-1.0.2k-12.el7.s390.rpm openssl-debuginfo-1.0.2k-12.el7.s390x.rpm openssl-perl-1.0.2k-12.el7.s390x.rpm openssl-static-1.0.2k-12.el7.s390.rpm openssl-static-1.0.2k-12.el7.s390x.rpm x86_64: openssl-debuginfo-1.0.2k-12.el7.i686.rpm openssl-debuginfo-1.0.2k-12.el7.x86_64.rpm openssl-perl-1.0.2k-12.el7.x86_64.rpm openssl-static-1.0.2k-12.el7.i686.rpm openssl-static-1.0.2k-12.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: openssl-1.0.2k-12.el7.src.rpm x86_64: openssl-1.0.2k-12.el7.x86_64.rpm openssl-debuginfo-1.0.2k-12.el7.i686.rpm openssl-debuginfo-1.0.2k-12.el7.x86_64.rpm openssl-devel-1.0.2k-12.el7.i686.rpm openssl-devel-1.0.2k-12.el7.x86_64.rpm openssl-libs-1.0.2k-12.el7.i686.rpm openssl-libs-1.0.2k-12.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: openssl-debuginfo-1.0.2k-12.el7.i686.rpm openssl-debuginfo-1.0.2k-12.el7.x86_64.rpm openssl-perl-1.0.2k-12.el7.x86_64.rpm openssl-static-1.0.2k-12.el7.i686.rpm openssl-static-1.0.2k-12.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-3736 https://access.redhat.com/security/cve/CVE-2017-3737 https://access.redhat.com/security/cve/CVE-2017-3738 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-US/red_hat_enterprise_linux/7/html/7.5_release_notes/index.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFazHmPXlSAg2UNWIIRAqu6AKDErP0kbrPwLuGhT0FWhHa/Os9K1gCfRI4r j0HnnUq1AsYgW3JsOqRcuTk= =hlqc -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Description: This release adds the new Apache HTTP Server 2.4.29 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.23, and includes bug fixes and enhancements. Upstream acknowledges Shi Lei (Gear Team of Qihoo 360 Inc.) as the original reporter of CVE-2016-6306. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. JIRA issues fixed (https://issues.jboss.org/): JBCS-373 - Errata for httpd 2.4.29 GA RHEL 7 7. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. OpenSSL 1.0.2 users should upgrade to 1.0.2n This issue was reported to OpenSSL on 10th November 2017 by David Benjamin (Google). The fix was proposed by David Benjamin and implemented by Matt Caswell of the OpenSSL development team. OpenSSL 1.0.2 users should upgrade to 1.0.2n This issue was reported to OpenSSL on 22nd November 2017 by David Benjamin (Google). The issue was originally found via the OSS-Fuzz project. Note ==== Support for version 1.0.1 ended on 31st December 2016. Support for versions 0.9.8 and 1.0.0 ended on 31st December 2015. Those versions are no longer receiving security updates. References ========== URL for this Security Advisory: https://www.openssl.org/news/secadv/20171207.txt Note: the online version of the advisory may be updated with additional details over time. For details of OpenSSL severity classifications please see: https://www.openssl.org/policies/secpolicy.html . OpenSSL Security Advisory [27 Mar 2018] ======================================== Constructed ASN.1 types with a recursive definition could exceed the stack (CVE-2018-0739) ========================================================================================== Severity: Moderate Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Incorrect CRYPTO_memcmp on HP-UX PA-RISC (CVE-2018-0733) ======================================================== Severity: Moderate Because of an implementation bug the PA-RISC CRYPTO_memcmp function is effectively reduced to only comparing the least significant bit of each byte. This allows an attacker to forge messages that would be considered as authenticated in an amount of tries lower than that guaranteed by the security claims of the scheme. The module can only be compiled by the HP-UX assembler, so that only HP-UX PA-RISC targets are affected

Trust: 2.7

sources: NVD: CVE-2017-3738 // JVNDB: JVNDB-2017-011252 // BID: 102118 // VULMON: CVE-2017-3738 // PACKETSTORM: 148521 // PACKETSTORM: 148525 // PACKETSTORM: 145372 // PACKETSTORM: 145367 // PACKETSTORM: 147117 // PACKETSTORM: 148524 // PACKETSTORM: 169655 // PACKETSTORM: 169626

AFFECTED PRODUCTS

vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.2b	Trust: 1.6
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.2a	Trust: 1.6
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.2	Trust: 1.6
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.2e	Trust: 1.6
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.2f	Trust: 1.6
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.2d	Trust: 1.6
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.2c	Trust: 1.6
vendor:	debian	model:	linux	scope:	eq	version:	8.0	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.1.0g	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.2k	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.1.0b	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	gte	version:	9.0.0	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.2h	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	gte	version:	6.9.0	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	lt	version:	8.9.3	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.2m	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.1.0a	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	lt	version:	6.12.2	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.1.0f	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.1.0d	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.2i	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	lte	version:	8.8.1	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	gte	version:	4.2.0	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	lte	version:	6.8.1	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	gte	version:	8.0.0	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.1.0	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.2j	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	gte	version:	4.0.0	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	lt	version:	4.8.7	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.2l	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	gte	version:	6.0.0	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.2g	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.1.0e	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	lt	version:	9.2.1	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.1.0c	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	lte	version:	4.1.2	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	gte	version:	8.9.0	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	9.0	Trust: 1.0
vendor:	debian	model:	gnu/linux	scope:	eq	version:	9.0	Trust: 0.8
vendor:	openssl	model:	openssl	scope:	-	version:	-	Trust: 0.8
vendor:	nec	model:	edge gateway	scope:	eq	version:	-	Trust: 0.8
vendor:	hitachi	model:	cosminexus http server	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	automation director	scope:	eq	version:	( overseas edition )	Trust: 0.8
vendor:	hitachi	model:	automation director	scope:	eq	version:	( domestic version )	Trust: 0.8
vendor:	hitachi	model:	compute systems manager	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	configuration manager	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	device manager	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	global link manager	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	infrastructure analytics advisor	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	replication manager	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	tiered storage manager	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	tuning manager	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	jp1/automatic job management system 3	scope:	eq	version:	- web console (windows	Trust: 0.8
vendor:	hitachi	model:	jp1/automatic job management system 3	scope:	eq	version:	linux)	Trust: 0.8
vendor:	hitachi	model:	jp1/automatic operation	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	jp1/it desktop management	scope:	eq	version:	2 - smart device manager	Trust: 0.8
vendor:	hitachi	model:	jp1/operations analytics	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	jp1/performance management	scope:	eq	version:	- web console	Trust: 0.8
vendor:	hitachi	model:	jp1/snmp system observer	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	ucosminexus application server	scope:	eq	version:	none	Trust: 0.8
vendor:	hitachi	model:	ucosminexus application server	scope:	eq	version:	-r	Trust: 0.8
vendor:	hitachi	model:	ucosminexus developer	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	ucosminexus primary server	scope:	eq	version:	base	Trust: 0.8
vendor:	hitachi	model:	ucosminexus service architect	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	ucosminexus service platform	scope:	-	version:	-	Trust: 0.8
vendor:	oracle	model:	linux	scope:	eq	version:	7.0	Trust: 0.3
vendor:	openssl	model:	project openssl	scope:	eq	version:	1.1	Trust: 0.3
vendor:	openssl	model:	project openssl	scope:	eq	version:	1.0.2	Trust: 0.3
vendor:	openssl	model:	project openssl 1.1.0g	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.1.0f-git	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.1.0f	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.1.0e	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.1.0d	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.1.0c	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.1.0b	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.1.0a	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.2m	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.2l	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.2k	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.2j	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.2i	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.2h	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.2g	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.2f	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.2e	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.2d	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.2c	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.2b	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.2a	scope:	-	version:	-	Trust: 0.3
vendor:	ibm	model:	db2	scope:	eq	version:	9.8	Trust: 0.3
vendor:	ibm	model:	db2	scope:	eq	version:	9.7	Trust: 0.3
vendor:	ibm	model:	db2	scope:	eq	version:	11.1	Trust: 0.3
vendor:	ibm	model:	db2	scope:	eq	version:	10.5	Trust: 0.3
vendor:	ibm	model:	db2	scope:	eq	version:	10.1	Trust: 0.3
vendor:	openssl	model:	project openssl 1.1.0h	scope:	ne	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.2n	scope:	ne	version:	-	Trust: 0.3

sources: BID: 102118 // JVNDB: JVNDB-2017-011252 // CNNVD: CNNVD-201712-216 // NVD: CVE-2017-3738

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-3738
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-3738
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201712-216
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2017-3738
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-3738
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

nvd@nist.gov:	CVE-2017-3738
baseSeverity:	MEDIUM
baseScore:	5.9
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.2
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2017-3738
baseSeverity:	MEDIUM
baseScore:	5.9
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2017-3738 // JVNDB: JVNDB-2017-011252 // CNNVD: CNNVD-201712-216 // NVD: CVE-2017-3738

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.8

sources: JVNDB: JVNDB-2017-011252 // NVD: CVE-2017-3738

THREAT TYPE

remote

Trust: 0.9

sources: PACKETSTORM: 148525 // PACKETSTORM: 145372 // PACKETSTORM: 148524 // CNNVD: CNNVD-201712-216

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201712-216

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-011252

PATCH

title:	DSA-4065	url:	https://www.debian.org/security/2017/dsa-4065	Trust: 0.8
title:	hitachi-sec-2018-106	url:	http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2018-106/index.html	Trust: 0.8
title:	hitachi-sec-2018-124	url:	http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2018-124/index.html	Trust: 0.8
title:	hitachi-sec-2019-105	url:	http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2019-105/index.html	Trust: 0.8
title:	NV18-010	url:	https://jpn.nec.com/security-info/secinfo/nv18-010.html	Trust: 0.8
title:	NTAP-20171208-0001	url:	https://security.netapp.com/advisory/ntap-20171208-0001/	Trust: 0.8
title:	Data Confidentiality/Integrity Vulnerability, December 2017	url:	https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/	Trust: 0.8
title:	Read/write after SSL object in error state (CVE-2017-3737)	url:	https://www.openssl.org/news/secadv/20171207.txt	Trust: 0.8
title:	hitachi-sec-2018-106	url:	http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2018-106/index.html	Trust: 0.8
title:	hitachi-sec-2018-124	url:	http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2018-124/index.html	Trust: 0.8
title:	hitachi-sec-2019-105	url:	http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2019-105/index.html	Trust: 0.8
title:	OpenSSL Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76995	Trust: 0.6
title:	Red Hat: Moderate: openssl security and bug fix update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20180998 - Security Advisory	Trust: 0.1
title:	Ubuntu Security Notice: openssl vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3512-1	Trust: 0.1
title:	Red Hat: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 RHEL 6 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20182186 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20182187 - Security Advisory	Trust: 0.1
title:	Debian Security Advisories: DSA-4157-1 openssl -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=c79d1e1d762e93b378a3fac64f240919	Trust: 0.1
title:	Red Hat: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 RHEL 7 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20182185 - Security Advisory	Trust: 0.1
title:	IBM: IBM Security Bulletin: Vulnerabilities in OpenSSL affect QLogic 8Gb Intelligent Pass-thru Module and SAN Switch Module for IBM BladeCenter and QLogic Virtual Fabric Extension Module for IBM BladeCenter	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=29a34ceeb17cecefa4b82c6b5a2da56d	Trust: 0.1
title:	Red Hat: CVE-2017-3738	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2017-3738	Trust: 0.1
title:	Arch Linux Issues:	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2017-3738	Trust: 0.1
title:	Hitachi Security Advisories: Multiple Vulnerabilities in JP1	url:	https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories&qid=hitachi-sec-2019-105	Trust: 0.1
title:	Arch Linux Advisories: [ASA-201804-6] lib32-openssl: private key recovery	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201804-6	Trust: 0.1
title:	Amazon Linux AMI: ALAS-2018-1016	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2018-1016	Trust: 0.1
title:	Symantec Security Advisories: SA159: OpenSSL Vulnerabilities 7-Dec-2017	url:	https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories&qid=7a23414ce58f57534a106c24bd753c6b	Trust: 0.1
title:	Arch Linux Advisories: [ASA-201804-2] openssl: multiple issues	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201804-2	Trust: 0.1
title:	Amazon Linux 2: ALAS2-2018-1004	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2018-1004	Trust: 0.1
title:	Tenable Security Advisories: [R1] OpenSSL Stand-alone Patch Available for SecurityCenter versions 5.0 or Later	url:	https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2018-04	Trust: 0.1
title:	Tenable Security Advisories: [R1] Industrial Security 1.1.0 Fixes One Third-party Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2018-06	Trust: 0.1
title:	Tenable Security Advisories: [R2] SecurityCenter 5.6.1 Fixes Multiple Third-party Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2017-16	Trust: 0.1
title:	Arch Linux Advisories: [ASA-201712-11] lib32-openssl-1.0: multiple issues	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201712-11	Trust: 0.1
title:	Tenable Security Advisories: [R1] Nessus Network Monitor 5.5.0 Fixes One Third-party Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2018-07	Trust: 0.1
title:	Oracle: Oracle Critical Patch Update Advisory - July 2018	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=5f8c525f1408011628af1792207b2099	Trust: 0.1
title:	Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2018	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=72fe5ebf222112c8481815fd7cefc7af	Trust: 0.1
title:	Oracle: Oracle Critical Patch Update Advisory - January 2019	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=f655264a6935505d167bbf45f409a57b	Trust: 0.1
title:	Oracle: Oracle Critical Patch Update Advisory - April 2018	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=4019ca77f50c7a34e4d97833e6f3321e	Trust: 0.1
title:	IBM: IBM Security Bulletin: Multiple Security Vulnerabilities have been fixed in IBM Security Privileged Identity Manager Appliance.	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=f5bb2b180c7c77e5a02747a1f31830d9	Trust: 0.1
title:	Oracle: Oracle Critical Patch Update Advisory - October 2018	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=81c63752a6f26433af2128b2e8c02385	Trust: 0.1
title:	Oracle Linux Bulletins: Oracle Linux Bulletin - April 2018	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins&qid=ae57a14ec914f60b7203332a77613077	Trust: 0.1
title:	Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2018	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=586e6062440cdd312211d748e028164e	Trust: 0.1
title:	Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2018	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=525e4e31765e47b9e53b24e880af9d6e	Trust: 0.1
title:	Oracle: Oracle Critical Patch Update Advisory - January 2018	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=e2a7f287e9acc8c64ab3df71130bc64d	Trust: 0.1
title:	core-kit	url:	https://github.com/funtoo/core-kit	Trust: 0.1

sources: VULMON: CVE-2017-3738 // JVNDB: JVNDB-2017-011252 // CNNVD: CNNVD-201712-216

EXTERNAL IDS

db:	NVD	id:	CVE-2017-3738	Trust: 3.6
db:	BID	id:	102118	Trust: 2.0
db:	TENABLE	id:	TNS-2018-04	Trust: 1.7
db:	TENABLE	id:	TNS-2018-07	Trust: 1.7
db:	TENABLE	id:	TNS-2017-16	Trust: 1.7
db:	TENABLE	id:	TNS-2018-06	Trust: 1.7
db:	SECTRACK	id:	1039978	Trust: 1.7
db:	JVN	id:	JVNVU93502675	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-011252	Trust: 0.8
db:	AUSCERT	id:	ESB-2019.4645	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.2261	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.0696	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.1089	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.2536	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.1054	Trust: 0.6
db:	CNNVD	id:	CNNVD-201712-216	Trust: 0.6
db:	VULMON	id:	CVE-2017-3738	Trust: 0.1
db:	PACKETSTORM	id:	148521	Trust: 0.1
db:	PACKETSTORM	id:	148525	Trust: 0.1
db:	PACKETSTORM	id:	145372	Trust: 0.1
db:	PACKETSTORM	id:	145367	Trust: 0.1
db:	PACKETSTORM	id:	147117	Trust: 0.1
db:	PACKETSTORM	id:	148524	Trust: 0.1
db:	PACKETSTORM	id:	169655	Trust: 0.1
db:	PACKETSTORM	id:	169626	Trust: 0.1

sources: VULMON: CVE-2017-3738 // BID: 102118 // JVNDB: JVNDB-2017-011252 // PACKETSTORM: 148521 // PACKETSTORM: 148525 // PACKETSTORM: 145372 // PACKETSTORM: 145367 // PACKETSTORM: 147117 // PACKETSTORM: 148524 // PACKETSTORM: 169655 // PACKETSTORM: 169626 // CNNVD: CNNVD-201712-216 // NVD: CVE-2017-3738

REFERENCES

url:	http://www.securityfocus.com/bid/102118	Trust: 2.4
url:	https://www.openssl.org/news/secadv/20171207.txt	Trust: 2.1
url:	https://www.openssl.org/news/secadv/20180327.txt	Trust: 2.1
url:	https://access.redhat.com/errata/rhsa-2018:0998	Trust: 1.9
url:	https://access.redhat.com/errata/rhsa-2018:2187	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2018:2186	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2018:2185	Trust: 1.8
url:	http://www.securitytracker.com/id/1039978	Trust: 1.7
url:	https://security.netapp.com/advisory/ntap-20171208-0001/	Trust: 1.7
url:	https://security.freebsd.org/advisories/freebsd-sa-17:12.openssl.asc	Trust: 1.7
url:	https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/	Trust: 1.7
url:	https://security.gentoo.org/glsa/201712-03	Trust: 1.7
url:	https://www.debian.org/security/2017/dsa-4065	Trust: 1.7
url:	https://www.tenable.com/security/tns-2017-16	Trust: 1.7
url:	http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html	Trust: 1.7
url:	https://github.com/openssl/openssl/commit/e502cc86df9dafded1694fceb3228ee34d11c11a	Trust: 1.7
url:	https://www.debian.org/security/2018/dsa-4157	Trust: 1.7
url:	http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html	Trust: 1.7
url:	https://www.tenable.com/security/tns-2018-04	Trust: 1.7
url:	https://www.tenable.com/security/tns-2018-07	Trust: 1.7
url:	https://www.tenable.com/security/tns-2018-06	Trust: 1.7
url:	http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html	Trust: 1.7
url:	https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbst03881en_us	Trust: 1.7
url:	http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html	Trust: 1.7
url:	https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html	Trust: 1.7
url:	https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html	Trust: 1.7
url:	https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2017-3738	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3738	Trust: 0.8
url:	http://jvn.jp/cert/jvnvu93502675	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-3737	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2017-3736	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-201914246-1.html	Trust: 0.6
url:	http://www.ibm.com/support/docview.wss?uid=ibm10887987	Trust: 0.6
url:	http://www.ibm.com/support/docview.wss?uid=ibm10887995	Trust: 0.6
url:	http://www.ibm.com/support/docview.wss?uid=ibm10887989	Trust: 0.6
url:	http://www.ibm.com/support/docview.wss?uid=ibm10887985	Trust: 0.6
url:	http://www.ibm.com/support/docview.wss?uid=ibm10887991	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.0696	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.2261/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.2536/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4645/	Trust: 0.6
url:	https://www-01.ibm.com/support/docview.wss?uid=ibm10887987	Trust: 0.6
url:	http://www.ibm.com/support/docview.wss?uid=ibm10879093	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/78218	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/78082	Trust: 0.6
url:	http://www.ibm.com/support/docview.wss?uid=ibm10888295	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2017-3732	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2017-3737	Trust: 0.4
url:	https://access.redhat.com/security/team/contact/	Trust: 0.4
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2017-3738	Trust: 0.4
url:	https://bugzilla.redhat.com/):	Trust: 0.4
url:	https://access.redhat.com/security/updates/classification/#moderate	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2017-3736	Trust: 0.4
url:	http://openssl.org/	Trust: 0.3
url:	https://www.oracle.com/technetwork/topics/security/linuxbulletinapr2018-4431087.html	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21984819	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2182	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2017-3731	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-7055	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-6302	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2017-3731	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2016-6306	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2017-3732	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-6306	Trust: 0.3
url:	https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.29/	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2016-2182	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2016-7055	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2016-6302	Trust: 0.3
url:	https://access.redhat.com/articles/11258	Trust: 0.3
url:	https://access.redhat.com/security/team/key/	Trust: 0.3
url:	https://issues.jboss.org/):	Trust: 0.2
url:	https://www.openssl.org/policies/secpolicy.html	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-0701	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3193	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/200.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://usn.ubuntu.com/3512-1/	Trust: 0.1
url:	https://tools.cisco.com/security/center/viewalert.x?alertid=56193	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu13.3	Trust: 0.1
url:	https://www.ubuntu.com/usn/usn-3512-1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu11.4	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.10	Trust: 0.1
url:	https://www.freebsd.org/handbook/makeworld.html>.	Trust: 0.1
url:	https://security.freebsd.org/>.	Trust: 0.1
url:	https://www.openssl.org/news/secadv/20171207.txt>	Trust: 0.1
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3738>	Trust: 0.1
url:	https://security.freebsd.org/patches/sa-17:12/openssl-10.patch.asc	Trust: 0.1
url:	https://security.freebsd.org/patches/sa-17:12/openssl-11.patch	Trust: 0.1
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3737>	Trust: 0.1
url:	https://security.freebsd.org/patches/sa-17:12/openssl-11.patch.asc	Trust: 0.1
url:	https://security.freebsd.org/advisories/freebsd-sa-17:12.openssl.asc>	Trust: 0.1
url:	https://svnweb.freebsd.org/base?view=revision&revision=nnnnnn>	Trust: 0.1
url:	https://security.freebsd.org/patches/sa-17:12/openssl-10.patch	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.5_release_notes/index.html	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0739	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0733	Trust: 0.1

CREDITS

Red Hat

Trust: 0.4

sources: PACKETSTORM: 148521 // PACKETSTORM: 148525 // PACKETSTORM: 147117 // PACKETSTORM: 148524

SOURCES

db:	VULMON	id:	CVE-2017-3738
db:	BID	id:	102118
db:	JVNDB	id:	JVNDB-2017-011252
db:	PACKETSTORM	id:	148521
db:	PACKETSTORM	id:	148525
db:	PACKETSTORM	id:	145372
db:	PACKETSTORM	id:	145367
db:	PACKETSTORM	id:	147117
db:	PACKETSTORM	id:	148524
db:	PACKETSTORM	id:	169655
db:	PACKETSTORM	id:	169626
db:	CNNVD	id:	CNNVD-201712-216
db:	NVD	id:	CVE-2017-3738

LAST UPDATE DATE

2024-11-06T22:16:57.399000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2017-3738	date:	2022-08-19T00:00:00
db:	BID	id:	102118	date:	2018-10-15T09:00:00
db:	JVNDB	id:	JVNDB-2017-011252	date:	2018-08-13T00:00:00
db:	CNNVD	id:	CNNVD-201712-216	date:	2022-08-22T00:00:00
db:	NVD	id:	CVE-2017-3738	date:	2022-08-19T11:49:42.737

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2017-3738	date:	2017-12-07T00:00:00
db:	BID	id:	102118	date:	2017-12-07T00:00:00
db:	JVNDB	id:	JVNDB-2017-011252	date:	2018-01-12T00:00:00
db:	PACKETSTORM	id:	148521	date:	2018-07-12T21:45:18
db:	PACKETSTORM	id:	148525	date:	2018-07-12T21:48:57
db:	PACKETSTORM	id:	145372	date:	2017-12-12T05:29:29
db:	PACKETSTORM	id:	145367	date:	2017-12-12T05:27:14
db:	PACKETSTORM	id:	147117	date:	2018-04-11T01:25:17
db:	PACKETSTORM	id:	148524	date:	2018-07-12T21:48:49
db:	PACKETSTORM	id:	169655	date:	2017-12-07T12:12:12
db:	PACKETSTORM	id:	169626	date:	2018-03-27T12:12:12
db:	CNNVD	id:	CNNVD-201712-216	date:	2017-12-08T00:00:00
db:	NVD	id:	CVE-2017-3738	date:	2017-12-07T16:29:00.240