This CPE summary could be partial or incomplete. Please contact us for a detailed listing.
Summary
| Detail | |||
|---|---|---|---|
| Vendor | Redhat | First view | 2009-06-04 |
| Product | Openssl | Last view | 2013-02-08 |
| Version | Type | ||
| Update | |||
| Edition | |||
| Language | |||
| Sofware Edition | |||
| Target Software | |||
| Target Hardware | |||
| Other | |||
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
| CPE Name | Affected CVE |
|---|---|
| cpe:2.3:a:redhat:openssl:0.9.6b-3:*:*:*:*:*:*:* | 6 |
| cpe:2.3:a:redhat:openssl:0.9.7a-2:*:*:*:*:*:*:* | 6 |
| cpe:2.3:a:redhat:openssl:0.9.6-15:*:*:*:*:*:*:* | 6 |
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 5 | 2013-02-08 | CVE-2013-0166 | OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key. |
| 6.8 | 2012-05-14 | CVE-2012-2333 | Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation. |
| 7.5 | 2012-04-19 | CVE-2012-2110 | The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. |
| 5 | 2010-01-14 | CVE-2009-4355 | Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678. |
| 5 | 2009-06-04 | CVE-2009-1387 | The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a "fragment bug." |
| 5 | 2009-06-04 | CVE-2009-1386 | ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 33% (2) | CWE-476 | NULL Pointer Dereference |
| 16% (1) | CWE-399 | Resource Management Errors |
| 16% (1) | CWE-310 | Cryptographic Issues |
| 16% (1) | CWE-189 | Numeric Errors |
| 16% (1) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
Oval Markup Language : Definitions
This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
| OvalID | Name |
|---|---|
| oval:org.mitre.oval:def:7469 | OpenSSL 'ChangeCipherSpec' DTLS Packet Denial of Service Vulnerability |
| oval:org.mitre.oval:def:11179 | ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a deni... |
| oval:org.mitre.oval:def:25108 | Vulnerability in OpenSSL before 0.9.8i, allows remote attackers to cause a de... |
| oval:org.mitre.oval:def:7592 | OpenSSL 'dtls1_retrieve_buffered_fragment()' DTLS Remote Denial of Service Vu... |
| oval:org.mitre.oval:def:13891 | USN-792-1 -- openssl vulnerabilities |
| oval:org.mitre.oval:def:13721 | DSA-1888-1 openssl, openssl097 -- cryptographic weakness |
| oval:org.mitre.oval:def:10740 | The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL bef... |
| oval:org.mitre.oval:def:22755 | ELSA-2009:1335: openssl security, bug fix, and enhancement update (Moderate) |
| oval:org.mitre.oval:def:24700 | Vulnerability in OpenSSL before 1.0.0 Beta 2, allows remote attackers to caus... |
| oval:org.mitre.oval:def:28749 | RHSA-2009:1335 -- openssl security, bug fix, and enhancement update (Moderate) |
| oval:org.mitre.oval:def:6964 | DSA-1970 openssl -- denial of service |
| oval:org.mitre.oval:def:6678 | OpenSSL 'zlib' Compression Memory Leak Remote Denial of Service Vulnerability |
| oval:org.mitre.oval:def:21795 | RHSA-2010:0054: openssl security update (Moderate) |
| oval:org.mitre.oval:def:13303 | DSA-1970-1 openssl -- denial of service |
| oval:org.mitre.oval:def:12486 | USN-884-1 -- openssl vulnerability |
| oval:org.mitre.oval:def:12168 | HP-UX Running OpenSSL, Remote Unauthorized Information Disclosure, Unauthoriz... |
| oval:org.mitre.oval:def:11260 | Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in O... |
| oval:org.mitre.oval:def:22987 | ELSA-2010:0054: openssl security update (Moderate) |
| oval:org.mitre.oval:def:25124 | Vulnerability in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4, al... |
| oval:org.mitre.oval:def:21366 | RHSA-2012:0518: openssl security update (Important) |
| oval:org.mitre.oval:def:21032 | Multiple OpenSSL vulnerabilities |
| oval:org.mitre.oval:def:20716 | VMware vSphere and vCOps updates to third party libraries |
| oval:org.mitre.oval:def:19831 | VMware vCenter Server, ESXi and ESX address an NFC Protocol memory corruption... |
| oval:org.mitre.oval:def:19592 | HP-UX Running OpenSSL, Remote Denial of Service (DoS) |
| oval:org.mitre.oval:def:17928 | USN-1424-1 -- openssl vulnerabilities |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 61684 | OpenSSL CRYPTO_free_all_ex_data() Function Memory Exhaustion DoS |
| 55073 | OpenSSL ssl/s3_pkt.c DTLS ChangeCipherSpec Packet Handling Remote DoS |
| 55072 | OpenSSL ssl/d1_both.cdtls1_retrieve_buffered_fragment Function DTLS Handshake... |
ExploitDB Exploits
| id | Description |
|---|---|
| 18756 | OpenSSL ASN1 BIO Memory Corruption Vulnerability |
| 8873 | OpenSSL < 0.9.8i DTLS ChangeCipherSpec Remote DoS Exploit |
OpenVAS Exploits
This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
| id | Description |
|---|---|
| 2012-08-31 | Name : VMSA-2012-0013 VMware vSphere and vCOps updates to third party libraries. File : nvt/gb_VMSA-2012-0013.nasl |
| 2012-08-30 | Name : Fedora Update for openssl FEDORA-2012-6343 File : nvt/gb_fedora_2012_6343_openssl_fc17.nasl |
| 2012-08-30 | Name : Fedora Update for openssl FEDORA-2012-7939 File : nvt/gb_fedora_2012_7939_openssl_fc17.nasl |
| 2012-08-10 | Name : FreeBSD Ports: FreeBSD File : nvt/freebsd_FreeBSD19.nasl |
| 2012-08-03 | Name : Mandriva Update for openssl0.9.8 MDVSA-2012:064 (openssl0.9.8) File : nvt/gb_mandriva_MDVSA_2012_064.nasl |
| 2012-08-03 | Name : Mandriva Update for openssl MDVSA-2012:060 (openssl) File : nvt/gb_mandriva_MDVSA_2012_060.nasl |
| 2012-08-03 | Name : Mandriva Update for openssl MDVSA-2012:073 (openssl) File : nvt/gb_mandriva_MDVSA_2012_073.nasl |
| 2012-07-30 | Name : CentOS Update for openssl CESA-2012:0699 centos6 File : nvt/gb_CESA-2012_0699_openssl_centos6.nasl |
| 2012-07-30 | Name : CentOS Update for openssl097a CESA-2012:0518 centos5 File : nvt/gb_CESA-2012_0518_openssl097a_centos5.nasl |
| 2012-07-30 | Name : CentOS Update for openssl098e CESA-2012:0518 centos6 File : nvt/gb_CESA-2012_0518_openssl098e_centos6.nasl |
| 2012-07-30 | Name : CentOS Update for openssl CESA-2012:0699 centos5 File : nvt/gb_CESA-2012_0699_openssl_centos5.nasl |
| 2012-06-04 | Name : Fedora Update for openssl FEDORA-2012-8014 File : nvt/gb_fedora_2012_8014_openssl_fc16.nasl |
| 2012-06-04 | Name : Fedora Update for openssl FEDORA-2012-8024 File : nvt/gb_fedora_2012_8024_openssl_fc15.nasl |
| 2012-06-01 | Name : RedHat Update for openssl RHSA-2012:0699-01 File : nvt/gb_RHSA-2012_0699-01_openssl.nasl |
| 2012-05-31 | Name : FreeBSD Ports: openssl File : nvt/freebsd_openssl9.nasl |
| 2012-05-31 | Name : Debian Security Advisory DSA 2475-1 (openssl) File : nvt/deb_2475_1.nasl |
| 2012-05-25 | Name : Ubuntu Update for openssl USN-1451-1 File : nvt/gb_ubuntu_USN_1451_1.nasl |
| 2012-05-11 | Name : Fedora Update for openssl FEDORA-2012-6395 File : nvt/gb_fedora_2012_6395_openssl_fc15.nasl |
| 2012-04-30 | Name : FreeBSD Ports: openssl File : nvt/freebsd_openssl7.nasl |
| 2012-04-30 | Name : Debian Security Advisory DSA 2454-2 (openssl) File : nvt/deb_2454_2.nasl |
| 2012-04-30 | Name : Debian Security Advisory DSA 2454-1 (openssl) File : nvt/deb_2454_1.nasl |
| 2012-04-30 | Name : Fedora Update for openssl FEDORA-2012-6403 File : nvt/gb_fedora_2012_6403_openssl_fc16.nasl |
| 2012-04-26 | Name : RedHat Update for openssl RHSA-2012:0518-01 File : nvt/gb_RHSA-2012_0518-01_openssl.nasl |
| 2012-04-26 | Name : Ubuntu Update for openssl USN-1428-1 File : nvt/gb_ubuntu_USN_1428_1.nasl |
| 2012-04-20 | Name : Ubuntu Update for openssl USN-1424-1 File : nvt/gb_ubuntu_USN_1424_1.nasl |
Information Assurance Vulnerability Management (IAVM)
| id | Description |
|---|---|
| 2013-A-0181 | Multiple Vulnerabilities in Junos Pulse Secure Access Service (IVE) Severity: Category I - VMSKEY: V0040371 |
| 2013-A-0180 | Multiple Vulnerabilities in Juniper Networks Junos Pulse Access Service Acces... Severity: Category I - VMSKEY: V0040372 |
| 2013-A-0179 | Apple Mac OS X Security Update 2013-004 Severity: Category I - VMSKEY: V0040373 |
| 2013-A-0077 | Multiple Vulnerabilities in OpenSSL Severity: Category I - VMSKEY: V0037605 |
| 2013-A-0056 | VMware ESXi 3.5 and ESX 3.5 Memory Corruption Vulnerability Severity: Category I - VMSKEY: V0037066 |
| 2012-A-0153 | Multiple Vulnerabilities in VMware ESX 4.0 and ESXi 4.0 Severity: Category I - VMSKEY: V0033884 |
Nessus® Vulnerability Scanner
This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
| id | Description |
|---|---|
| 2016-03-08 | Name: The remote VMware ESX host is missing a security-related patch. File: vmware_VMSA-2010-0004_remote.nasl - Type: ACT_GATHER_INFO |
| 2016-03-08 | Name: The remote VMware ESX / ESXi host is missing a security-related patch. File: vmware_VMSA-2010-0009_remote.nasl - Type: ACT_GATHER_INFO |
| 2016-03-04 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2016-294.nasl - Type: ACT_GATHER_INFO |
| 2016-03-04 | Name: The remote VMware ESX / ESXi host is missing a security-related patch. File: vmware_esx_VMSA-2013-0003_remote.nasl - Type: ACT_GATHER_INFO |
| 2016-03-04 | Name: The remote VMware ESX / ESXi host is missing a security-related patch. File: vmware_esx_VMSA-2013-0009_remote.nasl - Type: ACT_GATHER_INFO |
| 2016-02-29 | Name: The remote VMware ESX / ESXi host is missing a security-related patch. File: vmware_VMSA-2012-0013_remote.nasl - Type: ACT_GATHER_INFO |
| 2015-04-10 | Name: The remote device is missing a vendor-supplied security patch. File: f5_bigip_SOL16285.nasl - Type: ACT_GATHER_INFO |
| 2015-01-19 | Name: The remote Solaris system is missing a security patch for third-party software. File: solaris11_openssl_20120626.nasl - Type: ACT_GATHER_INFO |
| 2015-01-19 | Name: The remote Solaris system is missing a security patch for third-party software. File: solaris11_openssl_20120814.nasl - Type: ACT_GATHER_INFO |
| 2015-01-19 | Name: The remote Solaris system is missing a security patch for third-party software. File: solaris11_openssl_20130716.nasl - Type: ACT_GATHER_INFO |
| 2014-12-22 | Name: The remote device is affected by multiple vulnerabilities. File: juniper_space_jsa10659.nasl - Type: ACT_GATHER_INFO |
| 2014-12-05 | Name: The remote SuSE 11 host is missing one or more security updates. File: suse_11_compat-openssl097g-141202.nasl - Type: ACT_GATHER_INFO |
| 2014-11-26 | Name: The remote OracleVM host is missing a security update. File: oraclevm_OVMSA-2014-0007.nasl - Type: ACT_GATHER_INFO |
| 2014-11-26 | Name: The remote OracleVM host is missing a security update. File: oraclevm_OVMSA-2014-0008.nasl - Type: ACT_GATHER_INFO |
| 2014-11-08 | Name: The remote Red Hat host is missing a security update. File: redhat-RHSA-2013-0636.nasl - Type: ACT_GATHER_INFO |
| 2014-11-08 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2014-0416.nasl - Type: ACT_GATHER_INFO |
| 2014-10-10 | Name: The remote device is missing a vendor-supplied security patch. File: f5_bigip_SOL14261.nasl - Type: ACT_GATHER_INFO |
| 2014-10-10 | Name: The remote device is missing a vendor-supplied security patch. File: f5_bigip_SOL15348.nasl - Type: ACT_GATHER_INFO |
| 2014-10-10 | Name: The remote device is missing a vendor-supplied security patch. File: f5_bigip_SOL15401.nasl - Type: ACT_GATHER_INFO |
| 2014-06-13 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2012-308.nasl - Type: ACT_GATHER_INFO |
| 2014-06-13 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2013-153.nasl - Type: ACT_GATHER_INFO |
| 2014-06-13 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2013-154.nasl - Type: ACT_GATHER_INFO |
| 2014-04-16 | Name: The remote AIX host is running a vulnerable version of OpenSSL. File: aix_openssl_advisory4.nasl - Type: ACT_GATHER_INFO |
| 2014-04-16 | Name: The remote AIX host is running a vulnerable version of OpenSSL. File: aix_openssl_advisory5.nasl - Type: ACT_GATHER_INFO |
| 2014-01-20 | Name: The remote VMware ESXi 5.1 host is affected by multiple vulnerabilities. File: vmware_esxi_5_1_build_1483097_remote.nasl - Type: ACT_GATHER_INFO |
