Summary
Detail | |||
---|---|---|---|
Vendor | Redhat | First view | 2009-06-04 |
Product | Openssl | Last view | 2013-02-08 |
Version | Type | ||
Update | |||
Edition | |||
Language | |||
Sofware Edition | |||
Target Software | |||
Target Hardware | |||
Other |
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
CPE Name | Affected CVE |
---|---|
cpe:2.3:a:redhat:openssl:0.9.6b-3:*:*:*:*:*:*:* | 6 |
cpe:2.3:a:redhat:openssl:0.9.7a-2:*:*:*:*:*:*:* | 6 |
cpe:2.3:a:redhat:openssl:0.9.6-15:*:*:*:*:*:*:* | 6 |
Related : CVE
Date | Alert | Description | |
---|---|---|---|
5 | 2013-02-08 | CVE-2013-0166 | OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key. |
6.8 | 2012-05-14 | CVE-2012-2333 | Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation. |
7.5 | 2012-04-19 | CVE-2012-2110 | The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. |
5 | 2010-01-14 | CVE-2009-4355 | Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678. |
5 | 2009-06-04 | CVE-2009-1387 | The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a "fragment bug." |
5 | 2009-06-04 | CVE-2009-1386 | ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
33% (2) | CWE-476 | NULL Pointer Dereference |
16% (1) | CWE-399 | Resource Management Errors |
16% (1) | CWE-310 | Cryptographic Issues |
16% (1) | CWE-189 | Numeric Errors |
16% (1) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
Oval Markup Language : Definitions
OvalID | Name |
---|---|
oval:org.mitre.oval:def:7469 | OpenSSL 'ChangeCipherSpec' DTLS Packet Denial of Service Vulnerability |
oval:org.mitre.oval:def:11179 | ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a deni... |
oval:org.mitre.oval:def:25108 | Vulnerability in OpenSSL before 0.9.8i, allows remote attackers to cause a de... |
oval:org.mitre.oval:def:7592 | OpenSSL 'dtls1_retrieve_buffered_fragment()' DTLS Remote Denial of Service Vu... |
oval:org.mitre.oval:def:13891 | USN-792-1 -- openssl vulnerabilities |
oval:org.mitre.oval:def:13721 | DSA-1888-1 openssl, openssl097 -- cryptographic weakness |
oval:org.mitre.oval:def:10740 | The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL bef... |
oval:org.mitre.oval:def:22755 | ELSA-2009:1335: openssl security, bug fix, and enhancement update (Moderate) |
oval:org.mitre.oval:def:24700 | Vulnerability in OpenSSL before 1.0.0 Beta 2, allows remote attackers to caus... |
oval:org.mitre.oval:def:28749 | RHSA-2009:1335 -- openssl security, bug fix, and enhancement update (Moderate) |
oval:org.mitre.oval:def:6964 | DSA-1970 openssl -- denial of service |
oval:org.mitre.oval:def:6678 | OpenSSL 'zlib' Compression Memory Leak Remote Denial of Service Vulnerability |
oval:org.mitre.oval:def:21795 | RHSA-2010:0054: openssl security update (Moderate) |
oval:org.mitre.oval:def:13303 | DSA-1970-1 openssl -- denial of service |
oval:org.mitre.oval:def:12486 | USN-884-1 -- openssl vulnerability |
oval:org.mitre.oval:def:12168 | HP-UX Running OpenSSL, Remote Unauthorized Information Disclosure, Unauthoriz... |
oval:org.mitre.oval:def:11260 | Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in O... |
oval:org.mitre.oval:def:22987 | ELSA-2010:0054: openssl security update (Moderate) |
oval:org.mitre.oval:def:25124 | Vulnerability in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4, al... |
oval:org.mitre.oval:def:21366 | RHSA-2012:0518: openssl security update (Important) |
oval:org.mitre.oval:def:21032 | Multiple OpenSSL vulnerabilities |
oval:org.mitre.oval:def:20716 | VMware vSphere and vCOps updates to third party libraries |
oval:org.mitre.oval:def:19831 | VMware vCenter Server, ESXi and ESX address an NFC Protocol memory corruption... |
oval:org.mitre.oval:def:19592 | HP-UX Running OpenSSL, Remote Denial of Service (DoS) |
oval:org.mitre.oval:def:17928 | USN-1424-1 -- openssl vulnerabilities |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
61684 | OpenSSL CRYPTO_free_all_ex_data() Function Memory Exhaustion DoS |
55073 | OpenSSL ssl/s3_pkt.c DTLS ChangeCipherSpec Packet Handling Remote DoS |
55072 | OpenSSL ssl/d1_both.cdtls1_retrieve_buffered_fragment Function DTLS Handshake... |
ExploitDB Exploits
id | Description |
---|---|
18756 | OpenSSL ASN1 BIO Memory Corruption Vulnerability |
8873 | OpenSSL < 0.9.8i DTLS ChangeCipherSpec Remote DoS Exploit |
OpenVAS Exploits
id | Description |
---|---|
2012-08-31 | Name : VMSA-2012-0013 VMware vSphere and vCOps updates to third party libraries. File : nvt/gb_VMSA-2012-0013.nasl |
2012-08-30 | Name : Fedora Update for openssl FEDORA-2012-6343 File : nvt/gb_fedora_2012_6343_openssl_fc17.nasl |
2012-08-30 | Name : Fedora Update for openssl FEDORA-2012-7939 File : nvt/gb_fedora_2012_7939_openssl_fc17.nasl |
2012-08-10 | Name : FreeBSD Ports: FreeBSD File : nvt/freebsd_FreeBSD19.nasl |
2012-08-03 | Name : Mandriva Update for openssl0.9.8 MDVSA-2012:064 (openssl0.9.8) File : nvt/gb_mandriva_MDVSA_2012_064.nasl |
2012-08-03 | Name : Mandriva Update for openssl MDVSA-2012:060 (openssl) File : nvt/gb_mandriva_MDVSA_2012_060.nasl |
2012-08-03 | Name : Mandriva Update for openssl MDVSA-2012:073 (openssl) File : nvt/gb_mandriva_MDVSA_2012_073.nasl |
2012-07-30 | Name : CentOS Update for openssl CESA-2012:0699 centos6 File : nvt/gb_CESA-2012_0699_openssl_centos6.nasl |
2012-07-30 | Name : CentOS Update for openssl097a CESA-2012:0518 centos5 File : nvt/gb_CESA-2012_0518_openssl097a_centos5.nasl |
2012-07-30 | Name : CentOS Update for openssl098e CESA-2012:0518 centos6 File : nvt/gb_CESA-2012_0518_openssl098e_centos6.nasl |
2012-07-30 | Name : CentOS Update for openssl CESA-2012:0699 centos5 File : nvt/gb_CESA-2012_0699_openssl_centos5.nasl |
2012-06-04 | Name : Fedora Update for openssl FEDORA-2012-8014 File : nvt/gb_fedora_2012_8014_openssl_fc16.nasl |
2012-06-04 | Name : Fedora Update for openssl FEDORA-2012-8024 File : nvt/gb_fedora_2012_8024_openssl_fc15.nasl |
2012-06-01 | Name : RedHat Update for openssl RHSA-2012:0699-01 File : nvt/gb_RHSA-2012_0699-01_openssl.nasl |
2012-05-31 | Name : FreeBSD Ports: openssl File : nvt/freebsd_openssl9.nasl |
2012-05-31 | Name : Debian Security Advisory DSA 2475-1 (openssl) File : nvt/deb_2475_1.nasl |
2012-05-25 | Name : Ubuntu Update for openssl USN-1451-1 File : nvt/gb_ubuntu_USN_1451_1.nasl |
2012-05-11 | Name : Fedora Update for openssl FEDORA-2012-6395 File : nvt/gb_fedora_2012_6395_openssl_fc15.nasl |
2012-04-30 | Name : FreeBSD Ports: openssl File : nvt/freebsd_openssl7.nasl |
2012-04-30 | Name : Debian Security Advisory DSA 2454-2 (openssl) File : nvt/deb_2454_2.nasl |
2012-04-30 | Name : Debian Security Advisory DSA 2454-1 (openssl) File : nvt/deb_2454_1.nasl |
2012-04-30 | Name : Fedora Update for openssl FEDORA-2012-6403 File : nvt/gb_fedora_2012_6403_openssl_fc16.nasl |
2012-04-26 | Name : RedHat Update for openssl RHSA-2012:0518-01 File : nvt/gb_RHSA-2012_0518-01_openssl.nasl |
2012-04-26 | Name : Ubuntu Update for openssl USN-1428-1 File : nvt/gb_ubuntu_USN_1428_1.nasl |
2012-04-20 | Name : Ubuntu Update for openssl USN-1424-1 File : nvt/gb_ubuntu_USN_1424_1.nasl |
Information Assurance Vulnerability Management (IAVM)
id | Description |
---|---|
2013-A-0181 | Multiple Vulnerabilities in Junos Pulse Secure Access Service (IVE) Severity: Category I - VMSKEY: V0040371 |
2013-A-0180 | Multiple Vulnerabilities in Juniper Networks Junos Pulse Access Service Acces... Severity: Category I - VMSKEY: V0040372 |
2013-A-0179 | Apple Mac OS X Security Update 2013-004 Severity: Category I - VMSKEY: V0040373 |
2013-A-0077 | Multiple Vulnerabilities in OpenSSL Severity: Category I - VMSKEY: V0037605 |
2013-A-0056 | VMware ESXi 3.5 and ESX 3.5 Memory Corruption Vulnerability Severity: Category I - VMSKEY: V0037066 |
2012-A-0153 | Multiple Vulnerabilities in VMware ESX 4.0 and ESXi 4.0 Severity: Category I - VMSKEY: V0033884 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2016-03-08 | Name: The remote VMware ESX host is missing a security-related patch. File: vmware_VMSA-2010-0004_remote.nasl - Type: ACT_GATHER_INFO |
2016-03-08 | Name: The remote VMware ESX / ESXi host is missing a security-related patch. File: vmware_VMSA-2010-0009_remote.nasl - Type: ACT_GATHER_INFO |
2016-03-04 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2016-294.nasl - Type: ACT_GATHER_INFO |
2016-03-04 | Name: The remote VMware ESX / ESXi host is missing a security-related patch. File: vmware_esx_VMSA-2013-0003_remote.nasl - Type: ACT_GATHER_INFO |
2016-03-04 | Name: The remote VMware ESX / ESXi host is missing a security-related patch. File: vmware_esx_VMSA-2013-0009_remote.nasl - Type: ACT_GATHER_INFO |
2016-02-29 | Name: The remote VMware ESX / ESXi host is missing a security-related patch. File: vmware_VMSA-2012-0013_remote.nasl - Type: ACT_GATHER_INFO |
2015-04-10 | Name: The remote device is missing a vendor-supplied security patch. File: f5_bigip_SOL16285.nasl - Type: ACT_GATHER_INFO |
2015-01-19 | Name: The remote Solaris system is missing a security patch for third-party software. File: solaris11_openssl_20120626.nasl - Type: ACT_GATHER_INFO |
2015-01-19 | Name: The remote Solaris system is missing a security patch for third-party software. File: solaris11_openssl_20120814.nasl - Type: ACT_GATHER_INFO |
2015-01-19 | Name: The remote Solaris system is missing a security patch for third-party software. File: solaris11_openssl_20130716.nasl - Type: ACT_GATHER_INFO |
2014-12-22 | Name: The remote device is affected by multiple vulnerabilities. File: juniper_space_jsa10659.nasl - Type: ACT_GATHER_INFO |
2014-12-05 | Name: The remote SuSE 11 host is missing one or more security updates. File: suse_11_compat-openssl097g-141202.nasl - Type: ACT_GATHER_INFO |
2014-11-26 | Name: The remote OracleVM host is missing a security update. File: oraclevm_OVMSA-2014-0007.nasl - Type: ACT_GATHER_INFO |
2014-11-26 | Name: The remote OracleVM host is missing a security update. File: oraclevm_OVMSA-2014-0008.nasl - Type: ACT_GATHER_INFO |
2014-11-08 | Name: The remote Red Hat host is missing a security update. File: redhat-RHSA-2013-0636.nasl - Type: ACT_GATHER_INFO |
2014-11-08 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2014-0416.nasl - Type: ACT_GATHER_INFO |
2014-10-10 | Name: The remote device is missing a vendor-supplied security patch. File: f5_bigip_SOL14261.nasl - Type: ACT_GATHER_INFO |
2014-10-10 | Name: The remote device is missing a vendor-supplied security patch. File: f5_bigip_SOL15348.nasl - Type: ACT_GATHER_INFO |
2014-10-10 | Name: The remote device is missing a vendor-supplied security patch. File: f5_bigip_SOL15401.nasl - Type: ACT_GATHER_INFO |
2014-06-13 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2012-308.nasl - Type: ACT_GATHER_INFO |
2014-06-13 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2013-153.nasl - Type: ACT_GATHER_INFO |
2014-06-13 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2013-154.nasl - Type: ACT_GATHER_INFO |
2014-04-16 | Name: The remote AIX host is running a vulnerable version of OpenSSL. File: aix_openssl_advisory4.nasl - Type: ACT_GATHER_INFO |
2014-04-16 | Name: The remote AIX host is running a vulnerable version of OpenSSL. File: aix_openssl_advisory5.nasl - Type: ACT_GATHER_INFO |
2014-01-20 | Name: The remote VMware ESXi 5.1 host is affected by multiple vulnerabilities. File: vmware_esxi_5_1_build_1483097_remote.nasl - Type: ACT_GATHER_INFO |