4.3 - CVE-2015-3216

Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Informations
Name	CVE-2015-3216	First vendor Publication	2015-07-07
Vendor	Cve	Last vendor Modification	2018-01-05

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:N/A:P)
Cvss Base Score	4.3	Attack Range	Network
Cvss Impact Score	2.9	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Race condition in a certain Red Hat patch to the PRNG lock implementation in the ssleay_rand_bytes function in OpenSSL, as distributed in openssl-1.0.1e-25.el7 in Red Hat Enterprise Linux (RHEL) 7 and other products, allows remote attackers to cause a denial of service (application crash) by establishing many TLS sessions to a multithreaded server, leading to use of a negative value for a certain length field.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3216

CWE : Common Weakness Enumeration

%	Id	Name
50 %	CWE-362	Race Condition
50 %	CWE-189	Numeric Errors (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:28265

Oval ID:	oval:org.mitre.oval:def:28265
Title:	SUSE-SU-2015:1143-1 -- Security update for openssl (important)
Description:	This update of openssl fixes the following security issues: - CVE-2015-4000 (bsc#931698) * The Logjam Attack / weakdh.org * reject connections with DH parameters shorter than 1024 bits * generates 2048-bit DH parameters by default - CVE-2015-1788 (bsc#934487) * Malformed ECParameters causes infinite loop - CVE-2015-1789 (bsc#934489)
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2015:1143-1 CVE-2015-4000 CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1792 CVE-2015-1791 CVE-2015-3216	Version:	3
Platform(s):	SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12	Product(s):	openssl
Definition Synopsis:
SUSE Linux Enterprise Server 12 and SUSE Linux Enterprise Desktop 12 release section Operation system section SUSE Linux Enterprise Server 12 is installed AND SUSE Linux Enterprise Desktop 12 is installed Packages match section libopenssl1_0_0 is earlier than 0:1.0.1i-25.1 AND libopenssl1_0_0-debuginfo is earlier than 0:1.0.1i-25.1 AND openssl is earlier than 0:1.0.1i-25.1 AND openssl-debuginfo is earlier than 0:1.0.1i-25.1 AND openssl-debugsource is earlier than 0:1.0.1i-25.1 AND libopenssl1_0_0-32bit is earlier than 0:1.0.1i-25.1 AND libopenssl1_0_0-debuginfo-32bit is earlier than 0:1.0.1i-25.1 AND SUSE Linux Enterprise Server 12 release section SUSE Linux Enterprise Server 12 is installed Packages match section libopenssl1_0_0-hmac is earlier than 0:1.0.1i-25.1 AND libopenssl1_0_0-hmac-32bit is earlier than 0:1.0.1i-25.1 AND openssl-doc is earlier than 0:1.0.1i-25.1

Definition Id: oval:org.mitre.oval:def:28440

Oval ID:	oval:org.mitre.oval:def:28440
Title:	RHSA-2015:1115-01 -- Redhat openssl
Description:	OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An invalid free flaw was found in the way OpenSSL handled certain DTLS handshake messages. A malicious DTLS client or server could cause a DTLS server or client using OpenSSL to crash or, potentially, execute arbitrary code. A flaw was found in the way the OpenSSL packages shipped with Red Hat Enterprise Linux 6 and 7 performed locking in the ssleay_rand_bytes function. This issue could possibly cause a multi-threaded application using OpenSSL to perform an out-of-bounds read and crash. An out-of-bounds read flaw was found in the X509_cmp_time function of OpenSSL. A specially crafted X.509 certificate or a Certificate Revocation List could possibly cause a TLS/SSL server or client using OpenSSL to crash. A race condition was found in the session handling code of OpenSSL. This issue could possibly cause a multi-threaded TLS/SSL client using OpenSSL to double free session ticket data and crash. A flaw was found in the way OpenSSL handled Cryptographic Message Syntax messages. A CMS message with an unknown hash function identifier could cause an application using OpenSSL to enter an infinite loop. A NULL pointer dereference was found in the way OpenSSL handled certain PKCS#7 inputs. A specially crafted PKCS#7 input with missing EncryptedContent data could cause an application using OpenSSL to crash. Red Hat would like to thank the OpenSSL project for reporting CVE-2014-8176, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791 and CVE-2015-1792 flaws. Upstream acknowledges Praveen Kariyanahalli and Ivan Fratric as the original reporters of CVE-2014-8176, Robert Swiecki and Hanno Bock as the original reporters of CVE-2015-1789, Michal Zalewski as the original reporter of CVE-2015-1790, Emilia Kasper as the original report of CVE-2015-1791 and Johannes Bauer as the original reporter of CVE-2015-1792. All openssl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
Family:	unix	Class:	patch
Reference(s):	RHSA-2015:1115-01 CVE-2014-8176 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 CVE-2015-3216	Version:	3
Platform(s):	Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 6	Product(s):	openssl
Definition Synopsis:
Section for Red Hat Enterprise Linux 7 The operating system installed on the system is Red Hat Enterprise Linux 7 AND All dependent packages of openssl openssl is earlier than 1:1.0.1e-42.el7_1.8 AND openssl-debuginfo is earlier than 1:1.0.1e-42.el7_1.8 AND openssl-devel is earlier than 1:1.0.1e-42.el7_1.8 AND openssl-libs is earlier than 1:1.0.1e-42.el7_1.8 OR Section for Red Hat Enterprise Linux 6 The operating system installed on the system is Red Hat Enterprise Linux 6 AND All dependent packages of openssl openssl is earlier than 0:1.0.1e-30.el6_6.11 AND openssl-debuginfo is earlier than 0:1.0.1e-30.el6_6.11 AND openssl-devel is earlier than 0:1.0.1e-30.el6_6.11

Definition Id: oval:org.mitre.oval:def:28643

Oval ID:	oval:org.mitre.oval:def:28643
Title:	ELSA-2015-1115 -- Oracle openssl
Description:	OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An invalid free flaw was found in the way OpenSSL handled certain DTLS handshake messages. A malicious DTLS client or server could cause a DTLS server or client using OpenSSL to crash or, potentially, execute arbitrary code. A flaw was found in the way the OpenSSL packages shipped with Red Hat Enterprise Linux 6 and 7 performed locking in the ssleay_rand_bytes function. This issue could possibly cause a multi-threaded application using OpenSSL to perform an out-of-bounds read and crash. An out-of-bounds read flaw was found in the X509_cmp_time function of OpenSSL. A specially crafted X.509 certificate or a Certificate Revocation List could possibly cause a TLS/SSL server or client using OpenSSL to crash. A race condition was found in the session handling code of OpenSSL. This issue could possibly cause a multi-threaded TLS/SSL client using OpenSSL to double free session ticket data and crash. A flaw was found in the way OpenSSL handled Cryptographic Message Syntax messages. A CMS message with an unknown hash function identifier could cause an application using OpenSSL to enter an infinite loop. A NULL pointer dereference was found in the way OpenSSL handled certain PKCS#7 inputs. A specially crafted PKCS#7 input with missing EncryptedContent data could cause an application using OpenSSL to crash. Red Hat would like to thank the OpenSSL project for reporting CVE-2014-8176, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791 and CVE-2015-1792 flaws. Upstream acknowledges Praveen Kariyanahalli and Ivan Fratric as the original reporters of CVE-2014-8176, Robert Swiecki and Hanno Bock as the original reporters of CVE-2015-1789, Michal Zalewski as the original reporter of CVE-2015-1790, Emilia Kasper as the original report of CVE-2015-1791 and Johannes Bauer as the original reporter of CVE-2015-1792. All openssl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
Family:	unix	Class:	patch
Reference(s):	ELSA-2015-1115 CVE-2015-1791 CVE-2015-0209 CVE-2014-8176 CVE-2015-1789 CVE-2015-1790 CVE-2015-1792 CVE-2015-3216	Version:	3
Platform(s):	Oracle Linux 6	Product(s):	openssl
Definition Synopsis:
Oracle Linux 6.x AND All dependent packages of openssl openssl is earlier than 0:1.0.1e-30.el6_6.11 for i686 AND openssl-devel is earlier than 0:1.0.1e-30.el6_6.11 for i686 AND openssl-perl is earlier than 0:1.0.1e-30.el6_6.11 for i686 AND openssl-static is earlier than 0:1.0.1e-30.el6_6.11 for i686 AND openssl is earlier than 0:1.0.1e-30.el6_6.11 for x86_64 AND openssl-devel is earlier than 0:1.0.1e-30.el6_6.11 for x86_64 AND openssl-perl is earlier than 0:1.0.1e-30.el6_6.11 for x86_64 AND openssl-static is earlier than 0:1.0.1e-30.el6_6.11 for x86_64

Definition Id: oval:org.mitre.oval:def:28674

Oval ID:	oval:org.mitre.oval:def:28674
Title:	CESA-2015:1115 -- centos 6 openssl
Description:	OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An invalid free flaw was found in the way OpenSSL handled certain DTLS handshake messages. A malicious DTLS client or server could cause a DTLS server or client using OpenSSL to crash or, potentially, execute arbitrary code. A flaw was found in the way the OpenSSL packages shipped with Red Hat Enterprise Linux 6 and 7 performed locking in the ssleay_rand_bytes function. This issue could possibly cause a multi-threaded application using OpenSSL to perform an out-of-bounds read and crash. An out-of-bounds read flaw was found in the X509_cmp_time function of OpenSSL. A specially crafted X.509 certificate or a Certificate Revocation List could possibly cause a TLS/SSL server or client using OpenSSL to crash. A race condition was found in the session handling code of OpenSSL. This issue could possibly cause a multi-threaded TLS/SSL client using OpenSSL to double free session ticket data and crash. A flaw was found in the way OpenSSL handled Cryptographic Message Syntax messages. A CMS message with an unknown hash function identifier could cause an application using OpenSSL to enter an infinite loop. A NULL pointer dereference was found in the way OpenSSL handled certain PKCS#7 inputs. A specially crafted PKCS#7 input with missing EncryptedContent data could cause an application using OpenSSL to crash. Red Hat would like to thank the OpenSSL project for reporting CVE-2014-8176, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791 and CVE-2015-1792 flaws. Upstream acknowledges Praveen Kariyanahalli and Ivan Fratric as the original reporters of CVE-2014-8176, Robert Swiecki and Hanno Bock as the original reporters of CVE-2015-1789, Michal Zalewski as the original reporter of CVE-2015-1790, Emilia Kasper as the original report of CVE-2015-1791 and Johannes Bauer as the original reporter of CVE-2015-1792. All openssl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
Family:	unix	Class:	patch
Reference(s):	CESA-2015:1115 CVE-2014-8176 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 CVE-2015-3216	Version:	3
Platform(s):	CentOS Linux 6	Product(s):	openssl
Definition Synopsis:
The operating system installed on the system is CentOS Linux 6.x AND All dependent packages of openssl openssl is earlier than 0:1.0.1e-30.el6.11 for i686 AND openssl-devel is earlier than 0:1.0.1e-30.el6.11 for i686 AND openssl-perl is earlier than 0:1.0.1e-30.el6.11 for i686 AND openssl-static is earlier than 0:1.0.1e-30.el6.11 for i686 AND openssl is earlier than 0:1.0.1e-30.el6.11 for x86_64 AND openssl-devel is earlier than 0:1.0.1e-30.el6.11 for x86_64 AND openssl-perl is earlier than 0:1.0.1e-30.el6.11 for x86_64 AND openssl-static is earlier than 0:1.0.1e-30.el6.11 for x86_64

Definition Id: oval:org.mitre.oval:def:29099

Oval ID:	oval:org.mitre.oval:def:29099
Title:	CESA-2015:1115 -- centos 7 openssl
Description:	OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An invalid free flaw was found in the way OpenSSL handled certain DTLS handshake messages. A malicious DTLS client or server could cause a DTLS server or client using OpenSSL to crash or, potentially, execute arbitrary code. A flaw was found in the way the OpenSSL packages shipped with Red Hat Enterprise Linux 6 and 7 performed locking in the ssleay_rand_bytes function. This issue could possibly cause a multi-threaded application using OpenSSL to perform an out-of-bounds read and crash. An out-of-bounds read flaw was found in the X509_cmp_time function of OpenSSL. A specially crafted X.509 certificate or a Certificate Revocation List could possibly cause a TLS/SSL server or client using OpenSSL to crash. A race condition was found in the session handling code of OpenSSL. This issue could possibly cause a multi-threaded TLS/SSL client using OpenSSL to double free session ticket data and crash. A flaw was found in the way OpenSSL handled Cryptographic Message Syntax messages. A CMS message with an unknown hash function identifier could cause an application using OpenSSL to enter an infinite loop. A NULL pointer dereference was found in the way OpenSSL handled certain PKCS#7 inputs. A specially crafted PKCS#7 input with missing EncryptedContent data could cause an application using OpenSSL to crash. Red Hat would like to thank the OpenSSL project for reporting CVE-2014-8176, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791 and CVE-2015-1792 flaws. Upstream acknowledges Praveen Kariyanahalli and Ivan Fratric as the original reporters of CVE-2014-8176, Robert Swiecki and Hanno Bock as the original reporters of CVE-2015-1789, Michal Zalewski as the original reporter of CVE-2015-1790, Emilia Kasper as the original report of CVE-2015-1791 and Johannes Bauer as the original reporter of CVE-2015-1792. All openssl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
Family:	unix	Class:	patch
Reference(s):	CESA-2015:1115 CVE-2014-8176 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 CVE-2015-3216	Version:	3
Platform(s):	CentOS Linux 7	Product(s):	openssl
Definition Synopsis:
The operating system installed on the system is CentOS Linux 7.x AND All dependent packages of openssl openssl is earlier than 1:1.0.1e-42.el7.8 for x86_64 AND openssl-devel is earlier than 1:1.0.1e-42.el7.8 for i686 AND openssl-devel is earlier than 1:1.0.1e-42.el7.8 for x86_64 AND openssl-libs is earlier than 1:1.0.1e-42.el7.8 for i686 AND openssl-libs is earlier than 1:1.0.1e-42.el7.8 for x86_64 AND openssl-perl is earlier than 1:1.0.1e-42.el7.8 for x86_64 AND openssl-static is earlier than 1:1.0.1e-42.el7.8 for i686 AND openssl-static is earlier than 1:1.0.1e-42.el7.8 for x86_64

Definition Id: oval:org.mitre.oval:def:29126

Oval ID:	oval:org.mitre.oval:def:29126
Title:	ELSA-2015-1115 -- Oracle openssl
Description:	OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An invalid free flaw was found in the way OpenSSL handled certain DTLS handshake messages. A malicious DTLS client or server could cause a DTLS server or client using OpenSSL to crash or, potentially, execute arbitrary code. A flaw was found in the way the OpenSSL packages shipped with Red Hat Enterprise Linux 6 and 7 performed locking in the ssleay_rand_bytes function. This issue could possibly cause a multi-threaded application using OpenSSL to perform an out-of-bounds read and crash. An out-of-bounds read flaw was found in the X509_cmp_time function of OpenSSL. A specially crafted X.509 certificate or a Certificate Revocation List could possibly cause a TLS/SSL server or client using OpenSSL to crash. A race condition was found in the session handling code of OpenSSL. This issue could possibly cause a multi-threaded TLS/SSL client using OpenSSL to double free session ticket data and crash. A flaw was found in the way OpenSSL handled Cryptographic Message Syntax messages. A CMS message with an unknown hash function identifier could cause an application using OpenSSL to enter an infinite loop. A NULL pointer dereference was found in the way OpenSSL handled certain PKCS#7 inputs. A specially crafted PKCS#7 input with missing EncryptedContent data could cause an application using OpenSSL to crash. Red Hat would like to thank the OpenSSL project for reporting CVE-2014-8176, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791 and CVE-2015-1792 flaws. Upstream acknowledges Praveen Kariyanahalli and Ivan Fratric as the original reporters of CVE-2014-8176, Robert Swiecki and Hanno Bock as the original reporters of CVE-2015-1789, Michal Zalewski as the original reporter of CVE-2015-1790, Emilia Kasper as the original report of CVE-2015-1791 and Johannes Bauer as the original reporter of CVE-2015-1792. All openssl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
Family:	unix	Class:	patch
Reference(s):	ELSA-2015-1115 CVE-2015-1791 CVE-2015-0209 CVE-2014-8176 CVE-2015-1789 CVE-2015-1790 CVE-2015-1792 CVE-2015-3216	Version:	3
Platform(s):	Oracle Linux 7	Product(s):	openssl
Definition Synopsis:
Oracle Linux 7.x AND All dependent packages of openssl openssl is earlier than 1:1.0.1e-42.el7_1.8 for x86_64 AND openssl-devel is earlier than 1:1.0.1e-42.el7_1.8 for i686 AND openssl-devel is earlier than 1:1.0.1e-42.el7_1.8 for x86_64 AND openssl-libs is earlier than 1:1.0.1e-42.el7_1.8 for i686 AND openssl-libs is earlier than 1:1.0.1e-42.el7_1.8 for x86_64 AND openssl-perl is earlier than 1:1.0.1e-42.el7_1.8 for x86_64 AND openssl-static is earlier than 1:1.0.1e-42.el7_1.8 for i686 AND openssl-static is earlier than 1:1.0.1e-42.el7_1.8 for x86_64

Definition Id: oval:org.mitre.oval:def:29252

Oval ID:	oval:org.mitre.oval:def:29252
Title:	SUSE-SU-2015:1150-1 -- Security update for compat-openssl098 (important)
Description:	This update fixes the following security issues: - CVE-2015-4000 (boo#931698) * The Logjam Attack / weakdh.org * reject connections with DH parameters shorter than 1024 bits * generates 2048-bit DH parameters by default - CVE-2015-1788 (boo#934487) * Malformed ECParameters causes infinite loop - CVE-2015-1789 (boo#934489) * Exploitable out-of-bounds read in X509_cmp_time
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2015:1150-1 CVE-2015-4000 CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1792 CVE-2015-1791 CVE-2015-3216	Version:	3
Platform(s):	SUSE Linux Enterprise Desktop 12	Product(s):	compat-openssl098
Definition Synopsis:
SUSE Linux Enterprise Desktop 12 is installed Packages match section compat-openssl098-debugsource is earlier than 0:0.9.8j-78.1 AND libopenssl0_9_8 is earlier than 0:0.9.8j-78.1 AND libopenssl0_9_8-32bit is earlier than 0:0.9.8j-78.1 AND libopenssl0_9_8-debuginfo is earlier than 0:0.9.8j-78.1 AND libopenssl0_9_8-debuginfo-32bit is earlier than 0:0.9.8j-78.1

CPE : Common Platform Enumeration

Type	Description	Count
Application	Openssl cpe:2.3:a:openssl:openssl:1.0.1e-25.el7:::::::*	1
Os	Redhat Enterprise Linux cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*	1

Nessus® Vulnerability Scanner

Date	Description
2015-07-07	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-1182-2.nasl - Type : ACT_GATHER_INFO
2015-07-07	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-1184-2.nasl - Type : ACT_GATHER_INFO
2015-07-06	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-1184-1.nasl - Type : ACT_GATHER_INFO
2015-06-29	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-1150-1.nasl - Type : ACT_GATHER_INFO
2015-06-26	Name : The remote openSUSE host is missing a security update. File : openSUSE-2015-447.nasl - Type : ACT_GATHER_INFO
2015-06-26	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-1143-1.nasl - Type : ACT_GATHER_INFO
2015-06-18	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2015-550.nasl - Type : ACT_GATHER_INFO
2015-06-17	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20150615_openssl_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2015-06-16	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2015-1115.nasl - Type : ACT_GATHER_INFO
2015-06-16	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2015-1115.nasl - Type : ACT_GATHER_INFO
2015-06-16	Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2015-0070.nasl - Type : ACT_GATHER_INFO
2015-06-16	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-1115.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source	Url
BID	http://www.securityfocus.com/bid/75219
CONFIRM	https://bugzilla.redhat.com/show_bug.cgi?id=1225994
REDHAT	http://rhn.redhat.com/errata/RHSA-2015-1115.html http://rhn.redhat.com/errata/RHSA-2016-2957.html
SECTRACK	http://www.securitytracker.com/id/1032587
SUSE	http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html

Alert History

If you want to see full details history, please login or register.

Date	Informations
2021-05-04 12:39:23	Multiple Updates
2021-04-22 01:48:09	Multiple Updates
2020-05-23 00:45:07	Multiple Updates
2018-01-05 09:23:28	Multiple Updates
2016-12-28 09:22:07	Multiple Updates
2016-12-03 09:24:12	Multiple Updates
2016-11-29 00:25:11	Multiple Updates
2015-07-09 21:27:01	Multiple Updates
2015-07-08 13:28:39	Multiple Updates
2015-07-07 17:26:16	First insertion

Global Informations

Type	Count
CWE ID(s)	2
Oval ID(s)	7
CPE ID(s)	2
Sources(s)	10
Nessus® Exploit(s)	12

	Related
7.5	RHSA-2015:1115
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)