Executive Summary
Summary | |
---|---|
Title | java-1.7.1-ibm security update |
Informations | |||
---|---|---|---|
Name | RHSA-2014:1880 | First vendor Publication | 2014-11-20 |
Vendor | RedHat | Last vendor Modification | 2014-11-20 |
Severity (Vendor) | Critical | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated java-1.7.1-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 6 and 7 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client Supplementary (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Supplementary (v. 7) - x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 7) - x86_64 3. Description: IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2014-3065, CVE-2014-3566, CVE-2014-4288, CVE-2014-6456, CVE-2014-6457, CVE-2014-6458, CVE-2014-6476, CVE-2014-6492, CVE-2014-6493, CVE-2014-6502, CVE-2014-6503, CVE-2014-6506, CVE-2014-6511, CVE-2014-6512, CVE-2014-6515, CVE-2014-6527, CVE-2014-6531, CVE-2014-6532, CVE-2014-6558) The CVE-2014-6512 issue was discovered by Florian Weimer of Red Hat Product Security. Note: With this update, the IBM SDK now disables the SSL 3.0 protocol to address the CVE-2014-3566 issue (also known as POODLE). Refer to the IBM article linked to in the References section for additional details about this change and instructions on how to re-enable SSL 3.0 support if needed. All users of java-1.7.1-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 7R1 SR2 release. All running instances of IBM Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1071210 - CVE-2014-6512 OpenJDK: DatagramSocket connected socket missing source check (Libraries, 8039509) 1150155 - CVE-2014-6506 OpenJDK: insufficient permission checks when setting resource bundle on system logger (Libraries, 8041564) 1150651 - CVE-2014-6531 OpenJDK: insufficient ResourceBundle name check (Libraries, 8044274) 1150669 - CVE-2014-6502 OpenJDK: LogRecord use of incorrect CL when loading ResourceBundle (Libraries, 8042797) 1151046 - CVE-2014-6457 OpenJDK: Triple Handshake attack against TLS/SSL connections (JSSE, 8037066) 1151063 - CVE-2014-6558 OpenJDK: CipherInputStream incorrect exception handling (Security, 8037846) 1151517 - CVE-2014-6511 ICU: Layout Engine ContextualSubstitution missing boundary checks (JDK 2D, 8041540) 1152756 - CVE-2014-6532 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment) 1152757 - CVE-2014-6503 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment) 1152758 - CVE-2014-6456 Oracle JDK: unspecified vulnerability fixed in 7u71 and 8u25 (Deployment) 1152759 - CVE-2014-6492 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment) 1152760 - CVE-2014-6493 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment) 1152761 - CVE-2014-4288 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment) 1152763 - CVE-2014-6458 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment) 1152765 - CVE-2014-6476 Oracle JDK: unspecified vulnerability fixed in 7u71 and 8u25 (Deployment) 1152766 - CVE-2014-6515 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment) 1152767 - CVE-2014-6527 Oracle JDK: unspecified vulnerability fixed in 7u71 and 8u25 (Deployment) 1152789 - CVE-2014-3566 SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack 1162554 - CVE-2014-3065 IBM JDK: privilege escalation via shared class cache |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2014-1880.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-310 | Cryptographic Issues |
50 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:26796 | |||
Oval ID: | oval:org.mitre.oval:def:26796 | ||
Title: | ELSA-2014-1633 -- java-1.7.0-openjdk security and bug fix update | ||
Description: | [1:1.7.0.71-2.5.3.1.0.1.el5_11] - Add oracle-enterprise.patch - Fix DISTRO_NAME to 'Enterprise Linux' [1:1.7.0.71-2.5.3.1] - Bump to 2.5.3 with security updates. - Remove obsolete patches which are now included upstream. - Disable LCMS via environment variables rather than maintaining a patch. - Resolves: rhbz#1148890 | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2014-1633 CVE-2014-6457 CVE-2014-6502 CVE-2014-6504 CVE-2014-6506 CVE-2014-6511 CVE-2014-6512 CVE-2014-6517 CVE-2014-6519 CVE-2014-6531 CVE-2014-6558 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | java-1.7.0-openjdk |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27014 | |||
Oval ID: | oval:org.mitre.oval:def:27014 | ||
Title: | RHSA-2014:1653: openssl security update (Moderate) | ||
Description: | OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL), Transport Layer Security (TLS), and Datagram Transport Layer Security (DTLS) protocols, as well as a full-strength, general purpose cryptography library. This update adds support for the TLS Fallback Signaling Cipher Suite Value (TLS_FALLBACK_SCSV), which can be used to prevent protocol downgrade attacks against applications which re-connect using a lower SSL/TLS protocol version when the initial connection indicating the highest supported protocol version fails. This can prevent a forceful downgrade of the communication to SSL 3.0. The SSL 3.0 protocol was found to be vulnerable to the padding oracle attack when using block cipher suites in cipher block chaining (CBC) mode. This issue is identified as CVE-2014-3566, and also known under the alias POODLE. This SSL 3.0 protocol flaw will not be addressed in a future update; it is recommended that users configure their applications to require at least TLS protocol version 1.0 for secure communication. For additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1232123 All OpenSSL users are advised to upgrade to these updated packages, which contain a backported patch to mitigate the CVE-2014-3566 issue. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2014:1653-00 CESA-2014:1653 CVE-2014-3566 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27057 | |||
Oval ID: | oval:org.mitre.oval:def:27057 | ||
Title: | ELSA-2014-1653 -- openssl security update | ||
Description: | [0.9.8e-31] - add support for fallback SCSV to partially mitigate CVE-2014-3566 (padding attack on SSL3) [0.9.8e-30] - fix CVE-2014-0221 - recursion in DTLS code leading to DoS - fix CVE-2014-3505 - doublefree in DTLS packet processing - fix CVE-2014-3506 - avoid memory exhaustion in DTLS - fix CVE-2014-3508 - fix OID handling to avoid information leak - fix CVE-2014-3510 - fix DoS in anonymous (EC)DH handling in DTLS [0.9.8e-29] - fix for CVE-2014-0224 - SSL/TLS MITM vulnerability [0.9.8e-28] - replace expired GlobalSign Root CA certificate in ca-bundle.crt | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2014-1653 CVE-2014-3566 | Version: | 5 |
Platform(s): | Oracle Linux 5 | Product(s): | openssl openssl-devel openssl-perl |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:27104 | |||
Oval ID: | oval:org.mitre.oval:def:27104 | ||
Title: | AIX OpenSSL Patch to mitigate CVE-2014-3566 | ||
Description: | The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2014-3566 | Version: | 4 |
Platform(s): | IBM AIX 6.1 IBM AIX 7.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27144 | |||
Oval ID: | oval:org.mitre.oval:def:27144 | ||
Title: | RHSA-2014:1633: java-1.7.0-openjdk security and bug fix update (Important) | ||
Description: | The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Multiple flaws were discovered in the Libraries, 2D, and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-6506, CVE-2014-6531, CVE-2014-6502, CVE-2014-6511, CVE-2014-6504, CVE-2014-6519) It was discovered that the StAX XML parser in the JAXP component in OpenJDK performed expansion of external parameter entities even when external entity substitution was disabled. A remote attacker could use this flaw to perform XML eXternal Entity (XXE) attack against applications using the StAX parser to parse untrusted XML documents. (CVE-2014-6517) It was discovered that the DatagramSocket implementation in OpenJDK failed to perform source address checks for packets received on a connected socket. A remote attacker could use this flaw to have their packets processed as if they were received from the expected source. (CVE-2014-6512) It was discovered that the TLS/SSL implementation in the JSSE component in OpenJDK failed to properly verify the server identity during the renegotiation following session resumption, making it possible for malicious TLS/SSL servers to perform a Triple Handshake attack against clients using JSSE and client certificate authentication. (CVE-2014-6457) It was discovered that the CipherInputStream class implementation in OpenJDK did not properly handle certain exceptions. This could possibly allow an attacker to affect the integrity of an encrypted stream handled by this class. (CVE-2014-6558) The CVE-2014-6512 was discovered by Florian Weimer of Red Hat Product Security. This update also fixes the following bug: * The TLS/SSL implementation in OpenJDK previously failed to handle Diffie-Hellman (DH) keys with more than 1024 bits. This caused client applications using JSSE to fail to establish TLS/SSL connections to servers using larger DH keys during the connection handshake. This update adds support for DH keys with size up to 2048 bits. (BZ#1148309) All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2014:1633-00 CESA-2014:1633 CVE-2014-6457 CVE-2014-6502 CVE-2014-6504 CVE-2014-6506 CVE-2014-6511 CVE-2014-6512 CVE-2014-6517 CVE-2014-6519 CVE-2014-6531 CVE-2014-6558 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | java-1.7.0-openjdk |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27150 | |||
Oval ID: | oval:org.mitre.oval:def:27150 | ||
Title: | RHSA-2014:1620: java-1.7.0-openjdk security and bug fix update (Important) | ||
Description: | The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Multiple flaws were discovered in the Libraries, 2D, and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-6506, CVE-2014-6531, CVE-2014-6502, CVE-2014-6511, CVE-2014-6504, CVE-2014-6519) It was discovered that the StAX XML parser in the JAXP component in OpenJDK performed expansion of external parameter entities even when external entity substitution was disabled. A remote attacker could use this flaw to perform XML eXternal Entity (XXE) attack against applications using the StAX parser to parse untrusted XML documents. (CVE-2014-6517) It was discovered that the DatagramSocket implementation in OpenJDK failed to perform source address checks for packets received on a connected socket. A remote attacker could use this flaw to have their packets processed as if they were received from the expected source. (CVE-2014-6512) It was discovered that the TLS/SSL implementation in the JSSE component in OpenJDK failed to properly verify the server identity during the renegotiation following session resumption, making it possible for malicious TLS/SSL servers to perform a Triple Handshake attack against clients using JSSE and client certificate authentication. (CVE-2014-6457) It was discovered that the CipherInputStream class implementation in OpenJDK did not properly handle certain exceptions. This could possibly allow an attacker to affect the integrity of an encrypted stream handled by this class. (CVE-2014-6558) The CVE-2014-6512 was discovered by Florian Weimer of Red Hat Product Security. Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. This update also fixes the following bug: * The TLS/SSL implementation in OpenJDK previously failed to handle Diffie-Hellman (DH) keys with more than 1024 bits. This caused client applications using JSSE to fail to establish TLS/SSL connections to servers using larger DH keys during the connection handshake. This update adds support for DH keys with size up to 2048 bits. (BZ#1148309) All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2014:1620-00 CESA-2014:1620 CVE-2014-6457 CVE-2014-6502 CVE-2014-6504 CVE-2014-6506 CVE-2014-6511 CVE-2014-6512 CVE-2014-6517 CVE-2014-6519 CVE-2014-6531 CVE-2014-6558 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 CentOS Linux 6 CentOS Linux 7 | Product(s): | java-1.7.0-openjdk |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27157 | |||
Oval ID: | oval:org.mitre.oval:def:27157 | ||
Title: | RHSA-2014:1634: java-1.6.0-openjdk security and bug fix update (Important) | ||
Description: | The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. Multiple flaws were discovered in the Libraries, 2D, and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-6506, CVE-2014-6531, CVE-2014-6502, CVE-2014-6511, CVE-2014-6504, CVE-2014-6519) It was discovered that the StAX XML parser in the JAXP component in OpenJDK performed expansion of external parameter entities even when external entity substitution was disabled. A remote attacker could use this flaw to perform XML eXternal Entity (XXE) attack against applications using the StAX parser to parse untrusted XML documents. (CVE-2014-6517) It was discovered that the DatagramSocket implementation in OpenJDK failed to perform source address checks for packets received on a connected socket. A remote attacker could use this flaw to have their packets processed as if they were received from the expected source. (CVE-2014-6512) It was discovered that the TLS/SSL implementation in the JSSE component in OpenJDK failed to properly verify the server identity during the renegotiation following session resumption, making it possible for malicious TLS/SSL servers to perform a Triple Handshake attack against clients using JSSE and client certificate authentication. (CVE-2014-6457) It was discovered that the CipherInputStream class implementation in OpenJDK did not properly handle certain exceptions. This could possibly allow an attacker to affect the integrity of an encrypted stream handled by this class. (CVE-2014-6558) The CVE-2014-6512 was discovered by Florian Weimer of Red Hat Product Security. This update also fixes the following bug: * The TLS/SSL implementation in OpenJDK previously failed to handle Diffie-Hellman (DH) keys with more than 1024 bits. This caused client applications using JSSE to fail to establish TLS/SSL connections to servers using larger DH keys during the connection handshake. This update adds support for DH keys with size up to 2048 bits. (BZ#1148309) All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2014:1634-00 CESA-2014:1634 CVE-2014-6457 CVE-2014-6502 CVE-2014-6504 CVE-2014-6506 CVE-2014-6511 CVE-2014-6512 CVE-2014-6517 CVE-2014-6519 CVE-2014-6531 CVE-2014-6558 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 5 CentOS Linux 5 CentOS Linux 6 CentOS Linux 7 | Product(s): | java-1.6.0-openjdk |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27728 | |||
Oval ID: | oval:org.mitre.oval:def:27728 | ||
Title: | IBM SDK Java Technology Edition vulnerability | ||
Description: | Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6476. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2014-6527 | Version: | 4 |
Platform(s): | IBM AIX 6.1 IBM AIX 7.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27911 | |||
Oval ID: | oval:org.mitre.oval:def:27911 | ||
Title: | IBM SDK Java Technology Edition vulnerability | ||
Description: | Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2014-6458 | Version: | 4 |
Platform(s): | IBM AIX 6.1 IBM AIX 7.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27938 | |||
Oval ID: | oval:org.mitre.oval:def:27938 | ||
Title: | IBM SDK Java Technology Edition vulnerability | ||
Description: | Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Firefox, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2014-6492 | Version: | 4 |
Platform(s): | IBM AIX 6.1 IBM AIX 7.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:28001 | |||
Oval ID: | oval:org.mitre.oval:def:28001 | ||
Title: | IBM SDK Java Technology Edition vulnerability | ||
Description: | Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Libraries. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2014-6512 | Version: | 4 |
Platform(s): | IBM AIX 6.1 IBM AIX 7.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:28025 | |||
Oval ID: | oval:org.mitre.oval:def:28025 | ||
Title: | IBM SDK Java Technology Edition vulnerability | ||
Description: | Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6527. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2014-6476 | Version: | 4 |
Platform(s): | IBM AIX 6.1 IBM AIX 7.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:28097 | |||
Oval ID: | oval:org.mitre.oval:def:28097 | ||
Title: | SUSE-SU-2014:1549-1 -- Security update for java-1_7_1-ibm (important) | ||
Description: | java-1_7_1-ibm was updated to version 1.7.1_sr1.2 to fix 21 security issues. These security issues were fixed: - Unspecified vulnerability in Oracle Java (CVE-2014-3065). - The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue (CVE-2014-3566). - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT (CVE-2014-6513). - Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors (CVE-2014-6456). - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6532 (CVE-2014-6503). - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6503 (CVE-2014-6532). - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6493, CVE-2014-6503, and CVE-2014-6532 (CVE-2014-4288). - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6503, and CVE-2014-6532 (CVE-2014-6493). - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Firefox, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment (CVE-2014-6492). - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment (CVE-2014-6458). - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Internet Explorer, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment (CVE-2014-6466). - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries (CVE-2014-6506). - Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6527 (CVE-2014-6476). - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment (CVE-2014-6515). - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality via unknown vectors related to 2D (CVE-2014-6511). - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality via unknown vectors related to Libraries (CVE-2014-6531). - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Libraries (CVE-2014-6512). - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3, and R28.3.3 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE (CVE-2014-6457). - Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6476 (CVE-2014-6527). - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Libraries (CVE-2014-6502). - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and JRockit R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Security (CVE-2014-6558). | ||
Family: | unix | Class: | patch |
Reference(s): | SUSE-SU-2014:1549-1 CVE-2014-3065 CVE-2014-3566 CVE-2014-6513 CVE-2014-6456 CVE-2014-4288 CVE-2014-6493 CVE-2014-6532 CVE-2014-6503 CVE-2014-6492 CVE-2014-6458 CVE-2014-6466 CVE-2014-6506 CVE-2014-6527 CVE-2014-6476 CVE-2014-6515 CVE-2014-6511 CVE-2014-6531 CVE-2014-6512 CVE-2014-6457 CVE-2014-6502 CVE-2014-6558 | Version: | 3 |
Platform(s): | SUSE Linux Enterprise Server 12 | Product(s): | java-1_7_1-ibm |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:28154 | |||
Oval ID: | oval:org.mitre.oval:def:28154 | ||
Title: | IBM SDK Java Technology Edition vulnerability | ||
Description: | The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2014-3566 | Version: | 4 |
Platform(s): | IBM AIX 6.1 IBM AIX 7.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:28155 | |||
Oval ID: | oval:org.mitre.oval:def:28155 | ||
Title: | IBM SDK Java Technology Edition vulnerability | ||
Description: | Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6532. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2014-6503 | Version: | 4 |
Platform(s): | IBM AIX 6.1 IBM AIX 7.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:28214 | |||
Oval ID: | oval:org.mitre.oval:def:28214 | ||
Title: | IBM SDK Java Technology Edition vulnerability | ||
Description: | Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and JRockit R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Security. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2014-6558 | Version: | 4 |
Platform(s): | IBM AIX 6.1 IBM AIX 7.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:28228 | |||
Oval ID: | oval:org.mitre.oval:def:28228 | ||
Title: | IBM SDK Java Technology Edition vulnerability | ||
Description: | Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Libraries. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2014-6502 | Version: | 4 |
Platform(s): | IBM AIX 6.1 IBM AIX 7.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:28230 | |||
Oval ID: | oval:org.mitre.oval:def:28230 | ||
Title: | SUSE-SU-2014:1447-1 -- Security update for openwsman (moderate) | ||
Description: | This update adds a configuration option to disable SSLv2 and SSLv3 in openwsman. This is required to mitigate CVE-2014-3566. To use the new option, edit /etc/openwsman/openwsman.conf and add the following line to the [server] section: ssl_disabled_protocols = SSLv2 SSLv3 Security Issues: * CVE-2014-3566 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566> | ||
Family: | unix | Class: | patch |
Reference(s): | SUSE-SU-2014:1447-1 CVE-2014-3566 | Version: | 3 |
Platform(s): | SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11 | Product(s): | openwsman |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:28236 | |||
Oval ID: | oval:org.mitre.oval:def:28236 | ||
Title: | DSA-3077-1 -- openjdk-6 security update | ||
Description: | Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, information disclosure or denial of service. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-3077-1 CVE-2014-6457 CVE-2014-6502 CVE-2014-6504 CVE-2014-6506 CVE-2014-6511 CVE-2014-6512 CVE-2014-6517 CVE-2014-6519 CVE-2014-6531 CVE-2014-6558 | Version: | 3 |
Platform(s): | Debian GNU/Linux 7.0 Debian GNU/kFreeBSD 7.0 | Product(s): | openjdk-6 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:28273 | |||
Oval ID: | oval:org.mitre.oval:def:28273 | ||
Title: | SUSE-SU-2014:1524-1 -- Security update for openssl (moderate) | ||
Description: | openssl was updated to fix four security issues. These security issues were fixed: - SRTP Memory Leak (CVE-2014-3513). - Session Ticket Memory Leak (CVE-2014-3567). - Fixed incomplete no-ssl3 build option (CVE-2014-3568). - Add support for TLS_FALLBACK_SCSV (CVE-2014-3566). NOTE: This update alone DOESN'T FIX the POODLE SSL protocol vulnerability. OpenSSL only adds downgrade detection support for client applications. See https://www.suse.com/support/kb/doc.php?id=7015773 for mitigations. | ||
Family: | unix | Class: | patch |
Reference(s): | SUSE-SU-2014:1524-1 CVE-2014-3513 CVE-2014-3567 CVE-2014-3568 CVE-2014-3566 | Version: | 3 |
Platform(s): | SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 | Product(s): | openssl |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:28284 | |||
Oval ID: | oval:org.mitre.oval:def:28284 | ||
Title: | IBM SDK Java Technology Edition vulnerability | ||
Description: | Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality via unknown vectors related to 2D. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2014-6511 | Version: | 4 |
Platform(s): | IBM AIX 6.1 IBM AIX 7.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:28325 | |||
Oval ID: | oval:org.mitre.oval:def:28325 | ||
Title: | SUSE-SU-2014:1422-1 -- Security update for java-1_7_0-openjdk (important) | ||
Description: | OpenJDK was updated to icedtea 2.5.3 (OpenJDK 7u71) fixing security issues and bugs. * Security: - S8015256: Better class accessibility - S8022783, CVE-2014-6504: Optimize C2 optimizations - S8035162: Service printing service - S8035781: Improve equality for annotations - S8036805: Correct linker method lookup. - S8036810: Correct linker field lookup - S8036936: Use local locales - S8037066, CVE-2014-6457: Secure transport layer - S8037846, CVE-2014-6558: Ensure streaming of input cipher streams - S8038364: Use certificate exceptions correctly - S8038899: Safer safepoints - S8038903: More native monitor monitoring - S8038908: Make Signature more robust - S8038913: Bolster XML support - S8039509, CVE-2014-6512: Wrap sockets more thoroughly - S8039533, CVE-2014-6517: Higher resolution resolvers - S8041540, CVE-2014-6511: Better use of pages in font processing - S8041529: Better parameterization of parameter lists - S8041545: Better validation of generated rasters - S8041564, CVE-2014-6506: Improved management of logger resources - S8041717, CVE-2014-6519: Issue with class file parser - S8042609, CVE-2014-6513: Limit splashiness of splash images - S8042797, CVE-2014-6502: Avoid strawberries in LogRecord - S8044274, CVE-2014-6531: Proper property processing | ||
Family: | unix | Class: | patch |
Reference(s): | SUSE-SU-2014:1422-1 CVE-2014-6504 CVE-2014-6457 CVE-2014-6558 CVE-2014-6512 CVE-2014-6517 CVE-2014-6511 CVE-2014-6506 CVE-2014-6519 CVE-2014-6513 CVE-2014-6502 CVE-2014-6531 | Version: | 3 |
Platform(s): | SUSE Linux Enterprise Desktop 12 | Product(s): | java-1_7_0-openjdk |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:28342 | |||
Oval ID: | oval:org.mitre.oval:def:28342 | ||
Title: | DSA-3080-1 -- openjdk-7 security update | ||
Description: | Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, information disclosure or denial of service. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-3080-1 CVE-2014-6457 CVE-2014-6502 CVE-2014-6504 CVE-2014-6506 CVE-2014-6511 CVE-2014-6512 CVE-2014-6517 CVE-2014-6519 CVE-2014-6531 CVE-2014-6558 | Version: | 3 |
Platform(s): | Debian GNU/Linux 7.0 Debian GNU/kFreeBSD 7.0 | Product(s): | openjdk-7 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:28346 | |||
Oval ID: | oval:org.mitre.oval:def:28346 | ||
Title: | IBM SDK Java Technology Edition vulnerability | ||
Description: | Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2014-6515 | Version: | 4 |
Platform(s): | IBM AIX 6.1 IBM AIX 7.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:28350 | |||
Oval ID: | oval:org.mitre.oval:def:28350 | ||
Title: | IBM SDK Java Technology Edition vulnerability | ||
Description: | Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality via unknown vectors related to Libraries. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2014-6531 | Version: | 4 |
Platform(s): | IBM AIX 6.1 IBM AIX 7.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:28355 | |||
Oval ID: | oval:org.mitre.oval:def:28355 | ||
Title: | IBM SDK Java Technology Edition vulnerability | ||
Description: | Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2014-6506 | Version: | 4 |
Platform(s): | IBM AIX 6.1 IBM AIX 7.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:28367 | |||
Oval ID: | oval:org.mitre.oval:def:28367 | ||
Title: | IBM SDK Java Technology Edition vulnerability | ||
Description: | Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6503, and CVE-2014-6532. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2014-6493 | Version: | 4 |
Platform(s): | IBM AIX 6.1 IBM AIX 7.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:28371 | |||
Oval ID: | oval:org.mitre.oval:def:28371 | ||
Title: | IBM SDK Java Technology Edition vulnerability | ||
Description: | Unspecified vulnerability in IBM Java Runtime Environment (JRE) 7 R1 before SR2 (7.1.2.0), 7 before SR8 (7.0.8.0), 6 R1 before SR8 FP2 (6.1.8.2), 6 before SR16 FP2 (6.0.16.2), and before SR16 FP8 (5.0.16.8) allows local users to execute arbitrary code via vectors related to the shared classes cache. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2014-3065 | Version: | 4 |
Platform(s): | IBM AIX 6.1 IBM AIX 7.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:28398 | |||
Oval ID: | oval:org.mitre.oval:def:28398 | ||
Title: | Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities. | ||
Description: | The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2014-3566 | Version: | 4 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:28400 | |||
Oval ID: | oval:org.mitre.oval:def:28400 | ||
Title: | IBM SDK Java Technology Edition vulnerability | ||
Description: | Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3, and R28.3.3 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2014-6457 | Version: | 4 |
Platform(s): | IBM AIX 6.1 IBM AIX 7.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:28424 | |||
Oval ID: | oval:org.mitre.oval:def:28424 | ||
Title: | IBM SDK Java Technology Edition vulnerability | ||
Description: | Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6503. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2014-6532 | Version: | 4 |
Platform(s): | IBM AIX 6.1 IBM AIX 7.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:28431 | |||
Oval ID: | oval:org.mitre.oval:def:28431 | ||
Title: | IBM SDK Java Technology Edition vulnerability | ||
Description: | Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6493, CVE-2014-6503, and CVE-2014-6532. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2014-4288 | Version: | 4 |
Platform(s): | IBM AIX 6.1 IBM AIX 7.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:28481 | |||
Oval ID: | oval:org.mitre.oval:def:28481 | ||
Title: | SUSE-SU-2014:1512-1 -- Security update for compat-openssl098 (moderate) | ||
Description: | compat-openssl098 was updated to fix three security issues. NOTE: this update alone DOESN'T FIX the POODLE SSL protocol vulnerability. OpenSSL only adds downgrade detection support for client applications. See https://www.suse.com/support/kb/doc.php?id=7015773 for mitigations. These security issues were fixed: - Session ticket memory leak (CVE-2014-3567). - Fixed build option no-ssl3 (CVE-2014-3568). - Added support for TLS_FALLBACK_SCSV (CVE-2014-3566). | ||
Family: | unix | Class: | patch |
Reference(s): | SUSE-SU-2014:1512-1 CVE-2014-3567 CVE-2014-3568 CVE-2014-3566 | Version: | 3 |
Platform(s): | SUSE Linux Enterprise Desktop 12 | Product(s): | compat-openssl098 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:28488 | |||
Oval ID: | oval:org.mitre.oval:def:28488 | ||
Title: | SUSE-SU-2014:1519-1 -- Security update for evolution-data-server (moderate) | ||
Description: | evolution-data-server has been updated to disable support for SSLv3. This security issues has been fixed: * SSLv3 POODLE attack (CVE-2014-3566) Security Issues: * CVE-2014-3566 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566> | ||
Family: | unix | Class: | patch |
Reference(s): | SUSE-SU-2014:1519-1 CVE-2014-3566 | Version: | 3 |
Platform(s): | SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11 | Product(s): | evolution-data-server |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:28678 | |||
Oval ID: | oval:org.mitre.oval:def:28678 | ||
Title: | SUSE-SU-2014:1558-1 -- Security update for pure-ftpd (moderate) | ||
Description: | ure-ftpd was updated to fix one security issue and two non-security bugs: * SSLv2 and SSLv3 have been disabled to avoid the attack named POODLE (CVE-2014-3566, bnc#902229). * Added the disable_ascii option (bnc#828469). * Fixed wait on TLS handshake (bnc#856424). Security Issues: * CVE-2014-3566 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566> | ||
Family: | unix | Class: | patch |
Reference(s): | SUSE-SU-2014:1558-1 CVE-2014-3566 | Version: | 3 |
Platform(s): | SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11 | Product(s): | pure-ftpd |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:29152 | |||
Oval ID: | oval:org.mitre.oval:def:29152 | ||
Title: | Vulnerability in SSLv3 affects ftpd, sendmaild, imapd, and popd on AIX | ||
Description: | The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2014-3566 | Version: | 5 |
Platform(s): | IBM AIX 6.1 IBM AIX 7.1 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2014-10-16 | Name : POODLE SSLv3 Protocol CBC ciphers Information Disclosure Vulnerability File : nvt/gb_poodel_sslv3_info_disc_vuln.nasl |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2015-07-16 | IAVM : 2015-A-0154 - Multiple Vulnerabilities in Oracle Fusion Middleware Severity : Category I - VMSKEY : V0061081 |
2015-02-05 | IAVM : 2015-B-0014 - Multiple Vulnerabilities in VMware ESXi 5.5 Severity : Category I - VMSKEY : V0058513 |
2015-02-05 | IAVM : 2015-B-0013 - Multiple Vulnerabilities in VMware ESXi 5.1 Severity : Category I - VMSKEY : V0058515 |
2015-02-05 | IAVM : 2015-B-0012 - Multiple Vulnerabilities in VMware ESXi 5.0 Severity : Category I - VMSKEY : V0058517 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-12-18 | SSLv3 CBC client connection attempt RuleID : 32566 - Revision : 2 - Type : POLICY-OTHER |
2014-11-19 | SSLv3 POODLE CBC padding brute force attempt RuleID : 32205 - Revision : 5 - Type : SERVER-OTHER |
2014-11-19 | SSLv3 POODLE CBC padding brute force attempt RuleID : 32204 - Revision : 5 - Type : SERVER-OTHER |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2017-12-07 | Name : The remote host is potentially affected by an SSL/TLS vulnerability. File : check_point_gaia_sk103683.nasl - Type : ACT_GATHER_INFO |
2017-07-20 | Name : The remote database server is affected by multiple vulnerabilities. File : oracle_rdbms_cpu_jul_2017.nasl - Type : ACT_GATHER_INFO |
2017-04-12 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2017-459.nasl - Type : ACT_GATHER_INFO |
2017-01-10 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_03532a19d68e11e6917114dae9d210b8.nasl - Type : ACT_GATHER_INFO |
2016-11-23 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-1339.nasl - Type : ACT_GATHER_INFO |
2016-09-28 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-2396-1.nasl - Type : ACT_GATHER_INFO |
2016-09-19 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-2329-1.nasl - Type : ACT_GATHER_INFO |
2016-09-13 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-2285-1.nasl - Type : ACT_GATHER_INFO |
2016-06-27 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201606-11.nasl - Type : ACT_GATHER_INFO |
2016-06-17 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-1457-1.nasl - Type : ACT_GATHER_INFO |
2016-05-13 | Name : A web application running on the remote host is affected by multiple vulnerab... File : solarwinds_srm_profiler_6_2_3.nasl - Type : ACT_GATHER_INFO |
2016-04-14 | Name : The application installed on the remote host is affected by an information di... File : ibm_domino_swg21693142.nasl - Type : ACT_GATHER_INFO |
2016-03-04 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-294.nasl - Type : ACT_GATHER_INFO |
2016-02-25 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3489.nasl - Type : ACT_GATHER_INFO |
2016-01-25 | Name : The remote Debian host is missing a security update. File : debian_DLA-400.nasl - Type : ACT_GATHER_INFO |
2015-12-11 | Name : The remote multi-function device is affected by multiple vulnerabilities. File : xerox_xrx15ad_colorqube.nasl - Type : ACT_GATHER_INFO |
2015-12-11 | Name : The remote multi-function device is affected by multiple vulnerabilities. File : xerox_xrx15aj.nasl - Type : ACT_GATHER_INFO |
2015-12-11 | Name : The remote multi-function device is affected by multiple vulnerabilities. File : xerox_xrx15am.nasl - Type : ACT_GATHER_INFO |
2015-11-20 | Name : The remote host is running a remote management application that is affected b... File : solarwinds_dameware_mini_remote_control_v12_0_hotfix_2.nasl - Type : ACT_GATHER_INFO |
2015-10-16 | Name : The remote Fedora host is missing a security update. File : fedora_2015-9090.nasl - Type : ACT_GATHER_INFO |
2015-10-16 | Name : The remote Fedora host is missing a security update. File : fedora_2015-9110.nasl - Type : ACT_GATHER_INFO |
2015-10-02 | Name : The remote Mac OS X host has an application installed that is affected by mul... File : macosx_xcode_7_0.nasl - Type : ACT_GATHER_INFO |
2015-08-03 | Name : The remote web server is affected by multiple vulnerabilities. File : hpsmh_7_4_1.nasl - Type : ACT_GATHER_INFO |
2015-07-27 | Name : The remote Debian host is missing a security update. File : debian_DLA-282.nasl - Type : ACT_GATHER_INFO |
2015-07-14 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201507-14.nasl - Type : ACT_GATHER_INFO |
2015-06-19 | Name : The remote AIX host is missing a security patch. File : aix_IV69768.nasl - Type : ACT_GATHER_INFO |
2015-06-19 | Name : The remote AIX host is missing a security patch. File : aix_IV73316.nasl - Type : ACT_GATHER_INFO |
2015-06-19 | Name : The remote AIX host is missing a security patch. File : aix_IV73319.nasl - Type : ACT_GATHER_INFO |
2015-06-19 | Name : The remote AIX host is missing a security patch. File : aix_IV73324.nasl - Type : ACT_GATHER_INFO |
2015-06-19 | Name : The remote AIX host is missing a security patch. File : aix_IV73416.nasl - Type : ACT_GATHER_INFO |
2015-06-19 | Name : The remote AIX host is missing a security patch. File : aix_IV73417.nasl - Type : ACT_GATHER_INFO |
2015-06-19 | Name : The remote AIX host is missing a security patch. File : aix_IV73418.nasl - Type : ACT_GATHER_INFO |
2015-06-19 | Name : The remote AIX host is missing a security patch. File : aix_IV73419.nasl - Type : ACT_GATHER_INFO |
2015-06-19 | Name : The remote AIX host is missing a security patch. File : aix_IV73973.nasl - Type : ACT_GATHER_INFO |
2015-06-19 | Name : The remote AIX host is missing a security patch. File : aix_IV73974.nasl - Type : ACT_GATHER_INFO |
2015-06-19 | Name : The remote AIX host is missing a security patch. File : aix_IV73975.nasl - Type : ACT_GATHER_INFO |
2015-06-19 | Name : The remote AIX host is missing a security patch. File : aix_IV73976.nasl - Type : ACT_GATHER_INFO |
2015-06-12 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2015-0068.nasl - Type : ACT_GATHER_INFO |
2015-05-26 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_384fc0b2014411e58fda002590263bf5.nasl - Type : ACT_GATHER_INFO |
2015-05-20 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2014-1387-1.nasl - Type : ACT_GATHER_INFO |
2015-05-20 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2014-1422-1.nasl - Type : ACT_GATHER_INFO |
2015-05-20 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2014-1512-1.nasl - Type : ACT_GATHER_INFO |
2015-05-20 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2014-1524-1.nasl - Type : ACT_GATHER_INFO |
2015-05-20 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-0503-1.nasl - Type : ACT_GATHER_INFO |
2015-05-11 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3253.nasl - Type : ACT_GATHER_INFO |
2015-05-01 | Name : The remote host has a virtualization management application installed that is... File : vmware_vcenter_vmsa-2015-0003.nasl - Type : ACT_GATHER_INFO |
2015-04-28 | Name : The remote host is missing a security update for OS X Server. File : macosx_server_4_1.nasl - Type : ACT_GATHER_INFO |
2015-04-20 | Name : The remote web server is affected by multiple vulnerabilities. File : glassfish_cpu_apr_2015.nasl - Type : ACT_GATHER_INFO |
2015-04-20 | Name : The remote Windows host has an application installed that is affected by mult... File : vmware_vcenter_chargeback_manager_vmsa_2015_0003.nasl - Type : ACT_GATHER_INFO |
2015-04-13 | Name : The remote Windows host has an application installed that is affected by mult... File : vmware_horizon_view_VMSA-2015-0003.nasl - Type : ACT_GATHER_INFO |
2015-04-13 | Name : The remote host has a device management application installed that is affecte... File : vmware_workspace_portal_vmsa2015-0003.nasl - Type : ACT_GATHER_INFO |
2015-04-10 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2015-198.nasl - Type : ACT_GATHER_INFO |
2015-04-10 | Name : The remote Linux host has a virtualization application installed that is miss... File : vcenter_operations_manager_vmsa_2015-0003-linux.nasl - Type : ACT_GATHER_INFO |
2015-04-10 | Name : The remote host has a virtualization application installed that is missing a ... File : vcenter_operations_manager_vmsa_2015-0003-vapp.nasl - Type : ACT_GATHER_INFO |
2015-04-10 | Name : The remote Windows host has a virtualization application installed that is mi... File : vcenter_operations_manager_vmsa_2015-0003-win.nasl - Type : ACT_GATHER_INFO |
2015-03-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2015-062.nasl - Type : ACT_GATHER_INFO |
2015-03-26 | Name : The remote Debian host is missing a security update. File : debian_DLA-157.nasl - Type : ACT_GATHER_INFO |
2015-03-26 | Name : The remote Debian host is missing a security update. File : debian_DLA-81.nasl - Type : ACT_GATHER_INFO |
2015-03-26 | Name : The remote Debian host is missing a security update. File : debian_DLA-96.nasl - Type : ACT_GATHER_INFO |
2015-03-20 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-0698.nasl - Type : ACT_GATHER_INFO |
2015-03-17 | Name : The remote application server is affected by multiple vulnerabilities. File : websphere_7_0_0_37.nasl - Type : ACT_GATHER_INFO |
2015-03-12 | Name : The remote host has software installed that is affected by multiple vulnerabi... File : ibm_rational_clearquest_8_0_1_6.nasl - Type : ACT_GATHER_INFO |
2015-03-05 | Name : The remote Apache Tomcat server is affected by multiple vulnerabilities. File : tomcat_6_0_43.nasl - Type : ACT_GATHER_INFO |
2015-03-05 | Name : The remote Apache Tomcat server is affected by multiple vulnerabilities. File : tomcat_7_0_57.nasl - Type : ACT_GATHER_INFO |
2015-03-05 | Name : The remote Apache Tomcat server is affected by multiple vulnerabilities. File : tomcat_8_0_15.nasl - Type : ACT_GATHER_INFO |
2015-02-25 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-0264.nasl - Type : ACT_GATHER_INFO |
2015-02-24 | Name : The remote AIX host has a version of Java SDK installed that is affected by m... File : aix_java_feb2015_advisory.nasl - Type : ACT_GATHER_INFO |
2015-02-20 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_7_0-openjdk-150206.nasl - Type : ACT_GATHER_INFO |
2015-02-18 | Name : The remote application server is affected by multiple vulnerabilities. File : websphere_8_0_0_10.nasl - Type : ACT_GATHER_INFO |
2015-02-16 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201502-12.nasl - Type : ACT_GATHER_INFO |
2015-02-13 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2015-480.nasl - Type : ACT_GATHER_INFO |
2015-02-09 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2015-033.nasl - Type : ACT_GATHER_INFO |
2015-02-03 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2015-91.nasl - Type : ACT_GATHER_INFO |
2015-02-03 | Name : The remote host has a virtualization management application installed that is... File : vmware_vcenter_vmsa-2015-0001.nasl - Type : ACT_GATHER_INFO |
2015-02-02 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3147.nasl - Type : ACT_GATHER_INFO |
2015-01-30 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3144.nasl - Type : ACT_GATHER_INFO |
2015-01-29 | Name : The remote host is missing a Mac OS X update that fixes multiple vulnerabilit... File : macosx_10_10_2.nasl - Type : ACT_GATHER_INFO |
2015-01-29 | Name : The remote host is missing a Mac OS X update that fixes multiple security iss... File : macosx_SecUpd2015-001.nasl - Type : ACT_GATHER_INFO |
2015-01-29 | Name : The remote VMware ESXi host is missing one or more security-related patches. File : vmware_VMSA-2015-0001.nasl - Type : ACT_GATHER_INFO |
2015-01-29 | Name : The remote VMware ESXi 5.5 host is affected by multiple vulnerabilities. File : vmware_esxi_5_5_build_2352327_remote.nasl - Type : ACT_GATHER_INFO |
2015-01-28 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2486-1.nasl - Type : ACT_GATHER_INFO |
2015-01-28 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2487-1.nasl - Type : ACT_GATHER_INFO |
2015-01-27 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2015-0085.nasl - Type : ACT_GATHER_INFO |
2015-01-27 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2015-0085.nasl - Type : ACT_GATHER_INFO |
2015-01-27 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-0085.nasl - Type : ACT_GATHER_INFO |
2015-01-27 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-0086.nasl - Type : ACT_GATHER_INFO |
2015-01-27 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20150126_java_1_6_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2015-01-23 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2015-471.nasl - Type : ACT_GATHER_INFO |
2015-01-23 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2015-472.nasl - Type : ACT_GATHER_INFO |
2015-01-23 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-0079.nasl - Type : ACT_GATHER_INFO |
2015-01-23 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-0080.nasl - Type : ACT_GATHER_INFO |
2015-01-22 | Name : The remote caching server is affected by multiple vulnerabilities. File : apache_traffic_server_511.nasl - Type : ACT_GATHER_INFO |
2015-01-22 | Name : The remote Windows host contains a programming platform that is affected by m... File : oracle_java_cpu_jan_2015.nasl - Type : ACT_GATHER_INFO |
2015-01-22 | Name : The remote Unix host contains a programming platform that is affected by mult... File : oracle_java_cpu_jan_2015_unix.nasl - Type : ACT_GATHER_INFO |
2015-01-22 | Name : The remote host has a version of Oracle Secure Global Desktop that is affecte... File : oracle_secure_global_desktop_jan_2015_cpu.nasl - Type : ACT_GATHER_INFO |
2015-01-22 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2015-0067.nasl - Type : ACT_GATHER_INFO |
2015-01-22 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2015-0068.nasl - Type : ACT_GATHER_INFO |
2015-01-22 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2015-0069.nasl - Type : ACT_GATHER_INFO |
2015-01-22 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20150121_java_1_7_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2015-01-22 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20150121_java_1_7_0_openjdk_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2015-01-22 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20150121_java_1_8_0_openjdk_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2015-01-21 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2015-0067.nasl - Type : ACT_GATHER_INFO |
2015-01-21 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2015-0068.nasl - Type : ACT_GATHER_INFO |
2015-01-21 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2015-0069.nasl - Type : ACT_GATHER_INFO |
2015-01-21 | Name : A clustered file system on the remote host is affected by multiple vulnerabil... File : ibm_gpfs_isg3T1021546_windows.nasl - Type : ACT_GATHER_INFO |
2015-01-21 | Name : The remote Windows host contains a programming platform that is affected by m... File : oracle_jrockit_cpu_jan_2015.nasl - Type : ACT_GATHER_INFO |
2015-01-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-0067.nasl - Type : ACT_GATHER_INFO |
2015-01-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-0068.nasl - Type : ACT_GATHER_INFO |
2015-01-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-0069.nasl - Type : ACT_GATHER_INFO |
2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_openssl_20141104.nasl - Type : ACT_GATHER_INFO |
2015-01-07 | Name : The remote application server is affected by multiple vulnerabilities. File : websphere_8_5_5_4.nasl - Type : ACT_GATHER_INFO |
2015-01-06 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2014-14237.nasl - Type : ACT_GATHER_INFO |
2015-01-06 | Name : The remote SuSE 11 host is missing a security update. File : suse_11_suseRegister-141121.nasl - Type : ACT_GATHER_INFO |
2015-01-02 | Name : The remote Fedora host is missing a security update. File : fedora_2014-17576.nasl - Type : ACT_GATHER_INFO |
2015-01-02 | Name : The remote Fedora host is missing a security update. File : fedora_2014-17587.nasl - Type : ACT_GATHER_INFO |
2014-12-16 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2014-252.nasl - Type : ACT_GATHER_INFO |
2014-12-15 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2014-15379.nasl - Type : ACT_GATHER_INFO |
2014-12-15 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2014-15390.nasl - Type : ACT_GATHER_INFO |
2014-12-15 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2014-15411.nasl - Type : ACT_GATHER_INFO |
2014-12-05 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_compat-openssl097g-141202.nasl - Type : ACT_GATHER_INFO |
2014-12-05 | Name : The remote SuSE 11 host is missing a security update. File : suse_11_pure-ftpd-141120.nasl - Type : ACT_GATHER_INFO |
2014-12-04 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-1948.nasl - Type : ACT_GATHER_INFO |
2014-12-04 | Name : A web application installed on the remote host is affected by an information ... File : hp_sitescope_hpsbmu03184.nasl - Type : ACT_GATHER_INFO |
2014-12-04 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20141202_nss__nss_util__and_nss_softokn_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2014-12-04 | Name : The remote web server contains an application that is affected by multiple vu... File : splunk_5011.nasl - Type : ACT_GATHER_INFO |
2014-12-04 | Name : The remote web server contains an application that is affected by multiple vu... File : splunk_607.nasl - Type : ACT_GATHER_INFO |
2014-12-03 | Name : The remote device is missing a vendor-supplied security update. File : cisco-sa-20141015-poodle-wlc.nasl - Type : ACT_GATHER_INFO |
2014-12-03 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-1948.nasl - Type : ACT_GATHER_INFO |
2014-12-03 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1948.nasl - Type : ACT_GATHER_INFO |
2014-12-01 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3080.nasl - Type : ACT_GATHER_INFO |
2014-12-01 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-ibm-141119.nasl - Type : ACT_GATHER_INFO |
2014-12-01 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_7_0-ibm-141121.nasl - Type : ACT_GATHER_INFO |
2014-11-28 | Name : The remote AIX host has a version of Java SDK installed that is affected by m... File : aix_java_oct2014_advisory.nasl - Type : ACT_GATHER_INFO |
2014-11-28 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_evolution-data-server-141114.nasl - Type : ACT_GATHER_INFO |
2014-11-27 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3077.nasl - Type : ACT_GATHER_INFO |
2014-11-26 | Name : The remote printer service is potentially affected by an information disclosu... File : cups_2_0_1.nasl - Type : ACT_GATHER_INFO |
2014-11-26 | Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2014-0032.nasl - Type : ACT_GATHER_INFO |
2014-11-26 | Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2014-0037.nasl - Type : ACT_GATHER_INFO |
2014-11-26 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2014-0038.nasl - Type : ACT_GATHER_INFO |
2014-11-26 | Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2014-0039.nasl - Type : ACT_GATHER_INFO |
2014-11-26 | Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2014-0040.nasl - Type : ACT_GATHER_INFO |
2014-11-26 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2014-0041.nasl - Type : ACT_GATHER_INFO |
2014-11-24 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201411-10.nasl - Type : ACT_GATHER_INFO |
2014-11-24 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2014-218.nasl - Type : ACT_GATHER_INFO |
2014-11-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1880.nasl - Type : ACT_GATHER_INFO |
2014-11-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1881.nasl - Type : ACT_GATHER_INFO |
2014-11-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1882.nasl - Type : ACT_GATHER_INFO |
2014-11-20 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1876.nasl - Type : ACT_GATHER_INFO |
2014-11-20 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1877.nasl - Type : ACT_GATHER_INFO |
2014-11-19 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libwsman-devel-141021.nasl - Type : ACT_GATHER_INFO |
2014-11-17 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-671.nasl - Type : ACT_GATHER_INFO |
2014-11-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-647.nasl - Type : ACT_GATHER_INFO |
2014-11-12 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-1636.nasl - Type : ACT_GATHER_INFO |
2014-11-12 | Name : The remote device is affected by a man-in-the-middle (MitM) information discl... File : cisco-sa-20141015-poodle-cucm.nasl - Type : ACT_GATHER_INFO |
2014-11-12 | Name : The remote Fedora host is missing a security update. File : fedora_2014-13777.nasl - Type : ACT_GATHER_INFO |
2014-11-12 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_7_0-openjdk-141024.nasl - Type : ACT_GATHER_INFO |
2014-11-11 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2014-13647.nasl - Type : ACT_GATHER_INFO |
2014-11-11 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2014-14217.nasl - Type : ACT_GATHER_INFO |
2014-11-11 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2014-14234.nasl - Type : ACT_GATHER_INFO |
2014-11-11 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-640.nasl - Type : ACT_GATHER_INFO |
2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1657.nasl - Type : ACT_GATHER_INFO |
2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1658.nasl - Type : ACT_GATHER_INFO |
2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1692.nasl - Type : ACT_GATHER_INFO |
2014-11-07 | Name : The remote Fedora host is missing a security update. File : fedora_2014-13764.nasl - Type : ACT_GATHER_INFO |
2014-11-07 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2014-13781.nasl - Type : ACT_GATHER_INFO |
2014-11-07 | Name : The remote Fedora host is missing a security update. File : fedora_2014-13794.nasl - Type : ACT_GATHER_INFO |
2014-11-06 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libopenssl-devel-141024.nasl - Type : ACT_GATHER_INFO |
2014-11-05 | Name : The remote device is affected by multiple vulnerabilities. File : appletv_7_0_1.nasl - Type : ACT_GATHER_INFO |
2014-11-04 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20141015_java_1_8_0_openjdk_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2014-11-03 | Name : The remote Fedora host is missing a security update. File : fedora_2014-12951.nasl - Type : ACT_GATHER_INFO |
2014-11-03 | Name : The remote Fedora host is missing a security update. File : fedora_2014-13399.nasl - Type : ACT_GATHER_INFO |
2014-11-03 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_0dad911460cc11e49e840022156e8794.nasl - Type : ACT_GATHER_INFO |
2014-10-31 | Name : The remote AIX host has a version of OpenSSL installed that is affected by mu... File : aix_openssl_advisory11.nasl - Type : ACT_GATHER_INFO |
2014-10-30 | Name : The remote device is affected by a man-in-the-middle (MitM) information discl... File : cisco-sa-20141015-poodle-asa.nasl - Type : ACT_GATHER_INFO |
2014-10-30 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-605.nasl - Type : ACT_GATHER_INFO |
2014-10-27 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2014-209.nasl - Type : ACT_GATHER_INFO |
2014-10-24 | Name : The remote host is affected by an information disclosure vulnerability. File : cisco_anyconnect_3_1_5187.nasl - Type : ACT_GATHER_INFO |
2014-10-24 | Name : The remote host is affected by an information disclosure vulnerability. File : macosx_cisco_anyconnect_3_1_5187.nasl - Type : ACT_GATHER_INFO |
2014-10-24 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2014-203.nasl - Type : ACT_GATHER_INFO |
2014-10-24 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2388-2.nasl - Type : ACT_GATHER_INFO |
2014-10-23 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-1636.nasl - Type : ACT_GATHER_INFO |
2014-10-23 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20141015_java_1_6_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2014-10-23 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20141015_java_1_7_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2014-10-23 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20141015_java_1_7_0_openjdk_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2014-10-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2388-1.nasl - Type : ACT_GATHER_INFO |
2014-10-22 | Name : A telephony application running on the remote host is affected by an informat... File : asterisk_ast_2014_011.nasl - Type : ACT_GATHER_INFO |
2014-10-22 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_76c7a0f5592811e4adc7001999f8d30b.nasl - Type : ACT_GATHER_INFO |
2014-10-21 | Name : The remote host is missing a security update for OS X Server. File : macosx_server_2_2_5.nasl - Type : ACT_GATHER_INFO |
2014-10-21 | Name : The remote host is missing a security update for OS X Server. File : macosx_server_3_2_2.nasl - Type : ACT_GATHER_INFO |
2014-10-21 | Name : The remote host is missing a security update for OS X Server. File : macosx_server_4_0.nasl - Type : ACT_GATHER_INFO |
2014-10-20 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2014-429.nasl - Type : ACT_GATHER_INFO |
2014-10-20 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2014-430.nasl - Type : ACT_GATHER_INFO |
2014-10-20 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2014-431.nasl - Type : ACT_GATHER_INFO |
2014-10-20 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2014-432.nasl - Type : ACT_GATHER_INFO |
2014-10-20 | Name : The remote Fedora host is missing a security update. File : fedora_2014-13069.nasl - Type : ACT_GATHER_INFO |
2014-10-20 | Name : The remote Fedora host is missing a security update. File : fedora_2014-13012.nasl - Type : ACT_GATHER_INFO |
2014-10-20 | Name : The remote Windows host contains a program that is affected by multiple vulne... File : stunnel_5_06.nasl - Type : ACT_GATHER_INFO |
2014-10-17 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-1652.nasl - Type : ACT_GATHER_INFO |
2014-10-17 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-1653.nasl - Type : ACT_GATHER_INFO |
2014-10-17 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3053.nasl - Type : ACT_GATHER_INFO |
2014-10-17 | Name : The remote host is missing a Mac OS X update that fixes multiple vulnerabilit... File : macosx_10_10.nasl - Type : ACT_GATHER_INFO |
2014-10-17 | Name : The remote host is missing a Mac OS X update that fixes multiple security iss... File : macosx_SecUpd2014-005.nasl - Type : ACT_GATHER_INFO |
2014-10-17 | Name : The remote service is affected by multiple vulnerabilities. File : openssl_0_9_8zc.nasl - Type : ACT_GATHER_INFO |
2014-10-17 | Name : The remote service is affected by multiple vulnerabilities. File : openssl_1_0_0o.nasl - Type : ACT_GATHER_INFO |
2014-10-17 | Name : The remote service is affected by multiple vulnerabilities. File : openssl_1_0_1j.nasl - Type : ACT_GATHER_INFO |
2014-10-17 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-1652.nasl - Type : ACT_GATHER_INFO |
2014-10-17 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-1653.nasl - Type : ACT_GATHER_INFO |
2014-10-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1652.nasl - Type : ACT_GATHER_INFO |
2014-10-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1653.nasl - Type : ACT_GATHER_INFO |
2014-10-17 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20141016_openssl_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2014-10-17 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20141016_openssl_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2014-10-17 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2386-1.nasl - Type : ACT_GATHER_INFO |
2014-10-16 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2014-288-01.nasl - Type : ACT_GATHER_INFO |
2014-10-16 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2014-426.nasl - Type : ACT_GATHER_INFO |
2014-10-16 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-1620.nasl - Type : ACT_GATHER_INFO |
2014-10-16 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-1633.nasl - Type : ACT_GATHER_INFO |
2014-10-16 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-1634.nasl - Type : ACT_GATHER_INFO |
2014-10-16 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_03175e62549411e49cc1bc5ff4fb5e7b.nasl - Type : ACT_GATHER_INFO |
2014-10-16 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-1620.nasl - Type : ACT_GATHER_INFO |
2014-10-16 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-1633.nasl - Type : ACT_GATHER_INFO |
2014-10-15 | Name : The remote Windows host contains a programming platform that is affected by m... File : oracle_java_cpu_oct_2014.nasl - Type : ACT_GATHER_INFO |
2014-10-15 | Name : The remote Unix host contains a programming platform that is affected by mult... File : oracle_java_cpu_oct_2014_unix.nasl - Type : ACT_GATHER_INFO |
2014-10-15 | Name : The remote Windows host contains a programming platform that is affected by m... File : oracle_jrockit_cpu_oct_2014.nasl - Type : ACT_GATHER_INFO |
2014-10-15 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-1634.nasl - Type : ACT_GATHER_INFO |
2014-10-15 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1620.nasl - Type : ACT_GATHER_INFO |
2014-10-15 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1633.nasl - Type : ACT_GATHER_INFO |
2014-10-15 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1634.nasl - Type : ACT_GATHER_INFO |
2014-10-15 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1636.nasl - Type : ACT_GATHER_INFO |
2014-10-15 | Name : The remote host is affected by a remote information disclosure vulnerability. File : smb_kb3009008.nasl - Type : ACT_GATHER_INFO |
2014-10-15 | Name : It is possible to obtain sensitive information from the remote host with SSL/... File : ssl_poodle.nasl - Type : ACT_GATHER_INFO |
2014-09-23 | Name : The remote host has software installed that is affected by multiple vulnerabi... File : ibm_domino_9_0_1_fp2.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2016-02-19 21:28:53 |
|
2016-02-17 21:30:33 |
|
2016-02-12 09:29:01 |
|
2014-12-02 09:30:03 |
|
2014-11-22 13:24:08 |
|
2014-11-20 21:22:09 |
|