Executive Summary

Summary
Title Mozilla Network Security Services (NSS) fails to properly verify RSA signatures
Informations
Name VU#772676 First vendor Publication 2014-09-24
Vendor VU-CERT Last vendor Modification 2014-09-24
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#772676

Mozilla Network Security Services (NSS) fails to properly verify RSA signatures

Original Release date: 24 Sep 2014 | Last revised: 24 Sep 2014

Overview

The Mozilla Network Security Services (NSS) library fails to properly verify RSA signatures due to incorrect ASN.1 parsing of DigestInfo. This vulnerability may allow an attacker to forge a RSA signature, such as a SSL certificate.

Description

CWE-295: Improper Certificate Validation

RSA signatures are used to authenticate the source of a message. To prevent RSA signatures from being forged, messages are padded with data to ensure message hashes are adequately sized. The Public-Key Cryptography Standard #1 version 1.5 (PKCS#1 v1.5), which is defined in RFC 2313, specifies "the mathematical properties and format of RSA public and private keys (ASN.1-encoded in clear-text), and the basic algorithms and encoding/padding schemes for performing RSA encryption, decryption, and producing and verifying signatures" (Wikipedia). The Mozilla Network Security Services (NSS) library incorrectly parses PKCS#1 v1.5 padded signatures due to the use of a vulnerable implementation of ASN.1 encoding of DigestInfo. Vulnerable implementations parse the DigestInfo field using the BER encoding, which allows multiple ways of encoding the same ASN.1 object. The parser implementation allows for bytes to skip validation, allowing an attacker to forge a signature when a RSA key with a low public exponent (e.g., three) is used.

This vulnerability is a variant of the Bleichenbacher vulnerability, where unvalidated bytes are allowed in the least significant bytes of the signature.

Mozilla NSS is used by other software products including a number of Linux distributions and packages, Google Chrome, and Google Chrome OS. It is also possible that other cryptographic libraries may have similar vulnerabilities.

Impact

This vulnerability may allow an attacker to forge a RSA signature, such as a SSL certificate.

Solution

Apply an Update

Mozilla has released patch for this vulnerability (MSFA 2014-73). Mozilla NSS is used by other software products including a number of Linux distributions and packages, Google Chrome, and Google Chrome OS.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
GoogleAffected-24 Sep 2014
MozillaAffected22 Sep 201424 Sep 2014
Apache HTTP Server ProjectUnknown24 Sep 201424 Sep 2014
Cisco Systems, Inc.Unknown23 Sep 201423 Sep 2014
Oracle CorporationUnknown23 Sep 201423 Sep 2014
VMwareUnknown23 Sep 201423 Sep 2014
Yahoo, Inc.Unknown23 Sep 201423 Sep 2014
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

GroupScoreVector
Base8.8AV:N/AC:M/Au:N/C:C/I:C/A:N
Temporal6.9E:POC/RL:OF/RC:C
Environmental8.7CDP:H/TD:H/CR:H/IR:H/AR:ND

References

  • https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS
  • https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_Releases
  • https://www.mozilla.org/security/announce/2014/mfsa2014-73.html
  • https://www.ietf.org/rfc/rfc2313.txt
  • http://en.wikipedia.org/wiki/PKCS#1
  • http://www.imc.org/ietf-openpgp/mail-archive/msg06063.html
  • https://bugzilla.mozilla.org/show_bug.cgi?id=1069405
  • https://bugzilla.mozilla.org/show_bug.cgi?id=1064636

Credit

Thanks to Advanced Threat Research - Intel Security for reporting this vulnerability. Antoine Delignat-Lavaud, a researcher for team Prosecco of Inria Paris, also reported this to Mozilla.

This document was written by Joel Land and Chris King.

Other Information

  • CVE IDs:CVE-2014-1568
  • Date Public:24 Sep 2014
  • Date First Published:24 Sep 2014
  • Date Last Updated:24 Sep 2014
  • Document Revision:52

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Original Source

Url : http://www.kb.cert.org/vuls/id/772676

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-310 Cryptographic Issues

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:26436
 
Oval ID: oval:org.mitre.oval:def:26436
Title: SUSE-SU-2014:1220-3 -- Security update for mozilla-nss
Description: Mozilla NSS was updated to version 3.16.5 to fix a RSA certificate forgery issue. MFSA 2014-73 / CVE-2014-1568: Antoine Delignat-Lavaud, security researcher at Inria Paris in team Prosecco, reported an issue in Network Security Services (NSS) libraries affecting all versions. He discovered that NSS is vulnerable to a variant of a signature forgery attack previously published by Daniel Bleichenbacher. This is due to lenient parsing of ASN.1 values involved in a signature and could lead to the forging of RSA certificates. The Advanced Threat Research team at Intel Security also independently discovered and reported this issue. Security Issues: * CVE-2014-1568 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1568>
Family: unix Class: patch
Reference(s): SUSE-SU-2014:1220-3
CVE-2014-1568
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Server 10
Product(s): mozilla-nss
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26453
 
Oval ID: oval:org.mitre.oval:def:26453
Title: USN-2361-1 -- nss vulnerability
Description: Fraudulent security certificates could allow sensitive information to be exposed when accessing the Internet.
Family: unix Class: patch
Reference(s): USN-2361-1
CVE-2014-1568
Version: 3
Platform(s): Ubuntu 14.04
Ubuntu 12.04
Ubuntu 10.04
Product(s): nss
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26574
 
Oval ID: oval:org.mitre.oval:def:26574
Title: DSA-3033-1 nss - security update
Description: Antoine Delignat-Lavaud from Inria discovered an issue in the way NSS (the Mozilla Network Security Service library) was parsing ASN.1 data used in signatures, making it vulnerable to a signature forgery attack.
Family: unix Class: patch
Reference(s): DSA-3033-1
CVE-2014-1568
Version: 3
Platform(s): Debian GNU/Linux 7.0
Debian GNU/kFreeBSD 7.0
Product(s): nss
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26586
 
Oval ID: oval:org.mitre.oval:def:26586
Title: USN-2360-2 -- thunderbird vulnerabilities
Description: Fraudulent security certificates could allow sensitive information to be exposed when accessing the Internet.
Family: unix Class: patch
Reference(s): USN-2360-2
CVE-2014-1568
Version: 3
Platform(s): Ubuntu 14.04
Ubuntu 12.04
Product(s): thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26709
 
Oval ID: oval:org.mitre.oval:def:26709
Title: SUSE-SU-2014:1220-4 -- Security update for mozilla-nss
Description: Mozilla NSS was updated to version 3.16.5 to fix a RSA certificate forgery issue. MFSA 2014-73 / CVE-2014-1568: Antoine Delignat-Lavaud, security researcher at Inria Paris in team Prosecco, reported an issue in Network Security Services (NSS) libraries affecting all versions. He discovered that NSS is vulnerable to a variant of a signature forgery attack previously published by Daniel Bleichenbacher. This is due to lenient parsing of ASN.1 values involved in a signature and could lead to the forging of RSA certificates. The Advanced Threat Research team at Intel Security also independently discovered and reported this issue. Security Issues: * CVE-2014-1568 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1568>
Family: unix Class: patch
Reference(s): SUSE-SU-2014:1220-4
CVE-2014-1568
Version: 3
Platform(s): SUSE Linux Enterprise Server 10
Product(s): mozilla-nss
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26725
 
Oval ID: oval:org.mitre.oval:def:26725
Title: RHSA-2014:1307: nss security update (Important)
Description: Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. A flaw was found in the way NSS parsed ASN.1 (Abstract Syntax Notation One) input from certain RSA signatures. A remote attacker could use this flaw to forge RSA certificates by providing a specially crafted signature to an application using NSS. (CVE-2014-1568) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Antoine Delignat-Lavaud and Intel Product Security Incident Response Team as the original reporters. All NSS users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, applications using NSS must be restarted for this update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2014:1307-00
CESA-2014:1307
CVE-2014-1568
Version: 5
Platform(s): Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 5
CentOS Linux 7
CentOS Linux 6
CentOS Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26832
 
Oval ID: oval:org.mitre.oval:def:26832
Title: USN-2360-1 -- firefox vulnerabilities
Description: Fraudulent security certificates could allow sensitive information to be exposed when accessing the Internet.
Family: unix Class: patch
Reference(s): USN-2360-1
CVE-2014-1568
Version: 3
Platform(s): Ubuntu 14.04
Ubuntu 12.04
Product(s): firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26842
 
Oval ID: oval:org.mitre.oval:def:26842
Title: DSA-3034-1 iceweasel - security update
Description: Antoine Delignat-Lavaud from Inria discovered an issue in the way NSS (the Mozilla Network Security Service library, embedded in Wheezy's Iceweasel package), was parsing ASN.1 data used in signatures, making it vulnerable to a signature forgery attack.
Family: unix Class: patch
Reference(s): DSA-3034-1
CVE-2014-1568
Version: 3
Platform(s): Debian GNU/Linux 7.0
Debian GNU/kFreeBSD 7.0
Product(s): iceweasel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26891
 
Oval ID: oval:org.mitre.oval:def:26891
Title: DSA-3037-1 icedove - security update
Description: Antoine Delignat-Lavaud from Inria discovered an issue in the way NSS (the Mozilla Network Security Service library, embedded in Wheezy's Icedove), was parsing ASN.1 data used in signatures, making it vulnerable to a signature forgery attack.
Family: unix Class: patch
Reference(s): DSA-3037-1
CVE-2014-1568
Version: 3
Platform(s): Debian GNU/Linux 7.0
Debian GNU/kFreeBSD 7.0
Product(s): icedove
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26948
 
Oval ID: oval:org.mitre.oval:def:26948
Title: SUSE-SU-2014:1220-2 -- Security update for mozilla-nss
Description: Mozilla NSS was updated to 3.16.5 to fix a RSA certificate forgery issue. MFSA 2014-73 / CVE-2014-1568: Antoine Delignat-Lavaud, security researcher at Inria Paris in team Prosecco, reported an issue in Network Security Services (NSS) libraries affecting all versions. He discovered that NSS is vulnerable to a variant of a signature forgery attack previously published by Daniel Bleichenbacher. This is due to lenient parsing of ASN.1 values involved in a signature and could lead to the forging of RSA certificates. The Advanced Threat Research team at Intel Security also independently discovered and reported this issue. Security Issues: * CVE-2014-1568 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1568>
Family: unix Class: patch
Reference(s): SUSE-SU-2014:1220-2
CVE-2014-1568
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
Product(s): mozilla-nss
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27025
 
Oval ID: oval:org.mitre.oval:def:27025
Title: SUSE-SU-2014:1220-1 -- Security update for mozilla-nss
Description: Mozilla NSS was updated to version 3.16.5 to fix a RSA certificate forgery issue. MFSA 2014-73 / CVE-2014-1568: Antoine Delignat-Lavaud, security researcher at Inria Paris in team Prosecco, reported an issue in Network Security Services (NSS) libraries affecting all versions. He discovered that NSS is vulnerable to a variant of a signature forgery attack previously published by Daniel Bleichenbacher. This is due to lenient parsing of ASN.1 values involved in a signature and could lead to the forging of RSA certificates. The Advanced Threat Research team at Intel Security also independently discovered and reported this issue. Security Issues: * CVE-2014-1568 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1568>
Family: unix Class: patch
Reference(s): SUSE-SU-2014:1220-1
CVE-2014-1568
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Desktop 11
Product(s): mozilla-nss
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27058
 
Oval ID: oval:org.mitre.oval:def:27058
Title: ELSA-2014-1307 -- nss security update (Important)
Description: Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. A flaw was found in the way NSS parsed ASN.1 (Abstract Syntax Notation One) input from certain RSA signatures. A remote attacker could use this flaw to forge RSA certificates by providing a specially crafted signature to an application using NSS. (CVE-2014-1568) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Antoine Delignat-Lavaud and Intel Product Security Incident Response Team as the original reporters. All NSS users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, applications using NSS must be restarted for this update to take effect.
Family: unix Class: patch
Reference(s): ELSA-2014-1307
CVE-2014-1568
Version: 3
Platform(s): Oracle Linux 7
Oracle Linux 5
Oracle Linux 6
Product(s): nss
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28150
 
Oval ID: oval:org.mitre.oval:def:28150
Title: SUSE-SU-2014:1510-1 -- Security update for MozillaFirefox and mozilla-nss (moderate)
Description: - update to Firefox 31.2.0 ESR (bnc#900941) * MFSA 2014-74/CVE-2014-1574/CVE-2014-1575 (bmo#1001994, bmo#1011354, bmo#1018916, bmo#1020034, bmo#1023035, bmo#1032208, bmo#1033020, bmo#1034230, bmo#1061214, bmo#1061600, bmo#1064346, bmo#1072044, bmo#1072174) Miscellaneous memory safety hazards (rv:33.0/rv:31.2) * MFSA 2014-75/CVE-2014-1576 (bmo#1041512) Buffer overflow during CSS manipulation * MFSA 2014-76/CVE-2014-1577 (bmo#1012609) Web Audio memory corruption issues with custom waveforms * MFSA 2014-77/CVE-2014-1578 (bmo#1063327) Out-of-bounds write with WebM video * MFSA 2014-79/CVE-2014-1581 (bmo#1068218) Use-after-free interacting with text directionality * MFSA 2014-81/CVE-2014-1585/CVE-2014-1586 (bmo#1062876, bmo#1062981) Inconsistent video sharing within iframe * MFSA 2014-82/CVE-2014-1583 (bmo#1015540) Accessing cross-origin objects via the Alarms API - SSLv3 is disabled by default. See README.POODLE for more detailed information. - disable call home features - update to 3.17.2 (bnc#900941) Bugfix release * bmo#1049435 - Importing an RSA private key fails if p < q * bmo#1057161 - NSS hangs with 100% CPU on invalid EC key * bmo#1078669 - certutil crashes when using the --certVersion parameter - changes from earlier version of the 3.17 branch: update to 3.17.1 (bnc#897890) * MFSA 2014-73/CVE-2014-1568 (bmo#1064636, bmo#1069405) RSA Signature Forgery in NSS * Change library's signature algorithm default to SHA256 * Add support for draft-ietf-tls-downgrade-scsv * Add clang-cl support to the NSS build system * Implement TLS 1.3: * Part 1. Negotiate TLS 1.3 * Part 2. Remove deprecated cipher suites andcompression. * Add support for little-endian powerpc64 update to 3.17 * required for Firefox 33 New functionality: * When using ECDHE, the TLS server code may be configured to generate a fresh ephemeral ECDH key for each handshake, by setting the SSL_REUSE_SERVER_ECDHE_KEY socket option to PR_FALSE. The SSL_REUSE_SERVER_ECDHE_KEY option defaults to PR_TRUE, which means the server's ephemeral ECDH key is reused for multiple handshakes. This option does not affect the TLS client code, which always generates a fresh ephemeral ECDH key for each handshake. New Macros * SSL_REUSE_SERVER_ECDHE_KEY Notable Changes: * The manual pages for the certutil and pp tools have been updated to document the new parameters that had been added in NSS 3.16.2.
Family: unix Class: patch
Reference(s): SUSE-SU-2014:1510-1
CVE-2014-1574
CVE-2014-1575
CVE-2014-1576
CVE-2014-1577
CVE-2014-1578
CVE-2014-1581
CVE-2014-1585
CVE-2014-1586
CVE-2014-1583
CVE-2014-1568
Version: 5
Platform(s): SUSE Linux Enterprise Desktop 12
Product(s): MozillaFirefox
mozilla-nss
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 3907
Os 3

Information Assurance Vulnerability Management (IAVM)

Date Description
2015-07-16 IAVM : 2015-A-0154 - Multiple Vulnerabilities in Oracle Fusion Middleware
Severity : Category I - VMSKEY : V0061081

Snort® IPS/IDS

Date Description
2015-04-02 Network Security Services NSS library RSA signature forgery attempt
RuleID : 33664 - Revision : 2 - Type : BROWSER-OTHER

Nessus® Vulnerability Scanner

Date Description
2016-06-23 Name : The remote device is affected by multiple vulnerabilities.
File : juniper_space_jsa10698.nasl - Type : ACT_GATHER_INFO
2016-06-22 Name : The remote OracleVM host is missing a security update.
File : oraclevm_OVMSA-2016-0066.nasl - Type : ACT_GATHER_INFO
2015-05-27 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2014-1510-1.nasl - Type : ACT_GATHER_INFO
2015-04-22 Name : The remote web server is affected by a signature forgery vulnerability.
File : sun_java_web_server_7_0_21.nasl - Type : ACT_GATHER_INFO
2015-04-22 Name : The remote proxy web server is affected by a signature forgery vulnerability.
File : iplanet_web_proxy_4_0_25.nasl - Type : ACT_GATHER_INFO
2015-04-20 Name : The remote web server is affected by multiple vulnerabilities.
File : glassfish_cpu_apr_2015.nasl - Type : ACT_GATHER_INFO
2015-04-08 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201504-01.nasl - Type : ACT_GATHER_INFO
2015-03-26 Name : The remote Debian host is missing a security update.
File : debian_DLA-62.nasl - Type : ACT_GATHER_INFO
2015-03-19 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2015-059.nasl - Type : ACT_GATHER_INFO
2014-12-15 Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2014-0082.nasl - Type : ACT_GATHER_INFO
2014-11-26 Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2014-0023.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1371.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2014-1354.nasl - Type : ACT_GATHER_INFO
2014-10-12 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2014-11565.nasl - Type : ACT_GATHER_INFO
2014-10-12 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2014-424.nasl - Type : ACT_GATHER_INFO
2014-10-12 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2014-423.nasl - Type : ACT_GATHER_INFO
2014-10-12 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2014-422.nasl - Type : ACT_GATHER_INFO
2014-09-29 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3037.nasl - Type : ACT_GATHER_INFO
2014-09-29 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_libfreebl3-140925.nasl - Type : ACT_GATHER_INFO
2014-09-29 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20140926_nss_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2014-09-29 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-1307.nasl - Type : ACT_GATHER_INFO
2014-09-29 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-562.nasl - Type : ACT_GATHER_INFO
2014-09-29 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2014-11632.nasl - Type : ACT_GATHER_INFO
2014-09-29 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2014-11518.nasl - Type : ACT_GATHER_INFO
2014-09-29 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-1307.nasl - Type : ACT_GATHER_INFO
2014-09-26 Name : The remote Mac OS X host contains a mail client that is affected by a signatu...
File : macosx_thunderbird_24_8_1.nasl - Type : ACT_GATHER_INFO
2014-09-26 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3033.nasl - Type : ACT_GATHER_INFO
2014-09-26 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3034.nasl - Type : ACT_GATHER_INFO
2014-09-26 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_48108fb0751c4cbb8f3309239ead4b55.nasl - Type : ACT_GATHER_INFO
2014-09-26 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_bd2ef267448511e4b0b700262d5ed8ee.nasl - Type : ACT_GATHER_INFO
2014-09-26 Name : The remote Mac OS X host contains a web browser that is affected by a signatu...
File : macosx_firefox_24_8_1_esr.nasl - Type : ACT_GATHER_INFO
2014-09-26 Name : The remote Mac OS X host contains a web browser that is affected by a signatu...
File : macosx_firefox_31_1_1_esr.nasl - Type : ACT_GATHER_INFO
2014-09-26 Name : The remote Mac OS X host contains a web browser that is affected by a signatu...
File : macosx_firefox_32_0_3.nasl - Type : ACT_GATHER_INFO
2014-09-26 Name : The remote Mac OS X host contains a mail client that is affected by a signatu...
File : macosx_thunderbird_31_1_2.nasl - Type : ACT_GATHER_INFO
2014-09-26 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2014-189.nasl - Type : ACT_GATHER_INFO
2014-09-26 Name : The remote Windows host contains a web browser that is affected by a signatur...
File : mozilla_firefox_24_8_1_esr.nasl - Type : ACT_GATHER_INFO
2014-09-26 Name : The remote Windows host contains a web browser that is affected by a signatur...
File : mozilla_firefox_31_1_1_esr.nasl - Type : ACT_GATHER_INFO
2014-09-26 Name : The remote Windows host contains a web browser that is affected by a signatur...
File : mozilla_firefox_32_0_3.nasl - Type : ACT_GATHER_INFO
2014-09-26 Name : The remote Windows host contains a mail client that is affected by a signatur...
File : mozilla_thunderbird_24_8_1.nasl - Type : ACT_GATHER_INFO
2014-09-26 Name : The remote Windows host contains a mail client that is affected by a signatur...
File : mozilla_thunderbird_31_1_2.nasl - Type : ACT_GATHER_INFO
2014-09-26 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1307.nasl - Type : ACT_GATHER_INFO
2014-09-26 Name : The remote Windows host contains a web browser that is affected by a signatur...
File : seamonkey_2_29_1.nasl - Type : ACT_GATHER_INFO
2014-09-25 Name : The remote Windows host contains a web browser that is affected by a signatur...
File : google_chrome_37_0_2062_124.nasl - Type : ACT_GATHER_INFO
2014-09-25 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2361-1.nasl - Type : ACT_GATHER_INFO
2014-09-25 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2360-2.nasl - Type : ACT_GATHER_INFO
2014-09-25 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2360-1.nasl - Type : ACT_GATHER_INFO
2014-09-25 Name : The remote Mac OS X host contains a web browser that is affected by a signatu...
File : macosx_google_chrome_37_0_2062_124.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
Date Informations
2015-04-23 13:30:45
  • Multiple Updates
2015-04-21 13:28:28
  • Multiple Updates
2014-09-27 13:28:27
  • Multiple Updates
2014-09-27 00:27:41
  • Multiple Updates
2014-09-26 13:27:34
  • Multiple Updates
2014-09-25 21:29:50
  • Multiple Updates
2014-09-25 00:21:33
  • First insertion