5 - CVE-2013-0166

Executive Summary

Informations
Name	CVE-2013-0166	First vendor Publication	2013-02-08
Vendor	Cve	Last vendor Modification	2023-11-07

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score	5	Attack Range	Network
Cvss Impact Score	2.9	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0166

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-310	Cryptographic Issues

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:18754

Oval ID:	oval:org.mitre.oval:def:18754
Title:	HP-UX Apache Web Server, Remote Denial of Service (DoS)
Description:	OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2013-0166	Version:	6
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
HP Release B.11.11 AND filesets test hpuxwsAPACHE.APACHE version is less than B.2.0.64.05 AND hpuxwsAPACHE.APACHE2 version is less than B.2.0.64.05 AND hpuxwsAPACHE.AUTH_LDAP version is less than B.2.0.64.05 AND hpuxwsAPACHE.AUTH_LDAP2 version is less than B.2.0.64.05 AND hpuxwsAPACHE.MOD_JK version is less than B.2.0.64.05 AND hpuxwsAPACHE.MOD_JK2 version is less than B.2.0.64.05 AND hpuxwsAPACHE.MOD_PERL version is less than B.2.0.64.05 AND hpuxwsAPACHE.MOD_PERL2 version is less than B.2.0.64.05 AND hpuxwsAPACHE.PHP version is less than B.2.0.64.05 AND hpuxwsAPACHE.PHP2 version is less than B.2.0.64.05 AND hpuxwsAPACHE.WEBPROXY version is less than B.2.0.64.05

Definition Id: oval:org.mitre.oval:def:19081

Oval ID:	oval:org.mitre.oval:def:19081
Title:	OpenSSL vulnerability before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d in VisualSVN Server (CVE-2013-0166)
Description:	OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2013-0166	Version:	6
Platform(s):	Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	VisualSVN Server
Definition Synopsis:
VisualSVN Server is installed If the version of OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d in VisualSVN Server Check the version of OpenSSL in VisualSVN Server Check if OpenSSL version is greater than or equals to 0.9.8.0 in VisualSVN Server AND Check if OpenSSL version is less than or equals to 0.9.8.24 in VisualSVN Server AND Check the version of OpenSSL in VisualSVN Server Check if OpenSSL version is greater than or equals to 0.9.7.0 in VisualSVN Server AND Check if OpenSSL version is less than or equals to 0.9.7.13 in VisualSVN Server AND Check the version of OpenSSL in VisualSVN Server Check if OpenSSL version is greater than or equals to 0.9.6.0 in VisualSVN Server AND Check if OpenSSL version is less than or equals to 0.9.6.13 in VisualSVN Server AND Check the version of OpenSSL in VisualSVN Server Check if OpenSSL version is greater than or equals to 1.0.0.0 in VisualSVN Server AND Check if OpenSSL version is less than or equals to 1.0.0.10 in VisualSVN Server AND Check the version of OpenSSL in VisualSVN Server Check if OpenSSL version is greater than or equals to 1.0.1.0 in VisualSVN Server AND Check if OpenSSL version is less than or equals to 1.0.1.3 in VisualSVN Server AND Check if OpenSSL version is less than or equals to 0.9.6.13 in VisualSVN Server AND Check if OpenSSL version equals to 0.9.1.1 in VisualSVN Server AND Check if OpenSSL version equals to 0.9.2.2 in VisualSVN Server AND Check if OpenSSL version equals to 0.9.3.0 in VisualSVN Server AND Check if OpenSSL version equals to 0.9.3.1 in VisualSVN Server AND Check if OpenSSL version equals to 0.9.4.0 in VisualSVN Server AND Check if OpenSSL version equals to 0.9.5.0 in VisualSVN Server AND Check if OpenSSL version equals to 0.9.5.1 in VisualSVN Server

Definition Id: oval:org.mitre.oval:def:19360

Oval ID:	oval:org.mitre.oval:def:19360
Title:	Multiple OpenSSL vulnerabilities
Description:	OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2013-0166	Version:	5
Platform(s):	IBM AIX 5.3 IBM AIX 6.1 IBM AIX 7.1	Product(s):
Definition Synopsis:
Criteria meets IBM AIX Security Advisory OS check IBM AIX 5.3 is installed AND openssl.base less than or equal to 0.9.8.2400 OR OS check IBM AIX 6.1 is installed AND openssl.base less than or equal to 0.9.8.2400 OR OS check IBM AIX 7.1 is installed AND openssl.base less than or equal to 0.9.8.2400 OR Criteria meets IBM AIX Security Advisory OS check IBM AIX 5.3 is installed AND openssl-fips.base less than or equal to 12.9.8.2400 OR OS check IBM AIX 6.1 is installed AND openssl-fips.base less than or equal to 12.9.8.2400 OR OS check IBM AIX 7.1 is installed AND openssl-fips.base less than or equal to 12.9.8.2400

Definition Id: oval:org.mitre.oval:def:19487

Oval ID:	oval:org.mitre.oval:def:19487
Title:	HP-UX Running OpenSSL, Remote Denial of Service (DoS) and Unauthorized Disclosure
Description:	OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2013-0166	Version:	12
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX02856 HP Release B.11.11 AND filesets test openssl.OPENSSL-CER version is less than A.00.09.08y.001 AND openssl.OPENSSL-CONF version is less than A.00.09.08y.001 AND openssl.OPENSSL-DOC version is less than A.00.09.08y.001 AND openssl.OPENSSL-INC version is less than A.00.09.08y.001 AND openssl.OPENSSL-LIB version is less than A.00.09.08y.001 AND openssl.OPENSSL-MAN version is less than A.00.09.08y.001 AND openssl.OPENSSL-MIS version is less than A.00.09.08y.001 AND openssl.OPENSSL-PRNG version is less than A.00.09.08y.001 AND openssl.OPENSSL-PVT version is less than A.00.09.08y.001 AND openssl.OPENSSL-RUN version is less than A.00.09.08y.001 AND openssl.OPENSSL-SRC version is less than A.00.09.08y.001 OR Criteria meets HP Security Bulletin HPSBUX02856 HP Release B.11.23 AND filesets test openssl.OPENSSL-CER version is less than A.00.09.08y.002 AND openssl.OPENSSL-CONF version is less than A.00.09.08y.002 AND openssl.OPENSSL-DOC version is less than A.00.09.08y.002 AND openssl.OPENSSL-INC version is less than A.00.09.08y.002 AND openssl.OPENSSL-LIB version is less than A.00.09.08y.002 AND openssl.OPENSSL-MAN version is less than A.00.09.08y.002 AND openssl.OPENSSL-MIS version is less than A.00.09.08y.002 AND openssl.OPENSSL-PRNG version is less than A.00.09.08y.002 AND openssl.OPENSSL-PVT version is less than A.00.09.08y.002 AND openssl.OPENSSL-RUN version is less than A.00.09.08y.002 AND openssl.OPENSSL-SRC version is less than A.00.09.08y.002 OR Criteria meets HP Security Bulletin HPSBUX02856 HP-UX B.11.31 AND filesets test openssl.OPENSSL-CER version is less than A.00.09.08y.003 AND openssl.OPENSSL-CONF version is less than A.00.09.08y.003 AND openssl.OPENSSL-DOC version is less than A.00.09.08y.003 AND openssl.OPENSSL-INC version is less than A.00.09.08y.003 AND openssl.OPENSSL-LIB version is less than A.00.09.08y.003 AND openssl.OPENSSL-MAN version is less than A.00.09.08y.003 AND openssl.OPENSSL-MIS version is less than A.00.09.08y.003 AND openssl.OPENSSL-PRNG version is less than A.00.09.08y.003 AND openssl.OPENSSL-PVT version is less than A.00.09.08y.003 AND openssl.OPENSSL-RUN version is less than A.00.09.08y.003 AND openssl.OPENSSL-SRC version is less than A.00.09.08y.003

Definition Id: oval:org.mitre.oval:def:20686

Oval ID:	oval:org.mitre.oval:def:20686
Title:	VMware vSphere, ESX and ESXi updates to third party libraries
Description:	OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2013-0166	Version:	4
Platform(s):	VMWare ESX Server 4.1 VMWare ESX Server 4.0	Product(s):
Definition Synopsis:
Patch ESX410-201307403-SG is not installed VMware ESX Server 4.1 is installed AND Patch ESX410-201307403-SG is not installed OR Patch ESX400-201310401-SG is not installed VMware ESX Server 4.0 is installed AND Patch ESX400-201310401-SG is not installed

Definition Id: oval:org.mitre.oval:def:24756

Oval ID:	oval:org.mitre.oval:def:24756
Title:	OpenSSL vulnerability before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d, allows remote OCSP servers to cause a denial of service
Description:	OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2013-0166	Version:	3
Platform(s):	Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2	Product(s):	OpenSSL
Definition Synopsis:
Check vulnerable OpenSSL Check vulnerable versions of OpenSSL Check if the version of OpenSSL 1.0.0 before 1.0.0k AND Check if the version of OpenSSL 1.0.1 before 1.0.1d AND Check if the version of OpenSSL 0.9.3 before 0.9.8y AND OpenSSL is installed OR Check vulnerable OpenSSL (32_bit) Check vulnerable versions of OpenSSL (32_bit) Check if the version of OpenSSL 1.0.0 before 1.0.0k (32_bit) AND Check if the version of OpenSSL 1.0.1 before 1.0.1d (32_bit) AND Check if the version of OpenSSL 0.9.3 before 0.9.8y (32_bit) AND OpenSSL (32_bit) is installed AND Check if the version of ssleay32.dll 1.0.0 before 1.0.0k ProgramFilesDir AND Check if the version of ssleay32.dll 1.0.0 before 1.0.0k ProgramFilesDir x86 AND Check if the version of ssleay32.dll 1.0.0 before 1.0.0k under Sytem32 and SysWOW64 AND Check if the version of ssleay32.dll 1.0.1 before 1.0.1d ProgramFilesDir AND Check if the version of ssleay32.dll 1.0.1 before 1.0.1d ProgramFilesDir x86 AND Check if the version of ssleay32.dll 1.0.1 before 1.0.1d under Sytem32 and SysWOW64 AND Check if the version of ssleay32.dll 0.9.3 before 0.9.8y ProgramFilesDir AND Check if the version of ssleay32.dll 0.9.3 before 0.9.8y ProgramFilesDir x86 AND Check if the version of ssleay32.dll 0.9.3 before 0.9.8y under Sytem32 and SysWOW64

Definition Id: oval:org.mitre.oval:def:25357

Oval ID:	oval:org.mitre.oval:def:25357
Title:	SUSE-SU-2013:0549-3 -- Security update for OpenSSL
Description:	OpenSSL has been updated to fix several security issues: * CVE-2012-4929: Avoid the openssl CRIME attack by disabling SSL compression by default. Setting the environment variable "OPENSSL_NO_DEFAULT_ZLIB" to "no" enables compression again. * CVE-2013-0169: Timing attacks against TLS could be used by physically local attackers to gain access to transmitted plain text or private keymaterial. This issue is also known as the "Lucky-13" issue. * CVE-2013-0166: A OCSP invalid key denial of service issue was fixed.
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2013:0549-3 CVE-2012-4929 CVE-2013-0169 CVE-2013-0166	Version:	3
Platform(s):	SUSE Linux Enterprise Server 11	Product(s):	OpenSSL
Definition Synopsis:
SUSE Linux Enterprise Server 11.x is installed Packages match section libopenssl0_9_8 RPM is earlier than 0:0.9.8j-0.50.1 AND libopenssl0_9_8-hmac RPM is earlier than 0:0.9.8j-0.50.1 AND openssl RPM is earlier than 0:0.9.8j-0.50.1 AND openssl-doc RPM is earlier than 0:0.9.8j-0.50.1 AND libopenssl0_9_8-32bit RPM is earlier than 0:0.9.8j-0.50.1 AND libopenssl0_9_8-hmac-32bit RPM is earlier than 0:0.9.8j-0.50.1

Definition Id: oval:org.mitre.oval:def:25849

Oval ID:	oval:org.mitre.oval:def:25849
Title:	SUSE-SU-2013:0549-2 -- Security update for OpenSSL
Description:	OpenSSL has been updated to fix several security issues: * CVE-2012-4929: Avoid the openssl CRIME attack by disabling SSL compression by default. Setting the environment variable "OPENSSL_NO_DEFAULT_ZLIB" to "no" enables compression again. * CVE-2013-0169: Timing attacks against TLS could be used by physically local attackers to gain access to transmitted plain text or private keymaterial. This issue is also known as the "Lucky-13" issue. * CVE-2013-0166: A OCSP invalid key denial of service issue was fixed.
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2013:0549-2 CVE-2012-4929 CVE-2013-0169 CVE-2013-0166	Version:	3
Platform(s):	SUSE Linux Enterprise Server 10	Product(s):	OpenSSL
Definition Synopsis:
SUSE Linux Enterprise Server 10 is installed Packages match section openssl RPM is earlier than 0:0.9.8a-18.45.69.1 AND openssl-devel RPM is earlier than 0:0.9.8a-18.45.69.1 AND openssl-doc RPM is earlier than 0:0.9.8a-18.45.69.1 AND openssl-32bit RPM is earlier than 0:0.9.8a-18.45.69.1 AND openssl-devel-32bit RPM is earlier than 0:0.9.8a-18.45.69.1

Definition Id: oval:org.mitre.oval:def:25900

Oval ID:	oval:org.mitre.oval:def:25900
Title:	SUSE-SU-2013:0554-1 -- Security update for OpenSSL
Description:	OpenSSL has been updated to fix several security issues: * CVE-2012-4929: Avoid the openssl CRIME attack by disabling SSL compression by default. Setting the environment variable "OPENSSL_NO_DEFAULT_ZLIB" to "no" enables compression again. Please note that openssl on SUSE Linux Enterprise 10 is not built with compression support. * CVE-2013-0169: Timing attacks against TLS could be used by physically local attackers to gain access to transmitted plain text or private keymaterial. This issue is also known as the "Lucky-13" issue. * CVE-2013-0166: A OCSP invalid key denial of service issue was fixed.
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2013:0554-1 CVE-2012-4929 CVE-2013-0169 CVE-2013-0166	Version:	3
Platform(s):	SUSE Linux Enterprise Server 10 SUSE Linux Enterprise Desktop 10	Product(s):	OpenSSL
Definition Synopsis:
SUSE Linux Enterprise Server 10 and SUSE Linux Enterprise Desktop 10 release section Operation system section SUSE Linux Enterprise Server 10 is installed AND SUSE Linux Enterprise Desktop 10 is installed Packages match section openssl RPM is earlier than 0:0.9.8a-18.76.1 AND openssl-devel RPM is earlier than 0:0.9.8a-18.76.1 AND openssl-32bit RPM is earlier than 0:0.9.8a-18.76.1 AND openssl-devel-32bit RPM is earlier than 0:0.9.8a-18.76.1 AND SUSE Linux Enterprise Server 10 release section SUSE Linux Enterprise Server 10 is installed AND openssl-doc RPM is earlier than 0:0.9.8a-18.76.1

Definition Id: oval:org.mitre.oval:def:26011

Oval ID:	oval:org.mitre.oval:def:26011
Title:	SUSE-SU-2013:0549-1 -- Security update for OpenSSL
Description:	OpenSSL has been updated to fix several security issues: * CVE-2012-4929: Avoid the openssl CRIME attack by disabling SSL compression by default. Setting the environment variable "OPENSSL_NO_DEFAULT_ZLIB" to "no" enables compression again. * CVE-2013-0169: Timing attacks against TLS could be used by physically local attackers to gain access to transmitted plain text or private keymaterial. This issue is also known as the "Lucky-13" issue. * CVE-2013-0166: A OCSP invalid key denial of service issue was fixed.
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2013:0549-1 CVE-2012-4929 CVE-2013-0169 CVE-2013-0166	Version:	3
Platform(s):	SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11	Product(s):	OpenSSL
Definition Synopsis:
SUSE Linux Enterprise Server 11 and SUSE Linux Enterprise Desktop 11 release section Operation system section SUSE Linux Enterprise Server 11.x is installed AND SUSE Linux Enterprise Desktop 11.x is installed Packages match section libopenssl0_9_8 RPM is earlier than 0:0.9.8j-0.50.1 AND openssl RPM is earlier than 0:0.9.8j-0.50.1 AND libopenssl0_9_8-32bit RPM is earlier than 0:0.9.8j-0.50.1 AND SUSE Linux Enterprise Server 11 release section SUSE Linux Enterprise Server 11.x is installed Packages match section libopenssl0_9_8-hmac RPM is earlier than 0:0.9.8j-0.50.1 AND openssl-doc RPM is earlier than 0:0.9.8j-0.50.1 AND libopenssl0_9_8-hmac-32bit RPM is earlier than 0:0.9.8j-0.50.1

CPE : Common Platform Enumeration

Type	Description	Count
Application	Openssl cpe:2.3:a:openssl:openssl:1.0.1c:::::::* cpe:2.3:a:openssl:openssl:1.0.1b:::::::* cpe:2.3:a:openssl:openssl:1.0.1a:::::::* cpe:2.3:a:openssl:openssl:1.0.1:-:::::: cpe:2.3:a:openssl:openssl:1.0.0j:::::::* cpe:2.3:a:openssl:openssl:1.0.0i:::::::* cpe:2.3:a:openssl:openssl:1.0.0h:::::::* cpe:2.3:a:openssl:openssl:1.0.0g:::::::* cpe:2.3:a:openssl:openssl:1.0.0f:::::::* cpe:2.3:a:openssl:openssl:1.0.0e:::::::* cpe:2.3:a:openssl:openssl:1.0.0d:::::::* cpe:2.3:a:openssl:openssl:1.0.0c:::::::* cpe:2.3:a:openssl:openssl:1.0.0b:::::::* cpe:2.3:a:openssl:openssl:1.0.0a:::::::* cpe:2.3:a:openssl:openssl:1.0.0:-:::::: cpe:2.3:a:openssl:openssl:0.9.8x:::::::* cpe:2.3:a:openssl:openssl:0.9.8w:::::::* cpe:2.3:a:openssl:openssl:0.9.8v:::::::* cpe:2.3:a:openssl:openssl:0.9.8u:::::::* cpe:2.3:a:openssl:openssl:0.9.8t:::::::* cpe:2.3:a:openssl:openssl:0.9.8s:::::::* cpe:2.3:a:openssl:openssl:0.9.8r:::::::* cpe:2.3:a:openssl:openssl:0.9.8q:::::::* cpe:2.3:a:openssl:openssl:0.9.8p:::::::* cpe:2.3:a:openssl:openssl:0.9.8o:::::::* cpe:2.3:a:openssl:openssl:0.9.8n:::::::* cpe:2.3:a:openssl:openssl:0.9.8m:beta1:::::: cpe:2.3:a:openssl:openssl:0.9.8m:-:::::: cpe:2.3:a:openssl:openssl:0.9.8l:::::::* cpe:2.3:a:openssl:openssl:0.9.8k:::::::* cpe:2.3:a:openssl:openssl:0.9.8j:::::::* cpe:2.3:a:openssl:openssl:0.9.8i:::::::* cpe:2.3:a:openssl:openssl:0.9.8h:::::::* cpe:2.3:a:openssl:openssl:0.9.8g:::::::* cpe:2.3:a:openssl:openssl:0.9.8f:::::::* cpe:2.3:a:openssl:openssl:0.9.8e:::::::* cpe:2.3:a:openssl:openssl:0.9.8d:::::::* cpe:2.3:a:openssl:openssl:0.9.8c:::::::* cpe:2.3:a:openssl:openssl:0.9.8b:::::::* cpe:2.3:a:openssl:openssl:0.9.8a:::::::* cpe:2.3:a:openssl:openssl:0.9.8:-:::::: cpe:2.3:a:openssl:openssl:0.9.7m:::::::* cpe:2.3:a:openssl:openssl:0.9.7l:::::::* cpe:2.3:a:openssl:openssl:0.9.7k:::::::* cpe:2.3:a:openssl:openssl:0.9.7j:::::::* cpe:2.3:a:openssl:openssl:0.9.7i:::::::* cpe:2.3:a:openssl:openssl:0.9.7h:::::::* cpe:2.3:a:openssl:openssl:0.9.7g:::::::* cpe:2.3:a:openssl:openssl:0.9.7f:::::::* cpe:2.3:a:openssl:openssl:0.9.7e:::::::* cpe:2.3:a:openssl:openssl:0.9.7d:::::::* cpe:2.3:a:openssl:openssl:0.9.7c:::::::* cpe:2.3:a:openssl:openssl:0.9.7b:::::::* cpe:2.3:a:openssl:openssl:0.9.7a:::::::* cpe:2.3:a:openssl:openssl:0.9.7:beta2:::::: cpe:2.3:a:openssl:openssl:0.9.7:beta3:::::: cpe:2.3:a:openssl:openssl:0.9.7:beta5:::::: cpe:2.3:a:openssl:openssl:0.9.7:beta1:::::: cpe:2.3:a:openssl:openssl:0.9.7:beta4:::::: cpe:2.3:a:openssl:openssl:0.9.7:beta6:::::: cpe:2.3:a:openssl:openssl:0.9.7:-:::::: cpe:2.3:a:openssl:openssl:0.9.6m:::::::* cpe:2.3:a:openssl:openssl:0.9.6l:::::::* cpe:2.3:a:openssl:openssl:0.9.6k:::::::* cpe:2.3:a:openssl:openssl:0.9.6j:::::::* cpe:2.3:a:openssl:openssl:0.9.6i:::::::* cpe:2.3:a:openssl:openssl:0.9.6h:::::::* cpe:2.3:a:openssl:openssl:0.9.6g:::::::* cpe:2.3:a:openssl:openssl:0.9.6f:::::::* cpe:2.3:a:openssl:openssl:0.9.6e:::::::* cpe:2.3:a:openssl:openssl:0.9.6d:-:::::: cpe:2.3:a:openssl:openssl:0.9.6c:::::::* cpe:2.3:a:openssl:openssl:0.9.6b:::::::* cpe:2.3:a:openssl:openssl:0.9.6a:beta3:::::: cpe:2.3:a:openssl:openssl:0.9.6a:beta2:::::: cpe:2.3:a:openssl:openssl:0.9.6a:beta1:::::: cpe:2.3:a:openssl:openssl:0.9.6a:-:::::: cpe:2.3:a:openssl:openssl:0.9.6:-:::::: cpe:2.3:a:openssl:openssl:0.9.6:beta1:::::: cpe:2.3:a:openssl:openssl:0.9.6:beta2:::::: cpe:2.3:a:openssl:openssl:0.9.6:beta3:::::: cpe:2.3:a:openssl:openssl:0.9.5a:-:::::: cpe:2.3:a:openssl:openssl:0.9.5a:beta2:::::: cpe:2.3:a:openssl:openssl:0.9.5a:beta1:::::: cpe:2.3:a:openssl:openssl:0.9.5:beta1:::::: cpe:2.3:a:openssl:openssl:0.9.5:-:::::: cpe:2.3:a:openssl:openssl:0.9.5:beta2:::::: cpe:2.3:a:openssl:openssl:0.9.4:::::::* cpe:2.3:a:openssl:openssl:0.9.3a:::::::* cpe:2.3:a:openssl:openssl:0.9.3:-:::::: cpe:2.3:a:openssl:openssl:0.9.2b:::::::* cpe:2.3:a:openssl:openssl:0.9.1c:::::::*	92
Application	Redhat Openssl cpe:2.3:a:redhat:openssl:0.9.7a-2:::::::* cpe:2.3:a:redhat:openssl:0.9.6b-3:::::::* cpe:2.3:a:redhat:openssl:0.9.6-15:::::::*	3

Information Assurance Vulnerability Management (IAVM)

Date	Description
2013-09-19	IAVM : 2013-A-0181 - Multiple Vulnerabilities in Junos Pulse Secure Access Service (IVE) Severity : Category I - VMSKEY : V0040371
2013-09-19	IAVM : 2013-A-0180 - Multiple Vulnerabilities in Juniper Networks Junos Pulse Access Service Acces... Severity : Category I - VMSKEY : V0040372
2013-09-19	IAVM : 2013-A-0179 - Apple Mac OS X Security Update 2013-004 Severity : Category I - VMSKEY : V0040373
2013-04-11	IAVM : 2013-A-0077 - Multiple Vulnerabilities in OpenSSL Severity : Category I - VMSKEY : V0037605

Nessus® Vulnerability Scanner

Date	Description
2016-03-04	Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_esx_VMSA-2013-0009_remote.nasl - Type : ACT_GATHER_INFO
2016-03-04	Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-294.nasl - Type : ACT_GATHER_INFO
2015-01-19	Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_openssl_20130716.nasl - Type : ACT_GATHER_INFO
2014-12-22	Name : The remote device is affected by multiple vulnerabilities. File : juniper_space_jsa10659.nasl - Type : ACT_GATHER_INFO
2014-12-05	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_compat-openssl097g-141202.nasl - Type : ACT_GATHER_INFO
2014-11-26	Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2013-0009.nasl - Type : ACT_GATHER_INFO
2014-11-26	Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2014-0007.nasl - Type : ACT_GATHER_INFO
2014-11-26	Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2014-0008.nasl - Type : ACT_GATHER_INFO
2014-11-08	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0416.nasl - Type : ACT_GATHER_INFO
2014-11-08	Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2013-0636.nasl - Type : ACT_GATHER_INFO
2014-10-10	Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL14261.nasl - Type : ACT_GATHER_INFO
2014-08-22	Name : The remote host is affected by multiple vulnerabilities. File : juniper_nsm_jsa10642.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-154.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-153.nasl - Type : ACT_GATHER_INFO
2014-04-16	Name : The remote AIX host is running a vulnerable version of OpenSSL. File : aix_openssl_advisory3.nasl - Type : ACT_GATHER_INFO
2014-04-16	Name : The remote AIX host is running a vulnerable version of OpenSSL. File : aix_openssl_advisory5.nasl - Type : ACT_GATHER_INFO
2014-02-07	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201402-08.nasl - Type : ACT_GATHER_INFO
2014-01-20	Name : The remote VMware ESXi 5.1 host is affected by multiple vulnerabilities. File : vmware_esxi_5_1_build_1483097_remote.nasl - Type : ACT_GATHER_INFO
2013-12-03	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201312-03.nasl - Type : ACT_GATHER_INFO
2013-11-13	Name : The remote VMware ESXi 5.0 host is affected by multiple security vulnerabilit... File : vmware_esxi_5_0_build_1311177_remote.nasl - Type : ACT_GATHER_INFO
2013-09-19	Name : The remote device is missing a vendor-supplied security patch. File : junos_pulse_jsa10591.nasl - Type : ACT_GATHER_INFO
2013-09-13	Name : The remote host is missing a Mac OS X update that fixes several security issues. File : macosx_SecUpd2013-004.nasl - Type : ACT_GATHER_INFO
2013-09-13	Name : The remote host is missing a Mac OS X update that fixes several security issues. File : macosx_10_8_5.nasl - Type : ACT_GATHER_INFO
2013-09-04	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-171.nasl - Type : ACT_GATHER_INFO
2013-08-02	Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2013-0009.nasl - Type : ACT_GATHER_INFO
2013-07-16	Name : The remote device is missing a vendor-supplied security patch. File : juniper_jsa10575.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0587.nasl - Type : ACT_GATHER_INFO
2013-06-24	Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2013-0833.nasl - Type : ACT_GATHER_INFO
2013-06-06	Name : The remote web server contains an application that is affected by multiple vu... File : splunk_503.nasl - Type : ACT_GATHER_INFO
2013-04-30	Name : The remote host is affected by multiple vulnerabilities. File : ibm_tem_8_2_1372.nasl - Type : ACT_GATHER_INFO
2013-04-20	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-052.nasl - Type : ACT_GATHER_INFO
2013-04-08	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_69bfc8529bd011e2a7be8c705af55518.nasl - Type : ACT_GATHER_INFO
2013-03-28	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_openssl-8517.nasl - Type : ACT_GATHER_INFO
2013-03-28	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libopenssl-devel-130325.nasl - Type : ACT_GATHER_INFO
2013-03-26	Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1732-3.nasl - Type : ACT_GATHER_INFO
2013-03-08	Name : The remote Fedora host is missing a security update. File : fedora_2013-2793.nasl - Type : ACT_GATHER_INFO
2013-03-07	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0587.nasl - Type : ACT_GATHER_INFO
2013-03-05	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0587.nasl - Type : ACT_GATHER_INFO
2013-03-05	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130304_openssl_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2013-03-04	Name : The remote Fedora host is missing a security update. File : fedora_2013-2834.nasl - Type : ACT_GATHER_INFO
2013-03-01	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1732-2.nasl - Type : ACT_GATHER_INFO
2013-02-22	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1732-1.nasl - Type : ACT_GATHER_INFO
2013-02-14	Name : The remote Debian host is missing a security-related update. File : debian_DSA-2621.nasl - Type : ACT_GATHER_INFO
2013-02-11	Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2013-040-01.nasl - Type : ACT_GATHER_INFO
2013-02-09	Name : The remote host may be affected by multiple vulnerabilities. File : openssl_0_9_8y.nasl - Type : ACT_GATHER_INFO
2013-02-09	Name : The remote host may be affected by multiple vulnerabilities. File : openssl_1_0_0k.nasl - Type : ACT_GATHER_INFO
2013-02-09	Name : The remote host may be affected by multiple vulnerabilities. File : openssl_1_0_1d.nasl - Type : ACT_GATHER_INFO
2013-02-07	Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_00b0d8cd709711e298d9003067c2616f.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=62e4506a7d4cec1c8...
http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=66e8211c0b1347970...
http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=ebc71865f0506a293...

Source	Url
APPLE	http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html
CERT-VN	http://www.kb.cert.org/vuls/id/737740
CONFIRM	http://support.apple.com/kb/HT5880 http://www.openssl.org/news/secadv_20130204.txt http://www.splunk.com/view/SP-CAAAHXG https://bugzilla.redhat.com/show_bug.cgi?id=908052 https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr...
DEBIAN	http://www.debian.org/security/2013/dsa-2621
HP	http://marc.info/?l=bugtraq&m=136396549913849&w=2 http://marc.info/?l=bugtraq&m=136432043316835&w=2 http://marc.info/?l=bugtraq&m=137545771702053&w=2
OVAL	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova... https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova... https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova... https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
REDHAT	http://rhn.redhat.com/errata/RHSA-2013-0587.html http://rhn.redhat.com/errata/RHSA-2013-0782.html http://rhn.redhat.com/errata/RHSA-2013-0783.html http://rhn.redhat.com/errata/RHSA-2013-0833.html
SECUNIA	http://secunia.com/advisories/53623 http://secunia.com/advisories/55108 http://secunia.com/advisories/55139
SUSE	http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html

Alert History

If you want to see full details history, please login or register.

Date	Informations
2024-02-02 01:21:35	Multiple Updates
2024-02-01 12:06:20	Multiple Updates
2023-11-07 21:46:26	Multiple Updates
2023-09-05 12:20:24	Multiple Updates
2023-09-05 01:06:14	Multiple Updates
2023-09-02 12:20:25	Multiple Updates
2023-09-02 01:06:19	Multiple Updates
2023-08-12 12:24:26	Multiple Updates
2023-08-12 01:06:21	Multiple Updates
2023-08-11 12:20:34	Multiple Updates
2023-08-11 01:06:31	Multiple Updates
2023-08-06 12:19:47	Multiple Updates
2023-08-06 01:06:21	Multiple Updates
2023-08-04 12:19:51	Multiple Updates
2023-08-04 01:06:24	Multiple Updates
2023-07-14 12:19:50	Multiple Updates
2023-07-14 01:06:18	Multiple Updates
2023-03-29 01:21:49	Multiple Updates
2023-03-28 12:06:26	Multiple Updates
2022-10-11 12:17:43	Multiple Updates
2022-10-11 01:06:01	Multiple Updates
2021-05-04 12:23:14	Multiple Updates
2021-04-22 01:27:46	Multiple Updates
2020-05-23 00:35:39	Multiple Updates
2019-03-19 12:05:25	Multiple Updates
2018-08-09 09:19:21	Multiple Updates
2017-09-19 09:25:39	Multiple Updates
2016-12-03 09:23:53	Multiple Updates
2016-08-23 09:24:47	Multiple Updates
2016-04-26 22:38:49	Multiple Updates
2016-03-05 13:26:42	Multiple Updates
2015-12-17 13:26:25	Multiple Updates
2015-03-27 09:26:10	Multiple Updates
2015-01-21 13:25:59	Multiple Updates
2014-12-23 13:26:14	Multiple Updates
2014-12-06 13:26:58	Multiple Updates
2014-11-27 13:28:11	Multiple Updates
2014-11-08 13:30:27	Multiple Updates
2014-10-11 13:26:16	Multiple Updates
2014-06-14 13:34:10	Multiple Updates
2014-04-17 13:25:38	Multiple Updates
2014-02-17 11:15:19	Multiple Updates
2014-01-28 13:19:14	Multiple Updates
2014-01-17 13:19:25	Multiple Updates
2013-12-05 17:19:23	Multiple Updates
2013-11-11 12:40:09	Multiple Updates
2013-11-04 21:24:44	Multiple Updates
2013-10-31 13:19:38	Multiple Updates
2013-10-11 13:25:07	Multiple Updates
2013-09-18 13:19:38	Multiple Updates
2013-09-12 13:20:00	Multiple Updates
2013-06-05 13:19:50	Multiple Updates
2013-05-10 22:27:55	Multiple Updates
2013-03-08 13:19:25	Multiple Updates
2013-02-11 17:19:38	Multiple Updates
2013-02-09 00:23:36	First insertion

Global Informations

Type	Count
CWE ID(s)	1
Oval ID(s)	10
CPE ID(s)	95
Sources(s)	27
IAVM(s)	4
Nessus® Exploit(s)	48

	Related
9.3	VU#737740
7.5	GLSA-201312-03
6.9	VMSA-2013-0009
6.8	HPSBOV02852 SSR...
6.6	GLSA-201402-08
5	USN-1732-2
5	USN-1732-1
5	RHSA-2013:0587
5	MDVSA-2013:052
5	HPSBUX02909 SSR...
5	HPSBUX02856 SSR...
5	DSA-2621
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 12 more Alert(s)

5 - CVE-2013-0166

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

OVAL Definitions

CPE : Common Platform Enumeration

Information Assurance Vulnerability Management (IAVM)

Nessus® Vulnerability Scanner

Sources (Detail)

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU