5 - CVE-2014-3660

Executive Summary

Informations
Name	CVE-2014-3660	First vendor Publication	2014-11-04
Vendor	Cve	Last vendor Modification	2016-12-08

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score	5	Attack Range	Network
Cvss Impact Score	2.9	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing a large number of nested entity references, a variant of the "billion laughs" attack.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3660

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:27021

Oval ID:	oval:org.mitre.oval:def:27021
Title:	DSA-3057-1 libxml2 - security update
Description:	Sogeti found a denial of service flaw in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, would lead to excessive CPU consumption (denial of service) based on excessive entity substitutions, even if entity substitution was disabled, which is the parser default behavior. (<a href="https://security-tracker.debian.org/tracker/CVE-2014-3660">CVE-2014-3660</a>)
Family:	unix	Class:	patch
Reference(s):	DSA-3057-1 CVE-2014-3660	Version:	3
Platform(s):	Debian GNU/Linux 7.0 Debian GNU/kFreeBSD 7.0	Product(s):	libxml2
Definition Synopsis:
Debian 7 is installed GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND libxml2 DPKG is earlier than 0:2.8.0+dfsg1-7+wheezy2

Definition Id: oval:org.mitre.oval:def:27098

Oval ID:	oval:org.mitre.oval:def:27098
Title:	ELSA-2014-1655 -- libxml2 security update
Description:	[2.9.1-5.0.1.el7_0.1] - Update doc/redhat.gif in tarball - Add libxml2-oracle-enterprise.patch and update logos in tarball [2.9.1-5.1] - CVE-2014-3660 denial of service via recursive entity expansion (rhbz#1149087)
Family:	unix	Class:	patch
Reference(s):	ELSA-2014-1655 CVE-2014-3660	Version:	4
Platform(s):	Oracle Linux 7	Product(s):	libxml2 libxml2-devel libxml2-python libxml2-static
Definition Synopsis:
Oracle Linux 7.x Packages match section libxml2 is earlier than 0:2.9.1-5.0.1.el7_0.1 AND libxml2-devel is earlier than 0:2.9.1-5.0.1.el7_0.1 AND libxml2-python is earlier than 0:2.9.1-5.0.1.el7_0.1 AND libxml2-static is earlier than 0:2.9.1-5.0.1.el7_0.1

Definition Id: oval:org.mitre.oval:def:27149

Oval ID:	oval:org.mitre.oval:def:27149
Title:	RHSA-2014:1655: libxml2 security update (Moderate)
Description:	The libxml2 library is a development toolbox providing the implementation of various XML standards. A denial of service flaw was found in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, would lead to excessive CPU consumption (denial of service) based on excessive entity substitutions, even if entity substitution was disabled, which is the parser default behavior. (CVE-2014-3660) All libxml2 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted (log out, then log back in) for this update to take effect.
Family:	unix	Class:	patch
Reference(s):	RHSA-2014:1655-00 CVE-2014-3660 CESA-2014:1655-CentOS 7 CESA-2014:1655-CentOS 6	Version:	5
Platform(s):	Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 6 CentOS Linux 7 CentOS Linux 6	Product(s):	libxml2
Definition Synopsis:
Red Hat Enterprise Linux 6 and CentOS Linux 6 release section Operation system section The operating system installed on the system is Red Hat Enterprise Linux 6 AND The operating system installed on the system is CentOS Linux 6.x Packages match section libxml2 is earlier than 0:2.7.6-17.el6_6.1 AND libxml2-devel is earlier than 0:2.7.6-17.el6_6.1 AND libxml2-python is earlier than 0:2.7.6-17.el6_6.1 AND libxml2-static is earlier than 0:2.7.6-17.el6_6.1 AND Red Hat Enterprise Linux 6 release section The operating system installed on the system is Red Hat Enterprise Linux 6 AND libxml2-debuginfo is earlier than 0:2.7.6-17.el6_6.1 AND Red Hat Enterprise Linux 7 and CentOS Linux 7 release section Operation system section The operating system installed on the system is Red Hat Enterprise Linux 7 AND The operating system installed on the system is CentOS Linux 7.x Packages match section libxml2 is earlier than 0:2.9.1-5.el7_0.1 AND libxml2-devel is earlier than 0:2.9.1-5.el7_0.1 AND libxml2-python is earlier than 0:2.9.1-5.el7_0.1 AND libxml2-static is earlier than 0:2.9.1-5.el7_0.1 AND Red Hat Enterprise Linux 7 release section The operating system installed on the system is Red Hat Enterprise Linux 7 AND libxml2-debuginfo is earlier than 0:2.9.1-5.el7_0.1

Definition Id: oval:org.mitre.oval:def:27531

Oval ID:	oval:org.mitre.oval:def:27531
Title:	USN-2389-1 -- libxml2 vulnerability
Description:	It was discovered that libxml2 would incorrectly perform entity substitution even when requested not to. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause resource consumption, resulting in a denial of service.
Family:	unix	Class:	patch
Reference(s):	USN-2389-1 CVE-2014-3660	Version:	3
Platform(s):	Ubuntu 14.04 Ubuntu 12.04 Ubuntu 10.04	Product(s):	libxml2
Definition Synopsis:
Ubuntu 14.04 release section Ubuntu 14.04 is installed AND libxml2 is earlier than 0:2.9.1+dfsg1-3ubuntu4.4 AND Ubuntu 12.04 release section Ubuntu 12.04 is installed AND libxml2 is earlier than 0:2.7.8.dfsg-5.1ubuntu4.11 AND Ubuntu 10.04 release section Ubuntu 10.04 is installed AND libxml2 is earlier than 0:2.7.6.dfsg-1ubuntu1.15

Definition Id: oval:org.mitre.oval:def:27707

Oval ID:	oval:org.mitre.oval:def:27707
Title:	RHSA-2014:1885 -- libxml2 security update (Moderate)
Description:	The libxml2 library is a development toolbox providing the implementation of various XML standards. A denial of service flaw was found in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, would lead to excessive CPU consumption (denial of service) based on excessive entity substitutions, even if entity substitution was disabled, which is the parser default behavior. (CVE-2014-3660) All libxml2 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted (log out, then log back in) for this update to take effect.
Family:	unix	Class:	patch
Reference(s):	RHSA-2014:1885 CESA-2014:1885 CVE-2014-3660	Version:	3
Platform(s):	Red Hat Enterprise Linux 5 CentOS Linux 5	Product(s):	libxml2
Definition Synopsis:
Red Hat Enterprise Linux 5 release section The operating system installed on the system is Red Hat Enterprise Linux 5 AND libxml2-debuginfo is earlier than 0:2.6.26-2.1.25.el5_11 AND Red Hat Enterprise Linux 5 and CentOS Linux 5 release section Operation system section The operating system installed on the system is Red Hat Enterprise Linux 5 AND The operating system installed on the system is CentOS Linux 5.x Packages match section libxml2-devel is earlier than 0:2.6.26-2.1.25.el5_11 AND libxml2 is earlier than 0:2.6.26-2.1.25.el5_11 AND libxml2-python is earlier than 0:2.6.26-2.1.25.el5_11

Definition Id: oval:org.mitre.oval:def:27924

Oval ID:	oval:org.mitre.oval:def:27924
Title:	SUSE-SU-2014:1440-1 -- Security update for libxml2 (moderate)
Description:	This update fixes a denial of service via recursive entity expansion. (CVE-2014-3660) Security Issues: * CVE-2014-3660 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3660>
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2014:1440-1 CVE-2014-3660	Version:	3
Platform(s):	SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11	Product(s):	libxml2
Definition Synopsis:
SUSE Linux Enterprise Server 11 and SUSE Linux Enterprise Desktop 11 release section Operation system section SUSE Linux Enterprise Server 11.x is installed AND SUSE Linux Enterprise Desktop 11.x is installed Packages match section libxml2 is earlier than 0:2.7.6-0.31.1 AND libxml2-python is earlier than 0:2.7.6-0.31.1 AND libxml2-32bit is earlier than 0:2.7.6-0.31.1 AND SUSE Linux Enterprise Server 11 release section SUSE Linux Enterprise Server 11.x is installed AND libxml2-doc is earlier than 0:2.7.6-0.31.1

Definition Id: oval:org.mitre.oval:def:28050

Oval ID:	oval:org.mitre.oval:def:28050
Title:	ELSA-2014-1885 -- libxml2 security update (moderate)
Description:	[2.6.26-2.1.25.0.1.el5_11] - Add libxml2-enterprise.patch - Replaced doc/redhat.gif in tarball with updated image [2.6.26-2.1.25.el5] - CVE-2014-3660 denial of service via recursive entity expansion (rhbz#1161841) [2.6.26-2.1.24.el5] - fixed one regexp bug and added a (rhbz#922450) - Another small change on the algorithm for the elimination of epsilon (rhbz#922450) [2.6.26-2.1.23.el5] - detect and stop excessive entities expansion upon replacement (rhbz#912573) [2.6.26-2.1.22.el5] - fix validation issues with some XSD (rhbz#877348) - xmlDOMWrapCloneNode discards namespace of the node parameter (rhbz#884707)
Family:	unix	Class:	patch
Reference(s):	ELSA-2014-1885 CVE-2014-3660	Version:	3
Platform(s):	Oracle Linux 5	Product(s):	libxml2
Definition Synopsis:
Oracle Linux 5.x Packages match section libxml2 is earlier than 0:2.6.26-2.1.25.0.1.el5_11 AND libxml2-devel is earlier than 0:2.6.26-2.1.25.0.1.el5_11 AND libxml2-python is earlier than 0:2.6.26-2.1.25.0.1.el5_11

CPE : Common Platform Enumeration

Type	Description	Count
Application	Apple Mac Os X cpe:2.3:a:apple:mac_os_x:10.5.6:::::::* cpe:2.3:a:apple:mac_os_x::::::::	2
Application	Xmlsoft libxml2 cpe:2.3:a:xmlsoft:libxml2:2.9.8:-:::::: cpe:2.3:a:xmlsoft:libxml2:2.9.5:rc1:::::: cpe:2.3:a:xmlsoft:libxml2:2.9.5:rc2:::::: cpe:2.3:a:xmlsoft:libxml2:2.9.5:-:::::: cpe:2.3:a:xmlsoft:libxml2:2.9.4:-:::::: cpe:2.3:a:xmlsoft:libxml2:2.9.4:rc1:::::: cpe:2.3:a:xmlsoft:libxml2:2.9.4:rc2:::::: cpe:2.3:a:xmlsoft:libxml2:2.9.3:::::::* cpe:2.3:a:xmlsoft:libxml2:2.9.2:-:::::: cpe:2.3:a:xmlsoft:libxml2:2.9.10:-:::::: cpe:2.3:a:xmlsoft:libxml2:2.9.1:::::::* cpe:2.3:a:xmlsoft:libxml2:2.9.0:rc1:::::: cpe:2.3:a:xmlsoft:libxml2:2.9.0:-:::::: cpe:2.3:a:xmlsoft:libxml2:2.8.0:-:::::: cpe:2.3:a:xmlsoft:libxml2:2.7.8:::::::* cpe:2.3:a:xmlsoft:libxml2:2.7.7:::::::* cpe:2.3:a:xmlsoft:libxml2:2.7.6:::::::* cpe:2.3:a:xmlsoft:libxml2:2.7.5:::::::* cpe:2.3:a:xmlsoft:libxml2:2.7.4:::::::* cpe:2.3:a:xmlsoft:libxml2:2.7.3:::::::* cpe:2.3:a:xmlsoft:libxml2:2.7.2:::::::* cpe:2.3:a:xmlsoft:libxml2:2.7.1:::::::* cpe:2.3:a:xmlsoft:libxml2:2.7.0:::::::* cpe:2.3:a:xmlsoft:libxml2:2.6.9:::::::* cpe:2.3:a:xmlsoft:libxml2:2.6.8:::::::* cpe:2.3:a:xmlsoft:libxml2:2.6.7:::::::* cpe:2.3:a:xmlsoft:libxml2:2.6.6:::::::* cpe:2.3:a:xmlsoft:libxml2:2.6.5:::::::* cpe:2.3:a:xmlsoft:libxml2:2.6.4:::::::* cpe:2.3:a:xmlsoft:libxml2:2.6.32:::::::* cpe:2.3:a:xmlsoft:libxml2:2.6.31:::::::* cpe:2.3:a:xmlsoft:libxml2:2.6.30:::::::* cpe:2.3:a:xmlsoft:libxml2:2.6.3:::::::* cpe:2.3:a:xmlsoft:libxml2:2.6.29:::::::* cpe:2.3:a:xmlsoft:libxml2:2.6.28:::::::* cpe:2.3:a:xmlsoft:libxml2:2.6.27:::::::* cpe:2.3:a:xmlsoft:libxml2:2.6.26:::::::* cpe:2.3:a:xmlsoft:libxml2:2.6.25:::::::* cpe:2.3:a:xmlsoft:libxml2:2.6.24:::::::* cpe:2.3:a:xmlsoft:libxml2:2.6.23:::::::* cpe:2.3:a:xmlsoft:libxml2:2.6.22:::::::* cpe:2.3:a:xmlsoft:libxml2:2.6.21:::::::* cpe:2.3:a:xmlsoft:libxml2:2.6.20:::::::* cpe:2.3:a:xmlsoft:libxml2:2.6.2:::::::* cpe:2.3:a:xmlsoft:libxml2:2.6.19:::::::* cpe:2.3:a:xmlsoft:libxml2:2.6.18:::::::* cpe:2.3:a:xmlsoft:libxml2:2.6.17:::::::* cpe:2.3:a:xmlsoft:libxml2:2.6.16:::::::* cpe:2.3:a:xmlsoft:libxml2:2.6.15:::::::* cpe:2.3:a:xmlsoft:libxml2:2.6.14:::::::* cpe:2.3:a:xmlsoft:libxml2:2.6.13:::::::* cpe:2.3:a:xmlsoft:libxml2:2.6.12:::::::* cpe:2.3:a:xmlsoft:libxml2:2.6.11:::::::* cpe:2.3:a:xmlsoft:libxml2:2.6.10:::::::* cpe:2.3:a:xmlsoft:libxml2:2.6.1:::::::* cpe:2.3:a:xmlsoft:libxml2:2.6.0:::::::* cpe:2.3:a:xmlsoft:libxml2:2.5.9:::::::* cpe:2.3:a:xmlsoft:libxml2:2.5.8:::::::* cpe:2.3:a:xmlsoft:libxml2:2.5.7:::::::* cpe:2.3:a:xmlsoft:libxml2:2.5.6:::::::* cpe:2.3:a:xmlsoft:libxml2:2.5.5:::::::* cpe:2.3:a:xmlsoft:libxml2:2.5.4:::::::* cpe:2.3:a:xmlsoft:libxml2:2.5.3:::::::* cpe:2.3:a:xmlsoft:libxml2:2.5.2:::::::* cpe:2.3:a:xmlsoft:libxml2:2.5.11:::::::* cpe:2.3:a:xmlsoft:libxml2:2.5.10:::::::* cpe:2.3:a:xmlsoft:libxml2:2.5.1:::::::* cpe:2.3:a:xmlsoft:libxml2:2.5.0:::::::* cpe:2.3:a:xmlsoft:libxml2:2.4.9:::::::* cpe:2.3:a:xmlsoft:libxml2:2.4.8:::::::* cpe:2.3:a:xmlsoft:libxml2:2.4.7:::::::* cpe:2.3:a:xmlsoft:libxml2:2.4.6:::::::* cpe:2.3:a:xmlsoft:libxml2:2.4.5:::::::* cpe:2.3:a:xmlsoft:libxml2:2.4.4:::::::* cpe:2.3:a:xmlsoft:libxml2:2.4.30:::::::* cpe:2.3:a:xmlsoft:libxml2:2.4.3:::::::* cpe:2.3:a:xmlsoft:libxml2:2.4.29:::::::* cpe:2.3:a:xmlsoft:libxml2:2.4.28:::::::* cpe:2.3:a:xmlsoft:libxml2:2.4.27:::::::* cpe:2.3:a:xmlsoft:libxml2:2.4.26:::::::* cpe:2.3:a:xmlsoft:libxml2:2.4.25:::::::* cpe:2.3:a:xmlsoft:libxml2:2.4.24:::::::* cpe:2.3:a:xmlsoft:libxml2:2.4.23:::::::* cpe:2.3:a:xmlsoft:libxml2:2.4.22:::::::* cpe:2.3:a:xmlsoft:libxml2:2.4.21:::::::* cpe:2.3:a:xmlsoft:libxml2:2.4.20:::::::* cpe:2.3:a:xmlsoft:libxml2:2.4.2:::::::* cpe:2.3:a:xmlsoft:libxml2:2.4.19:::::::* cpe:2.3:a:xmlsoft:libxml2:2.4.18:::::::* cpe:2.3:a:xmlsoft:libxml2:2.4.17:::::::* cpe:2.3:a:xmlsoft:libxml2:2.4.16:::::::* cpe:2.3:a:xmlsoft:libxml2:2.4.15:::::::* cpe:2.3:a:xmlsoft:libxml2:2.4.14:::::::* cpe:2.3:a:xmlsoft:libxml2:2.4.13:::::::* cpe:2.3:a:xmlsoft:libxml2:2.4.12:::::::* cpe:2.3:a:xmlsoft:libxml2:2.4.11:::::::* cpe:2.3:a:xmlsoft:libxml2:2.4.10:::::::* cpe:2.3:a:xmlsoft:libxml2:2.4.1:::::::* cpe:2.3:a:xmlsoft:libxml2:2.3.9:::::::* cpe:2.3:a:xmlsoft:libxml2:2.3.8:::::::* cpe:2.3:a:xmlsoft:libxml2:2.3.7:::::::* cpe:2.3:a:xmlsoft:libxml2:2.3.6:::::::* cpe:2.3:a:xmlsoft:libxml2:2.3.5:::::::* cpe:2.3:a:xmlsoft:libxml2:2.3.4:::::::* cpe:2.3:a:xmlsoft:libxml2:2.3.3:::::::* cpe:2.3:a:xmlsoft:libxml2:2.3.2:::::::* cpe:2.3:a:xmlsoft:libxml2:2.3.14:::::::* cpe:2.3:a:xmlsoft:libxml2:2.3.13:::::::* cpe:2.3:a:xmlsoft:libxml2:2.3.12:::::::* cpe:2.3:a:xmlsoft:libxml2:2.3.11:::::::* cpe:2.3:a:xmlsoft:libxml2:2.3.10:::::::* cpe:2.3:a:xmlsoft:libxml2:2.3.1:::::::* cpe:2.3:a:xmlsoft:libxml2:2.3.0:::::::* cpe:2.3:a:xmlsoft:libxml2:2.2.9:::::::* cpe:2.3:a:xmlsoft:libxml2:2.2.8:::::::* cpe:2.3:a:xmlsoft:libxml2:2.2.7:::::::* cpe:2.3:a:xmlsoft:libxml2:2.2.6:::::::* cpe:2.3:a:xmlsoft:libxml2:2.2.5:::::::* cpe:2.3:a:xmlsoft:libxml2:2.2.4:::::::* cpe:2.3:a:xmlsoft:libxml2:2.2.3:::::::* cpe:2.3:a:xmlsoft:libxml2:2.2.2:::::::* cpe:2.3:a:xmlsoft:libxml2:2.2.11:::::::* cpe:2.3:a:xmlsoft:libxml2:2.2.10:::::::* cpe:2.3:a:xmlsoft:libxml2:2.2.1:::::::* cpe:2.3:a:xmlsoft:libxml2:2.2.0:beta:::::: cpe:2.3:a:xmlsoft:libxml2:2.2.0:::::::* cpe:2.3:a:xmlsoft:libxml2:2.1.1:::::::* cpe:2.3:a:xmlsoft:libxml2:2.1.0:::::::* cpe:2.3:a:xmlsoft:libxml2:2.0.0:::::::* cpe:2.3:a:xmlsoft:libxml2:1.8.9:::::::* cpe:2.3:a:xmlsoft:libxml2:1.8.7:::::::* cpe:2.3:a:xmlsoft:libxml2:1.8.6:::::::* cpe:2.3:a:xmlsoft:libxml2:1.8.5:::::::* cpe:2.3:a:xmlsoft:libxml2:1.8.4:::::::* cpe:2.3:a:xmlsoft:libxml2:1.8.3:::::::* cpe:2.3:a:xmlsoft:libxml2:1.8.2:::::::* cpe:2.3:a:xmlsoft:libxml2:1.8.16:::::::* cpe:2.3:a:xmlsoft:libxml2:1.8.14:::::::* cpe:2.3:a:xmlsoft:libxml2:1.8.13:::::::* cpe:2.3:a:xmlsoft:libxml2:1.8.10:::::::* cpe:2.3:a:xmlsoft:libxml2:1.8.1:::::::* cpe:2.3:a:xmlsoft:libxml2:1.8.0:::::::* cpe:2.3:a:xmlsoft:libxml2:1.7.4:::::::* cpe:2.3:a:xmlsoft:libxml2:1.7.3:::::::* cpe:2.3:a:xmlsoft:libxml2:1.7.2:::::::* cpe:2.3:a:xmlsoft:libxml2:1.7.1:::::::* cpe:2.3:a:xmlsoft:libxml2:1.7.0:::::::* cpe:2.3:a:xmlsoft:libxml2:::::::: cpe:2.3:a:xmlsoft:libxml2:-:::::::*	149
Os	Apple Mac Os X cpe:2.3:o:apple:mac_os_x:10.9.5:::::::* cpe:2.3:o:apple:mac_os_x:10.9.4:::::::* cpe:2.3:o:apple:mac_os_x:10.9.3:::::::* cpe:2.3:o:apple:mac_os_x:10.9.2:::::::* cpe:2.3:o:apple:mac_os_x:10.9.1:::::::* cpe:2.3:o:apple:mac_os_x:10.9:::::::* cpe:2.3:o:apple:mac_os_x:10.8.5:::::::* cpe:2.3:o:apple:mac_os_x:10.8.5:supplemental_update:::::: cpe:2.3:o:apple:mac_os_x:10.8.4:::::::* cpe:2.3:o:apple:mac_os_x:10.8.3:::::::* cpe:2.3:o:apple:mac_os_x:10.8.2:::::::* cpe:2.3:o:apple:mac_os_x:10.8.1:::::::* cpe:2.3:o:apple:mac_os_x:10.8.0:::::::* cpe:2.3:o:apple:mac_os_x:10.7.5:::::::* cpe:2.3:o:apple:mac_os_x:10.7.4:::::::* cpe:2.3:o:apple:mac_os_x:10.7.3:::::::* cpe:2.3:o:apple:mac_os_x:10.7.2:::::::* cpe:2.3:o:apple:mac_os_x:10.7.1:::::::* cpe:2.3:o:apple:mac_os_x:10.7.0:::::::* cpe:2.3:o:apple:mac_os_x:10.6.9:::::::* cpe:2.3:o:apple:mac_os_x:10.6.8:::::::* cpe:2.3:o:apple:mac_os_x:10.6.7:::::::* cpe:2.3:o:apple:mac_os_x:10.6.6:::::::* cpe:2.3:o:apple:mac_os_x:10.6.5:::::::* cpe:2.3:o:apple:mac_os_x:10.6.4:::::::* cpe:2.3:o:apple:mac_os_x:10.6.3:::::::* cpe:2.3:o:apple:mac_os_x:10.6.2:::::::* cpe:2.3:o:apple:mac_os_x:10.6.1:::::::* cpe:2.3:o:apple:mac_os_x:10.6.1::server::::: cpe:2.3:o:apple:mac_os_x:10.6.0:::::::* cpe:2.3:o:apple:mac_os_x:10.6:::::::* cpe:2.3:o:apple:mac_os_x:10.6:server:::::: cpe:2.3:o:apple:mac_os_x:10.5.8:::::::* cpe:2.3:o:apple:mac_os_x:10.5.8::server::::: cpe:2.3:o:apple:mac_os_x:10.5.7:::::::* cpe:2.3:o:apple:mac_os_x:10.5.6:::::::* cpe:2.3:o:apple:mac_os_x:10.5.5:::::::* cpe:2.3:o:apple:mac_os_x:10.5.4:::::::* cpe:2.3:o:apple:mac_os_x:10.5.3:::::::* cpe:2.3:o:apple:mac_os_x:10.5.2:::::::* cpe:2.3:o:apple:mac_os_x:10.5.2:2008-002:::::: cpe:2.3:o:apple:mac_os_x:10.5.1:::::::* cpe:2.3:o:apple:mac_os_x:10.5.0:::::::* cpe:2.3:o:apple:mac_os_x:10.5:::::::* cpe:2.3:o:apple:mac_os_x:10.4.9:::::::* cpe:2.3:o:apple:mac_os_x:10.4.8:::::::* cpe:2.3:o:apple:mac_os_x:10.4.8::macbook::::: cpe:2.3:o:apple:mac_os_x:10.4.8::mac_mini::::: cpe:2.3:o:apple:mac_os_x:10.4.8::macbook_pro::::: cpe:2.3:o:apple:mac_os_x:10.4.7:::::::* cpe:2.3:o:apple:mac_os_x:10.4.6:::::::* cpe:2.3:o:apple:mac_os_x:10.4.5:::::::* cpe:2.3:o:apple:mac_os_x:10.4.4:::::::* cpe:2.3:o:apple:mac_os_x:10.4.3:::::::* cpe:2.3:o:apple:mac_os_x:10.4.2:::::::* cpe:2.3:o:apple:mac_os_x:10.4.11:::::::* cpe:2.3:o:apple:mac_os_x:10.4.10:::::::* cpe:2.3:o:apple:mac_os_x:10.4.1:::::::* cpe:2.3:o:apple:mac_os_x:10.4.0:::::::* cpe:2.3:o:apple:mac_os_x:10.4.:::::::* cpe:2.3:o:apple:mac_os_x:10.4:::::::* cpe:2.3:o:apple:mac_os_x:10.3.9:::::::* cpe:2.3:o:apple:mac_os_x:10.3.8:::::::* cpe:2.3:o:apple:mac_os_x:10.3.7:::::::* cpe:2.3:o:apple:mac_os_x:10.3.6:::::::* cpe:2.3:o:apple:mac_os_x:10.3.5:::::::* cpe:2.3:o:apple:mac_os_x:10.3.4:::::::* cpe:2.3:o:apple:mac_os_x:10.3.3:::::::* cpe:2.3:o:apple:mac_os_x:10.3.2:::::::* cpe:2.3:o:apple:mac_os_x:10.3.1:::::::* cpe:2.3:o:apple:mac_os_x:10.3.0:::::::* cpe:2.3:o:apple:mac_os_x:10.3:::::::* cpe:2.3:o:apple:mac_os_x:10.2.8:::::::* cpe:2.3:o:apple:mac_os_x:10.2.7:::::::* cpe:2.3:o:apple:mac_os_x:10.2.6:::::::* cpe:2.3:o:apple:mac_os_x:10.2.5:::::::* cpe:2.3:o:apple:mac_os_x:10.2.4:::::::* cpe:2.3:o:apple:mac_os_x:10.2.3:::::::* cpe:2.3:o:apple:mac_os_x:10.2.2:::::::* cpe:2.3:o:apple:mac_os_x:10.2.1:::::::* cpe:2.3:o:apple:mac_os_x:10.2.0:::::::* cpe:2.3:o:apple:mac_os_x:10.2:::::::* cpe:2.3:o:apple:mac_os_x:10.10.4:::::::* cpe:2.3:o:apple:mac_os_x:10.10.3:::::::* cpe:2.3:o:apple:mac_os_x:10.10.2:::::::* cpe:2.3:o:apple:mac_os_x:10.10.1:::::::* cpe:2.3:o:apple:mac_os_x:10.10.0:::::::* cpe:2.3:o:apple:mac_os_x:10.1.5:::::::* cpe:2.3:o:apple:mac_os_x:10.1.4:::::::* cpe:2.3:o:apple:mac_os_x:10.1.3:::::::* cpe:2.3:o:apple:mac_os_x:10.1.2:::::::* cpe:2.3:o:apple:mac_os_x:10.1.1:::::::* cpe:2.3:o:apple:mac_os_x:10.1.0:::::::* cpe:2.3:o:apple:mac_os_x:10.1:::::::* cpe:2.3:o:apple:mac_os_x:10.0.4:::::::* cpe:2.3:o:apple:mac_os_x:10.0.3:::::::* cpe:2.3:o:apple:mac_os_x:10.0.2:::::::* cpe:2.3:o:apple:mac_os_x:10.0.1:::::::* cpe:2.3:o:apple:mac_os_x:10.0.0:::::::* cpe:2.3:o:apple:mac_os_x:10.0:::::::* cpe:2.3:o:apple:mac_os_x:::::::: cpe:2.3:o:apple:mac_os_x:-:::::::*	102
Os	Canonical Ubuntu Linux cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts::: cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts::: cpe:2.3:o:canonical:ubuntu_linux:10.04::::lts:::	3
Os	Debian Debian Linux cpe:2.3:o:debian:debian_linux:7.0:::::::*	1
Os	Redhat Enterprise Linux cpe:2.3:o:redhat:enterprise_linux:5.0:::::::*	1

Information Assurance Vulnerability Management (IAVM)

Date	Description
2015-08-20	IAVM : 2015-A-0199 - Multiple Vulnerabilities in Apple Mac OS X Severity : Category I - VMSKEY : V0061337
2015-02-05	IAVM : 2015-B-0014 - Multiple Vulnerabilities in VMware ESXi 5.5 Severity : Category I - VMSKEY : V0058513
2015-02-05	IAVM : 2015-B-0013 - Multiple Vulnerabilities in VMware ESXi 5.1 Severity : Category I - VMSKEY : V0058515
2015-02-05	IAVM : 2015-B-0012 - Multiple Vulnerabilities in VMware ESXi 5.0 Severity : Category I - VMSKEY : V0058517
2015-02-05	IAVM : 2015-A-0029 - Multiple Vulnerabilities in VMware Fusion Severity : Category I - VMSKEY : V0058535

Nessus® Vulnerability Scanner

Date	Description
2016-06-22	Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2016-0063.nasl - Type : ACT_GATHER_INFO
2016-04-04	Name : The remote device is affected by multiple vulnerabilities. File : appletv_7_2_1.nasl - Type : ACT_GATHER_INFO
2016-02-16	Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL61570943.nasl - Type : ACT_GATHER_INFO
2015-12-29	Name : The remote openSUSE host is missing a security update. File : openSUSE-2015-959.nasl - Type : ACT_GATHER_INFO
2015-08-17	Name : The remote host is missing a Mac OS X update that fixes multiple security vul... File : macosx_SecUpd2015-006.nasl - Type : ACT_GATHER_INFO
2015-08-17	Name : The remote host is missing a Mac OS X update that fixes multiple security vul... File : macosx_10_10_5.nasl - Type : ACT_GATHER_INFO
2015-07-31	Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2015-0097.nasl - Type : ACT_GATHER_INFO
2015-05-27	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-0003-1.nasl - Type : ACT_GATHER_INFO
2015-04-13	Name : The remote Fedora host is missing a security update. File : fedora_2015-4719.nasl - Type : ACT_GATHER_INFO
2015-04-08	Name : The remote Fedora host is missing a security update. File : fedora_2015-4658.nasl - Type : ACT_GATHER_INFO
2015-03-30	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2015-111.nasl - Type : ACT_GATHER_INFO
2015-03-26	Name : The remote Debian host is missing a security update. File : debian_DLA-80.nasl - Type : ACT_GATHER_INFO
2015-03-26	Name : The remote Debian host is missing a security update. File : debian_DLA-151.nasl - Type : ACT_GATHER_INFO
2015-02-05	Name : The remote host has a virtualization application installed that is affected b... File : vmware_workstation_multiple_vmsa_2015_0001.nasl - Type : ACT_GATHER_INFO
2015-02-05	Name : The remote host contains a virtualization application that is affected by mul... File : vmware_workstation_linux_vmsa_2015_0001.nasl - Type : ACT_GATHER_INFO
2015-02-05	Name : The remote host contains software that is affected by multiple vulnerabilities. File : vmware_player_multiple_vmsa_2015-0001.nasl - Type : ACT_GATHER_INFO
2015-02-05	Name : The remote host contains software that is affected by multiple vulnerabilities. File : vmware_player_linux_vmsa_2015_0001.nasl - Type : ACT_GATHER_INFO
2015-02-05	Name : The remote host contains a virtualization application that is affected by mul... File : macosx_fusion_vmsa_2015_0001.nasl - Type : ACT_GATHER_INFO
2015-02-03	Name : The remote host has a virtualization management application installed that is... File : vmware_vcenter_vmsa-2015-0001.nasl - Type : ACT_GATHER_INFO
2015-01-29	Name : The remote VMware ESXi 5.5 host is affected by multiple vulnerabilities. File : vmware_esxi_5_5_build_2352327_remote.nasl - Type : ACT_GATHER_INFO
2015-01-29	Name : The remote VMware ESXi 5.1 host is affected by multiple vulnerabilities. File : vmware_esxi_5_1_build_1743201_remote.nasl - Type : ACT_GATHER_INFO
2015-01-29	Name : The remote VMware ESXi 5.0 host is affected by multiple vulnerabilities. File : vmware_esxi_5_0_build_1749766_remote.nasl - Type : ACT_GATHER_INFO
2015-01-29	Name : The remote VMware ESXi host is missing one or more security-related patches. File : vmware_VMSA-2015-0001.nasl - Type : ACT_GATHER_INFO
2015-01-07	Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2015-0001.nasl - Type : ACT_GATHER_INFO
2014-12-15	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2014-244.nasl - Type : ACT_GATHER_INFO
2014-12-15	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201412-06.nasl - Type : ACT_GATHER_INFO
2014-12-05	Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL15872.nasl - Type : ACT_GATHER_INFO
2014-11-26	Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2014-0031.nasl - Type : ACT_GATHER_INFO
2014-11-24	Name : The remote Fedora host is missing a security update. File : fedora_2014-13047.nasl - Type : ACT_GATHER_INFO
2014-11-21	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20141120_libxml2_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2014-11-21	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1885.nasl - Type : ACT_GATHER_INFO
2014-11-21	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-1885.nasl - Type : ACT_GATHER_INFO
2014-11-21	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-1885.nasl - Type : ACT_GATHER_INFO
2014-11-18	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2014-444.nasl - Type : ACT_GATHER_INFO
2014-11-18	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libxml2-141020.nasl - Type : ACT_GATHER_INFO
2014-11-03	Name : The remote Fedora host is missing a security update. File : fedora_2014-12915.nasl - Type : ACT_GATHER_INFO
2014-10-30	Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-606.nasl - Type : ACT_GATHER_INFO
2014-10-28	Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2389-1.nasl - Type : ACT_GATHER_INFO
2014-10-28	Name : The remote Debian host is missing a security-related update. File : debian_DSA-3057.nasl - Type : ACT_GATHER_INFO
2014-10-24	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2014-204.nasl - Type : ACT_GATHER_INFO
2014-10-23	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20141016_libxml2_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2014-10-22	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-1655.nasl - Type : ACT_GATHER_INFO
2014-10-20	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_0642b06456c411e48b87bcaec565249c.nasl - Type : ACT_GATHER_INFO
2014-10-20	Name : The remote Fedora host is missing a security update. File : fedora_2014-12995.nasl - Type : ACT_GATHER_INFO
2014-10-17	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1655.nasl - Type : ACT_GATHER_INFO
2014-10-17	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-1655.nasl - Type : ACT_GATHER_INFO
2014-07-15	Name : The remote Debian host is missing a security-related update. File : debian_DSA-2978.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source	Url
APPLE	http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html
BID	http://www.securityfocus.com/bid/70644
CONFIRM	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.... https://bugzilla.redhat.com/show_bug.cgi?id=1149084 https://support.apple.com/kb/HT205030 https://support.apple.com/kb/HT205031
DEBIAN	http://www.debian.org/security/2014/dsa-3057
MANDRIVA	http://www.mandriva.com/security/advisories?name=MDVSA-2014:244
MISC	https://bugzilla.redhat.com/attachment.cgi?id=944444&action=diff https://www.ncsc.nl/actueel/nieuwsberichten/kwetsbaarheid-ontdekt-in-libxml2....
MLIST	http://www.openwall.com/lists/oss-security/2014/10/17/7
REDHAT	http://rhn.redhat.com/errata/RHSA-2014-1655.html http://rhn.redhat.com/errata/RHSA-2014-1885.html
SECUNIA	http://secunia.com/advisories/59903 http://secunia.com/advisories/61965 http://secunia.com/advisories/61966 http://secunia.com/advisories/61991
SUSE	http://lists.opensuse.org/opensuse-updates/2014-10/msg00034.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html
UBUNTU	http://www.ubuntu.com/usn/USN-2389-1

Alert History

If you want to see full details history, please login or register.

Date	Informations
2024-02-02 01:27:40	Multiple Updates
2024-02-01 12:08:13	Multiple Updates
2023-09-05 12:26:13	Multiple Updates
2023-09-05 01:08:07	Multiple Updates
2023-09-02 12:26:13	Multiple Updates
2023-09-02 01:08:14	Multiple Updates
2023-08-12 12:28:33	Multiple Updates
2023-08-12 01:07:44	Multiple Updates
2023-08-11 12:24:21	Multiple Updates
2023-08-11 01:07:55	Multiple Updates
2023-08-06 12:23:39	Multiple Updates
2023-08-06 01:07:42	Multiple Updates
2023-08-04 12:23:43	Multiple Updates
2023-08-04 01:07:47	Multiple Updates
2023-07-14 12:23:42	Multiple Updates
2023-07-14 01:07:45	Multiple Updates
2023-03-29 01:25:33	Multiple Updates
2023-03-28 12:08:06	Multiple Updates
2022-10-11 12:21:24	Multiple Updates
2022-10-11 01:07:54	Multiple Updates
2021-05-04 12:33:07	Multiple Updates
2021-04-22 01:39:31	Multiple Updates
2020-05-24 01:13:58	Multiple Updates
2020-05-23 01:52:14	Multiple Updates
2020-05-23 00:41:10	Multiple Updates
2019-07-03 01:05:59	Multiple Updates
2017-07-20 13:24:59	Multiple Updates
2016-12-08 09:23:31	Multiple Updates
2016-12-07 09:24:12	Multiple Updates
2016-10-26 09:22:42	Multiple Updates
2016-09-09 09:23:18	Multiple Updates
2016-09-01 01:02:20	Multiple Updates
2016-06-28 22:52:08	Multiple Updates
2016-06-23 13:29:27	Multiple Updates
2016-05-06 09:28:53	Multiple Updates
2016-04-05 13:25:36	Multiple Updates
2016-03-31 05:24:23	Multiple Updates
2015-12-30 13:25:37	Multiple Updates
2015-12-05 13:26:36	Multiple Updates
2015-10-18 17:22:38	Multiple Updates
2015-08-19 00:23:32	Multiple Updates
2015-08-18 13:34:51	Multiple Updates
2015-08-18 09:19:35	Multiple Updates
2015-08-12 13:32:57	Multiple Updates
2015-07-31 13:28:39	Multiple Updates
2015-05-28 13:27:50	Multiple Updates
2015-04-14 13:28:43	Multiple Updates
2015-04-09 13:29:02	Multiple Updates
2015-04-02 13:27:41	Multiple Updates
2015-03-31 13:28:35	Multiple Updates
2015-03-27 13:28:17	Multiple Updates
2015-03-24 09:27:46	Multiple Updates
2015-01-30 13:24:17	Multiple Updates
2015-01-03 09:23:38	Multiple Updates
2014-12-24 09:23:27	Multiple Updates
2014-12-16 13:25:19	Multiple Updates
2014-12-06 13:27:02	Multiple Updates
2014-12-03 09:26:59	Multiple Updates
2014-11-27 13:28:32	Multiple Updates
2014-11-26 13:28:16	Multiple Updates
2014-11-22 13:23:57	Multiple Updates
2014-11-21 21:24:04	Multiple Updates
2014-11-19 13:25:10	Multiple Updates
2014-11-14 13:28:10	Multiple Updates
2014-11-05 21:25:10	Multiple Updates
2014-11-04 21:24:52	First insertion

Global Informations

Type	Count
Oval ID(s)	7
CPE ID(s)	258
Sources(s)	23
IAVM(s)	5
Nessus® Exploit(s)	47

	Related
7.1	VMSA-2015-0001
6.5	MDVSA-2014:244
5	RHSA-2014:1885
5	RHSA-2014:1655
5	MDVSA-2015:111
5	GLSA-201412-06
5	DSA-3057
5	DSA-2978
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 8 more Alert(s)

5 - CVE-2014-3660

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

OVAL Definitions

CPE : Common Platform Enumeration

Information Assurance Vulnerability Management (IAVM)

Nessus® Vulnerability Scanner

Sources (Detail)

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU