7.8 - CVE-2014-8500

Executive Summary

Informations
Name	CVE-2014-8500	First vendor Publication	2014-12-10
Vendor	Cve	Last vendor Modification	2024-11-21

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C)
Cvss Base Score	7.8	Attack Range	Network
Cvss Impact Score	6.9	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

ISC BIND 9.0.x through 9.8.x, 9.9.0 through 9.9.6, and 9.10.0 through 9.10.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory consumption and named crash) via a large or infinite number of referrals.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8500

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-399	Resource Management Errors

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:27828

Oval ID:	oval:org.mitre.oval:def:27828
Title:	USN-2437-1 -- Bind vulnerability
Description:	Florian Maury discovered that Bind incorrectly handled delegation. A remote attacker could possibly use this issue to cause Bind to consume resources and crash, resulting in a denial of service.
Family:	unix	Class:	patch
Reference(s):	USN-2437-1 CVE-2014-8500	Version:	3
Platform(s):	Ubuntu 14.10 Ubuntu 14.04 Ubuntu 12.04 Ubuntu 10.04	Product(s):	bind9
Definition Synopsis:
Ubuntu 14.10 release section Ubuntu 14.10 is installed AND bind9 is earlier than 1:9.9.5.dfsg-4.3ubuntu0.1 AND Ubuntu 14.04 release section Ubuntu 14.04 is installed AND bind9 is earlier than 1:9.9.5.dfsg-3ubuntu0.1 AND Ubuntu 12.04 release section Ubuntu 12.04 is installed AND bind9 is earlier than 1:9.8.1.dfsg.P1-4ubuntu0.9 AND Ubuntu 10.04 release section Ubuntu 10.04 is installed AND bind9 is earlier than 1:9.7.0.dfsg.P1-1ubuntu0.12

Definition Id: oval:org.mitre.oval:def:28079

Oval ID:	oval:org.mitre.oval:def:28079
Title:	ELSA-2014-1985 -- bind97 security update (important)
Description:	[32:9.7.0-21.P2.1] - Fix CVE-2014-8500 (#1171972)
Family:	unix	Class:	patch
Reference(s):	ELSA-2014-1985 CVE-2014-8500	Version:	4
Platform(s):	Oracle Linux 5	Product(s):	bind97
Definition Synopsis:
Oracle Linux 5.x Packages match section bind97 is earlier than 32:9.7.0-21.P2.el5_11.1 AND bind97-chroot is earlier than 32:9.7.0-21.P2.el5_11.1 AND bind97-devel is earlier than 32:9.7.0-21.P2.el5_11.1 AND bind97-libs is earlier than 32:9.7.0-21.P2.el5_11.1 AND bind97-utils is earlier than 32:9.7.0-21.P2.el5_11.1

Definition Id: oval:org.mitre.oval:def:28292

Oval ID:	oval:org.mitre.oval:def:28292
Title:	DSA-3094-1 -- bind9 security update
Description:	It was discovered that BIND, a DNS server, is prone to a denial of service vulnerability.
Family:	unix	Class:	patch
Reference(s):	DSA-3094-1 CVE-2014-8500	Version:	3
Platform(s):	Debian GNU/Linux 7.0 Debian GNU/kFreeBSD 7.0	Product(s):	bind9
Definition Synopsis:
Debian 7 is installed GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND bind9 is earlier than 1:9.8.4.dfsg.P1-6+nmu2+deb7u3

Definition Id: oval:org.mitre.oval:def:28311

Oval ID:	oval:org.mitre.oval:def:28311
Title:	HP-UX Running BIND Remote Denial of Service (DoS)
Description:	ISC BIND 9.0.x through 9.8.x, 9.9.0 through 9.9.6, and 9.10.0 through 9.10.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory consumption and named crash) via a large or infinite number of referrals.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-8500	Version:	7
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
HP-UX B.11.31 AND filesets test NameService.BIND-AUX version is less than C.9.7.3.6.0 AND NameService.BIND-RUN version is less than C.9.7.3.6.0

Definition Id: oval:org.mitre.oval:def:28485

Oval ID:	oval:org.mitre.oval:def:28485
Title:	ELSA-2014-1984 -- bind security update (important)
Description:	[32:9.9.4-14.0.1.el7_0.1] - Rebuild to fix libmysqlclient dependency [32:9.9.4-14.1] - Fix CVE-2014-8500 (#1171975)
Family:	unix	Class:	patch
Reference(s):	ELSA-2014-1984 CVE-2014-8500	Version:	4
Platform(s):	Oracle Linux 5 Oracle Linux 6 Oracle Linux 7	Product(s):	bind
Definition Synopsis:
Oracle Linux 5 release section Oracle Linux 5.x Packages match section bind is earlier than 30:9.3.6-25.P1.el5_11.2 AND bind-chroot is earlier than 30:9.3.6-25.P1.el5_11.2 AND bind-devel is earlier than 30:9.3.6-25.P1.el5_11.2 AND bind-libbind-devel is earlier than 30:9.3.6-25.P1.el5_11.2 AND bind-libs is earlier than 30:9.3.6-25.P1.el5_11.2 AND bind-sdb is earlier than 30:9.3.6-25.P1.el5_11.2 AND bind-utils is earlier than 30:9.3.6-25.P1.el5_11.2 AND caching-nameserver is earlier than 30:9.3.6-25.P1.el5_11.2 AND Oracle Linux 6 release section Oracle Linux 6.x Packages match section bind is earlier than 32:9.8.2-0.30.rc1.el6_6.1 AND bind-chroot is earlier than 32:9.8.2-0.30.rc1.el6_6.1 AND bind-devel is earlier than 32:9.8.2-0.30.rc1.el6_6.1 AND bind-libs is earlier than 32:9.8.2-0.30.rc1.el6_6.1 AND bind-sdb is earlier than 32:9.8.2-0.30.rc1.el6_6.1 AND bind-utils is earlier than 32:9.8.2-0.30.rc1.el6_6.1 AND Oracle Linux 7 release section Oracle Linux 7.x Packages match section bind is earlier than 32:9.9.4-14.0.1.el7_0.1 AND bind-chroot is earlier than 32:9.9.4-14.0.1.el7_0.1 AND bind-devel is earlier than 32:9.9.4-14.0.1.el7_0.1 AND bind-libs is earlier than 32:9.9.4-14.0.1.el7_0.1 AND bind-libs-lite is earlier than 32:9.9.4-14.0.1.el7_0.1 AND bind-license is earlier than 32:9.9.4-14.0.1.el7_0.1 AND bind-lite-devel is earlier than 32:9.9.4-14.0.1.el7_0.1 AND bind-sdb is earlier than 32:9.9.4-14.0.1.el7_0.1 AND bind-sdb-chroot is earlier than 32:9.9.4-14.0.1.el7_0.1 AND bind-utils is earlier than 32:9.9.4-14.0.1.el7_0.1

Definition Id: oval:org.mitre.oval:def:28498

Oval ID:	oval:org.mitre.oval:def:28498
Title:	RHSA-2014:1985 -- bind97 security update (Important)
Description:	The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND followed DNS delegations. A remote attacker could use a specially crafted zone containing a large number of referrals which, when looked up and processed, would cause named to use excessive amounts of memory or crash. (CVE-2014-8500) All bind97 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically.
Family:	unix	Class:	patch
Reference(s):	RHSA-2014:1985 CESA-2014:1985 CVE-2014-8500	Version:	5
Platform(s):	Red Hat Enterprise Linux 5 CentOS Linux 5	Product(s):	bind97
Definition Synopsis:
The operating system installed on the system is Red Hat Enterprise Linux 5 Packages match section bind97 is earlier than 32:9.7.0-21.P2.el5_11.1 AND bind97-chroot is earlier than 32:9.7.0-21.P2.el5_11.1 AND bind97-debuginfo is earlier than 32:9.7.0-21.P2.el5_11.1 AND bind97-devel is earlier than 32:9.7.0-21.P2.el5_11.1 AND bind97-libs is earlier than 32:9.7.0-21.P2.el5_11.1 AND bind97-utils is earlier than 32:9.7.0-21.P2.el5_11.1

Definition Id: oval:org.mitre.oval:def:28588

Oval ID:	oval:org.mitre.oval:def:28588
Title:	RHSA-2014:1984 -- bind security update (Important)
Description:	The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND followed DNS delegations. A remote attacker could use a specially crafted zone containing a large number of referrals which, when looked up and processed, would cause named to use excessive amounts of memory or crash. (CVE-2014-8500) All bind users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically.
Family:	unix	Class:	patch
Reference(s):	RHSA-2014:1984 CESA-2014:1984-CentOS 6 CESA-2014:1984-CentOS 7 CESA-2014:1984-CentOS 5 CVE-2014-8500	Version:	5
Platform(s):	Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 CentOS Linux 6 CentOS Linux 7 CentOS Linux 5	Product(s):	bind
Definition Synopsis:
Red Hat Enterprise Linux 5 release section The operating system installed on the system is Red Hat Enterprise Linux 5 Packages match section bind-chroot is earlier than 30:9.3.6-25.P1.el5_11.2 AND bind-debuginfo is earlier than 30:9.3.6-25.P1.el5_11.2 AND bind-devel is earlier than 30:9.3.6-25.P1.el5_11.2 AND bind-libbind-devel is earlier than 30:9.3.6-25.P1.el5_11.2 AND caching-nameserver is earlier than 30:9.3.6-25.P1.el5_11.2 AND bind is earlier than 30:9.3.6-25.P1.el5_11.2 AND bind-libs is earlier than 30:9.3.6-25.P1.el5_11.2 AND bind-sdb is earlier than 30:9.3.6-25.P1.el5_11.2 AND bind-utils is earlier than 30:9.3.6-25.P1.el5_11.2 AND Red Hat Enterprise Linux 6 and CentOS Linux 6 release section Operation system section The operating system installed on the system is Red Hat Enterprise Linux 6 AND The operating system installed on the system is CentOS Linux 6.x Packages match section bind is earlier than 32:9.8.2-0.30.rc1.el6_6.1 AND bind-chroot is earlier than 32:9.8.2-0.30.rc1.el6_6.1 AND bind-devel is earlier than 32:9.8.2-0.30.rc1.el6_6.1 AND bind-libs is earlier than 32:9.8.2-0.30.rc1.el6_6.1 AND bind-sdb is earlier than 32:9.8.2-0.30.rc1.el6_6.1 AND bind-utils is earlier than 32:9.8.2-0.30.rc1.el6_6.1 AND Red Hat Enterprise Linux 6 release section The operating system installed on the system is Red Hat Enterprise Linux 6 AND bind-debuginfo is earlier than 32:9.8.2-0.30.rc1.el6_6.1 AND Red Hat Enterprise Linux 7 and CentOS Linux 7 release section Operation system section The operating system installed on the system is Red Hat Enterprise Linux 7 AND The operating system installed on the system is CentOS Linux 7.x Packages match section bind is earlier than 32:9.9.4-14.el7_0.1 AND bind-chroot is earlier than 32:9.9.4-14.el7_0.1 AND bind-devel is earlier than 32:9.9.4-14.el7_0.1 AND bind-libs is earlier than 32:9.9.4-14.el7_0.1 AND bind-libs-lite is earlier than 32:9.9.4-14.el7_0.1 AND bind-license is earlier than 32:9.9.4-14.el7_0.1 AND bind-lite-devel is earlier than 32:9.9.4-14.el7_0.1 AND bind-sdb is earlier than 32:9.9.4-14.el7_0.1 AND bind-sdb-chroot is earlier than 32:9.9.4-14.el7_0.1 AND bind-utils is earlier than 32:9.9.4-14.el7_0.1 AND Red Hat Enterprise Linux 7 release section The operating system installed on the system is Red Hat Enterprise Linux 7 AND bind-debuginfo is earlier than 32:9.9.4-14.el7_0.1

CPE : Common Platform Enumeration

Type	Description	Count
Application	Isc Bind cpe:2.3:a:isc:bind:9.9.6:::::::* cpe:2.3:a:isc:bind:9.9.5:::::::* cpe:2.3:a:isc:bind:9.9.4:::::::* cpe:2.3:a:isc:bind:9.9.3:::::::* cpe:2.3:a:isc:bind:9.9.2:::::::* cpe:2.3:a:isc:bind:9.9.1:::::::* cpe:2.3:a:isc:bind:9.9.0:::::::* cpe:2.3:a:isc:bind:9.8.6:::::::* cpe:2.3:a:isc:bind:9.8.5::::-::: cpe:2.3:a:isc:bind:9.8.4::::-::: cpe:2.3:a:isc:bind:9.8.3::::-::: cpe:2.3:a:isc:bind:9.8.2::::-::: cpe:2.3:a:isc:bind:9.8.1::::-::: cpe:2.3:a:isc:bind:9.8.0::::-::: cpe:2.3:a:isc:bind:9.7.7::::-::: cpe:2.3:a:isc:bind:9.7.6::::-::: cpe:2.3:a:isc:bind:9.7.5::::-::: cpe:2.3:a:isc:bind:9.7.4::::-::: cpe:2.3:a:isc:bind:9.7.3::::-::: cpe:2.3:a:isc:bind:9.7.2::::-::: cpe:2.3:a:isc:bind:9.7.1::::-::: cpe:2.3:a:isc:bind:9.7.0::::-::: cpe:2.3:a:isc:bind:9.6.3::::-::: cpe:2.3:a:isc:bind:9.6.2::::-::: cpe:2.3:a:isc:bind:9.6.1::::-::: cpe:2.3:a:isc:bind:9.6.0::::-::: cpe:2.3:a:isc:bind:9.5.3:::::::* cpe:2.3:a:isc:bind:9.5.2::::-::: cpe:2.3:a:isc:bind:9.5.1::::-::: cpe:2.3:a:isc:bind:9.5.0::::-::: cpe:2.3:a:isc:bind:9.5::::-::: cpe:2.3:a:isc:bind:9.4.3::::-::: cpe:2.3:a:isc:bind:9.4.2::::-::: cpe:2.3:a:isc:bind:9.4.1::::-::: cpe:2.3:a:isc:bind:9.4.0::::-::: cpe:2.3:a:isc:bind:9.4::::-::: cpe:2.3:a:isc:bind:9.3.6::::-::: cpe:2.3:a:isc:bind:9.3.5::::-::: cpe:2.3:a:isc:bind:9.3.4::::-::: cpe:2.3:a:isc:bind:9.3.3::::-::: cpe:2.3:a:isc:bind:9.3.2::::-::: cpe:2.3:a:isc:bind:9.3.1::::-::: cpe:2.3:a:isc:bind:9.3.0::::-::: cpe:2.3:a:isc:bind:9.3::::-::: cpe:2.3:a:isc:bind:9.2.9::::-::: cpe:2.3:a:isc:bind:9.2.8::::-::: cpe:2.3:a:isc:bind:9.2.7::::-::: cpe:2.3:a:isc:bind:9.2.6::::-::: cpe:2.3:a:isc:bind:9.2.5::::-::: cpe:2.3:a:isc:bind:9.2.4::::-::: cpe:2.3:a:isc:bind:9.2.3::::-::: cpe:2.3:a:isc:bind:9.2.2::::-::: cpe:2.3:a:isc:bind:9.2.1::::-::: cpe:2.3:a:isc:bind:9.2.0::::-::: cpe:2.3:a:isc:bind:9.2::::-::: cpe:2.3:a:isc:bind:9.10.1:::::::* cpe:2.3:a:isc:bind:9.10.0:::::::* cpe:2.3:a:isc:bind:9.1.3::::-::: cpe:2.3:a:isc:bind:9.1.2::::-::: cpe:2.3:a:isc:bind:9.1.1::::-::: cpe:2.3:a:isc:bind:9.1::::-::: cpe:2.3:a:isc:bind:9.0.1::::-::: cpe:2.3:a:isc:bind:9.0::::-:::	63

Snort® IPS/IDS

Date	Description
2015-03-31	ISC BIND recursive resolver resource consumption denial of service attempt RuleID : 33583 - Revision : 8 - Type : PROTOCOL-DNS

Nessus® Vulnerability Scanner

Date	Description
2017-04-21	Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2017-0066.nasl - Type : ACT_GATHER_INFO
2016-06-22	Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2016-0055.nasl - Type : ACT_GATHER_INFO
2016-01-29	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2016-0078.nasl - Type : ACT_GATHER_INFO
2016-01-15	Name : The remote name server is affected by a denial of service vulnerability. File : powerdns_recursor_3_6_2.nasl - Type : ACT_GATHER_INFO
2016-01-12	Name : The remote name server is affected by a denial of service vulnerability. File : unbound_1_5_1.nasl - Type : ACT_GATHER_INFO
2015-09-22	Name : The remote host is missing a security update for OS X Server. File : macosx_server_5_0_3.nasl - Type : ACT_GATHER_INFO
2015-07-31	Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2015-0105.nasl - Type : ACT_GATHER_INFO
2015-05-20	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-0096-1.nasl - Type : ACT_GATHER_INFO
2015-04-22	Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2015-111-01.nasl - Type : ACT_GATHER_INFO
2015-03-30	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2015-165.nasl - Type : ACT_GATHER_INFO
2015-03-26	Name : The remote Debian host is missing a security update. File : debian_DLA-112.nasl - Type : ACT_GATHER_INFO
2015-03-05	Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL15927.nasl - Type : ACT_GATHER_INFO
2015-02-25	Name : The remote AIX host is missing a security patch. File : aix_IV68997.nasl - Type : ACT_GATHER_INFO
2015-02-25	Name : The remote AIX host is missing a security patch. File : aix_IV68996.nasl - Type : ACT_GATHER_INFO
2015-02-25	Name : The remote AIX host is missing a security patch. File : aix_IV68995.nasl - Type : ACT_GATHER_INFO
2015-02-25	Name : The remote AIX host is missing a security patch. File : aix_IV68994.nasl - Type : ACT_GATHER_INFO
2015-02-25	Name : The remote AIX host is missing a security patch. File : aix_IV68993.nasl - Type : ACT_GATHER_INFO
2015-02-24	Name : The remote name server is affected by multiple vulnerabilities. File : bind9_9102_rc2.nasl - Type : ACT_GATHER_INFO
2015-02-24	Name : The remote name server is affected by multiple vulnerabilities. File : bind9_997_rc2.nasl - Type : ACT_GATHER_INFO
2015-02-09	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201502-03.nasl - Type : ACT_GATHER_INFO
2015-02-09	Name : The remote Fedora host is missing a security update. File : fedora_2015-1263.nasl - Type : ACT_GATHER_INFO
2015-02-05	Name : The remote Fedora host is missing a security update. File : fedora_2015-1198.nasl - Type : ACT_GATHER_INFO
2015-01-09	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2015-465.nasl - Type : ACT_GATHER_INFO
2015-01-06	Name : The remote Fedora host is missing a security update. File : fedora_2014-16576.nasl - Type : ACT_GATHER_INFO
2015-01-06	Name : The remote Fedora host is missing a security update. File : fedora_2014-16557.nasl - Type : ACT_GATHER_INFO
2014-12-26	Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2014-0084.nasl - Type : ACT_GATHER_INFO
2014-12-15	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1984.nasl - Type : ACT_GATHER_INFO
2014-12-15	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-1984.nasl - Type : ACT_GATHER_INFO
2014-12-15	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-1985.nasl - Type : ACT_GATHER_INFO
2014-12-15	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_ab3e98d9817511e4907dd050992ecde8.nasl - Type : ACT_GATHER_INFO
2014-12-15	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2014-238.nasl - Type : ACT_GATHER_INFO
2014-12-15	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-1984.nasl - Type : ACT_GATHER_INFO
2014-12-15	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-1985.nasl - Type : ACT_GATHER_INFO
2014-12-15	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1985.nasl - Type : ACT_GATHER_INFO
2014-12-12	Name : The remote name server is affected by multiple denial of service vulnerabilit... File : bind9_9101_p1.nasl - Type : ACT_GATHER_INFO
2014-12-10	Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2437-1.nasl - Type : ACT_GATHER_INFO
2014-12-09	Name : The remote Debian host is missing a security-related update. File : debian_DSA-3094.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

http://advisories.mageia.org/MGASA-2014-0524.html
http://cert.ssi.gouv.fr/site/CERTFR-2014-AVI-512/index.html
http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-002.txt.asc
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10676
http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00017.html
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00009.html
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00013.html
http://lists.opensuse.org/opensuse-updates/2015-07/msg00038.html
http://marc.info/?l=bugtraq&m=142180687100892&w=2
http://marc.info/?l=bugtraq&m=142180687100892&w=2
http://marc.info/?l=bugtraq&m=144000632319155&w=2
http://marc.info/?l=bugtraq&m=144000632319155&w=2
http://rhn.redhat.com/errata/RHSA-2016-0078.html
http://secunia.com/advisories/62064
http://secunia.com/advisories/62122
http://security.gentoo.org/glsa/glsa-201502-03.xml
http://securitytracker.com/id?1031311
http://ubuntu.com/usn/usn-2437-1
http://www.debian.org/security/2014/dsa-3094
http://www.kb.cert.org/vuls/id/264212
http://www.mandriva.com/security/advisories?name=MDVSA-2015:165
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546....
http://www.securityfocus.com/bid/71590
https://kb.isc.org/article/AA-01216/
https://security.netapp.com/advisory/ntap-20190730-0002/
https://support.apple.com/HT205219

Source	Url

Alert History

If you want to see full details history, please login or register.

Date	Informations
2024-11-28 12:43:25	Multiple Updates
2024-08-02 12:30:11	Multiple Updates
2024-08-02 01:09:00	Multiple Updates
2024-02-02 01:29:17	Multiple Updates
2024-02-01 12:08:38	Multiple Updates
2023-09-05 12:27:45	Multiple Updates
2023-09-05 01:08:31	Multiple Updates
2023-09-02 12:27:45	Multiple Updates
2023-09-02 01:08:39	Multiple Updates
2023-08-12 12:30:15	Multiple Updates
2023-08-12 01:08:08	Multiple Updates
2023-08-11 12:25:53	Multiple Updates
2023-08-11 01:08:20	Multiple Updates
2023-08-06 12:25:08	Multiple Updates
2023-08-06 01:08:07	Multiple Updates
2023-08-04 12:25:12	Multiple Updates
2023-08-04 01:08:11	Multiple Updates
2023-07-14 12:25:11	Multiple Updates
2023-07-14 01:08:09	Multiple Updates
2023-03-29 01:26:59	Multiple Updates
2023-03-28 12:08:30	Multiple Updates
2022-10-11 12:22:43	Multiple Updates
2022-10-11 01:08:18	Multiple Updates
2021-05-04 12:34:58	Multiple Updates
2021-04-22 01:42:30	Multiple Updates
2020-05-23 00:42:43	Multiple Updates
2019-07-31 12:06:44	Multiple Updates
2017-04-22 13:25:52	Multiple Updates
2017-02-15 13:25:17	Multiple Updates
2017-01-07 13:25:59	Multiple Updates
2017-01-03 09:23:00	Multiple Updates
2016-12-28 09:21:57	Multiple Updates
2016-12-08 09:23:33	Multiple Updates
2016-12-06 09:23:57	Multiple Updates
2016-11-24 13:26:07	Multiple Updates
2016-11-01 13:25:53	Multiple Updates
2016-10-26 09:22:44	Multiple Updates
2016-09-09 09:23:19	Multiple Updates
2016-08-23 09:24:52	Multiple Updates
2016-08-11 13:26:57	Multiple Updates
2016-06-23 13:29:27	Multiple Updates
2016-05-25 13:24:40	Multiple Updates
2016-04-27 01:25:43	Multiple Updates
2016-04-26 13:27:45	Multiple Updates
2016-04-02 13:26:25	Multiple Updates
2016-01-30 13:25:35	Multiple Updates
2015-12-05 13:26:43	Multiple Updates
2015-09-23 13:24:07	Multiple Updates
2015-09-19 09:22:26	Multiple Updates
2015-09-05 13:31:53	Multiple Updates
2015-08-12 13:33:00	Multiple Updates
2015-07-31 13:28:44	Multiple Updates
2015-07-18 13:28:23	Multiple Updates
2015-05-21 13:31:49	Multiple Updates
2015-04-23 13:30:31	Multiple Updates
2015-04-02 09:26:13	Multiple Updates
2015-03-31 21:26:21	Multiple Updates
2015-03-31 13:29:00	Multiple Updates
2015-03-27 13:28:45	Multiple Updates
2015-03-18 09:28:04	Multiple Updates
2015-03-17 09:26:52	Multiple Updates
2015-03-06 13:25:54	Multiple Updates
2015-02-27 09:24:15	Multiple Updates
2015-02-26 13:24:19	Multiple Updates
2015-02-25 13:24:09	Multiple Updates
2015-02-21 09:24:27	Multiple Updates
2015-02-10 13:24:11	Multiple Updates
2015-01-10 13:23:23	Multiple Updates
2015-01-07 13:26:29	Multiple Updates
2014-12-27 13:25:10	Multiple Updates
2014-12-19 13:24:34	Multiple Updates
2014-12-17 09:23:48	Multiple Updates
2014-12-16 17:25:42	Multiple Updates
2014-12-16 13:25:35	Multiple Updates
2014-12-13 13:24:53	Multiple Updates
2014-12-12 09:24:46	Multiple Updates
2014-12-11 13:25:12	Multiple Updates
2014-12-11 09:24:35	First insertion

Global Informations

Type	Count
CWE ID(s)	1
Oval ID(s)	7
CPE ID(s)	63
Sources(s)	29
Snort® Rule(s)	1
Nessus® Exploit(s)	37

	Related
7.8	VU#264212
7.8	USN-2437-1
7.8	RHSA-2016:0078
7.8	RHSA-2014:1985
7.8	RHSA-2014:1984
7.8	MDVSA-2015:165
7.8	MDVSA-2014:238
7.8	HPSBUX03400 SSR...
7.8	HPSBUX03235 SSR...
7.8	GLSA-201502-03
7.8	DSA-3094
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 11 more Alert(s)

7.8 - CVE-2014-8500

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

OVAL Definitions

CPE : Common Platform Enumeration

Snort® IPS/IDS

Nessus® Vulnerability Scanner

Sources (Detail)

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU