7.1 - DSA-3053

Executive Summary

Summary
Title	openssl security update

Informations
Name	DSA-3053	First vendor Publication	2014-10-16
Vendor	Debian	Last vendor Modification	2014-10-16
Severity (Vendor)	N/A	Revision	1

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:N/A:C)
Cvss Base Score	7.1	Attack Range	Network
Cvss Impact Score	6.9	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Several vulnerabilities have been found in OpenSSL, the Secure Sockets Layer library and toolkit.

CVE-2014-3513

A memory leak flaw was found in the way OpenSSL parsed the DTLS Secure Real-time Transport Protocol (SRTP) extension data. A remote attacker could send multiple specially crafted handshake messages to exhaust all available memory of an SSL/TLS or DTLS server.

CVE-2014-3566 ("POODLE")

A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. This flaw allows a man-in-the-middle (MITM) attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections.

This update adds support for Fallback SCSV to mitigate this issue.

CVE-2014-3567

A memory leak flaw was found in the way an OpenSSL handled failed session ticket integrity checks. A remote attacker could exhaust all available memory of an SSL/TLS or DTLS server by sending a large number of invalid session tickets to that server.

CVE-2014-3568

When OpenSSL is configured with "no-ssl3" as a build option, servers could accept and complete a SSL 3.0 handshake, and clients could be configured to send them.

For the stable distribution (wheezy), these problems have been fixed in version 1.0.1e-2+deb7u13.

For the unstable distribution (sid), these problems have been fixed in version 1.0.1j-1.

We recommend that you upgrade your openssl packages.

Original Source

Url : http://www.debian.org/security/2014/dsa-3053

CWE : Common Weakness Enumeration

%	Id	Name
40 %	CWE-310	Cryptographic Issues
40 %	CWE-20	Improper Input Validation
20 %	CWE-399	Resource Management Errors

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:26245

Oval ID:	oval:org.mitre.oval:def:26245
Title:	HP-UX Running OpenSSL, Remote Denial of Service (DoS), Unauthorized Access, Man-in-the-Middle (MitM) Attack
Description:	Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted session ticket that triggers an integrity-check failure.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-3567	Version:	8
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX03162 HP-UX B.11.11 AND filesets tests openssl.OPENSSL-CER version is less than A.00.09.08zc.001 AND openssl.OPENSSL-CONF version is less than A.00.09.08zc.001 AND openssl.OPENSSL-DOC version is less than A.00.09.08zc.001 AND openssl.OPENSSL-INC version is less than A.00.09.08zc.001 AND openssl.OPENSSL-LIB version is less than A.00.09.08zc.001 AND openssl.OPENSSL-MAN version is less than A.00.09.08zc.001 AND openssl.OPENSSL-MIS version is less than A.00.09.08zc.001 AND openssl.OPENSSL-PRNG version is less than A.00.09.08zc.001 AND openssl.OPENSSL-PVT version is less than A.00.09.08zc.001 AND openssl.OPENSSL-RUN version is less than A.00.09.08zc.001 AND openssl.OPENSSL-SRC version is less than A.00.09.08zc.001 OR Criteria meets HP Security Bulletin HPSBUX03162 HP-UX B.11.23 AND filesets tests openssl.OPENSSL-CER version is less than A.00.09.08zc.002 AND openssl.OPENSSL-CONF version is less than A.00.09.08zc.002 AND openssl.OPENSSL-DOC version is less than A.00.09.08zc.002 AND openssl.OPENSSL-INC version is less than A.00.09.08zc.002 AND openssl.OPENSSL-LIB version is less than A.00.09.08zc.002 AND openssl.OPENSSL-MAN version is less than A.00.09.08zc.002 AND openssl.OPENSSL-MIS version is less than A.00.09.08zc.002 AND openssl.OPENSSL-PRNG version is less than A.00.09.08zc.002 AND openssl.OPENSSL-PVT version is less than A.00.09.08zc.002 AND openssl.OPENSSL-RUN version is less than A.00.09.08zc.002 AND openssl.OPENSSL-SRC version is less than A.00.09.08zc.002 OR Criteria meets HP Security Bulletin HPSBUX03162 HP-UX B.11.31 AND filesets tests openssl.OPENSSL-CER version is less than A.00.09.08zc.003 AND openssl.OPENSSL-CONF version is less than A.00.09.08zc.003 AND openssl.OPENSSL-DOC version is less than A.00.09.08zc.003 AND openssl.OPENSSL-INC version is less than A.00.09.08zc.003 AND openssl.OPENSSL-LIB version is less than A.00.09.08zc.003 AND openssl.OPENSSL-MAN version is less than A.00.09.08zc.003 AND openssl.OPENSSL-MIS version is less than A.00.09.08zc.003 AND openssl.OPENSSL-PRNG version is less than A.00.09.08zc.003 AND openssl.OPENSSL-PVT version is less than A.00.09.08zc.003 AND openssl.OPENSSL-RUN version is less than A.00.09.08zc.003 AND openssl.OPENSSL-SRC version is less than A.00.09.08zc.003

Definition Id: oval:org.mitre.oval:def:26416

Oval ID:	oval:org.mitre.oval:def:26416
Title:	AIX OpenSSL Denial of Service due to memory consumption
Description:	Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted session ticket that triggers an integrity-check failure.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-3567	Version:	4
Platform(s):	IBM AIX 6.1 IBM AIX 7.1	Product(s):
Definition Synopsis:
platforms IBM AIX 6.1 is installed AND IBM AIX 7.1 is installed AND filesets File Version Exists openssl.base greater than or equal 1.0.1.500 AND openssl.base less than or equal 1.0.1.512 OR File Version Exists openssl.base greater than or equal 0.9.8.401 AND openssl.base less than or equal 0.9.8.2503 OR File Version Exists openssl.base greater than or equal 12.9.8.1100 AND openssl.base less than or equal 12.9.8.2503

Definition Id: oval:org.mitre.oval:def:26548

Oval ID:	oval:org.mitre.oval:def:26548
Title:	DSA-3053-1 openssl - security update
Description:	Several vulnerabilities have been found in OpenSSL, the Secure Sockets Layer library and toolkit.
Family:	unix	Class:	patch
Reference(s):	DSA-3053-1 CVE-2014-3513 CVE-2014-3566 CVE-2014-3567 CVE-2014-3568	Version:	3
Platform(s):	Debian GNU/Linux 7.0 Debian GNU/kFreeBSD 7.0	Product(s):	openssl
Definition Synopsis:
Debian 7 is installed GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND openssl DPKG is earlier than 0:1.0.1e-2+deb7u13

Definition Id: oval:org.mitre.oval:def:26743

Oval ID:	oval:org.mitre.oval:def:26743
Title:	AIX OpenSSL Denial of Service due to memory leak in DTLS SRTP extension
Description:	Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted handshake message.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-3513	Version:	4
Platform(s):	IBM AIX 6.1 IBM AIX 7.1	Product(s):
Definition Synopsis:
platforms IBM AIX 6.1 is installed AND IBM AIX 7.1 is installed AND File Version Exists openssl.base greater than or equal 1.0.1.500 AND openssl.base less than or equal 1.0.1.512

Definition Id: oval:org.mitre.oval:def:26829

Oval ID:	oval:org.mitre.oval:def:26829
Title:	RHSA-2014:1652: openssl security update (Important)
Description:	OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL), Transport Layer Security (TLS), and Datagram Transport Layer Security (DTLS) protocols, as well as a full-strength, general purpose cryptography library. This update adds support for the TLS Fallback Signaling Cipher Suite Value (TLS_FALLBACK_SCSV), which can be used to prevent protocol downgrade attacks against applications which re-connect using a lower SSL/TLS protocol version when the initial connection indicating the highest supported protocol version fails. This can prevent a forceful downgrade of the communication to SSL 3.0. The SSL 3.0 protocol was found to be vulnerable to the padding oracle attack when using block cipher suites in cipher block chaining (CBC) mode. This issue is identified as CVE-2014-3566, and also known under the alias POODLE. This SSL 3.0 protocol flaw will not be addressed in a future update; it is recommended that users configure their applications to require at least TLS protocol version 1.0 for secure communication. For additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1232123 A memory leak flaw was found in the way OpenSSL parsed the DTLS Secure Real-time Transport Protocol (SRTP) extension data. A remote attacker could send multiple specially crafted handshake messages to exhaust all available memory of an SSL/TLS or DTLS server. (CVE-2014-3513) A memory leak flaw was found in the way an OpenSSL handled failed session ticket integrity checks. A remote attacker could exhaust all available memory of an SSL/TLS or DTLS server by sending a large number of invalid session tickets to that server. (CVE-2014-3567) All OpenSSL users are advised to upgrade to these updated packages, which contain backported patches to mitigate the CVE-2014-3566 issue and correct the CVE-2014-3513 and CVE-2014-3567 issues. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.
Family:	unix	Class:	patch
Reference(s):	RHSA-2014:1652-00 CESA-2014:1652 CVE-2014-3513 CVE-2014-3567	Version:	3
Platform(s):	Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 CentOS Linux 6 CentOS Linux 7	Product(s):	openssl
Definition Synopsis:
Operation system section Redhat 7 or Centos 7 release The operating system installed on the system is Red Hat Enterprise Linux 7 AND The operating system installed on the system is CentOS Linux 7.x Packages section openssl is earlier than 1:1.0.1e-34.el7_0.6 AND openssl-devel is earlier than 1:1.0.1e-34.el7_0.6 AND openssl-libs is earlier than 1:1.0.1e-34.el7_0.6 AND openssl-perl is earlier than 1:1.0.1e-34.el7_0.6 AND openssl-static is earlier than 1:1.0.1e-34.el7_0.6 AND Operation system section Redhat 6 or Centos 6 release The operating system installed on the system is Red Hat Enterprise Linux 6 AND The operating system installed on the system is CentOS Linux 6.x Packages section openssl is earlier than 0:1.0.1e-30.el6_6.2 AND openssl-devel is earlier than 0:1.0.1e-30.el6_6.2 AND openssl-perl is earlier than 0:1.0.1e-30.el6_6.2 AND openssl-static is earlier than 0:1.0.1e-30.el6_6.2

Definition Id: oval:org.mitre.oval:def:27014

Oval ID:	oval:org.mitre.oval:def:27014
Title:	RHSA-2014:1653: openssl security update (Moderate)
Description:	OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL), Transport Layer Security (TLS), and Datagram Transport Layer Security (DTLS) protocols, as well as a full-strength, general purpose cryptography library. This update adds support for the TLS Fallback Signaling Cipher Suite Value (TLS_FALLBACK_SCSV), which can be used to prevent protocol downgrade attacks against applications which re-connect using a lower SSL/TLS protocol version when the initial connection indicating the highest supported protocol version fails. This can prevent a forceful downgrade of the communication to SSL 3.0. The SSL 3.0 protocol was found to be vulnerable to the padding oracle attack when using block cipher suites in cipher block chaining (CBC) mode. This issue is identified as CVE-2014-3566, and also known under the alias POODLE. This SSL 3.0 protocol flaw will not be addressed in a future update; it is recommended that users configure their applications to require at least TLS protocol version 1.0 for secure communication. For additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1232123 All OpenSSL users are advised to upgrade to these updated packages, which contain a backported patch to mitigate the CVE-2014-3566 issue. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.
Family:	unix	Class:	patch
Reference(s):	RHSA-2014:1653-00 CESA-2014:1653 CVE-2014-3566	Version:	5
Platform(s):	Red Hat Enterprise Linux 5 CentOS Linux 5	Product(s):
Definition Synopsis:
Redhat 5 or Centos 5 release The operating system installed on the system is Red Hat Enterprise Linux 5 AND The operating system installed on the system is CentOS Linux 5.x Packages section openssl is earlier than 0:0.9.8e-31.el5_11 AND openssl-devel is earlier than 0:0.9.8e-31.el5_11 AND openssl-perl is earlier than 0:0.9.8e-31.el5_11

Definition Id: oval:org.mitre.oval:def:27052

Oval ID:	oval:org.mitre.oval:def:27052
Title:	USN-2385-1 -- OpenSSL vulnerabilities
Description:	It was discovered that OpenSSL incorrectly handled memory when parsing DTLS SRTP extension data. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-3513">CVE-2014-3513</a>) It was discovered that OpenSSL incorrectly handled memory when verifying the integrity of a session ticket. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, resulting in a denial of service. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-3567">CVE-2014-3567</a>) In addition, this update introduces support for the TLS Fallback Signaling Cipher Suite Value (TLS_FALLBACK_SCSV). This new feature prevents protocol downgrade attacks when certain applications such as web browsers attempt to reconnect using a lower protocol version for interoperability reasons.
Family:	unix	Class:	patch
Reference(s):	USN-2385-1 CVE-2014-3513 CVE-2014-3567	Version:	3
Platform(s):	Ubuntu 14.04 Ubuntu 12.04 Ubuntu 10.04	Product(s):	openssl
Definition Synopsis:
Ubuntu 14.04 release section Ubuntu 14.04 is installed AND libssl1.0.0 is earlier than 0:1.0.1f-1ubuntu2.7 AND Ubuntu 12.04 release section Ubuntu 12.04 is installed AND libssl1.0.0 is earlier than 0:1.0.1-4ubuntu5.20 AND Ubuntu 10.04 release section Ubuntu 10.04 is installed AND libssl0.9.8 is earlier than 0:0.9.8k-7ubuntu8.22

Definition Id: oval:org.mitre.oval:def:27057

Oval ID:	oval:org.mitre.oval:def:27057
Title:	ELSA-2014-1653 -- openssl security update
Description:	[0.9.8e-31] - add support for fallback SCSV to partially mitigate CVE-2014-3566 (padding attack on SSL3) [0.9.8e-30] - fix CVE-2014-0221 - recursion in DTLS code leading to DoS - fix CVE-2014-3505 - doublefree in DTLS packet processing - fix CVE-2014-3506 - avoid memory exhaustion in DTLS - fix CVE-2014-3508 - fix OID handling to avoid information leak - fix CVE-2014-3510 - fix DoS in anonymous (EC)DH handling in DTLS [0.9.8e-29] - fix for CVE-2014-0224 - SSL/TLS MITM vulnerability [0.9.8e-28] - replace expired GlobalSign Root CA certificate in ca-bundle.crt
Family:	unix	Class:	patch
Reference(s):	ELSA-2014-1653 CVE-2014-3566	Version:	5
Platform(s):	Oracle Linux 5	Product(s):	openssl openssl-devel openssl-perl
Definition Synopsis:
Oracle Linux 5.x Packages match section openssl is earlier than 0:0.9.8e-31.el5_11 AND openssl-devel is earlier than 0:0.9.8e-31.el5_11 AND openssl-perl is earlier than 0:0.9.8e-31.el5_11

Definition Id: oval:org.mitre.oval:def:27084

Oval ID:	oval:org.mitre.oval:def:27084
Title:	ELSA-2014-1652 -- openssl security update
Description:	[1.0.1e-30.2] - fix CVE-2014-3567 - memory leak when handling session tickets - fix CVE-2014-3513 - memory leak in srtp support - add support for fallback SCSV to partially mitigate CVE-2014-3566 (padding attack on SSL3) [1.0.1e-30] - add ECC TLS extensions to DTLS (#1119800) [1.0.1e-29] - fix CVE-2014-3505 - doublefree in DTLS packet processing - fix CVE-2014-3506 - avoid memory exhaustion in DTLS - fix CVE-2014-3507 - avoid memory leak in DTLS - fix CVE-2014-3508 - fix OID handling to avoid information leak - fix CVE-2014-3509 - fix race condition when parsing server hello - fix CVE-2014-3510 - fix DoS in anonymous (EC)DH handling in DTLS - fix CVE-2014-3511 - disallow protocol downgrade via fragmentation [1.0.1e-28] - fix CVE-2014-0224 fix that broke EAP-FAST session resumption support [1.0.1e-26] - drop EXPORT, RC2, and DES from the default cipher list (#1057520) - print ephemeral key size negotiated in TLS handshake (#1057715) - do not include ECC ciphersuites in SSLv2 client hello (#1090952) - properly detect encryption failure in BIO (#1100819) - fail on hmac integrity check if the .hmac file is empty (#1105567) - FIPS mode: make the limitations on DSA, DH, and RSA keygen length enforced only if OPENSSL_ENFORCE_MODULUS_BITS environment variable is set [1.0.1e-25] - fix CVE-2010-5298 - possible use of memory after free - fix CVE-2014-0195 - buffer overflow via invalid DTLS fragment - fix CVE-2014-0198 - possible NULL pointer dereference - fix CVE-2014-0221 - DoS from invalid DTLS handshake packet - fix CVE-2014-0224 - SSL/TLS MITM vulnerability - fix CVE-2014-3470 - client-side DoS when using anonymous ECDH [1.0.1e-24] - add back support for secp521r1 EC curve [1.0.1e-23] - fix CVE-2014-0160 - information disclosure in TLS heartbeat extension [1.0.1e-22] - use 2048 bit RSA key in FIPS selftests [1.0.1e-21] - add DH_compute_key_padded needed for FIPS CAVS testing - make 3des strength to be 128 bits instead of 168 (#1056616) - FIPS mode: do not generate DSA keys and DH parameters < 2048 bits - FIPS mode: use approved RSA keygen (allows only 2048 and 3072 bit keys) - FIPS mode: add DH selftest - FIPS mode: reseed DRBG properly on RAND_add() - FIPS mode: add RSA encrypt/decrypt selftest - FIPS mode: add hard limit for 2^32 GCM block encryptions with the same key - use the key length from configuration file if req -newkey rsa is invoked [1.0.1e-20] - fix CVE-2013-4353 - Invalid TLS handshake crash [1.0.1e-19] - fix CVE-2013-6450 - possible MiTM attack on DTLS1 [1.0.1e-18] - fix CVE-2013-6449 - crash when version in SSL structure is incorrect [1.0.1e-17] - add back some no-op symbols that were inadvertently dropped
Family:	unix	Class:	patch
Reference(s):	ELSA-2014-1652 CVE-2014-3513 CVE-2014-3567	Version:	6
Platform(s):	Oracle Linux 6 Oracle Linux 7	Product(s):	openssl openssl-devel openssl-perl openssl-static openssl-libs
Definition Synopsis:
Oracle Linux 6 release section Oracle Linux 6.x Packages match section openssl is earlier than 0:1.0.1e-30.el6_6.2 AND openssl-devel is earlier than 0:1.0.1e-30.el6_6.2 AND openssl-perl is earlier than 0:1.0.1e-30.el6_6.2 AND openssl-static is earlier than 0:1.0.1e-30.el6_6.2 AND Oracle Linux 7 release section Oracle Linux 7.x Packages match section openssl is earlier than 1:1.0.1e-34.el7_0.6 AND openssl-devel is earlier than 1:1.0.1e-34.el7_0.6 AND openssl-libs is earlier than 1:1.0.1e-34.el7_0.6 AND openssl-perl is earlier than 1:1.0.1e-34.el7_0.6 AND openssl-static is earlier than 1:1.0.1e-34.el7_0.6

Definition Id: oval:org.mitre.oval:def:27104

Oval ID:	oval:org.mitre.oval:def:27104
Title:	AIX OpenSSL Patch to mitigate CVE-2014-3566
Description:	The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-3566	Version:	4
Platform(s):	IBM AIX 6.1 IBM AIX 7.1	Product(s):
Definition Synopsis:
platforms IBM AIX 6.1 is installed AND IBM AIX 7.1 is installed AND filesets File Version Exists openssl.base greater than or equal 1.0.1.500 AND openssl.base less than or equal 1.0.1.512 OR File Version Exists openssl.base greater than or equal 0.9.8.401 AND openssl.base less than or equal 0.9.8.2503 OR File Version Exists openssl.base greater than or equal 12.9.8.1100 AND openssl.base less than or equal 12.9.8.2503

Definition Id: oval:org.mitre.oval:def:27138

Oval ID:	oval:org.mitre.oval:def:27138
Title:	HP-UX Running OpenSSL, Remote Denial of Service (DoS), Unauthorized Access, Man-in-the-Middle (MitM) Attack
Description:	The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-3566	Version:	8
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX03162 HP-UX B.11.11 AND filesets tests openssl.OPENSSL-CER version is less than A.00.09.08zc.001 AND openssl.OPENSSL-CONF version is less than A.00.09.08zc.001 AND openssl.OPENSSL-DOC version is less than A.00.09.08zc.001 AND openssl.OPENSSL-INC version is less than A.00.09.08zc.001 AND openssl.OPENSSL-LIB version is less than A.00.09.08zc.001 AND openssl.OPENSSL-MAN version is less than A.00.09.08zc.001 AND openssl.OPENSSL-MIS version is less than A.00.09.08zc.001 AND openssl.OPENSSL-PRNG version is less than A.00.09.08zc.001 AND openssl.OPENSSL-PVT version is less than A.00.09.08zc.001 AND openssl.OPENSSL-RUN version is less than A.00.09.08zc.001 AND openssl.OPENSSL-SRC version is less than A.00.09.08zc.001 OR Criteria meets HP Security Bulletin HPSBUX03162 HP-UX B.11.23 AND filesets tests openssl.OPENSSL-CER version is less than A.00.09.08zc.002 AND openssl.OPENSSL-CONF version is less than A.00.09.08zc.002 AND openssl.OPENSSL-DOC version is less than A.00.09.08zc.002 AND openssl.OPENSSL-INC version is less than A.00.09.08zc.002 AND openssl.OPENSSL-LIB version is less than A.00.09.08zc.002 AND openssl.OPENSSL-MAN version is less than A.00.09.08zc.002 AND openssl.OPENSSL-MIS version is less than A.00.09.08zc.002 AND openssl.OPENSSL-PRNG version is less than A.00.09.08zc.002 AND openssl.OPENSSL-PVT version is less than A.00.09.08zc.002 AND openssl.OPENSSL-RUN version is less than A.00.09.08zc.002 AND openssl.OPENSSL-SRC version is less than A.00.09.08zc.002 OR Criteria meets HP Security Bulletin HPSBUX03162 HP-UX B.11.31 AND filesets tests openssl.OPENSSL-CER version is less than A.00.09.08zc.003 AND openssl.OPENSSL-CONF version is less than A.00.09.08zc.003 AND openssl.OPENSSL-DOC version is less than A.00.09.08zc.003 AND openssl.OPENSSL-INC version is less than A.00.09.08zc.003 AND openssl.OPENSSL-LIB version is less than A.00.09.08zc.003 AND openssl.OPENSSL-MAN version is less than A.00.09.08zc.003 AND openssl.OPENSSL-MIS version is less than A.00.09.08zc.003 AND openssl.OPENSSL-PRNG version is less than A.00.09.08zc.003 AND openssl.OPENSSL-PVT version is less than A.00.09.08zc.003 AND openssl.OPENSSL-RUN version is less than A.00.09.08zc.003 AND openssl.OPENSSL-SRC version is less than A.00.09.08zc.003

Definition Id: oval:org.mitre.oval:def:27218

Oval ID:	oval:org.mitre.oval:def:27218
Title:	HP-UX Running OpenSSL, Remote Denial of Service (DoS), Unauthorized Access, Man-in-the-Middle (MitM) Attack
Description:	OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j does not properly enforce the no-ssl3 build option, which allows remote attackers to bypass intended access restrictions via an SSL 3.0 handshake, related to s23_clnt.c and s23_srvr.c.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-3568	Version:	8
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX03162 HP-UX B.11.11 AND filesets tests openssl.OPENSSL-CER version is less than A.00.09.08zc.001 AND openssl.OPENSSL-CONF version is less than A.00.09.08zc.001 AND openssl.OPENSSL-DOC version is less than A.00.09.08zc.001 AND openssl.OPENSSL-INC version is less than A.00.09.08zc.001 AND openssl.OPENSSL-LIB version is less than A.00.09.08zc.001 AND openssl.OPENSSL-MAN version is less than A.00.09.08zc.001 AND openssl.OPENSSL-MIS version is less than A.00.09.08zc.001 AND openssl.OPENSSL-PRNG version is less than A.00.09.08zc.001 AND openssl.OPENSSL-PVT version is less than A.00.09.08zc.001 AND openssl.OPENSSL-RUN version is less than A.00.09.08zc.001 AND openssl.OPENSSL-SRC version is less than A.00.09.08zc.001 OR Criteria meets HP Security Bulletin HPSBUX03162 HP-UX B.11.23 AND filesets tests openssl.OPENSSL-CER version is less than A.00.09.08zc.002 AND openssl.OPENSSL-CONF version is less than A.00.09.08zc.002 AND openssl.OPENSSL-DOC version is less than A.00.09.08zc.002 AND openssl.OPENSSL-INC version is less than A.00.09.08zc.002 AND openssl.OPENSSL-LIB version is less than A.00.09.08zc.002 AND openssl.OPENSSL-MAN version is less than A.00.09.08zc.002 AND openssl.OPENSSL-MIS version is less than A.00.09.08zc.002 AND openssl.OPENSSL-PRNG version is less than A.00.09.08zc.002 AND openssl.OPENSSL-PVT version is less than A.00.09.08zc.002 AND openssl.OPENSSL-RUN version is less than A.00.09.08zc.002 AND openssl.OPENSSL-SRC version is less than A.00.09.08zc.002 OR Criteria meets HP Security Bulletin HPSBUX03162 HP-UX B.11.31 AND filesets tests openssl.OPENSSL-CER version is less than A.00.09.08zc.003 AND openssl.OPENSSL-CONF version is less than A.00.09.08zc.003 AND openssl.OPENSSL-DOC version is less than A.00.09.08zc.003 AND openssl.OPENSSL-INC version is less than A.00.09.08zc.003 AND openssl.OPENSSL-LIB version is less than A.00.09.08zc.003 AND openssl.OPENSSL-MAN version is less than A.00.09.08zc.003 AND openssl.OPENSSL-MIS version is less than A.00.09.08zc.003 AND openssl.OPENSSL-PRNG version is less than A.00.09.08zc.003 AND openssl.OPENSSL-PVT version is less than A.00.09.08zc.003 AND openssl.OPENSSL-RUN version is less than A.00.09.08zc.003 AND openssl.OPENSSL-SRC version is less than A.00.09.08zc.003

Definition Id: oval:org.mitre.oval:def:28044

Oval ID:	oval:org.mitre.oval:def:28044
Title:	SUSE-SU-2014:1557-2 -- Security update for compat-openssl097g (moderate)
Description:	The SLES 9 compatibility package compat-openssl097g received a roll up update fixing various security issues: * Build option no-ssl3 is incomplete (CVE-2014-3568) * Add support for TLS_FALLBACK_SCSV (CVE-2014-3566) * Information leak in pretty printing functions (CVE-2014-3508) * OCSP bad key DoS attack (CVE-2013-0166) * SSL/TLS CBC plaintext recovery attack (CVE-2013-0169) * Anonymous ECDH denial of service (CVE-2014-3470) * SSL/TLS MITM vulnerability (CVE-2014-0224) Security Issues: * CVE-2013-0166 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0166> * CVE-2013-0169 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0169> * CVE-2014-0224 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224> * CVE-2014-3470 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470> * CVE-2014-3508 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3508> * CVE-2014-3566 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566> * CVE-2014-3568 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568>
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2014:1557-2 CVE-2013-0166 CVE-2013-0169 CVE-2014-0224 CVE-2014-3470 CVE-2014-3508 CVE-2014-3566 CVE-2014-3568	Version:	3
Platform(s):	SUSE Linux Enterprise Desktop 11	Product(s):	compat-openssl097g
Definition Synopsis:
SUSE Linux Enterprise Desktop 11.x is installed Packages match section compat-openssl097g is earlier than 0:0.9.7g-146.22.25.1 AND compat-openssl097g-32bit is earlier than 0:0.9.7g-146.22.25.1

Definition Id: oval:org.mitre.oval:def:28154

Oval ID:	oval:org.mitre.oval:def:28154
Title:	IBM SDK Java Technology Edition vulnerability
Description:	The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-3566	Version:	4
Platform(s):	IBM AIX 6.1 IBM AIX 7.1	Product(s):
Definition Synopsis:
platforms IBM AIX 6.1 is installed AND IBM AIX 7.1 is installed AND File Version Exists Java5.sdk less than 5.0.0.580 AND Java5_64.sdk less than 5.0.0.580 AND Java6.sdk less than 6.0.0.460 AND Java6_64.sdk less than 6.0.0.460 AND Java7.sdk less than 7.0.0.135 AND Java7_64.sdk less than 7.0.0.135 AND Java71.sdk less than 7.1.0.15 AND Java71_64.sdk less than 7.1.0.15

Definition Id: oval:org.mitre.oval:def:28223

Oval ID:	oval:org.mitre.oval:def:28223
Title:	SUSE-SU-2014:1386-1 -- Security update for OpenSSL (important)
Description:	This OpenSSL update fixes the following issues: * Session Ticket Memory Leak (CVE-2014-3567) * Build option no-ssl3 is incomplete ((CVE-2014-3568) * Add support for TLS_FALLBACK_SCSV to mitigate CVE-2014-3566 (POODLE) Security Issues: * CVE-2014-3513 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513> * CVE-2014-3567 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567> * CVE-2014-3566 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566> * CVE-2014-3568 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568>
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2014:1386-1 CVE-2014-3513 CVE-2014-3567 CVE-2014-3566 CVE-2014-3568	Version:	3
Platform(s):	SUSE Linux Enterprise Server 11	Product(s):	OpenSSL
Definition Synopsis:
SUSE Linux Enterprise Server 11.x is installed Packages match section libopenssl-devel is earlier than 0:0.9.8j-0.66.1 AND libopenssl0_9_8 is earlier than 0:0.9.8j-0.66.1 AND libopenssl0_9_8-hmac is earlier than 0:0.9.8j-0.66.1 AND openssl is earlier than 0:0.9.8j-0.66.1 AND openssl-doc is earlier than 0:0.9.8j-0.66.1 AND libopenssl0_9_8-32bit is earlier than 0:0.9.8j-0.66.1 AND libopenssl0_9_8-hmac-32bit is earlier than 0:0.9.8j-0.66.1

Definition Id: oval:org.mitre.oval:def:28230

Oval ID:	oval:org.mitre.oval:def:28230
Title:	SUSE-SU-2014:1447-1 -- Security update for openwsman (moderate)
Description:	This update adds a configuration option to disable SSLv2 and SSLv3 in openwsman. This is required to mitigate CVE-2014-3566. To use the new option, edit /etc/openwsman/openwsman.conf and add the following line to the [server] section: ssl_disabled_protocols = SSLv2 SSLv3 Security Issues: * CVE-2014-3566 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566>
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2014:1447-1 CVE-2014-3566	Version:	3
Platform(s):	SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11	Product(s):	openwsman
Definition Synopsis:
Operation system section SUSE Linux Enterprise Server 11.x is installed AND SUSE Linux Enterprise Desktop 11.x is installed Packages match section libwsman1 is earlier than 0:2.2.3-0.8.1 AND openwsman-client is earlier than 0:2.2.3-0.8.1 AND openwsman-server is earlier than 0:2.2.3-0.8.1

Definition Id: oval:org.mitre.oval:def:28273

Oval ID:	oval:org.mitre.oval:def:28273
Title:	SUSE-SU-2014:1524-1 -- Security update for openssl (moderate)
Description:	openssl was updated to fix four security issues. These security issues were fixed: - SRTP Memory Leak (CVE-2014-3513). - Session Ticket Memory Leak (CVE-2014-3567). - Fixed incomplete no-ssl3 build option (CVE-2014-3568). - Add support for TLS_FALLBACK_SCSV (CVE-2014-3566). NOTE: This update alone DOESN'T FIX the POODLE SSL protocol vulnerability. OpenSSL only adds downgrade detection support for client applications. See https://www.suse.com/support/kb/doc.php?id=7015773 for mitigations.
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2014:1524-1 CVE-2014-3513 CVE-2014-3567 CVE-2014-3568 CVE-2014-3566	Version:	3
Platform(s):	SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12	Product(s):	openssl
Definition Synopsis:
SUSE Linux Enterprise Server 12 release section SUSE Linux Enterprise Server 12 is installed AND openssl-doc is earlier than 0:1.0.1i-5.1 AND SUSE Linux Enterprise Desktop 12 release section SUSE Linux Enterprise Desktop 12 is installed Packages match section libopenssl1_0_0 is earlier than 0:1.0.1i-5.1 AND libopenssl1_0_0-debuginfo is earlier than 0:1.0.1i-5.1 AND openssl is earlier than 0:1.0.1i-5.1 AND openssl-debuginfo is earlier than 0:1.0.1i-5.1 AND openssl-debugsource is earlier than 0:1.0.1i-5.1

Definition Id: oval:org.mitre.oval:def:28380

Oval ID:	oval:org.mitre.oval:def:28380
Title:	SUSE-SU-2014:1361-1 -- Security update for OpenSSL (important)
Description:	This OpenSSL update fixes the following issues: * Session Ticket Memory Leak (CVE-2014-3567) * Build option no-ssl3 is incomplete (CVE-2014-3568) * Add support for TLS_FALLBACK_SCSV to mitigate CVE-2014-3566 (POODLE) Security Issues: * CVE-2014-3567 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567> * CVE-2014-3566 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566> * CVE-2014-3568 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568>
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2014:1361-1 CVE-2014-3567 CVE-2014-3566 CVE-2014-3568	Version:	3
Platform(s):	SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11	Product(s):	OpenSSL
Definition Synopsis:
SUSE Linux Enterprise Server 11 and SUSE Linux Enterprise Desktop 11 release section Operation system section SUSE Linux Enterprise Server 11.x is installed AND SUSE Linux Enterprise Desktop 11.x is installed Packages match section libopenssl0_9_8 is earlier than 0:0.9.8j-0.66.1 AND openssl is earlier than 0:0.9.8j-0.66.1 AND libopenssl0_9_8-32bit is earlier than 0:0.9.8j-0.66.1 AND SUSE Linux Enterprise Server 11 release section SUSE Linux Enterprise Server 11.x is installed Packages match section libopenssl0_9_8-hmac is earlier than 0:0.9.8j-0.66.1 AND openssl-doc is earlier than 0:0.9.8j-0.66.1 AND libopenssl0_9_8-hmac-32bit is earlier than 0:0.9.8j-0.66.1

Definition Id: oval:org.mitre.oval:def:28398

Oval ID:	oval:org.mitre.oval:def:28398
Title:	Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities.
Description:	The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-3566	Version:	4
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
platforms HP-UX B.11.23 AND HP-UX B.11.31 AND filesets test Jdk70.JDK70 version is less than 1.7.0.12.00 AND Jdk70.JDK70-COM version is less than 1.7.0.12.00 AND Jdk70.JDK70-IPF32 version is less than 1.7.0.12.00 AND Jdk70.JDK70-IPF64 version is less than 1.7.0.12.00 AND Jdk70.JDK70-DEMO version is less than 1.7.0.12.00 AND Jre70.JRE70 version is less than 1.7.0.12.00 AND Jre70.JRE70-COM version is less than 1.7.0.12.00 AND Jre70.JRE70-COM-DOC version is less than 1.7.0.12.00 AND Jre70.JRE70-IPF32 version is less than 1.7.0.12.00 AND Jre70.JRE70-IPF32-HS version is less than 1.7.0.12.00 AND Jre70.JRE70-IPF64 version is less than 1.7.0.12.00 AND Jre70.JRE70-IPF64-HS version is less than 1.7.0.12.00

Definition Id: oval:org.mitre.oval:def:28457

Oval ID:	oval:org.mitre.oval:def:28457
Title:	SUSE-SU-2014:1387-1 -- Security update for OpenSSL (important)
Description:	This OpenSSL update fixes the following issues: * Session Ticket Memory Leak (CVE-2014-3567) * Build option no-ssl3 is incomplete ((CVE-2014-3568) * Add support for TLS_FALLBACK_SCSV to mitigate CVE-2014-3566 (POODLE) Security Issues: * CVE-2014-3567 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567> * CVE-2014-3566 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566> * CVE-2014-3568 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568>
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2014:1387-1 CVE-2014-3567 CVE-2014-3566 CVE-2014-3568	Version:	3
Platform(s):	SUSE Linux Enterprise Server 10	Product(s):	OpenSSL
Definition Synopsis:
SUSE Linux Enterprise Server 10 is installed Packages match section openssl is earlier than 0:0.9.8a-18.86.3 AND openssl-devel is earlier than 0:0.9.8a-18.86.3 AND openssl-doc is earlier than 0:0.9.8a-18.86.3 AND openssl-32bit is earlier than 0:0.9.8a-18.86.3 AND openssl-devel-32bit is earlier than 0:0.9.8a-18.86.3

Definition Id: oval:org.mitre.oval:def:28481

Oval ID:	oval:org.mitre.oval:def:28481
Title:	SUSE-SU-2014:1512-1 -- Security update for compat-openssl098 (moderate)
Description:	compat-openssl098 was updated to fix three security issues. NOTE: this update alone DOESN'T FIX the POODLE SSL protocol vulnerability. OpenSSL only adds downgrade detection support for client applications. See https://www.suse.com/support/kb/doc.php?id=7015773 for mitigations. These security issues were fixed: - Session ticket memory leak (CVE-2014-3567). - Fixed build option no-ssl3 (CVE-2014-3568). - Added support for TLS_FALLBACK_SCSV (CVE-2014-3566).
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2014:1512-1 CVE-2014-3567 CVE-2014-3568 CVE-2014-3566	Version:	3
Platform(s):	SUSE Linux Enterprise Desktop 12	Product(s):	compat-openssl098
Definition Synopsis:
SUSE Linux Enterprise Desktop 12 is installed Packages match section compat-openssl098-debugsource is earlier than 0:0.9.8j-62.1 AND libopenssl0_9_8 is earlier than 0:0.9.8j-62.1 AND libopenssl0_9_8-debuginfo is earlier than 0:0.9.8j-62.1

Definition Id: oval:org.mitre.oval:def:28488

Oval ID:	oval:org.mitre.oval:def:28488
Title:	SUSE-SU-2014:1519-1 -- Security update for evolution-data-server (moderate)
Description:	evolution-data-server has been updated to disable support for SSLv3. This security issues has been fixed: * SSLv3 POODLE attack (CVE-2014-3566) Security Issues: * CVE-2014-3566 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566>
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2014:1519-1 CVE-2014-3566	Version:	3
Platform(s):	SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11	Product(s):	evolution-data-server
Definition Synopsis:
Operation system section SUSE Linux Enterprise Server 11.x is installed AND SUSE Linux Enterprise Desktop 11.x is installed Packages match section evolution-data-server is earlier than 0:2.28.2-0.32.1 AND evolution-data-server-lang is earlier than 0:2.28.2-0.32.1 AND evolution-data-server-32bit is earlier than 0:2.28.2-0.32.1

Definition Id: oval:org.mitre.oval:def:28500

Oval ID:	oval:org.mitre.oval:def:28500
Title:	JRE and JDK Vulnerability on HPUX
Description:	The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-3566	Version:	4
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX03219 HP-UX B.11.31 AND filesets tests Jdk80.JDK80-COM version is less than 1.8.0.01.00 AND Jdk80.JDK80-IPF32 version is less than 1.8.0.01.00 AND Jdk80.JDK80-IPF64 version is less than 1.8.0.01.00 AND Jdk80.JDK80-DEMO version is less than 1.8.0.01.00 AND Jre80.JRE80-COM version is less than 1.8.0.01.00 AND Jre80.JRE80-COM-DOC version is less than 1.8.0.01.00 AND Jre80.JRE800-IPF32 version is less than 1.8.0.01.00 AND Jre80.JRE800-IPF32-HS version is less than 1.8.0.01.00 AND Jre80.JRE80-IPF64 version is less than 1.8.0.01.00 AND Jre80.JRE80-IPF64-HS version is less than 1.8.0.01.00

Definition Id: oval:org.mitre.oval:def:28595

Oval ID:	oval:org.mitre.oval:def:28595
Title:	Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities.
Description:	The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-3566	Version:	4
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
platforms HP-UX B.11.11 AND HP-UX B.11.23 AND HP-UX B.11.31 AND filesets test Jdk60.JDK60 version is less than 1.6.0.25.00 AND Jdk60.JDK60-COM version is less than 1.6.0.25.00 AND Jdk60.JDK60-IPF32 version is less than 1.6.0.25.00 AND Jdk60.JDK60-IPF64 version is less than 1.6.0.25.00 AND Jdk60.JDK60-PNV2 version is less than 1.6.0.25.00 AND Jdk60.JDK60-PWV2 version is less than 1.6.0.25.00 AND Jdk60.JDK60-PA20 version is less than 1.6.0.25.00 AND Jdk60.JDK60-PA20W version is less than 1.6.0.25.00 AND Jre60.JRE60-PNV2 version is less than 1.6.0.25.00 AND Jre60.JRE60-PNV2-H version is less than 1.6.0.25.00 AND Jre60.JRE60-PWV2 version is less than 1.6.0.25.00 AND Jre60.JRE60-PWV2-H version is less than 1.6.0.25.00 AND Jre60.JRE60-COM version is less than 1.6.0.25.00 AND Jre60.JRE60-COM-DOC version is less than 1.6.0.25.00 AND Jre60.JRE60-PA20 version is less than 1.6.0.25.00 AND Jre60.JRE60-PA20-HS version is less than 1.6.0.25.00 AND Jre60.JRE60-PA20W version is less than 1.6.0.25.00 AND Jre60.JRE60-PA20W-HS version is less than 1.6.0.25.00 AND Jre60.JRE60-IPF32 version is less than 1.6.0.25.00 AND Jre60.JRE60-IPF32-HS version is less than 1.6.0.25.00 AND Jre60.JRE60-IPF64 version is less than 1.6.0.25.00 AND Jre60.JRE60-IPF64-HS version is less than 1.6.0.25.00

Definition Id: oval:org.mitre.oval:def:28678

Oval ID:	oval:org.mitre.oval:def:28678
Title:	SUSE-SU-2014:1558-1 -- Security update for pure-ftpd (moderate)
Description:	ure-ftpd was updated to fix one security issue and two non-security bugs: * SSLv2 and SSLv3 have been disabled to avoid the attack named POODLE (CVE-2014-3566, bnc#902229). * Added the disable_ascii option (bnc#828469). * Fixed wait on TLS handshake (bnc#856424). Security Issues: * CVE-2014-3566 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566>
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2014:1558-1 CVE-2014-3566	Version:	3
Platform(s):	SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11	Product(s):	pure-ftpd
Definition Synopsis:
Operation system section SUSE Linux Enterprise Server 11.x is installed AND SUSE Linux Enterprise Desktop 11.x is installed AND pure-ftpd is earlier than 0:1.0.22-3.25.1

Definition Id: oval:org.mitre.oval:def:29152

Oval ID:	oval:org.mitre.oval:def:29152
Title:	Vulnerability in SSLv3 affects ftpd, sendmaild, imapd, and popd on AIX
Description:	The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-3566	Version:	5
Platform(s):	IBM AIX 6.1 IBM AIX 7.1	Product(s):
Definition Synopsis:
platforms IBM AIX 6.1 is installed AND IBM AIX 7.1 is installed AND filesets File Version Exists bos.net.tcp.server greater than or equal 6.1.0.0 AND bos.net.tcp.server less than or equal 6.1.8.18 OR File Version Exists bos.net.tcp.server greater than or equal 6.1.0.0 AND bos.net.tcp.server less than or equal 6.1.9.45 OR File Version Exists bos.net.tcp.server greater than or equal 7.1.0.0 AND bos.net.tcp.server less than or equal 7.1.2.18 OR File Version Exists bos.net.tcp.server greater than or equal 7.1.0.0 AND bos.net.tcp.server less than or equal 7.1.3.45 OR File Version Exists bos.net.tcp.client greater than or equal 6.1.0.0 AND bos.net.tcp.client less than or equal 6.1.8.19 OR File Version Exists bos.net.tcp.client greater than or equal 6.1.0.0 AND bos.net.tcp.client less than or equal 6.1.9.48 OR File Version Exists bos.net.tcp.client greater than or equal 7.1.0.0 AND bos.net.tcp.client less than or equal 7.1.2.18 OR File Version Exists bos.net.tcp.client greater than or equal 7.1.0.0 AND bos.net.tcp.client less than or equal 7.1.3.48

Definition Id: oval:org.mitre.oval:def:29233

Oval ID:	oval:org.mitre.oval:def:29233
Title:	SUSE-SU-2015:0108-1 -- Security update for evolution-data-server (moderate)
Description:	evolution-data-server was updated to disable support for SSLv3. This security issues was fixed: - SSLv3 POODLE attack (CVE-2014-3566)
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2015:0108-1 CVE-2014-3566	Version:	3
Platform(s):	SUSE Linux Enterprise Desktop 12	Product(s):	evolution-data-server
Definition Synopsis:
SUSE Linux Enterprise Desktop 12 is installed Packages match section evolution-data-server is earlier than 0:3.10.4-5.11 AND evolution-data-server-debuginfo is earlier than 0:3.10.4-5.11 AND evolution-data-server-debugsource is earlier than 0:3.10.4-5.11 AND libcamel-1_2-45 is earlier than 0:3.10.4-5.11 AND libcamel-1_2-45-32bit is earlier than 0:3.10.4-5.11 AND libcamel-1_2-45-debuginfo is earlier than 0:3.10.4-5.11 AND libcamel-1_2-45-debuginfo-32bit is earlier than 0:3.10.4-5.11 AND libebackend-1_2-7 is earlier than 0:3.10.4-5.11 AND libebackend-1_2-7-32bit is earlier than 0:3.10.4-5.11 AND libebackend-1_2-7-debuginfo is earlier than 0:3.10.4-5.11 AND libebackend-1_2-7-debuginfo-32bit is earlier than 0:3.10.4-5.11 AND libebook-1_2-14 is earlier than 0:3.10.4-5.11 AND libebook-1_2-14-32bit is earlier than 0:3.10.4-5.11 AND libebook-1_2-14-debuginfo is earlier than 0:3.10.4-5.11 AND libebook-1_2-14-debuginfo-32bit is earlier than 0:3.10.4-5.11 AND libebook-contacts-1_2-0 is earlier than 0:3.10.4-5.11 AND libebook-contacts-1_2-0-32bit is earlier than 0:3.10.4-5.11 AND libebook-contacts-1_2-0-debuginfo is earlier than 0:3.10.4-5.11 AND libebook-contacts-1_2-0-debuginfo-32bit is earlier than 0:3.10.4-5.11 AND libecal-1_2-16 is earlier than 0:3.10.4-5.11 AND libecal-1_2-16-32bit is earlier than 0:3.10.4-5.11 AND libecal-1_2-16-debuginfo is earlier than 0:3.10.4-5.11 AND libecal-1_2-16-debuginfo-32bit is earlier than 0:3.10.4-5.11 AND libedata-book-1_2-20 is earlier than 0:3.10.4-5.11 AND libedata-book-1_2-20-32bit is earlier than 0:3.10.4-5.11 AND libedata-book-1_2-20-debuginfo is earlier than 0:3.10.4-5.11 AND libedata-book-1_2-20-debuginfo-32bit is earlier than 0:3.10.4-5.11 AND libedata-cal-1_2-23 is earlier than 0:3.10.4-5.11 AND libedata-cal-1_2-23-32bit is earlier than 0:3.10.4-5.11 AND libedata-cal-1_2-23-debuginfo is earlier than 0:3.10.4-5.11 AND libedata-cal-1_2-23-debuginfo-32bit is earlier than 0:3.10.4-5.11 AND libedataserver-1_2-18 is earlier than 0:3.10.4-5.11 AND libedataserver-1_2-18-32bit is earlier than 0:3.10.4-5.11 AND libedataserver-1_2-18-debuginfo is earlier than 0:3.10.4-5.11 AND libedataserver-1_2-18-debuginfo-32bit is earlier than 0:3.10.4-5.11 AND evolution-data-server-lang is earlier than 0:3.10.4-5.11

CPE : Common Platform Enumeration

Type	Description	Count
Application	Apple Mac Os X cpe:2.3:a:apple:mac_os_x:10.5.6:::::::* cpe:2.3:a:apple:mac_os_x::::::::	2
Application	Ibm Vios cpe:2.3:a:ibm:vios:2.2.3.4:::::::* cpe:2.3:a:ibm:vios:2.2.3.3:::::::* cpe:2.3:a:ibm:vios:2.2.3.2:::::::* cpe:2.3:a:ibm:vios:2.2.3.1:::::::* cpe:2.3:a:ibm:vios:2.2.3.0:::::::* cpe:2.3:a:ibm:vios:2.2.2.5:::::::* cpe:2.3:a:ibm:vios:2.2.2.4:::::::* cpe:2.3:a:ibm:vios:2.2.2.3:::::::* cpe:2.3:a:ibm:vios:2.2.2.2:::::::* cpe:2.3:a:ibm:vios:2.2.2.1:::::::* cpe:2.3:a:ibm:vios:2.2.2.0:::::::* cpe:2.3:a:ibm:vios:2.2.1.9:::::::* cpe:2.3:a:ibm:vios:2.2.1.8:::::::* cpe:2.3:a:ibm:vios:2.2.1.7:::::::* cpe:2.3:a:ibm:vios:2.2.1.6:::::::* cpe:2.3:a:ibm:vios:2.2.1.5:::::::* cpe:2.3:a:ibm:vios:2.2.1.4:::::::* cpe:2.3:a:ibm:vios:2.2.1.3:::::::* cpe:2.3:a:ibm:vios:2.2.1.1:::::::* cpe:2.3:a:ibm:vios:2.2.1.0:::::::* cpe:2.3:a:ibm:vios:2.2.0.13:::::::* cpe:2.3:a:ibm:vios:2.2.0.12:::::::* cpe:2.3:a:ibm:vios:2.2.0.11:::::::* cpe:2.3:a:ibm:vios:2.2.0.10:::::::*	24
Application	Novell Suse Linux Enterprise Software Development Kit cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:12.0:::::::* cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:11.0:sp3::::::	2
Application	Openssl cpe:2.3:a:openssl:openssl:1.0.1i:::::::* cpe:2.3:a:openssl:openssl:1.0.1h:::::::* cpe:2.3:a:openssl:openssl:1.0.1g:::::::* cpe:2.3:a:openssl:openssl:1.0.1f:::::::* cpe:2.3:a:openssl:openssl:1.0.1e:::::::* cpe:2.3:a:openssl:openssl:1.0.1d:::::::* cpe:2.3:a:openssl:openssl:1.0.1c:::::::* cpe:2.3:a:openssl:openssl:1.0.1b:::::::* cpe:2.3:a:openssl:openssl:1.0.1a:::::::* cpe:2.3:a:openssl:openssl:1.0.1:-:::::: cpe:2.3:a:openssl:openssl:1.0.1:beta1:::::: cpe:2.3:a:openssl:openssl:1.0.1:beta3:::::: cpe:2.3:a:openssl:openssl:1.0.1:beta2:::::: cpe:2.3:a:openssl:openssl:1.0.0n:::::::* cpe:2.3:a:openssl:openssl:1.0.0m:::::::* cpe:2.3:a:openssl:openssl:1.0.0l:::::::* cpe:2.3:a:openssl:openssl:1.0.0k:::::::* cpe:2.3:a:openssl:openssl:1.0.0j:::::::* cpe:2.3:a:openssl:openssl:1.0.0i:::::::* cpe:2.3:a:openssl:openssl:1.0.0h:::::::* cpe:2.3:a:openssl:openssl:1.0.0g:::::::* cpe:2.3:a:openssl:openssl:1.0.0f:::::::* cpe:2.3:a:openssl:openssl:1.0.0e:::::::* cpe:2.3:a:openssl:openssl:1.0.0d:::::::* cpe:2.3:a:openssl:openssl:1.0.0c:::::::* cpe:2.3:a:openssl:openssl:1.0.0b:::::::* cpe:2.3:a:openssl:openssl:1.0.0a:::::::* cpe:2.3:a:openssl:openssl:1.0.0:beta3:::::: cpe:2.3:a:openssl:openssl:1.0.0:beta2:::::: cpe:2.3:a:openssl:openssl:1.0.0:beta5:::::: cpe:2.3:a:openssl:openssl:1.0.0:beta4:::::: cpe:2.3:a:openssl:openssl:1.0.0:beta1:::::: cpe:2.3:a:openssl:openssl:1.0.0:-:::::: cpe:2.3:a:openssl:openssl:0.9.8zg:::::::* cpe:2.3:a:openssl:openssl:0.9.8zf:::::::* cpe:2.3:a:openssl:openssl:0.9.8ze:::::::* cpe:2.3:a:openssl:openssl:0.9.8zc:::::::* cpe:2.3:a:openssl:openssl:0.9.8zb:::::::* cpe:2.3:a:openssl:openssl:0.9.8za:::::::* cpe:2.3:a:openssl:openssl:0.9.8z:::::::* cpe:2.3:a:openssl:openssl:0.9.8y:::::::* cpe:2.3:a:openssl:openssl:0.9.8x:::::::* cpe:2.3:a:openssl:openssl:0.9.8w:::::::* cpe:2.3:a:openssl:openssl:0.9.8v:::::::* cpe:2.3:a:openssl:openssl:0.9.8u:::::::* cpe:2.3:a:openssl:openssl:0.9.8t:::::::* cpe:2.3:a:openssl:openssl:0.9.8s:::::::* cpe:2.3:a:openssl:openssl:0.9.8r:::::::* cpe:2.3:a:openssl:openssl:0.9.8q:::::::* cpe:2.3:a:openssl:openssl:0.9.8p:::::::* cpe:2.3:a:openssl:openssl:0.9.8o:::::::* cpe:2.3:a:openssl:openssl:0.9.8n:::::::* cpe:2.3:a:openssl:openssl:0.9.8m:-:::::: cpe:2.3:a:openssl:openssl:0.9.8m:beta1:::::: cpe:2.3:a:openssl:openssl:0.9.8l:::::::* cpe:2.3:a:openssl:openssl:0.9.8k:::::::* cpe:2.3:a:openssl:openssl:0.9.8j:::::::* cpe:2.3:a:openssl:openssl:0.9.8i:::::::* cpe:2.3:a:openssl:openssl:0.9.8h:::::::* cpe:2.3:a:openssl:openssl:0.9.8g:::::::* cpe:2.3:a:openssl:openssl:0.9.8g::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.8g::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.8f:::::::* cpe:2.3:a:openssl:openssl:0.9.8f::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.8f::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.8f::::::x86: cpe:2.3:a:openssl:openssl:0.9.8e:::::::* cpe:2.3:a:openssl:openssl:0.9.8e::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.8e::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.8e::::::x86: cpe:2.3:a:openssl:openssl:0.9.8d:::::::* cpe:2.3:a:openssl:openssl:0.9.8d::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.8d::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.8d::::::x86: cpe:2.3:a:openssl:openssl:0.9.8c:::::::* cpe:2.3:a:openssl:openssl:0.9.8c::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.8c::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.8c::::::x86: cpe:2.3:a:openssl:openssl:0.9.8b:::::::* cpe:2.3:a:openssl:openssl:0.9.8a:::::::* cpe:2.3:a:openssl:openssl:0.9.8:-:::::: cpe:2.3:a:openssl:openssl:0.9.7m:::::::* cpe:2.3:a:openssl:openssl:0.9.7m::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7m::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7m::::::x86: cpe:2.3:a:openssl:openssl:0.9.7l:::::::* cpe:2.3:a:openssl:openssl:0.9.7l::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7l::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7l::::::x86: cpe:2.3:a:openssl:openssl:0.9.7k:::::::* cpe:2.3:a:openssl:openssl:0.9.7k::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7k::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7k::::::x86: cpe:2.3:a:openssl:openssl:0.9.7j:::::::* cpe:2.3:a:openssl:openssl:0.9.7j::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7j::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7j::::::x86: cpe:2.3:a:openssl:openssl:0.9.7i:::::::* cpe:2.3:a:openssl:openssl:0.9.7i::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7i::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7i::::::x86: cpe:2.3:a:openssl:openssl:0.9.7h:::::::* cpe:2.3:a:openssl:openssl:0.9.7h::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7h::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7h::::::x86: cpe:2.3:a:openssl:openssl:0.9.7g:::::::* cpe:2.3:a:openssl:openssl:0.9.7g::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7g::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7g::::::x86: cpe:2.3:a:openssl:openssl:0.9.7f:::::::* cpe:2.3:a:openssl:openssl:0.9.7f::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7f::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7f::::::x86: cpe:2.3:a:openssl:openssl:0.9.7e:::::::* cpe:2.3:a:openssl:openssl:0.9.7e::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7e::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7e::::::x86: cpe:2.3:a:openssl:openssl:0.9.7d:::::::* cpe:2.3:a:openssl:openssl:0.9.7d::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7d::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7d::::::x86: cpe:2.3:a:openssl:openssl:0.9.7c:::::::* cpe:2.3:a:openssl:openssl:0.9.7c::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7c::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7c::::::x86: cpe:2.3:a:openssl:openssl:0.9.7b:::::::* cpe:2.3:a:openssl:openssl:0.9.7b::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7b::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7b::::::x86: cpe:2.3:a:openssl:openssl:0.9.7a:::::::* cpe:2.3:a:openssl:openssl:0.9.7a::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7a::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7a::::::x86: cpe:2.3:a:openssl:openssl:0.9.7:beta3:::::: cpe:2.3:a:openssl:openssl:0.9.7:beta1:::::: cpe:2.3:a:openssl:openssl:0.9.7:-:::::: cpe:2.3:a:openssl:openssl:0.9.7:beta5:::::: cpe:2.3:a:openssl:openssl:0.9.7:beta6:::::: cpe:2.3:a:openssl:openssl:0.9.7:beta4:::::: cpe:2.3:a:openssl:openssl:0.9.7:beta2:::::: cpe:2.3:a:openssl:openssl:0.9.7:beta2:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.7:beta4:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.7:beta1:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.7:beta5:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.7:beta3:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.7::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7:beta6:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.7:beta5:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.7:beta4:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.7:beta6:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.7:beta1:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.7:beta3:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.7:beta2:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.7::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7::::::x86: cpe:2.3:a:openssl:openssl:0.9.7:beta1:::::x86:* cpe:2.3:a:openssl:openssl:0.9.7:beta2:::::x86:* cpe:2.3:a:openssl:openssl:0.9.7:beta3:::::x86:* cpe:2.3:a:openssl:openssl:0.9.7:beta4:::::x86:* cpe:2.3:a:openssl:openssl:0.9.7:beta5:::::x86:* cpe:2.3:a:openssl:openssl:0.9.7:beta6:::::x86:* cpe:2.3:a:openssl:openssl:0.9.6m:::::::* cpe:2.3:a:openssl:openssl:0.9.6m::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6m::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6m::::::x86: cpe:2.3:a:openssl:openssl:0.9.6l:::::::* cpe:2.3:a:openssl:openssl:0.9.6l::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6l::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6l::::::x86: cpe:2.3:a:openssl:openssl:0.9.6k:::::::* cpe:2.3:a:openssl:openssl:0.9.6k::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6k::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6k::::::x86: cpe:2.3:a:openssl:openssl:0.9.6j:::::::* cpe:2.3:a:openssl:openssl:0.9.6j::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6j::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6j::::::x86: cpe:2.3:a:openssl:openssl:0.9.6i:::::::* cpe:2.3:a:openssl:openssl:0.9.6i::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6i::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6i::::::x86: cpe:2.3:a:openssl:openssl:0.9.6h:::::::* cpe:2.3:a:openssl:openssl:0.9.6h:bogus:::::: cpe:2.3:a:openssl:openssl:0.9.6h::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6h::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6h::::::x86: cpe:2.3:a:openssl:openssl:0.9.6g:::::::* cpe:2.3:a:openssl:openssl:0.9.6g::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6g::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6g::::::x86: cpe:2.3:a:openssl:openssl:0.9.6f:::::::* cpe:2.3:a:openssl:openssl:0.9.6f::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6f::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6f::::::x86: cpe:2.3:a:openssl:openssl:0.9.6e:::::::* cpe:2.3:a:openssl:openssl:0.9.6e::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6e::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6e::::::x86: cpe:2.3:a:openssl:openssl:0.9.6d:-:::::: cpe:2.3:a:openssl:openssl:0.9.6d::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6d::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6d::::::x86: cpe:2.3:a:openssl:openssl:0.9.6c:::::::* cpe:2.3:a:openssl:openssl:0.9.6c::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6c::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6c::::::x86: cpe:2.3:a:openssl:openssl:0.9.6b:::::::* cpe:2.3:a:openssl:openssl:0.9.6b::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6b::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6b::::::x86: cpe:2.3:a:openssl:openssl:0.9.6a:-:::::: cpe:2.3:a:openssl:openssl:0.9.6a:beta2:::::: cpe:2.3:a:openssl:openssl:0.9.6a:beta1:::::: cpe:2.3:a:openssl:openssl:0.9.6a:beta3:::::: cpe:2.3:a:openssl:openssl:0.9.6a:beta2:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.6a::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6a:beta3:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.6a:beta1:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.6a:beta1:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.6a:beta2:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.6a:beta3:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.6a::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6a::::::x86: cpe:2.3:a:openssl:openssl:0.9.6a:beta1:::::x86:* cpe:2.3:a:openssl:openssl:0.9.6a:beta2:::::x86:* cpe:2.3:a:openssl:openssl:0.9.6a:beta3:::::x86:* cpe:2.3:a:openssl:openssl:0.9.6:beta2:::::: cpe:2.3:a:openssl:openssl:0.9.6:-:::::: cpe:2.3:a:openssl:openssl:0.9.6:beta3:::::: cpe:2.3:a:openssl:openssl:0.9.6:beta1:::::: cpe:2.3:a:openssl:openssl:0.9.6:beta2:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.6::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6:beta1:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.6:beta3:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.6:beta1:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.6:beta3:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.6:beta2:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.6::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6::::::x86: cpe:2.3:a:openssl:openssl:0.9.6:beta1:::::x86:* cpe:2.3:a:openssl:openssl:0.9.6:beta2:::::x86:* cpe:2.3:a:openssl:openssl:0.9.6:beta3:::::x86:* cpe:2.3:a:openssl:openssl:0.9.5a:beta2:::::: cpe:2.3:a:openssl:openssl:0.9.5a:beta1:::::: cpe:2.3:a:openssl:openssl:0.9.5a:-:::::: cpe:2.3:a:openssl:openssl:0.9.5a:beta2:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.5a::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.5a:beta1:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.5a::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.5a:beta1:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.5a:beta2:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.5a::::::x86: cpe:2.3:a:openssl:openssl:0.9.5a:beta1:::::x86:* cpe:2.3:a:openssl:openssl:0.9.5a:beta2:::::x86:* cpe:2.3:a:openssl:openssl:0.9.5:beta1:::::: cpe:2.3:a:openssl:openssl:0.9.5:-:::::: cpe:2.3:a:openssl:openssl:0.9.5:beta2:::::: cpe:2.3:a:openssl:openssl:0.9.5:beta2:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.5:beta1:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.5::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.5:beta1:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.5:beta2:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.5::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.5::::::x86: cpe:2.3:a:openssl:openssl:0.9.5:beta1:::::x86:* cpe:2.3:a:openssl:openssl:0.9.5:beta2:::::x86:* cpe:2.3:a:openssl:openssl:0.9.4:::::::* cpe:2.3:a:openssl:openssl:0.9.4::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.4::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.4::::::x86: cpe:2.3:a:openssl:openssl:0.9.3a:::::::* cpe:2.3:a:openssl:openssl:0.9.3a::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.3a::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.3a::::::x86: cpe:2.3:a:openssl:openssl:0.9.3:-:::::: cpe:2.3:a:openssl:openssl:0.9.3::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.3::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.3::::::x86: cpe:2.3:a:openssl:openssl:0.9.2b:::::::* cpe:2.3:a:openssl:openssl:0.9.2b::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.2b::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.2b::::::x86: cpe:2.3:a:openssl:openssl:0.9.1c:::::::* cpe:2.3:a:openssl:openssl:0.9.1c::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.1c::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.1c::::::x86: cpe:2.3:a:openssl:openssl:0.9.1b:::::::* cpe:2.3:a:openssl:openssl:0.9.0b:::::::* cpe:2.3:a:openssl:openssl:::::::: cpe:2.3:a:openssl:openssl:::openvms:::::* cpe:2.3:a:openssl:openssl:-:::::::*	291
Application	Oracle Database cpe:2.3:a:oracle:database:12.1.0.2:::::::* cpe:2.3:a:oracle:database:11.2.0.4:::::::*	2
Os	Apple Mac Os X cpe:2.3:o:apple:mac_os_x:10.9.5:::::::* cpe:2.3:o:apple:mac_os_x:10.9.4:::::::* cpe:2.3:o:apple:mac_os_x:10.9.3:::::::* cpe:2.3:o:apple:mac_os_x:10.9.2:::::::* cpe:2.3:o:apple:mac_os_x:10.9.1:::::::* cpe:2.3:o:apple:mac_os_x:10.9:::::::* cpe:2.3:o:apple:mac_os_x:10.8.5:::::::* cpe:2.3:o:apple:mac_os_x:10.8.5:supplemental_update:::::: cpe:2.3:o:apple:mac_os_x:10.8.4:::::::* cpe:2.3:o:apple:mac_os_x:10.8.3:::::::* cpe:2.3:o:apple:mac_os_x:10.8.2:::::::* cpe:2.3:o:apple:mac_os_x:10.8.1:::::::* cpe:2.3:o:apple:mac_os_x:10.8.0:::::::* cpe:2.3:o:apple:mac_os_x:10.7.5:::::::* cpe:2.3:o:apple:mac_os_x:10.7.4:::::::* cpe:2.3:o:apple:mac_os_x:10.7.3:::::::* cpe:2.3:o:apple:mac_os_x:10.7.2:::::::* cpe:2.3:o:apple:mac_os_x:10.7.1:::::::* cpe:2.3:o:apple:mac_os_x:10.7.0:::::::* cpe:2.3:o:apple:mac_os_x:10.6.9:::::::* cpe:2.3:o:apple:mac_os_x:10.6.8:::::::* cpe:2.3:o:apple:mac_os_x:10.6.7:::::::* cpe:2.3:o:apple:mac_os_x:10.6.6:::::::* cpe:2.3:o:apple:mac_os_x:10.6.5:::::::* cpe:2.3:o:apple:mac_os_x:10.6.4:::::::* cpe:2.3:o:apple:mac_os_x:10.6.3:::::::* cpe:2.3:o:apple:mac_os_x:10.6.2:::::::* cpe:2.3:o:apple:mac_os_x:10.6.1:::::::* cpe:2.3:o:apple:mac_os_x:10.6.1::server::::: cpe:2.3:o:apple:mac_os_x:10.6.0:::::::* cpe:2.3:o:apple:mac_os_x:10.6:::::::* cpe:2.3:o:apple:mac_os_x:10.6:server:::::: cpe:2.3:o:apple:mac_os_x:10.5.8:::::::* cpe:2.3:o:apple:mac_os_x:10.5.8::server::::: cpe:2.3:o:apple:mac_os_x:10.5.7:::::::* cpe:2.3:o:apple:mac_os_x:10.5.6:::::::* cpe:2.3:o:apple:mac_os_x:10.5.5:::::::* cpe:2.3:o:apple:mac_os_x:10.5.4:::::::* cpe:2.3:o:apple:mac_os_x:10.5.3:::::::* cpe:2.3:o:apple:mac_os_x:10.5.2:::::::* cpe:2.3:o:apple:mac_os_x:10.5.2:2008-002:::::: cpe:2.3:o:apple:mac_os_x:10.5.1:::::::* cpe:2.3:o:apple:mac_os_x:10.5.0:::::::* cpe:2.3:o:apple:mac_os_x:10.5:::::::* cpe:2.3:o:apple:mac_os_x:10.4.9:::::::* cpe:2.3:o:apple:mac_os_x:10.4.8:::::::* cpe:2.3:o:apple:mac_os_x:10.4.8::macbook::::: cpe:2.3:o:apple:mac_os_x:10.4.8::mac_mini::::: cpe:2.3:o:apple:mac_os_x:10.4.8::macbook_pro::::: cpe:2.3:o:apple:mac_os_x:10.4.7:::::::* cpe:2.3:o:apple:mac_os_x:10.4.6:::::::* cpe:2.3:o:apple:mac_os_x:10.4.5:::::::* cpe:2.3:o:apple:mac_os_x:10.4.4:::::::* cpe:2.3:o:apple:mac_os_x:10.4.3:::::::* cpe:2.3:o:apple:mac_os_x:10.4.2:::::::* cpe:2.3:o:apple:mac_os_x:10.4.11:::::::* cpe:2.3:o:apple:mac_os_x:10.4.10:::::::* cpe:2.3:o:apple:mac_os_x:10.4.1:::::::* cpe:2.3:o:apple:mac_os_x:10.4.0:::::::* cpe:2.3:o:apple:mac_os_x:10.4.:::::::* cpe:2.3:o:apple:mac_os_x:10.4:::::::* cpe:2.3:o:apple:mac_os_x:10.3.9:::::::* cpe:2.3:o:apple:mac_os_x:10.3.8:::::::* cpe:2.3:o:apple:mac_os_x:10.3.7:::::::* cpe:2.3:o:apple:mac_os_x:10.3.6:::::::* cpe:2.3:o:apple:mac_os_x:10.3.5:::::::* cpe:2.3:o:apple:mac_os_x:10.3.4:::::::* cpe:2.3:o:apple:mac_os_x:10.3.3:::::::* cpe:2.3:o:apple:mac_os_x:10.3.2:::::::* cpe:2.3:o:apple:mac_os_x:10.3.1:::::::* cpe:2.3:o:apple:mac_os_x:10.3.0:::::::* cpe:2.3:o:apple:mac_os_x:10.3:::::::* cpe:2.3:o:apple:mac_os_x:10.2.8:::::::* cpe:2.3:o:apple:mac_os_x:10.2.7:::::::* cpe:2.3:o:apple:mac_os_x:10.2.6:::::::* cpe:2.3:o:apple:mac_os_x:10.2.5:::::::* cpe:2.3:o:apple:mac_os_x:10.2.4:::::::* cpe:2.3:o:apple:mac_os_x:10.2.3:::::::* cpe:2.3:o:apple:mac_os_x:10.2.2:::::::* cpe:2.3:o:apple:mac_os_x:10.2.1:::::::* cpe:2.3:o:apple:mac_os_x:10.2.0:::::::* cpe:2.3:o:apple:mac_os_x:10.2:::::::* cpe:2.3:o:apple:mac_os_x:10.10.1:::::::* cpe:2.3:o:apple:mac_os_x:10.10.0:::::::* cpe:2.3:o:apple:mac_os_x:10.1.5:::::::* cpe:2.3:o:apple:mac_os_x:10.1.4:::::::* cpe:2.3:o:apple:mac_os_x:10.1.3:::::::* cpe:2.3:o:apple:mac_os_x:10.1.2:::::::* cpe:2.3:o:apple:mac_os_x:10.1.1:::::::* cpe:2.3:o:apple:mac_os_x:10.1.0:::::::* cpe:2.3:o:apple:mac_os_x:10.1:::::::* cpe:2.3:o:apple:mac_os_x:10.0.4:::::::* cpe:2.3:o:apple:mac_os_x:10.0.3:::::::* cpe:2.3:o:apple:mac_os_x:10.0.2:::::::* cpe:2.3:o:apple:mac_os_x:10.0.1:::::::* cpe:2.3:o:apple:mac_os_x:10.0.0:::::::* cpe:2.3:o:apple:mac_os_x:10.0:::::::* cpe:2.3:o:apple:mac_os_x:::::::: cpe:2.3:o:apple:mac_os_x:-:::::::*	99
Os	Debian Debian Linux cpe:2.3:o:debian:debian_linux:8.0:::::::* cpe:2.3:o:debian:debian_linux:7.0:::::::*	2
Os	Fedoraproject Fedora cpe:2.3:o:fedoraproject:fedora:21:::::::* cpe:2.3:o:fedoraproject:fedora:20:::::::* cpe:2.3:o:fedoraproject:fedora:19:::::::*	3
Os	Ibm Aix cpe:2.3:o:ibm:aix:7.1:::::::* cpe:2.3:o:ibm:aix:6.1:::::::* cpe:2.3:o:ibm:aix:5.3:::::::*	3
Os	Mageia cpe:2.3:o:mageia:mageia:4.0:::::::* cpe:2.3:o:mageia:mageia:3.0:::::::*	2
Os	Netbsd cpe:2.3:o:netbsd:netbsd:6.1.5:::::::* cpe:2.3:o:netbsd:netbsd:6.1.4:::::::* cpe:2.3:o:netbsd:netbsd:6.1.3:::::::* cpe:2.3:o:netbsd:netbsd:6.1.2:::::::* cpe:2.3:o:netbsd:netbsd:6.1.1:::::::* cpe:2.3:o:netbsd:netbsd:6.1:::::::* cpe:2.3:o:netbsd:netbsd:6.0.6:::::::* cpe:2.3:o:netbsd:netbsd:6.0.5:::::::* cpe:2.3:o:netbsd:netbsd:6.0.4:::::::* cpe:2.3:o:netbsd:netbsd:6.0.3:::::::* cpe:2.3:o:netbsd:netbsd:6.0.2:::::::* cpe:2.3:o:netbsd:netbsd:6.0.1:::::::* cpe:2.3:o:netbsd:netbsd:6.0:::::::* cpe:2.3:o:netbsd:netbsd:6.0:beta:::::: cpe:2.3:o:netbsd:netbsd:5.2.2:::::::* cpe:2.3:o:netbsd:netbsd:5.2.1:::::::* cpe:2.3:o:netbsd:netbsd:5.2:::::::* cpe:2.3:o:netbsd:netbsd:5.1.4:::::::* cpe:2.3:o:netbsd:netbsd:5.1.3:::::::* cpe:2.3:o:netbsd:netbsd:5.1.2:::::::* cpe:2.3:o:netbsd:netbsd:5.1.1:::::::* cpe:2.3:o:netbsd:netbsd:5.1:::::::*	22
Os	Novell Suse Linux Enterprise Desktop cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:-:::::: cpe:2.3:o:novell:suse_linux_enterprise_desktop:11.0:::::::* cpe:2.3:o:novell:suse_linux_enterprise_desktop:10.0:::::::* cpe:2.3:o:novell:suse_linux_enterprise_desktop:9.0:::::::*	4
Os	Novell Suse Linux Enterprise Server cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:-:::::: cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:sp3::::vmware::*	2
Os	Opensuse cpe:2.3:o:opensuse:opensuse:13.1:::::::* cpe:2.3:o:opensuse:opensuse:12.3:::::::*	2
Os	Opensuse Suse Linux Enterprise Server cpe:2.3:o:opensuse:suse_linux_enterprise_server:11.0:sp3::::::	1
Os	Redhat Enterprise Linux cpe:2.3:o:redhat:enterprise_linux:5:::::::*	1
Os	Redhat Enterprise Linux Desktop cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::* cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*	2
Os	Redhat Enterprise Linux Desktop Supplementary cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:6.0:::::::* cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:5.0:::::::*	2
Os	Redhat Enterprise Linux Server cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::* cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*	2
Os	Redhat Enterprise Linux Server Supplementary cpe:2.3:o:redhat:enterprise_linux_server_supplementary:7.0:::::::* cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.0:::::::* cpe:2.3:o:redhat:enterprise_linux_server_supplementary:5.0:::::::*	3
Os	Redhat Enterprise Linux Workstation cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::* cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*	2
Os	Redhat Enterprise Linux Workstation Supplementary cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:7.0:::::::* cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:6.0:::::::*	2

OpenVAS Exploits

Date	Description
2014-10-16	Name : POODLE SSLv3 Protocol CBC ciphers Information Disclosure Vulnerability File : nvt/gb_poodel_sslv3_info_disc_vuln.nasl

Information Assurance Vulnerability Management (IAVM)

Date	Description
2015-07-16	IAVM : 2015-A-0154 - Multiple Vulnerabilities in Oracle Fusion Middleware Severity : Category I - VMSKEY : V0061081
2015-02-05	IAVM : 2015-B-0014 - Multiple Vulnerabilities in VMware ESXi 5.5 Severity : Category I - VMSKEY : V0058513
2015-02-05	IAVM : 2015-B-0013 - Multiple Vulnerabilities in VMware ESXi 5.1 Severity : Category I - VMSKEY : V0058515
2015-02-05	IAVM : 2015-B-0012 - Multiple Vulnerabilities in VMware ESXi 5.0 Severity : Category I - VMSKEY : V0058517
2015-01-22	IAVM : 2015-B-0007 - Multiple Vulnerabilities in Juniper Secure Analytics (JSA) and Security Threa... Severity : Category I - VMSKEY : V0058213

Snort® IPS/IDS

Date	Description
2019-10-10	OpenSSL DTLS SRTP extension parsing denial-of-service attempt RuleID : 51460 - Revision : 1 - Type : SERVER-OTHER
2019-10-01	OpenSSL TLS anomalous ascii client session ticket RuleID : 51354 - Revision : 1 - Type : SERVER-OTHER
2019-10-01	OpenSSL TLS anomalous ascii client session ticket RuleID : 51353 - Revision : 1 - Type : SERVER-OTHER
2019-10-01	OpenSSL TLS anomalous ascii client session ticket RuleID : 51352 - Revision : 1 - Type : SERVER-OTHER
2019-10-01	OpenSSL TLS anomalous ascii client session ticket RuleID : 51351 - Revision : 1 - Type : SERVER-OTHER
2019-10-01	OpenSSL TLS anomalous ascii session ticket RuleID : 51350 - Revision : 1 - Type : SERVER-OTHER
2019-10-01	OpenSSL TLS anomalous ascii session ticket RuleID : 51349 - Revision : 1 - Type : SERVER-OTHER
2019-10-01	OpenSSL TLS anomalous ascii session ticket RuleID : 51348 - Revision : 1 - Type : SERVER-OTHER
2019-10-01	OpenSSL TLS anomalous ascii session ticket RuleID : 51347 - Revision : 1 - Type : SERVER-OTHER
2019-10-01	OpenSSL TLS anomalous non-zero length session ticket in client hello RuleID : 51346 - Revision : 1 - Type : SERVER-OTHER
2019-10-01	OpenSSL TLS anomalous non-zero length session ticket in client hello RuleID : 51345 - Revision : 1 - Type : SERVER-OTHER
2019-10-01	OpenSSL TLS anomalous non-zero length session ticket in client hello RuleID : 51344 - Revision : 1 - Type : SERVER-OTHER
2019-10-01	OpenSSL TLS anomalous non-zero length session ticket in client hello RuleID : 51343 - Revision : 1 - Type : SERVER-OTHER
2014-12-18	SSLv3 CBC client connection attempt RuleID : 32566 - Revision : 2 - Type : POLICY-OTHER
2014-12-11	OpenSSL TLS large number of session tickets sent - possible dos attempt RuleID : 32468 - Revision : 3 - Type : SERVER-OTHER
2014-12-11	OpenSSL TLS large number of session tickets sent - possible dos attempt RuleID : 32467 - Revision : 3 - Type : SERVER-OTHER
2014-12-11	OpenSSL TLS large number of session tickets sent - possible dos attempt RuleID : 32466 - Revision : 3 - Type : SERVER-OTHER
2014-12-11	OpenSSL TLS large number of session tickets sent - possible dos attempt RuleID : 32465 - Revision : 3 - Type : SERVER-OTHER
2014-12-09	OpenSSL DTLS SRTP extension parsing denial-of-service attempt RuleID : 32382 - Revision : 6 - Type : SERVER-OTHER
2014-12-09	OpenSSL DTLS SRTP extension parsing denial-of-service attempt RuleID : 32381 - Revision : 7 - Type : SERVER-OTHER
2014-11-19	SSLv3 POODLE CBC padding brute force attempt RuleID : 32205 - Revision : 5 - Type : SERVER-OTHER
2014-11-19	SSLv3 POODLE CBC padding brute force attempt RuleID : 32204 - Revision : 5 - Type : SERVER-OTHER

Nessus® Vulnerability Scanner

Date	Description
2017-12-07	Name : The remote host is potentially affected by an SSL/TLS vulnerability. File : check_point_gaia_sk103683.nasl - Type : ACT_GATHER_INFO
2017-07-20	Name : The remote database server is affected by multiple vulnerabilities. File : oracle_rdbms_cpu_jul_2017.nasl - Type : ACT_GATHER_INFO
2017-04-12	Name : The remote openSUSE host is missing a security update. File : openSUSE-2017-459.nasl - Type : ACT_GATHER_INFO
2017-01-10	Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_03532a19d68e11e6917114dae9d210b8.nasl - Type : ACT_GATHER_INFO
2016-11-23	Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-1339.nasl - Type : ACT_GATHER_INFO
2016-09-28	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-2396-1.nasl - Type : ACT_GATHER_INFO
2016-09-19	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-2329-1.nasl - Type : ACT_GATHER_INFO
2016-09-13	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-2285-1.nasl - Type : ACT_GATHER_INFO
2016-06-27	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201606-11.nasl - Type : ACT_GATHER_INFO
2016-06-17	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-1457-1.nasl - Type : ACT_GATHER_INFO
2016-05-13	Name : A web application running on the remote host is affected by multiple vulnerab... File : solarwinds_srm_profiler_6_2_3.nasl - Type : ACT_GATHER_INFO
2016-04-14	Name : The application installed on the remote host is affected by an information di... File : ibm_domino_swg21693142.nasl - Type : ACT_GATHER_INFO
2016-03-04	Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-294.nasl - Type : ACT_GATHER_INFO
2016-02-25	Name : The remote Debian host is missing a security-related update. File : debian_DSA-3489.nasl - Type : ACT_GATHER_INFO
2016-01-25	Name : The remote Debian host is missing a security update. File : debian_DLA-400.nasl - Type : ACT_GATHER_INFO
2015-12-11	Name : The remote multi-function device is affected by multiple vulnerabilities. File : xerox_xrx15ad_colorqube.nasl - Type : ACT_GATHER_INFO
2015-12-11	Name : The remote multi-function device is affected by multiple vulnerabilities. File : xerox_xrx15aj.nasl - Type : ACT_GATHER_INFO
2015-12-11	Name : The remote multi-function device is affected by multiple vulnerabilities. File : xerox_xrx15am.nasl - Type : ACT_GATHER_INFO
2015-11-20	Name : The remote host is running a remote management application that is affected b... File : solarwinds_dameware_mini_remote_control_v12_0_hotfix_2.nasl - Type : ACT_GATHER_INFO
2015-10-16	Name : The remote Fedora host is missing a security update. File : fedora_2015-9090.nasl - Type : ACT_GATHER_INFO
2015-10-16	Name : The remote Fedora host is missing a security update. File : fedora_2015-9110.nasl - Type : ACT_GATHER_INFO
2015-10-02	Name : The remote Mac OS X host has an application installed that is affected by mul... File : macosx_xcode_7_0.nasl - Type : ACT_GATHER_INFO
2015-08-03	Name : The remote web server is affected by multiple vulnerabilities. File : hpsmh_7_4_1.nasl - Type : ACT_GATHER_INFO
2015-07-27	Name : The remote Debian host is missing a security update. File : debian_DLA-282.nasl - Type : ACT_GATHER_INFO
2015-07-14	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201507-14.nasl - Type : ACT_GATHER_INFO
2015-06-19	Name : The remote AIX host is missing a security patch. File : aix_IV69768.nasl - Type : ACT_GATHER_INFO
2015-06-19	Name : The remote AIX host is missing a security patch. File : aix_IV73316.nasl - Type : ACT_GATHER_INFO
2015-06-19	Name : The remote AIX host is missing a security patch. File : aix_IV73319.nasl - Type : ACT_GATHER_INFO
2015-06-19	Name : The remote AIX host is missing a security patch. File : aix_IV73324.nasl - Type : ACT_GATHER_INFO
2015-06-19	Name : The remote AIX host is missing a security patch. File : aix_IV73416.nasl - Type : ACT_GATHER_INFO
2015-06-19	Name : The remote AIX host is missing a security patch. File : aix_IV73417.nasl - Type : ACT_GATHER_INFO
2015-06-19	Name : The remote AIX host is missing a security patch. File : aix_IV73418.nasl - Type : ACT_GATHER_INFO
2015-06-19	Name : The remote AIX host is missing a security patch. File : aix_IV73419.nasl - Type : ACT_GATHER_INFO
2015-06-19	Name : The remote AIX host is missing a security patch. File : aix_IV73973.nasl - Type : ACT_GATHER_INFO
2015-06-19	Name : The remote AIX host is missing a security patch. File : aix_IV73974.nasl - Type : ACT_GATHER_INFO
2015-06-19	Name : The remote AIX host is missing a security patch. File : aix_IV73975.nasl - Type : ACT_GATHER_INFO
2015-06-19	Name : The remote AIX host is missing a security patch. File : aix_IV73976.nasl - Type : ACT_GATHER_INFO
2015-06-12	Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2015-0068.nasl - Type : ACT_GATHER_INFO
2015-05-26	Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_384fc0b2014411e58fda002590263bf5.nasl - Type : ACT_GATHER_INFO
2015-05-20	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2014-1387-1.nasl - Type : ACT_GATHER_INFO
2015-05-20	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2014-1512-1.nasl - Type : ACT_GATHER_INFO
2015-05-20	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2014-1524-1.nasl - Type : ACT_GATHER_INFO
2015-05-20	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-0503-1.nasl - Type : ACT_GATHER_INFO
2015-05-11	Name : The remote Debian host is missing a security-related update. File : debian_DSA-3253.nasl - Type : ACT_GATHER_INFO
2015-05-01	Name : The remote host has a virtualization management application installed that is... File : vmware_vcenter_vmsa-2015-0003.nasl - Type : ACT_GATHER_INFO
2015-04-28	Name : The remote host is missing a security update for OS X Server. File : macosx_server_4_1.nasl - Type : ACT_GATHER_INFO
2015-04-20	Name : The remote web server is affected by multiple vulnerabilities. File : glassfish_cpu_apr_2015.nasl - Type : ACT_GATHER_INFO
2015-04-20	Name : The remote Windows host has an application installed that is affected by mult... File : vmware_vcenter_chargeback_manager_vmsa_2015_0003.nasl - Type : ACT_GATHER_INFO
2015-04-13	Name : The remote Windows host has an application installed that is affected by mult... File : vmware_horizon_view_VMSA-2015-0003.nasl - Type : ACT_GATHER_INFO
2015-04-13	Name : The remote host has a device management application installed that is affecte... File : vmware_workspace_portal_vmsa2015-0003.nasl - Type : ACT_GATHER_INFO
2015-04-10	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2015-198.nasl - Type : ACT_GATHER_INFO
2015-04-10	Name : The remote Linux host has a virtualization application installed that is miss... File : vcenter_operations_manager_vmsa_2015-0003-linux.nasl - Type : ACT_GATHER_INFO
2015-04-10	Name : The remote host has a virtualization application installed that is missing a ... File : vcenter_operations_manager_vmsa_2015-0003-vapp.nasl - Type : ACT_GATHER_INFO
2015-04-10	Name : The remote Windows host has a virtualization application installed that is mi... File : vcenter_operations_manager_vmsa_2015-0003-win.nasl - Type : ACT_GATHER_INFO
2015-03-30	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2015-062.nasl - Type : ACT_GATHER_INFO
2015-03-26	Name : The remote Debian host is missing a security update. File : debian_DLA-157.nasl - Type : ACT_GATHER_INFO
2015-03-26	Name : The remote Debian host is missing a security update. File : debian_DLA-81.nasl - Type : ACT_GATHER_INFO
2015-03-20	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-0698.nasl - Type : ACT_GATHER_INFO
2015-03-17	Name : The remote application server is affected by multiple vulnerabilities. File : websphere_7_0_0_37.nasl - Type : ACT_GATHER_INFO
2015-03-12	Name : The remote host has software installed that is affected by multiple vulnerabi... File : ibm_rational_clearquest_8_0_1_6.nasl - Type : ACT_GATHER_INFO
2015-03-05	Name : The remote Apache Tomcat server is affected by multiple vulnerabilities. File : tomcat_6_0_43.nasl - Type : ACT_GATHER_INFO
2015-03-05	Name : The remote Apache Tomcat server is affected by multiple vulnerabilities. File : tomcat_7_0_57.nasl - Type : ACT_GATHER_INFO
2015-03-05	Name : The remote Apache Tomcat server is affected by multiple vulnerabilities. File : tomcat_8_0_15.nasl - Type : ACT_GATHER_INFO
2015-02-25	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-0264.nasl - Type : ACT_GATHER_INFO
2015-02-24	Name : The remote AIX host has a version of Java SDK installed that is affected by m... File : aix_java_feb2015_advisory.nasl - Type : ACT_GATHER_INFO
2015-02-20	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_7_0-openjdk-150206.nasl - Type : ACT_GATHER_INFO
2015-02-18	Name : The remote application server is affected by multiple vulnerabilities. File : websphere_8_0_0_10.nasl - Type : ACT_GATHER_INFO
2015-02-13	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2015-480.nasl - Type : ACT_GATHER_INFO
2015-02-09	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2015-033.nasl - Type : ACT_GATHER_INFO
2015-02-06	Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2015-0126.nasl - Type : ACT_GATHER_INFO
2015-02-03	Name : The remote openSUSE host is missing a security update. File : openSUSE-2015-91.nasl - Type : ACT_GATHER_INFO
2015-02-03	Name : The remote host has a virtualization management application installed that is... File : vmware_vcenter_vmsa-2015-0001.nasl - Type : ACT_GATHER_INFO
2015-02-02	Name : The remote Debian host is missing a security-related update. File : debian_DSA-3147.nasl - Type : ACT_GATHER_INFO
2015-01-30	Name : The remote Debian host is missing a security-related update. File : debian_DSA-3144.nasl - Type : ACT_GATHER_INFO
2015-01-29	Name : The remote host is missing a Mac OS X update that fixes multiple vulnerabilit... File : macosx_10_10_2.nasl - Type : ACT_GATHER_INFO
2015-01-29	Name : The remote host is missing a Mac OS X update that fixes multiple security iss... File : macosx_SecUpd2015-001.nasl - Type : ACT_GATHER_INFO
2015-01-29	Name : The remote VMware ESXi host is missing one or more security-related patches. File : vmware_VMSA-2015-0001.nasl - Type : ACT_GATHER_INFO
2015-01-29	Name : The remote VMware ESXi 5.5 host is affected by multiple vulnerabilities. File : vmware_esxi_5_5_build_2352327_remote.nasl - Type : ACT_GATHER_INFO
2015-01-28	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2486-1.nasl - Type : ACT_GATHER_INFO
2015-01-28	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2487-1.nasl - Type : ACT_GATHER_INFO
2015-01-27	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2015-0085.nasl - Type : ACT_GATHER_INFO
2015-01-27	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2015-0085.nasl - Type : ACT_GATHER_INFO
2015-01-27	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-0085.nasl - Type : ACT_GATHER_INFO
2015-01-27	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-0086.nasl - Type : ACT_GATHER_INFO
2015-01-27	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20150126_java_1_6_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2015-01-23	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2015-471.nasl - Type : ACT_GATHER_INFO
2015-01-23	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2015-472.nasl - Type : ACT_GATHER_INFO
2015-01-23	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-0079.nasl - Type : ACT_GATHER_INFO
2015-01-23	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-0080.nasl - Type : ACT_GATHER_INFO
2015-01-22	Name : The remote caching server is affected by multiple vulnerabilities. File : apache_traffic_server_511.nasl - Type : ACT_GATHER_INFO
2015-01-22	Name : The remote Windows host contains a programming platform that is affected by m... File : oracle_java_cpu_jan_2015.nasl - Type : ACT_GATHER_INFO
2015-01-22	Name : The remote Unix host contains a programming platform that is affected by mult... File : oracle_java_cpu_jan_2015_unix.nasl - Type : ACT_GATHER_INFO
2015-01-22	Name : The remote host has a version of Oracle Secure Global Desktop that is affecte... File : oracle_secure_global_desktop_jan_2015_cpu.nasl - Type : ACT_GATHER_INFO
2015-01-22	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2015-0067.nasl - Type : ACT_GATHER_INFO
2015-01-22	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2015-0068.nasl - Type : ACT_GATHER_INFO
2015-01-22	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2015-0069.nasl - Type : ACT_GATHER_INFO
2015-01-22	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20150121_java_1_7_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2015-01-22	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20150121_java_1_7_0_openjdk_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2015-01-22	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20150121_java_1_8_0_openjdk_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2015-01-21	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2015-0067.nasl - Type : ACT_GATHER_INFO
2015-01-21	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2015-0068.nasl - Type : ACT_GATHER_INFO
2015-01-21	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2015-0069.nasl - Type : ACT_GATHER_INFO
2015-01-21	Name : A clustered file system on the remote host is affected by multiple vulnerabil... File : ibm_gpfs_isg3T1021546_windows.nasl - Type : ACT_GATHER_INFO
2015-01-21	Name : The remote Windows host contains a programming platform that is affected by m... File : oracle_jrockit_cpu_jan_2015.nasl - Type : ACT_GATHER_INFO
2015-01-21	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-0067.nasl - Type : ACT_GATHER_INFO
2015-01-21	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-0068.nasl - Type : ACT_GATHER_INFO
2015-01-21	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-0069.nasl - Type : ACT_GATHER_INFO
2015-01-19	Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_openssl_20141104.nasl - Type : ACT_GATHER_INFO
2015-01-13	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2015-469.nasl - Type : ACT_GATHER_INFO
2015-01-07	Name : The remote application server is affected by multiple vulnerabilities. File : websphere_8_5_5_4.nasl - Type : ACT_GATHER_INFO
2015-01-06	Name : The remote Fedora host is missing one or more security updates. File : fedora_2014-14237.nasl - Type : ACT_GATHER_INFO
2015-01-06	Name : The remote SuSE 11 host is missing a security update. File : suse_11_suseRegister-141121.nasl - Type : ACT_GATHER_INFO
2015-01-02	Name : The remote Fedora host is missing a security update. File : fedora_2014-17576.nasl - Type : ACT_GATHER_INFO
2015-01-02	Name : The remote Fedora host is missing a security update. File : fedora_2014-17587.nasl - Type : ACT_GATHER_INFO
2014-12-30	Name : The remote application is affected by multiple denial of service vulnerabilit... File : securitycenter_openssl_1_0_1j.nasl - Type : ACT_GATHER_INFO
2014-12-29	Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL15722.nasl - Type : ACT_GATHER_INFO
2014-12-29	Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL15723.nasl - Type : ACT_GATHER_INFO
2014-12-26	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201412-39.nasl - Type : ACT_GATHER_INFO
2014-12-16	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2014-252.nasl - Type : ACT_GATHER_INFO
2014-12-15	Name : The remote Fedora host is missing one or more security updates. File : fedora_2014-15379.nasl - Type : ACT_GATHER_INFO
2014-12-15	Name : The remote Fedora host is missing one or more security updates. File : fedora_2014-15390.nasl - Type : ACT_GATHER_INFO
2014-12-15	Name : The remote Fedora host is missing one or more security updates. File : fedora_2014-15411.nasl - Type : ACT_GATHER_INFO
2014-12-05	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_compat-openssl097g-141202.nasl - Type : ACT_GATHER_INFO
2014-12-05	Name : The remote SuSE 11 host is missing a security update. File : suse_11_pure-ftpd-141120.nasl - Type : ACT_GATHER_INFO
2014-12-04	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-1948.nasl - Type : ACT_GATHER_INFO
2014-12-04	Name : A web application installed on the remote host is affected by an information ... File : hp_sitescope_hpsbmu03184.nasl - Type : ACT_GATHER_INFO
2014-12-04	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20141202_nss__nss_util__and_nss_softokn_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2014-12-04	Name : The remote web server contains an application that is affected by multiple vu... File : splunk_5011.nasl - Type : ACT_GATHER_INFO
2014-12-04	Name : The remote web server contains an application that is affected by multiple vu... File : splunk_607.nasl - Type : ACT_GATHER_INFO
2014-12-03	Name : The remote device is missing a vendor-supplied security update. File : cisco-sa-20141015-poodle-wlc.nasl - Type : ACT_GATHER_INFO
2014-12-03	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-1948.nasl - Type : ACT_GATHER_INFO
2014-12-03	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1948.nasl - Type : ACT_GATHER_INFO
2014-12-01	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-ibm-141119.nasl - Type : ACT_GATHER_INFO
2014-12-01	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_7_0-ibm-141121.nasl - Type : ACT_GATHER_INFO
2014-11-28	Name : The remote AIX host has a version of Java SDK installed that is affected by m... File : aix_java_oct2014_advisory.nasl - Type : ACT_GATHER_INFO
2014-11-28	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_evolution-data-server-141114.nasl - Type : ACT_GATHER_INFO
2014-11-26	Name : The remote printer service is potentially affected by an information disclosu... File : cups_2_0_1.nasl - Type : ACT_GATHER_INFO
2014-11-26	Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2014-0032.nasl - Type : ACT_GATHER_INFO
2014-11-26	Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2014-0037.nasl - Type : ACT_GATHER_INFO
2014-11-26	Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2014-0038.nasl - Type : ACT_GATHER_INFO
2014-11-26	Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2014-0039.nasl - Type : ACT_GATHER_INFO
2014-11-26	Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2014-0040.nasl - Type : ACT_GATHER_INFO
2014-11-26	Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2014-0041.nasl - Type : ACT_GATHER_INFO
2014-11-24	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201411-10.nasl - Type : ACT_GATHER_INFO
2014-11-24	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2014-218.nasl - Type : ACT_GATHER_INFO
2014-11-21	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1880.nasl - Type : ACT_GATHER_INFO
2014-11-21	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1881.nasl - Type : ACT_GATHER_INFO
2014-11-21	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1882.nasl - Type : ACT_GATHER_INFO
2014-11-20	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1876.nasl - Type : ACT_GATHER_INFO
2014-11-20	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1877.nasl - Type : ACT_GATHER_INFO
2014-11-19	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libwsman-devel-141021.nasl - Type : ACT_GATHER_INFO
2014-11-17	Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-671.nasl - Type : ACT_GATHER_INFO
2014-11-13	Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-647.nasl - Type : ACT_GATHER_INFO
2014-11-12	Name : The remote device is affected by a man-in-the-middle (MitM) information discl... File : cisco-sa-20141015-poodle-cucm.nasl - Type : ACT_GATHER_INFO
2014-11-12	Name : The remote Fedora host is missing a security update. File : fedora_2014-13777.nasl - Type : ACT_GATHER_INFO
2014-11-11	Name : The remote Fedora host is missing one or more security updates. File : fedora_2014-13647.nasl - Type : ACT_GATHER_INFO
2014-11-11	Name : The remote Fedora host is missing one or more security updates. File : fedora_2014-14217.nasl - Type : ACT_GATHER_INFO
2014-11-11	Name : The remote Fedora host is missing one or more security updates. File : fedora_2014-14234.nasl - Type : ACT_GATHER_INFO
2014-11-11	Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-640.nasl - Type : ACT_GATHER_INFO
2014-11-08	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1692.nasl - Type : ACT_GATHER_INFO
2014-11-07	Name : The remote Fedora host is missing a security update. File : fedora_2014-13764.nasl - Type : ACT_GATHER_INFO
2014-11-07	Name : The remote Fedora host is missing one or more security updates. File : fedora_2014-13781.nasl - Type : ACT_GATHER_INFO
2014-11-07	Name : The remote Fedora host is missing a security update. File : fedora_2014-13794.nasl - Type : ACT_GATHER_INFO
2014-11-06	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libopenssl-devel-141024.nasl - Type : ACT_GATHER_INFO
2014-11-05	Name : The remote device is affected by multiple vulnerabilities. File : appletv_7_0_1.nasl - Type : ACT_GATHER_INFO
2014-11-03	Name : The remote Fedora host is missing a security update. File : fedora_2014-12951.nasl - Type : ACT_GATHER_INFO
2014-11-03	Name : The remote Fedora host is missing a security update. File : fedora_2014-13399.nasl - Type : ACT_GATHER_INFO
2014-11-03	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_0dad911460cc11e49e840022156e8794.nasl - Type : ACT_GATHER_INFO
2014-10-31	Name : The remote AIX host has a version of OpenSSL installed that is affected by mu... File : aix_openssl_advisory11.nasl - Type : ACT_GATHER_INFO
2014-10-30	Name : The remote device is affected by a man-in-the-middle (MitM) information discl... File : cisco-sa-20141015-poodle-asa.nasl - Type : ACT_GATHER_INFO
2014-10-30	Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-605.nasl - Type : ACT_GATHER_INFO
2014-10-24	Name : The remote host is affected by an information disclosure vulnerability. File : cisco_anyconnect_3_1_5187.nasl - Type : ACT_GATHER_INFO
2014-10-24	Name : The remote host is affected by an information disclosure vulnerability. File : macosx_cisco_anyconnect_3_1_5187.nasl - Type : ACT_GATHER_INFO
2014-10-24	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2014-203.nasl - Type : ACT_GATHER_INFO
2014-10-22	Name : A telephony application running on the remote host is affected by an informat... File : asterisk_ast_2014_011.nasl - Type : ACT_GATHER_INFO
2014-10-22	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_76c7a0f5592811e4adc7001999f8d30b.nasl - Type : ACT_GATHER_INFO
2014-10-21	Name : The remote host is missing a security update for OS X Server. File : macosx_server_2_2_5.nasl - Type : ACT_GATHER_INFO
2014-10-21	Name : The remote host is missing a security update for OS X Server. File : macosx_server_3_2_2.nasl - Type : ACT_GATHER_INFO
2014-10-21	Name : The remote host is missing a security update for OS X Server. File : macosx_server_4_0.nasl - Type : ACT_GATHER_INFO
2014-10-20	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2014-429.nasl - Type : ACT_GATHER_INFO
2014-10-20	Name : The remote Fedora host is missing a security update. File : fedora_2014-13069.nasl - Type : ACT_GATHER_INFO
2014-10-20	Name : The remote Fedora host is missing a security update. File : fedora_2014-13012.nasl - Type : ACT_GATHER_INFO
2014-10-20	Name : The remote Windows host contains a program that is affected by multiple vulne... File : stunnel_5_06.nasl - Type : ACT_GATHER_INFO
2014-10-17	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-1652.nasl - Type : ACT_GATHER_INFO
2014-10-17	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-1653.nasl - Type : ACT_GATHER_INFO
2014-10-17	Name : The remote Debian host is missing a security-related update. File : debian_DSA-3053.nasl - Type : ACT_GATHER_INFO
2014-10-17	Name : The remote host is missing a Mac OS X update that fixes multiple vulnerabilit... File : macosx_10_10.nasl - Type : ACT_GATHER_INFO
2014-10-17	Name : The remote host is missing a Mac OS X update that fixes multiple security iss... File : macosx_SecUpd2014-005.nasl - Type : ACT_GATHER_INFO
2014-10-17	Name : The remote service is affected by multiple vulnerabilities. File : openssl_0_9_8zc.nasl - Type : ACT_GATHER_INFO
2014-10-17	Name : The remote service is affected by multiple vulnerabilities. File : openssl_1_0_0o.nasl - Type : ACT_GATHER_INFO
2014-10-17	Name : The remote service is affected by multiple vulnerabilities. File : openssl_1_0_1j.nasl - Type : ACT_GATHER_INFO
2014-10-17	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-1652.nasl - Type : ACT_GATHER_INFO
2014-10-17	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-1653.nasl - Type : ACT_GATHER_INFO
2014-10-17	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1652.nasl - Type : ACT_GATHER_INFO
2014-10-17	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1653.nasl - Type : ACT_GATHER_INFO
2014-10-17	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20141016_openssl_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2014-10-17	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20141016_openssl_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2014-10-17	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2385-1.nasl - Type : ACT_GATHER_INFO
2014-10-16	Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2014-288-01.nasl - Type : ACT_GATHER_INFO
2014-10-16	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2014-426.nasl - Type : ACT_GATHER_INFO
2014-10-16	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2014-427.nasl - Type : ACT_GATHER_INFO
2014-10-16	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_03175e62549411e49cc1bc5ff4fb5e7b.nasl - Type : ACT_GATHER_INFO
2014-10-15	Name : The remote host is affected by a remote information disclosure vulnerability. File : smb_kb3009008.nasl - Type : ACT_GATHER_INFO
2014-10-15	Name : It is possible to obtain sensitive information from the remote host with SSL/... File : ssl_poodle.nasl - Type : ACT_GATHER_INFO
2014-09-23	Name : The remote host has software installed that is affected by multiple vulnerabi... File : ibm_domino_9_0_1_fp2.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2016-02-19 21:28:39	Multiple Updates
2016-02-17 21:30:16	Multiple Updates
2016-02-12 09:28:50	Multiple Updates
2014-10-22 17:28:44	Multiple Updates
2014-10-19 09:26:41	Multiple Updates
2014-10-18 13:26:18	Multiple Updates
2014-10-16 21:22:23	First insertion

Global Informations

Type	Count
CWE ID(s)	5
Oval ID(s)	27
CPE ID(s)	475
Openvas Exploit(s)	1
IAVM(s)	5
Snort® Rule(s)	22
Nessus® Exploit(s)	205

	Related
7.1	CVE-2014-3567
7.1	CVE-2014-3513
4.3	CVE-2014-3568
3.4	CVE-2014-3566
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 4 more Alert(s)

7.1 - DSA-3053

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

OVAL Definitions

CPE : Common Platform Enumeration

OpenVAS Exploits

Information Assurance Vulnerability Management (IAVM)

Snort® IPS/IDS

Nessus® Vulnerability Scanner

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU