4.3 - GLSA-201310-10

Executive Summary

Summary
Title	PolarSSL: Multiple vulnerabilities

Informations
Name	GLSA-201310-10	First vendor Publication	2013-10-17
Vendor	Gentoo	Last vendor Modification	2013-10-17
Severity (Vendor)	Normal	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:N/A:P)
Cvss Base Score	4.3	Attack Range	Network
Cvss Impact Score	2.9	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Synopsis

Multiple vulnerabilities have been found in PolarSSL, the worst of which might allow a remote attacker to cause a Denial of Service condition.

Background

PolarSSL is a cryptographic library for embedded systems.

Description

Multiple vulnerabilities have been discovered in PolarSSL. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker might be able to cause Denial of Service, conduct a man-in-the middle attack, compromise an encrypted communication channel, or obtain sensitive information.

Workaround

There is no known workaround at this time.

Resolution

All PolarSSL users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/polarssl-1.3.0"

References

[ 1 ] CVE-2011-1923 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1923
[ 2 ] CVE-2012-2130 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2130
[ 3 ] CVE-2013-0169 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0169
[ 4 ] CVE-2013-1621 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1621
[ 5 ] CVE-2013-4623 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4623
[ 6 ] CVE-2013-5915 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5915

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201310-10.xml

Original Source

Url : http://security.gentoo.org/glsa/glsa-201310-10.xml

CWE : Common Weakness Enumeration

%	Id	Name
50 %	CWE-310	Cryptographic Issues
33 %	CWE-20	Improper Input Validation
17 %	CWE-326	Inadequate Encryption Strength

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:18302

Oval ID:	oval:org.mitre.oval:def:18302
Title:	USN-1732-1 -- openssl vulnerabilities
Description:	Several security issues were fixed in OpenSSL.
Family:	unix	Class:	patch
Reference(s):	USN-1732-1 CVE-2012-2686 CVE-2013-0166 CVE-2013-0169	Version:	7
Platform(s):	Ubuntu 12.10 Ubuntu 12.04 Ubuntu 11.10 Ubuntu 10.04 Ubuntu 8.04	Product(s):	openssl
Definition Synopsis:
Release section Ubuntu 12.10 is installed AND libssl1.0.0 DPKG is earlier than 1.0.1c-3ubuntu2.1 AND Release section Ubuntu 12.04 is installed AND libssl1.0.0 DPKG is earlier than 1.0.1-4ubuntu5.6 AND Release section Ubuntu 11.10 is installed AND libssl1.0.0 DPKG is earlier than 1.0.0e-2ubuntu4.7 AND Release section Ubuntu 10.04 is installed AND libssl0.9.8 DPKG is earlier than 0.9.8k-7ubuntu8.14 AND Release section Ubuntu 8.04 is installed AND libssl0.9.8 DPKG is earlier than 0.9.8g-4ubuntu3.20

Definition Id: oval:org.mitre.oval:def:18565

Oval ID:	oval:org.mitre.oval:def:18565
Title:	DSA-2621-1 openssl - several vulnerabilities
Description:	Multiple vulnerabilities have been found in OpenSSL.
Family:	unix	Class:	patch
Reference(s):	DSA-2621-1 CVE-2013-0166 CVE-2013-0169	Version:	7
Platform(s):	Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0	Product(s):	openssl
Definition Synopsis:
Debian 6.0 is installed GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND openssl DPKG is earlier than 0.9.8o-4squeeze14

Definition Id: oval:org.mitre.oval:def:18841

Oval ID:	oval:org.mitre.oval:def:18841
Title:	HP-UX Running OpenSSL, Remote Denial of Service (DoS) and Unauthorized Disclosure
Description:	The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2013-0169	Version:	12
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX02856 HP Release B.11.11 AND filesets test openssl.OPENSSL-CER version is less than A.00.09.08y.001 AND openssl.OPENSSL-CONF version is less than A.00.09.08y.001 AND openssl.OPENSSL-DOC version is less than A.00.09.08y.001 AND openssl.OPENSSL-INC version is less than A.00.09.08y.001 AND openssl.OPENSSL-LIB version is less than A.00.09.08y.001 AND openssl.OPENSSL-MAN version is less than A.00.09.08y.001 AND openssl.OPENSSL-MIS version is less than A.00.09.08y.001 AND openssl.OPENSSL-PRNG version is less than A.00.09.08y.001 AND openssl.OPENSSL-PVT version is less than A.00.09.08y.001 AND openssl.OPENSSL-RUN version is less than A.00.09.08y.001 AND openssl.OPENSSL-SRC version is less than A.00.09.08y.001 OR Criteria meets HP Security Bulletin HPSBUX02856 HP Release B.11.23 AND filesets test openssl.OPENSSL-CER version is less than A.00.09.08y.002 AND openssl.OPENSSL-CONF version is less than A.00.09.08y.002 AND openssl.OPENSSL-DOC version is less than A.00.09.08y.002 AND openssl.OPENSSL-INC version is less than A.00.09.08y.002 AND openssl.OPENSSL-LIB version is less than A.00.09.08y.002 AND openssl.OPENSSL-MAN version is less than A.00.09.08y.002 AND openssl.OPENSSL-MIS version is less than A.00.09.08y.002 AND openssl.OPENSSL-PRNG version is less than A.00.09.08y.002 AND openssl.OPENSSL-PVT version is less than A.00.09.08y.002 AND openssl.OPENSSL-RUN version is less than A.00.09.08y.002 AND openssl.OPENSSL-SRC version is less than A.00.09.08y.002 OR Criteria meets HP Security Bulletin HPSBUX02856 HP-UX B.11.31 AND filesets test openssl.OPENSSL-CER version is less than A.00.09.08y.003 AND openssl.OPENSSL-CONF version is less than A.00.09.08y.003 AND openssl.OPENSSL-DOC version is less than A.00.09.08y.003 AND openssl.OPENSSL-INC version is less than A.00.09.08y.003 AND openssl.OPENSSL-LIB version is less than A.00.09.08y.003 AND openssl.OPENSSL-MAN version is less than A.00.09.08y.003 AND openssl.OPENSSL-MIS version is less than A.00.09.08y.003 AND openssl.OPENSSL-PRNG version is less than A.00.09.08y.003 AND openssl.OPENSSL-PVT version is less than A.00.09.08y.003 AND openssl.OPENSSL-RUN version is less than A.00.09.08y.003 AND openssl.OPENSSL-SRC version is less than A.00.09.08y.003

Definition Id: oval:org.mitre.oval:def:19016

Oval ID:	oval:org.mitre.oval:def:19016
Title:	OpenSSL vulnerability before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d in VisualSVN Server (CVE-2013-0169)
Description:	The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2013-0169	Version:	6
Platform(s):	Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	VisualSVN Server
Definition Synopsis:
VisualSVN Server is installed If the version of OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d in VisualSVN Server Check the version of OpenSSL in VisualSVN Server Check if OpenSSL version is greater than or equals to 0.9.8.0 in VisualSVN Server AND Check if OpenSSL version is less than or equals to 0.9.8.24 in VisualSVN Server AND Check the version of OpenSSL in VisualSVN Server Check if OpenSSL version is greater than or equals to 1.0.0.0 in VisualSVN Server AND Check if OpenSSL version is less than or equals to 1.0.0.10 in VisualSVN Server AND Check the version of OpenSSL in VisualSVN Server Check if OpenSSL version is greater than or equals to 1.0.1.0 in VisualSVN Server AND Check if OpenSSL version is less than or equals to 1.0.1.3 in VisualSVN Server AND Check if OpenSSL version is less than or equals to 0.9.6.13 in VisualSVN Server AND Check if OpenSSL version equals to 0.9.1.1 in VisualSVN Server AND Check if OpenSSL version equals to 0.9.2.2 in VisualSVN Server AND Check if OpenSSL version equals to 0.9.3.0 in VisualSVN Server AND Check if OpenSSL version equals to 0.9.3.1 in VisualSVN Server AND Check if OpenSSL version equals to 0.9.4.0 in VisualSVN Server AND Check if OpenSSL version equals to 0.9.5.0 in VisualSVN Server AND Check if OpenSSL version equals to 0.9.5.1 in VisualSVN Server

Definition Id: oval:org.mitre.oval:def:19424

Oval ID:	oval:org.mitre.oval:def:19424
Title:	HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description:	The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2013-0169	Version:	11
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
platforms HP Release B.11.23 AND HP-UX B.11.31 AND filesets test Jdk70.JDK70-COM version is less than 1.7.0.05.00 AND Jdk70.JDK70-DEMO version is less than 1.7.0.05.00 AND Jdk70.JDK70-IPF32 version is less than 1.7.0.05.00 AND Jdk70.JDK70-IPF64 version is less than 1.7.0.05.00 AND Jre70.JRE70-COM version is less than 1.7.0.05.00 AND Jre70.JRE70-IPF32 version is less than 1.7.0.05.00 AND Jre70.JRE70-IPF32-HS version is less than 1.7.0.05.00 AND Jre70.JRE70-IPF64 version is less than 1.7.0.05.00 AND Jre70.JRE70-IPF64-HS version is less than 1.7.0.05.00

Definition Id: oval:org.mitre.oval:def:19428

Oval ID:	oval:org.mitre.oval:def:19428
Title:	HP-UX Apache Web Server, Remote Denial of Service (DoS)
Description:	The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2013-0169	Version:	7
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
HP Release B.11.11 AND filesets test hpuxwsAPACHE.APACHE version is less than B.2.0.64.05 AND hpuxwsAPACHE.APACHE2 version is less than B.2.0.64.05 AND hpuxwsAPACHE.AUTH_LDAP version is less than B.2.0.64.05 AND hpuxwsAPACHE.AUTH_LDAP2 version is less than B.2.0.64.05 AND hpuxwsAPACHE.MOD_JK version is less than B.2.0.64.05 AND hpuxwsAPACHE.MOD_JK2 version is less than B.2.0.64.05 AND hpuxwsAPACHE.MOD_PERL version is less than B.2.0.64.05 AND hpuxwsAPACHE.MOD_PERL2 version is less than B.2.0.64.05 AND hpuxwsAPACHE.PHP version is less than B.2.0.64.05 AND hpuxwsAPACHE.PHP2 version is less than B.2.0.64.05 AND hpuxwsAPACHE.WEBPROXY version is less than B.2.0.64.05

Definition Id: oval:org.mitre.oval:def:19540

Oval ID:	oval:org.mitre.oval:def:19540
Title:	HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description:	The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2013-0169	Version:	12
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX02867 platforms HP Release B.11.23 AND HP-UX B.11.31 AND filesets tests Jdk15.JDK15-COM version is less than 1.5.0.28.00 AND Jdk15.JDK15-DEMO version is less than 1.5.0.28.00 AND Jdk15.JDK15-IPF32 version is less than 1.5.0.28.00 AND Jdk15.JDK15-IPF64 version is less than 1.5.0.28.00 AND Jre15.JRE15-COM version is less than 1.5.0.28.00 AND Jre15.JRE15-COM-DOC version is less than 1.5.0.28.00 AND Jre15.JRE15-IPF32 version is less than 1.5.0.28.00 AND Jre15.JRE15-IPF32-HS version is less than 1.5.0.28.00 AND Jre15.JRE15-IPF64 version is less than 1.5.0.28.00 AND Jre15.JRE15-IPF64-HS version is less than 1.5.0.28.00 OR Criteria meets HP Security Bulletin HPSBUX02867 platforms HP Release B.11.11 AND HP Release B.11.23 AND filesets tests Jdk15.JDK15-COM version is less than 1.5.0.28.00 AND Jdk15.JDK15-DEMO version is less than 1.5.0.28.00 AND Jdk15.JDK15-PA20 version is less than 1.5.0.28.00 AND Jdk15.JDK15-PA20W version is less than 1.5.0.28.00 AND Jre15.JRE15-COM version is less than 1.5.0.28.00 AND Jre15.JRE15-COM-DOC version is less than 1.5.0.28.00 AND Jre15.JRE15-PA20 version is less than 1.5.0.28.00 AND Jre15.JRE15-PA20-HS version is less than 1.5.0.28.00 AND Jre15.JRE15-PA20W version is less than 1.5.0.28.00 AND Jre15.JRE15-PA20W-HS version is less than 1.5.0.28.00

Definition Id: oval:org.mitre.oval:def:19608

Oval ID:	oval:org.mitre.oval:def:19608
Title:	Multiple OpenSSL vulnerabilities
Description:	The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2013-0169	Version:	5
Platform(s):	IBM AIX 5.3 IBM AIX 6.1 IBM AIX 7.1	Product(s):
Definition Synopsis:
Criteria meets IBM AIX Security Advisory OS check IBM AIX 5.3 is installed AND openssl.base less than or equal to 0.9.8.2400 OR OS check IBM AIX 6.1 is installed AND openssl.base less than or equal to 0.9.8.2400 OR OS check IBM AIX 7.1 is installed AND openssl.base less than or equal to 0.9.8.2400 OR Criteria meets IBM AIX Security Advisory OS check IBM AIX 5.3 is installed AND openssl-fips.base less than or equal to 12.9.8.2400 OR OS check IBM AIX 6.1 is installed AND openssl-fips.base less than or equal to 12.9.8.2400 OR OS check IBM AIX 7.1 is installed AND openssl-fips.base less than or equal to 12.9.8.2400

Definition Id: oval:org.mitre.oval:def:20009

Oval ID:	oval:org.mitre.oval:def:20009
Title:	DSA-2782-1 polarssl - several
Description:	Multiple security issues have been discovered in PolarSSL, a lightweight crypto and SSL/TLS library:
Family:	unix	Class:	patch
Reference(s):	DSA-2782-1 CVE-2013-4623 CVE-2013-5914 CVE-2013-5915	Version:	5
Platform(s):	Debian GNU/Linux 6.0 Debian GNU/Linux 7 Debian GNU/kFreeBSD 6.0 Debian GNU/kFreeBSD 7	Product(s):	polarssl
Definition Synopsis:
Release section Debian 6.0 is installed GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND polarssl DPKG is earlier than 0:1.2.9-1~deb6u1 AND Release section Debian 7 is installed GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND polarssl DPKG is earlier than 0:1.2.9-1~deb7u1

Definition Id: oval:org.mitre.oval:def:20786

Oval ID:	oval:org.mitre.oval:def:20786
Title:	VMware vSphere, ESX and ESXi updates to third party libraries
Description:	The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2013-0169	Version:	4
Platform(s):	VMWare ESX Server 4.1 VMWare ESX Server 4.0	Product(s):
Definition Synopsis:
Patch ESX410-201307403-SG is not installed VMware ESX Server 4.1 is installed AND Patch ESX410-201307403-SG is not installed OR Patch ESX400-201310401-SG is not installed VMware ESX Server 4.0 is installed AND Patch ESX400-201310401-SG is not installed

Definition Id: oval:org.mitre.oval:def:21079

Oval ID:	oval:org.mitre.oval:def:21079
Title:	RHSA-2013:0587: openssl security update (Moderate)
Description:	The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Family:	unix	Class:	patch
Reference(s):	RHSA-2013:0587-01 CESA-2013:0587 CVE-2012-4929 CVE-2013-0166 CVE-2013-0169	Version:	45
Platform(s):	Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6	Product(s):	openssl
Definition Synopsis:
Operation system section Redhat 6 or Centos 6 release The operating system installed on the system is Red Hat Enterprise Linux 6 AND CentOS Linux 6.x Packages section openssl-devel is earlier than 0:1.0.0-27.el6_4.2 AND openssl-static is earlier than 0:1.0.0-27.el6_4.2 AND openssl-perl is earlier than 0:1.0.0-27.el6_4.2 AND openssl is earlier than 0:1.0.0-27.el6_4.2 AND Operation system section Redhat 5 or Centos 5 release The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x Packages section openssl-devel is earlier than 0:0.9.8e-26.el5_9.1 AND openssl-perl is earlier than 0:0.9.8e-26.el5_9.1 AND openssl is earlier than 0:0.9.8e-26.el5_9.1

Definition Id: oval:org.mitre.oval:def:23489

Oval ID:	oval:org.mitre.oval:def:23489
Title:	DEPRECATED: ELSA-2013:0587: openssl security update (Moderate)
Description:	The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Family:	unix	Class:	patch
Reference(s):	ELSA-2013:0587-01 CVE-2012-4929 CVE-2013-0166 CVE-2013-0169	Version:	18
Platform(s):	Oracle Linux 5 Oracle Linux 6	Product(s):	openssl
Definition Synopsis:
rpm test Oracle Linux 6.x AND rpm test openssl-devel is earlier than 0:1.0.0-27.el6_4.2 AND openssl-static is earlier than 0:1.0.0-27.el6_4.2 AND openssl-perl is earlier than 0:1.0.0-27.el6_4.2 AND openssl is earlier than 0:1.0.0-27.el6_4.2 OR rpm test Oracle Linux 5.x AND rpm test openssl-devel is earlier than 0:0.9.8e-26.el5_9.1 AND openssl-perl is earlier than 0:0.9.8e-26.el5_9.1 AND openssl is earlier than 0:0.9.8e-26.el5_9.1

Definition Id: oval:org.mitre.oval:def:23909

Oval ID:	oval:org.mitre.oval:def:23909
Title:	ELSA-2013:0587: openssl security update (Moderate)
Description:	The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Family:	unix	Class:	patch
Reference(s):	ELSA-2013:0587-01 CVE-2012-4929 CVE-2013-0166 CVE-2013-0169	Version:	17
Platform(s):	Oracle Linux 5 Oracle Linux 6	Product(s):	openssl
Definition Synopsis:
rpm test Oracle Linux 6.x AND rpm test openssl-devel is earlier than 0:1.0.0-27.el6_4.2 AND openssl-static is earlier than 0:1.0.0-27.el6_4.2 AND openssl-perl is earlier than 0:1.0.0-27.el6_4.2 AND openssl is earlier than 0:1.0.0-27.el6_4.2 OR rpm test Oracle Linux 5.x AND rpm test openssl-devel is earlier than 0:0.9.8e-26.el5_9.1 AND openssl-perl is earlier than 0:0.9.8e-26.el5_9.1 AND openssl is earlier than 0:0.9.8e-26.el5_9.1

Definition Id: oval:org.mitre.oval:def:24405

Oval ID:	oval:org.mitre.oval:def:24405
Title:	Vulnerability in the TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products
Description:	The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2013-0169	Version:	5
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	Java Runtime Environment
Definition Synopsis:
Determine if the version of Java Runtime Environment is less than 1.4.2:update_42 and is greater than or equal to 1.4.0 Determine if the version of Java Runtime Environment is less than 1.4.2:update_42 AND Java SE Runtime Environment 4 is installed OR Determine if the version of Java Runtime Environment is less than or equal to 1.5.0:update_41 and is greater than or equal to 1.5.0 Determine if the version of Java Runtime Environment is less than 1.5.0:update_40 AND Java SE Runtime Environment 5 is installed OR Determine if the version of Java Runtime Environment is less than or equal to 1.6.0:update_39 and is greater than or equal to 1.6.0 Determine if the version of Java Runtime Environment is less than 1.6.0:update_39 AND Java SE Runtime Environment 6 is installed OR Determine if the version of Java Runtime Environment is less than or equal to 1.7.0:update_13 and is greater than or equal to 1.7.0 Determine if the version of Java Runtime Environment is less than 1.7.0:update_14 AND Java SE Runtime Environment 7 is installed

Definition Id: oval:org.mitre.oval:def:24938

Oval ID:	oval:org.mitre.oval:def:24938
Title:	OpenSSL vulnerability before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d, allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks
Description:	The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2013-0169	Version:	4
Platform(s):	Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2	Product(s):	OpenSSL
Definition Synopsis:
Check vulnerable OpenSSL Check vulnerable versions of OpenSSL Check if the version of OpenSSL 1.0.0 before 1.0.0k AND Check if the version of OpenSSL 1.0.1 before 1.0.1d AND Check if the version of OpenSSL 0.9.8 before 0.9.8y AND OpenSSL is installed OR Check vulnerable OpenSSL (32_bit) Check vulnerable versions of OpenSSL (32_bit) Check if the version of OpenSSL 1.0.0 before 1.0.0k (32_bit) AND Check if the version of OpenSSL 1.0.1 before 1.0.1d (32_bit) AND Check if the version of OpenSSL 0.9.8 before 0.9.8y (32_bit) AND OpenSSL (32_bit) is installed AND Check if the version of ssleay32.dll 1.0.0 before 1.0.0k ProgramFilesDir AND Check if the version of ssleay32.dll 1.0.0 before 1.0.0k ProgramFilesDir x86 AND Check if the version of ssleay32.dll 1.0.0 before 1.0.0k under Sytem32 and SysWOW64 AND Check if the version of ssleay32.dll 1.0.1 before 1.0.1d ProgramFilesDir AND Check if the version of ssleay32.dll 1.0.1 before 1.0.1d ProgramFilesDir x86 AND Check if the version of ssleay32.dll 1.0.1 before 1.0.1d under Sytem32 and SysWOW64 AND Check if the version of ssleay32.dll 0.9.8 before 0.9.8y ProgramFilesDir AND Check if the version of ssleay32.dll 0.9.8 before 0.9.8y ProgramFilesDir x86 AND Check if the version of ssleay32.dll 0.9.8 before 0.9.8y under Sytem32 and SysWOW64

Definition Id: oval:org.mitre.oval:def:25236

Oval ID:	oval:org.mitre.oval:def:25236
Title:	SUSE-SU-2013:0701-2 -- Security update for java-1_6_0-ibm
Description:	IBM Java 6 was updated to SR13 FP1, fixing bugs and security issues.
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2013:0701-2 CVE-2013-0485 CVE-2013-0809 CVE-2013-1493 CVE-2013-0169	Version:	3
Platform(s):	SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server 10 SUSE Linux Enterprise Desktop 10	Product(s):	java-1_6_0-ibm
Definition Synopsis:
SUSE Linux Enterprise Server 11 release section SUSE Linux Enterprise Server 11.x is installed Packages match section java-1_6_0-ibm RPM is earlier than 0:1.6.0_sr13.1-0.9.1 AND java-1_6_0-ibm-fonts RPM is earlier than 0:1.6.0_sr13.1-0.9.1 AND java-1_6_0-ibm-jdbc RPM is earlier than 0:1.6.0_sr13.1-0.9.1 AND java-1_6_0-ibm-plugin RPM is earlier than 0:1.6.0_sr13.1-0.9.1 AND java-1_6_0-ibm-alsa RPM is earlier than 0:1.6.0_sr13.1-0.9.1 AND SUSE Linux Enterprise Server 10 and SUSE Linux Enterprise Desktop 10 release section Operation system section SUSE Linux Enterprise Server 10 is installed AND SUSE Linux Enterprise Desktop 10 is installed Packages match section java-1_5_0-ibm RPM is earlier than 0:1.5.0_sr16.1-0.5.1 AND java-1_5_0-ibm-devel RPM is earlier than 0:1.5.0_sr16.1-0.5.1 AND java-1_5_0-ibm-fonts RPM is earlier than 0:1.5.0_sr16.1-0.5.1 AND java-1_5_0-ibm-32bit RPM is earlier than 0:1.5.0_sr16.1-0.5.1 AND java-1_5_0-ibm-devel-32bit RPM is earlier than 0:1.5.0_sr16.1-0.5.1 AND java-1_5_0-ibm-jdbc RPM is earlier than 0:1.5.0_sr16.1-0.5.1 AND java-1_5_0-ibm-plugin RPM is earlier than 0:1.5.0_sr16.1-0.5.1 AND java-1_5_0-ibm-alsa-32bit RPM is earlier than 0:1.5.0_sr16.1-0.5.1 AND java-1_5_0-ibm-alsa RPM is earlier than 0:1.5.0_sr16.1-0.5.1 AND SUSE Linux Enterprise Server 10 release section SUSE Linux Enterprise Server 10 is installed Packages match section java-1_6_0-ibm RPM is earlier than 0:1.6.0_sr13.1-0.14.1 AND java-1_6_0-ibm-devel RPM is earlier than 0:1.6.0_sr13.1-0.14.1 AND java-1_6_0-ibm-fonts RPM is earlier than 0:1.6.0_sr13.1-0.14.1 AND java-1_6_0-ibm-jdbc RPM is earlier than 0:1.6.0_sr13.1-0.14.1 AND java-1_6_0-ibm-plugin RPM is earlier than 0:1.6.0_sr13.1-0.14.1 AND java-1_6_0-ibm-32bit RPM is earlier than 0:1.6.0_sr13.1-0.14.1 AND java-1_6_0-ibm-devel-32bit RPM is earlier than 0:1.6.0_sr13.1-0.14.1 AND java-1_6_0-ibm-alsa-32bit RPM is earlier than 0:1.6.0_sr13.1-0.14.1 AND java-1_6_0-ibm-plugin-32bit RPM is earlier than 0:1.6.0_sr13.1-0.14.1 AND java-1_6_0-ibm-alsa RPM is earlier than 0:1.6.0_sr13.1-0.14.1 AND SUSE Linux Enterprise Desktop 10 release section SUSE Linux Enterprise Desktop 10 is installed Packages match section java-1_5_0-ibm-demo RPM is earlier than 0:1.5.0_sr16.1-0.5.1 AND java-1_5_0-ibm-src RPM is earlier than 0:1.5.0_sr16.1-0.5.1

Definition Id: oval:org.mitre.oval:def:25811

Oval ID:	oval:org.mitre.oval:def:25811
Title:	SUSE-SU-2013:0701-1 -- Security update for java-1_7_0-ibm
Description:	IBM Java 7 was updated to SR4-FP1, fixing bugs and security issues.
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2013:0701-1 CVE-2013-0485 CVE-2013-0809 CVE-2013-1493 CVE-2013-0169	Version:	3
Platform(s):	SUSE Linux Enterprise Server 11	Product(s):	java-1_7_0-ibm
Definition Synopsis:
SUSE Linux Enterprise Server 11.x is installed Packages match section java-1_7_0-ibm RPM is earlier than 0:1.7.0_sr4.1-0.5.1 AND java-1_7_0-ibm-jdbc RPM is earlier than 0:1.7.0_sr4.1-0.5.1 AND java-1_7_0-ibm-plugin RPM is earlier than 0:1.7.0_sr4.1-0.5.1 AND java-1_7_0-ibm-alsa RPM is earlier than 0:1.7.0_sr4.1-0.5.1

Definition Id: oval:org.mitre.oval:def:26214

Oval ID:	oval:org.mitre.oval:def:26214
Title:	SUSE-SU-2013:0328-1 -- Security update for Java
Description:	java-1_6_0-openjdk has been updated to IcedTea 1.12.3 (bnc#804654) which contains security and bugfixes: * Security fixes o S8006446: Restrict MBeanServer access (CVE-2013-1486) o S8006777: Improve TLS handling of invalid messages Lucky 13 (CVE-2013-0169) o S8007688: Blacklist known bad certificate (issued by DigiCert) * Backports o S8007393: Possible race condition after JDK-6664509 o S8007611: logging behavior in applet changed * Bug fixes o PR1319: Support GIF lib v5.
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2013:0328-1 CVE-2013-1486 CVE-2013-0169	Version:	3
Platform(s):	SUSE Linux Enterprise Desktop 11	Product(s):	Java
Definition Synopsis:
SUSE Linux Enterprise Desktop 11.x is installed Packages match section java-1_6_0-openjdk RPM is earlier than 0:1.6.0.0_b27.1.12.3-0.2.1 AND java-1_6_0-openjdk-demo RPM is earlier than 0:1.6.0.0_b27.1.12.3-0.2.1 AND java-1_6_0-openjdk-devel RPM is earlier than 0:1.6.0.0_b27.1.12.3-0.2.1

Definition Id: oval:org.mitre.oval:def:27551

Oval ID:	oval:org.mitre.oval:def:27551
Title:	DEPRECATED: ELSA-2013-0275 -- java-1.7.0-openjdk security update (important)
Description:	[1.7.0.9-2.3.7.1.0.2.el6_3] - Increase release number and rebuild. [1.7.0.9-2.3.7.1.0.1.el6_3] - Update DISTRO_NAME in specfile [1.7.0.9-2.3.7.1.el6_3] - Updated main source tarball - Resolves: rhbz#911529 [1.7.0.9-2.3.7.0.el6_3] - Removed patch1000 sec-2013-02-01-8005615.patch - Removed patch1001 sec-2013-02-01-8005615-sync_with_jdk7u.patch - Removed patch1010 sec-2013-02-01-7201064.patch - Removed testing - mauve was outdated and - jtreg was icedtea relict - Updated to icedtea 2.3.7 - Added java -Xshare:dump to post (see 513605) fo jitarchs - Resolves: rhbz#911529
Family:	unix	Class:	patch
Reference(s):	ELSA-2013-0275 CVE-2013-1485 CVE-2013-1484 CVE-2013-1486 CVE-2013-0169	Version:	4
Platform(s):	Oracle Linux 5 Oracle Linux 6	Product(s):	java-1.7.0-openjdk
Definition Synopsis:
Oracle Linux 5 release section Oracle Linux 5.x Packages match section java-1.7.0-openjdk is earlier than 0:1.7.0.9-2.3.7.1.0.1.el5_9 AND java-1.7.0-openjdk-demo is earlier than 0:1.7.0.9-2.3.7.1.0.1.el5_9 AND java-1.7.0-openjdk-devel is earlier than 0:1.7.0.9-2.3.7.1.0.1.el5_9 AND java-1.7.0-openjdk-javadoc is earlier than 0:1.7.0.9-2.3.7.1.0.1.el5_9 AND java-1.7.0-openjdk-src is earlier than 0:1.7.0.9-2.3.7.1.0.1.el5_9 AND Oracle Linux 6 release section Oracle Linux 6.x Packages match section java-1.7.0-openjdk is earlier than 0:1.7.0.9-2.3.7.1.0.2.el6_3 AND java-1.7.0-openjdk-demo is earlier than 0:1.7.0.9-2.3.7.1.0.2.el6_3 AND java-1.7.0-openjdk-devel is earlier than 0:1.7.0.9-2.3.7.1.0.2.el6_3 AND java-1.7.0-openjdk-javadoc is earlier than 0:1.7.0.9-2.3.7.1.0.2.el6_3 AND java-1.7.0-openjdk-src is earlier than 0:1.7.0.9-2.3.7.1.0.2.el6_3

Definition Id: oval:org.mitre.oval:def:27605

Oval ID:	oval:org.mitre.oval:def:27605
Title:	DEPRECATED: ELSA-2013-0587 -- openssl security update (moderate)
Description:	[1.0.0-27.2] - fix for CVE-2013-0169 - SSL/TLS CBC timing attack (#907589) - fix for CVE-2013-0166 - DoS in OCSP signatures checking (#908052) - enable compression only if explicitly asked for or OPENSSL_DEFAULT_ZLIB environment variable is set (fixes CVE-2012-4929 #857051) - use __secure_getenv() everywhere instead of getenv() (#839735)
Family:	unix	Class:	patch
Reference(s):	ELSA-2013-0587 CVE-2013-0166 CVE-2012-4929 CVE-2013-0169	Version:	4
Platform(s):	Oracle Linux 5 Oracle Linux 6	Product(s):	openssl
Definition Synopsis:
Oracle Linux 5 release section Oracle Linux 5.x Packages match section openssl is earlier than 0:0.9.8e-26.el5_9.1 AND openssl-devel is earlier than 0:0.9.8e-26.el5_9.1 AND openssl-perl is earlier than 0:0.9.8e-26.el5_9.1 AND Oracle Linux 6 release section Oracle Linux 6.x Packages match section openssl is earlier than 0:1.0.0-27.el6_4.2 AND openssl-devel is earlier than 0:1.0.0-27.el6_4.2 AND openssl-perl is earlier than 0:1.0.0-27.el6_4.2 AND openssl-static is earlier than 0:1.0.0-27.el6_4.2

CPE : Common Platform Enumeration

Type	Description	Count
Application	Openssl cpe:2.3:a:openssl:openssl:1.0.1u:::::::* cpe:2.3:a:openssl:openssl:1.0.1t:::::::* cpe:2.3:a:openssl:openssl:1.0.1s:::::::* cpe:2.3:a:openssl:openssl:1.0.1r:::::::* cpe:2.3:a:openssl:openssl:1.0.1q:::::::* cpe:2.3:a:openssl:openssl:1.0.1o:::::::* cpe:2.3:a:openssl:openssl:1.0.1n:::::::* cpe:2.3:a:openssl:openssl:1.0.1m:::::::* cpe:2.3:a:openssl:openssl:1.0.1l:::::::* cpe:2.3:a:openssl:openssl:1.0.1k:::::::* cpe:2.3:a:openssl:openssl:1.0.1j:::::::* cpe:2.3:a:openssl:openssl:1.0.1i:::::::* cpe:2.3:a:openssl:openssl:1.0.1h:::::::* cpe:2.3:a:openssl:openssl:1.0.1g:::::::* cpe:2.3:a:openssl:openssl:1.0.1f:::::::* cpe:2.3:a:openssl:openssl:1.0.1e:::::::* cpe:2.3:a:openssl:openssl:1.0.1d:::::::* cpe:2.3:a:openssl:openssl:1.0.1c:::::::* cpe:2.3:a:openssl:openssl:1.0.0s:::::::* cpe:2.3:a:openssl:openssl:1.0.0r:::::::* cpe:2.3:a:openssl:openssl:1.0.0q:::::::* cpe:2.3:a:openssl:openssl:1.0.0p:::::::* cpe:2.3:a:openssl:openssl:1.0.0o:::::::* cpe:2.3:a:openssl:openssl:1.0.0n:::::::* cpe:2.3:a:openssl:openssl:1.0.0m:::::::* cpe:2.3:a:openssl:openssl:1.0.0l:::::::* cpe:2.3:a:openssl:openssl:1.0.0k:::::::* cpe:2.3:a:openssl:openssl:1.0.0j:::::::* cpe:2.3:a:openssl:openssl:1.0.0i:::::::* cpe:2.3:a:openssl:openssl:1.0.0h:::::::* cpe:2.3:a:openssl:openssl:1.0.0g:::::::* cpe:2.3:a:openssl:openssl:1.0.0f:::::::* cpe:2.3:a:openssl:openssl:1.0.0e:::::::* cpe:2.3:a:openssl:openssl:1.0.0d:::::::* cpe:2.3:a:openssl:openssl:1.0.0c:::::::* cpe:2.3:a:openssl:openssl:1.0.0b:::::::* cpe:2.3:a:openssl:openssl:1.0.0a:::::::* cpe:2.3:a:openssl:openssl:1.0.0:beta3:::::: cpe:2.3:a:openssl:openssl:1.0.0:beta2:::::: cpe:2.3:a:openssl:openssl:1.0.0:beta5:::::: cpe:2.3:a:openssl:openssl:1.0.0:beta4:::::: cpe:2.3:a:openssl:openssl:1.0.0:beta1:::::: cpe:2.3:a:openssl:openssl:1.0.0:-:::::: cpe:2.3:a:openssl:openssl:1.0::openvms::::: cpe:2.3:a:openssl:openssl:0.9.8zg:::::::* cpe:2.3:a:openssl:openssl:0.9.8zf:::::::* cpe:2.3:a:openssl:openssl:0.9.8ze:::::::* cpe:2.3:a:openssl:openssl:0.9.8zc:::::::* cpe:2.3:a:openssl:openssl:0.9.8zb:::::::* cpe:2.3:a:openssl:openssl:0.9.8za:::::::* cpe:2.3:a:openssl:openssl:0.9.8z:::::::* cpe:2.3:a:openssl:openssl:0.9.8y:::::::* cpe:2.3:a:openssl:openssl:0.9.8x:::::::* cpe:2.3:a:openssl:openssl:0.9.8w:::::::* cpe:2.3:a:openssl:openssl:0.9.8v:::::::* cpe:2.3:a:openssl:openssl:0.9.8u:::::::* cpe:2.3:a:openssl:openssl:0.9.8t:::::::* cpe:2.3:a:openssl:openssl:0.9.8s:::::::* cpe:2.3:a:openssl:openssl:0.9.8r:::::::* cpe:2.3:a:openssl:openssl:0.9.8q:::::::* cpe:2.3:a:openssl:openssl:0.9.8p:::::::* cpe:2.3:a:openssl:openssl:0.9.8o:::::::* cpe:2.3:a:openssl:openssl:0.9.8n:::::::* cpe:2.3:a:openssl:openssl:0.9.8m:-:::::: cpe:2.3:a:openssl:openssl:0.9.8m:beta1:::::: cpe:2.3:a:openssl:openssl:0.9.8l:::::::* cpe:2.3:a:openssl:openssl:0.9.8k:::::::* cpe:2.3:a:openssl:openssl:0.9.8j:::::::* cpe:2.3:a:openssl:openssl:0.9.8i:::::::* cpe:2.3:a:openssl:openssl:0.9.8h:::::::* cpe:2.3:a:openssl:openssl:0.9.8g-9:::::::* cpe:2.3:a:openssl:openssl:0.9.8g:::::::* cpe:2.3:a:openssl:openssl:0.9.8g::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.8g::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.8f:::::::* cpe:2.3:a:openssl:openssl:0.9.8f::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.8f::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.8f::::::x86: cpe:2.3:a:openssl:openssl:0.9.8e:::::::* cpe:2.3:a:openssl:openssl:0.9.8e::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.8e::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.8e::::::x86: cpe:2.3:a:openssl:openssl:0.9.8d:::::::* cpe:2.3:a:openssl:openssl:0.9.8d::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.8d::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.8d::::::x86: cpe:2.3:a:openssl:openssl:0.9.8c-1:::::::* cpe:2.3:a:openssl:openssl:0.9.8c:::::::* cpe:2.3:a:openssl:openssl:0.9.8c::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.8c::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.8c::::::x86: cpe:2.3:a:openssl:openssl:0.9.8b:::::::* cpe:2.3:a:openssl:openssl:0.9.8b::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.8b::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.8b::::::x86: cpe:2.3:a:openssl:openssl:0.9.8a:::::::* cpe:2.3:a:openssl:openssl:0.9.8a::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.8a::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.8a::::::x86: cpe:2.3:a:openssl:openssl:0.9.8:-:::::: cpe:2.3:a:openssl:openssl:0.9.8::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.8::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.8:beta1:::::: cpe:2.3:a:openssl:openssl:0.9.8:beta2:::::: cpe:2.3:a:openssl:openssl:0.9.8:beta3:::::: cpe:2.3:a:openssl:openssl:0.9.8:beta4:::::: cpe:2.3:a:openssl:openssl:0.9.8:beta5:::::: cpe:2.3:a:openssl:openssl:0.9.8:beta6:::::: cpe:2.3:a:openssl:openssl:0.9.8::::::x86: cpe:2.3:a:openssl:openssl:0.9.7m:::::::* cpe:2.3:a:openssl:openssl:0.9.7m::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7m::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7m::::::x86: cpe:2.3:a:openssl:openssl:0.9.7l:::::::* cpe:2.3:a:openssl:openssl:0.9.7l::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7l::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7l::::::x86: cpe:2.3:a:openssl:openssl:0.9.7k:::::::* cpe:2.3:a:openssl:openssl:0.9.7k::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7k::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7k::::::x86: cpe:2.3:a:openssl:openssl:0.9.7j:::::::* cpe:2.3:a:openssl:openssl:0.9.7j::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7j::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7j::::::x86: cpe:2.3:a:openssl:openssl:0.9.7i:::::::* cpe:2.3:a:openssl:openssl:0.9.7i::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7i::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7i::::::x86: cpe:2.3:a:openssl:openssl:0.9.7h:::::::* cpe:2.3:a:openssl:openssl:0.9.7h::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7h::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7h::::::x86: cpe:2.3:a:openssl:openssl:0.9.7g:::::::* cpe:2.3:a:openssl:openssl:0.9.7g::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7g::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7g::::::x86: cpe:2.3:a:openssl:openssl:0.9.7f:::::::* cpe:2.3:a:openssl:openssl:0.9.7f::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7f::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7f::::::x86: cpe:2.3:a:openssl:openssl:0.9.7e:::::::* cpe:2.3:a:openssl:openssl:0.9.7e::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7e::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7e::::::x86: cpe:2.3:a:openssl:openssl:0.9.7d:::::::* cpe:2.3:a:openssl:openssl:0.9.7d::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7d::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7d::::::x86: cpe:2.3:a:openssl:openssl:0.9.7c:::::::* cpe:2.3:a:openssl:openssl:0.9.7c::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7c::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7c::::::x86: cpe:2.3:a:openssl:openssl:0.9.7b:::::::* cpe:2.3:a:openssl:openssl:0.9.7b::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7b::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7b::::::x86: cpe:2.3:a:openssl:openssl:0.9.7a:::::::* cpe:2.3:a:openssl:openssl:0.9.7a::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7a::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7a::::::x86: cpe:2.3:a:openssl:openssl:0.9.7:beta3:::::: cpe:2.3:a:openssl:openssl:0.9.7:beta1:::::: cpe:2.3:a:openssl:openssl:0.9.7:-:::::: cpe:2.3:a:openssl:openssl:0.9.7:beta5:::::: cpe:2.3:a:openssl:openssl:0.9.7:beta6:::::: cpe:2.3:a:openssl:openssl:0.9.7:beta4:::::: cpe:2.3:a:openssl:openssl:0.9.7:beta2:::::: cpe:2.3:a:openssl:openssl:0.9.7:beta2:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.7:beta4:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.7:beta1:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.7:beta5:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.7:beta3:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.7::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7:beta6:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.7:beta5:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.7:beta4:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.7:beta6:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.7:beta1:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.7:beta3:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.7:beta2:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.7::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7::::::x86: cpe:2.3:a:openssl:openssl:0.9.7:beta1:::::x86:* cpe:2.3:a:openssl:openssl:0.9.7:beta2:::::x86:* cpe:2.3:a:openssl:openssl:0.9.7:beta3:::::x86:* cpe:2.3:a:openssl:openssl:0.9.7:beta4:::::x86:* cpe:2.3:a:openssl:openssl:0.9.7:beta5:::::x86:* cpe:2.3:a:openssl:openssl:0.9.7:beta6:::::x86:* cpe:2.3:a:openssl:openssl:0.9.6m:::::::* cpe:2.3:a:openssl:openssl:0.9.6m::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6m::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6m::::::x86: cpe:2.3:a:openssl:openssl:0.9.6l:::::::* cpe:2.3:a:openssl:openssl:0.9.6l::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6l::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6l::::::x86: cpe:2.3:a:openssl:openssl:0.9.6k:::::::* cpe:2.3:a:openssl:openssl:0.9.6k::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6k::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6k::::::x86: cpe:2.3:a:openssl:openssl:0.9.6j:::::::* cpe:2.3:a:openssl:openssl:0.9.6j::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6j::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6j::::::x86: cpe:2.3:a:openssl:openssl:0.9.6i:::::::* cpe:2.3:a:openssl:openssl:0.9.6i::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6i::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6i::::::x86: cpe:2.3:a:openssl:openssl:0.9.6h:::::::* cpe:2.3:a:openssl:openssl:0.9.6h:bogus:::::: cpe:2.3:a:openssl:openssl:0.9.6h::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6h::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6h::::::x86: cpe:2.3:a:openssl:openssl:0.9.6g:::::::* cpe:2.3:a:openssl:openssl:0.9.6g::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6g::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6g::::::x86: cpe:2.3:a:openssl:openssl:0.9.6f:::::::* cpe:2.3:a:openssl:openssl:0.9.6f::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6f::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6f::::::x86: cpe:2.3:a:openssl:openssl:0.9.6e:::::::* cpe:2.3:a:openssl:openssl:0.9.6e::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6e::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6e::::::x86: cpe:2.3:a:openssl:openssl:0.9.6d:-:::::: cpe:2.3:a:openssl:openssl:0.9.6d::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6d::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6d::::::x86: cpe:2.3:a:openssl:openssl:0.9.6c:::::::* cpe:2.3:a:openssl:openssl:0.9.6c::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6c::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6c::::::x86: cpe:2.3:a:openssl:openssl:0.9.6b:::::::* cpe:2.3:a:openssl:openssl:0.9.6b::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6b::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6b::::::x86: cpe:2.3:a:openssl:openssl:0.9.6a:-:::::: cpe:2.3:a:openssl:openssl:0.9.6a:beta2:::::: cpe:2.3:a:openssl:openssl:0.9.6a:beta1:::::: cpe:2.3:a:openssl:openssl:0.9.6a:beta3:::::: cpe:2.3:a:openssl:openssl:0.9.6a:beta2:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.6a::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6a:beta3:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.6a:beta1:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.6a:beta1:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.6a:beta2:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.6a:beta3:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.6a::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6a::::::x86: cpe:2.3:a:openssl:openssl:0.9.6a:beta1:::::x86:* cpe:2.3:a:openssl:openssl:0.9.6a:beta2:::::x86:* cpe:2.3:a:openssl:openssl:0.9.6a:beta3:::::x86:* cpe:2.3:a:openssl:openssl:0.9.6:beta2:::::: cpe:2.3:a:openssl:openssl:0.9.6:-:::::: cpe:2.3:a:openssl:openssl:0.9.6:beta3:::::: cpe:2.3:a:openssl:openssl:0.9.6:beta1:::::: cpe:2.3:a:openssl:openssl:0.9.6:beta2:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.6::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6:beta1:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.6:beta3:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.6:beta1:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.6:beta3:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.6:beta2:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.6::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6::::::x86: cpe:2.3:a:openssl:openssl:0.9.6:beta1:::::x86:* cpe:2.3:a:openssl:openssl:0.9.6:beta2:::::x86:* cpe:2.3:a:openssl:openssl:0.9.6:beta3:::::x86:* cpe:2.3:a:openssl:openssl:0.9.5a:beta2:::::: cpe:2.3:a:openssl:openssl:0.9.5a:beta1:::::: cpe:2.3:a:openssl:openssl:0.9.5a:-:::::: cpe:2.3:a:openssl:openssl:0.9.5a:beta2:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.5a::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.5a:beta1:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.5a::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.5a:beta1:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.5a:beta2:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.5a::::::x86: cpe:2.3:a:openssl:openssl:0.9.5a:beta1:::::x86:* cpe:2.3:a:openssl:openssl:0.9.5a:beta2:::::x86:* cpe:2.3:a:openssl:openssl:0.9.5:beta1:::::: cpe:2.3:a:openssl:openssl:0.9.5:-:::::: cpe:2.3:a:openssl:openssl:0.9.5:beta2:::::: cpe:2.3:a:openssl:openssl:0.9.5:beta2:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.5:beta1:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.5::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.5:beta1:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.5:beta2:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.5::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.5::::::x86: cpe:2.3:a:openssl:openssl:0.9.5:beta1:::::x86:* cpe:2.3:a:openssl:openssl:0.9.5:beta2:::::x86:* cpe:2.3:a:openssl:openssl:0.9.4:::::::* cpe:2.3:a:openssl:openssl:0.9.4::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.4::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.4::::::x86: cpe:2.3:a:openssl:openssl:0.9.3a:::::::* cpe:2.3:a:openssl:openssl:0.9.3a::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.3a::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.3a::::::x86: cpe:2.3:a:openssl:openssl:0.9.3:-:::::: cpe:2.3:a:openssl:openssl:0.9.3::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.3::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.3::::::x86: cpe:2.3:a:openssl:openssl:0.9.2b:::::::* cpe:2.3:a:openssl:openssl:0.9.2b::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.2b::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.2b::::::x86: cpe:2.3:a:openssl:openssl:0.9.1c:::::::* cpe:2.3:a:openssl:openssl:0.9.1c::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.1c::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.1c::::::x86: cpe:2.3:a:openssl:openssl:0.9.1b:::::::* cpe:2.3:a:openssl:openssl:0.9.0b:::::::* cpe:2.3:a:openssl:openssl:::::::: cpe:2.3:a:openssl:openssl:::openvms:::::* cpe:2.3:a:openssl:openssl:-:::::::*	319
Application	Oracle Openjdk cpe:2.3:a:oracle:openjdk:1.7.0:-:::::: cpe:2.3:a:oracle:openjdk:1.7.0:update2:::::: cpe:2.3:a:oracle:openjdk:1.7.0:update3:::::: cpe:2.3:a:oracle:openjdk:1.7.0:update4:::::: cpe:2.3:a:oracle:openjdk:1.7.0:update5:::::: cpe:2.3:a:oracle:openjdk:1.7.0:update6:::::: cpe:2.3:a:oracle:openjdk:1.7.0:update7:::::: cpe:2.3:a:oracle:openjdk:1.7.0:update9:::::: cpe:2.3:a:oracle:openjdk:1.7.0:update10:::::: cpe:2.3:a:oracle:openjdk:1.7.0:update11:::::: cpe:2.3:a:oracle:openjdk:1.7.0:update13:::::: cpe:2.3:a:oracle:openjdk:1.7.0:update1:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update34:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update35:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update37:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update38:::::: cpe:2.3:a:oracle:openjdk:1.6.0:-:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update2:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update3:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update4:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update5:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update6:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update7:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update11:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update12:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update13:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update14:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update15:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update16:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update17:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update18:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update19:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update20:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update21:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update22:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update23:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update24:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update25:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update26:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update27:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update29:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update30:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update31:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update32:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update33:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update1:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update10::::::	47
Application	Polarssl cpe:2.3:a:polarssl:polarssl:1.2.8:::::::* cpe:2.3:a:polarssl:polarssl:1.2.7:::::::* cpe:2.3:a:polarssl:polarssl:1.2.6:::::::* cpe:2.3:a:polarssl:polarssl:1.2.5:::::::* cpe:2.3:a:polarssl:polarssl:1.2.4:::::::* cpe:2.3:a:polarssl:polarssl:1.2.3:::::::* cpe:2.3:a:polarssl:polarssl:1.2.2:::::::* cpe:2.3:a:polarssl:polarssl:1.2.1:::::::* cpe:2.3:a:polarssl:polarssl:1.2.0:::::::* cpe:2.3:a:polarssl:polarssl:1.1.8:::::::* cpe:2.3:a:polarssl:polarssl:1.1.7:::::::* cpe:2.3:a:polarssl:polarssl:1.1.6:::::::* cpe:2.3:a:polarssl:polarssl:1.1.5:::::::* cpe:2.3:a:polarssl:polarssl:1.1.4:::::::* cpe:2.3:a:polarssl:polarssl:1.1.3:::::::* cpe:2.3:a:polarssl:polarssl:1.1.2:::::::* cpe:2.3:a:polarssl:polarssl:1.1.1:::::::* cpe:2.3:a:polarssl:polarssl:1.1.0:::::::* cpe:2.3:a:polarssl:polarssl:1.1.0:rc1:::::: cpe:2.3:a:polarssl:polarssl:1.1.0:rc0:::::: cpe:2.3:a:polarssl:polarssl:1.0.0:::::::* cpe:2.3:a:polarssl:polarssl:0.99:pre4:::::: cpe:2.3:a:polarssl:polarssl:0.99:pre5:::::: cpe:2.3:a:polarssl:polarssl:0.99:pre1:::::: cpe:2.3:a:polarssl:polarssl:0.99:pre3:::::: cpe:2.3:a:polarssl:polarssl:0.14.3:::::::* cpe:2.3:a:polarssl:polarssl:0.14.2:::::::* cpe:2.3:a:polarssl:polarssl:0.14.0:::::::* cpe:2.3:a:polarssl:polarssl:0.13.1:::::::* cpe:2.3:a:polarssl:polarssl:0.12.1:::::::* cpe:2.3:a:polarssl:polarssl:0.12.0:::::::* cpe:2.3:a:polarssl:polarssl:0.11.1:::::::* cpe:2.3:a:polarssl:polarssl:0.11.0:::::::* cpe:2.3:a:polarssl:polarssl:0.10.1:::::::* cpe:2.3:a:polarssl:polarssl:0.10.0:::::::* cpe:2.3:a:polarssl:polarssl::::::::	36
Os	Debian Debian Linux cpe:2.3:o:debian:debian_linux:8.0:::::::*	1
Os	Fedoraproject Fedora cpe:2.3:o:fedoraproject:fedora:17:::::::*	1

Information Assurance Vulnerability Management (IAVM)

Date	Description
2013-10-17	IAVM : 2013-A-0199 - Multiple Vulnerabilities in Oracle Fusion Middleware Severity : Category I - VMSKEY : V0040786
2013-09-19	IAVM : 2013-A-0181 - Multiple Vulnerabilities in Junos Pulse Secure Access Service (IVE) Severity : Category I - VMSKEY : V0040371
2013-09-19	IAVM : 2013-A-0180 - Multiple Vulnerabilities in Juniper Networks Junos Pulse Access Service Acces... Severity : Category I - VMSKEY : V0040372
2013-09-19	IAVM : 2013-A-0179 - Apple Mac OS X Security Update 2013-004 Severity : Category I - VMSKEY : V0040373
2013-04-11	IAVM : 2013-A-0077 - Multiple Vulnerabilities in OpenSSL Severity : Category I - VMSKEY : V0037605

Snort® IPS/IDS

Date	Description
2014-01-10	SSLv3 plaintext recovery attempt RuleID : 25828 - Revision : 4 - Type : SERVER-OTHER
2014-01-10	TLSv1.2 plaintext recovery attempt RuleID : 25827 - Revision : 4 - Type : SERVER-OTHER
2014-01-10	TLSv1.1 plaintext recovery attempt RuleID : 25826 - Revision : 4 - Type : SERVER-OTHER
2014-01-10	TLSv1.0 plaintext recovery attempt RuleID : 25825 - Revision : 4 - Type : SERVER-OTHER

Nessus® Vulnerability Scanner

Date	Description
2018-09-27	Name : The remote Debian host is missing a security update. File : debian_DLA-1518.nasl - Type : ACT_GATHER_INFO
2016-11-21	Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL93600123.nasl - Type : ACT_GATHER_INFO
2016-03-04	Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-294.nasl - Type : ACT_GATHER_INFO
2016-03-04	Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_esx_VMSA-2013-0009_remote.nasl - Type : ACT_GATHER_INFO
2015-01-19	Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_gnutls_20130924.nasl - Type : ACT_GATHER_INFO
2015-01-19	Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_nss_20140809.nasl - Type : ACT_GATHER_INFO
2015-01-19	Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_openssl_20130716.nasl - Type : ACT_GATHER_INFO
2015-01-13	Name : The remote host has a library installed that is affected by an information di... File : tivoli_directory_svr_swg21638270.nasl - Type : ACT_GATHER_INFO
2014-12-22	Name : The remote device is affected by multiple vulnerabilities. File : juniper_space_jsa10659.nasl - Type : ACT_GATHER_INFO
2014-12-05	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_compat-openssl097g-141202.nasl - Type : ACT_GATHER_INFO
2014-11-26	Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2014-0007.nasl - Type : ACT_GATHER_INFO
2014-11-26	Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2014-0008.nasl - Type : ACT_GATHER_INFO
2014-11-08	Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2013-0636.nasl - Type : ACT_GATHER_INFO
2014-11-08	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1455.nasl - Type : ACT_GATHER_INFO
2014-11-08	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1456.nasl - Type : ACT_GATHER_INFO
2014-11-08	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0416.nasl - Type : ACT_GATHER_INFO
2014-10-10	Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL14190.nasl - Type : ACT_GATHER_INFO
2014-10-10	Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL15630.nasl - Type : ACT_GATHER_INFO
2014-10-10	Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL15637.nasl - Type : ACT_GATHER_INFO
2014-08-22	Name : The remote host is affected by multiple vulnerabilities. File : juniper_nsm_jsa10642.nasl - Type : ACT_GATHER_INFO
2014-08-11	Name : The remote backup service is affected by multiple vulnerabilities. File : ibm_tsm_server_5_5_x.nasl - Type : ACT_GATHER_INFO
2014-08-11	Name : The remote backup service is affected by multiple vulnerabilities. File : ibm_tsm_server_6_1_x.nasl - Type : ACT_GATHER_INFO
2014-08-11	Name : The remote backup service is affected by multiple vulnerabilities. File : ibm_tsm_server_6_2_6_0.nasl - Type : ACT_GATHER_INFO
2014-08-11	Name : The remote backup service is affected by an information disclosure vulnerabil... File : ibm_tsm_server_6_3_4_200.nasl - Type : ACT_GATHER_INFO
2014-07-14	Name : The remote mail server is affected by an information disclosure vulnerability. File : ipswitch_imail_12_3.nasl - Type : ACT_GATHER_INFO
2014-06-30	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201406-32.nasl - Type : ACT_GATHER_INFO
2014-06-20	Name : The remote Fedora host is missing a security update. File : fedora_2014-7261.nasl - Type : ACT_GATHER_INFO
2014-06-20	Name : The remote Fedora host is missing a security update. File : fedora_2014-7263.nasl - Type : ACT_GATHER_INFO
2014-06-18	Name : The remote database server is affected by multiple vulnerabilities. File : db2_101fp3a.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-153.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-154.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-164.nasl - Type : ACT_GATHER_INFO
2014-04-16	Name : The remote AIX host is running a vulnerable version of OpenSSL. File : aix_openssl_advisory5.nasl - Type : ACT_GATHER_INFO
2014-01-27	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201401-30.nasl - Type : ACT_GATHER_INFO
2014-01-20	Name : The remote VMware ESXi 5.1 host is affected by multiple vulnerabilities. File : vmware_esxi_5_1_build_1483097_remote.nasl - Type : ACT_GATHER_INFO
2013-12-18	Name : The remote database server is affected by multiple vulnerabilities. File : db2_97fp9.nasl - Type : ACT_GATHER_INFO
2013-12-03	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201312-03.nasl - Type : ACT_GATHER_INFO
2013-11-13	Name : The remote VMware ESXi 5.0 host is affected by multiple security vulnerabilit... File : vmware_esxi_5_0_build_1311177_remote.nasl - Type : ACT_GATHER_INFO
2013-10-22	Name : The remote Debian host is missing a security-related update. File : debian_DSA-2782.nasl - Type : ACT_GATHER_INFO
2013-10-18	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201310-10.nasl - Type : ACT_GATHER_INFO
2013-10-16	Name : The remote database server is affected by multiple vulnerabilities. File : oracle_rdbms_cpu_oct_2013.nasl - Type : ACT_GATHER_INFO
2013-10-15	Name : The remote Fedora host is missing a security update. File : fedora_2013-18228.nasl - Type : ACT_GATHER_INFO
2013-10-15	Name : The remote Fedora host is missing a security update. File : fedora_2013-18251.nasl - Type : ACT_GATHER_INFO
2013-10-11	Name : The remote Fedora host is missing a security update. File : fedora_2013-18216.nasl - Type : ACT_GATHER_INFO
2013-10-02	Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_ccefac3e2aed11e3af10000c29789cb5.nasl - Type : ACT_GATHER_INFO
2013-09-23	Name : The remote Fedora host is missing a security update. File : fedora_2013-16258.nasl - Type : ACT_GATHER_INFO
2013-09-21	Name : The remote Fedora host is missing a security update. File : fedora_2013-16317.nasl - Type : ACT_GATHER_INFO
2013-09-21	Name : The remote Fedora host is missing a security update. File : fedora_2013-16356.nasl - Type : ACT_GATHER_INFO
2013-09-20	Name : The remote application server may be affected by multiple vulnerabilities. File : websphere_6_1_0_47.nasl - Type : ACT_GATHER_INFO
2013-09-19	Name : The remote device is missing a vendor-supplied security patch. File : junos_pulse_jsa10591.nasl - Type : ACT_GATHER_INFO
2013-09-13	Name : The remote host is missing a Mac OS X update that fixes several security issues. File : macosx_10_8_5.nasl - Type : ACT_GATHER_INFO
2013-09-13	Name : The remote host is missing a Mac OS X update that fixes several security issues. File : macosx_SecUpd2013-004.nasl - Type : ACT_GATHER_INFO
2013-09-04	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-162.nasl - Type : ACT_GATHER_INFO
2013-09-04	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-163.nasl - Type : ACT_GATHER_INFO
2013-09-04	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-171.nasl - Type : ACT_GATHER_INFO
2013-08-23	Name : The remote application server may be affected by multiple vulnerabilities. File : websphere_8_0_0_7.nasl - Type : ACT_GATHER_INFO
2013-08-14	Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_72bf9e2103df11e3bd8d080027ef73ec.nasl - Type : ACT_GATHER_INFO
2013-08-02	Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2013-0009.nasl - Type : ACT_GATHER_INFO
2013-07-23	Name : The remote application server may be affected by multiple vulnerabilities. File : websphere_8_5_5.nasl - Type : ACT_GATHER_INFO
2013-07-19	Name : The remote application server is potentially affected by multiple vulnerabili... File : websphere_7_0_0_29.nasl - Type : ACT_GATHER_INFO
2013-07-16	Name : The remote device is missing a vendor-supplied security patch. File : juniper_jsa10575.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0273.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0274.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0275.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0587.nasl - Type : ACT_GATHER_INFO
2013-07-10	Name : The remote host has a library installed that is affected by an information di... File : ibm_gskit_swg21638270.nasl - Type : ACT_GATHER_INFO
2013-06-24	Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2013-0833.nasl - Type : ACT_GATHER_INFO
2013-06-06	Name : The remote web server contains an application that is affected by multiple vu... File : splunk_503.nasl - Type : ACT_GATHER_INFO
2013-05-23	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0855.nasl - Type : ACT_GATHER_INFO
2013-05-15	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0822.nasl - Type : ACT_GATHER_INFO
2013-05-15	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0823.nasl - Type : ACT_GATHER_INFO
2013-05-10	Name : The remote application server may be affected by multiple vulnerabilities. File : websphere_8_0_0_6.nasl - Type : ACT_GATHER_INFO
2013-05-10	Name : The remote application server may be affected by multiple vulnerabilities. File : websphere_8_5_0_2.nasl - Type : ACT_GATHER_INFO
2013-04-30	Name : The remote host is affected by multiple vulnerabilities. File : ibm_tem_8_2_1372.nasl - Type : ACT_GATHER_INFO
2013-04-24	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-ibm-130416.nasl - Type : ACT_GATHER_INFO
2013-04-24	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_6_0-ibm-8544.nasl - Type : ACT_GATHER_INFO
2013-04-20	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-050.nasl - Type : ACT_GATHER_INFO
2013-04-20	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-052.nasl - Type : ACT_GATHER_INFO
2013-04-20	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-095.nasl - Type : ACT_GATHER_INFO
2013-04-19	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_7_0-ibm-130415.nasl - Type : ACT_GATHER_INFO
2013-04-08	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_69bfc8529bd011e2a7be8c705af55518.nasl - Type : ACT_GATHER_INFO
2013-04-03	Name : The remote Fedora host is missing a security update. File : fedora_2013-4403.nasl - Type : ACT_GATHER_INFO
2013-03-28	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libopenssl-devel-130325.nasl - Type : ACT_GATHER_INFO
2013-03-28	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_openssl-8517.nasl - Type : ACT_GATHER_INFO
2013-03-26	Name : The remote Windows host contains a program that is affected by multiple vulne... File : stunnel_4_55.nasl - Type : ACT_GATHER_INFO
2013-03-26	Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1732-3.nasl - Type : ACT_GATHER_INFO
2013-03-08	Name : The remote Fedora host is missing a security update. File : fedora_2013-2793.nasl - Type : ACT_GATHER_INFO
2013-03-07	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0587.nasl - Type : ACT_GATHER_INFO
2013-03-05	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0587.nasl - Type : ACT_GATHER_INFO
2013-03-05	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130304_openssl_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2013-03-04	Name : The remote Fedora host is missing a security update. File : fedora_2013-2834.nasl - Type : ACT_GATHER_INFO
2013-03-01	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1732-2.nasl - Type : ACT_GATHER_INFO
2013-02-27	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0274.nasl - Type : ACT_GATHER_INFO
2013-02-24	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-014.nasl - Type : ACT_GATHER_INFO
2013-02-24	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-openjdk-130221.nasl - Type : ACT_GATHER_INFO
2013-02-22	Name : The remote Unix host contains a programming platform that is potentially affe... File : oracle_java_cpu_feb_2013_1_unix.nasl - Type : ACT_GATHER_INFO
2013-02-22	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1732-1.nasl - Type : ACT_GATHER_INFO
2013-02-22	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1735-1.nasl - Type : ACT_GATHER_INFO
2013-02-21	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0273.nasl - Type : ACT_GATHER_INFO
2013-02-21	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0275.nasl - Type : ACT_GATHER_INFO
2013-02-21	Name : The remote Windows host contains a programming platform that is potentially a... File : oracle_java_cpu_feb_2013_1.nasl - Type : ACT_GATHER_INFO
2013-02-21	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0273.nasl - Type : ACT_GATHER_INFO
2013-02-21	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0274.nasl - Type : ACT_GATHER_INFO
2013-02-21	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0275.nasl - Type : ACT_GATHER_INFO
2013-02-21	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0531.nasl - Type : ACT_GATHER_INFO
2013-02-21	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0532.nasl - Type : ACT_GATHER_INFO
2013-02-14	Name : The remote Debian host is missing a security-related update. File : debian_DSA-2621.nasl - Type : ACT_GATHER_INFO
2013-02-14	Name : The remote Debian host is missing a security-related update. File : debian_DSA-2622.nasl - Type : ACT_GATHER_INFO
2013-02-13	Name : The remote service may be affected by an information disclosure vulnerability. File : openssl_1_0_1e.nasl - Type : ACT_GATHER_INFO
2013-02-11	Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2013-040-01.nasl - Type : ACT_GATHER_INFO
2013-02-09	Name : The remote host may be affected by multiple vulnerabilities. File : openssl_0_9_8y.nasl - Type : ACT_GATHER_INFO
2013-02-09	Name : The remote host may be affected by multiple vulnerabilities. File : openssl_1_0_0k.nasl - Type : ACT_GATHER_INFO
2013-02-09	Name : The remote host may be affected by multiple vulnerabilities. File : openssl_1_0_1d.nasl - Type : ACT_GATHER_INFO
2013-02-07	Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_00b0d8cd709711e298d9003067c2616f.nasl - Type : ACT_GATHER_INFO
2011-04-11	Name : The remote SSL/TLS server accepts a weak Diffie-Hellman public value. File : polarssl_dh_vuln.nasl - Type : ACT_ATTACK

Alert History

If you want to see full details history, please login or register.

Date	Informations
2016-07-28 01:03:30	Multiple Updates
2016-07-21 12:09:18	Multiple Updates
2015-04-02 01:00:29	Multiple Updates
2014-10-13 00:27:03	Multiple Updates
2014-10-12 17:27:06	Multiple Updates
2014-10-12 13:32:37	Multiple Updates
2014-10-11 21:27:37	Multiple Updates
2014-10-11 00:27:10	Multiple Updates
2014-10-08 05:37:20	Multiple Updates
2014-10-07 21:32:12	Multiple Updates
2014-10-05 21:31:27	Multiple Updates
2014-03-24 21:28:23	Multiple Updates
2014-02-24 21:26:58	Multiple Updates
2014-02-21 13:27:08	Multiple Updates
2014-02-17 11:37:49	Multiple Updates
2014-02-14 17:25:05	Multiple Updates
2014-02-12 13:26:34	Multiple Updates
2014-01-30 13:24:16	Multiple Updates
2014-01-28 13:23:40	Multiple Updates
2013-12-13 21:27:03	Multiple Updates
2013-12-05 17:24:26	Multiple Updates
2013-10-17 13:19:57	First insertion

Global Informations

Type	Count
CWE ID(s)	6
Oval ID(s)	20
CPE ID(s)	404
IAVM(s)	5
Snort® Rule(s)	4
Nessus® Exploit(s)	115

	Related
7.4	CVE-2012-2130
4.3	CVE-2013-5915
4.3	CVE-2013-4623
4.3	CVE-2013-1621
4	CVE-2011-1923
2.6	CVE-2013-0169
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 6 more Alert(s)

4.3 - GLSA-201310-10

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

OVAL Definitions

CPE : Common Platform Enumeration

Information Assurance Vulnerability Management (IAVM)

Snort® IPS/IDS

Nessus® Vulnerability Scanner

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU