7.5 - GLSA-201312-03

Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Summary
Title	OpenSSL: Multiple Vulnerabilities

Informations
Name	GLSA-201312-03	First vendor Publication	2013-12-03
Vendor	Gentoo	Last vendor Modification	2013-12-03
Severity (Vendor)	Low	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score	7.5	Attack Range	Network
Cvss Impact Score	6.4	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Synopsis

Multiple vulnerabilities have been found in OpenSSL allowing remote attackers to determine private keys or cause a Denial of Service.

Background

OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer
(SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general purpose cryptography library.

Description

Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details.

Impact

Remote attackers can determine private keys, decrypt data, cause a Denial of Service or possibly have other unspecified impact.

Workaround

There is no known workaround at this time.

Resolution

All OpenSSL 1.0.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.0j"

All OpenSSL 0.9.8 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8y"

References

[ 1 ] CVE-2006-7250 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-7250
[ 2 ] CVE-2011-1945 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1945
[ 3 ] CVE-2012-0884 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0884
[ 4 ] CVE-2012-1165 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1165
[ 5 ] CVE-2012-2110 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2110
[ 6 ] CVE-2012-2333 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2333
[ 7 ] CVE-2012-2686 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2686
[ 8 ] CVE-2013-0166 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0166
[ 9 ] CVE-2013-0169 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0169

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201312-03.xml

Original Source

Url : http://security.gentoo.org/glsa/glsa-201312-03.xml

CWE : Common Weakness Enumeration

%	Id	Name
62 %	CWE-310	Cryptographic Issues
12 %	CWE-399	Resource Management Errors
12 %	CWE-189	Numeric Errors (CWE/SANS Top 25)
12 %	CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:14723

Oval ID:	oval:org.mitre.oval:def:14723
Title:	DSA-2309-1 openssl -- compromised certificate authority
Description:	Several fraudulent SSL certificates have been found in the wild issued by the DigiNotar Certificate Authority, obtained through a security compromise of said company. After further updates on this incident, it has been determined that all of DigiNotar's signing certificates can no longer be trusted. Debian, like other software distributors and vendors, has decided to distrust all of DigiNotar's CAs. In this update, this is done in the crypto library by marking such certificates as revoked. Any application that uses said component should now reject certificates signed by DigiNotar. Individual applications may allow users to overrride the validation failure. However, making exceptions is highly discouraged and should be carefully verified. Additionally, a vulnerability has been found in the ECDHE_ECDS cipher where timing attacks make it easier to determine private keys. The Common Vulnerabilities and Exposures project identifies it as CVE-2011-1945.
Family:	unix	Class:	patch
Reference(s):	DSA-2309-1 CVE-2011-1945	Version:	5
Platform(s):	Debian GNU/Linux 5.0 Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0	Product(s):	openssl
Definition Synopsis:
Release section Debian GNU/Linux 5.0 is installed AND Installed architecture is all AND openssl DPKG is earlier than 0.9.8g-15+lenny12 OR Release section Debian 6.0 is installed AND GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND Installed architecture is all AND openssl DPKG is earlier than 0.9.8o-4squeeze2

Definition Id: oval:org.mitre.oval:def:17579

Oval ID:	oval:org.mitre.oval:def:17579
Title:	USN-1451-1 -- openssl vulnerabilities
Description:	Applications using OpenSSL in certain situations could be made to crash or expose sensitive information.
Family:	unix	Class:	patch
Reference(s):	USN-1451-1 CVE-2012-0884 CVE-2012-2333	Version:	7
Platform(s):	Ubuntu 12.04 Ubuntu 11.10 Ubuntu 11.04 Ubuntu 10.04 Ubuntu 8.04	Product(s):	openssl
Definition Synopsis:
Release section Ubuntu 12.04 is installed Packages match section libssl1.0.0 DPKG is earlier than 1.0.1-4ubuntu5.2 AND openssl DPKG is earlier than 1.0.1-4ubuntu5.2 AND Release section Ubuntu 11.10 is installed Packages match section libssl1.0.0 DPKG is earlier than 1.0.0e-2ubuntu4.6 AND openssl DPKG is earlier than 1.0.0e-2ubuntu4.6 AND Release section Ubuntu 11.04 is installed Packages match section libssl0.9.8 DPKG is earlier than 0.9.8o-5ubuntu1.7 AND openssl DPKG is earlier than 0.9.8o-5ubuntu1.7 AND Release section Ubuntu 10.04 is installed Packages match section libssl0.9.8 DPKG is earlier than 0.9.8k-7ubuntu8.13 AND openssl DPKG is earlier than 0.9.8k-7ubuntu8.13 AND Release section Ubuntu 8.04 is installed Packages match section libssl0.9.8 DPKG is earlier than 0.9.8g-4ubuntu3.19 AND openssl DPKG is earlier than 0.9.8g-4ubuntu3.19

Definition Id: oval:org.mitre.oval:def:17780

Oval ID:	oval:org.mitre.oval:def:17780
Title:	USN-1732-2 -- openssl regression
Description:	USN-1732-1 introduced a regression in OpenSSL.
Family:	unix	Class:	patch
Reference(s):	USN-1732-2 CVE-2013-0169 CVE-2012-2686	Version:	7
Platform(s):	Ubuntu 12.10 Ubuntu 12.04	Product(s):	openssl
Definition Synopsis:
Release section Ubuntu 12.10 is installed Packages match section libssl1.0.0 DPKG is earlier than 1.0.1c-3ubuntu2.2 AND openssl DPKG is earlier than 1.0.1c-3ubuntu2.2 AND Release section Ubuntu 12.04 is installed Packages match section libssl1.0.0 DPKG is earlier than 1.0.1-4ubuntu5.7 AND openssl DPKG is earlier than 1.0.1-4ubuntu5.7

Definition Id: oval:org.mitre.oval:def:17865

Oval ID:	oval:org.mitre.oval:def:17865
Title:	DSA-2475-1 openssl - integer underflow
Description:	It was discovered that openssl did not correctly handle explicit Initialization Vectors for CBC encryption modes, as used in TLS 1.1, 1.2, and DTLS. An incorrect calculation would lead to an integer underflow and incorrect memory access, causing denial of service (application crash.)
Family:	unix	Class:	patch
Reference(s):	DSA-2475-1 CVE-2012-2333	Version:	7
Platform(s):	Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0	Product(s):	openssl
Definition Synopsis:
Debian 6.0 is installed GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND openssl DPKG is earlier than 0.9.8o-4squeeze13

Definition Id: oval:org.mitre.oval:def:17928

Oval ID:	oval:org.mitre.oval:def:17928
Title:	USN-1424-1 -- openssl vulnerabilities
Description:	An application using OpenSSL could be made to crash or run programs if it opened a specially crafted file.
Family:	unix	Class:	patch
Reference(s):	USN-1424-1 CVE-2006-7250 CVE-2012-1165 CVE-2012-2110	Version:	7
Platform(s):	Ubuntu 11.10 Ubuntu 11.04 Ubuntu 10.04 Ubuntu 8.04	Product(s):	openssl
Definition Synopsis:
Release section Ubuntu 11.10 is installed AND libssl1.0.0 DPKG is earlier than 1.0.0e-2ubuntu4.4 AND Release section Ubuntu 11.04 is installed AND libssl0.9.8 DPKG is earlier than 0.9.8o-5ubuntu1.4 AND Release section Ubuntu 10.04 is installed AND libssl0.9.8 DPKG is earlier than 0.9.8k-7ubuntu8.10 AND Release section Ubuntu 8.04 is installed AND libssl0.9.8 DPKG is earlier than 0.9.8g-4ubuntu3.17

Definition Id: oval:org.mitre.oval:def:18302

Oval ID:	oval:org.mitre.oval:def:18302
Title:	USN-1732-1 -- openssl vulnerabilities
Description:	Several security issues were fixed in OpenSSL.
Family:	unix	Class:	patch
Reference(s):	USN-1732-1 CVE-2012-2686 CVE-2013-0166 CVE-2013-0169	Version:	7
Platform(s):	Ubuntu 12.10 Ubuntu 12.04 Ubuntu 11.10 Ubuntu 10.04 Ubuntu 8.04	Product(s):	openssl
Definition Synopsis:
Release section Ubuntu 12.10 is installed AND libssl1.0.0 DPKG is earlier than 1.0.1c-3ubuntu2.1 AND Release section Ubuntu 12.04 is installed AND libssl1.0.0 DPKG is earlier than 1.0.1-4ubuntu5.6 AND Release section Ubuntu 11.10 is installed AND libssl1.0.0 DPKG is earlier than 1.0.0e-2ubuntu4.7 AND Release section Ubuntu 10.04 is installed AND libssl0.9.8 DPKG is earlier than 0.9.8k-7ubuntu8.14 AND Release section Ubuntu 8.04 is installed AND libssl0.9.8 DPKG is earlier than 0.9.8g-4ubuntu3.20

Definition Id: oval:org.mitre.oval:def:18365

Oval ID:	oval:org.mitre.oval:def:18365
Title:	USN-1732-3 -- openssl vulnerability
Description:	Several security issues were fixed in OpenSSL.
Family:	unix	Class:	patch
Reference(s):	USN-1732-3 CVE-2013-0169 CVE-2012-2686	Version:	7
Platform(s):	Ubuntu 12.10 Ubuntu 12.04	Product(s):	openssl
Definition Synopsis:
Release section Ubuntu 12.10 is installed AND libssl1.0.0 DPKG is earlier than 1.0.1c-3ubuntu2.3 AND Release section Ubuntu 12.04 is installed AND libssl1.0.0 DPKG is earlier than 1.0.1-4ubuntu5.8

Definition Id: oval:org.mitre.oval:def:18565

Oval ID:	oval:org.mitre.oval:def:18565
Title:	DSA-2621-1 openssl - several vulnerabilities
Description:	Multiple vulnerabilities have been found in OpenSSL.
Family:	unix	Class:	patch
Reference(s):	DSA-2621-1 CVE-2013-0166 CVE-2013-0169	Version:	7
Platform(s):	Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0	Product(s):	openssl
Definition Synopsis:
Debian 6.0 is installed GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND openssl DPKG is earlier than 0.9.8o-4squeeze14

Definition Id: oval:org.mitre.oval:def:18754

Oval ID:	oval:org.mitre.oval:def:18754
Title:	HP-UX Apache Web Server, Remote Denial of Service (DoS)
Description:	OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2013-0166	Version:	6
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
HP Release B.11.11 AND filesets test hpuxwsAPACHE.APACHE version is less than B.2.0.64.05 AND hpuxwsAPACHE.APACHE2 version is less than B.2.0.64.05 AND hpuxwsAPACHE.AUTH_LDAP version is less than B.2.0.64.05 AND hpuxwsAPACHE.AUTH_LDAP2 version is less than B.2.0.64.05 AND hpuxwsAPACHE.MOD_JK version is less than B.2.0.64.05 AND hpuxwsAPACHE.MOD_JK2 version is less than B.2.0.64.05 AND hpuxwsAPACHE.MOD_PERL version is less than B.2.0.64.05 AND hpuxwsAPACHE.MOD_PERL2 version is less than B.2.0.64.05 AND hpuxwsAPACHE.PHP version is less than B.2.0.64.05 AND hpuxwsAPACHE.PHP2 version is less than B.2.0.64.05 AND hpuxwsAPACHE.WEBPROXY version is less than B.2.0.64.05

Definition Id: oval:org.mitre.oval:def:18841

Oval ID:	oval:org.mitre.oval:def:18841
Title:	HP-UX Running OpenSSL, Remote Denial of Service (DoS) and Unauthorized Disclosure
Description:	The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2013-0169	Version:	12
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX02856 HP Release B.11.11 AND filesets test openssl.OPENSSL-CER version is less than A.00.09.08y.001 AND openssl.OPENSSL-CONF version is less than A.00.09.08y.001 AND openssl.OPENSSL-DOC version is less than A.00.09.08y.001 AND openssl.OPENSSL-INC version is less than A.00.09.08y.001 AND openssl.OPENSSL-LIB version is less than A.00.09.08y.001 AND openssl.OPENSSL-MAN version is less than A.00.09.08y.001 AND openssl.OPENSSL-MIS version is less than A.00.09.08y.001 AND openssl.OPENSSL-PRNG version is less than A.00.09.08y.001 AND openssl.OPENSSL-PVT version is less than A.00.09.08y.001 AND openssl.OPENSSL-RUN version is less than A.00.09.08y.001 AND openssl.OPENSSL-SRC version is less than A.00.09.08y.001 OR Criteria meets HP Security Bulletin HPSBUX02856 HP Release B.11.23 AND filesets test openssl.OPENSSL-CER version is less than A.00.09.08y.002 AND openssl.OPENSSL-CONF version is less than A.00.09.08y.002 AND openssl.OPENSSL-DOC version is less than A.00.09.08y.002 AND openssl.OPENSSL-INC version is less than A.00.09.08y.002 AND openssl.OPENSSL-LIB version is less than A.00.09.08y.002 AND openssl.OPENSSL-MAN version is less than A.00.09.08y.002 AND openssl.OPENSSL-MIS version is less than A.00.09.08y.002 AND openssl.OPENSSL-PRNG version is less than A.00.09.08y.002 AND openssl.OPENSSL-PVT version is less than A.00.09.08y.002 AND openssl.OPENSSL-RUN version is less than A.00.09.08y.002 AND openssl.OPENSSL-SRC version is less than A.00.09.08y.002 OR Criteria meets HP Security Bulletin HPSBUX02856 HP-UX B.11.31 AND filesets test openssl.OPENSSL-CER version is less than A.00.09.08y.003 AND openssl.OPENSSL-CONF version is less than A.00.09.08y.003 AND openssl.OPENSSL-DOC version is less than A.00.09.08y.003 AND openssl.OPENSSL-INC version is less than A.00.09.08y.003 AND openssl.OPENSSL-LIB version is less than A.00.09.08y.003 AND openssl.OPENSSL-MAN version is less than A.00.09.08y.003 AND openssl.OPENSSL-MIS version is less than A.00.09.08y.003 AND openssl.OPENSSL-PRNG version is less than A.00.09.08y.003 AND openssl.OPENSSL-PVT version is less than A.00.09.08y.003 AND openssl.OPENSSL-RUN version is less than A.00.09.08y.003 AND openssl.OPENSSL-SRC version is less than A.00.09.08y.003

Definition Id: oval:org.mitre.oval:def:18854

Oval ID:	oval:org.mitre.oval:def:18854
Title:	HP-UX Running OpenSSL, Remote Denial of Service (DoS)
Description:	The mime_param_cmp function in crypto/asn1/asn_mime.c in OpenSSL before 0.9.8u and 1.x before 1.0.0h allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message, a different vulnerability than CVE-2006-7250.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2012-1165	Version:	12
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX02782 HP Release B.11.11 AND filesets tests openssl.OPENSSL-CER version is less than A.00.09.08w.001 AND openssl.OPENSSL-CONF version is less than A.00.09.08w.001 AND openssl.OPENSSL-DOC version is less than A.00.09.08w.001 AND openssl.OPENSSL-INC version is less than A.00.09.08w.001 AND openssl.OPENSSL-LIB version is less than A.00.09.08w.001 AND openssl.OPENSSL-MAN version is less than A.00.09.08w.001 AND openssl.OPENSSL-MIS version is less than A.00.09.08w.001 AND openssl.OPENSSL-PRNG version is less than A.00.09.08w.001 AND openssl.OPENSSL-PVT version is less than A.00.09.08w.001 AND openssl.OPENSSL-RUN version is less than A.00.09.08w.001 AND openssl.OPENSSL-SRC version is less than A.00.09.08w.001 OR Criteria meets HP Security Bulletin HPSBUX02782 HP Release B.11.23 AND filesets tests openssl.OPENSSL-CER version is less than A.00.09.08w.002 AND openssl.OPENSSL-CONF version is less than A.00.09.08w.002 AND openssl.OPENSSL-DOC version is less than A.00.09.08w.002 AND openssl.OPENSSL-INC version is less than A.00.09.08w.002 AND openssl.OPENSSL-LIB version is less than A.00.09.08w.002 AND openssl.OPENSSL-MAN version is less than A.00.09.08w.002 AND openssl.OPENSSL-MIS version is less than A.00.09.08w.002 AND openssl.OPENSSL-PRNG version is less than A.00.09.08w.002 AND openssl.OPENSSL-PVT version is less than A.00.09.08w.002 AND openssl.OPENSSL-RUN version is less than A.00.09.08w.002 AND openssl.OPENSSL-SRC version is less than A.00.09.08w.002 OR Criteria meets HP Security Bulletin HPSBUX02782 HP-UX B.11.31 AND filesets tests openssl.OPENSSL-CER version is less than A.00.09.08w.003 AND openssl.OPENSSL-CONF version is less than A.00.09.08w.003 AND openssl.OPENSSL-DOC version is less than A.00.09.08w.003 AND openssl.OPENSSL-INC version is less than A.00.09.08w.003 AND openssl.OPENSSL-LIB version is less than A.00.09.08w.003 AND openssl.OPENSSL-MAN version is less than A.00.09.08w.003 AND openssl.OPENSSL-MIS version is less than A.00.09.08w.003 AND openssl.OPENSSL-PRNG version is less than A.00.09.08w.003 AND openssl.OPENSSL-PVT version is less than A.00.09.08w.003 AND openssl.OPENSSL-RUN version is less than A.00.09.08w.003 AND openssl.OPENSSL-SRC version is less than A.00.09.08w.003

Definition Id: oval:org.mitre.oval:def:18868

Oval ID:	oval:org.mitre.oval:def:18868
Title:	OpenSSL vulnerability 1.0.1 before 1.0.1d in VisualSVN Server (CVE-2012-2686)
Description:	crypto/evp/e_aes_cbc_hmac_sha1.c in the AES-NI functionality in the TLS 1.1 and 1.2 implementations in OpenSSL 1.0.1 before 1.0.1d allows remote attackers to cause a denial of service (application crash) via crafted CBC data.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2012-2686	Version:	5
Platform(s):	Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	VisualSVN Server
Definition Synopsis:
VisualSVN Server is installed AND Check the version of OpenSSL in VisualSVN Server Check if OpenSSL version is greater than or equals to 1.0.1.0 in VisualSVN Server AND Check if OpenSSL version is less than or equals to 1.0.1.3 in VisualSVN Server

Definition Id: oval:org.mitre.oval:def:19016

Oval ID:	oval:org.mitre.oval:def:19016
Title:	OpenSSL vulnerability before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d in VisualSVN Server (CVE-2013-0169)
Description:	The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2013-0169	Version:	6
Platform(s):	Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	VisualSVN Server
Definition Synopsis:
VisualSVN Server is installed If the version of OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d in VisualSVN Server Check the version of OpenSSL in VisualSVN Server Check if OpenSSL version is greater than or equals to 0.9.8.0 in VisualSVN Server AND Check if OpenSSL version is less than or equals to 0.9.8.24 in VisualSVN Server AND Check the version of OpenSSL in VisualSVN Server Check if OpenSSL version is greater than or equals to 1.0.0.0 in VisualSVN Server AND Check if OpenSSL version is less than or equals to 1.0.0.10 in VisualSVN Server AND Check the version of OpenSSL in VisualSVN Server Check if OpenSSL version is greater than or equals to 1.0.1.0 in VisualSVN Server AND Check if OpenSSL version is less than or equals to 1.0.1.3 in VisualSVN Server AND Check if OpenSSL version is less than or equals to 0.9.6.13 in VisualSVN Server AND Check if OpenSSL version equals to 0.9.1.1 in VisualSVN Server AND Check if OpenSSL version equals to 0.9.2.2 in VisualSVN Server AND Check if OpenSSL version equals to 0.9.3.0 in VisualSVN Server AND Check if OpenSSL version equals to 0.9.3.1 in VisualSVN Server AND Check if OpenSSL version equals to 0.9.4.0 in VisualSVN Server AND Check if OpenSSL version equals to 0.9.5.0 in VisualSVN Server AND Check if OpenSSL version equals to 0.9.5.1 in VisualSVN Server

Definition Id: oval:org.mitre.oval:def:19081

Oval ID:	oval:org.mitre.oval:def:19081
Title:	OpenSSL vulnerability before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d in VisualSVN Server (CVE-2013-0166)
Description:	OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2013-0166	Version:	6
Platform(s):	Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	VisualSVN Server
Definition Synopsis:
VisualSVN Server is installed If the version of OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d in VisualSVN Server Check the version of OpenSSL in VisualSVN Server Check if OpenSSL version is greater than or equals to 0.9.8.0 in VisualSVN Server AND Check if OpenSSL version is less than or equals to 0.9.8.24 in VisualSVN Server AND Check the version of OpenSSL in VisualSVN Server Check if OpenSSL version is greater than or equals to 0.9.7.0 in VisualSVN Server AND Check if OpenSSL version is less than or equals to 0.9.7.13 in VisualSVN Server AND Check the version of OpenSSL in VisualSVN Server Check if OpenSSL version is greater than or equals to 0.9.6.0 in VisualSVN Server AND Check if OpenSSL version is less than or equals to 0.9.6.13 in VisualSVN Server AND Check the version of OpenSSL in VisualSVN Server Check if OpenSSL version is greater than or equals to 1.0.0.0 in VisualSVN Server AND Check if OpenSSL version is less than or equals to 1.0.0.10 in VisualSVN Server AND Check the version of OpenSSL in VisualSVN Server Check if OpenSSL version is greater than or equals to 1.0.1.0 in VisualSVN Server AND Check if OpenSSL version is less than or equals to 1.0.1.3 in VisualSVN Server AND Check if OpenSSL version is less than or equals to 0.9.6.13 in VisualSVN Server AND Check if OpenSSL version equals to 0.9.1.1 in VisualSVN Server AND Check if OpenSSL version equals to 0.9.2.2 in VisualSVN Server AND Check if OpenSSL version equals to 0.9.3.0 in VisualSVN Server AND Check if OpenSSL version equals to 0.9.3.1 in VisualSVN Server AND Check if OpenSSL version equals to 0.9.4.0 in VisualSVN Server AND Check if OpenSSL version equals to 0.9.5.0 in VisualSVN Server AND Check if OpenSSL version equals to 0.9.5.1 in VisualSVN Server

Definition Id: oval:org.mitre.oval:def:19360

Oval ID:	oval:org.mitre.oval:def:19360
Title:	Multiple OpenSSL vulnerabilities
Description:	OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2013-0166	Version:	5
Platform(s):	IBM AIX 5.3 IBM AIX 6.1 IBM AIX 7.1	Product(s):
Definition Synopsis:
Criteria meets IBM AIX Security Advisory OS check IBM AIX 5.3 is installed AND openssl.base less than or equal to 0.9.8.2400 OR OS check IBM AIX 6.1 is installed AND openssl.base less than or equal to 0.9.8.2400 OR OS check IBM AIX 7.1 is installed AND openssl.base less than or equal to 0.9.8.2400 OR Criteria meets IBM AIX Security Advisory OS check IBM AIX 5.3 is installed AND openssl-fips.base less than or equal to 12.9.8.2400 OR OS check IBM AIX 6.1 is installed AND openssl-fips.base less than or equal to 12.9.8.2400 OR OS check IBM AIX 7.1 is installed AND openssl-fips.base less than or equal to 12.9.8.2400

Definition Id: oval:org.mitre.oval:def:19424

Oval ID:	oval:org.mitre.oval:def:19424
Title:	HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description:	The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2013-0169	Version:	11
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
platforms HP Release B.11.23 AND HP-UX B.11.31 AND filesets test Jdk70.JDK70-COM version is less than 1.7.0.05.00 AND Jdk70.JDK70-DEMO version is less than 1.7.0.05.00 AND Jdk70.JDK70-IPF32 version is less than 1.7.0.05.00 AND Jdk70.JDK70-IPF64 version is less than 1.7.0.05.00 AND Jre70.JRE70-COM version is less than 1.7.0.05.00 AND Jre70.JRE70-IPF32 version is less than 1.7.0.05.00 AND Jre70.JRE70-IPF32-HS version is less than 1.7.0.05.00 AND Jre70.JRE70-IPF64 version is less than 1.7.0.05.00 AND Jre70.JRE70-IPF64-HS version is less than 1.7.0.05.00

Definition Id: oval:org.mitre.oval:def:19428

Oval ID:	oval:org.mitre.oval:def:19428
Title:	HP-UX Apache Web Server, Remote Denial of Service (DoS)
Description:	The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2013-0169	Version:	7
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
HP Release B.11.11 AND filesets test hpuxwsAPACHE.APACHE version is less than B.2.0.64.05 AND hpuxwsAPACHE.APACHE2 version is less than B.2.0.64.05 AND hpuxwsAPACHE.AUTH_LDAP version is less than B.2.0.64.05 AND hpuxwsAPACHE.AUTH_LDAP2 version is less than B.2.0.64.05 AND hpuxwsAPACHE.MOD_JK version is less than B.2.0.64.05 AND hpuxwsAPACHE.MOD_JK2 version is less than B.2.0.64.05 AND hpuxwsAPACHE.MOD_PERL version is less than B.2.0.64.05 AND hpuxwsAPACHE.MOD_PERL2 version is less than B.2.0.64.05 AND hpuxwsAPACHE.PHP version is less than B.2.0.64.05 AND hpuxwsAPACHE.PHP2 version is less than B.2.0.64.05 AND hpuxwsAPACHE.WEBPROXY version is less than B.2.0.64.05

Definition Id: oval:org.mitre.oval:def:19487

Oval ID:	oval:org.mitre.oval:def:19487
Title:	HP-UX Running OpenSSL, Remote Denial of Service (DoS) and Unauthorized Disclosure
Description:	OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2013-0166	Version:	12
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX02856 HP Release B.11.11 AND filesets test openssl.OPENSSL-CER version is less than A.00.09.08y.001 AND openssl.OPENSSL-CONF version is less than A.00.09.08y.001 AND openssl.OPENSSL-DOC version is less than A.00.09.08y.001 AND openssl.OPENSSL-INC version is less than A.00.09.08y.001 AND openssl.OPENSSL-LIB version is less than A.00.09.08y.001 AND openssl.OPENSSL-MAN version is less than A.00.09.08y.001 AND openssl.OPENSSL-MIS version is less than A.00.09.08y.001 AND openssl.OPENSSL-PRNG version is less than A.00.09.08y.001 AND openssl.OPENSSL-PVT version is less than A.00.09.08y.001 AND openssl.OPENSSL-RUN version is less than A.00.09.08y.001 AND openssl.OPENSSL-SRC version is less than A.00.09.08y.001 OR Criteria meets HP Security Bulletin HPSBUX02856 HP Release B.11.23 AND filesets test openssl.OPENSSL-CER version is less than A.00.09.08y.002 AND openssl.OPENSSL-CONF version is less than A.00.09.08y.002 AND openssl.OPENSSL-DOC version is less than A.00.09.08y.002 AND openssl.OPENSSL-INC version is less than A.00.09.08y.002 AND openssl.OPENSSL-LIB version is less than A.00.09.08y.002 AND openssl.OPENSSL-MAN version is less than A.00.09.08y.002 AND openssl.OPENSSL-MIS version is less than A.00.09.08y.002 AND openssl.OPENSSL-PRNG version is less than A.00.09.08y.002 AND openssl.OPENSSL-PVT version is less than A.00.09.08y.002 AND openssl.OPENSSL-RUN version is less than A.00.09.08y.002 AND openssl.OPENSSL-SRC version is less than A.00.09.08y.002 OR Criteria meets HP Security Bulletin HPSBUX02856 HP-UX B.11.31 AND filesets test openssl.OPENSSL-CER version is less than A.00.09.08y.003 AND openssl.OPENSSL-CONF version is less than A.00.09.08y.003 AND openssl.OPENSSL-DOC version is less than A.00.09.08y.003 AND openssl.OPENSSL-INC version is less than A.00.09.08y.003 AND openssl.OPENSSL-LIB version is less than A.00.09.08y.003 AND openssl.OPENSSL-MAN version is less than A.00.09.08y.003 AND openssl.OPENSSL-MIS version is less than A.00.09.08y.003 AND openssl.OPENSSL-PRNG version is less than A.00.09.08y.003 AND openssl.OPENSSL-PVT version is less than A.00.09.08y.003 AND openssl.OPENSSL-RUN version is less than A.00.09.08y.003 AND openssl.OPENSSL-SRC version is less than A.00.09.08y.003

Definition Id: oval:org.mitre.oval:def:19540

Oval ID:	oval:org.mitre.oval:def:19540
Title:	HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description:	The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2013-0169	Version:	12
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX02867 platforms HP Release B.11.23 AND HP-UX B.11.31 AND filesets tests Jdk15.JDK15-COM version is less than 1.5.0.28.00 AND Jdk15.JDK15-DEMO version is less than 1.5.0.28.00 AND Jdk15.JDK15-IPF32 version is less than 1.5.0.28.00 AND Jdk15.JDK15-IPF64 version is less than 1.5.0.28.00 AND Jre15.JRE15-COM version is less than 1.5.0.28.00 AND Jre15.JRE15-COM-DOC version is less than 1.5.0.28.00 AND Jre15.JRE15-IPF32 version is less than 1.5.0.28.00 AND Jre15.JRE15-IPF32-HS version is less than 1.5.0.28.00 AND Jre15.JRE15-IPF64 version is less than 1.5.0.28.00 AND Jre15.JRE15-IPF64-HS version is less than 1.5.0.28.00 OR Criteria meets HP Security Bulletin HPSBUX02867 platforms HP Release B.11.11 AND HP Release B.11.23 AND filesets tests Jdk15.JDK15-COM version is less than 1.5.0.28.00 AND Jdk15.JDK15-DEMO version is less than 1.5.0.28.00 AND Jdk15.JDK15-PA20 version is less than 1.5.0.28.00 AND Jdk15.JDK15-PA20W version is less than 1.5.0.28.00 AND Jre15.JRE15-COM version is less than 1.5.0.28.00 AND Jre15.JRE15-COM-DOC version is less than 1.5.0.28.00 AND Jre15.JRE15-PA20 version is less than 1.5.0.28.00 AND Jre15.JRE15-PA20-HS version is less than 1.5.0.28.00 AND Jre15.JRE15-PA20W version is less than 1.5.0.28.00 AND Jre15.JRE15-PA20W-HS version is less than 1.5.0.28.00

Definition Id: oval:org.mitre.oval:def:19592

Oval ID:	oval:org.mitre.oval:def:19592
Title:	HP-UX Running OpenSSL, Remote Denial of Service (DoS)
Description:	The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2012-2110	Version:	11
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX02782 HP Release B.11.11 AND filesets tests openssl.OPENSSL-CER version is less than A.00.09.08w.001 AND openssl.OPENSSL-CONF version is less than A.00.09.08w.001 AND openssl.OPENSSL-DOC version is less than A.00.09.08w.001 AND openssl.OPENSSL-INC version is less than A.00.09.08w.001 AND openssl.OPENSSL-LIB version is less than A.00.09.08w.001 AND openssl.OPENSSL-MAN version is less than A.00.09.08w.001 AND openssl.OPENSSL-MIS version is less than A.00.09.08w.001 AND openssl.OPENSSL-PRNG version is less than A.00.09.08w.001 AND openssl.OPENSSL-PVT version is less than A.00.09.08w.001 AND openssl.OPENSSL-RUN version is less than A.00.09.08w.001 AND openssl.OPENSSL-SRC version is less than A.00.09.08w.001 OR Criteria meets HP Security Bulletin HPSBUX02782 HP Release B.11.23 AND filesets tests openssl.OPENSSL-CER version is less than A.00.09.08w.002 AND openssl.OPENSSL-CONF version is less than A.00.09.08w.002 AND openssl.OPENSSL-DOC version is less than A.00.09.08w.002 AND openssl.OPENSSL-INC version is less than A.00.09.08w.002 AND openssl.OPENSSL-LIB version is less than A.00.09.08w.002 AND openssl.OPENSSL-MAN version is less than A.00.09.08w.002 AND openssl.OPENSSL-MIS version is less than A.00.09.08w.002 AND openssl.OPENSSL-PRNG version is less than A.00.09.08w.002 AND openssl.OPENSSL-PVT version is less than A.00.09.08w.002 AND openssl.OPENSSL-RUN version is less than A.00.09.08w.002 AND openssl.OPENSSL-SRC version is less than A.00.09.08w.002 OR Criteria meets HP Security Bulletin HPSBUX02782 HP-UX B.11.31 AND filesets tests openssl.OPENSSL-CER version is less than A.00.09.08w.003 AND openssl.OPENSSL-CONF version is less than A.00.09.08w.003 AND openssl.OPENSSL-DOC version is less than A.00.09.08w.003 AND openssl.OPENSSL-INC version is less than A.00.09.08w.003 AND openssl.OPENSSL-LIB version is less than A.00.09.08w.003 AND openssl.OPENSSL-MAN version is less than A.00.09.08w.003 AND openssl.OPENSSL-MIS version is less than A.00.09.08w.003 AND openssl.OPENSSL-PRNG version is less than A.00.09.08w.003 AND openssl.OPENSSL-PVT version is less than A.00.09.08w.003 AND openssl.OPENSSL-RUN version is less than A.00.09.08w.003 AND openssl.OPENSSL-SRC version is less than A.00.09.08w.003

Definition Id: oval:org.mitre.oval:def:19608

Oval ID:	oval:org.mitre.oval:def:19608
Title:	Multiple OpenSSL vulnerabilities
Description:	The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2013-0169	Version:	5
Platform(s):	IBM AIX 5.3 IBM AIX 6.1 IBM AIX 7.1	Product(s):
Definition Synopsis:
Criteria meets IBM AIX Security Advisory OS check IBM AIX 5.3 is installed AND openssl.base less than or equal to 0.9.8.2400 OR OS check IBM AIX 6.1 is installed AND openssl.base less than or equal to 0.9.8.2400 OR OS check IBM AIX 7.1 is installed AND openssl.base less than or equal to 0.9.8.2400 OR Criteria meets IBM AIX Security Advisory OS check IBM AIX 5.3 is installed AND openssl-fips.base less than or equal to 12.9.8.2400 OR OS check IBM AIX 6.1 is installed AND openssl-fips.base less than or equal to 12.9.8.2400 OR OS check IBM AIX 7.1 is installed AND openssl-fips.base less than or equal to 12.9.8.2400

Definition Id: oval:org.mitre.oval:def:19623

Oval ID:	oval:org.mitre.oval:def:19623
Title:	HP-UX Running OpenSSL, Remote Denial of Service (DoS)
Description:	Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2012-2333	Version:	11
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX02814 HP Release B.11.11 AND filesets tests openssl.OPENSSL-CER version is less than A.00.09.08x.001 AND openssl.OPENSSL-CONF version is less than A.00.09.08x.001 AND openssl.OPENSSL-DOC version is less than A.00.09.08x.001 AND openssl.OPENSSL-INC version is less than A.00.09.08x.001 AND openssl.OPENSSL-LIB version is less than A.00.09.08x.001 AND openssl.OPENSSL-MAN version is less than A.00.09.08x.001 AND openssl.OPENSSL-MIS version is less than A.00.09.08x.001 AND openssl.OPENSSL-PRNG version is less than A.00.09.08x.001 AND openssl.OPENSSL-PVT version is less than A.00.09.08x.001 AND openssl.OPENSSL-RUN version is less than A.00.09.08x.001 AND openssl.OPENSSL-SRC version is less than A.00.09.08x.001 OR Criteria meets HP Security Bulletin HPSBUX02814 HP Release B.11.23 AND filesets tests openssl.OPENSSL-CER version is less than A.00.09.08x.002 AND openssl.OPENSSL-CONF version is less than A.00.09.08x.002 AND openssl.OPENSSL-DOC version is less than A.00.09.08x.002 AND openssl.OPENSSL-INC version is less than A.00.09.08x.002 AND openssl.OPENSSL-LIB version is less than A.00.09.08x.002 AND openssl.OPENSSL-MAN version is less than A.00.09.08x.002 AND openssl.OPENSSL-MIS version is less than A.00.09.08x.002 AND openssl.OPENSSL-PRNG version is less than A.00.09.08x.002 AND openssl.OPENSSL-PVT version is less than A.00.09.08x.002 AND openssl.OPENSSL-RUN version is less than A.00.09.08x.002 AND openssl.OPENSSL-SRC version is less than A.00.09.08x.002 OR Criteria meets HP Security Bulletin HPSBUX02814 HP-UX B.11.31 AND filesets tests openssl.OPENSSL-CER version is less than A.00.09.08x.003 AND openssl.OPENSSL-CONF version is less than A.00.09.08x.003 AND openssl.OPENSSL-DOC version is less than A.00.09.08x.003 AND openssl.OPENSSL-INC version is less than A.00.09.08x.003 AND openssl.OPENSSL-LIB version is less than A.00.09.08x.003 AND openssl.OPENSSL-MAN version is less than A.00.09.08x.003 AND openssl.OPENSSL-MIS version is less than A.00.09.08x.003 AND openssl.OPENSSL-PRNG version is less than A.00.09.08x.003 AND openssl.OPENSSL-PVT version is less than A.00.09.08x.003 AND openssl.OPENSSL-RUN version is less than A.00.09.08x.003 AND openssl.OPENSSL-SRC version is less than A.00.09.08x.003

Definition Id: oval:org.mitre.oval:def:19660

Oval ID:	oval:org.mitre.oval:def:19660
Title:	HP-UX Apache Web Server, Remote Denial of Service (DoS)
Description:	crypto/evp/e_aes_cbc_hmac_sha1.c in the AES-NI functionality in the TLS 1.1 and 1.2 implementations in OpenSSL 1.0.1 before 1.0.1d allows remote attackers to cause a denial of service (application crash) via crafted CBC data.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2012-2686	Version:	7
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
HP Release B.11.11 AND filesets test hpuxwsAPACHE.APACHE version is less than B.2.0.64.05 AND hpuxwsAPACHE.APACHE2 version is less than B.2.0.64.05 AND hpuxwsAPACHE.AUTH_LDAP version is less than B.2.0.64.05 AND hpuxwsAPACHE.AUTH_LDAP2 version is less than B.2.0.64.05 AND hpuxwsAPACHE.MOD_JK version is less than B.2.0.64.05 AND hpuxwsAPACHE.MOD_JK2 version is less than B.2.0.64.05 AND hpuxwsAPACHE.MOD_PERL version is less than B.2.0.64.05 AND hpuxwsAPACHE.MOD_PERL2 version is less than B.2.0.64.05 AND hpuxwsAPACHE.PHP version is less than B.2.0.64.05 AND hpuxwsAPACHE.PHP2 version is less than B.2.0.64.05 AND hpuxwsAPACHE.WEBPROXY version is less than B.2.0.64.05

Definition Id: oval:org.mitre.oval:def:19759

Oval ID:	oval:org.mitre.oval:def:19759
Title:	HP-UX Running OpenSSL, Remote Denial of Service (DoS)
Description:	The mime_hdr_cmp function in crypto/asn1/asn_mime.c in OpenSSL 0.9.8t and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2006-7250	Version:	11
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX02782 HP Release B.11.11 AND filesets tests openssl.OPENSSL-CER version is less than A.00.09.08w.001 AND openssl.OPENSSL-CONF version is less than A.00.09.08w.001 AND openssl.OPENSSL-DOC version is less than A.00.09.08w.001 AND openssl.OPENSSL-INC version is less than A.00.09.08w.001 AND openssl.OPENSSL-LIB version is less than A.00.09.08w.001 AND openssl.OPENSSL-MAN version is less than A.00.09.08w.001 AND openssl.OPENSSL-MIS version is less than A.00.09.08w.001 AND openssl.OPENSSL-PRNG version is less than A.00.09.08w.001 AND openssl.OPENSSL-PVT version is less than A.00.09.08w.001 AND openssl.OPENSSL-RUN version is less than A.00.09.08w.001 AND openssl.OPENSSL-SRC version is less than A.00.09.08w.001 OR Criteria meets HP Security Bulletin HPSBUX02782 HP Release B.11.23 AND filesets tests openssl.OPENSSL-CER version is less than A.00.09.08w.002 AND openssl.OPENSSL-CONF version is less than A.00.09.08w.002 AND openssl.OPENSSL-DOC version is less than A.00.09.08w.002 AND openssl.OPENSSL-INC version is less than A.00.09.08w.002 AND openssl.OPENSSL-LIB version is less than A.00.09.08w.002 AND openssl.OPENSSL-MAN version is less than A.00.09.08w.002 AND openssl.OPENSSL-MIS version is less than A.00.09.08w.002 AND openssl.OPENSSL-PRNG version is less than A.00.09.08w.002 AND openssl.OPENSSL-PVT version is less than A.00.09.08w.002 AND openssl.OPENSSL-RUN version is less than A.00.09.08w.002 AND openssl.OPENSSL-SRC version is less than A.00.09.08w.002 OR Criteria meets HP Security Bulletin HPSBUX02782 HP-UX B.11.31 AND filesets tests openssl.OPENSSL-CER version is less than A.00.09.08w.003 AND openssl.OPENSSL-CONF version is less than A.00.09.08w.003 AND openssl.OPENSSL-DOC version is less than A.00.09.08w.003 AND openssl.OPENSSL-INC version is less than A.00.09.08w.003 AND openssl.OPENSSL-LIB version is less than A.00.09.08w.003 AND openssl.OPENSSL-MAN version is less than A.00.09.08w.003 AND openssl.OPENSSL-MIS version is less than A.00.09.08w.003 AND openssl.OPENSSL-PRNG version is less than A.00.09.08w.003 AND openssl.OPENSSL-PVT version is less than A.00.09.08w.003 AND openssl.OPENSSL-RUN version is less than A.00.09.08w.003 AND openssl.OPENSSL-SRC version is less than A.00.09.08w.003

Definition Id: oval:org.mitre.oval:def:19793

Oval ID:	oval:org.mitre.oval:def:19793
Title:	HP-UX Running OpenSSL, Remote Denial of Service (DoS)
Description:	The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack (MMA) adaptive chosen ciphertext attack.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2012-0884	Version:	11
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX02782 HP Release B.11.11 AND filesets tests openssl.OPENSSL-CER version is less than A.00.09.08w.001 AND openssl.OPENSSL-CONF version is less than A.00.09.08w.001 AND openssl.OPENSSL-DOC version is less than A.00.09.08w.001 AND openssl.OPENSSL-INC version is less than A.00.09.08w.001 AND openssl.OPENSSL-LIB version is less than A.00.09.08w.001 AND openssl.OPENSSL-MAN version is less than A.00.09.08w.001 AND openssl.OPENSSL-MIS version is less than A.00.09.08w.001 AND openssl.OPENSSL-PRNG version is less than A.00.09.08w.001 AND openssl.OPENSSL-PVT version is less than A.00.09.08w.001 AND openssl.OPENSSL-RUN version is less than A.00.09.08w.001 AND openssl.OPENSSL-SRC version is less than A.00.09.08w.001 OR Criteria meets HP Security Bulletin HPSBUX02782 HP Release B.11.23 AND filesets tests openssl.OPENSSL-CER version is less than A.00.09.08w.002 AND openssl.OPENSSL-CONF version is less than A.00.09.08w.002 AND openssl.OPENSSL-DOC version is less than A.00.09.08w.002 AND openssl.OPENSSL-INC version is less than A.00.09.08w.002 AND openssl.OPENSSL-LIB version is less than A.00.09.08w.002 AND openssl.OPENSSL-MAN version is less than A.00.09.08w.002 AND openssl.OPENSSL-MIS version is less than A.00.09.08w.002 AND openssl.OPENSSL-PRNG version is less than A.00.09.08w.002 AND openssl.OPENSSL-PVT version is less than A.00.09.08w.002 AND openssl.OPENSSL-RUN version is less than A.00.09.08w.002 AND openssl.OPENSSL-SRC version is less than A.00.09.08w.002 OR Criteria meets HP Security Bulletin HPSBUX02782 HP-UX B.11.31 AND filesets tests openssl.OPENSSL-CER version is less than A.00.09.08w.003 AND openssl.OPENSSL-CONF version is less than A.00.09.08w.003 AND openssl.OPENSSL-DOC version is less than A.00.09.08w.003 AND openssl.OPENSSL-INC version is less than A.00.09.08w.003 AND openssl.OPENSSL-LIB version is less than A.00.09.08w.003 AND openssl.OPENSSL-MAN version is less than A.00.09.08w.003 AND openssl.OPENSSL-MIS version is less than A.00.09.08w.003 AND openssl.OPENSSL-PRNG version is less than A.00.09.08w.003 AND openssl.OPENSSL-PVT version is less than A.00.09.08w.003 AND openssl.OPENSSL-RUN version is less than A.00.09.08w.003 AND openssl.OPENSSL-SRC version is less than A.00.09.08w.003

Definition Id: oval:org.mitre.oval:def:19831

Oval ID:	oval:org.mitre.oval:def:19831
Title:	VMware vCenter Server, ESXi and ESX address an NFC Protocol memory corruption and third party library security issues.
Description:	The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2012-2110	Version:	4
Platform(s):	VMWare ESX Server 3.5	Product(s):
Definition Synopsis:
Patch ESX350-201302401-SG is not installed VMware ESX Server 3.5.0 is installed AND Patch ESX350-201302401-SG is not installed

Definition Id: oval:org.mitre.oval:def:20262

Oval ID:	oval:org.mitre.oval:def:20262
Title:	Multiple OpenSSL vulnerabilities
Description:	The mime_param_cmp function in crypto/asn1/asn_mime.c in OpenSSL before 0.9.8u and 1.x before 1.0.0h allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message, a different vulnerability than CVE-2006-7250.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2012-1165	Version:	4
Platform(s):	IBM AIX 6.1 IBM AIX 7.1	Product(s):
Definition Synopsis:
IBM AIX 6.1 is installed AND filesets openssl.base less than or equal 0.9.8.1801 AND OpenSSL-fips.base less than or equal 12.9.8.1801

Definition Id: oval:org.mitre.oval:def:20686

Oval ID:	oval:org.mitre.oval:def:20686
Title:	VMware vSphere, ESX and ESXi updates to third party libraries
Description:	OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2013-0166	Version:	4
Platform(s):	VMWare ESX Server 4.1 VMWare ESX Server 4.0	Product(s):
Definition Synopsis:
Patch ESX410-201307403-SG is not installed VMware ESX Server 4.1 is installed AND Patch ESX410-201307403-SG is not installed OR Patch ESX400-201310401-SG is not installed VMware ESX Server 4.0 is installed AND Patch ESX400-201310401-SG is not installed

Definition Id: oval:org.mitre.oval:def:20716

Oval ID:	oval:org.mitre.oval:def:20716
Title:	VMware vSphere and vCOps updates to third party libraries
Description:	The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2012-2110	Version:	4
Platform(s):	VMWare ESX Server 4.1 VMWare ESX Server 4.0	Product(s):
Definition Synopsis:
Patch ESX410-201208103-SG is not installed VMware ESX Server 4.1 is installed AND Patch ESX410-201208103-SG is not installed OR Patch ESX400-201209401-SG is not installed VMware ESX Server 4.0 is installed AND Patch ESX400-201209401-SG is not installed

Definition Id: oval:org.mitre.oval:def:20725

Oval ID:	oval:org.mitre.oval:def:20725
Title:	Multiple OpenSSL vulnerabilities
Description:	Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2012-2333	Version:	4
Platform(s):	IBM AIX 6.1 IBM AIX 7.1	Product(s):
Definition Synopsis:
IBM AIX 6.1 is installed AND filesets openssl.base less than or equal 0.9.8.1801 AND OpenSSL-fips.base less than or equal 12.9.8.1801

Definition Id: oval:org.mitre.oval:def:20753

Oval ID:	oval:org.mitre.oval:def:20753
Title:	Multiple OpenSSL vulnerabilities
Description:	The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack (MMA) adaptive chosen ciphertext attack.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2012-0884	Version:	4
Platform(s):	IBM AIX 6.1 IBM AIX 7.1	Product(s):
Definition Synopsis:
IBM AIX 6.1 is installed AND filesets openssl.base less than or equal 0.9.8.1801 AND OpenSSL-fips.base less than or equal 12.9.8.1801

Definition Id: oval:org.mitre.oval:def:20786

Oval ID:	oval:org.mitre.oval:def:20786
Title:	VMware vSphere, ESX and ESXi updates to third party libraries
Description:	The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2013-0169	Version:	4
Platform(s):	VMWare ESX Server 4.1 VMWare ESX Server 4.0	Product(s):
Definition Synopsis:
Patch ESX410-201307403-SG is not installed VMware ESX Server 4.1 is installed AND Patch ESX410-201307403-SG is not installed OR Patch ESX400-201310401-SG is not installed VMware ESX Server 4.0 is installed AND Patch ESX400-201310401-SG is not installed

Definition Id: oval:org.mitre.oval:def:21032

Oval ID:	oval:org.mitre.oval:def:21032
Title:	Multiple OpenSSL vulnerabilities
Description:	The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2012-2110	Version:	4
Platform(s):	IBM AIX 6.1 IBM AIX 7.1	Product(s):
Definition Synopsis:
IBM AIX 6.1 is installed AND filesets openssl.base less than or equal 0.9.8.1801 AND OpenSSL-fips.base less than or equal 12.9.8.1801

Definition Id: oval:org.mitre.oval:def:21079

Oval ID:	oval:org.mitre.oval:def:21079
Title:	RHSA-2013:0587: openssl security update (Moderate)
Description:	The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Family:	unix	Class:	patch
Reference(s):	RHSA-2013:0587-01 CESA-2013:0587 CVE-2012-4929 CVE-2013-0166 CVE-2013-0169	Version:	45
Platform(s):	Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6	Product(s):	openssl
Definition Synopsis:
Operation system section Redhat 6 or Centos 6 release The operating system installed on the system is Red Hat Enterprise Linux 6 AND CentOS Linux 6.x Packages section openssl-devel is earlier than 0:1.0.0-27.el6_4.2 AND openssl-static is earlier than 0:1.0.0-27.el6_4.2 AND openssl-perl is earlier than 0:1.0.0-27.el6_4.2 AND openssl is earlier than 0:1.0.0-27.el6_4.2 AND Operation system section Redhat 5 or Centos 5 release The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x Packages section openssl-devel is earlier than 0:0.9.8e-26.el5_9.1 AND openssl-perl is earlier than 0:0.9.8e-26.el5_9.1 AND openssl is earlier than 0:0.9.8e-26.el5_9.1

Definition Id: oval:org.mitre.oval:def:21279

Oval ID:	oval:org.mitre.oval:def:21279
Title:	RHSA-2012:0426: openssl security and bug fix update (Moderate)
Description:	The mime_param_cmp function in crypto/asn1/asn_mime.c in OpenSSL before 0.9.8u and 1.x before 1.0.0h allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message, a different vulnerability than CVE-2006-7250.
Family:	unix	Class:	patch
Reference(s):	RHSA-2012:0426-02 CESA-2012:0426 CVE-2012-0884 CVE-2012-1165	Version:	29
Platform(s):	Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6	Product(s):	openssl
Definition Synopsis:
Operation system section Redhat 5 or Centos 5 release The operating system installed on the system is Red Hat Enterprise Linux 5 AND The operating system installed on the system is CentOS Linux 5.x Packages section openssl-devel is earlier than 0:0.9.8e-22.el5_8.1 AND openssl-perl is earlier than 0:0.9.8e-22.el5_8.1 AND openssl is earlier than 0:0.9.8e-22.el5_8.1 AND Operation system section Redhat 6 or Centos 6 release The operating system installed on the system is Red Hat Enterprise Linux 6 AND The operating system installed on the system is CentOS Linux 6.x Packages section openssl-devel is earlier than 0:1.0.0-20.el6_2.3 AND openssl-static is earlier than 0:1.0.0-20.el6_2.3 AND openssl-perl is earlier than 0:1.0.0-20.el6_2.3 AND openssl is earlier than 0:1.0.0-20.el6_2.3

Definition Id: oval:org.mitre.oval:def:21366

Oval ID:	oval:org.mitre.oval:def:21366
Title:	RHSA-2012:0518: openssl security update (Important)
Description:	The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key.
Family:	unix	Class:	patch
Reference(s):	RHSA-2012:0518-02 CESA-2012:0518 CVE-2012-2110	Version:	4
Platform(s):	Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5 CentOS Linux 5 CentOS Linux 6	Product(s):	openssl openssl097a openssl098e
Definition Synopsis:
Operation system section Redhat 5 or Centos 5 release The operating system installed on the system is Red Hat Enterprise Linux 5 AND The operating system installed on the system is CentOS Linux 5.x Packages section openssl-devel is earlier than 0:0.9.8e-22.el5_8.3 AND openssl-perl is earlier than 0:0.9.8e-22.el5_8.3 AND openssl is earlier than 0:0.9.8e-22.el5_8.3 AND openssl097a is earlier than 0:0.9.7a-11.el5_8.2 OR Redhat 6 and Centos 6 section Redhat 6 or Centos 6 release The operating system installed on the system is Red Hat Enterprise Linux 6 AND The operating system installed on the system is CentOS Linux 6.x AND Packages section openssl-devel is earlier than 0:1.0.0-20.el6_2.4 AND openssl-static is earlier than 0:1.0.0-20.el6_2.4 AND openssl-perl is earlier than 0:1.0.0-20.el6_2.4 AND openssl is earlier than 0:1.0.0-20.el6_2.4 OR Centos 6 section The operating system installed on the system is CentOS Linux 6.x AND openssl098e is earlier than 0:0.9.8e-17.el6.centos.2 OR Redhat 6 section The operating system installed on the system is Red Hat Enterprise Linux 6 AND openssl098e is earlier than 0:0.9.8e-17.el6_2.2

Definition Id: oval:org.mitre.oval:def:21388

Oval ID:	oval:org.mitre.oval:def:21388
Title:	RHSA-2012:0699: openssl security and bug fix update (Moderate)
Description:	Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation.
Family:	unix	Class:	patch
Reference(s):	RHSA-2012:0699-01 CESA-2012:0699 CVE-2012-2333	Version:	4
Platform(s):	Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6	Product(s):	openssl
Definition Synopsis:
Operation system section Redhat 5 or Centos 5 release The operating system installed on the system is Red Hat Enterprise Linux 5 AND The operating system installed on the system is CentOS Linux 5.x Packages section openssl-devel is earlier than 0:0.9.8e-22.el5_8.4 AND openssl-perl is earlier than 0:0.9.8e-22.el5_8.4 AND openssl is earlier than 0:0.9.8e-22.el5_8.4 AND Operation system section Redhat 6 or Centos 6 release The operating system installed on the system is Red Hat Enterprise Linux 6 AND The operating system installed on the system is CentOS Linux 6.x Packages section openssl-devel is earlier than 0:1.0.0-20.el6_2.5 AND openssl-static is earlier than 0:1.0.0-20.el6_2.5 AND openssl-perl is earlier than 0:1.0.0-20.el6_2.5 AND openssl is earlier than 0:1.0.0-20.el6_2.5

Definition Id: oval:org.mitre.oval:def:22943

Oval ID:	oval:org.mitre.oval:def:22943
Title:	DEPRECATED: ELSA-2012:0426: openssl security and bug fix update (Moderate)
Description:	The mime_param_cmp function in crypto/asn1/asn_mime.c in OpenSSL before 0.9.8u and 1.x before 1.0.0h allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message, a different vulnerability than CVE-2006-7250.
Family:	unix	Class:	patch
Reference(s):	ELSA-2012:0426-02 CVE-2012-0884 CVE-2012-1165	Version:	14
Platform(s):	Oracle Linux 5 Oracle Linux 6	Product(s):	openssl
Definition Synopsis:
rpm test Oracle Linux 5.x AND rpm test openssl-devel is earlier than 0:0.9.8e-22.el5_8.1 AND openssl-perl is earlier than 0:0.9.8e-22.el5_8.1 AND openssl is earlier than 0:0.9.8e-22.el5_8.1 OR rpm test Oracle Linux 6.x AND rpm test openssl-devel is earlier than 0:1.0.0-20.el6_2.3 AND openssl-static is earlier than 0:1.0.0-20.el6_2.3 AND openssl-perl is earlier than 0:1.0.0-20.el6_2.3 AND openssl is earlier than 0:1.0.0-20.el6_2.3

Definition Id: oval:org.mitre.oval:def:23304

Oval ID:	oval:org.mitre.oval:def:23304
Title:	DEPRECATED: ELSA-2012:0518: openssl security update (Important)
Description:	The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key.
Family:	unix	Class:	patch
Reference(s):	ELSA-2012:0518-02 CVE-2012-2110	Version:	7
Platform(s):	Oracle Linux 6 Oracle Linux 5	Product(s):	openssl openssl097a openssl098e
Definition Synopsis:
rpm test Oracle Linux 5.x AND rpm test openssl-devel is earlier than 0:0.9.8e-22.el5_8.3 AND openssl-perl is earlier than 0:0.9.8e-22.el5_8.3 AND openssl is earlier than 0:0.9.8e-22.el5_8.3 AND openssl097a is earlier than 0:0.9.7a-11.el5_8.2 OR rpm test Oracle Linux 6.x AND rpm test openssl-devel is earlier than 0:1.0.0-20.el6_2.4 AND openssl-static is earlier than 0:1.0.0-20.el6_2.4 AND openssl-perl is earlier than 0:1.0.0-20.el6_2.4 AND openssl is earlier than 0:1.0.0-20.el6_2.4 AND openssl098e is earlier than 0:0.9.8e-17.el6_2.2

Definition Id: oval:org.mitre.oval:def:23379

Oval ID:	oval:org.mitre.oval:def:23379
Title:	DEPRECATED: ELSA-2012:0699: openssl security and bug fix update (Moderate)
Description:	Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation.
Family:	unix	Class:	patch
Reference(s):	ELSA-2012:0699-01 CVE-2012-2333	Version:	7
Platform(s):	Oracle Linux 5 Oracle Linux 6	Product(s):	openssl
Definition Synopsis:
rpm test Oracle Linux 5.x AND rpm test openssl-devel is earlier than 0:0.9.8e-22.el5_8.4 AND openssl-perl is earlier than 0:0.9.8e-22.el5_8.4 AND openssl is earlier than 0:0.9.8e-22.el5_8.4 OR rpm test Oracle Linux 6.x AND rpm test openssl-devel is earlier than 0:1.0.0-20.el6_2.5 AND openssl-static is earlier than 0:1.0.0-20.el6_2.5 AND openssl-perl is earlier than 0:1.0.0-20.el6_2.5 AND openssl is earlier than 0:1.0.0-20.el6_2.5

Definition Id: oval:org.mitre.oval:def:23489

Oval ID:	oval:org.mitre.oval:def:23489
Title:	DEPRECATED: ELSA-2013:0587: openssl security update (Moderate)
Description:	The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Family:	unix	Class:	patch
Reference(s):	ELSA-2013:0587-01 CVE-2012-4929 CVE-2013-0166 CVE-2013-0169	Version:	18
Platform(s):	Oracle Linux 5 Oracle Linux 6	Product(s):	openssl
Definition Synopsis:
rpm test Oracle Linux 6.x AND rpm test openssl-devel is earlier than 0:1.0.0-27.el6_4.2 AND openssl-static is earlier than 0:1.0.0-27.el6_4.2 AND openssl-perl is earlier than 0:1.0.0-27.el6_4.2 AND openssl is earlier than 0:1.0.0-27.el6_4.2 OR rpm test Oracle Linux 5.x AND rpm test openssl-devel is earlier than 0:0.9.8e-26.el5_9.1 AND openssl-perl is earlier than 0:0.9.8e-26.el5_9.1 AND openssl is earlier than 0:0.9.8e-26.el5_9.1

Definition Id: oval:org.mitre.oval:def:23676

Oval ID:	oval:org.mitre.oval:def:23676
Title:	ELSA-2012:0699: openssl security and bug fix update (Moderate)
Description:	Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation.
Family:	unix	Class:	patch
Reference(s):	ELSA-2012:0699-01 CVE-2012-2333	Version:	6
Platform(s):	Oracle Linux 5 Oracle Linux 6	Product(s):	openssl
Definition Synopsis:
rpm test Oracle Linux 5.x AND rpm test openssl-devel is earlier than 0:0.9.8e-22.el5_8.4 AND openssl-perl is earlier than 0:0.9.8e-22.el5_8.4 AND openssl is earlier than 0:0.9.8e-22.el5_8.4 OR rpm test Oracle Linux 6.x AND rpm test openssl-devel is earlier than 0:1.0.0-20.el6_2.5 AND openssl-static is earlier than 0:1.0.0-20.el6_2.5 AND openssl-perl is earlier than 0:1.0.0-20.el6_2.5 AND openssl is earlier than 0:1.0.0-20.el6_2.5

Definition Id: oval:org.mitre.oval:def:23704

Oval ID:	oval:org.mitre.oval:def:23704
Title:	ELSA-2012:0518: openssl security update (Important)
Description:	The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key.
Family:	unix	Class:	patch
Reference(s):	ELSA-2012:0518-02 CVE-2012-2110	Version:	6
Platform(s):	Oracle Linux 6 Oracle Linux 5	Product(s):	openssl openssl097a openssl098e
Definition Synopsis:
rpm test Oracle Linux 5.x AND rpm test openssl-devel is earlier than 0:0.9.8e-22.el5_8.3 AND openssl-perl is earlier than 0:0.9.8e-22.el5_8.3 AND openssl is earlier than 0:0.9.8e-22.el5_8.3 AND openssl097a is earlier than 0:0.9.7a-11.el5_8.2 OR rpm test Oracle Linux 6.x AND rpm test openssl-devel is earlier than 0:1.0.0-20.el6_2.4 AND openssl-static is earlier than 0:1.0.0-20.el6_2.4 AND openssl-perl is earlier than 0:1.0.0-20.el6_2.4 AND openssl is earlier than 0:1.0.0-20.el6_2.4 AND openssl098e is earlier than 0:0.9.8e-17.el6_2.2

Definition Id: oval:org.mitre.oval:def:23729

Oval ID:	oval:org.mitre.oval:def:23729
Title:	ELSA-2012:0426: openssl security and bug fix update (Moderate)
Description:	The mime_param_cmp function in crypto/asn1/asn_mime.c in OpenSSL before 0.9.8u and 1.x before 1.0.0h allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message, a different vulnerability than CVE-2006-7250.
Family:	unix	Class:	patch
Reference(s):	ELSA-2012:0426-02 CVE-2012-0884 CVE-2012-1165	Version:	13
Platform(s):	Oracle Linux 5 Oracle Linux 6	Product(s):	openssl
Definition Synopsis:
rpm test Oracle Linux 5.x AND rpm test openssl-devel is earlier than 0:0.9.8e-22.el5_8.1 AND openssl-perl is earlier than 0:0.9.8e-22.el5_8.1 AND openssl is earlier than 0:0.9.8e-22.el5_8.1 OR rpm test Oracle Linux 6.x AND rpm test openssl-devel is earlier than 0:1.0.0-20.el6_2.3 AND openssl-static is earlier than 0:1.0.0-20.el6_2.3 AND openssl-perl is earlier than 0:1.0.0-20.el6_2.3 AND openssl is earlier than 0:1.0.0-20.el6_2.3

Definition Id: oval:org.mitre.oval:def:23909

Oval ID:	oval:org.mitre.oval:def:23909
Title:	ELSA-2013:0587: openssl security update (Moderate)
Description:	The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Family:	unix	Class:	patch
Reference(s):	ELSA-2013:0587-01 CVE-2012-4929 CVE-2013-0166 CVE-2013-0169	Version:	17
Platform(s):	Oracle Linux 5 Oracle Linux 6	Product(s):	openssl
Definition Synopsis:
rpm test Oracle Linux 6.x AND rpm test openssl-devel is earlier than 0:1.0.0-27.el6_4.2 AND openssl-static is earlier than 0:1.0.0-27.el6_4.2 AND openssl-perl is earlier than 0:1.0.0-27.el6_4.2 AND openssl is earlier than 0:1.0.0-27.el6_4.2 OR rpm test Oracle Linux 5.x AND rpm test openssl-devel is earlier than 0:0.9.8e-26.el5_9.1 AND openssl-perl is earlier than 0:0.9.8e-26.el5_9.1 AND openssl is earlier than 0:0.9.8e-26.el5_9.1

Definition Id: oval:org.mitre.oval:def:24405

Oval ID:	oval:org.mitre.oval:def:24405
Title:	Vulnerability in the TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products
Description:	The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2013-0169	Version:	5
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	Java Runtime Environment
Definition Synopsis:
Determine if the version of Java Runtime Environment is less than 1.4.2:update_42 and is greater than or equal to 1.4.0 Determine if the version of Java Runtime Environment is less than 1.4.2:update_42 AND Java SE Runtime Environment 4 is installed OR Determine if the version of Java Runtime Environment is less than or equal to 1.5.0:update_41 and is greater than or equal to 1.5.0 Determine if the version of Java Runtime Environment is less than 1.5.0:update_40 AND Java SE Runtime Environment 5 is installed OR Determine if the version of Java Runtime Environment is less than or equal to 1.6.0:update_39 and is greater than or equal to 1.6.0 Determine if the version of Java Runtime Environment is less than 1.6.0:update_39 AND Java SE Runtime Environment 6 is installed OR Determine if the version of Java Runtime Environment is less than or equal to 1.7.0:update_13 and is greater than or equal to 1.7.0 Determine if the version of Java Runtime Environment is less than 1.7.0:update_14 AND Java SE Runtime Environment 7 is installed

Definition Id: oval:org.mitre.oval:def:24733

Oval ID:	oval:org.mitre.oval:def:24733
Title:	Vulnerability in OpenSSL 1.0.0d and earlier, makes easier for context-dependent attackers to determine private keys
Description:	The elliptic curve cryptography (ECC) subsystem in OpenSSL 1.0.0d and earlier, when the Elliptic Curve Digital Signature Algorithm (ECDSA) is used for the ECDHE_ECDSA cipher suite, does not properly implement curves over binary fields, which makes it easier for context-dependent attackers to determine private keys via a timing attack and a lattice calculation.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2011-1945	Version:	3
Platform(s):	Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2	Product(s):	OpenSSL
Definition Synopsis:
Check vulnerable OpenSSL Check vulnerable versions of OpenSSL Check if the version of OpenSSL 1.0.0 before 1.0.0e AND Check if the version of OpenSSL 0.9.1c before 0.9.8r AND OpenSSL is installed OR Check vulnerable OpenSSL (32_bit) Check vulnerable versions of OpenSSL (32_bit) Check if the version of OpenSSL 1.0.0 before 1.0.0e (32_bit) AND Check if the version of OpenSSL 0.9.1c before 0.9.8r (32_bit) AND OpenSSL (32_bit) is installed AND Check if the version of ssleay32.dll 1.0.0 before 1.0.0e ProgramFilesDir AND Check if the version of ssleay32.dll 1.0.0 before 1.0.0e ProgramFilesDir x86 AND Check if the version of ssleay32.dll 1.0.0 before 1.0.0e under Sytem32 and SysWOW64 AND Check if the version of ssleay32.dll 0.9.1c before 0.9.8r ProgramFilesDir AND Check if the version of ssleay32.dll 0.9.1c before 0.9.8r ProgramFilesDir x86 AND Check if the version of ssleay32.dll 0.9.1c before 0.9.8r under Sytem32 and SysWOW64

Definition Id: oval:org.mitre.oval:def:24750

Oval ID:	oval:org.mitre.oval:def:24750
Title:	OpenSSL vulnerability in 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a, allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact
Description:	The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2012-2110	Version:	3
Platform(s):	Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2	Product(s):	OpenSSL
Definition Synopsis:
Check vulnerable OpenSSL Check vulnerable versions of OpenSSL Check if the version of OpenSSL 1.0.0 before 1.0.0i AND Check if the version of OpenSSL 1.0.1 before 1.0.1a AND Check if the version of OpenSSL 0.9.1c before 0.9.8v AND OpenSSL is installed OR Check vulnerable OpenSSL (32_bit) Check vulnerable versions of OpenSSL (32_bit) Check if the version of OpenSSL 1.0.0 before 1.0.0i (32_bit) AND Check if the version of OpenSSL 1.0.1 before 1.0.1a (32_bit) AND Check if the version of OpenSSL 0.9.1c before 0.9.8v (32_bit) AND OpenSSL (32_bit) is installed AND Check if the version of ssleay32.dll 1.0.0 before 1.0.0i ProgramFilesDir AND Check if the version of ssleay32.dll 1.0.0 before 1.0.0i ProgramFilesDir x86 AND Check if the version of ssleay32.dll 1.0.0 before 1.0.0i under Sytem32 and SysWOW64 AND Check if the version of ssleay32.dll 1.0.1 before 1.0.1a ProgramFilesDir AND Check if the version of ssleay32.dll 1.0.1 before 1.0.1a ProgramFilesDir x86 AND Check if the version of ssleay32.dll 1.0.1 before 1.0.1a under Sytem32 and SysWOW64 AND Check if the version of ssleay32.dll 0.9.1c before 0.9.8v ProgramFilesDir AND Check if the version of ssleay32.dll 0.9.1c before 0.9.8v ProgramFilesDir x86 AND Check if the version of ssleay32.dll 0.9.1c before 0.9.8v under Sytem32 and SysWOW64

Definition Id: oval:org.mitre.oval:def:24756

Oval ID:	oval:org.mitre.oval:def:24756
Title:	OpenSSL vulnerability before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d, allows remote OCSP servers to cause a denial of service
Description:	OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2013-0166	Version:	3
Platform(s):	Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2	Product(s):	OpenSSL
Definition Synopsis:
Check vulnerable OpenSSL Check vulnerable versions of OpenSSL Check if the version of OpenSSL 1.0.0 before 1.0.0k AND Check if the version of OpenSSL 1.0.1 before 1.0.1d AND Check if the version of OpenSSL 0.9.3 before 0.9.8y AND OpenSSL is installed OR Check vulnerable OpenSSL (32_bit) Check vulnerable versions of OpenSSL (32_bit) Check if the version of OpenSSL 1.0.0 before 1.0.0k (32_bit) AND Check if the version of OpenSSL 1.0.1 before 1.0.1d (32_bit) AND Check if the version of OpenSSL 0.9.3 before 0.9.8y (32_bit) AND OpenSSL (32_bit) is installed AND Check if the version of ssleay32.dll 1.0.0 before 1.0.0k ProgramFilesDir AND Check if the version of ssleay32.dll 1.0.0 before 1.0.0k ProgramFilesDir x86 AND Check if the version of ssleay32.dll 1.0.0 before 1.0.0k under Sytem32 and SysWOW64 AND Check if the version of ssleay32.dll 1.0.1 before 1.0.1d ProgramFilesDir AND Check if the version of ssleay32.dll 1.0.1 before 1.0.1d ProgramFilesDir x86 AND Check if the version of ssleay32.dll 1.0.1 before 1.0.1d under Sytem32 and SysWOW64 AND Check if the version of ssleay32.dll 0.9.3 before 0.9.8y ProgramFilesDir AND Check if the version of ssleay32.dll 0.9.3 before 0.9.8y ProgramFilesDir x86 AND Check if the version of ssleay32.dll 0.9.3 before 0.9.8y under Sytem32 and SysWOW64

Definition Id: oval:org.mitre.oval:def:24768

Oval ID:	oval:org.mitre.oval:def:24768
Title:	OpenSSL vulnerability in before 0.9.8u and 1.x before 1.0.0h, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash)
Description:	The mime_param_cmp function in crypto/asn1/asn_mime.c in OpenSSL before 0.9.8u and 1.x before 1.0.0h allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message, a different vulnerability than CVE-2006-7250.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2012-1165	Version:	4
Platform(s):	Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2	Product(s):	OpenSSL
Definition Synopsis:
Check vulnerable OpenSSL Check vulnerable versions of OpenSSL Check if the version of OpenSSL 1.0.0 before 1.0.0h AND Check if the version of OpenSSL 0.9.1c before 0.9.8u AND OpenSSL is installed OR Check vulnerable OpenSSL (32_bit) Check vulnerable versions of OpenSSL (32_bit) Check if the version of OpenSSL 1.0.0 before 1.0.0h (32_bit) AND Check if the version of OpenSSL 0.9.1c before 0.9.8u (32_bit) AND OpenSSL (32_bit) is installed AND Check if the version of ssleay32.dll 1.0.0 before 1.0.0h ProgramFilesDir AND Check if the version of ssleay32.dll 1.0.0 before 1.0.0h ProgramFilesDir x86 AND Check if the version of ssleay32.dll 1.0.0 before 1.0.0h under Sytem32 and SysWOW64 AND Check if the version of ssleay32.dll 0.9.1c before 0.9.8u ProgramFilesDir AND Check if the version of ssleay32.dll 0.9.1c before 0.9.8u ProgramFilesDir x86 AND Check if the version of ssleay32.dll 0.9.1c before 0.9.8u under Sytem32 and SysWOW64

Definition Id: oval:org.mitre.oval:def:24870

Oval ID:	oval:org.mitre.oval:def:24870
Title:	OpenSSL vulnerability in 1.0.1 before 1.0.1d, allows remote attackers to cause a denial of service (application crash)
Description:	Crypto/evp/e_aes_cbc_hmac_sha1.c in the AES-NI functionality in the TLS 1.1 and 1.2 implementations in OpenSSL 1.0.1 before 1.0.1d allows remote attackers to cause a denial of service (application crash) via crafted CBC data.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2012-2686	Version:	3
Platform(s):	Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2	Product(s):	OpenSSL
Definition Synopsis:
Check vulnerable OpenSSL Check if the version of OpenSSL 1.0.1 before 1.0.1d AND OpenSSL is installed OR Check vulnerable OpenSSL (32_bit) Check if the version of OpenSSL 1.0.1 before 1.0.1d (32_bit) AND OpenSSL (32_bit) is installed AND Check if the version of ssleay32.dll 1.0.1 before 1.0.1d ProgramFilesDir AND Check if the version of ssleay32.dll 1.0.1 before 1.0.1d ProgramFilesDir x86 AND Check if the version of ssleay32.dll 1.0.1 before 1.0.1d under Sytem32 and SysWOW64

Definition Id: oval:org.mitre.oval:def:24897

Oval ID:	oval:org.mitre.oval:def:24897
Title:	OpenSSL vulnerability in before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact
Description:	Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2012-2333	Version:	3
Platform(s):	Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2	Product(s):	OpenSSL
Definition Synopsis:
Check vulnerable OpenSSL Check vulnerable versions of OpenSSL Check if the version of OpenSSL 1.0.0 before 1.0.0j AND Check if the version of OpenSSL 1.0.1 before 1.0.1c AND Check if the version of OpenSSL before 0.9.8x AND OpenSSL is installed OR Check vulnerable OpenSSL (32_bit) Check vulnerable versions of OpenSSL (32_bit) Check if the version of OpenSSL 1.0.0 before 1.0.0j (32_bit) AND Check if the version of OpenSSL 1.0.1 before 1.0.1c (32_bit) AND Check if the version of OpenSSL before 0.9.8x (32_bit) AND OpenSSL (32_bit) is installed AND Check if the version of ssleay32.dll 1.0.0 before 1.0.0j ProgramFilesDir AND Check if the version of ssleay32.dll 1.0.0 before 1.0.0j ProgramFilesDir x86 AND Check if the version of ssleay32.dll 1.0.0 before 1.0.0j under Sytem32 and SysWOW64 AND Check if the version of ssleay32.dll 1.0.1 before 1.0.1c ProgramFilesDir AND Check if the version of ssleay32.dll 1.0.1 before 1.0.1c ProgramFilesDir x86 AND Check if the version of ssleay32.dll 1.0.1 before 1.0.1c under Sytem32 and SysWOW64 AND Check if the version of ssleay32.dll before 0.9.8x AND Check if the version of ssleay32.dll before 0.9.8x (32_bit) AND Check if the version of ssleay32.dll before 0.9.8x under System Root

Definition Id: oval:org.mitre.oval:def:24938

Oval ID:	oval:org.mitre.oval:def:24938
Title:	OpenSSL vulnerability before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d, allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks
Description:	The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2013-0169	Version:	4
Platform(s):	Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2	Product(s):	OpenSSL
Definition Synopsis:
Check vulnerable OpenSSL Check vulnerable versions of OpenSSL Check if the version of OpenSSL 1.0.0 before 1.0.0k AND Check if the version of OpenSSL 1.0.1 before 1.0.1d AND Check if the version of OpenSSL 0.9.8 before 0.9.8y AND OpenSSL is installed OR Check vulnerable OpenSSL (32_bit) Check vulnerable versions of OpenSSL (32_bit) Check if the version of OpenSSL 1.0.0 before 1.0.0k (32_bit) AND Check if the version of OpenSSL 1.0.1 before 1.0.1d (32_bit) AND Check if the version of OpenSSL 0.9.8 before 0.9.8y (32_bit) AND OpenSSL (32_bit) is installed AND Check if the version of ssleay32.dll 1.0.0 before 1.0.0k ProgramFilesDir AND Check if the version of ssleay32.dll 1.0.0 before 1.0.0k ProgramFilesDir x86 AND Check if the version of ssleay32.dll 1.0.0 before 1.0.0k under Sytem32 and SysWOW64 AND Check if the version of ssleay32.dll 1.0.1 before 1.0.1d ProgramFilesDir AND Check if the version of ssleay32.dll 1.0.1 before 1.0.1d ProgramFilesDir x86 AND Check if the version of ssleay32.dll 1.0.1 before 1.0.1d under Sytem32 and SysWOW64 AND Check if the version of ssleay32.dll 0.9.8 before 0.9.8y ProgramFilesDir AND Check if the version of ssleay32.dll 0.9.8 before 0.9.8y ProgramFilesDir x86 AND Check if the version of ssleay32.dll 0.9.8 before 0.9.8y under Sytem32 and SysWOW64

Definition Id: oval:org.mitre.oval:def:25052

Oval ID:	oval:org.mitre.oval:def:25052
Title:	OpenSSL vulnerability in before 0.9.8u and 1.x before 1.0.0h makes it easier for context-dependent attackers to decrypt data
Description:	The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack (MMA) adaptive chosen ciphertext attack.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2012-0884	Version:	3
Platform(s):	Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2	Product(s):	OpenSSL
Definition Synopsis:
Check vulnerable OpenSSL Check vulnerable versions of OpenSSL Check if the version of OpenSSL 1.0.0 before 1.0.0h AND Check if the version of OpenSSL 0.9.1c before 0.9.8u AND OpenSSL is installed OR Check vulnerable OpenSSL (32_bit) Check vulnerable versions of OpenSSL (32_bit) Check if the version of OpenSSL 1.0.0 before 1.0.0h (32_bit) AND Check if the version of OpenSSL 0.9.1c before 0.9.8u (32_bit) AND OpenSSL (32_bit) is installed AND Check if the version of ssleay32.dll 1.0.0 before 1.0.0h ProgramFilesDir AND Check if the version of ssleay32.dll 1.0.0 before 1.0.0h ProgramFilesDir x86 AND Check if the version of ssleay32.dll 1.0.0 before 1.0.0h under Sytem32 and SysWOW64 AND Check if the version of ssleay32.dll 0.9.1c before 0.9.8u ProgramFilesDir AND Check if the version of ssleay32.dll 0.9.1c before 0.9.8u ProgramFilesDir x86 AND Check if the version of ssleay32.dll 0.9.1c before 0.9.8u under Sytem32 and SysWOW64

Definition Id: oval:org.mitre.oval:def:25236

Oval ID:	oval:org.mitre.oval:def:25236
Title:	SUSE-SU-2013:0701-2 -- Security update for java-1_6_0-ibm
Description:	IBM Java 6 was updated to SR13 FP1, fixing bugs and security issues.
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2013:0701-2 CVE-2013-0485 CVE-2013-0809 CVE-2013-1493 CVE-2013-0169	Version:	3
Platform(s):	SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server 10 SUSE Linux Enterprise Desktop 10	Product(s):	java-1_6_0-ibm
Definition Synopsis:
SUSE Linux Enterprise Server 11 release section SUSE Linux Enterprise Server 11.x is installed Packages match section java-1_6_0-ibm RPM is earlier than 0:1.6.0_sr13.1-0.9.1 AND java-1_6_0-ibm-fonts RPM is earlier than 0:1.6.0_sr13.1-0.9.1 AND java-1_6_0-ibm-jdbc RPM is earlier than 0:1.6.0_sr13.1-0.9.1 AND java-1_6_0-ibm-plugin RPM is earlier than 0:1.6.0_sr13.1-0.9.1 AND java-1_6_0-ibm-alsa RPM is earlier than 0:1.6.0_sr13.1-0.9.1 AND SUSE Linux Enterprise Server 10 and SUSE Linux Enterprise Desktop 10 release section Operation system section SUSE Linux Enterprise Server 10 is installed AND SUSE Linux Enterprise Desktop 10 is installed Packages match section java-1_5_0-ibm RPM is earlier than 0:1.5.0_sr16.1-0.5.1 AND java-1_5_0-ibm-devel RPM is earlier than 0:1.5.0_sr16.1-0.5.1 AND java-1_5_0-ibm-fonts RPM is earlier than 0:1.5.0_sr16.1-0.5.1 AND java-1_5_0-ibm-32bit RPM is earlier than 0:1.5.0_sr16.1-0.5.1 AND java-1_5_0-ibm-devel-32bit RPM is earlier than 0:1.5.0_sr16.1-0.5.1 AND java-1_5_0-ibm-jdbc RPM is earlier than 0:1.5.0_sr16.1-0.5.1 AND java-1_5_0-ibm-plugin RPM is earlier than 0:1.5.0_sr16.1-0.5.1 AND java-1_5_0-ibm-alsa-32bit RPM is earlier than 0:1.5.0_sr16.1-0.5.1 AND java-1_5_0-ibm-alsa RPM is earlier than 0:1.5.0_sr16.1-0.5.1 AND SUSE Linux Enterprise Server 10 release section SUSE Linux Enterprise Server 10 is installed Packages match section java-1_6_0-ibm RPM is earlier than 0:1.6.0_sr13.1-0.14.1 AND java-1_6_0-ibm-devel RPM is earlier than 0:1.6.0_sr13.1-0.14.1 AND java-1_6_0-ibm-fonts RPM is earlier than 0:1.6.0_sr13.1-0.14.1 AND java-1_6_0-ibm-jdbc RPM is earlier than 0:1.6.0_sr13.1-0.14.1 AND java-1_6_0-ibm-plugin RPM is earlier than 0:1.6.0_sr13.1-0.14.1 AND java-1_6_0-ibm-32bit RPM is earlier than 0:1.6.0_sr13.1-0.14.1 AND java-1_6_0-ibm-devel-32bit RPM is earlier than 0:1.6.0_sr13.1-0.14.1 AND java-1_6_0-ibm-alsa-32bit RPM is earlier than 0:1.6.0_sr13.1-0.14.1 AND java-1_6_0-ibm-plugin-32bit RPM is earlier than 0:1.6.0_sr13.1-0.14.1 AND java-1_6_0-ibm-alsa RPM is earlier than 0:1.6.0_sr13.1-0.14.1 AND SUSE Linux Enterprise Desktop 10 release section SUSE Linux Enterprise Desktop 10 is installed Packages match section java-1_5_0-ibm-demo RPM is earlier than 0:1.5.0_sr16.1-0.5.1 AND java-1_5_0-ibm-src RPM is earlier than 0:1.5.0_sr16.1-0.5.1

Definition Id: oval:org.mitre.oval:def:25357

Oval ID:	oval:org.mitre.oval:def:25357
Title:	SUSE-SU-2013:0549-3 -- Security update for OpenSSL
Description:	OpenSSL has been updated to fix several security issues: * CVE-2012-4929: Avoid the openssl CRIME attack by disabling SSL compression by default. Setting the environment variable "OPENSSL_NO_DEFAULT_ZLIB" to "no" enables compression again. * CVE-2013-0169: Timing attacks against TLS could be used by physically local attackers to gain access to transmitted plain text or private keymaterial. This issue is also known as the "Lucky-13" issue. * CVE-2013-0166: A OCSP invalid key denial of service issue was fixed.
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2013:0549-3 CVE-2012-4929 CVE-2013-0169 CVE-2013-0166	Version:	3
Platform(s):	SUSE Linux Enterprise Server 11	Product(s):	OpenSSL
Definition Synopsis:
SUSE Linux Enterprise Server 11.x is installed Packages match section libopenssl0_9_8 RPM is earlier than 0:0.9.8j-0.50.1 AND libopenssl0_9_8-hmac RPM is earlier than 0:0.9.8j-0.50.1 AND openssl RPM is earlier than 0:0.9.8j-0.50.1 AND openssl-doc RPM is earlier than 0:0.9.8j-0.50.1 AND libopenssl0_9_8-32bit RPM is earlier than 0:0.9.8j-0.50.1 AND libopenssl0_9_8-hmac-32bit RPM is earlier than 0:0.9.8j-0.50.1

Definition Id: oval:org.mitre.oval:def:25811

Oval ID:	oval:org.mitre.oval:def:25811
Title:	SUSE-SU-2013:0701-1 -- Security update for java-1_7_0-ibm
Description:	IBM Java 7 was updated to SR4-FP1, fixing bugs and security issues.
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2013:0701-1 CVE-2013-0485 CVE-2013-0809 CVE-2013-1493 CVE-2013-0169	Version:	3
Platform(s):	SUSE Linux Enterprise Server 11	Product(s):	java-1_7_0-ibm
Definition Synopsis:
SUSE Linux Enterprise Server 11.x is installed Packages match section java-1_7_0-ibm RPM is earlier than 0:1.7.0_sr4.1-0.5.1 AND java-1_7_0-ibm-jdbc RPM is earlier than 0:1.7.0_sr4.1-0.5.1 AND java-1_7_0-ibm-plugin RPM is earlier than 0:1.7.0_sr4.1-0.5.1 AND java-1_7_0-ibm-alsa RPM is earlier than 0:1.7.0_sr4.1-0.5.1

Definition Id: oval:org.mitre.oval:def:25849

Oval ID:	oval:org.mitre.oval:def:25849
Title:	SUSE-SU-2013:0549-2 -- Security update for OpenSSL
Description:	OpenSSL has been updated to fix several security issues: * CVE-2012-4929: Avoid the openssl CRIME attack by disabling SSL compression by default. Setting the environment variable "OPENSSL_NO_DEFAULT_ZLIB" to "no" enables compression again. * CVE-2013-0169: Timing attacks against TLS could be used by physically local attackers to gain access to transmitted plain text or private keymaterial. This issue is also known as the "Lucky-13" issue. * CVE-2013-0166: A OCSP invalid key denial of service issue was fixed.
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2013:0549-2 CVE-2012-4929 CVE-2013-0169 CVE-2013-0166	Version:	3
Platform(s):	SUSE Linux Enterprise Server 10	Product(s):	OpenSSL
Definition Synopsis:
SUSE Linux Enterprise Server 10 is installed Packages match section openssl RPM is earlier than 0:0.9.8a-18.45.69.1 AND openssl-devel RPM is earlier than 0:0.9.8a-18.45.69.1 AND openssl-doc RPM is earlier than 0:0.9.8a-18.45.69.1 AND openssl-32bit RPM is earlier than 0:0.9.8a-18.45.69.1 AND openssl-devel-32bit RPM is earlier than 0:0.9.8a-18.45.69.1

Definition Id: oval:org.mitre.oval:def:25900

Oval ID:	oval:org.mitre.oval:def:25900
Title:	SUSE-SU-2013:0554-1 -- Security update for OpenSSL
Description:	OpenSSL has been updated to fix several security issues: * CVE-2012-4929: Avoid the openssl CRIME attack by disabling SSL compression by default. Setting the environment variable "OPENSSL_NO_DEFAULT_ZLIB" to "no" enables compression again. Please note that openssl on SUSE Linux Enterprise 10 is not built with compression support. * CVE-2013-0169: Timing attacks against TLS could be used by physically local attackers to gain access to transmitted plain text or private keymaterial. This issue is also known as the "Lucky-13" issue. * CVE-2013-0166: A OCSP invalid key denial of service issue was fixed.
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2013:0554-1 CVE-2012-4929 CVE-2013-0169 CVE-2013-0166	Version:	3
Platform(s):	SUSE Linux Enterprise Server 10 SUSE Linux Enterprise Desktop 10	Product(s):	OpenSSL
Definition Synopsis:
SUSE Linux Enterprise Server 10 and SUSE Linux Enterprise Desktop 10 release section Operation system section SUSE Linux Enterprise Server 10 is installed AND SUSE Linux Enterprise Desktop 10 is installed Packages match section openssl RPM is earlier than 0:0.9.8a-18.76.1 AND openssl-devel RPM is earlier than 0:0.9.8a-18.76.1 AND openssl-32bit RPM is earlier than 0:0.9.8a-18.76.1 AND openssl-devel-32bit RPM is earlier than 0:0.9.8a-18.76.1 AND SUSE Linux Enterprise Server 10 release section SUSE Linux Enterprise Server 10 is installed AND openssl-doc RPM is earlier than 0:0.9.8a-18.76.1

Definition Id: oval:org.mitre.oval:def:26011

Oval ID:	oval:org.mitre.oval:def:26011
Title:	SUSE-SU-2013:0549-1 -- Security update for OpenSSL
Description:	OpenSSL has been updated to fix several security issues: * CVE-2012-4929: Avoid the openssl CRIME attack by disabling SSL compression by default. Setting the environment variable "OPENSSL_NO_DEFAULT_ZLIB" to "no" enables compression again. * CVE-2013-0169: Timing attacks against TLS could be used by physically local attackers to gain access to transmitted plain text or private keymaterial. This issue is also known as the "Lucky-13" issue. * CVE-2013-0166: A OCSP invalid key denial of service issue was fixed.
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2013:0549-1 CVE-2012-4929 CVE-2013-0169 CVE-2013-0166	Version:	3
Platform(s):	SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11	Product(s):	OpenSSL
Definition Synopsis:
SUSE Linux Enterprise Server 11 and SUSE Linux Enterprise Desktop 11 release section Operation system section SUSE Linux Enterprise Server 11.x is installed AND SUSE Linux Enterprise Desktop 11.x is installed Packages match section libopenssl0_9_8 RPM is earlier than 0:0.9.8j-0.50.1 AND openssl RPM is earlier than 0:0.9.8j-0.50.1 AND libopenssl0_9_8-32bit RPM is earlier than 0:0.9.8j-0.50.1 AND SUSE Linux Enterprise Server 11 release section SUSE Linux Enterprise Server 11.x is installed Packages match section libopenssl0_9_8-hmac RPM is earlier than 0:0.9.8j-0.50.1 AND openssl-doc RPM is earlier than 0:0.9.8j-0.50.1 AND libopenssl0_9_8-hmac-32bit RPM is earlier than 0:0.9.8j-0.50.1

Definition Id: oval:org.mitre.oval:def:26214

Oval ID:	oval:org.mitre.oval:def:26214
Title:	SUSE-SU-2013:0328-1 -- Security update for Java
Description:	java-1_6_0-openjdk has been updated to IcedTea 1.12.3 (bnc#804654) which contains security and bugfixes: * Security fixes o S8006446: Restrict MBeanServer access (CVE-2013-1486) o S8006777: Improve TLS handling of invalid messages Lucky 13 (CVE-2013-0169) o S8007688: Blacklist known bad certificate (issued by DigiCert) * Backports o S8007393: Possible race condition after JDK-6664509 o S8007611: logging behavior in applet changed * Bug fixes o PR1319: Support GIF lib v5.
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2013:0328-1 CVE-2013-1486 CVE-2013-0169	Version:	3
Platform(s):	SUSE Linux Enterprise Desktop 11	Product(s):	Java
Definition Synopsis:
SUSE Linux Enterprise Desktop 11.x is installed Packages match section java-1_6_0-openjdk RPM is earlier than 0:1.6.0.0_b27.1.12.3-0.2.1 AND java-1_6_0-openjdk-demo RPM is earlier than 0:1.6.0.0_b27.1.12.3-0.2.1 AND java-1_6_0-openjdk-devel RPM is earlier than 0:1.6.0.0_b27.1.12.3-0.2.1

Definition Id: oval:org.mitre.oval:def:27551

Oval ID:	oval:org.mitre.oval:def:27551
Title:	DEPRECATED: ELSA-2013-0275 -- java-1.7.0-openjdk security update (important)
Description:	[1.7.0.9-2.3.7.1.0.2.el6_3] - Increase release number and rebuild. [1.7.0.9-2.3.7.1.0.1.el6_3] - Update DISTRO_NAME in specfile [1.7.0.9-2.3.7.1.el6_3] - Updated main source tarball - Resolves: rhbz#911529 [1.7.0.9-2.3.7.0.el6_3] - Removed patch1000 sec-2013-02-01-8005615.patch - Removed patch1001 sec-2013-02-01-8005615-sync_with_jdk7u.patch - Removed patch1010 sec-2013-02-01-7201064.patch - Removed testing - mauve was outdated and - jtreg was icedtea relict - Updated to icedtea 2.3.7 - Added java -Xshare:dump to post (see 513605) fo jitarchs - Resolves: rhbz#911529
Family:	unix	Class:	patch
Reference(s):	ELSA-2013-0275 CVE-2013-1485 CVE-2013-1484 CVE-2013-1486 CVE-2013-0169	Version:	4
Platform(s):	Oracle Linux 5 Oracle Linux 6	Product(s):	java-1.7.0-openjdk
Definition Synopsis:
Oracle Linux 5 release section Oracle Linux 5.x Packages match section java-1.7.0-openjdk is earlier than 0:1.7.0.9-2.3.7.1.0.1.el5_9 AND java-1.7.0-openjdk-demo is earlier than 0:1.7.0.9-2.3.7.1.0.1.el5_9 AND java-1.7.0-openjdk-devel is earlier than 0:1.7.0.9-2.3.7.1.0.1.el5_9 AND java-1.7.0-openjdk-javadoc is earlier than 0:1.7.0.9-2.3.7.1.0.1.el5_9 AND java-1.7.0-openjdk-src is earlier than 0:1.7.0.9-2.3.7.1.0.1.el5_9 AND Oracle Linux 6 release section Oracle Linux 6.x Packages match section java-1.7.0-openjdk is earlier than 0:1.7.0.9-2.3.7.1.0.2.el6_3 AND java-1.7.0-openjdk-demo is earlier than 0:1.7.0.9-2.3.7.1.0.2.el6_3 AND java-1.7.0-openjdk-devel is earlier than 0:1.7.0.9-2.3.7.1.0.2.el6_3 AND java-1.7.0-openjdk-javadoc is earlier than 0:1.7.0.9-2.3.7.1.0.2.el6_3 AND java-1.7.0-openjdk-src is earlier than 0:1.7.0.9-2.3.7.1.0.2.el6_3

Definition Id: oval:org.mitre.oval:def:27605

Oval ID:	oval:org.mitre.oval:def:27605
Title:	DEPRECATED: ELSA-2013-0587 -- openssl security update (moderate)
Description:	[1.0.0-27.2] - fix for CVE-2013-0169 - SSL/TLS CBC timing attack (#907589) - fix for CVE-2013-0166 - DoS in OCSP signatures checking (#908052) - enable compression only if explicitly asked for or OPENSSL_DEFAULT_ZLIB environment variable is set (fixes CVE-2012-4929 #857051) - use __secure_getenv() everywhere instead of getenv() (#839735)
Family:	unix	Class:	patch
Reference(s):	ELSA-2013-0587 CVE-2013-0166 CVE-2012-4929 CVE-2013-0169	Version:	4
Platform(s):	Oracle Linux 5 Oracle Linux 6	Product(s):	openssl
Definition Synopsis:
Oracle Linux 5 release section Oracle Linux 5.x Packages match section openssl is earlier than 0:0.9.8e-26.el5_9.1 AND openssl-devel is earlier than 0:0.9.8e-26.el5_9.1 AND openssl-perl is earlier than 0:0.9.8e-26.el5_9.1 AND Oracle Linux 6 release section Oracle Linux 6.x Packages match section openssl is earlier than 0:1.0.0-27.el6_4.2 AND openssl-devel is earlier than 0:1.0.0-27.el6_4.2 AND openssl-perl is earlier than 0:1.0.0-27.el6_4.2 AND openssl-static is earlier than 0:1.0.0-27.el6_4.2

Definition Id: oval:org.mitre.oval:def:27609

Oval ID:	oval:org.mitre.oval:def:27609
Title:	DEPRECATED: ELSA-2012-0699 -- openssl security and bug fix update (moderate)
Description:	[1.0.0-20.5] - fix for CVE-2012-2333 - improper checking for record length in DTLS (#820686) - properly initialize tkeylen in the CVE-2012-0884 fix
Family:	unix	Class:	patch
Reference(s):	ELSA-2012-0699 CVE-2012-2333	Version:	4
Platform(s):	Oracle Linux 5 Oracle Linux 6	Product(s):	openssl
Definition Synopsis:
Oracle Linux 5 release section Oracle Linux 5.x Packages match section openssl is earlier than 0:0.9.8e-22.el5_8.4 AND openssl-devel is earlier than 0:0.9.8e-22.el5_8.4 AND openssl-perl is earlier than 0:0.9.8e-22.el5_8.4 AND Oracle Linux 6 release section Oracle Linux 6.x Packages match section openssl is earlier than 0:1.0.0-20.el6_2.5 AND openssl-devel is earlier than 0:1.0.0-20.el6_2.5 AND openssl-perl is earlier than 0:1.0.0-20.el6_2.5 AND openssl-static is earlier than 0:1.0.0-20.el6_2.5

Definition Id: oval:org.mitre.oval:def:27745

Oval ID:	oval:org.mitre.oval:def:27745
Title:	DEPRECATED: ELSA-2012-0426 -- openssl security and bug fix update (moderate)
Description:	[1.0.0-20.3] - fix problem with the SGC restart patch that might terminate handshake incorrectly - fix for CVE-2012-0884 - MMA weakness in CMS and PKCS#7 code (#802725) - fix for CVE-2012-1165 - NULL read dereference on bad MIME headers (#802489)
Family:	unix	Class:	patch
Reference(s):	ELSA-2012-0426 CVE-2012-0884 CVE-2012-1165	Version:	4
Platform(s):	Oracle Linux 5 Oracle Linux 6	Product(s):	openssl
Definition Synopsis:
Oracle Linux 5 release section Oracle Linux 5.x Packages match section openssl is earlier than 0:0.9.8e-22.el5_8.1 AND openssl-devel is earlier than 0:0.9.8e-22.el5_8.1 AND openssl-perl is earlier than 0:0.9.8e-22.el5_8.1 AND Oracle Linux 6 release section Oracle Linux 6.x Packages match section openssl is earlier than 0:1.0.0-20.el6_2.3 AND openssl-devel is earlier than 0:1.0.0-20.el6_2.3 AND openssl-perl is earlier than 0:1.0.0-20.el6_2.3 AND openssl-static is earlier than 0:1.0.0-20.el6_2.3

Definition Id: oval:org.mitre.oval:def:27811

Oval ID:	oval:org.mitre.oval:def:27811
Title:	DEPRECATED: ELSA-2012-0518 -- openssl security update (important)
Description:	openssl: [1.0.0-20.4] - fix for CVE-2012-2110 - memory corruption in asn1_d2i_read_bio() (#814185) openssl098e: [0.9.8e-17.el6_2.2] - Updated the description [0.9.8e-17.2] - fix for CVE-2012-2110 - memory corruption in asn1_d2i_read_bio() (#814185)
Family:	unix	Class:	patch
Reference(s):	ELSA-2012-0518 CVE-2012-2110	Version:	4
Platform(s):	Oracle Linux 5 Oracle Linux 6	Product(s):	openssl openssl097a openssl098e
Definition Synopsis:
Oracle Linux 5 release section Oracle Linux 5.x Packages match section openssl is earlier than 0:0.9.8e-22.el5_8.3 AND openssl097a is earlier than 0:0.9.7a-11.el5_8.2 AND openssl-devel is earlier than 0:0.9.8e-22.el5_8.3 AND openssl-perl is earlier than 0:0.9.8e-22.el5_8.3 AND Oracle Linux 6 release section Oracle Linux 6.x Packages match section openssl is earlier than 0:1.0.0-20.el6_2.4 AND openssl098e is earlier than 0:0.9.8e-17.0.1.el6_2.2 AND openssl-devel is earlier than 0:1.0.0-20.el6_2.4 AND openssl-perl is earlier than 0:1.0.0-20.el6_2.4 AND openssl-static is earlier than 0:1.0.0-20.el6_2.4

CPE : Common Platform Enumeration

Type	Description	Count
Application	Openssl cpe:2.3:a:openssl:openssl:1.0.1u:::::::* cpe:2.3:a:openssl:openssl:1.0.1t:::::::* cpe:2.3:a:openssl:openssl:1.0.1s:::::::* cpe:2.3:a:openssl:openssl:1.0.1r:::::::* cpe:2.3:a:openssl:openssl:1.0.1q:::::::* cpe:2.3:a:openssl:openssl:1.0.1o:::::::* cpe:2.3:a:openssl:openssl:1.0.1n:::::::* cpe:2.3:a:openssl:openssl:1.0.1m:::::::* cpe:2.3:a:openssl:openssl:1.0.1l:::::::* cpe:2.3:a:openssl:openssl:1.0.1k:::::::* cpe:2.3:a:openssl:openssl:1.0.1j:::::::* cpe:2.3:a:openssl:openssl:1.0.1i:::::::* cpe:2.3:a:openssl:openssl:1.0.1h:::::::* cpe:2.3:a:openssl:openssl:1.0.1g:::::::* cpe:2.3:a:openssl:openssl:1.0.1f:::::::* cpe:2.3:a:openssl:openssl:1.0.1e:::::::* cpe:2.3:a:openssl:openssl:1.0.1d:::::::* cpe:2.3:a:openssl:openssl:1.0.1c:::::::* cpe:2.3:a:openssl:openssl:1.0.1b:::::::* cpe:2.3:a:openssl:openssl:1.0.1a:::::::* cpe:2.3:a:openssl:openssl:1.0.1:-:::::: cpe:2.3:a:openssl:openssl:1.0.1:beta1:::::: cpe:2.3:a:openssl:openssl:1.0.1:beta3:::::: cpe:2.3:a:openssl:openssl:1.0.1:beta2:::::: cpe:2.3:a:openssl:openssl:1.0.0s:::::::* cpe:2.3:a:openssl:openssl:1.0.0r:::::::* cpe:2.3:a:openssl:openssl:1.0.0q:::::::* cpe:2.3:a:openssl:openssl:1.0.0p:::::::* cpe:2.3:a:openssl:openssl:1.0.0o:::::::* cpe:2.3:a:openssl:openssl:1.0.0n:::::::* cpe:2.3:a:openssl:openssl:1.0.0m:::::::* cpe:2.3:a:openssl:openssl:1.0.0l:::::::* cpe:2.3:a:openssl:openssl:1.0.0k:::::::* cpe:2.3:a:openssl:openssl:1.0.0j:::::::* cpe:2.3:a:openssl:openssl:1.0.0i:::::::* cpe:2.3:a:openssl:openssl:1.0.0h:::::::* cpe:2.3:a:openssl:openssl:1.0.0g:::::::* cpe:2.3:a:openssl:openssl:1.0.0f:::::::* cpe:2.3:a:openssl:openssl:1.0.0e:::::::* cpe:2.3:a:openssl:openssl:1.0.0d:::::::* cpe:2.3:a:openssl:openssl:1.0.0c:::::::* cpe:2.3:a:openssl:openssl:1.0.0b:::::::* cpe:2.3:a:openssl:openssl:1.0.0a:::::::* cpe:2.3:a:openssl:openssl:1.0.0:-:::::: cpe:2.3:a:openssl:openssl:1.0.0:beta3:::::: cpe:2.3:a:openssl:openssl:1.0.0:beta2:::::: cpe:2.3:a:openssl:openssl:1.0.0:beta5:::::: cpe:2.3:a:openssl:openssl:1.0.0:beta4:::::: cpe:2.3:a:openssl:openssl:1.0.0:beta1:::::: cpe:2.3:a:openssl:openssl:1.0::openvms::::: cpe:2.3:a:openssl:openssl:0.9.8zg:::::::* cpe:2.3:a:openssl:openssl:0.9.8zf:::::::* cpe:2.3:a:openssl:openssl:0.9.8ze:::::::* cpe:2.3:a:openssl:openssl:0.9.8zc:::::::* cpe:2.3:a:openssl:openssl:0.9.8zb:::::::* cpe:2.3:a:openssl:openssl:0.9.8za:::::::* cpe:2.3:a:openssl:openssl:0.9.8z:::::::* cpe:2.3:a:openssl:openssl:0.9.8y:::::::* cpe:2.3:a:openssl:openssl:0.9.8x:::::::* cpe:2.3:a:openssl:openssl:0.9.8w:::::::* cpe:2.3:a:openssl:openssl:0.9.8v:::::::* cpe:2.3:a:openssl:openssl:0.9.8u:::::::* cpe:2.3:a:openssl:openssl:0.9.8t:::::::* cpe:2.3:a:openssl:openssl:0.9.8s:::::::* cpe:2.3:a:openssl:openssl:0.9.8r:::::::* cpe:2.3:a:openssl:openssl:0.9.8q:::::::* cpe:2.3:a:openssl:openssl:0.9.8p:::::::* cpe:2.3:a:openssl:openssl:0.9.8o:::::::* cpe:2.3:a:openssl:openssl:0.9.8n:::::::* cpe:2.3:a:openssl:openssl:0.9.8m:-:::::: cpe:2.3:a:openssl:openssl:0.9.8m:beta1:::::: cpe:2.3:a:openssl:openssl:0.9.8l:::::::* cpe:2.3:a:openssl:openssl:0.9.8k:::::::* cpe:2.3:a:openssl:openssl:0.9.8j:::::::* cpe:2.3:a:openssl:openssl:0.9.8i:::::::* cpe:2.3:a:openssl:openssl:0.9.8h:::::::* cpe:2.3:a:openssl:openssl:0.9.8g-9:::::::* cpe:2.3:a:openssl:openssl:0.9.8g:::::::* cpe:2.3:a:openssl:openssl:0.9.8g::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.8g::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.8f:::::::* cpe:2.3:a:openssl:openssl:0.9.8f::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.8f::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.8f::::::x86: cpe:2.3:a:openssl:openssl:0.9.8e:::::::* cpe:2.3:a:openssl:openssl:0.9.8e::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.8e::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.8e::::::x86: cpe:2.3:a:openssl:openssl:0.9.8d:::::::* cpe:2.3:a:openssl:openssl:0.9.8d::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.8d::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.8d::::::x86: cpe:2.3:a:openssl:openssl:0.9.8c-1:::::::* cpe:2.3:a:openssl:openssl:0.9.8c:::::::* cpe:2.3:a:openssl:openssl:0.9.8c::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.8c::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.8c::::::x86: cpe:2.3:a:openssl:openssl:0.9.8b:::::::* cpe:2.3:a:openssl:openssl:0.9.8b::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.8b::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.8b::::::x86: cpe:2.3:a:openssl:openssl:0.9.8a:::::::* cpe:2.3:a:openssl:openssl:0.9.8a::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.8a::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.8a::::::x86: cpe:2.3:a:openssl:openssl:0.9.8:-:::::: cpe:2.3:a:openssl:openssl:0.9.8::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.8::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.8:beta1:::::: cpe:2.3:a:openssl:openssl:0.9.8:beta2:::::: cpe:2.3:a:openssl:openssl:0.9.8:beta3:::::: cpe:2.3:a:openssl:openssl:0.9.8:beta4:::::: cpe:2.3:a:openssl:openssl:0.9.8:beta5:::::: cpe:2.3:a:openssl:openssl:0.9.8:beta6:::::: cpe:2.3:a:openssl:openssl:0.9.8::::::x86: cpe:2.3:a:openssl:openssl:0.9.7m:::::::* cpe:2.3:a:openssl:openssl:0.9.7m::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7m::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7m::::::x86: cpe:2.3:a:openssl:openssl:0.9.7l:::::::* cpe:2.3:a:openssl:openssl:0.9.7l::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7l::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7l::::::x86: cpe:2.3:a:openssl:openssl:0.9.7k:::::::* cpe:2.3:a:openssl:openssl:0.9.7k::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7k::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7k::::::x86: cpe:2.3:a:openssl:openssl:0.9.7j:::::::* cpe:2.3:a:openssl:openssl:0.9.7j::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7j::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7j::::::x86: cpe:2.3:a:openssl:openssl:0.9.7i:::::::* cpe:2.3:a:openssl:openssl:0.9.7i::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7i::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7i::::::x86: cpe:2.3:a:openssl:openssl:0.9.7h:::::::* cpe:2.3:a:openssl:openssl:0.9.7h::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7h::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7h::::::x86: cpe:2.3:a:openssl:openssl:0.9.7g:::::::* cpe:2.3:a:openssl:openssl:0.9.7g::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7g::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7g::::::x86: cpe:2.3:a:openssl:openssl:0.9.7f:::::::* cpe:2.3:a:openssl:openssl:0.9.7f::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7f::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7f::::::x86: cpe:2.3:a:openssl:openssl:0.9.7e:::::::* cpe:2.3:a:openssl:openssl:0.9.7e::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7e::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7e::::::x86: cpe:2.3:a:openssl:openssl:0.9.7d:::::::* cpe:2.3:a:openssl:openssl:0.9.7d::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7d::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7d::::::x86: cpe:2.3:a:openssl:openssl:0.9.7c:::::::* cpe:2.3:a:openssl:openssl:0.9.7c::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7c::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7c::::::x86: cpe:2.3:a:openssl:openssl:0.9.7b:::::::* cpe:2.3:a:openssl:openssl:0.9.7b::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7b::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7b::::::x86: cpe:2.3:a:openssl:openssl:0.9.7a:::::::* cpe:2.3:a:openssl:openssl:0.9.7a::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7a::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7a::::::x86: cpe:2.3:a:openssl:openssl:0.9.7:beta3:::::: cpe:2.3:a:openssl:openssl:0.9.7:beta1:::::: cpe:2.3:a:openssl:openssl:0.9.7:-:::::: cpe:2.3:a:openssl:openssl:0.9.7:beta5:::::: cpe:2.3:a:openssl:openssl:0.9.7:beta6:::::: cpe:2.3:a:openssl:openssl:0.9.7:beta4:::::: cpe:2.3:a:openssl:openssl:0.9.7:beta2:::::: cpe:2.3:a:openssl:openssl:0.9.7:beta2:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.7:beta4:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.7:beta1:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.7:beta5:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.7:beta3:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.7::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7:beta6:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.7:beta5:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.7:beta4:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.7:beta6:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.7:beta1:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.7:beta3:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.7:beta2:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.7::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7::::::x86: cpe:2.3:a:openssl:openssl:0.9.7:beta1:::::x86:* cpe:2.3:a:openssl:openssl:0.9.7:beta2:::::x86:* cpe:2.3:a:openssl:openssl:0.9.7:beta3:::::x86:* cpe:2.3:a:openssl:openssl:0.9.7:beta4:::::x86:* cpe:2.3:a:openssl:openssl:0.9.7:beta5:::::x86:* cpe:2.3:a:openssl:openssl:0.9.7:beta6:::::x86:* cpe:2.3:a:openssl:openssl:0.9.6m:::::::* cpe:2.3:a:openssl:openssl:0.9.6m::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6m::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6m::::::x86: cpe:2.3:a:openssl:openssl:0.9.6l:::::::* cpe:2.3:a:openssl:openssl:0.9.6l::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6l::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6l::::::x86: cpe:2.3:a:openssl:openssl:0.9.6k:::::::* cpe:2.3:a:openssl:openssl:0.9.6k::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6k::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6k::::::x86: cpe:2.3:a:openssl:openssl:0.9.6j:::::::* cpe:2.3:a:openssl:openssl:0.9.6j::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6j::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6j::::::x86: cpe:2.3:a:openssl:openssl:0.9.6i:::::::* cpe:2.3:a:openssl:openssl:0.9.6i::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6i::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6i::::::x86: cpe:2.3:a:openssl:openssl:0.9.6h:::::::* cpe:2.3:a:openssl:openssl:0.9.6h:bogus:::::: cpe:2.3:a:openssl:openssl:0.9.6h::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6h::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6h::::::x86: cpe:2.3:a:openssl:openssl:0.9.6g:::::::* cpe:2.3:a:openssl:openssl:0.9.6g::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6g::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6g::::::x86: cpe:2.3:a:openssl:openssl:0.9.6f:::::::* cpe:2.3:a:openssl:openssl:0.9.6f::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6f::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6f::::::x86: cpe:2.3:a:openssl:openssl:0.9.6e:::::::* cpe:2.3:a:openssl:openssl:0.9.6e::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6e::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6e::::::x86: cpe:2.3:a:openssl:openssl:0.9.6d:-:::::: cpe:2.3:a:openssl:openssl:0.9.6d::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6d::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6d::::::x86: cpe:2.3:a:openssl:openssl:0.9.6c:::::::* cpe:2.3:a:openssl:openssl:0.9.6c::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6c::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6c::::::x86: cpe:2.3:a:openssl:openssl:0.9.6b:::::::* cpe:2.3:a:openssl:openssl:0.9.6b::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6b::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6b::::::x86: cpe:2.3:a:openssl:openssl:0.9.6a:-:::::: cpe:2.3:a:openssl:openssl:0.9.6a:beta2:::::: cpe:2.3:a:openssl:openssl:0.9.6a:beta1:::::: cpe:2.3:a:openssl:openssl:0.9.6a:beta3:::::: cpe:2.3:a:openssl:openssl:0.9.6a:beta2:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.6a::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6a:beta3:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.6a:beta1:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.6a:beta1:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.6a:beta2:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.6a:beta3:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.6a::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6a::::::x86: cpe:2.3:a:openssl:openssl:0.9.6a:beta1:::::x86:* cpe:2.3:a:openssl:openssl:0.9.6a:beta2:::::x86:* cpe:2.3:a:openssl:openssl:0.9.6a:beta3:::::x86:* cpe:2.3:a:openssl:openssl:0.9.6:beta2:::::: cpe:2.3:a:openssl:openssl:0.9.6:-:::::: cpe:2.3:a:openssl:openssl:0.9.6:beta3:::::: cpe:2.3:a:openssl:openssl:0.9.6:beta1:::::: cpe:2.3:a:openssl:openssl:0.9.6:beta2:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.6::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6:beta1:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.6:beta3:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.6:beta1:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.6:beta3:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.6:beta2:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.6::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6::::::x86: cpe:2.3:a:openssl:openssl:0.9.6:beta1:::::x86:* cpe:2.3:a:openssl:openssl:0.9.6:beta2:::::x86:* cpe:2.3:a:openssl:openssl:0.9.6:beta3:::::x86:* cpe:2.3:a:openssl:openssl:0.9.5a:beta2:::::: cpe:2.3:a:openssl:openssl:0.9.5a:beta1:::::: cpe:2.3:a:openssl:openssl:0.9.5a:-:::::: cpe:2.3:a:openssl:openssl:0.9.5a:beta2:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.5a::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.5a:beta1:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.5a::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.5a:beta1:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.5a:beta2:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.5a::::::x86: cpe:2.3:a:openssl:openssl:0.9.5a:beta1:::::x86:* cpe:2.3:a:openssl:openssl:0.9.5a:beta2:::::x86:* cpe:2.3:a:openssl:openssl:0.9.5:beta1:::::: cpe:2.3:a:openssl:openssl:0.9.5:-:::::: cpe:2.3:a:openssl:openssl:0.9.5:beta2:::::: cpe:2.3:a:openssl:openssl:0.9.5:beta2:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.5:beta1:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.5::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.5:beta1:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.5:beta2:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.5::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.5::::::x86: cpe:2.3:a:openssl:openssl:0.9.5:beta1:::::x86:* cpe:2.3:a:openssl:openssl:0.9.5:beta2:::::x86:* cpe:2.3:a:openssl:openssl:0.9.4:::::::* cpe:2.3:a:openssl:openssl:0.9.4::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.4::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.4::::::x86: cpe:2.3:a:openssl:openssl:0.9.3a:::::::* cpe:2.3:a:openssl:openssl:0.9.3a::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.3a::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.3a::::::x86: cpe:2.3:a:openssl:openssl:0.9.3:-:::::: cpe:2.3:a:openssl:openssl:0.9.3::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.3::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.3::::::x86: cpe:2.3:a:openssl:openssl:0.9.2b:::::::* cpe:2.3:a:openssl:openssl:0.9.2b::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.2b::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.2b::::::x86: cpe:2.3:a:openssl:openssl:0.9.1c:::::::* cpe:2.3:a:openssl:openssl:0.9.1c::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.1c::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.1c::::::x86: cpe:2.3:a:openssl:openssl:0.9.1b:::::::* cpe:2.3:a:openssl:openssl:0.9.0b:::::::* cpe:2.3:a:openssl:openssl:::::::: cpe:2.3:a:openssl:openssl:::openvms:::::* cpe:2.3:a:openssl:openssl:-:::::::*	325
Application	Oracle Openjdk cpe:2.3:a:oracle:openjdk:1.7.0:-:::::: cpe:2.3:a:oracle:openjdk:1.7.0:update2:::::: cpe:2.3:a:oracle:openjdk:1.7.0:update3:::::: cpe:2.3:a:oracle:openjdk:1.7.0:update4:::::: cpe:2.3:a:oracle:openjdk:1.7.0:update5:::::: cpe:2.3:a:oracle:openjdk:1.7.0:update6:::::: cpe:2.3:a:oracle:openjdk:1.7.0:update7:::::: cpe:2.3:a:oracle:openjdk:1.7.0:update9:::::: cpe:2.3:a:oracle:openjdk:1.7.0:update10:::::: cpe:2.3:a:oracle:openjdk:1.7.0:update11:::::: cpe:2.3:a:oracle:openjdk:1.7.0:update13:::::: cpe:2.3:a:oracle:openjdk:1.7.0:update1:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update34:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update35:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update37:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update38:::::: cpe:2.3:a:oracle:openjdk:1.6.0:-:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update2:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update3:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update4:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update5:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update6:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update7:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update11:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update12:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update13:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update14:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update15:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update16:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update17:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update18:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update19:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update20:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update21:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update22:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update23:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update24:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update25:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update26:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update27:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update29:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update30:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update31:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update32:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update33:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update1:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update10::::::	47
Application	Polarssl cpe:2.3:a:polarssl:polarssl:1.1.4:::::::* cpe:2.3:a:polarssl:polarssl:1.1.3:::::::* cpe:2.3:a:polarssl:polarssl:1.1.2:::::::* cpe:2.3:a:polarssl:polarssl:1.1.1:::::::* cpe:2.3:a:polarssl:polarssl:1.1.0:::::::* cpe:2.3:a:polarssl:polarssl:1.1.0:rc1:::::: cpe:2.3:a:polarssl:polarssl:1.1.0:rc0:::::: cpe:2.3:a:polarssl:polarssl:1.0.0:::::::* cpe:2.3:a:polarssl:polarssl:0.99:pre4:::::: cpe:2.3:a:polarssl:polarssl:0.99:pre5:::::: cpe:2.3:a:polarssl:polarssl:0.99:pre1:::::: cpe:2.3:a:polarssl:polarssl:0.99:pre3:::::: cpe:2.3:a:polarssl:polarssl:0.14.3:::::::* cpe:2.3:a:polarssl:polarssl:0.14.2:::::::* cpe:2.3:a:polarssl:polarssl:0.14.0:::::::* cpe:2.3:a:polarssl:polarssl:0.13.1:::::::* cpe:2.3:a:polarssl:polarssl:0.12.1:::::::* cpe:2.3:a:polarssl:polarssl:0.12.0:::::::* cpe:2.3:a:polarssl:polarssl:0.11.1:::::::* cpe:2.3:a:polarssl:polarssl:0.11.0:::::::* cpe:2.3:a:polarssl:polarssl:0.10.1:::::::* cpe:2.3:a:polarssl:polarssl:0.10.0:::::::*	22
Application	Redhat Openssl cpe:2.3:a:redhat:openssl:0.9.7a-2:::::::* cpe:2.3:a:redhat:openssl:0.9.6b-3:::::::* cpe:2.3:a:redhat:openssl:0.9.6-15:::::::*	3

ExploitDB Exploits

id	Description
2012-04-19	OpenSSL ASN1 BIO Memory Corruption Vulnerability

OpenVAS Exploits

Date	Description
2012-08-31	Name : VMSA-2012-0013 VMware vSphere and vCOps updates to third party libraries. File : nvt/gb_VMSA-2012-0013.nasl
2012-08-30	Name : Fedora Update for openssl FEDORA-2012-6343 File : nvt/gb_fedora_2012_6343_openssl_fc17.nasl
2012-08-30	Name : Fedora Update for openssl FEDORA-2012-7939 File : nvt/gb_fedora_2012_7939_openssl_fc17.nasl
2012-08-30	Name : Fedora Update for openssl FEDORA-2012-4630 File : nvt/gb_fedora_2012_4630_openssl_fc17.nasl
2012-08-10	Name : FreeBSD Ports: FreeBSD File : nvt/freebsd_FreeBSD19.nasl
2012-08-03	Name : Mandriva Update for openssl MDVSA-2012:073 (openssl) File : nvt/gb_mandriva_MDVSA_2012_073.nasl
2012-08-03	Name : Mandriva Update for openssl MDVSA-2012:038 (openssl) File : nvt/gb_mandriva_MDVSA_2012_038.nasl
2012-08-03	Name : Mandriva Update for openssl MDVSA-2012:060 (openssl) File : nvt/gb_mandriva_MDVSA_2012_060.nasl
2012-08-03	Name : Mandriva Update for openssl0.9.8 MDVSA-2012:064 (openssl0.9.8) File : nvt/gb_mandriva_MDVSA_2012_064.nasl
2012-07-30	Name : CentOS Update for openssl CESA-2012:0426 centos5 File : nvt/gb_CESA-2012_0426_openssl_centos5.nasl
2012-07-30	Name : CentOS Update for openssl CESA-2012:0426 centos6 File : nvt/gb_CESA-2012_0426_openssl_centos6.nasl
2012-07-30	Name : CentOS Update for openssl097a CESA-2012:0518 centos5 File : nvt/gb_CESA-2012_0518_openssl097a_centos5.nasl
2012-07-30	Name : CentOS Update for openssl098e CESA-2012:0518 centos6 File : nvt/gb_CESA-2012_0518_openssl098e_centos6.nasl
2012-07-30	Name : CentOS Update for openssl CESA-2012:0699 centos5 File : nvt/gb_CESA-2012_0699_openssl_centos5.nasl
2012-07-30	Name : CentOS Update for openssl CESA-2012:0699 centos6 File : nvt/gb_CESA-2012_0699_openssl_centos6.nasl
2012-06-04	Name : Fedora Update for openssl FEDORA-2012-8024 File : nvt/gb_fedora_2012_8024_openssl_fc15.nasl
2012-06-04	Name : Fedora Update for openssl FEDORA-2012-8014 File : nvt/gb_fedora_2012_8014_openssl_fc16.nasl
2012-06-01	Name : RedHat Update for openssl RHSA-2012:0699-01 File : nvt/gb_RHSA-2012_0699-01_openssl.nasl
2012-05-31	Name : FreeBSD Ports: openssl File : nvt/freebsd_openssl9.nasl
2012-05-31	Name : Debian Security Advisory DSA 2475-1 (openssl) File : nvt/deb_2475_1.nasl
2012-05-25	Name : Ubuntu Update for openssl USN-1451-1 File : nvt/gb_ubuntu_USN_1451_1.nasl
2012-05-11	Name : Fedora Update for openssl FEDORA-2012-6395 File : nvt/gb_fedora_2012_6395_openssl_fc15.nasl
2012-04-30	Name : Fedora Update for openssl FEDORA-2012-6403 File : nvt/gb_fedora_2012_6403_openssl_fc16.nasl
2012-04-30	Name : FreeBSD Ports: openssl File : nvt/freebsd_openssl8.nasl
2012-04-30	Name : FreeBSD Ports: openssl File : nvt/freebsd_openssl7.nasl
2012-04-30	Name : Debian Security Advisory DSA 2454-2 (openssl) File : nvt/deb_2454_2.nasl
2012-04-30	Name : Debian Security Advisory DSA 2454-1 (openssl) File : nvt/deb_2454_1.nasl
2012-04-26	Name : RedHat Update for openssl RHSA-2012:0518-01 File : nvt/gb_RHSA-2012_0518-01_openssl.nasl
2012-04-26	Name : Ubuntu Update for openssl USN-1428-1 File : nvt/gb_ubuntu_USN_1428_1.nasl
2012-04-20	Name : Ubuntu Update for openssl USN-1424-1 File : nvt/gb_ubuntu_USN_1424_1.nasl
2012-04-13	Name : Fedora Update for openssl FEDORA-2012-4659 File : nvt/gb_fedora_2012_4659_openssl_fc15.nasl
2012-04-11	Name : Fedora Update for openssl FEDORA-2012-4665 File : nvt/gb_fedora_2012_4665_openssl_fc16.nasl
2012-03-29	Name : RedHat Update for openssl RHSA-2012:0426-01 File : nvt/gb_RHSA-2012_0426-01_openssl.nasl
2012-02-13	Name : Ubuntu Update for openssl USN-1357-1 File : nvt/gb_ubuntu_USN_1357_1.nasl
2011-09-30	Name : Mandriva Update for openssl MDVSA-2011:136 (openssl) File : nvt/gb_mandriva_MDVSA_2011_136.nasl
2011-09-30	Name : Mandriva Update for openssl MDVSA-2011:137 (openssl) File : nvt/gb_mandriva_MDVSA_2011_137.nasl
2011-09-21	Name : Debian Security Advisory DSA 2309-1 (openssl) File : nvt/deb_2309_1.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
74632	OpenSSL ECDHE_ECDSA Cipher Suite ECDSA Timing Attack Weakness

Information Assurance Vulnerability Management (IAVM)

Date	Description
2013-10-17	IAVM : 2013-A-0199 - Multiple Vulnerabilities in Oracle Fusion Middleware Severity : Category I - VMSKEY : V0040786
2013-09-19	IAVM : 2013-A-0181 - Multiple Vulnerabilities in Junos Pulse Secure Access Service (IVE) Severity : Category I - VMSKEY : V0040371
2013-09-19	IAVM : 2013-A-0180 - Multiple Vulnerabilities in Juniper Networks Junos Pulse Access Service Acces... Severity : Category I - VMSKEY : V0040372
2013-09-19	IAVM : 2013-A-0179 - Apple Mac OS X Security Update 2013-004 Severity : Category I - VMSKEY : V0040373
2013-04-11	IAVM : 2013-A-0077 - Multiple Vulnerabilities in OpenSSL Severity : Category I - VMSKEY : V0037605
2013-02-28	IAVM : 2013-A-0056 - VMware ESXi 3.5 and ESX 3.5 Memory Corruption Vulnerability Severity : Category I - VMSKEY : V0037066
2012-09-27	IAVM : 2012-A-0153 - Multiple Vulnerabilities in VMware ESX 4.0 and ESXi 4.0 Severity : Category I - VMSKEY : V0033884

Snort® IPS/IDS

Date	Description
2014-01-10	SSLv3 plaintext recovery attempt RuleID : 25828 - Revision : 4 - Type : SERVER-OTHER
2014-01-10	TLSv1.2 plaintext recovery attempt RuleID : 25827 - Revision : 4 - Type : SERVER-OTHER
2014-01-10	TLSv1.1 plaintext recovery attempt RuleID : 25826 - Revision : 4 - Type : SERVER-OTHER
2014-01-10	TLSv1.0 plaintext recovery attempt RuleID : 25825 - Revision : 4 - Type : SERVER-OTHER

Nessus® Vulnerability Scanner

Date	Description
2018-09-27	Name : The remote Debian host is missing a security update. File : debian_DLA-1518.nasl - Type : ACT_GATHER_INFO
2016-11-21	Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL93600123.nasl - Type : ACT_GATHER_INFO
2016-03-04	Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-294.nasl - Type : ACT_GATHER_INFO
2016-03-04	Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_esx_VMSA-2013-0003_remote.nasl - Type : ACT_GATHER_INFO
2016-03-04	Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_esx_VMSA-2013-0009_remote.nasl - Type : ACT_GATHER_INFO
2016-02-29	Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_VMSA-2012-0013_remote.nasl - Type : ACT_GATHER_INFO
2015-04-10	Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL16285.nasl - Type : ACT_GATHER_INFO
2015-01-19	Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_gnutls_20130924.nasl - Type : ACT_GATHER_INFO
2015-01-19	Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_nss_20140809.nasl - Type : ACT_GATHER_INFO
2015-01-19	Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_openssl_20120523.nasl - Type : ACT_GATHER_INFO
2015-01-19	Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_openssl_20120626.nasl - Type : ACT_GATHER_INFO
2015-01-19	Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_openssl_20120814.nasl - Type : ACT_GATHER_INFO
2015-01-19	Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_openssl_20130716.nasl - Type : ACT_GATHER_INFO
2015-01-13	Name : The remote host has a library installed that is affected by an information di... File : tivoli_directory_svr_swg21638270.nasl - Type : ACT_GATHER_INFO
2014-12-22	Name : The remote device is affected by multiple vulnerabilities. File : juniper_space_jsa10659.nasl - Type : ACT_GATHER_INFO
2014-12-05	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_compat-openssl097g-141202.nasl - Type : ACT_GATHER_INFO
2014-11-26	Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2014-0007.nasl - Type : ACT_GATHER_INFO
2014-11-26	Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2014-0008.nasl - Type : ACT_GATHER_INFO
2014-11-17	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0488.nasl - Type : ACT_GATHER_INFO
2014-11-08	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0531.nasl - Type : ACT_GATHER_INFO
2014-11-08	Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2013-0636.nasl - Type : ACT_GATHER_INFO
2014-11-08	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1455.nasl - Type : ACT_GATHER_INFO
2014-11-08	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1456.nasl - Type : ACT_GATHER_INFO
2014-11-08	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0416.nasl - Type : ACT_GATHER_INFO
2014-10-10	Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL14190.nasl - Type : ACT_GATHER_INFO
2014-10-10	Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL14261.nasl - Type : ACT_GATHER_INFO
2014-10-10	Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL15401.nasl - Type : ACT_GATHER_INFO
2014-10-10	Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL15630.nasl - Type : ACT_GATHER_INFO
2014-10-10	Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL15637.nasl - Type : ACT_GATHER_INFO
2014-08-22	Name : The remote host is affected by multiple vulnerabilities. File : juniper_nsm_jsa10642.nasl - Type : ACT_GATHER_INFO
2014-08-11	Name : The remote backup service is affected by multiple vulnerabilities. File : ibm_tsm_server_5_5_x.nasl - Type : ACT_GATHER_INFO
2014-08-11	Name : The remote backup service is affected by multiple vulnerabilities. File : ibm_tsm_server_6_1_x.nasl - Type : ACT_GATHER_INFO
2014-08-11	Name : The remote backup service is affected by multiple vulnerabilities. File : ibm_tsm_server_6_2_6_0.nasl - Type : ACT_GATHER_INFO
2014-08-11	Name : The remote backup service is affected by an information disclosure vulnerabil... File : ibm_tsm_server_6_3_4_200.nasl - Type : ACT_GATHER_INFO
2014-07-14	Name : The remote mail server is affected by an information disclosure vulnerability. File : ipswitch_imail_12_3.nasl - Type : ACT_GATHER_INFO
2014-06-30	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201406-32.nasl - Type : ACT_GATHER_INFO
2014-06-18	Name : The remote database server is affected by multiple vulnerabilities. File : db2_101fp3a.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-174.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-210.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-242.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-308.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-153.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-154.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-164.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : suse_11_3_libopenssl-devel-110606.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : suse_11_4_libopenssl-devel-110607.nasl - Type : ACT_GATHER_INFO
2014-04-16	Name : The remote AIX host is running a vulnerable version of OpenSSL. File : aix_openssl_advisory4.nasl - Type : ACT_GATHER_INFO
2014-04-16	Name : The remote AIX host is running a vulnerable version of OpenSSL. File : aix_openssl_advisory5.nasl - Type : ACT_GATHER_INFO
2014-01-27	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201401-30.nasl - Type : ACT_GATHER_INFO
2014-01-20	Name : The remote VMware ESXi 5.1 host is affected by multiple vulnerabilities. File : vmware_esxi_5_1_build_1483097_remote.nasl - Type : ACT_GATHER_INFO
2013-12-18	Name : The remote database server is affected by multiple vulnerabilities. File : db2_97fp9.nasl - Type : ACT_GATHER_INFO
2013-12-03	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201312-03.nasl - Type : ACT_GATHER_INFO
2013-11-13	Name : The remote VMware ESXi 5.0 host is affected by multiple security vulnerabilit... File : vmware_esxi_5_0_build_1311177_remote.nasl - Type : ACT_GATHER_INFO
2013-10-18	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201310-10.nasl - Type : ACT_GATHER_INFO
2013-10-16	Name : The remote database server is affected by multiple vulnerabilities. File : oracle_rdbms_cpu_oct_2013.nasl - Type : ACT_GATHER_INFO
2013-09-20	Name : The remote application server may be affected by multiple vulnerabilities. File : websphere_6_1_0_47.nasl - Type : ACT_GATHER_INFO
2013-09-19	Name : The remote device is missing a vendor-supplied security patch. File : junos_pulse_jsa10591.nasl - Type : ACT_GATHER_INFO
2013-09-13	Name : The remote host is missing a Mac OS X update that fixes several security issues. File : macosx_10_8_5.nasl - Type : ACT_GATHER_INFO
2013-09-13	Name : The remote host is missing a Mac OS X update that fixes several security issues. File : macosx_SecUpd2013-004.nasl - Type : ACT_GATHER_INFO
2013-09-04	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2012-62.nasl - Type : ACT_GATHER_INFO
2013-09-04	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2012-72.nasl - Type : ACT_GATHER_INFO
2013-09-04	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2012-73.nasl - Type : ACT_GATHER_INFO
2013-09-04	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2012-85.nasl - Type : ACT_GATHER_INFO
2013-09-04	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-162.nasl - Type : ACT_GATHER_INFO
2013-09-04	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-163.nasl - Type : ACT_GATHER_INFO
2013-09-04	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-171.nasl - Type : ACT_GATHER_INFO
2013-08-23	Name : The remote application server may be affected by multiple vulnerabilities. File : websphere_8_0_0_7.nasl - Type : ACT_GATHER_INFO
2013-08-02	Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2013-0009.nasl - Type : ACT_GATHER_INFO
2013-07-23	Name : The remote web server is affected by multiple vulnerabilities. File : hpsmh_7_2_1_0.nasl - Type : ACT_GATHER_INFO
2013-07-23	Name : The remote application server may be affected by multiple vulnerabilities. File : websphere_8_5_5.nasl - Type : ACT_GATHER_INFO
2013-07-19	Name : The remote application server is potentially affected by multiple vulnerabili... File : websphere_7_0_0_29.nasl - Type : ACT_GATHER_INFO
2013-07-16	Name : The remote device is missing a vendor-supplied security patch. File : juniper_jsa10575.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0426.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0518.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0699.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-2011.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0273.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0274.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0275.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0587.nasl - Type : ACT_GATHER_INFO
2013-07-10	Name : The remote host has a library installed that is affected by an information di... File : ibm_gskit_swg21638270.nasl - Type : ACT_GATHER_INFO
2013-06-24	Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2013-0833.nasl - Type : ACT_GATHER_INFO
2013-06-06	Name : The remote web server contains an application that is affected by multiple vu... File : splunk_503.nasl - Type : ACT_GATHER_INFO
2013-06-05	Name : The remote host is missing a Mac OS X update that fixes several security issues. File : macosx_10_8_4.nasl - Type : ACT_GATHER_INFO
2013-06-05	Name : The remote host is missing a Mac OS X update that fixes several security issues. File : macosx_SecUpd2013-002.nasl - Type : ACT_GATHER_INFO
2013-05-23	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0855.nasl - Type : ACT_GATHER_INFO
2013-05-15	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0822.nasl - Type : ACT_GATHER_INFO
2013-05-15	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0823.nasl - Type : ACT_GATHER_INFO
2013-05-10	Name : The remote application server may be affected by multiple vulnerabilities. File : websphere_8_0_0_6.nasl - Type : ACT_GATHER_INFO
2013-05-10	Name : The remote application server may be affected by multiple vulnerabilities. File : websphere_8_5_0_2.nasl - Type : ACT_GATHER_INFO
2013-04-30	Name : The remote host is affected by multiple vulnerabilities. File : ibm_tem_8_2_1372.nasl - Type : ACT_GATHER_INFO
2013-04-24	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-ibm-130416.nasl - Type : ACT_GATHER_INFO
2013-04-24	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_6_0-ibm-8544.nasl - Type : ACT_GATHER_INFO
2013-04-20	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-050.nasl - Type : ACT_GATHER_INFO
2013-04-20	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-052.nasl - Type : ACT_GATHER_INFO
2013-04-20	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-095.nasl - Type : ACT_GATHER_INFO
2013-04-19	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_7_0-ibm-130415.nasl - Type : ACT_GATHER_INFO
2013-04-08	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_69bfc8529bd011e2a7be8c705af55518.nasl - Type : ACT_GATHER_INFO
2013-04-03	Name : The remote Fedora host is missing a security update. File : fedora_2013-4403.nasl - Type : ACT_GATHER_INFO
2013-03-28	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libopenssl-devel-130325.nasl - Type : ACT_GATHER_INFO
2013-03-28	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_openssl-8517.nasl - Type : ACT_GATHER_INFO
2013-03-26	Name : The remote Windows host contains a program that is affected by multiple vulne... File : stunnel_4_55.nasl - Type : ACT_GATHER_INFO
2013-03-26	Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1732-3.nasl - Type : ACT_GATHER_INFO
2013-03-08	Name : The remote Fedora host is missing a security update. File : fedora_2013-2793.nasl - Type : ACT_GATHER_INFO
2013-03-07	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0587.nasl - Type : ACT_GATHER_INFO
2013-03-05	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0587.nasl - Type : ACT_GATHER_INFO
2013-03-05	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130304_openssl_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2013-03-04	Name : The remote Fedora host is missing a security update. File : fedora_2013-2834.nasl - Type : ACT_GATHER_INFO
2013-03-01	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1732-2.nasl - Type : ACT_GATHER_INFO
2013-02-27	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0274.nasl - Type : ACT_GATHER_INFO
2013-02-24	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-014.nasl - Type : ACT_GATHER_INFO
2013-02-24	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-openjdk-130221.nasl - Type : ACT_GATHER_INFO
2013-02-22	Name : The remote Unix host contains a programming platform that is potentially affe... File : oracle_java_cpu_feb_2013_1_unix.nasl - Type : ACT_GATHER_INFO
2013-02-22	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1732-1.nasl - Type : ACT_GATHER_INFO
2013-02-22	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1735-1.nasl - Type : ACT_GATHER_INFO
2013-02-22	Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2013-0003.nasl - Type : ACT_GATHER_INFO
2013-02-21	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0273.nasl - Type : ACT_GATHER_INFO
2013-02-21	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0275.nasl - Type : ACT_GATHER_INFO
2013-02-21	Name : The remote Windows host contains a programming platform that is potentially a... File : oracle_java_cpu_feb_2013_1.nasl - Type : ACT_GATHER_INFO
2013-02-21	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0273.nasl - Type : ACT_GATHER_INFO
2013-02-21	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0274.nasl - Type : ACT_GATHER_INFO
2013-02-21	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0275.nasl - Type : ACT_GATHER_INFO
2013-02-21	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0531.nasl - Type : ACT_GATHER_INFO
2013-02-21	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0532.nasl - Type : ACT_GATHER_INFO
2013-02-14	Name : The remote Debian host is missing a security-related update. File : debian_DSA-2621.nasl - Type : ACT_GATHER_INFO
2013-02-14	Name : The remote Debian host is missing a security-related update. File : debian_DSA-2622.nasl - Type : ACT_GATHER_INFO
2013-02-13	Name : The remote service may be affected by an information disclosure vulnerability. File : openssl_1_0_1e.nasl - Type : ACT_GATHER_INFO
2013-02-11	Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2013-040-01.nasl - Type : ACT_GATHER_INFO
2013-02-09	Name : The remote host may be affected by multiple vulnerabilities. File : openssl_0_9_8y.nasl - Type : ACT_GATHER_INFO
2013-02-09	Name : The remote host may be affected by multiple vulnerabilities. File : openssl_1_0_0k.nasl - Type : ACT_GATHER_INFO
2013-02-09	Name : The remote host may be affected by multiple vulnerabilities. File : openssl_1_0_1d.nasl - Type : ACT_GATHER_INFO
2013-02-07	Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_00b0d8cd709711e298d9003067c2616f.nasl - Type : ACT_GATHER_INFO
2013-01-25	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_compat-openssl097g-120830.nasl - Type : ACT_GATHER_INFO
2013-01-25	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libopenssl-devel-120503.nasl - Type : ACT_GATHER_INFO
2013-01-25	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libopenssl-devel-120524.nasl - Type : ACT_GATHER_INFO
2013-01-24	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1335.nasl - Type : ACT_GATHER_INFO
2013-01-24	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0522.nasl - Type : ACT_GATHER_INFO
2012-11-26	Name : The remote Fedora host is missing a security update. File : fedora_2012-18035.nasl - Type : ACT_GATHER_INFO
2012-09-12	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_compat-openssl097g-8262.nasl - Type : ACT_GATHER_INFO
2012-08-31	Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2012-0013.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120327_openssl_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120424_openssl_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120529_openssl_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-07-17	Name : The remote router has a memory corruption vulnerability. File : juniper_psn-2012-07-645.nasl - Type : ACT_GATHER_INFO
2012-07-05	Name : The remote web server is affected by multiple vulnerabilities. File : hpsmh_7_1_1_1.nasl - Type : ACT_GATHER_INFO
2012-06-28	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_2ae114dec06411e1b5e0000c299b62e1.nasl - Type : ACT_GATHER_INFO
2012-06-04	Name : The remote Fedora host is missing a security update. File : fedora_2012-8014.nasl - Type : ACT_GATHER_INFO
2012-06-04	Name : The remote Fedora host is missing a security update. File : fedora_2012-8024.nasl - Type : ACT_GATHER_INFO
2012-05-31	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_openssl-8143.nasl - Type : ACT_GATHER_INFO
2012-05-30	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0699.nasl - Type : ACT_GATHER_INFO
2012-05-30	Name : The remote Fedora host is missing a security update. File : fedora_2012-7939.nasl - Type : ACT_GATHER_INFO
2012-05-30	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0699.nasl - Type : ACT_GATHER_INFO
2012-05-29	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1451-1.nasl - Type : ACT_GATHER_INFO
2012-05-23	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_openssl-8112.nasl - Type : ACT_GATHER_INFO
2012-05-18	Name : The remote Debian host is missing a security-related update. File : debian_DSA-2475.nasl - Type : ACT_GATHER_INFO
2012-05-16	Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_dba5d1c99f2911e1b511003067c2616f.nasl - Type : ACT_GATHER_INFO
2012-05-14	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-073.nasl - Type : ACT_GATHER_INFO
2012-05-11	Name : The remote Fedora host is missing a security update. File : fedora_2012-6395.nasl - Type : ACT_GATHER_INFO
2012-05-11	Name : The remote host may be affected by a denial of service vulnerability. File : openssl_0_9_8x.nasl - Type : ACT_GATHER_INFO
2012-05-11	Name : The remote host may be affected by a denial of service vulnerability. File : openssl_1_0_0j.nasl - Type : ACT_GATHER_INFO
2012-05-11	Name : The remote host may be affected by a denial of service vulnerability. File : openssl_1_0_1c.nasl - Type : ACT_GATHER_INFO
2012-04-30	Name : The remote Fedora host is missing a security update. File : fedora_2012-6403.nasl - Type : ACT_GATHER_INFO
2012-04-27	Name : The remote Fedora host is missing a security update. File : fedora_2012-6343.nasl - Type : ACT_GATHER_INFO
2012-04-25	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0518.nasl - Type : ACT_GATHER_INFO
2012-04-25	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-064.nasl - Type : ACT_GATHER_INFO
2012-04-25	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0518.nasl - Type : ACT_GATHER_INFO
2012-04-25	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1428-1.nasl - Type : ACT_GATHER_INFO
2012-04-24	Name : The remote host may be affected by a memory corruption vulnerability. File : openssl_0_9_8v.nasl - Type : ACT_GATHER_INFO
2012-04-23	Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_7184f92e8bb811e18d7b003067b2972c.nasl - Type : ACT_GATHER_INFO
2012-04-20	Name : The remote Debian host is missing a security-related update. File : debian_DSA-2454.nasl - Type : ACT_GATHER_INFO
2012-04-20	Name : The remote web server is affected by multiple vulnerabilities. File : hpsmh_7_0_0_24.nasl - Type : ACT_GATHER_INFO
2012-04-20	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-060.nasl - Type : ACT_GATHER_INFO
2012-04-20	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1424-1.nasl - Type : ACT_GATHER_INFO
2012-04-19	Name : The remote host may be affected by a memory corruption vulnerability. File : openssl_1_0_0i.nasl - Type : ACT_GATHER_INFO
2012-04-19	Name : The remote host may be affected by a memory corruption vulnerability. File : openssl_1_0_1a.nasl - Type : ACT_GATHER_INFO
2012-04-12	Name : The remote Fedora host is missing a security update. File : fedora_2012-4630.nasl - Type : ACT_GATHER_INFO
2012-04-12	Name : The remote Fedora host is missing a security update. File : fedora_2012-4659.nasl - Type : ACT_GATHER_INFO
2012-04-11	Name : The remote Fedora host is missing a security update. File : fedora_2012-4665.nasl - Type : ACT_GATHER_INFO
2012-04-11	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libopenssl-devel-120327.nasl - Type : ACT_GATHER_INFO
2012-04-11	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libopenssl-devel-120328.nasl - Type : ACT_GATHER_INFO
2012-04-11	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_openssl-8034.nasl - Type : ACT_GATHER_INFO
2012-04-02	Name : The remote host may be affected by multiple vulnerabilities. File : openssl_0_9_8u.nasl - Type : ACT_GATHER_INFO
2012-04-02	Name : The remote host may be affected by multiple vulnerabilities. File : openssl_1_0_0h.nasl - Type : ACT_GATHER_INFO
2012-03-28	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0426.nasl - Type : ACT_GATHER_INFO
2012-03-28	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0426.nasl - Type : ACT_GATHER_INFO
2012-03-27	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-038.nasl - Type : ACT_GATHER_INFO
2012-03-16	Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_60eb344e6eb111e18ad700e0815b8da8.nasl - Type : ACT_GATHER_INFO
2012-02-10	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1357-1.nasl - Type : ACT_GATHER_INFO
2012-01-09	Name : The remote web server has multiple SSL-related vulnerabilities. File : openssl_0_9_8s.nasl - Type : ACT_GATHER_INFO
2011-12-13	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_openssl-7550.nasl - Type : ACT_GATHER_INFO
2011-09-29	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-136.nasl - Type : ACT_GATHER_INFO
2011-09-29	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-137.nasl - Type : ACT_GATHER_INFO
2011-09-14	Name : The remote Debian host is missing a security-related update. File : debian_DSA-2309.nasl - Type : ACT_GATHER_INFO
2011-09-12	Name : The remote web server is affected by multiple SSL-related vulnerabilities. File : openssl_1_0_0e.nasl - Type : ACT_GATHER_INFO
2011-06-15	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libopenssl-devel-110606.nasl - Type : ACT_GATHER_INFO
2011-06-15	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_openssl-7552.nasl - Type : ACT_GATHER_INFO
2010-01-06	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1335.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-02-17 11:37:57	Multiple Updates
2013-12-03 09:18:03	First insertion

Global Informations

Type	Count
CWE ID(s)	8
Oval ID(s)	66
CPE ID(s)	397
osvdb(s)	1
ExploitDB Exploit(s)	1
Openvas Exploit(s)	37
IAVM(s)	7
Snort® Rule(s)	4
Nessus® Exploit(s)	197

	Related
7.5	CVE-2012-2110
6.8	CVE-2012-2333
5	CVE-2013-0166
5	CVE-2012-2686
5	CVE-2012-1165
5	CVE-2012-0884
5	CVE-2006-7250
2.6	CVE-2013-0169
2.6	CVE-2011-1945
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 9 more Alert(s)