4.3 - MDVSA-2013:050

Executive Summary

Informations
Name	MDVSA-2013:050	First vendor Publication	2013-04-05
Vendor	Mandriva	Last vendor Modification	2013-04-05
Severity (Vendor)	N/A	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Cvss Base Score	4.3	Attack Range	Network
Cvss Impact Score	2.9	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Google reported to Mozilla that TURKTRUST, a certificate authority in Mozillas root program, had mis-issued two intermediate certificates to customers. The issue was not specific to Firefox but there was evidence that one of the certificates was used for man-in-the-middle (MITM) traffic management of domain names that the customer did not legitimately own or control. This issue was resolved by revoking the trust for these specific mis-issued certificates (CVE-2013-0743).

The rootcerts package has been upgraded to address this flaw and the Mozilla NSS package has been rebuilt to pickup the changes.

The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169 (CVE-2013-1620).

The NSPR package has been upgraded to the 4.9.5 version due to dependecies of newer NSS.

The NSS package has been upgraded to the 3.14.3 version which is not vulnerable to this issue.

The sqlite3 update addresses a crash when using svn commit after export MALLOC_CHECK_=3.

Original Source

Url : http://www.mandriva.com/security/advisories?name=MDVSA-2013:050

CWE : Common Weakness Enumeration

%	Id	Name
50 %	CWE-310	Cryptographic Issues
50 %	CWE-203	Information Exposure Through Discrepancy

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:17859

Oval ID:	oval:org.mitre.oval:def:17859
Title:	USN-1687-1 -- nss vulnerability
Description:	Fraudulent security certificates could allow sensitive information to be exposed when accessing the Internet.
Family:	unix	Class:	patch
Reference(s):	USN-1687-1 CVE-2013-0743	Version:	7
Platform(s):	Ubuntu 12.10 Ubuntu 12.04 Ubuntu 11.10 Ubuntu 10.04	Product(s):	nss
Definition Synopsis:
Release section Ubuntu 12.10 is installed AND libnss3-1d DPKG is earlier than 3.14.1-0ckbi1.93ubuntu.0.12.10.1 AND Release section Ubuntu 12.04 is installed AND libnss3-1d DPKG is earlier than 3.14.1-0ckbi1.93ubuntu.0.12.04.1 AND Release section Ubuntu 11.10 is installed AND libnss3-1d DPKG is earlier than 3.14.1-0ckbi1.93ubuntu.0.11.10.1 AND Release section Ubuntu 10.04 is installed AND libnss3-1d DPKG is earlier than 3.14.1-0ckbi1.93ubuntu.0.10.04.1

Definition Id: oval:org.mitre.oval:def:17950

Oval ID:	oval:org.mitre.oval:def:17950
Title:	USN-1681-2 -- thunderbird vulnerabilities
Description:	Several security issues were fixed in Thunderbird.
Family:	unix	Class:	patch
Reference(s):	USN-1681-2 CVE-2013-0769 CVE-2013-0749 CVE-2013-0770 CVE-2013-0760 CVE-2013-0761 CVE-2013-0762 CVE-2013-0763 CVE-2013-0766 CVE-2013-0767 CVE-2013-0771 CVE-2012-5829 CVE-2013-0768 CVE-2013-0759 CVE-2013-0744 CVE-2013-0764 CVE-2013-0745 CVE-2013-0746 CVE-2013-0747 CVE-2013-0748 CVE-2013-0750 CVE-2013-0752 CVE-2013-0757 CVE-2013-0758 CVE-2013-0753 CVE-2013-0754 CVE-2013-0755 CVE-2013-0756 CVE-2013-0743	Version:	7
Platform(s):	Ubuntu 12.10 Ubuntu 12.04 Ubuntu 11.10 Ubuntu 10.04	Product(s):	thunderbird
Definition Synopsis:
Release section Ubuntu 12.10 is installed AND thunderbird DPKG is earlier than 17.0.2+build1-0ubuntu0.12.10.1 AND Release section Ubuntu 12.04 is installed AND thunderbird DPKG is earlier than 17.0.2+build1-0ubuntu0.12.04.1 AND Release section Ubuntu 11.10 is installed AND thunderbird DPKG is earlier than 17.0.2+build1-0ubuntu0.11.10.1 AND Release section Ubuntu 10.04 is installed AND thunderbird DPKG is earlier than 17.0.2+build1-0ubuntu0.10.04.1

Definition Id: oval:org.mitre.oval:def:17969

Oval ID:	oval:org.mitre.oval:def:17969
Title:	USN-1687-2 -- nspr update
Description:	NSPR update to work with the new NSS.
Family:	unix	Class:	patch
Reference(s):	USN-1687-2 CVE-2013-0743	Version:	7
Platform(s):	Ubuntu 12.10 Ubuntu 12.04 Ubuntu 11.10 Ubuntu 10.04	Product(s):	nspr
Definition Synopsis:
Release section Ubuntu 12.10 is installed AND libnspr4-0d DPKG is earlier than 4.9.4-0ubuntu0.12.10.1 AND Release section Ubuntu 12.04 is installed AND libnspr4-0d DPKG is earlier than 4.9.4-0ubuntu0.12.04.1 AND Release section Ubuntu 11.10 is installed AND libnspr4-0d DPKG is earlier than 4.9.4-0ubuntu0.11.10.1 AND Release section Ubuntu 10.04 is installed AND libnspr4-0d DPKG is earlier than 4.9.4-0ubuntu0.10.04.1

Definition Id: oval:org.mitre.oval:def:18127

Oval ID:	oval:org.mitre.oval:def:18127
Title:	USN-1763-1 -- nss vulnerability
Description:	NSS could be made to expose sensitive information over the network.
Family:	unix	Class:	patch
Reference(s):	USN-1763-1 CVE-2013-1620	Version:	7
Platform(s):	Ubuntu 12.10 Ubuntu 12.04 Ubuntu 11.10 Ubuntu 10.04	Product(s):	nss
Definition Synopsis:
Release section Ubuntu 12.10 is installed AND libnss3 DPKG is earlier than 3.14.3-0ubuntu0.12.10.1 AND Release section Ubuntu 12.04 is installed AND libnss3 DPKG is earlier than 3.14.3-0ubuntu0.12.04.1 AND Release section Ubuntu 11.10 is installed AND libnss3 DPKG is earlier than 3.14.3-0ubuntu0.11.10.1 AND Release section Ubuntu 10.04 is installed AND libnss3-1d DPKG is earlier than 3.14.3-0ubuntu0.10.04.1

Definition Id: oval:org.mitre.oval:def:18149

Oval ID:	oval:org.mitre.oval:def:18149
Title:	USN-1681-3 -- firefox regression
Description:	USN-1681-1 introduced a regression in Firefox.
Family:	unix	Class:	patch
Reference(s):	USN-1681-3 CVE-2013-0769 CVE-2013-0749 CVE-2013-0770 CVE-2013-0760 CVE-2013-0761 CVE-2013-0762 CVE-2013-0763 CVE-2013-0766 CVE-2013-0767 CVE-2013-0771 CVE-2012-5829 CVE-2013-0768 CVE-2013-0759 CVE-2013-0744 CVE-2013-0764 CVE-2013-0745 CVE-2013-0746 CVE-2013-0747 CVE-2013-0748 CVE-2013-0750 CVE-2013-0752 CVE-2013-0757 CVE-2013-0758 CVE-2013-0753 CVE-2013-0754 CVE-2013-0755 CVE-2013-0756 CVE-2013-0743	Version:	7
Platform(s):	Ubuntu 12.10 Ubuntu 12.04 Ubuntu 11.10 Ubuntu 10.04	Product(s):	firefox
Definition Synopsis:
Release section Ubuntu 12.10 is installed AND firefox DPKG is earlier than 18.0.1+build1-0ubuntu0.12.10.1 AND Release section Ubuntu 12.04 is installed AND firefox DPKG is earlier than 18.0.1+build1-0ubuntu0.12.04.1 AND Release section Ubuntu 11.10 is installed AND firefox DPKG is earlier than 18.0.1+build1-0ubuntu0.11.10.1 AND Release section Ubuntu 10.04 is installed AND firefox DPKG is earlier than 18.0.1+build1-0ubuntu0.10.04.1

Definition Id: oval:org.mitre.oval:def:18249

Oval ID:	oval:org.mitre.oval:def:18249
Title:	USN-1681-1 -- firefox vulnerabilities
Description:	Several security issues were fixed in Firefox.
Family:	unix	Class:	patch
Reference(s):	USN-1681-1 CVE-2013-0769 CVE-2013-0749 CVE-2013-0770 CVE-2013-0760 CVE-2013-0761 CVE-2013-0762 CVE-2013-0763 CVE-2013-0766 CVE-2013-0767 CVE-2013-0771 CVE-2012-5829 CVE-2013-0768 CVE-2013-0759 CVE-2013-0744 CVE-2013-0764 CVE-2013-0745 CVE-2013-0746 CVE-2013-0747 CVE-2013-0748 CVE-2013-0750 CVE-2013-0752 CVE-2013-0757 CVE-2013-0758 CVE-2013-0753 CVE-2013-0754 CVE-2013-0755 CVE-2013-0756 CVE-2013-0743	Version:	7
Platform(s):	Ubuntu 12.10 Ubuntu 12.04 Ubuntu 11.10 Ubuntu 10.04	Product(s):	firefox
Definition Synopsis:
Release section Ubuntu 12.10 is installed AND firefox DPKG is earlier than 18.0+build1-0ubuntu0.12.10.3 AND Release section Ubuntu 12.04 is installed AND firefox DPKG is earlier than 18.0+build1-0ubuntu0.12.04.3 AND Release section Ubuntu 11.10 is installed AND firefox DPKG is earlier than 18.0+build1-0ubuntu0.11.10.3 AND Release section Ubuntu 10.04 is installed AND firefox DPKG is earlier than 18.0+build1-0ubuntu0.10.04.3

Definition Id: oval:org.mitre.oval:def:18290

Oval ID:	oval:org.mitre.oval:def:18290
Title:	USN-1681-4 -- firefox regression
Description:	USN-1681-1 introduced a regression in Firefox.
Family:	unix	Class:	patch
Reference(s):	USN-1681-4 CVE-2013-0769 CVE-2013-0749 CVE-2013-0770 CVE-2013-0760 CVE-2013-0761 CVE-2013-0762 CVE-2013-0763 CVE-2013-0766 CVE-2013-0767 CVE-2013-0771 CVE-2012-5829 CVE-2013-0768 CVE-2013-0759 CVE-2013-0744 CVE-2013-0764 CVE-2013-0745 CVE-2013-0746 CVE-2013-0747 CVE-2013-0748 CVE-2013-0750 CVE-2013-0752 CVE-2013-0757 CVE-2013-0758 CVE-2013-0753 CVE-2013-0754 CVE-2013-0755 CVE-2013-0756 CVE-2013-0743	Version:	7
Platform(s):	Ubuntu 12.10 Ubuntu 12.04 Ubuntu 11.10 Ubuntu 10.04	Product(s):	firefox
Definition Synopsis:
Release section Ubuntu 12.10 is installed AND firefox DPKG is earlier than 18.0.2+build1-0ubuntu0.12.10.1 AND Release section Ubuntu 12.04 is installed AND firefox DPKG is earlier than 18.0.2+build1-0ubuntu0.12.04.1 AND Release section Ubuntu 11.10 is installed AND firefox DPKG is earlier than 18.0.2+build1-0ubuntu0.11.10.1 AND Release section Ubuntu 10.04 is installed AND firefox DPKG is earlier than 18.0.2+build1-0ubuntu0.10.04.1

Definition Id: oval:org.mitre.oval:def:18302

Oval ID:	oval:org.mitre.oval:def:18302
Title:	USN-1732-1 -- openssl vulnerabilities
Description:	Several security issues were fixed in OpenSSL.
Family:	unix	Class:	patch
Reference(s):	USN-1732-1 CVE-2012-2686 CVE-2013-0166 CVE-2013-0169	Version:	7
Platform(s):	Ubuntu 12.10 Ubuntu 12.04 Ubuntu 11.10 Ubuntu 10.04 Ubuntu 8.04	Product(s):	openssl
Definition Synopsis:
Release section Ubuntu 12.10 is installed AND libssl1.0.0 DPKG is earlier than 1.0.1c-3ubuntu2.1 AND Release section Ubuntu 12.04 is installed AND libssl1.0.0 DPKG is earlier than 1.0.1-4ubuntu5.6 AND Release section Ubuntu 11.10 is installed AND libssl1.0.0 DPKG is earlier than 1.0.0e-2ubuntu4.7 AND Release section Ubuntu 10.04 is installed AND libssl0.9.8 DPKG is earlier than 0.9.8k-7ubuntu8.14 AND Release section Ubuntu 8.04 is installed AND libssl0.9.8 DPKG is earlier than 0.9.8g-4ubuntu3.20

Definition Id: oval:org.mitre.oval:def:18476

Oval ID:	oval:org.mitre.oval:def:18476
Title:	DSA-2599-1 nss - mis-issued intermediates
Description:	Google, Inc. discovered that the TurkTrust certification authority included in the Network Security Service libraries (nss) mis-issued two intermediate CAs which could be used to generate rogue end-entity certificates. This update explicitly distrusts those two intermediate CAs. The two existing TurkTrust root CAs remain active.
Family:	unix	Class:	patch
Reference(s):	DSA-2599-1 CVE-2013-0743	Version:	7
Platform(s):	Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0	Product(s):	nss
Definition Synopsis:
Debian 6.0 is installed GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND nss DPKG is earlier than 3.12.8-1+squeeze6

Definition Id: oval:org.mitre.oval:def:18565

Oval ID:	oval:org.mitre.oval:def:18565
Title:	DSA-2621-1 openssl - several vulnerabilities
Description:	Multiple vulnerabilities have been found in OpenSSL.
Family:	unix	Class:	patch
Reference(s):	DSA-2621-1 CVE-2013-0166 CVE-2013-0169	Version:	7
Platform(s):	Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0	Product(s):	openssl
Definition Synopsis:
Debian 6.0 is installed GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND openssl DPKG is earlier than 0.9.8o-4squeeze14

Definition Id: oval:org.mitre.oval:def:18841

Oval ID:	oval:org.mitre.oval:def:18841
Title:	HP-UX Running OpenSSL, Remote Denial of Service (DoS) and Unauthorized Disclosure
Description:	The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2013-0169	Version:	12
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX02856 HP Release B.11.11 AND filesets test openssl.OPENSSL-CER version is less than A.00.09.08y.001 AND openssl.OPENSSL-CONF version is less than A.00.09.08y.001 AND openssl.OPENSSL-DOC version is less than A.00.09.08y.001 AND openssl.OPENSSL-INC version is less than A.00.09.08y.001 AND openssl.OPENSSL-LIB version is less than A.00.09.08y.001 AND openssl.OPENSSL-MAN version is less than A.00.09.08y.001 AND openssl.OPENSSL-MIS version is less than A.00.09.08y.001 AND openssl.OPENSSL-PRNG version is less than A.00.09.08y.001 AND openssl.OPENSSL-PVT version is less than A.00.09.08y.001 AND openssl.OPENSSL-RUN version is less than A.00.09.08y.001 AND openssl.OPENSSL-SRC version is less than A.00.09.08y.001 OR Criteria meets HP Security Bulletin HPSBUX02856 HP Release B.11.23 AND filesets test openssl.OPENSSL-CER version is less than A.00.09.08y.002 AND openssl.OPENSSL-CONF version is less than A.00.09.08y.002 AND openssl.OPENSSL-DOC version is less than A.00.09.08y.002 AND openssl.OPENSSL-INC version is less than A.00.09.08y.002 AND openssl.OPENSSL-LIB version is less than A.00.09.08y.002 AND openssl.OPENSSL-MAN version is less than A.00.09.08y.002 AND openssl.OPENSSL-MIS version is less than A.00.09.08y.002 AND openssl.OPENSSL-PRNG version is less than A.00.09.08y.002 AND openssl.OPENSSL-PVT version is less than A.00.09.08y.002 AND openssl.OPENSSL-RUN version is less than A.00.09.08y.002 AND openssl.OPENSSL-SRC version is less than A.00.09.08y.002 OR Criteria meets HP Security Bulletin HPSBUX02856 HP-UX B.11.31 AND filesets test openssl.OPENSSL-CER version is less than A.00.09.08y.003 AND openssl.OPENSSL-CONF version is less than A.00.09.08y.003 AND openssl.OPENSSL-DOC version is less than A.00.09.08y.003 AND openssl.OPENSSL-INC version is less than A.00.09.08y.003 AND openssl.OPENSSL-LIB version is less than A.00.09.08y.003 AND openssl.OPENSSL-MAN version is less than A.00.09.08y.003 AND openssl.OPENSSL-MIS version is less than A.00.09.08y.003 AND openssl.OPENSSL-PRNG version is less than A.00.09.08y.003 AND openssl.OPENSSL-PVT version is less than A.00.09.08y.003 AND openssl.OPENSSL-RUN version is less than A.00.09.08y.003 AND openssl.OPENSSL-SRC version is less than A.00.09.08y.003

Definition Id: oval:org.mitre.oval:def:19016

Oval ID:	oval:org.mitre.oval:def:19016
Title:	OpenSSL vulnerability before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d in VisualSVN Server (CVE-2013-0169)
Description:	The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2013-0169	Version:	6
Platform(s):	Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	VisualSVN Server
Definition Synopsis:
VisualSVN Server is installed If the version of OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d in VisualSVN Server Check the version of OpenSSL in VisualSVN Server Check if OpenSSL version is greater than or equals to 0.9.8.0 in VisualSVN Server AND Check if OpenSSL version is less than or equals to 0.9.8.24 in VisualSVN Server AND Check the version of OpenSSL in VisualSVN Server Check if OpenSSL version is greater than or equals to 1.0.0.0 in VisualSVN Server AND Check if OpenSSL version is less than or equals to 1.0.0.10 in VisualSVN Server AND Check the version of OpenSSL in VisualSVN Server Check if OpenSSL version is greater than or equals to 1.0.1.0 in VisualSVN Server AND Check if OpenSSL version is less than or equals to 1.0.1.3 in VisualSVN Server AND Check if OpenSSL version is less than or equals to 0.9.6.13 in VisualSVN Server AND Check if OpenSSL version equals to 0.9.1.1 in VisualSVN Server AND Check if OpenSSL version equals to 0.9.2.2 in VisualSVN Server AND Check if OpenSSL version equals to 0.9.3.0 in VisualSVN Server AND Check if OpenSSL version equals to 0.9.3.1 in VisualSVN Server AND Check if OpenSSL version equals to 0.9.4.0 in VisualSVN Server AND Check if OpenSSL version equals to 0.9.5.0 in VisualSVN Server AND Check if OpenSSL version equals to 0.9.5.1 in VisualSVN Server

Definition Id: oval:org.mitre.oval:def:19424

Oval ID:	oval:org.mitre.oval:def:19424
Title:	HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description:	The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2013-0169	Version:	11
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
platforms HP Release B.11.23 AND HP-UX B.11.31 AND filesets test Jdk70.JDK70-COM version is less than 1.7.0.05.00 AND Jdk70.JDK70-DEMO version is less than 1.7.0.05.00 AND Jdk70.JDK70-IPF32 version is less than 1.7.0.05.00 AND Jdk70.JDK70-IPF64 version is less than 1.7.0.05.00 AND Jre70.JRE70-COM version is less than 1.7.0.05.00 AND Jre70.JRE70-IPF32 version is less than 1.7.0.05.00 AND Jre70.JRE70-IPF32-HS version is less than 1.7.0.05.00 AND Jre70.JRE70-IPF64 version is less than 1.7.0.05.00 AND Jre70.JRE70-IPF64-HS version is less than 1.7.0.05.00

Definition Id: oval:org.mitre.oval:def:19428

Oval ID:	oval:org.mitre.oval:def:19428
Title:	HP-UX Apache Web Server, Remote Denial of Service (DoS)
Description:	The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2013-0169	Version:	7
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
HP Release B.11.11 AND filesets test hpuxwsAPACHE.APACHE version is less than B.2.0.64.05 AND hpuxwsAPACHE.APACHE2 version is less than B.2.0.64.05 AND hpuxwsAPACHE.AUTH_LDAP version is less than B.2.0.64.05 AND hpuxwsAPACHE.AUTH_LDAP2 version is less than B.2.0.64.05 AND hpuxwsAPACHE.MOD_JK version is less than B.2.0.64.05 AND hpuxwsAPACHE.MOD_JK2 version is less than B.2.0.64.05 AND hpuxwsAPACHE.MOD_PERL version is less than B.2.0.64.05 AND hpuxwsAPACHE.MOD_PERL2 version is less than B.2.0.64.05 AND hpuxwsAPACHE.PHP version is less than B.2.0.64.05 AND hpuxwsAPACHE.PHP2 version is less than B.2.0.64.05 AND hpuxwsAPACHE.WEBPROXY version is less than B.2.0.64.05

Definition Id: oval:org.mitre.oval:def:19540

Oval ID:	oval:org.mitre.oval:def:19540
Title:	HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description:	The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2013-0169	Version:	12
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX02867 platforms HP Release B.11.23 AND HP-UX B.11.31 AND filesets tests Jdk15.JDK15-COM version is less than 1.5.0.28.00 AND Jdk15.JDK15-DEMO version is less than 1.5.0.28.00 AND Jdk15.JDK15-IPF32 version is less than 1.5.0.28.00 AND Jdk15.JDK15-IPF64 version is less than 1.5.0.28.00 AND Jre15.JRE15-COM version is less than 1.5.0.28.00 AND Jre15.JRE15-COM-DOC version is less than 1.5.0.28.00 AND Jre15.JRE15-IPF32 version is less than 1.5.0.28.00 AND Jre15.JRE15-IPF32-HS version is less than 1.5.0.28.00 AND Jre15.JRE15-IPF64 version is less than 1.5.0.28.00 AND Jre15.JRE15-IPF64-HS version is less than 1.5.0.28.00 OR Criteria meets HP Security Bulletin HPSBUX02867 platforms HP Release B.11.11 AND HP Release B.11.23 AND filesets tests Jdk15.JDK15-COM version is less than 1.5.0.28.00 AND Jdk15.JDK15-DEMO version is less than 1.5.0.28.00 AND Jdk15.JDK15-PA20 version is less than 1.5.0.28.00 AND Jdk15.JDK15-PA20W version is less than 1.5.0.28.00 AND Jre15.JRE15-COM version is less than 1.5.0.28.00 AND Jre15.JRE15-COM-DOC version is less than 1.5.0.28.00 AND Jre15.JRE15-PA20 version is less than 1.5.0.28.00 AND Jre15.JRE15-PA20-HS version is less than 1.5.0.28.00 AND Jre15.JRE15-PA20W version is less than 1.5.0.28.00 AND Jre15.JRE15-PA20W-HS version is less than 1.5.0.28.00

Definition Id: oval:org.mitre.oval:def:19608

Oval ID:	oval:org.mitre.oval:def:19608
Title:	Multiple OpenSSL vulnerabilities
Description:	The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2013-0169	Version:	5
Platform(s):	IBM AIX 5.3 IBM AIX 6.1 IBM AIX 7.1	Product(s):
Definition Synopsis:
Criteria meets IBM AIX Security Advisory OS check IBM AIX 5.3 is installed AND openssl.base less than or equal to 0.9.8.2400 OR OS check IBM AIX 6.1 is installed AND openssl.base less than or equal to 0.9.8.2400 OR OS check IBM AIX 7.1 is installed AND openssl.base less than or equal to 0.9.8.2400 OR Criteria meets IBM AIX Security Advisory OS check IBM AIX 5.3 is installed AND openssl-fips.base less than or equal to 12.9.8.2400 OR OS check IBM AIX 6.1 is installed AND openssl-fips.base less than or equal to 12.9.8.2400 OR OS check IBM AIX 7.1 is installed AND openssl-fips.base less than or equal to 12.9.8.2400

Definition Id: oval:org.mitre.oval:def:20786

Oval ID:	oval:org.mitre.oval:def:20786
Title:	VMware vSphere, ESX and ESXi updates to third party libraries
Description:	The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2013-0169	Version:	4
Platform(s):	VMWare ESX Server 4.1 VMWare ESX Server 4.0	Product(s):
Definition Synopsis:
Patch ESX410-201307403-SG is not installed VMware ESX Server 4.1 is installed AND Patch ESX410-201307403-SG is not installed OR Patch ESX400-201310401-SG is not installed VMware ESX Server 4.0 is installed AND Patch ESX400-201310401-SG is not installed

Definition Id: oval:org.mitre.oval:def:21079

Oval ID:	oval:org.mitre.oval:def:21079
Title:	RHSA-2013:0587: openssl security update (Moderate)
Description:	The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Family:	unix	Class:	patch
Reference(s):	RHSA-2013:0587-01 CESA-2013:0587 CVE-2012-4929 CVE-2013-0166 CVE-2013-0169	Version:	45
Platform(s):	Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6	Product(s):	openssl
Definition Synopsis:
Operation system section Redhat 6 or Centos 6 release The operating system installed on the system is Red Hat Enterprise Linux 6 AND CentOS Linux 6.x Packages section openssl-devel is earlier than 0:1.0.0-27.el6_4.2 AND openssl-static is earlier than 0:1.0.0-27.el6_4.2 AND openssl-perl is earlier than 0:1.0.0-27.el6_4.2 AND openssl is earlier than 0:1.0.0-27.el6_4.2 AND Operation system section Redhat 5 or Centos 5 release The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x Packages section openssl-devel is earlier than 0:0.9.8e-26.el5_9.1 AND openssl-perl is earlier than 0:0.9.8e-26.el5_9.1 AND openssl is earlier than 0:0.9.8e-26.el5_9.1

Definition Id: oval:org.mitre.oval:def:21084

Oval ID:	oval:org.mitre.oval:def:21084
Title:	RHSA-2013:1135: nss and nspr security, bug fix, and enhancement update (Moderate)
Description:	The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.
Family:	unix	Class:	patch
Reference(s):	RHSA-2013:1135-00 CESA-2013:1135 CVE-2013-0791 CVE-2013-1620	Version:	31
Platform(s):	Red Hat Enterprise Linux 5 CentOS Linux 5	Product(s):	nspr nss
Definition Synopsis:
Redhat 5 or Centos 5 release The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x Packages section nspr is earlier than 0:4.9.5-1.el5_9 AND nspr-devel is earlier than 0:4.9.5-1.el5_9 AND nss-pkcs11-devel is earlier than 0:3.14.3-6.el5_9 AND nss-tools is earlier than 0:3.14.3-6.el5_9 AND nss-devel is earlier than 0:3.14.3-6.el5_9 AND nss is earlier than 0:3.14.3-6.el5_9

Definition Id: oval:org.mitre.oval:def:21177

Oval ID:	oval:org.mitre.oval:def:21177
Title:	RHSA-2013:1144: nss, nss-util, nss-softokn, and nspr security update (Moderate)
Description:	The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.
Family:	unix	Class:	patch
Reference(s):	RHSA-2013:1144-00 CESA-2013:1144 CVE-2013-0791 CVE-2013-1620	Version:	31
Platform(s):	Red Hat Enterprise Linux 6 CentOS Linux 6	Product(s):	nspr nss nss-softokn nss-util
Definition Synopsis:
Redhat 6 or Centos 6 release The operating system installed on the system is Red Hat Enterprise Linux 6 AND CentOS Linux 6.x Packages section nspr is earlier than 0:4.9.5-2.el6_4 AND nspr-devel is earlier than 0:4.9.5-2.el6_4 AND nss-softokn-freebl is earlier than 0:3.14.3-3.el6_4 AND nss-softokn-freebl-devel is earlier than 0:3.14.3-3.el6_4 AND nss-softokn-devel is earlier than 0:3.14.3-3.el6_4 AND nss-softokn is earlier than 0:3.14.3-3.el6_4 AND nss-pkcs11-devel is earlier than 0:3.14.3-4.el6_4 AND nss-tools is earlier than 0:3.14.3-4.el6_4 AND nss-devel is earlier than 0:3.14.3-4.el6_4 AND nss is earlier than 0:3.14.3-4.el6_4 AND nss-sysinit is earlier than 0:3.14.3-4.el6_4 AND nss-util-devel is earlier than 0:3.14.3-3.el6_4 AND nss-util is earlier than 0:3.14.3-3.el6_4

Definition Id: oval:org.mitre.oval:def:22788

Oval ID:	oval:org.mitre.oval:def:22788
Title:	ELSA-2013:1135: nss and nspr security, bug fix, and enhancement update (Moderate)
Description:	The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.
Family:	unix	Class:	patch
Reference(s):	ELSA-2013:1135-00 CVE-2013-0791 CVE-2013-1620	Version:	13
Platform(s):	Oracle Linux 5	Product(s):	nspr nss
Definition Synopsis:
Oracle Linux 5.x rpm test nspr is earlier than 0:4.9.5-1.el5_9 AND nspr-devel is earlier than 0:4.9.5-1.el5_9 AND nss-pkcs11-devel is earlier than 0:3.14.3-6.el5_9 AND nss-tools is earlier than 0:3.14.3-6.el5_9 AND nss-devel is earlier than 0:3.14.3-6.el5_9 AND nss is earlier than 0:3.14.3-6.el5_9

Definition Id: oval:org.mitre.oval:def:23489

Oval ID:	oval:org.mitre.oval:def:23489
Title:	DEPRECATED: ELSA-2013:0587: openssl security update (Moderate)
Description:	The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Family:	unix	Class:	patch
Reference(s):	ELSA-2013:0587-01 CVE-2012-4929 CVE-2013-0166 CVE-2013-0169	Version:	18
Platform(s):	Oracle Linux 5 Oracle Linux 6	Product(s):	openssl
Definition Synopsis:
rpm test Oracle Linux 6.x AND rpm test openssl-devel is earlier than 0:1.0.0-27.el6_4.2 AND openssl-static is earlier than 0:1.0.0-27.el6_4.2 AND openssl-perl is earlier than 0:1.0.0-27.el6_4.2 AND openssl is earlier than 0:1.0.0-27.el6_4.2 OR rpm test Oracle Linux 5.x AND rpm test openssl-devel is earlier than 0:0.9.8e-26.el5_9.1 AND openssl-perl is earlier than 0:0.9.8e-26.el5_9.1 AND openssl is earlier than 0:0.9.8e-26.el5_9.1

Definition Id: oval:org.mitre.oval:def:23909

Oval ID:	oval:org.mitre.oval:def:23909
Title:	ELSA-2013:0587: openssl security update (Moderate)
Description:	The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Family:	unix	Class:	patch
Reference(s):	ELSA-2013:0587-01 CVE-2012-4929 CVE-2013-0166 CVE-2013-0169	Version:	17
Platform(s):	Oracle Linux 5 Oracle Linux 6	Product(s):	openssl
Definition Synopsis:
rpm test Oracle Linux 6.x AND rpm test openssl-devel is earlier than 0:1.0.0-27.el6_4.2 AND openssl-static is earlier than 0:1.0.0-27.el6_4.2 AND openssl-perl is earlier than 0:1.0.0-27.el6_4.2 AND openssl is earlier than 0:1.0.0-27.el6_4.2 OR rpm test Oracle Linux 5.x AND rpm test openssl-devel is earlier than 0:0.9.8e-26.el5_9.1 AND openssl-perl is earlier than 0:0.9.8e-26.el5_9.1 AND openssl is earlier than 0:0.9.8e-26.el5_9.1

Definition Id: oval:org.mitre.oval:def:24119

Oval ID:	oval:org.mitre.oval:def:24119
Title:	ELSA-2013:1144: nss, nss-util, nss-softokn, and nspr security update (Moderate)
Description:	The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.
Family:	unix	Class:	patch
Reference(s):	ELSA-2013:1144-00 CVE-2013-0791 CVE-2013-1620	Version:	13
Platform(s):	Oracle Linux 6	Product(s):	nspr nss nss-softokn nss-util
Definition Synopsis:
Oracle Linux 6.x rpm test nspr is earlier than 0:4.9.5-2.el6_4 AND nspr-devel is earlier than 0:4.9.5-2.el6_4 AND nss-softokn-freebl is earlier than 0:3.14.3-3.el6_4 AND nss-softokn-freebl-devel is earlier than 0:3.14.3-3.el6_4 AND nss-softokn-devel is earlier than 0:3.14.3-3.el6_4 AND nss-softokn is earlier than 0:3.14.3-3.el6_4 AND nss-pkcs11-devel is earlier than 0:3.14.3-4.el6_4 AND nss-tools is earlier than 0:3.14.3-4.el6_4 AND nss-devel is earlier than 0:3.14.3-4.el6_4 AND nss is earlier than 0:3.14.3-4.el6_4 AND nss-sysinit is earlier than 0:3.14.3-4.el6_4 AND nss-util-devel is earlier than 0:3.14.3-3.el6_4 AND nss-util is earlier than 0:3.14.3-3.el6_4

Definition Id: oval:org.mitre.oval:def:24405

Oval ID:	oval:org.mitre.oval:def:24405
Title:	Vulnerability in the TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products
Description:	The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2013-0169	Version:	5
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	Java Runtime Environment
Definition Synopsis:
Determine if the version of Java Runtime Environment is less than 1.4.2:update_42 and is greater than or equal to 1.4.0 Determine if the version of Java Runtime Environment is less than 1.4.2:update_42 AND Java SE Runtime Environment 4 is installed OR Determine if the version of Java Runtime Environment is less than or equal to 1.5.0:update_41 and is greater than or equal to 1.5.0 Determine if the version of Java Runtime Environment is less than 1.5.0:update_40 AND Java SE Runtime Environment 5 is installed OR Determine if the version of Java Runtime Environment is less than or equal to 1.6.0:update_39 and is greater than or equal to 1.6.0 Determine if the version of Java Runtime Environment is less than 1.6.0:update_39 AND Java SE Runtime Environment 6 is installed OR Determine if the version of Java Runtime Environment is less than or equal to 1.7.0:update_13 and is greater than or equal to 1.7.0 Determine if the version of Java Runtime Environment is less than 1.7.0:update_14 AND Java SE Runtime Environment 7 is installed

Definition Id: oval:org.mitre.oval:def:24938

Oval ID:	oval:org.mitre.oval:def:24938
Title:	OpenSSL vulnerability before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d, allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks
Description:	The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2013-0169	Version:	4
Platform(s):	Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2	Product(s):	OpenSSL
Definition Synopsis:
Check vulnerable OpenSSL Check vulnerable versions of OpenSSL Check if the version of OpenSSL 1.0.0 before 1.0.0k AND Check if the version of OpenSSL 1.0.1 before 1.0.1d AND Check if the version of OpenSSL 0.9.8 before 0.9.8y AND OpenSSL is installed OR Check vulnerable OpenSSL (32_bit) Check vulnerable versions of OpenSSL (32_bit) Check if the version of OpenSSL 1.0.0 before 1.0.0k (32_bit) AND Check if the version of OpenSSL 1.0.1 before 1.0.1d (32_bit) AND Check if the version of OpenSSL 0.9.8 before 0.9.8y (32_bit) AND OpenSSL (32_bit) is installed AND Check if the version of ssleay32.dll 1.0.0 before 1.0.0k ProgramFilesDir AND Check if the version of ssleay32.dll 1.0.0 before 1.0.0k ProgramFilesDir x86 AND Check if the version of ssleay32.dll 1.0.0 before 1.0.0k under Sytem32 and SysWOW64 AND Check if the version of ssleay32.dll 1.0.1 before 1.0.1d ProgramFilesDir AND Check if the version of ssleay32.dll 1.0.1 before 1.0.1d ProgramFilesDir x86 AND Check if the version of ssleay32.dll 1.0.1 before 1.0.1d under Sytem32 and SysWOW64 AND Check if the version of ssleay32.dll 0.9.8 before 0.9.8y ProgramFilesDir AND Check if the version of ssleay32.dll 0.9.8 before 0.9.8y ProgramFilesDir x86 AND Check if the version of ssleay32.dll 0.9.8 before 0.9.8y under Sytem32 and SysWOW64

Definition Id: oval:org.mitre.oval:def:25236

Oval ID:	oval:org.mitre.oval:def:25236
Title:	SUSE-SU-2013:0701-2 -- Security update for java-1_6_0-ibm
Description:	IBM Java 6 was updated to SR13 FP1, fixing bugs and security issues.
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2013:0701-2 CVE-2013-0485 CVE-2013-0809 CVE-2013-1493 CVE-2013-0169	Version:	3
Platform(s):	SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server 10 SUSE Linux Enterprise Desktop 10	Product(s):	java-1_6_0-ibm
Definition Synopsis:
SUSE Linux Enterprise Server 11 release section SUSE Linux Enterprise Server 11.x is installed Packages match section java-1_6_0-ibm RPM is earlier than 0:1.6.0_sr13.1-0.9.1 AND java-1_6_0-ibm-fonts RPM is earlier than 0:1.6.0_sr13.1-0.9.1 AND java-1_6_0-ibm-jdbc RPM is earlier than 0:1.6.0_sr13.1-0.9.1 AND java-1_6_0-ibm-plugin RPM is earlier than 0:1.6.0_sr13.1-0.9.1 AND java-1_6_0-ibm-alsa RPM is earlier than 0:1.6.0_sr13.1-0.9.1 AND SUSE Linux Enterprise Server 10 and SUSE Linux Enterprise Desktop 10 release section Operation system section SUSE Linux Enterprise Server 10 is installed AND SUSE Linux Enterprise Desktop 10 is installed Packages match section java-1_5_0-ibm RPM is earlier than 0:1.5.0_sr16.1-0.5.1 AND java-1_5_0-ibm-devel RPM is earlier than 0:1.5.0_sr16.1-0.5.1 AND java-1_5_0-ibm-fonts RPM is earlier than 0:1.5.0_sr16.1-0.5.1 AND java-1_5_0-ibm-32bit RPM is earlier than 0:1.5.0_sr16.1-0.5.1 AND java-1_5_0-ibm-devel-32bit RPM is earlier than 0:1.5.0_sr16.1-0.5.1 AND java-1_5_0-ibm-jdbc RPM is earlier than 0:1.5.0_sr16.1-0.5.1 AND java-1_5_0-ibm-plugin RPM is earlier than 0:1.5.0_sr16.1-0.5.1 AND java-1_5_0-ibm-alsa-32bit RPM is earlier than 0:1.5.0_sr16.1-0.5.1 AND java-1_5_0-ibm-alsa RPM is earlier than 0:1.5.0_sr16.1-0.5.1 AND SUSE Linux Enterprise Server 10 release section SUSE Linux Enterprise Server 10 is installed Packages match section java-1_6_0-ibm RPM is earlier than 0:1.6.0_sr13.1-0.14.1 AND java-1_6_0-ibm-devel RPM is earlier than 0:1.6.0_sr13.1-0.14.1 AND java-1_6_0-ibm-fonts RPM is earlier than 0:1.6.0_sr13.1-0.14.1 AND java-1_6_0-ibm-jdbc RPM is earlier than 0:1.6.0_sr13.1-0.14.1 AND java-1_6_0-ibm-plugin RPM is earlier than 0:1.6.0_sr13.1-0.14.1 AND java-1_6_0-ibm-32bit RPM is earlier than 0:1.6.0_sr13.1-0.14.1 AND java-1_6_0-ibm-devel-32bit RPM is earlier than 0:1.6.0_sr13.1-0.14.1 AND java-1_6_0-ibm-alsa-32bit RPM is earlier than 0:1.6.0_sr13.1-0.14.1 AND java-1_6_0-ibm-plugin-32bit RPM is earlier than 0:1.6.0_sr13.1-0.14.1 AND java-1_6_0-ibm-alsa RPM is earlier than 0:1.6.0_sr13.1-0.14.1 AND SUSE Linux Enterprise Desktop 10 release section SUSE Linux Enterprise Desktop 10 is installed Packages match section java-1_5_0-ibm-demo RPM is earlier than 0:1.5.0_sr16.1-0.5.1 AND java-1_5_0-ibm-src RPM is earlier than 0:1.5.0_sr16.1-0.5.1

Definition Id: oval:org.mitre.oval:def:25811

Oval ID:	oval:org.mitre.oval:def:25811
Title:	SUSE-SU-2013:0701-1 -- Security update for java-1_7_0-ibm
Description:	IBM Java 7 was updated to SR4-FP1, fixing bugs and security issues.
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2013:0701-1 CVE-2013-0485 CVE-2013-0809 CVE-2013-1493 CVE-2013-0169	Version:	3
Platform(s):	SUSE Linux Enterprise Server 11	Product(s):	java-1_7_0-ibm
Definition Synopsis:
SUSE Linux Enterprise Server 11.x is installed Packages match section java-1_7_0-ibm RPM is earlier than 0:1.7.0_sr4.1-0.5.1 AND java-1_7_0-ibm-jdbc RPM is earlier than 0:1.7.0_sr4.1-0.5.1 AND java-1_7_0-ibm-plugin RPM is earlier than 0:1.7.0_sr4.1-0.5.1 AND java-1_7_0-ibm-alsa RPM is earlier than 0:1.7.0_sr4.1-0.5.1

Definition Id: oval:org.mitre.oval:def:25815

Oval ID:	oval:org.mitre.oval:def:25815
Title:	SUSE-SU-2013:0306-1 -- Security update for Mozilla Firefox
Description:	Mozilla Firefox is updated to the 10.0.12ESR version. This is a roll-up update for LTSS. It fixes a lot of security issues and bugs.
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2013:0306-1 CVE-2013-0769 CVE-2013-0749 CVE-2013-0770 CVE-2013-0760 CVE-2013-0762 CVE-2013-0766 CVE-2013-0763 CVE-2013-0771 CVE-2012-5829 CVE-2013-0768 CVE-2013-0759 CVE-2013-0744 CVE-2013-0751 CVE-2013-0764 CVE-2013-0745 CVE-2013-0746 CVE-2013-0747 CVE-2013-0748 CVE-2013-0750 CVE-2013-0752 CVE-2013-0757 CVE-2013-0758 CVE-2013-0753 CVE-2013-0754 CVE-2013-0755 CVE-2013-0756 CVE-2013-0743	Version:	5
Platform(s):	SUSE Linux Enterprise Server 10	Product(s):	Mozilla Firefox
Definition Synopsis:
SUSE Linux Enterprise Server 10 is installed Packages match section firefox3-cairo RPM is earlier than 0:1.2.4-0.8.5 AND firefox3-gtk2 RPM is earlier than 0:2.10.6-0.12.21 AND firefox3-pango RPM is earlier than 0:1.14.5-0.12.178 AND mozilla-nspr RPM is earlier than 0:4.9.4-0.6.1 AND mozilla-nspr-devel RPM is earlier than 0:4.9.4-0.6.1 AND mozilla-nss RPM is earlier than 0:3.14.1-0.6.1 AND mozilla-nss-devel RPM is earlier than 0:3.14.1-0.6.1 AND mozilla-nss-tools RPM is earlier than 0:3.14.1-0.6.1 AND firefox3-cairo-32bit RPM is earlier than 0:1.2.4-0.8.5 AND firefox3-gtk2-32bit RPM is earlier than 0:2.10.6-0.12.21 AND firefox3-pango-32bit RPM is earlier than 0:1.14.5-0.12.178 AND mozilla-nspr-32bit RPM is earlier than 0:4.9.4-0.6.1 AND mozilla-nss-32bit RPM is earlier than 0:3.14.1-0.6.1 AND MozillaFirefox RPM is earlier than 0:10.0.12-0.6.3 AND MozillaFirefox-branding-SLED RPM is earlier than 0:7-0.8.46 AND MozillaFirefox-translations RPM is earlier than 0:10.0.12-0.6.3

Definition Id: oval:org.mitre.oval:def:26135

Oval ID:	oval:org.mitre.oval:def:26135
Title:	SUSE-SU-2013:0292-1 -- Security update for MozillaFirefox
Description:	Mozilla Firefox was updated to the 10.0.12ESR release for LTSS.
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2013:0292-1 CVE-2013-0769 CVE-2013-0749 CVE-2013-0770 CVE-2013-0760 CVE-2013-0762 CVE-2013-0766 CVE-2013-0767 CVE-2013-0761 CVE-2013-0763 CVE-2013-0771 CVE-2012-5829 CVE-2013-0768 CVE-2013-0759 CVE-2013-0744 CVE-2013-0751 CVE-2013-0764 CVE-2013-0745 CVE-2013-0746 CVE-2013-0747 CVE-2013-0748 CVE-2013-0750 CVE-2013-0752 CVE-2013-0757 CVE-2013-0758 CVE-2013-0753 CVE-2013-0754 CVE-2013-0755 CVE-2013-0756 CVE-2013-0743	Version:	5
Platform(s):	SUSE Linux Enterprise Server 11	Product(s):	MozillaFirefox
Definition Synopsis:
SUSE Linux Enterprise Server 11.x is installed Packages match section MozillaFirefox RPM is earlier than 0:10.0.12-0.4.3 AND MozillaFirefox-branding-SLED RPM is earlier than 0:7-0.6.7.103 AND MozillaFirefox-translations RPM is earlier than 0:10.0.12-0.4.3 AND libfreebl3 RPM is earlier than 0:3.14.1-0.3.1 AND mozilla-nspr RPM is earlier than 0:4.9.4-0.3.1 AND mozilla-nss RPM is earlier than 0:3.14.1-0.3.1 AND mozilla-nss-tools RPM is earlier than 0:3.14.1-0.3.1 AND libfreebl3-32bit RPM is earlier than 0:3.14.1-0.3.1 AND mozilla-nspr-32bit RPM is earlier than 0:4.9.4-0.3.1 AND mozilla-nss-32bit RPM is earlier than 0:3.14.1-0.3.1

Definition Id: oval:org.mitre.oval:def:26214

Oval ID:	oval:org.mitre.oval:def:26214
Title:	SUSE-SU-2013:0328-1 -- Security update for Java
Description:	java-1_6_0-openjdk has been updated to IcedTea 1.12.3 (bnc#804654) which contains security and bugfixes: * Security fixes o S8006446: Restrict MBeanServer access (CVE-2013-1486) o S8006777: Improve TLS handling of invalid messages Lucky 13 (CVE-2013-0169) o S8007688: Blacklist known bad certificate (issued by DigiCert) * Backports o S8007393: Possible race condition after JDK-6664509 o S8007611: logging behavior in applet changed * Bug fixes o PR1319: Support GIF lib v5.
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2013:0328-1 CVE-2013-1486 CVE-2013-0169	Version:	3
Platform(s):	SUSE Linux Enterprise Desktop 11	Product(s):	Java
Definition Synopsis:
SUSE Linux Enterprise Desktop 11.x is installed Packages match section java-1_6_0-openjdk RPM is earlier than 0:1.6.0.0_b27.1.12.3-0.2.1 AND java-1_6_0-openjdk-demo RPM is earlier than 0:1.6.0.0_b27.1.12.3-0.2.1 AND java-1_6_0-openjdk-devel RPM is earlier than 0:1.6.0.0_b27.1.12.3-0.2.1

Definition Id: oval:org.mitre.oval:def:27269

Oval ID:	oval:org.mitre.oval:def:27269
Title:	DEPRECATED: ELSA-2013-1144 -- nss, nss-util, nss-softokn, and nspr security update (moderate)
Description:	It was discovered that NSS leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2013-1620) An out-of-bounds memory read flaw was found in the way NSS decoded certain certificates. If an application using NSS decoded a malformed certificate, it could cause the application to crash. (CVE-2013-0791)
Family:	unix	Class:	patch
Reference(s):	ELSA-2013-1144 CVE-2013-0791 CVE-2013-1620	Version:	4
Platform(s):	Oracle Linux 6	Product(s):	nspr nss nss-softokn nss-util
Definition Synopsis:
Oracle Linux 6.x Packages match section nspr is earlier than 0:4.9.5-2.el6_4 AND nss is earlier than 0:3.14.3-4.0.1.el6_4 AND nss-softokn is earlier than 0:3.14.3-3.el6_4 AND nss-util is earlier than 0:3.14.3-3.el6_4 AND nspr-devel is earlier than 0:4.9.5-2.el6_4 AND nss-devel is earlier than 0:3.14.3-4.0.1.el6_4 AND nss-pkcs11-devel is earlier than 0:3.14.3-4.0.1.el6_4 AND nss-softokn-devel is earlier than 0:3.14.3-3.el6_4 AND nss-softokn-freebl is earlier than 0:3.14.3-3.el6_4 AND nss-softokn-freebl-devel is earlier than 0:3.14.3-3.el6_4 AND nss-sysinit is earlier than 0:3.14.3-4.0.1.el6_4 AND nss-tools is earlier than 0:3.14.3-4.0.1.el6_4 AND nss-util-devel is earlier than 0:3.14.3-3.el6_4

Definition Id: oval:org.mitre.oval:def:27513

Oval ID:	oval:org.mitre.oval:def:27513
Title:	DEPRECATED: ELSA-2013-1135 -- nss and nspr security, bug fix, and enhancement update (moderate)
Description:	nspr [4.9.2-4] - Resolves: rhbz#924741 - Rebase to nspr-4.9.5 nss [3.14.3-6] - Resolves: rhbz#986969 - nssutil_ReadSecmodDB() leaks memory [3.14.3-5] - Define -DNO_FORK_CHECK when compiling softoken for ABI compatibility - Remove the unused and obsolete nss-nochktest.patch - Resolves: rhbz#949845 - [RFE][RHEL5] Rebase to nss-3.14.3 to fix the lucky-13 issue [3.14.3-4] - Fix rpmdiff test reported failures and remove other unwanted changes - Resolves: rhbz#949845 - [RFE][RHEL5] Rebase to nss-3.14.3 to fix the lucky-13 issue [3.14.3-3] - Update to NSS_3_14_3_RTM - Rework the rebase to preserve needed idiosynchracies - Ensure we install frebl/softoken from the extra build tree - Don't include freebl static library or its private headers - Add patch to deal with system sqlite not being recent enough - Don't install nss-sysinit nor sharedb - Resolves: rhbz#949845 - [RFE][RHEL5] Rebase to nss-3.14.3 to fix the lucky-13 issue [3.14.3-2] - Restore the freebl-softoken source tar ball updated to 3.14.3 - Renumbering of some sources for clarity - Resolves: rhbz#918870 - [RFE][RHEL5] Rebase to nss-3.14.3 to fix the lucky-13 issue [3.14.3-1] - Update to NSS_3_14_3_RTM - Resolves: rhbz#918870 - [RFE][RHEL5] Rebase to nss-3.14.3 to fix the lucky-13 issue
Family:	unix	Class:	patch
Reference(s):	ELSA-2013-1135 CVE-2013-0791 CVE-2013-1620	Version:	4
Platform(s):	Oracle Linux 5	Product(s):	nspr nss
Definition Synopsis:
Oracle Linux 5.x Packages match section nspr is earlier than 0:4.9.5-1.el5_9 AND nss is earlier than 0:3.14.3-6.el5_9 AND nspr-devel is earlier than 0:4.9.5-1.el5_9 AND nss-devel is earlier than 0:3.14.3-6.el5_9 AND nss-pkcs11-devel is earlier than 0:3.14.3-6.el5_9 AND nss-tools is earlier than 0:3.14.3-6.el5_9

Definition Id: oval:org.mitre.oval:def:27551

Oval ID:	oval:org.mitre.oval:def:27551
Title:	DEPRECATED: ELSA-2013-0275 -- java-1.7.0-openjdk security update (important)
Description:	[1.7.0.9-2.3.7.1.0.2.el6_3] - Increase release number and rebuild. [1.7.0.9-2.3.7.1.0.1.el6_3] - Update DISTRO_NAME in specfile [1.7.0.9-2.3.7.1.el6_3] - Updated main source tarball - Resolves: rhbz#911529 [1.7.0.9-2.3.7.0.el6_3] - Removed patch1000 sec-2013-02-01-8005615.patch - Removed patch1001 sec-2013-02-01-8005615-sync_with_jdk7u.patch - Removed patch1010 sec-2013-02-01-7201064.patch - Removed testing - mauve was outdated and - jtreg was icedtea relict - Updated to icedtea 2.3.7 - Added java -Xshare:dump to post (see 513605) fo jitarchs - Resolves: rhbz#911529
Family:	unix	Class:	patch
Reference(s):	ELSA-2013-0275 CVE-2013-1485 CVE-2013-1484 CVE-2013-1486 CVE-2013-0169	Version:	4
Platform(s):	Oracle Linux 5 Oracle Linux 6	Product(s):	java-1.7.0-openjdk
Definition Synopsis:
Oracle Linux 5 release section Oracle Linux 5.x Packages match section java-1.7.0-openjdk is earlier than 0:1.7.0.9-2.3.7.1.0.1.el5_9 AND java-1.7.0-openjdk-demo is earlier than 0:1.7.0.9-2.3.7.1.0.1.el5_9 AND java-1.7.0-openjdk-devel is earlier than 0:1.7.0.9-2.3.7.1.0.1.el5_9 AND java-1.7.0-openjdk-javadoc is earlier than 0:1.7.0.9-2.3.7.1.0.1.el5_9 AND java-1.7.0-openjdk-src is earlier than 0:1.7.0.9-2.3.7.1.0.1.el5_9 AND Oracle Linux 6 release section Oracle Linux 6.x Packages match section java-1.7.0-openjdk is earlier than 0:1.7.0.9-2.3.7.1.0.2.el6_3 AND java-1.7.0-openjdk-demo is earlier than 0:1.7.0.9-2.3.7.1.0.2.el6_3 AND java-1.7.0-openjdk-devel is earlier than 0:1.7.0.9-2.3.7.1.0.2.el6_3 AND java-1.7.0-openjdk-javadoc is earlier than 0:1.7.0.9-2.3.7.1.0.2.el6_3 AND java-1.7.0-openjdk-src is earlier than 0:1.7.0.9-2.3.7.1.0.2.el6_3

Definition Id: oval:org.mitre.oval:def:27605

Oval ID:	oval:org.mitre.oval:def:27605
Title:	DEPRECATED: ELSA-2013-0587 -- openssl security update (moderate)
Description:	[1.0.0-27.2] - fix for CVE-2013-0169 - SSL/TLS CBC timing attack (#907589) - fix for CVE-2013-0166 - DoS in OCSP signatures checking (#908052) - enable compression only if explicitly asked for or OPENSSL_DEFAULT_ZLIB environment variable is set (fixes CVE-2012-4929 #857051) - use __secure_getenv() everywhere instead of getenv() (#839735)
Family:	unix	Class:	patch
Reference(s):	ELSA-2013-0587 CVE-2013-0166 CVE-2012-4929 CVE-2013-0169	Version:	4
Platform(s):	Oracle Linux 5 Oracle Linux 6	Product(s):	openssl
Definition Synopsis:
Oracle Linux 5 release section Oracle Linux 5.x Packages match section openssl is earlier than 0:0.9.8e-26.el5_9.1 AND openssl-devel is earlier than 0:0.9.8e-26.el5_9.1 AND openssl-perl is earlier than 0:0.9.8e-26.el5_9.1 AND Oracle Linux 6 release section Oracle Linux 6.x Packages match section openssl is earlier than 0:1.0.0-27.el6_4.2 AND openssl-devel is earlier than 0:1.0.0-27.el6_4.2 AND openssl-perl is earlier than 0:1.0.0-27.el6_4.2 AND openssl-static is earlier than 0:1.0.0-27.el6_4.2

CPE : Common Platform Enumeration

Type	Description	Count
Application	Mozilla Network Security Services cpe:2.3:a:mozilla:network_security_services:3.9.5:::::::* cpe:2.3:a:mozilla:network_security_services:3.9.4:::::::* cpe:2.3:a:mozilla:network_security_services:3.9.3:::::::* cpe:2.3:a:mozilla:network_security_services:3.9.2:::::::* cpe:2.3:a:mozilla:network_security_services:3.9.1:::::::* cpe:2.3:a:mozilla:network_security_services:3.9:::::::* cpe:2.3:a:mozilla:network_security_services:3.8:::::::* cpe:2.3:a:mozilla:network_security_services:3.7.7:::::::* cpe:2.3:a:mozilla:network_security_services:3.7.5:::::::* cpe:2.3:a:mozilla:network_security_services:3.7.3:::::::* cpe:2.3:a:mozilla:network_security_services:3.7.2:::::::* cpe:2.3:a:mozilla:network_security_services:3.7.1:::::::* cpe:2.3:a:mozilla:network_security_services:3.7:::::::* cpe:2.3:a:mozilla:network_security_services:3.6.1:::::::* cpe:2.3:a:mozilla:network_security_services:3.6:::::::* cpe:2.3:a:mozilla:network_security_services:3.5:::::::* cpe:2.3:a:mozilla:network_security_services:3.4.3:::::::* cpe:2.3:a:mozilla:network_security_services:3.4.2:::::::* cpe:2.3:a:mozilla:network_security_services:3.4.1:::::::* cpe:2.3:a:mozilla:network_security_services:3.4:::::::* cpe:2.3:a:mozilla:network_security_services:3.3.2:::::::* cpe:2.3:a:mozilla:network_security_services:3.3.1:::::::* cpe:2.3:a:mozilla:network_security_services:3.3:::::::* cpe:2.3:a:mozilla:network_security_services:3.2.1:::::::* cpe:2.3:a:mozilla:network_security_services:3.2:::::::* cpe:2.3:a:mozilla:network_security_services:3.14.2:::::::* cpe:2.3:a:mozilla:network_security_services:3.14.1:::::::* cpe:2.3:a:mozilla:network_security_services:3.14:::::::* cpe:2.3:a:mozilla:network_security_services:3.12.9:::::::* cpe:2.3:a:mozilla:network_security_services:3.12.8:::::::* cpe:2.3:a:mozilla:network_security_services:3.12.7:::::::* cpe:2.3:a:mozilla:network_security_services:3.12.6:::::::* cpe:2.3:a:mozilla:network_security_services:3.12.5:::::::* cpe:2.3:a:mozilla:network_security_services:3.12.4:::::::* cpe:2.3:a:mozilla:network_security_services:3.12.3.2:::::::* cpe:2.3:a:mozilla:network_security_services:3.12.3.1:::::::* cpe:2.3:a:mozilla:network_security_services:3.12.3:::::::* cpe:2.3:a:mozilla:network_security_services:3.12.2:::::::* cpe:2.3:a:mozilla:network_security_services:3.12.11:::::::* cpe:2.3:a:mozilla:network_security_services:3.12.10:::::::* cpe:2.3:a:mozilla:network_security_services:3.12.1:::::::* cpe:2.3:a:mozilla:network_security_services:3.12:::::::* cpe:2.3:a:mozilla:network_security_services:3.11.9:::::::* cpe:2.3:a:mozilla:network_security_services:3.11.8:::::::* cpe:2.3:a:mozilla:network_security_services:3.11.7:::::::* cpe:2.3:a:mozilla:network_security_services:3.11.6:::::::* cpe:2.3:a:mozilla:network_security_services:3.11.5:::::::* cpe:2.3:a:mozilla:network_security_services:3.11.4:::::::* cpe:2.3:a:mozilla:network_security_services:3.11.3:::::::* cpe:2.3:a:mozilla:network_security_services:3.11.2:::::::* cpe:2.3:a:mozilla:network_security_services:3.11.10:::::::* cpe:2.3:a:mozilla:network_security_services:3.11.1:::::::* cpe:2.3:a:mozilla:network_security_services:3.11:::::::* cpe:2.3:a:mozilla:network_security_services:3.10.2:::::::* cpe:2.3:a:mozilla:network_security_services:3.10.1:::::::* cpe:2.3:a:mozilla:network_security_services:3.10:::::::* cpe:2.3:a:mozilla:network_security_services:3.1.1:::::::* cpe:2.3:a:mozilla:network_security_services:3.1:::::::* cpe:2.3:a:mozilla:network_security_services:::::::: cpe:2.3:a:mozilla:network_security_services:-:::::::*	60
Application	Openssl cpe:2.3:a:openssl:openssl:1.0.1u:::::::* cpe:2.3:a:openssl:openssl:1.0.1t:::::::* cpe:2.3:a:openssl:openssl:1.0.1s:::::::* cpe:2.3:a:openssl:openssl:1.0.1r:::::::* cpe:2.3:a:openssl:openssl:1.0.1q:::::::* cpe:2.3:a:openssl:openssl:1.0.1o:::::::* cpe:2.3:a:openssl:openssl:1.0.1n:::::::* cpe:2.3:a:openssl:openssl:1.0.1m:::::::* cpe:2.3:a:openssl:openssl:1.0.1l:::::::* cpe:2.3:a:openssl:openssl:1.0.1k:::::::* cpe:2.3:a:openssl:openssl:1.0.1j:::::::* cpe:2.3:a:openssl:openssl:1.0.1i:::::::* cpe:2.3:a:openssl:openssl:1.0.1h:::::::* cpe:2.3:a:openssl:openssl:1.0.1g:::::::* cpe:2.3:a:openssl:openssl:1.0.1f:::::::* cpe:2.3:a:openssl:openssl:1.0.1e:::::::* cpe:2.3:a:openssl:openssl:1.0.1d:::::::* cpe:2.3:a:openssl:openssl:1.0.1c:::::::* cpe:2.3:a:openssl:openssl:1.0.0s:::::::* cpe:2.3:a:openssl:openssl:1.0.0r:::::::* cpe:2.3:a:openssl:openssl:1.0.0q:::::::* cpe:2.3:a:openssl:openssl:1.0.0p:::::::* cpe:2.3:a:openssl:openssl:1.0.0o:::::::* cpe:2.3:a:openssl:openssl:1.0.0n:::::::* cpe:2.3:a:openssl:openssl:1.0.0m:::::::* cpe:2.3:a:openssl:openssl:1.0.0l:::::::* cpe:2.3:a:openssl:openssl:1.0.0k:::::::* cpe:2.3:a:openssl:openssl:1.0.0j:::::::* cpe:2.3:a:openssl:openssl:1.0.0i:::::::* cpe:2.3:a:openssl:openssl:1.0.0h:::::::* cpe:2.3:a:openssl:openssl:1.0.0g:::::::* cpe:2.3:a:openssl:openssl:1.0.0f:::::::* cpe:2.3:a:openssl:openssl:1.0.0e:::::::* cpe:2.3:a:openssl:openssl:1.0.0d:::::::* cpe:2.3:a:openssl:openssl:1.0.0c:::::::* cpe:2.3:a:openssl:openssl:1.0.0b:::::::* cpe:2.3:a:openssl:openssl:1.0.0a:::::::* cpe:2.3:a:openssl:openssl:1.0.0:beta3:::::: cpe:2.3:a:openssl:openssl:1.0.0:beta2:::::: cpe:2.3:a:openssl:openssl:1.0.0:beta5:::::: cpe:2.3:a:openssl:openssl:1.0.0:beta4:::::: cpe:2.3:a:openssl:openssl:1.0.0:beta1:::::: cpe:2.3:a:openssl:openssl:1.0.0:-:::::: cpe:2.3:a:openssl:openssl:1.0::openvms::::: cpe:2.3:a:openssl:openssl:0.9.8zg:::::::* cpe:2.3:a:openssl:openssl:0.9.8zf:::::::* cpe:2.3:a:openssl:openssl:0.9.8ze:::::::* cpe:2.3:a:openssl:openssl:0.9.8zc:::::::* cpe:2.3:a:openssl:openssl:0.9.8zb:::::::* cpe:2.3:a:openssl:openssl:0.9.8za:::::::* cpe:2.3:a:openssl:openssl:0.9.8z:::::::* cpe:2.3:a:openssl:openssl:0.9.8y:::::::* cpe:2.3:a:openssl:openssl:0.9.8x:::::::* cpe:2.3:a:openssl:openssl:0.9.8w:::::::* cpe:2.3:a:openssl:openssl:0.9.8v:::::::* cpe:2.3:a:openssl:openssl:0.9.8u:::::::* cpe:2.3:a:openssl:openssl:0.9.8t:::::::* cpe:2.3:a:openssl:openssl:0.9.8s:::::::* cpe:2.3:a:openssl:openssl:0.9.8r:::::::* cpe:2.3:a:openssl:openssl:0.9.8q:::::::* cpe:2.3:a:openssl:openssl:0.9.8p:::::::* cpe:2.3:a:openssl:openssl:0.9.8o:::::::* cpe:2.3:a:openssl:openssl:0.9.8n:::::::* cpe:2.3:a:openssl:openssl:0.9.8m:-:::::: cpe:2.3:a:openssl:openssl:0.9.8m:beta1:::::: cpe:2.3:a:openssl:openssl:0.9.8l:::::::* cpe:2.3:a:openssl:openssl:0.9.8k:::::::* cpe:2.3:a:openssl:openssl:0.9.8j:::::::* cpe:2.3:a:openssl:openssl:0.9.8i:::::::* cpe:2.3:a:openssl:openssl:0.9.8h:::::::* cpe:2.3:a:openssl:openssl:0.9.8g-9:::::::* cpe:2.3:a:openssl:openssl:0.9.8g:::::::* cpe:2.3:a:openssl:openssl:0.9.8g::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.8g::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.8f:::::::* cpe:2.3:a:openssl:openssl:0.9.8f::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.8f::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.8f::::::x86: cpe:2.3:a:openssl:openssl:0.9.8e:::::::* cpe:2.3:a:openssl:openssl:0.9.8e::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.8e::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.8e::::::x86: cpe:2.3:a:openssl:openssl:0.9.8d:::::::* cpe:2.3:a:openssl:openssl:0.9.8d::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.8d::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.8d::::::x86: cpe:2.3:a:openssl:openssl:0.9.8c-1:::::::* cpe:2.3:a:openssl:openssl:0.9.8c:::::::* cpe:2.3:a:openssl:openssl:0.9.8c::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.8c::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.8c::::::x86: cpe:2.3:a:openssl:openssl:0.9.8b:::::::* cpe:2.3:a:openssl:openssl:0.9.8b::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.8b::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.8b::::::x86: cpe:2.3:a:openssl:openssl:0.9.8a:::::::* cpe:2.3:a:openssl:openssl:0.9.8a::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.8a::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.8a::::::x86: cpe:2.3:a:openssl:openssl:0.9.8:-:::::: cpe:2.3:a:openssl:openssl:0.9.8::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.8::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.8:beta1:::::: cpe:2.3:a:openssl:openssl:0.9.8:beta2:::::: cpe:2.3:a:openssl:openssl:0.9.8:beta3:::::: cpe:2.3:a:openssl:openssl:0.9.8:beta4:::::: cpe:2.3:a:openssl:openssl:0.9.8:beta5:::::: cpe:2.3:a:openssl:openssl:0.9.8:beta6:::::: cpe:2.3:a:openssl:openssl:0.9.8::::::x86: cpe:2.3:a:openssl:openssl:0.9.7m:::::::* cpe:2.3:a:openssl:openssl:0.9.7m::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7m::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7m::::::x86: cpe:2.3:a:openssl:openssl:0.9.7l:::::::* cpe:2.3:a:openssl:openssl:0.9.7l::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7l::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7l::::::x86: cpe:2.3:a:openssl:openssl:0.9.7k:::::::* cpe:2.3:a:openssl:openssl:0.9.7k::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7k::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7k::::::x86: cpe:2.3:a:openssl:openssl:0.9.7j:::::::* cpe:2.3:a:openssl:openssl:0.9.7j::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7j::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7j::::::x86: cpe:2.3:a:openssl:openssl:0.9.7i:::::::* cpe:2.3:a:openssl:openssl:0.9.7i::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7i::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7i::::::x86: cpe:2.3:a:openssl:openssl:0.9.7h:::::::* cpe:2.3:a:openssl:openssl:0.9.7h::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7h::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7h::::::x86: cpe:2.3:a:openssl:openssl:0.9.7g:::::::* cpe:2.3:a:openssl:openssl:0.9.7g::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7g::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7g::::::x86: cpe:2.3:a:openssl:openssl:0.9.7f:::::::* cpe:2.3:a:openssl:openssl:0.9.7f::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7f::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7f::::::x86: cpe:2.3:a:openssl:openssl:0.9.7e:::::::* cpe:2.3:a:openssl:openssl:0.9.7e::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7e::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7e::::::x86: cpe:2.3:a:openssl:openssl:0.9.7d:::::::* cpe:2.3:a:openssl:openssl:0.9.7d::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7d::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7d::::::x86: cpe:2.3:a:openssl:openssl:0.9.7c:::::::* cpe:2.3:a:openssl:openssl:0.9.7c::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7c::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7c::::::x86: cpe:2.3:a:openssl:openssl:0.9.7b:::::::* cpe:2.3:a:openssl:openssl:0.9.7b::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7b::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7b::::::x86: cpe:2.3:a:openssl:openssl:0.9.7a:::::::* cpe:2.3:a:openssl:openssl:0.9.7a::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7a::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7a::::::x86: cpe:2.3:a:openssl:openssl:0.9.7:beta3:::::: cpe:2.3:a:openssl:openssl:0.9.7:beta1:::::: cpe:2.3:a:openssl:openssl:0.9.7:-:::::: cpe:2.3:a:openssl:openssl:0.9.7:beta5:::::: cpe:2.3:a:openssl:openssl:0.9.7:beta6:::::: cpe:2.3:a:openssl:openssl:0.9.7:beta4:::::: cpe:2.3:a:openssl:openssl:0.9.7:beta2:::::: cpe:2.3:a:openssl:openssl:0.9.7:beta2:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.7:beta4:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.7:beta1:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.7:beta5:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.7:beta3:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.7::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7:beta6:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.7:beta5:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.7:beta4:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.7:beta6:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.7:beta1:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.7:beta3:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.7:beta2:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.7::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7::::::x86: cpe:2.3:a:openssl:openssl:0.9.7:beta1:::::x86:* cpe:2.3:a:openssl:openssl:0.9.7:beta2:::::x86:* cpe:2.3:a:openssl:openssl:0.9.7:beta3:::::x86:* cpe:2.3:a:openssl:openssl:0.9.7:beta4:::::x86:* cpe:2.3:a:openssl:openssl:0.9.7:beta5:::::x86:* cpe:2.3:a:openssl:openssl:0.9.7:beta6:::::x86:* cpe:2.3:a:openssl:openssl:0.9.6m:::::::* cpe:2.3:a:openssl:openssl:0.9.6m::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6m::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6m::::::x86: cpe:2.3:a:openssl:openssl:0.9.6l:::::::* cpe:2.3:a:openssl:openssl:0.9.6l::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6l::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6l::::::x86: cpe:2.3:a:openssl:openssl:0.9.6k:::::::* cpe:2.3:a:openssl:openssl:0.9.6k::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6k::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6k::::::x86: cpe:2.3:a:openssl:openssl:0.9.6j:::::::* cpe:2.3:a:openssl:openssl:0.9.6j::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6j::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6j::::::x86: cpe:2.3:a:openssl:openssl:0.9.6i:::::::* cpe:2.3:a:openssl:openssl:0.9.6i::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6i::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6i::::::x86: cpe:2.3:a:openssl:openssl:0.9.6h:::::::* cpe:2.3:a:openssl:openssl:0.9.6h:bogus:::::: cpe:2.3:a:openssl:openssl:0.9.6h::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6h::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6h::::::x86: cpe:2.3:a:openssl:openssl:0.9.6g:::::::* cpe:2.3:a:openssl:openssl:0.9.6g::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6g::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6g::::::x86: cpe:2.3:a:openssl:openssl:0.9.6f:::::::* cpe:2.3:a:openssl:openssl:0.9.6f::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6f::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6f::::::x86: cpe:2.3:a:openssl:openssl:0.9.6e:::::::* cpe:2.3:a:openssl:openssl:0.9.6e::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6e::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6e::::::x86: cpe:2.3:a:openssl:openssl:0.9.6d:-:::::: cpe:2.3:a:openssl:openssl:0.9.6d::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6d::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6d::::::x86: cpe:2.3:a:openssl:openssl:0.9.6c:::::::* cpe:2.3:a:openssl:openssl:0.9.6c::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6c::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6c::::::x86: cpe:2.3:a:openssl:openssl:0.9.6b:::::::* cpe:2.3:a:openssl:openssl:0.9.6b::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6b::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6b::::::x86: cpe:2.3:a:openssl:openssl:0.9.6a:-:::::: cpe:2.3:a:openssl:openssl:0.9.6a:beta2:::::: cpe:2.3:a:openssl:openssl:0.9.6a:beta1:::::: cpe:2.3:a:openssl:openssl:0.9.6a:beta3:::::: cpe:2.3:a:openssl:openssl:0.9.6a:beta2:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.6a::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6a:beta3:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.6a:beta1:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.6a:beta1:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.6a:beta2:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.6a:beta3:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.6a::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6a::::::x86: cpe:2.3:a:openssl:openssl:0.9.6a:beta1:::::x86:* cpe:2.3:a:openssl:openssl:0.9.6a:beta2:::::x86:* cpe:2.3:a:openssl:openssl:0.9.6a:beta3:::::x86:* cpe:2.3:a:openssl:openssl:0.9.6:beta2:::::: cpe:2.3:a:openssl:openssl:0.9.6:-:::::: cpe:2.3:a:openssl:openssl:0.9.6:beta3:::::: cpe:2.3:a:openssl:openssl:0.9.6:beta1:::::: cpe:2.3:a:openssl:openssl:0.9.6:beta2:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.6::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6:beta1:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.6:beta3:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.6:beta1:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.6:beta3:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.6:beta2:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.6::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6::::::x86: cpe:2.3:a:openssl:openssl:0.9.6:beta1:::::x86:* cpe:2.3:a:openssl:openssl:0.9.6:beta2:::::x86:* cpe:2.3:a:openssl:openssl:0.9.6:beta3:::::x86:* cpe:2.3:a:openssl:openssl:0.9.5a:beta2:::::: cpe:2.3:a:openssl:openssl:0.9.5a:beta1:::::: cpe:2.3:a:openssl:openssl:0.9.5a:-:::::: cpe:2.3:a:openssl:openssl:0.9.5a:beta2:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.5a::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.5a:beta1:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.5a::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.5a:beta1:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.5a:beta2:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.5a::::::x86: cpe:2.3:a:openssl:openssl:0.9.5a:beta1:::::x86:* cpe:2.3:a:openssl:openssl:0.9.5a:beta2:::::x86:* cpe:2.3:a:openssl:openssl:0.9.5:beta1:::::: cpe:2.3:a:openssl:openssl:0.9.5:-:::::: cpe:2.3:a:openssl:openssl:0.9.5:beta2:::::: cpe:2.3:a:openssl:openssl:0.9.5:beta2:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.5:beta1:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.5::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.5:beta1:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.5:beta2:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.5::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.5::::::x86: cpe:2.3:a:openssl:openssl:0.9.5:beta1:::::x86:* cpe:2.3:a:openssl:openssl:0.9.5:beta2:::::x86:* cpe:2.3:a:openssl:openssl:0.9.4:::::::* cpe:2.3:a:openssl:openssl:0.9.4::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.4::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.4::::::x86: cpe:2.3:a:openssl:openssl:0.9.3a:::::::* cpe:2.3:a:openssl:openssl:0.9.3a::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.3a::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.3a::::::x86: cpe:2.3:a:openssl:openssl:0.9.3:-:::::: cpe:2.3:a:openssl:openssl:0.9.3::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.3::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.3::::::x86: cpe:2.3:a:openssl:openssl:0.9.2b:::::::* cpe:2.3:a:openssl:openssl:0.9.2b::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.2b::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.2b::::::x86: cpe:2.3:a:openssl:openssl:0.9.1c:::::::* cpe:2.3:a:openssl:openssl:0.9.1c::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.1c::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.1c::::::x86: cpe:2.3:a:openssl:openssl:0.9.1b:::::::* cpe:2.3:a:openssl:openssl:0.9.0b:::::::* cpe:2.3:a:openssl:openssl:::::::: cpe:2.3:a:openssl:openssl:::openvms:::::* cpe:2.3:a:openssl:openssl:-:::::::*	319
Application	Oracle Enterprise Manager Ops Center cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2:::::::* cpe:2.3:a:oracle:enterprise_manager_ops_center:12.1:::::::* cpe:2.3:a:oracle:enterprise_manager_ops_center:11.1:::::::*	3
Application	Oracle Glassfish Communications Server cpe:2.3:a:oracle:glassfish_communications_server:2.0:::::::*	1
Application	Oracle Glassfish Server cpe:2.3:a:oracle:glassfish_server:2.1.1:::::::*	1
Application	Oracle Iplanet Web Proxy Server cpe:2.3:a:oracle:iplanet_web_proxy_server:4.0:::::::*	1
Application	Oracle Iplanet Web Server cpe:2.3:a:oracle:iplanet_web_server:7.0:::::::* cpe:2.3:a:oracle:iplanet_web_server:6.1:::::::*	2
Application	Oracle Openjdk cpe:2.3:a:oracle:openjdk:1.7.0:-:::::: cpe:2.3:a:oracle:openjdk:1.7.0:update2:::::: cpe:2.3:a:oracle:openjdk:1.7.0:update3:::::: cpe:2.3:a:oracle:openjdk:1.7.0:update4:::::: cpe:2.3:a:oracle:openjdk:1.7.0:update5:::::: cpe:2.3:a:oracle:openjdk:1.7.0:update6:::::: cpe:2.3:a:oracle:openjdk:1.7.0:update7:::::: cpe:2.3:a:oracle:openjdk:1.7.0:update9:::::: cpe:2.3:a:oracle:openjdk:1.7.0:update10:::::: cpe:2.3:a:oracle:openjdk:1.7.0:update11:::::: cpe:2.3:a:oracle:openjdk:1.7.0:update13:::::: cpe:2.3:a:oracle:openjdk:1.7.0:update1:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update34:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update35:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update37:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update38:::::: cpe:2.3:a:oracle:openjdk:1.6.0:-:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update2:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update3:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update4:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update5:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update6:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update7:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update11:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update12:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update13:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update14:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update15:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update16:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update17:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update18:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update19:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update20:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update21:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update22:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update23:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update24:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update25:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update26:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update27:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update29:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update30:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update31:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update32:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update33:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update1:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update10::::::	47
Application	Oracle Opensso cpe:2.3:a:oracle:opensso:3.0-03:::::::*	1
Application	Oracle Traffic Director cpe:2.3:a:oracle:traffic_director:11.1.1.7.0:::::::* cpe:2.3:a:oracle:traffic_director:11.1.1.6.0:::::::*	2
Application	Oracle Vm Server cpe:2.3:a:oracle:vm_server:3.2::::::x86:	1
Application	Polarssl cpe:2.3:a:polarssl:polarssl:1.1.4:::::::* cpe:2.3:a:polarssl:polarssl:1.1.3:::::::* cpe:2.3:a:polarssl:polarssl:1.1.2:::::::* cpe:2.3:a:polarssl:polarssl:1.1.1:::::::* cpe:2.3:a:polarssl:polarssl:1.1.0:::::::* cpe:2.3:a:polarssl:polarssl:1.1.0:rc1:::::: cpe:2.3:a:polarssl:polarssl:1.1.0:rc0:::::: cpe:2.3:a:polarssl:polarssl:1.0.0:::::::* cpe:2.3:a:polarssl:polarssl:0.99:pre4:::::: cpe:2.3:a:polarssl:polarssl:0.99:pre5:::::: cpe:2.3:a:polarssl:polarssl:0.99:pre1:::::: cpe:2.3:a:polarssl:polarssl:0.99:pre3:::::: cpe:2.3:a:polarssl:polarssl:0.14.3:::::::* cpe:2.3:a:polarssl:polarssl:0.14.2:::::::* cpe:2.3:a:polarssl:polarssl:0.14.0:::::::* cpe:2.3:a:polarssl:polarssl:0.13.1:::::::* cpe:2.3:a:polarssl:polarssl:0.12.1:::::::* cpe:2.3:a:polarssl:polarssl:0.12.0:::::::* cpe:2.3:a:polarssl:polarssl:0.11.1:::::::* cpe:2.3:a:polarssl:polarssl:0.11.0:::::::* cpe:2.3:a:polarssl:polarssl:0.10.1:::::::* cpe:2.3:a:polarssl:polarssl:0.10.0:::::::*	22
Os	Canonical Ubuntu Linux cpe:2.3:o:canonical:ubuntu_linux:12.10:::::::* cpe:2.3:o:canonical:ubuntu_linux:12.04::::-::: cpe:2.3:o:canonical:ubuntu_linux:11.10:::::::* cpe:2.3:o:canonical:ubuntu_linux:10.04::::-:::	4
Os	Redhat Enterprise Linux Desktop cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::* cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*	2
Os	Redhat Enterprise Linux Eus cpe:2.3:o:redhat:enterprise_linux_eus:5.9:::::::*	1
Os	Redhat Enterprise Linux Server cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::* cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*	2
Os	Redhat Enterprise Linux Server Aus cpe:2.3:o:redhat:enterprise_linux_server_aus:5.9:::::::*	1
Os	Redhat Enterprise Linux Workstation cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::* cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*	2

Information Assurance Vulnerability Management (IAVM)

Date	Description
2014-04-17	IAVM : 2014-A-0055 - Multiple Vulnerabilities in Oracle Fusion Middleware Severity : Category I - VMSKEY : V0049585
2014-01-16	IAVM : 2014-A-0009 - Multiple Vulnerabilities in Oracle Fusion Middleware Severity : Category I - VMSKEY : V0043395
2013-10-17	IAVM : 2013-A-0199 - Multiple Vulnerabilities in Oracle Fusion Middleware Severity : Category I - VMSKEY : V0040786
2013-09-19	IAVM : 2013-A-0181 - Multiple Vulnerabilities in Junos Pulse Secure Access Service (IVE) Severity : Category I - VMSKEY : V0040371
2013-09-19	IAVM : 2013-A-0180 - Multiple Vulnerabilities in Juniper Networks Junos Pulse Access Service Acces... Severity : Category I - VMSKEY : V0040372
2013-09-19	IAVM : 2013-A-0179 - Apple Mac OS X Security Update 2013-004 Severity : Category I - VMSKEY : V0040373
2013-04-11	IAVM : 2013-A-0077 - Multiple Vulnerabilities in OpenSSL Severity : Category I - VMSKEY : V0037605

Snort® IPS/IDS

Date	Description
2014-01-10	SSLv3 plaintext recovery attempt RuleID : 25828 - Revision : 4 - Type : SERVER-OTHER
2014-01-10	TLSv1.2 plaintext recovery attempt RuleID : 25827 - Revision : 4 - Type : SERVER-OTHER
2014-01-10	TLSv1.1 plaintext recovery attempt RuleID : 25826 - Revision : 4 - Type : SERVER-OTHER
2014-01-10	TLSv1.0 plaintext recovery attempt RuleID : 25825 - Revision : 4 - Type : SERVER-OTHER

Nessus® Vulnerability Scanner

Date	Description
2018-09-27	Name : The remote Debian host is missing a security update. File : debian_DLA-1518.nasl - Type : ACT_GATHER_INFO
2016-11-21	Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL93600123.nasl - Type : ACT_GATHER_INFO
2016-03-04	Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-294.nasl - Type : ACT_GATHER_INFO
2016-03-04	Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_esx_VMSA-2013-0009_remote.nasl - Type : ACT_GATHER_INFO
2016-03-04	Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_esx_VMSA-2013-0015_remote.nasl - Type : ACT_GATHER_INFO
2015-05-20	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2013-0306-1.nasl - Type : ACT_GATHER_INFO
2015-01-19	Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_gnutls_20130924.nasl - Type : ACT_GATHER_INFO
2015-01-19	Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_nss_20140809.nasl - Type : ACT_GATHER_INFO
2015-01-19	Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_openssl_20130716.nasl - Type : ACT_GATHER_INFO
2015-01-13	Name : The remote host has a library installed that is affected by an information di... File : tivoli_directory_svr_swg21638270.nasl - Type : ACT_GATHER_INFO
2014-12-22	Name : The remote device is affected by multiple vulnerabilities. File : juniper_space_jsa10659.nasl - Type : ACT_GATHER_INFO
2014-12-05	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_compat-openssl097g-141202.nasl - Type : ACT_GATHER_INFO
2014-11-26	Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2014-0007.nasl - Type : ACT_GATHER_INFO
2014-11-26	Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2014-0008.nasl - Type : ACT_GATHER_INFO
2014-11-08	Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2013-0636.nasl - Type : ACT_GATHER_INFO
2014-11-08	Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2013-1181.nasl - Type : ACT_GATHER_INFO
2014-11-08	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1455.nasl - Type : ACT_GATHER_INFO
2014-11-08	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1456.nasl - Type : ACT_GATHER_INFO
2014-11-08	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0416.nasl - Type : ACT_GATHER_INFO
2014-10-10	Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL14190.nasl - Type : ACT_GATHER_INFO
2014-10-10	Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL15630.nasl - Type : ACT_GATHER_INFO
2014-10-10	Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL15637.nasl - Type : ACT_GATHER_INFO
2014-08-22	Name : The remote host is affected by multiple vulnerabilities. File : juniper_nsm_jsa10642.nasl - Type : ACT_GATHER_INFO
2014-08-11	Name : The remote backup service is affected by multiple vulnerabilities. File : ibm_tsm_server_5_5_x.nasl - Type : ACT_GATHER_INFO
2014-08-11	Name : The remote backup service is affected by multiple vulnerabilities. File : ibm_tsm_server_6_1_x.nasl - Type : ACT_GATHER_INFO
2014-08-11	Name : The remote backup service is affected by multiple vulnerabilities. File : ibm_tsm_server_6_2_6_0.nasl - Type : ACT_GATHER_INFO
2014-08-11	Name : The remote backup service is affected by an information disclosure vulnerabil... File : ibm_tsm_server_6_3_4_200.nasl - Type : ACT_GATHER_INFO
2014-07-14	Name : The remote mail server is affected by an information disclosure vulnerability. File : ipswitch_imail_12_3.nasl - Type : ACT_GATHER_INFO
2014-06-30	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201406-32.nasl - Type : ACT_GATHER_INFO
2014-06-23	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201406-19.nasl - Type : ACT_GATHER_INFO
2014-06-18	Name : The remote database server is affected by multiple vulnerabilities. File : db2_101fp3a.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-153.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-154.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-164.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-17.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-309.nasl - Type : ACT_GATHER_INFO
2014-04-16	Name : The remote AIX host is running a vulnerable version of OpenSSL. File : aix_openssl_advisory5.nasl - Type : ACT_GATHER_INFO
2014-01-27	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201401-30.nasl - Type : ACT_GATHER_INFO
2014-01-20	Name : The remote VMware ESXi 5.1 host is affected by multiple vulnerabilities. File : vmware_esxi_5_1_build_1483097_remote.nasl - Type : ACT_GATHER_INFO
2013-12-23	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-265.nasl - Type : ACT_GATHER_INFO
2013-12-23	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-266.nasl - Type : ACT_GATHER_INFO
2013-12-18	Name : The remote database server is affected by multiple vulnerabilities. File : db2_97fp9.nasl - Type : ACT_GATHER_INFO
2013-12-14	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20131212_nss__nspr__and_nss_util_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2013-12-13	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-1829.nasl - Type : ACT_GATHER_INFO
2013-12-13	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-1829.nasl - Type : ACT_GATHER_INFO
2013-12-13	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1829.nasl - Type : ACT_GATHER_INFO
2013-12-10	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20131205_nss_and_nspr_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2013-12-06	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-1791.nasl - Type : ACT_GATHER_INFO
2013-12-06	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-1791.nasl - Type : ACT_GATHER_INFO
2013-12-06	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1791.nasl - Type : ACT_GATHER_INFO
2013-12-06	Name : The remote VMware ESX host is missing one or more security-related patches. File : vmware_VMSA-2013-0015.nasl - Type : ACT_GATHER_INFO
2013-12-03	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201312-03.nasl - Type : ACT_GATHER_INFO
2013-11-13	Name : The remote VMware ESXi 5.0 host is affected by multiple security vulnerabilit... File : vmware_esxi_5_0_build_1311177_remote.nasl - Type : ACT_GATHER_INFO
2013-10-18	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201310-10.nasl - Type : ACT_GATHER_INFO
2013-10-16	Name : The remote database server is affected by multiple vulnerabilities. File : oracle_rdbms_cpu_oct_2013.nasl - Type : ACT_GATHER_INFO
2013-10-01	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-216.nasl - Type : ACT_GATHER_INFO
2013-10-01	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-217.nasl - Type : ACT_GATHER_INFO
2013-09-20	Name : The remote application server may be affected by multiple vulnerabilities. File : websphere_6_1_0_47.nasl - Type : ACT_GATHER_INFO
2013-09-19	Name : The remote device is missing a vendor-supplied security patch. File : junos_pulse_jsa10591.nasl - Type : ACT_GATHER_INFO
2013-09-13	Name : The remote host is missing a Mac OS X update that fixes several security issues. File : macosx_10_8_5.nasl - Type : ACT_GATHER_INFO
2013-09-13	Name : The remote host is missing a Mac OS X update that fixes several security issues. File : macosx_SecUpd2013-004.nasl - Type : ACT_GATHER_INFO
2013-09-04	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-162.nasl - Type : ACT_GATHER_INFO
2013-09-04	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-163.nasl - Type : ACT_GATHER_INFO
2013-09-04	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-171.nasl - Type : ACT_GATHER_INFO
2013-08-23	Name : The remote application server may be affected by multiple vulnerabilities. File : websphere_8_0_0_7.nasl - Type : ACT_GATHER_INFO
2013-08-09	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130807_nss__nss_util__nss_softokn__and_nspr_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2013-08-08	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-1144.nasl - Type : ACT_GATHER_INFO
2013-08-08	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-1144.nasl - Type : ACT_GATHER_INFO
2013-08-08	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1144.nasl - Type : ACT_GATHER_INFO
2013-08-06	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-1135.nasl - Type : ACT_GATHER_INFO
2013-08-06	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-1135.nasl - Type : ACT_GATHER_INFO
2013-08-06	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1135.nasl - Type : ACT_GATHER_INFO
2013-08-06	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130805_nss_and_nspr_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2013-08-02	Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2013-0009.nasl - Type : ACT_GATHER_INFO
2013-07-23	Name : The remote application server may be affected by multiple vulnerabilities. File : websphere_8_5_5.nasl - Type : ACT_GATHER_INFO
2013-07-19	Name : The remote application server is potentially affected by multiple vulnerabili... File : websphere_7_0_0_29.nasl - Type : ACT_GATHER_INFO
2013-07-16	Name : The remote device is missing a vendor-supplied security patch. File : juniper_jsa10575.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0273.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0274.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0275.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0587.nasl - Type : ACT_GATHER_INFO
2013-07-10	Name : The remote host has a library installed that is affected by an information di... File : ibm_gskit_swg21638270.nasl - Type : ACT_GATHER_INFO
2013-06-24	Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2013-0833.nasl - Type : ACT_GATHER_INFO
2013-06-06	Name : The remote web server contains an application that is affected by multiple vu... File : splunk_503.nasl - Type : ACT_GATHER_INFO
2013-05-23	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0855.nasl - Type : ACT_GATHER_INFO
2013-05-15	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0822.nasl - Type : ACT_GATHER_INFO
2013-05-15	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0823.nasl - Type : ACT_GATHER_INFO
2013-05-10	Name : The remote application server may be affected by multiple vulnerabilities. File : websphere_8_0_0_6.nasl - Type : ACT_GATHER_INFO
2013-05-10	Name : The remote application server may be affected by multiple vulnerabilities. File : websphere_8_5_0_2.nasl - Type : ACT_GATHER_INFO
2013-04-30	Name : The remote host is affected by multiple vulnerabilities. File : ibm_tem_8_2_1372.nasl - Type : ACT_GATHER_INFO
2013-04-24	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-ibm-130416.nasl - Type : ACT_GATHER_INFO
2013-04-24	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_6_0-ibm-8544.nasl - Type : ACT_GATHER_INFO
2013-04-20	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-050.nasl - Type : ACT_GATHER_INFO
2013-04-20	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-052.nasl - Type : ACT_GATHER_INFO
2013-04-20	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-095.nasl - Type : ACT_GATHER_INFO
2013-04-19	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_7_0-ibm-130415.nasl - Type : ACT_GATHER_INFO
2013-04-08	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_69bfc8529bd011e2a7be8c705af55518.nasl - Type : ACT_GATHER_INFO
2013-04-03	Name : The remote Fedora host is missing a security update. File : fedora_2013-4403.nasl - Type : ACT_GATHER_INFO
2013-03-28	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libopenssl-devel-130325.nasl - Type : ACT_GATHER_INFO
2013-03-28	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_openssl-8517.nasl - Type : ACT_GATHER_INFO
2013-03-26	Name : The remote Windows host contains a program that is affected by multiple vulne... File : stunnel_4_55.nasl - Type : ACT_GATHER_INFO
2013-03-26	Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1732-3.nasl - Type : ACT_GATHER_INFO
2013-03-15	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1763-1.nasl - Type : ACT_GATHER_INFO
2013-03-14	Name : The remote Fedora host is missing one or more security updates. File : fedora_2013-3079.nasl - Type : ACT_GATHER_INFO
2013-03-08	Name : The remote Fedora host is missing a security update. File : fedora_2013-2793.nasl - Type : ACT_GATHER_INFO
2013-03-07	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0587.nasl - Type : ACT_GATHER_INFO
2013-03-05	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0587.nasl - Type : ACT_GATHER_INFO
2013-03-05	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130304_openssl_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2013-03-04	Name : The remote Fedora host is missing a security update. File : fedora_2013-2834.nasl - Type : ACT_GATHER_INFO
2013-03-01	Name : The remote Fedora host is missing one or more security updates. File : fedora_2013-2929.nasl - Type : ACT_GATHER_INFO
2013-03-01	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1732-2.nasl - Type : ACT_GATHER_INFO
2013-02-27	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0274.nasl - Type : ACT_GATHER_INFO
2013-02-24	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-014.nasl - Type : ACT_GATHER_INFO
2013-02-24	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-openjdk-130221.nasl - Type : ACT_GATHER_INFO
2013-02-22	Name : The remote Unix host contains a programming platform that is potentially affe... File : oracle_java_cpu_feb_2013_1_unix.nasl - Type : ACT_GATHER_INFO
2013-02-22	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1732-1.nasl - Type : ACT_GATHER_INFO
2013-02-22	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1735-1.nasl - Type : ACT_GATHER_INFO
2013-02-21	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0273.nasl - Type : ACT_GATHER_INFO
2013-02-21	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0275.nasl - Type : ACT_GATHER_INFO
2013-02-21	Name : The remote Windows host contains a programming platform that is potentially a... File : oracle_java_cpu_feb_2013_1.nasl - Type : ACT_GATHER_INFO
2013-02-21	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0273.nasl - Type : ACT_GATHER_INFO
2013-02-21	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0274.nasl - Type : ACT_GATHER_INFO
2013-02-21	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0275.nasl - Type : ACT_GATHER_INFO
2013-02-21	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0531.nasl - Type : ACT_GATHER_INFO
2013-02-21	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0532.nasl - Type : ACT_GATHER_INFO
2013-02-14	Name : The remote Debian host is missing a security-related update. File : debian_DSA-2621.nasl - Type : ACT_GATHER_INFO
2013-02-14	Name : The remote Debian host is missing a security-related update. File : debian_DSA-2622.nasl - Type : ACT_GATHER_INFO
2013-02-13	Name : The remote service may be affected by an information disclosure vulnerability. File : openssl_1_0_1e.nasl - Type : ACT_GATHER_INFO
2013-02-11	Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2013-040-01.nasl - Type : ACT_GATHER_INFO
2013-02-09	Name : The remote host may be affected by multiple vulnerabilities. File : openssl_0_9_8y.nasl - Type : ACT_GATHER_INFO
2013-02-09	Name : The remote host may be affected by multiple vulnerabilities. File : openssl_1_0_0k.nasl - Type : ACT_GATHER_INFO
2013-02-09	Name : The remote host may be affected by multiple vulnerabilities. File : openssl_1_0_1d.nasl - Type : ACT_GATHER_INFO
2013-02-07	Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_00b0d8cd709711e298d9003067c2616f.nasl - Type : ACT_GATHER_INFO
2013-02-06	Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1681-4.nasl - Type : ACT_GATHER_INFO
2013-02-04	Name : The remote Fedora host is missing a security update. File : fedora_2013-1382.nasl - Type : ACT_GATHER_INFO
2013-02-04	Name : The remote Fedora host is missing a security update. File : fedora_2013-1432.nasl - Type : ACT_GATHER_INFO
2013-01-28	Name : The remote Fedora host is missing a security update. File : fedora_2013-1442.nasl - Type : ACT_GATHER_INFO
2013-01-25	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_firefox-201301-130110.nasl - Type : ACT_GATHER_INFO
2013-01-23	Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1681-3.nasl - Type : ACT_GATHER_INFO
2013-01-20	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_firefox-201301-8426.nasl - Type : ACT_GATHER_INFO
2013-01-15	Name : The remote Mac OS X host contains a web browser that is affected by multiple ... File : macosx_firefox_10_0_12.nasl - Type : ACT_GATHER_INFO
2013-01-15	Name : The remote Mac OS X host contains a web browser that is affected by multiple ... File : macosx_firefox_17_0_2.nasl - Type : ACT_GATHER_INFO
2013-01-15	Name : The remote Mac OS X host contains a web browser that is affected by multiple ... File : macosx_firefox_18_0.nasl - Type : ACT_GATHER_INFO
2013-01-15	Name : The remote Mac OS X host contains a mail client that is potentially affected ... File : macosx_thunderbird_10_0_12.nasl - Type : ACT_GATHER_INFO
2013-01-15	Name : The remote Mac OS X host contains a mail client that is potentially affected ... File : macosx_thunderbird_17_0_2.nasl - Type : ACT_GATHER_INFO
2013-01-15	Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_10012.nasl - Type : ACT_GATHER_INFO
2013-01-15	Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_1702.nasl - Type : ACT_GATHER_INFO
2013-01-15	Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_180.nasl - Type : ACT_GATHER_INFO
2013-01-15	Name : The remote Windows host contains a mail client that is potentially affected b... File : mozilla_thunderbird_10012.nasl - Type : ACT_GATHER_INFO
2013-01-15	Name : The remote Windows host contains a mail client that is potentially affected b... File : mozilla_thunderbird_1702.nasl - Type : ACT_GATHER_INFO
2013-01-15	Name : The remote Windows host contains a web browser that is affected by multiple v... File : seamonkey_215.nasl - Type : ACT_GATHER_INFO
2013-01-10	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-003.nasl - Type : ACT_GATHER_INFO
2013-01-09	Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1681-1.nasl - Type : ACT_GATHER_INFO
2013-01-09	Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1681-2.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-02-17 11:43:25	Multiple Updates
2013-04-05 21:17:34	First insertion

Global Informations

Type	Count
CWE ID(s)	2
Oval ID(s)	35
CPE ID(s)	472
IAVM(s)	7
Snort® Rule(s)	4
Nessus® Exploit(s)	154

	Related
4.3	CVE-2013-1620
2.6	CVE-2013-0169
0	CVE-2013-0743
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 3 more Alert(s)

4.3 - MDVSA-2013:050

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

OVAL Definitions

CPE : Common Platform Enumeration

Information Assurance Vulnerability Management (IAVM)

Snort® IPS/IDS

Nessus® Vulnerability Scanner

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU