Executive Summary

Summary
Title java-1.8.0-oracle security update
Informations
Name RHSA-2015:0080 First vendor Publication 2015-01-22
Vendor RedHat Last vendor Modification 2015-01-22
Severity (Vendor) Critical Revision 01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Updated java-1.8.0-oracle packages that fix several security issues are now available for Oracle Java for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

Oracle Java for Red Hat Enterprise Linux Desktop 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux HPC Node 6 - x86_64 Oracle Java for Red Hat Enterprise Linux Server 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Workstation 6 - i386, x86_64

3. Description:

Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.

This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2014-3566, CVE-2014-6549, CVE-2014-6585, CVE-2014-6587, CVE-2014-6591, CVE-2014-6593, CVE-2014-6601, CVE-2015-0383, CVE-2015-0395, CVE-2015-0403, CVE-2015-0406, CVE-2015-0407, CVE-2015-0408, CVE-2015-0410, CVE-2015-0412, CVE-2015-0413, CVE-2015-0421, CVE-2015-0437)

The CVE-2015-0383 issue was discovered by Red Hat.

Note: With this update, the Oracle Java SE now disables the SSL 3.0 protocol to address the CVE-2014-3566 issue (also known as POODLE). Refer to the Red Hat Bugzilla bug linked to in the References section for instructions on how to re-enable SSL 3.0 support if needed.

All users of java-1.8.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 8 Update 31 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1123870 - CVE-2015-0383 OpenJDK: insecure hsperfdata temporary file handling (Hotspot, 8050807) 1152789 - CVE-2014-3566 SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack 1183020 - CVE-2014-6601 OpenJDK: class verifier insufficient invokespecial calls verification (Hotspot, 8058982) 1183021 - CVE-2015-0412 OpenJDK: insufficient code privileges checks (JAX-WS, 8054367) 1183023 - CVE-2015-0408 OpenJDK: incorrect context class loader use in RMI transport (RMI, 8055309) 1183031 - CVE-2015-0395 OpenJDK: phantom references handling issue in garbage collector (Hotspot, 8047125) 1183043 - CVE-2015-0407 OpenJDK: directory information leak via file chooser (Swing, 8055304) 1183044 - CVE-2015-0410 OpenJDK: DER decoder infinite loop (Security, 8059485) 1183049 - CVE-2014-6593 OpenJDK: incorrect tracking of ChangeCipherSpec during SSL/TLS handshake (JSSE, 8057555) 1183645 - CVE-2014-6585 ICU: font parsing OOB read (OpenJDK 2D, 8055489) 1183646 - CVE-2014-6591 ICU: font parsing OOB read (OpenJDK 2D, 8056276) 1183660 - CVE-2014-6549 OpenJDK: incorrect class loader permission check in ClassLoader getParent() (Libraries, 8055314) 1183670 - CVE-2015-0437 OpenJDK: code generation issue (Hotspot, 8064524) 1183715 - CVE-2014-6587 OpenJDK: MulticastSocket NULL pointer dereference (Libraries, 8056264) 1184275 - CVE-2015-0403 Oracle JDK: unspecified vulnerability fixed in 6u91, 7u75 and 8u31 (Deployment) 1184276 - CVE-2015-0421 Oracle JDK: unspecified vulnerability fixed in 8u31 (Install) 1184277 - CVE-2015-0406 Oracle JDK: unspecified vulnerability fixed in 6u91, 7u75 and 8u31 (Deployment) 1184278 - CVE-2015-0413 Oracle JDK: unspecified vulnerability fixed in 7u75 and 8u31 (Serviceability)

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2015-0080.html

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-310 Cryptographic Issues

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:27014
 
Oval ID: oval:org.mitre.oval:def:27014
Title: RHSA-2014:1653: openssl security update (Moderate)
Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL), Transport Layer Security (TLS), and Datagram Transport Layer Security (DTLS) protocols, as well as a full-strength, general purpose cryptography library. This update adds support for the TLS Fallback Signaling Cipher Suite Value (TLS_FALLBACK_SCSV), which can be used to prevent protocol downgrade attacks against applications which re-connect using a lower SSL/TLS protocol version when the initial connection indicating the highest supported protocol version fails. This can prevent a forceful downgrade of the communication to SSL 3.0. The SSL 3.0 protocol was found to be vulnerable to the padding oracle attack when using block cipher suites in cipher block chaining (CBC) mode. This issue is identified as CVE-2014-3566, and also known under the alias POODLE. This SSL 3.0 protocol flaw will not be addressed in a future update; it is recommended that users configure their applications to require at least TLS protocol version 1.0 for secure communication. For additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1232123 All OpenSSL users are advised to upgrade to these updated packages, which contain a backported patch to mitigate the CVE-2014-3566 issue. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.
Family: unix Class: patch
Reference(s): RHSA-2014:1653-00
CESA-2014:1653
CVE-2014-3566
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27057
 
Oval ID: oval:org.mitre.oval:def:27057
Title: ELSA-2014-1653 -- openssl security update
Description: [0.9.8e-31] - add support for fallback SCSV to partially mitigate CVE-2014-3566 (padding attack on SSL3) [0.9.8e-30] - fix CVE-2014-0221 - recursion in DTLS code leading to DoS - fix CVE-2014-3505 - doublefree in DTLS packet processing - fix CVE-2014-3506 - avoid memory exhaustion in DTLS - fix CVE-2014-3508 - fix OID handling to avoid information leak - fix CVE-2014-3510 - fix DoS in anonymous (EC)DH handling in DTLS [0.9.8e-29] - fix for CVE-2014-0224 - SSL/TLS MITM vulnerability [0.9.8e-28] - replace expired GlobalSign Root CA certificate in ca-bundle.crt
Family: unix Class: patch
Reference(s): ELSA-2014-1653
CVE-2014-3566
Version: 5
Platform(s): Oracle Linux 5
Product(s): openssl
openssl-devel
openssl-perl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27104
 
Oval ID: oval:org.mitre.oval:def:27104
Title: AIX OpenSSL Patch to mitigate CVE-2014-3566
Description: The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
Family: unix Class: vulnerability
Reference(s): CVE-2014-3566
Version: 4
Platform(s): IBM AIX 6.1
IBM AIX 7.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27138
 
Oval ID: oval:org.mitre.oval:def:27138
Title: HP-UX Running OpenSSL, Remote Denial of Service (DoS), Unauthorized Access, Man-in-the-Middle (MitM) Attack
Description: The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
Family: unix Class: vulnerability
Reference(s): CVE-2014-3566
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27941
 
Oval ID: oval:org.mitre.oval:def:27941
Title: JRE and JDK Vulnerability on HPUX
Description: Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit 27.8.4 and 28.3.4 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE.
Family: unix Class: vulnerability
Reference(s): CVE-2014-6593
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28009
 
Oval ID: oval:org.mitre.oval:def:28009
Title: JRE and JDK Vulnerability on HPUX
Description: Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Family: unix Class: vulnerability
Reference(s): CVE-2014-6587
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28015
 
Oval ID: oval:org.mitre.oval:def:28015
Title: JRE and JDK Vulnerability on HPUX
Description: Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI.
Family: unix Class: vulnerability
Reference(s): CVE-2015-0408
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28035
 
Oval ID: oval:org.mitre.oval:def:28035
Title: Multiple vulnerabilities in current releases of the IBM® SDK,Java Technology Edition
Description: Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors reelated to 2D, a different vulnerability than CVE-2014-6591.
Family: unix Class: vulnerability
Reference(s): CVE-2014-6585
Version: 4
Platform(s): IBM AIX 6.1
IBM AIX 7.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28154
 
Oval ID: oval:org.mitre.oval:def:28154
Title: IBM SDK Java Technology Edition vulnerability
Description: The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
Family: unix Class: vulnerability
Reference(s): CVE-2014-3566
Version: 4
Platform(s): IBM AIX 6.1
IBM AIX 7.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28179
 
Oval ID: oval:org.mitre.oval:def:28179
Title: Multiple vulnerabilities in current releases of the IBM® SDK,Java Technology Edition
Description: Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Family: unix Class: vulnerability
Reference(s): CVE-2014-6587
Version: 4
Platform(s): IBM AIX 6.1
IBM AIX 7.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28224
 
Oval ID: oval:org.mitre.oval:def:28224
Title: Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities.
Description: Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality and availability via unknown vectors related to Deployment.
Family: unix Class: vulnerability
Reference(s): CVE-2015-0406
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28230
 
Oval ID: oval:org.mitre.oval:def:28230
Title: SUSE-SU-2014:1447-1 -- Security update for openwsman (moderate)
Description: This update adds a configuration option to disable SSLv2 and SSLv3 in openwsman. This is required to mitigate CVE-2014-3566. To use the new option, edit /etc/openwsman/openwsman.conf and add the following line to the [server] section: ssl_disabled_protocols = SSLv2 SSLv3 Security Issues: * CVE-2014-3566 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566>
Family: unix Class: patch
Reference(s): SUSE-SU-2014:1447-1
CVE-2014-3566
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Desktop 11
Product(s): openwsman
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28251
 
Oval ID: oval:org.mitre.oval:def:28251
Title: Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities.
Description: Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality and availability via unknown vectors related to Deployment.
Family: unix Class: vulnerability
Reference(s): CVE-2015-0406
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28273
 
Oval ID: oval:org.mitre.oval:def:28273
Title: SUSE-SU-2014:1524-1 -- Security update for openssl (moderate)
Description: openssl was updated to fix four security issues. These security issues were fixed: - SRTP Memory Leak (CVE-2014-3513). - Session Ticket Memory Leak (CVE-2014-3567). - Fixed incomplete no-ssl3 build option (CVE-2014-3568). - Add support for TLS_FALLBACK_SCSV (CVE-2014-3566). NOTE: This update alone DOESN'T FIX the POODLE SSL protocol vulnerability. OpenSSL only adds downgrade detection support for client applications. See https://www.suse.com/support/kb/doc.php?id=7015773 for mitigations.
Family: unix Class: patch
Reference(s): SUSE-SU-2014:1524-1
CVE-2014-3513
CVE-2014-3567
CVE-2014-3568
CVE-2014-3566
Version: 3
Platform(s): SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Desktop 12
Product(s): openssl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28327
 
Oval ID: oval:org.mitre.oval:def:28327
Title: JRE and JDK Vulnerability on HPUX
Description: Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality and availability via unknown vectors related to Deployment.
Family: unix Class: vulnerability
Reference(s): CVE-2015-0406
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28357
 
Oval ID: oval:org.mitre.oval:def:28357
Title: Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities.
Description: Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to Swing.
Family: unix Class: vulnerability
Reference(s): CVE-2015-0407
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28398
 
Oval ID: oval:org.mitre.oval:def:28398
Title: Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities.
Description: The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
Family: unix Class: vulnerability
Reference(s): CVE-2014-3566
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28427
 
Oval ID: oval:org.mitre.oval:def:28427
Title: Multiple vulnerabilities in current releases of the IBM® SDK,Java Technology Edition
Description: Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to Swing.
Family: unix Class: vulnerability
Reference(s): CVE-2015-0407
Version: 4
Platform(s): IBM AIX 6.1
IBM AIX 7.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28445
 
Oval ID: oval:org.mitre.oval:def:28445
Title: JRE and JDK Vulnerability on HPUX
Description: Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors reelated to 2D, a different vulnerability than CVE-2014-6591.
Family: unix Class: vulnerability
Reference(s): CVE-2014-6585
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28446
 
Oval ID: oval:org.mitre.oval:def:28446
Title: Multiple vulnerabilities in current releases of the IBM® SDK,Java Technology Edition
Description: Unspecified vulnerability in the Java SE, Java SE Embedded, JRockit component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows remote attackers to affect availability via unknown vectors related to Security.
Family: unix Class: vulnerability
Reference(s): CVE-2015-0410
Version: 4
Platform(s): IBM AIX 6.1
IBM AIX 7.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28455
 
Oval ID: oval:org.mitre.oval:def:28455
Title: Multiple vulnerabilities in current releases of the IBM® SDK,Java Technology Edition
Description: Unspecified vulnerability in the Java SE component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to 2D, a different vulnerability than CVE-2014-6585.
Family: unix Class: vulnerability
Reference(s): CVE-2014-6591
Version: 4
Platform(s): IBM AIX 6.1
IBM AIX 7.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28458
 
Oval ID: oval:org.mitre.oval:def:28458
Title: Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities.
Description: Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
Family: unix Class: vulnerability
Reference(s): CVE-2014-6601
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28462
 
Oval ID: oval:org.mitre.oval:def:28462
Title: Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities.
Description: Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors reelated to 2D, a different vulnerability than CVE-2014-6591.
Family: unix Class: vulnerability
Reference(s): CVE-2014-6585
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28470
 
Oval ID: oval:org.mitre.oval:def:28470
Title: Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities.
Description: Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
Family: unix Class: vulnerability
Reference(s): CVE-2014-6601
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28481
 
Oval ID: oval:org.mitre.oval:def:28481
Title: SUSE-SU-2014:1512-1 -- Security update for compat-openssl098 (moderate)
Description: compat-openssl098 was updated to fix three security issues. NOTE: this update alone DOESN'T FIX the POODLE SSL protocol vulnerability. OpenSSL only adds downgrade detection support for client applications. See https://www.suse.com/support/kb/doc.php?id=7015773 for mitigations. These security issues were fixed: - Session ticket memory leak (CVE-2014-3567). - Fixed build option no-ssl3 (CVE-2014-3568). - Added support for TLS_FALLBACK_SCSV (CVE-2014-3566).
Family: unix Class: patch
Reference(s): SUSE-SU-2014:1512-1
CVE-2014-3567
CVE-2014-3568
CVE-2014-3566
Version: 3
Platform(s): SUSE Linux Enterprise Desktop 12
Product(s): compat-openssl098
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28488
 
Oval ID: oval:org.mitre.oval:def:28488
Title: SUSE-SU-2014:1519-1 -- Security update for evolution-data-server (moderate)
Description: evolution-data-server has been updated to disable support for SSLv3. This security issues has been fixed: * SSLv3 POODLE attack (CVE-2014-3566) Security Issues: * CVE-2014-3566 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566>
Family: unix Class: patch
Reference(s): SUSE-SU-2014:1519-1
CVE-2014-3566
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Desktop 11
Product(s): evolution-data-server
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28500
 
Oval ID: oval:org.mitre.oval:def:28500
Title: JRE and JDK Vulnerability on HPUX
Description: The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
Family: unix Class: vulnerability
Reference(s): CVE-2014-3566
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28510
 
Oval ID: oval:org.mitre.oval:def:28510
Title: Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities.
Description: Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to Swing.
Family: unix Class: vulnerability
Reference(s): CVE-2015-0407
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28516
 
Oval ID: oval:org.mitre.oval:def:28516
Title: Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities.
Description: Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI.
Family: unix Class: vulnerability
Reference(s): CVE-2015-0408
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28536
 
Oval ID: oval:org.mitre.oval:def:28536
Title: Multiple vulnerabilities in current releases of the IBM® SDK,Java Technology Edition
Description: Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit 27.8.4 and 28.3.4 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE.
Family: unix Class: vulnerability
Reference(s): CVE-2014-6593
Version: 4
Platform(s): IBM AIX 6.1
IBM AIX 7.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28563
 
Oval ID: oval:org.mitre.oval:def:28563
Title: Multiple vulnerabilities in current releases of the IBM® SDK,Java Technology Edition
Description: Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS.
Family: unix Class: vulnerability
Reference(s): CVE-2015-0412
Version: 4
Platform(s): IBM AIX 6.1
IBM AIX 7.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28595
 
Oval ID: oval:org.mitre.oval:def:28595
Title: Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities.
Description: The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
Family: unix Class: vulnerability
Reference(s): CVE-2014-3566
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28621
 
Oval ID: oval:org.mitre.oval:def:28621
Title: JRE and JDK Vulnerability on HPUX
Description: Unspecified vulnerability in Oracle Java SE 7u72 and 8u25 allows local users to affect integrity via unknown vectors related to Serviceability.
Family: unix Class: vulnerability
Reference(s): CVE-2015-0413
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28628
 
Oval ID: oval:org.mitre.oval:def:28628
Title: Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities.
Description: Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit 27.8.4 and 28.3.4 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE.
Family: unix Class: vulnerability
Reference(s): CVE-2014-6593
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28637
 
Oval ID: oval:org.mitre.oval:def:28637
Title: Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities.
Description: Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit 27.8.4 and 28.3.4 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE.
Family: unix Class: vulnerability
Reference(s): CVE-2014-6593
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28642
 
Oval ID: oval:org.mitre.oval:def:28642
Title: Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities.
Description: Unspecified vulnerability in Oracle Java SE 7u72 and 8u25 allows local users to affect integrity via unknown vectors related to Serviceability.
Family: unix Class: vulnerability
Reference(s): CVE-2015-0413
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28651
 
Oval ID: oval:org.mitre.oval:def:28651
Title: Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities.
Description: Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows local users to affect integrity and availability via unknown vectors related to Hotspot.
Family: unix Class: vulnerability
Reference(s): CVE-2015-0383
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28678
 
Oval ID: oval:org.mitre.oval:def:28678
Title: SUSE-SU-2014:1558-1 -- Security update for pure-ftpd (moderate)
Description: ure-ftpd was updated to fix one security issue and two non-security bugs: * SSLv2 and SSLv3 have been disabled to avoid the attack named POODLE (CVE-2014-3566, bnc#902229). * Added the disable_ascii option (bnc#828469). * Fixed wait on TLS handshake (bnc#856424). Security Issues: * CVE-2014-3566 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566>
Family: unix Class: patch
Reference(s): SUSE-SU-2014:1558-1
CVE-2014-3566
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Desktop 11
Product(s): pure-ftpd
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28715
 
Oval ID: oval:org.mitre.oval:def:28715
Title: Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities.
Description: Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI.
Family: unix Class: vulnerability
Reference(s): CVE-2015-0408
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28719
 
Oval ID: oval:org.mitre.oval:def:28719
Title: Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities.
Description: Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
Family: unix Class: vulnerability
Reference(s): CVE-2015-0395
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28721
 
Oval ID: oval:org.mitre.oval:def:28721
Title: Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities.
Description: Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
Family: unix Class: vulnerability
Reference(s): CVE-2015-0403
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28733
 
Oval ID: oval:org.mitre.oval:def:28733
Title: Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities.
Description: Unspecified vulnerability in the Java SE component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to 2D, a different vulnerability than CVE-2014-6585.
Family: unix Class: vulnerability
Reference(s): CVE-2014-6591
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28777
 
Oval ID: oval:org.mitre.oval:def:28777
Title: Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities.
Description: Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS.
Family: unix Class: vulnerability
Reference(s): CVE-2015-0412
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28789
 
Oval ID: oval:org.mitre.oval:def:28789
Title: Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities.
Description: Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
Family: unix Class: vulnerability
Reference(s): CVE-2015-0395
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28801
 
Oval ID: oval:org.mitre.oval:def:28801
Title: Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities.
Description: Unspecified vulnerability in the Java SE, Java SE Embedded, JRockit component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows remote attackers to affect availability via unknown vectors related to Security.
Family: unix Class: vulnerability
Reference(s): CVE-2015-0410
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28809
 
Oval ID: oval:org.mitre.oval:def:28809
Title: Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities.
Description: Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors reelated to 2D, a different vulnerability than CVE-2014-6591.
Family: unix Class: vulnerability
Reference(s): CVE-2014-6585
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28814
 
Oval ID: oval:org.mitre.oval:def:28814
Title: Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities.
Description: Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Family: unix Class: vulnerability
Reference(s): CVE-2014-6587
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28819
 
Oval ID: oval:org.mitre.oval:def:28819
Title: Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities.
Description: Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Family: unix Class: vulnerability
Reference(s): CVE-2014-6587
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28820
 
Oval ID: oval:org.mitre.oval:def:28820
Title: Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities.
Description: Unspecified vulnerability in the Java SE component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to 2D, a different vulnerability than CVE-2014-6585.
Family: unix Class: vulnerability
Reference(s): CVE-2014-6591
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28839
 
Oval ID: oval:org.mitre.oval:def:28839
Title: Multiple vulnerabilities in current releases of the IBM® SDK,Java Technology Edition
Description: Unspecified vulnerability in Oracle Java SE 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Family: unix Class: vulnerability
Reference(s): CVE-2014-6549
Version: 4
Platform(s): IBM AIX 6.1
IBM AIX 7.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28852
 
Oval ID: oval:org.mitre.oval:def:28852
Title: Multiple vulnerabilities in current releases of the IBM® SDK,Java Technology Edition
Description: Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI.
Family: unix Class: vulnerability
Reference(s): CVE-2015-0408
Version: 4
Platform(s): IBM AIX 6.1
IBM AIX 7.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28853
 
Oval ID: oval:org.mitre.oval:def:28853
Title: Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities.
Description: Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows local users to affect integrity and availability via unknown vectors related to Hotspot.
Family: unix Class: vulnerability
Reference(s): CVE-2015-0383
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28855
 
Oval ID: oval:org.mitre.oval:def:28855
Title: Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities.
Description: Unspecified vulnerability in the Java SE, Java SE Embedded, JRockit component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows remote attackers to affect availability via unknown vectors related to Security.
Family: unix Class: vulnerability
Reference(s): CVE-2015-0410
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28857
 
Oval ID: oval:org.mitre.oval:def:28857
Title: Multiple vulnerabilities in current releases of the IBM® SDK,Java Technology Edition
Description: Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
Family: unix Class: vulnerability
Reference(s): CVE-2015-0403
Version: 4
Platform(s): IBM AIX 6.1
IBM AIX 7.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28859
 
Oval ID: oval:org.mitre.oval:def:28859
Title: JRE and JDK Vulnerability on HPUX
Description: Unspecified vulnerability in Oracle Java SE 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the installation process.
Family: unix Class: vulnerability
Reference(s): CVE-2015-0421
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28860
 
Oval ID: oval:org.mitre.oval:def:28860
Title: Multiple vulnerabilities in current releases of the IBM® SDK,Java Technology Edition
Description: Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality and availability via unknown vectors related to Deployment.
Family: unix Class: vulnerability
Reference(s): CVE-2015-0406
Version: 4
Platform(s): IBM AIX 6.1
IBM AIX 7.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28872
 
Oval ID: oval:org.mitre.oval:def:28872
Title: Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities.
Description: Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
Family: unix Class: vulnerability
Reference(s): CVE-2015-0403
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28873
 
Oval ID: oval:org.mitre.oval:def:28873
Title: Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities.
Description: Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS.
Family: unix Class: vulnerability
Reference(s): CVE-2015-0412
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28877
 
Oval ID: oval:org.mitre.oval:def:28877
Title: JRE and JDK Vulnerability on HPUX
Description: Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to Swing.
Family: unix Class: vulnerability
Reference(s): CVE-2015-0407
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28900
 
Oval ID: oval:org.mitre.oval:def:28900
Title: JRE and JDK Vulnerability on HPUX
Description: Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS.
Family: unix Class: vulnerability
Reference(s): CVE-2015-0412
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28922
 
Oval ID: oval:org.mitre.oval:def:28922
Title: JRE and JDK Vulnerability on HPUX
Description: Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
Family: unix Class: vulnerability
Reference(s): CVE-2014-6601
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28931
 
Oval ID: oval:org.mitre.oval:def:28931
Title: JRE and JDK Vulnerability on HPUX
Description: Unspecified vulnerability in the Java SE component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to 2D, a different vulnerability than CVE-2014-6585.
Family: unix Class: vulnerability
Reference(s): CVE-2014-6591
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28939
 
Oval ID: oval:org.mitre.oval:def:28939
Title: JRE and JDK Vulnerability on HPUX
Description: Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
Family: unix Class: vulnerability
Reference(s): CVE-2015-0403
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28945
 
Oval ID: oval:org.mitre.oval:def:28945
Title: JRE and JDK Vulnerability on HPUX
Description: Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows local users to affect integrity and availability via unknown vectors related to Hotspot.
Family: unix Class: vulnerability
Reference(s): CVE-2015-0383
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28972
 
Oval ID: oval:org.mitre.oval:def:28972
Title: JRE and JDK Vulnerability on HPUX
Description: Unspecified vulnerability in Oracle Java SE 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Family: unix Class: vulnerability
Reference(s): CVE-2014-6549
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28992
 
Oval ID: oval:org.mitre.oval:def:28992
Title: JRE and JDK Vulnerability on HPUX
Description: Unspecified vulnerability in Oracle Java SE 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
Family: unix Class: vulnerability
Reference(s): CVE-2015-0437
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28998
 
Oval ID: oval:org.mitre.oval:def:28998
Title: JRE and JDK Vulnerability on HPUX
Description: Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
Family: unix Class: vulnerability
Reference(s): CVE-2015-0395
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29003
 
Oval ID: oval:org.mitre.oval:def:29003
Title: JRE and JDK Vulnerability on HPUX
Description: Unspecified vulnerability in the Java SE, Java SE Embedded, JRockit component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows remote attackers to affect availability via unknown vectors related to Security.
Family: unix Class: vulnerability
Reference(s): CVE-2015-0410
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29152
 
Oval ID: oval:org.mitre.oval:def:29152
Title: Vulnerability in SSLv3 affects ftpd, sendmaild, imapd, and popd on AIX
Description: The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
Family: unix Class: vulnerability
Reference(s): CVE-2014-3566
Version: 5
Platform(s): IBM AIX 6.1
IBM AIX 7.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29233
 
Oval ID: oval:org.mitre.oval:def:29233
Title: SUSE-SU-2015:0108-1 -- Security update for evolution-data-server (moderate)
Description: evolution-data-server was updated to disable support for SSLv3. This security issues was fixed: - SSLv3 POODLE attack (CVE-2014-3566)
Family: unix Class: patch
Reference(s): SUSE-SU-2015:0108-1
CVE-2014-3566
Version: 3
Platform(s): SUSE Linux Enterprise Desktop 12
Product(s): evolution-data-server
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 2
Application 63
Application 2
Application 6
Application 6
Application 2
Os 99
Os 4
Os 2
Os 4
Os 3
Os 24
Os 2
Os 22
Os 5
Os 2
Os 2
Os 3
Os 1
Os 4
Os 2
Os 2
Os 2
Os 3
Os 2
Os 2

OpenVAS Exploits

Date Description
2014-10-16 Name : POODLE SSLv3 Protocol CBC ciphers Information Disclosure Vulnerability
File : nvt/gb_poodel_sslv3_info_disc_vuln.nasl

Information Assurance Vulnerability Management (IAVM)

Date Description
2015-07-16 IAVM : 2015-A-0154 - Multiple Vulnerabilities in Oracle Fusion Middleware
Severity : Category I - VMSKEY : V0061081
2015-02-05 IAVM : 2015-B-0014 - Multiple Vulnerabilities in VMware ESXi 5.5
Severity : Category I - VMSKEY : V0058513
2015-02-05 IAVM : 2015-B-0013 - Multiple Vulnerabilities in VMware ESXi 5.1
Severity : Category I - VMSKEY : V0058515
2015-02-05 IAVM : 2015-B-0012 - Multiple Vulnerabilities in VMware ESXi 5.0
Severity : Category I - VMSKEY : V0058517

Snort® IPS/IDS

Date Description
2014-12-18 SSLv3 CBC client connection attempt
RuleID : 32566 - Revision : 2 - Type : POLICY-OTHER
2014-11-19 SSLv3 POODLE CBC padding brute force attempt
RuleID : 32205 - Revision : 5 - Type : SERVER-OTHER
2014-11-19 SSLv3 POODLE CBC padding brute force attempt
RuleID : 32204 - Revision : 5 - Type : SERVER-OTHER

Nessus® Vulnerability Scanner

Date Description
2017-12-07 Name : The remote host is potentially affected by an SSL/TLS vulnerability.
File : check_point_gaia_sk103683.nasl - Type : ACT_GATHER_INFO
2017-07-20 Name : The remote database server is affected by multiple vulnerabilities.
File : oracle_rdbms_cpu_jul_2017.nasl - Type : ACT_GATHER_INFO
2017-04-12 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2017-459.nasl - Type : ACT_GATHER_INFO
2017-01-10 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_03532a19d68e11e6917114dae9d210b8.nasl - Type : ACT_GATHER_INFO
2016-11-23 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2016-1339.nasl - Type : ACT_GATHER_INFO
2016-09-28 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-2396-1.nasl - Type : ACT_GATHER_INFO
2016-09-19 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-2329-1.nasl - Type : ACT_GATHER_INFO
2016-09-13 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-2285-1.nasl - Type : ACT_GATHER_INFO
2016-06-27 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201606-11.nasl - Type : ACT_GATHER_INFO
2016-06-17 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-1457-1.nasl - Type : ACT_GATHER_INFO
2016-05-13 Name : A web application running on the remote host is affected by multiple vulnerab...
File : solarwinds_srm_profiler_6_2_3.nasl - Type : ACT_GATHER_INFO
2016-04-14 Name : The application installed on the remote host is affected by an information di...
File : ibm_domino_swg21693142.nasl - Type : ACT_GATHER_INFO
2016-03-14 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201603-11.nasl - Type : ACT_GATHER_INFO
2016-03-14 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201603-14.nasl - Type : ACT_GATHER_INFO
2016-03-04 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2016-294.nasl - Type : ACT_GATHER_INFO
2016-02-25 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3489.nasl - Type : ACT_GATHER_INFO
2016-01-25 Name : The remote Debian host is missing a security update.
File : debian_DLA-400.nasl - Type : ACT_GATHER_INFO
2015-12-11 Name : The remote multi-function device is affected by multiple vulnerabilities.
File : xerox_xrx15ad_colorqube.nasl - Type : ACT_GATHER_INFO
2015-12-11 Name : The remote multi-function device is affected by multiple vulnerabilities.
File : xerox_xrx15aj.nasl - Type : ACT_GATHER_INFO
2015-12-11 Name : The remote multi-function device is affected by multiple vulnerabilities.
File : xerox_xrx15am.nasl - Type : ACT_GATHER_INFO
2015-11-20 Name : The remote host is running a remote management application that is affected b...
File : solarwinds_dameware_mini_remote_control_v12_0_hotfix_2.nasl - Type : ACT_GATHER_INFO
2015-10-16 Name : The remote Fedora host is missing a security update.
File : fedora_2015-9090.nasl - Type : ACT_GATHER_INFO
2015-10-16 Name : The remote Fedora host is missing a security update.
File : fedora_2015-9110.nasl - Type : ACT_GATHER_INFO
2015-10-14 Name : The remote Fedora host is missing a security update.
File : fedora_2015-16314.nasl - Type : ACT_GATHER_INFO
2015-10-02 Name : The remote Mac OS X host has an application installed that is affected by mul...
File : macosx_xcode_7_0.nasl - Type : ACT_GATHER_INFO
2015-09-24 Name : The remote Fedora host is missing a security update.
File : fedora_2015-16315.nasl - Type : ACT_GATHER_INFO
2015-08-03 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3323.nasl - Type : ACT_GATHER_INFO
2015-08-03 Name : The remote web server is affected by multiple vulnerabilities.
File : hpsmh_7_4_1.nasl - Type : ACT_GATHER_INFO
2015-07-27 Name : The remote Debian host is missing a security update.
File : debian_DLA-282.nasl - Type : ACT_GATHER_INFO
2015-07-23 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2015-571.nasl - Type : ACT_GATHER_INFO
2015-07-16 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2015-1228.nasl - Type : ACT_GATHER_INFO
2015-07-16 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2015-1228.nasl - Type : ACT_GATHER_INFO
2015-07-16 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2015-1228.nasl - Type : ACT_GATHER_INFO
2015-07-16 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20150715_java_1_8_0_openjdk_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2015-07-14 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201507-14.nasl - Type : ACT_GATHER_INFO
2015-06-19 Name : The remote AIX host is missing a security patch.
File : aix_IV69768.nasl - Type : ACT_GATHER_INFO
2015-06-19 Name : The remote AIX host is missing a security patch.
File : aix_IV73316.nasl - Type : ACT_GATHER_INFO
2015-06-19 Name : The remote AIX host is missing a security patch.
File : aix_IV73319.nasl - Type : ACT_GATHER_INFO
2015-06-19 Name : The remote AIX host is missing a security patch.
File : aix_IV73324.nasl - Type : ACT_GATHER_INFO
2015-06-19 Name : The remote AIX host is missing a security patch.
File : aix_IV73416.nasl - Type : ACT_GATHER_INFO
2015-06-19 Name : The remote AIX host is missing a security patch.
File : aix_IV73417.nasl - Type : ACT_GATHER_INFO
2015-06-19 Name : The remote AIX host is missing a security patch.
File : aix_IV73418.nasl - Type : ACT_GATHER_INFO
2015-06-19 Name : The remote AIX host is missing a security patch.
File : aix_IV73419.nasl - Type : ACT_GATHER_INFO
2015-06-19 Name : The remote AIX host is missing a security patch.
File : aix_IV73973.nasl - Type : ACT_GATHER_INFO
2015-06-19 Name : The remote AIX host is missing a security patch.
File : aix_IV73974.nasl - Type : ACT_GATHER_INFO
2015-06-19 Name : The remote AIX host is missing a security patch.
File : aix_IV73975.nasl - Type : ACT_GATHER_INFO
2015-06-19 Name : The remote AIX host is missing a security patch.
File : aix_IV73976.nasl - Type : ACT_GATHER_INFO
2015-06-12 Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2015-0068.nasl - Type : ACT_GATHER_INFO
2015-05-29 Name : The remote Fedora host is missing a security update.
File : fedora_2015-8251.nasl - Type : ACT_GATHER_INFO
2015-05-27 Name : The remote Fedora host is missing a security update.
File : fedora_2015-8226.nasl - Type : ACT_GATHER_INFO
2015-05-26 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_384fc0b2014411e58fda002590263bf5.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2014-1387-1.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2014-1512-1.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2014-1524-1.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2015-0503-1.nasl - Type : ACT_GATHER_INFO
2015-05-18 Name : The remote Fedora host is missing a security update.
File : fedora_2015-8264.nasl - Type : ACT_GATHER_INFO
2015-05-15 Name : The remote Debian host is missing a security update.
File : debian_DLA-219.nasl - Type : ACT_GATHER_INFO
2015-05-11 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3253.nasl - Type : ACT_GATHER_INFO
2015-05-01 Name : The remote host has an update manager installed that is affected by a Java Ru...
File : vmware_vcenter_update_mgr_vmsa-2015-0003.nasl - Type : ACT_GATHER_INFO
2015-05-01 Name : The remote host has a virtualization management application installed that is...
File : vmware_vcenter_vmsa-2015-0003.nasl - Type : ACT_GATHER_INFO
2015-04-28 Name : The remote host is missing a security update for OS X Server.
File : macosx_server_4_1.nasl - Type : ACT_GATHER_INFO
2015-04-20 Name : The remote web server is affected by multiple vulnerabilities.
File : glassfish_cpu_apr_2015.nasl - Type : ACT_GATHER_INFO
2015-04-20 Name : The remote Windows host has an application installed that is affected by mult...
File : vmware_vcenter_chargeback_manager_vmsa_2015_0003.nasl - Type : ACT_GATHER_INFO
2015-04-13 Name : The remote Windows host has an application installed that is affected by mult...
File : vmware_horizon_view_VMSA-2015-0003.nasl - Type : ACT_GATHER_INFO
2015-04-13 Name : The remote host has a device management application installed that is affecte...
File : vmware_workspace_portal_vmsa2015-0003.nasl - Type : ACT_GATHER_INFO
2015-04-10 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2015-198.nasl - Type : ACT_GATHER_INFO
2015-04-10 Name : The remote Linux host has a virtualization application installed that is miss...
File : vcenter_operations_manager_vmsa_2015-0003-linux.nasl - Type : ACT_GATHER_INFO
2015-04-10 Name : The remote host has a virtualization application installed that is missing a ...
File : vcenter_operations_manager_vmsa_2015-0003-vapp.nasl - Type : ACT_GATHER_INFO
2015-04-10 Name : The remote Windows host has a virtualization application installed that is mi...
File : vcenter_operations_manager_vmsa_2015-0003-win.nasl - Type : ACT_GATHER_INFO
2015-04-03 Name : The remote Fedora host is missing a security update.
File : fedora_2015-3569.nasl - Type : ACT_GATHER_INFO
2015-03-30 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2015-062.nasl - Type : ACT_GATHER_INFO
2015-03-30 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2015-161.nasl - Type : ACT_GATHER_INFO
2015-03-26 Name : The remote Debian host is missing a security update.
File : debian_DLA-157.nasl - Type : ACT_GATHER_INFO
2015-03-26 Name : The remote Debian host is missing a security update.
File : debian_DLA-81.nasl - Type : ACT_GATHER_INFO
2015-03-25 Name : The remote Fedora host is missing a security update.
File : fedora_2015-3590.nasl - Type : ACT_GATHER_INFO
2015-03-20 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2015-0698.nasl - Type : ACT_GATHER_INFO
2015-03-17 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3187.nasl - Type : ACT_GATHER_INFO
2015-03-17 Name : The remote application server is affected by multiple vulnerabilities.
File : websphere_7_0_0_37.nasl - Type : ACT_GATHER_INFO
2015-03-12 Name : The remote host has software installed that is affected by multiple vulnerabi...
File : ibm_rational_clearquest_8_0_1_6.nasl - Type : ACT_GATHER_INFO
2015-03-11 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2522-3.nasl - Type : ACT_GATHER_INFO
2015-03-09 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2522-2.nasl - Type : ACT_GATHER_INFO
2015-03-06 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2522-1.nasl - Type : ACT_GATHER_INFO
2015-03-05 Name : The remote Apache Tomcat server is affected by multiple vulnerabilities.
File : tomcat_6_0_43.nasl - Type : ACT_GATHER_INFO
2015-03-05 Name : The remote Apache Tomcat server is affected by multiple vulnerabilities.
File : tomcat_7_0_57.nasl - Type : ACT_GATHER_INFO
2015-03-05 Name : The remote Apache Tomcat server is affected by multiple vulnerabilities.
File : tomcat_8_0_15.nasl - Type : ACT_GATHER_INFO
2015-02-25 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2015-0263.nasl - Type : ACT_GATHER_INFO
2015-02-25 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2015-0264.nasl - Type : ACT_GATHER_INFO
2015-02-24 Name : The remote AIX host has a version of Java SDK installed that is affected by m...
File : aix_java_feb2015_advisory.nasl - Type : ACT_GATHER_INFO
2015-02-20 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_7_0-openjdk-150206.nasl - Type : ACT_GATHER_INFO
2015-02-18 Name : The remote application server is affected by multiple vulnerabilities.
File : websphere_8_0_0_10.nasl - Type : ACT_GATHER_INFO
2015-02-13 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2015-480.nasl - Type : ACT_GATHER_INFO
2015-02-09 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2015-033.nasl - Type : ACT_GATHER_INFO
2015-02-06 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2015-0133.nasl - Type : ACT_GATHER_INFO
2015-02-06 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2015-0134.nasl - Type : ACT_GATHER_INFO
2015-02-06 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2015-0135.nasl - Type : ACT_GATHER_INFO
2015-02-06 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2015-0136.nasl - Type : ACT_GATHER_INFO
2015-02-03 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2015-91.nasl - Type : ACT_GATHER_INFO
2015-02-03 Name : The remote host has a virtualization management application installed that is...
File : vmware_vcenter_vmsa-2015-0001.nasl - Type : ACT_GATHER_INFO
2015-02-02 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3147.nasl - Type : ACT_GATHER_INFO
2015-01-30 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3144.nasl - Type : ACT_GATHER_INFO
2015-01-29 Name : The remote host is missing a Mac OS X update that fixes multiple vulnerabilit...
File : macosx_10_10_2.nasl - Type : ACT_GATHER_INFO
2015-01-29 Name : The remote host is missing a Mac OS X update that fixes multiple security iss...
File : macosx_SecUpd2015-001.nasl - Type : ACT_GATHER_INFO
2015-01-29 Name : The remote VMware ESXi host is missing one or more security-related patches.
File : vmware_VMSA-2015-0001.nasl - Type : ACT_GATHER_INFO
2015-01-29 Name : The remote VMware ESXi 5.5 host is affected by multiple vulnerabilities.
File : vmware_esxi_5_5_build_2352327_remote.nasl - Type : ACT_GATHER_INFO
2015-01-28 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2486-1.nasl - Type : ACT_GATHER_INFO
2015-01-28 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2487-1.nasl - Type : ACT_GATHER_INFO
2015-01-27 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2015-0085.nasl - Type : ACT_GATHER_INFO
2015-01-27 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2015-0085.nasl - Type : ACT_GATHER_INFO
2015-01-27 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2015-0085.nasl - Type : ACT_GATHER_INFO
2015-01-27 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2015-0086.nasl - Type : ACT_GATHER_INFO
2015-01-27 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20150126_java_1_6_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2015-01-23 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2015-471.nasl - Type : ACT_GATHER_INFO
2015-01-23 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2015-472.nasl - Type : ACT_GATHER_INFO
2015-01-23 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2015-0079.nasl - Type : ACT_GATHER_INFO
2015-01-23 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2015-0080.nasl - Type : ACT_GATHER_INFO
2015-01-22 Name : The remote caching server is affected by multiple vulnerabilities.
File : apache_traffic_server_511.nasl - Type : ACT_GATHER_INFO
2015-01-22 Name : The remote Windows host contains a programming platform that is affected by m...
File : oracle_java_cpu_jan_2015.nasl - Type : ACT_GATHER_INFO
2015-01-22 Name : The remote Unix host contains a programming platform that is affected by mult...
File : oracle_java_cpu_jan_2015_unix.nasl - Type : ACT_GATHER_INFO
2015-01-22 Name : The remote host has a version of Oracle Secure Global Desktop that is affecte...
File : oracle_secure_global_desktop_jan_2015_cpu.nasl - Type : ACT_GATHER_INFO
2015-01-22 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2015-0067.nasl - Type : ACT_GATHER_INFO
2015-01-22 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2015-0068.nasl - Type : ACT_GATHER_INFO
2015-01-22 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2015-0069.nasl - Type : ACT_GATHER_INFO
2015-01-22 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20150121_java_1_7_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2015-01-22 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20150121_java_1_7_0_openjdk_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2015-01-22 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20150121_java_1_8_0_openjdk_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2015-01-21 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2015-0067.nasl - Type : ACT_GATHER_INFO
2015-01-21 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2015-0068.nasl - Type : ACT_GATHER_INFO
2015-01-21 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2015-0069.nasl - Type : ACT_GATHER_INFO
2015-01-21 Name : A clustered file system on the remote host is affected by multiple vulnerabil...
File : ibm_gpfs_isg3T1021546_windows.nasl - Type : ACT_GATHER_INFO
2015-01-21 Name : The remote Windows host contains a programming platform that is affected by m...
File : oracle_jrockit_cpu_jan_2015.nasl - Type : ACT_GATHER_INFO
2015-01-21 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2015-0067.nasl - Type : ACT_GATHER_INFO
2015-01-21 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2015-0068.nasl - Type : ACT_GATHER_INFO
2015-01-21 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2015-0069.nasl - Type : ACT_GATHER_INFO
2015-01-19 Name : The remote Solaris system is missing a security patch for third-party software.
File : solaris11_openssl_20141104.nasl - Type : ACT_GATHER_INFO
2015-01-07 Name : The remote application server is affected by multiple vulnerabilities.
File : websphere_8_5_5_4.nasl - Type : ACT_GATHER_INFO
2015-01-06 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2014-14237.nasl - Type : ACT_GATHER_INFO
2015-01-06 Name : The remote SuSE 11 host is missing a security update.
File : suse_11_suseRegister-141121.nasl - Type : ACT_GATHER_INFO
2015-01-02 Name : The remote Fedora host is missing a security update.
File : fedora_2014-17576.nasl - Type : ACT_GATHER_INFO
2015-01-02 Name : The remote Fedora host is missing a security update.
File : fedora_2014-17587.nasl - Type : ACT_GATHER_INFO
2014-12-16 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2014-252.nasl - Type : ACT_GATHER_INFO
2014-12-15 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2014-15379.nasl - Type : ACT_GATHER_INFO
2014-12-15 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2014-15390.nasl - Type : ACT_GATHER_INFO
2014-12-15 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2014-15411.nasl - Type : ACT_GATHER_INFO
2014-12-05 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_compat-openssl097g-141202.nasl - Type : ACT_GATHER_INFO
2014-12-05 Name : The remote SuSE 11 host is missing a security update.
File : suse_11_pure-ftpd-141120.nasl - Type : ACT_GATHER_INFO
2014-12-04 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-1948.nasl - Type : ACT_GATHER_INFO
2014-12-04 Name : A web application installed on the remote host is affected by an information ...
File : hp_sitescope_hpsbmu03184.nasl - Type : ACT_GATHER_INFO
2014-12-04 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20141202_nss__nss_util__and_nss_softokn_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2014-12-04 Name : The remote web server contains an application that is affected by multiple vu...
File : splunk_5011.nasl - Type : ACT_GATHER_INFO
2014-12-04 Name : The remote web server contains an application that is affected by multiple vu...
File : splunk_607.nasl - Type : ACT_GATHER_INFO
2014-12-03 Name : The remote device is missing a vendor-supplied security update.
File : cisco-sa-20141015-poodle-wlc.nasl - Type : ACT_GATHER_INFO
2014-12-03 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-1948.nasl - Type : ACT_GATHER_INFO
2014-12-03 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1948.nasl - Type : ACT_GATHER_INFO
2014-12-01 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_6_0-ibm-141119.nasl - Type : ACT_GATHER_INFO
2014-12-01 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_7_0-ibm-141121.nasl - Type : ACT_GATHER_INFO
2014-11-28 Name : The remote AIX host has a version of Java SDK installed that is affected by m...
File : aix_java_oct2014_advisory.nasl - Type : ACT_GATHER_INFO
2014-11-28 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_evolution-data-server-141114.nasl - Type : ACT_GATHER_INFO
2014-11-26 Name : The remote printer service is potentially affected by an information disclosu...
File : cups_2_0_1.nasl - Type : ACT_GATHER_INFO
2014-11-26 Name : The remote OracleVM host is missing a security update.
File : oraclevm_OVMSA-2014-0032.nasl - Type : ACT_GATHER_INFO
2014-11-26 Name : The remote OracleVM host is missing a security update.
File : oraclevm_OVMSA-2014-0037.nasl - Type : ACT_GATHER_INFO
2014-11-26 Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2014-0038.nasl - Type : ACT_GATHER_INFO
2014-11-26 Name : The remote OracleVM host is missing a security update.
File : oraclevm_OVMSA-2014-0039.nasl - Type : ACT_GATHER_INFO
2014-11-26 Name : The remote OracleVM host is missing a security update.
File : oraclevm_OVMSA-2014-0040.nasl - Type : ACT_GATHER_INFO
2014-11-26 Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2014-0041.nasl - Type : ACT_GATHER_INFO
2014-11-24 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201411-10.nasl - Type : ACT_GATHER_INFO
2014-11-24 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2014-218.nasl - Type : ACT_GATHER_INFO
2014-11-21 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1880.nasl - Type : ACT_GATHER_INFO
2014-11-21 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1881.nasl - Type : ACT_GATHER_INFO
2014-11-21 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1882.nasl - Type : ACT_GATHER_INFO
2014-11-20 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1876.nasl - Type : ACT_GATHER_INFO
2014-11-20 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1877.nasl - Type : ACT_GATHER_INFO
2014-11-19 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_libwsman-devel-141021.nasl - Type : ACT_GATHER_INFO
2014-11-17 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-671.nasl - Type : ACT_GATHER_INFO
2014-11-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-647.nasl - Type : ACT_GATHER_INFO
2014-11-12 Name : The remote device is affected by a man-in-the-middle (MitM) information discl...
File : cisco-sa-20141015-poodle-cucm.nasl - Type : ACT_GATHER_INFO
2014-11-12 Name : The remote Fedora host is missing a security update.
File : fedora_2014-13777.nasl - Type : ACT_GATHER_INFO
2014-11-11 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2014-13647.nasl - Type : ACT_GATHER_INFO
2014-11-11 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2014-14217.nasl - Type : ACT_GATHER_INFO
2014-11-11 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2014-14234.nasl - Type : ACT_GATHER_INFO
2014-11-11 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-640.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1692.nasl - Type : ACT_GATHER_INFO
2014-11-07 Name : The remote Fedora host is missing a security update.
File : fedora_2014-13764.nasl - Type : ACT_GATHER_INFO
2014-11-07 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2014-13781.nasl - Type : ACT_GATHER_INFO
2014-11-07 Name : The remote Fedora host is missing a security update.
File : fedora_2014-13794.nasl - Type : ACT_GATHER_INFO
2014-11-06 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_libopenssl-devel-141024.nasl - Type : ACT_GATHER_INFO
2014-11-05 Name : The remote device is affected by multiple vulnerabilities.
File : appletv_7_0_1.nasl - Type : ACT_GATHER_INFO
2014-11-03 Name : The remote Fedora host is missing a security update.
File : fedora_2014-12951.nasl - Type : ACT_GATHER_INFO
2014-11-03 Name : The remote Fedora host is missing a security update.
File : fedora_2014-13399.nasl - Type : ACT_GATHER_INFO
2014-11-03 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_0dad911460cc11e49e840022156e8794.nasl - Type : ACT_GATHER_INFO
2014-10-31 Name : The remote AIX host has a version of OpenSSL installed that is affected by mu...
File : aix_openssl_advisory11.nasl - Type : ACT_GATHER_INFO
2014-10-30 Name : The remote device is affected by a man-in-the-middle (MitM) information discl...
File : cisco-sa-20141015-poodle-asa.nasl - Type : ACT_GATHER_INFO
2014-10-30 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-605.nasl - Type : ACT_GATHER_INFO
2014-10-24 Name : The remote host is affected by an information disclosure vulnerability.
File : cisco_anyconnect_3_1_5187.nasl - Type : ACT_GATHER_INFO
2014-10-24 Name : The remote host is affected by an information disclosure vulnerability.
File : macosx_cisco_anyconnect_3_1_5187.nasl - Type : ACT_GATHER_INFO
2014-10-24 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2014-203.nasl - Type : ACT_GATHER_INFO
2014-10-22 Name : A telephony application running on the remote host is affected by an informat...
File : asterisk_ast_2014_011.nasl - Type : ACT_GATHER_INFO
2014-10-22 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_76c7a0f5592811e4adc7001999f8d30b.nasl - Type : ACT_GATHER_INFO
2014-10-21 Name : The remote host is missing a security update for OS X Server.
File : macosx_server_2_2_5.nasl - Type : ACT_GATHER_INFO
2014-10-21 Name : The remote host is missing a security update for OS X Server.
File : macosx_server_3_2_2.nasl - Type : ACT_GATHER_INFO
2014-10-21 Name : The remote host is missing a security update for OS X Server.
File : macosx_server_4_0.nasl - Type : ACT_GATHER_INFO
2014-10-20 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2014-429.nasl - Type : ACT_GATHER_INFO
2014-10-20 Name : The remote Fedora host is missing a security update.
File : fedora_2014-13069.nasl - Type : ACT_GATHER_INFO
2014-10-20 Name : The remote Fedora host is missing a security update.
File : fedora_2014-13012.nasl - Type : ACT_GATHER_INFO
2014-10-20 Name : The remote Windows host contains a program that is affected by multiple vulne...
File : stunnel_5_06.nasl - Type : ACT_GATHER_INFO
2014-10-17 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-1652.nasl - Type : ACT_GATHER_INFO
2014-10-17 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-1653.nasl - Type : ACT_GATHER_INFO
2014-10-17 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3053.nasl - Type : ACT_GATHER_INFO
2014-10-17 Name : The remote host is missing a Mac OS X update that fixes multiple vulnerabilit...
File : macosx_10_10.nasl - Type : ACT_GATHER_INFO
2014-10-17 Name : The remote host is missing a Mac OS X update that fixes multiple security iss...
File : macosx_SecUpd2014-005.nasl - Type : ACT_GATHER_INFO
2014-10-17 Name : The remote service is affected by multiple vulnerabilities.
File : openssl_0_9_8zc.nasl - Type : ACT_GATHER_INFO
2014-10-17 Name : The remote service is affected by multiple vulnerabilities.
File : openssl_1_0_0o.nasl - Type : ACT_GATHER_INFO
2014-10-17 Name : The remote service is affected by multiple vulnerabilities.
File : openssl_1_0_1j.nasl - Type : ACT_GATHER_INFO
2014-10-17 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-1652.nasl - Type : ACT_GATHER_INFO
2014-10-17 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-1653.nasl - Type : ACT_GATHER_INFO
2014-10-17 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1652.nasl - Type : ACT_GATHER_INFO
2014-10-17 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1653.nasl - Type : ACT_GATHER_INFO
2014-10-17 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20141016_openssl_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2014-10-17 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20141016_openssl_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2014-10-16 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2014-288-01.nasl - Type : ACT_GATHER_INFO
2014-10-16 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2014-426.nasl - Type : ACT_GATHER_INFO
2014-10-16 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_03175e62549411e49cc1bc5ff4fb5e7b.nasl - Type : ACT_GATHER_INFO
2014-10-15 Name : The remote host is affected by a remote information disclosure vulnerability.
File : smb_kb3009008.nasl - Type : ACT_GATHER_INFO
2014-10-15 Name : It is possible to obtain sensitive information from the remote host with SSL/...
File : ssl_poodle.nasl - Type : ACT_GATHER_INFO
2014-09-23 Name : The remote host has software installed that is affected by multiple vulnerabi...
File : ibm_domino_9_0_1_fp2.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
Date Informations
2016-02-19 21:28:56
  • Multiple Updates
2016-02-17 21:30:35
  • Multiple Updates
2016-02-12 09:29:05
  • Multiple Updates
2015-01-24 13:24:01
  • Multiple Updates
2015-01-23 00:22:18
  • First insertion