Executive Summary
Summary | |
---|---|
Title | openssl security update |
Informations | |||
---|---|---|---|
Name | RHSA-2015:0800 | First vendor Publication | 2015-04-13 |
Vendor | RedHat | Last vendor Modification | 2015-04-13 |
Severity (Vendor) | Moderate | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was discovered that OpenSSL would accept ephemeral RSA keys when using non-export RSA cipher suites. A malicious server could make a TLS/SSL client using OpenSSL use a weaker key exchange method. (CVE-2015-0204) An integer underflow flaw, leading to a buffer overflow, was found in the way OpenSSL decoded malformed Base64-encoded inputs. An attacker able to make an application using OpenSSL decode a specially crafted Base64-encoded input (such as a PEM file) could use this flaw to cause the application to crash. Note: this flaw is not exploitable via the TLS/SSL protocol because the data being transferred is not Base64-encoded. (CVE-2015-0292) A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled. (CVE-2015-0293) Multiple flaws were found in the way OpenSSL parsed X.509 certificates. An attacker could use these flaws to modify an X.509 certificate to produce a certificate with a different fingerprint without invalidating its signature, and possibly bypass fingerprint-based blacklisting in applications. (CVE-2014-8275) An out-of-bounds write flaw was found in the way OpenSSL reused certain ASN.1 structures. A remote attacker could possibly use a specially crafted ASN.1 structure that, when parsed by an application, would cause that application to crash. (CVE-2015-0287) A NULL pointer dereference flaw was found in OpenSSL's X.509 certificate handling implementation. A specially crafted X.509 certificate could cause an application using OpenSSL to crash if the application attempted to convert the certificate to a certificate request. (CVE-2015-0288) A NULL pointer dereference was found in the way OpenSSL handled certain PKCS#7 inputs. An attacker able to make an application using OpenSSL verify, decrypt, or parse a specially crafted PKCS#7 input could cause that application to crash. TLS/SSL clients and servers using OpenSSL were not affected by this flaw. (CVE-2015-0289) Red Hat would like to thank the OpenSSL project for reporting CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292, and CVE-2015-0293. Upstream acknowledges Emilia Käsper of the OpenSSL development team as the original reporter of CVE-2015-0287, Brian Carpenter as the original reporter of CVE-2015-0288, Michal Zalewski of Google as the original reporter of CVE-2015-0289, Robert Dugal and David Ramos as the original reporters of CVE-2015-0292, and Sean Burford of Google and Emilia Käsper of the OpenSSL development team as the original reporters of CVE-2015-0293. All openssl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1180184 - CVE-2015-0204 openssl: only allow ephemeral RSA keys in export ciphersuites (FREAK) 1180187 - CVE-2014-8275 openssl: Fix various certificate fingerprint issues 1202380 - CVE-2015-0287 openssl: ASN.1 structure reuse memory corruption 1202384 - CVE-2015-0289 openssl: PKCS7 NULL pointer dereference 1202395 - CVE-2015-0292 openssl: integer underflow leading to buffer overflow in base64 decoding 1202404 - CVE-2015-0293 openssl: assertion failure in SSLv2 servers 1202418 - CVE-2015-0288 openssl: X509_to_X509_REQ NULL pointer dereference |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2015-0800.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
40 % | CWE-310 | Cryptographic Issues |
20 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
20 % | CWE-20 | Improper Input Validation |
20 % | CWE-17 | Code |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:28514 | |||
Oval ID: | oval:org.mitre.oval:def:28514 | ||
Title: | RHSA-2015:0800 -- openssl security update (Moderate) | ||
Description: | OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was discovered that OpenSSL would accept ephemeral RSA keys when using non-export RSA cipher suites. A malicious server could make a TLS/SSL client using OpenSSL use a weaker key exchange method. (CVE-2015-0204) | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2015:0800 CESA-2015:0800 CVE-2014-8275 CVE-2015-0204 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-0292 CVE-2015-0293 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | openssl |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:28541 | |||
Oval ID: | oval:org.mitre.oval:def:28541 | ||
Title: | AIX OpenSSL Denial of Service (invalid write operation and memory corruption) | ||
Description: | The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and ADB data structures, which might allow attackers to cause a denial of service (invalid write operation and memory corruption) by leveraging an application that relies on ASN.1 structure reuse. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2015-0287 | Version: | 4 |
Platform(s): | IBM AIX 6.1 IBM AIX 7.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:28671 | |||
Oval ID: | oval:org.mitre.oval:def:28671 | ||
Title: | AIX OpenSSL Denial of Service (NULL pointer dereference and application crash) | ||
Description: | The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, related to crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2015-0289 | Version: | 4 |
Platform(s): | IBM AIX 6.1 IBM AIX 7.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:28785 | |||
Oval ID: | oval:org.mitre.oval:def:28785 | ||
Title: | AIX OpenSSL Denial of Service (NULL pointer dereference and application crash) | ||
Description: | The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid certificate key. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2015-0288 | Version: | 4 |
Platform(s): | IBM AIX 6.1 IBM AIX 7.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:28868 | |||
Oval ID: | oval:org.mitre.oval:def:28868 | ||
Title: | AIX OpenSSL Denial of Service (assertion failure and daemon exit) | ||
Description: | The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (s2_lib.c assertion failure and daemon exit) via a crafted CLIENT-MASTER-KEY message. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2015-0293 | Version: | 4 |
Platform(s): | IBM AIX 6.1 IBM AIX 7.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:28905 | |||
Oval ID: | oval:org.mitre.oval:def:28905 | ||
Title: | AIX OpenSSL Denial of Service (memory corruption) | ||
Description: | Integer underflow in the EVP_DecodeUpdate function in crypto/evp/encode.c in the base64-decoding implementation in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted base64 data that triggers a buffer overflow. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2015-0292 | Version: | 4 |
Platform(s): | IBM AIX 6.1 IBM AIX 7.1 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2015-09-24 | IAVM : 2015-A-0222 - Multiple Security Vulnerabilities in Apple iOS Severity : Category I - VMSKEY : V0061471 |
2015-09-03 | IAVM : 2015-B-0106 - Multiple Vulnerabilities in HP Version Control Repository Manager Severity : Category I - VMSKEY : V0061359 |
2015-06-25 | IAVM : 2015-A-0135 - Multiple Vulnerabilities in Blue Coat ProxySG Severity : Category I - VMSKEY : V0060997 |
Snort® IPS/IDS
Date | Description |
---|---|
2015-04-14 | SSL request for export grade ciphersuite attempt RuleID : 33806 - Revision : 5 - Type : SERVER-OTHER |
2015-04-14 | SSL request for export grade ciphersuite attempt RuleID : 33805 - Revision : 5 - Type : SERVER-OTHER |
2015-04-14 | SSL request for export grade ciphersuite attempt RuleID : 33804 - Revision : 5 - Type : SERVER-OTHER |
2015-04-14 | SSL request for export grade ciphersuite attempt RuleID : 33803 - Revision : 5 - Type : SERVER-OTHER |
2015-04-14 | SSL request for export grade ciphersuite attempt RuleID : 33802 - Revision : 5 - Type : SERVER-OTHER |
2015-04-14 | SSL request for export grade ciphersuite attempt RuleID : 33801 - Revision : 5 - Type : SERVER-OTHER |
2015-04-14 | SSL export grade ciphersuite server negotiation attempt RuleID : 33800 - Revision : 6 - Type : SERVER-OTHER |
2015-04-14 | SSL export grade ciphersuite server negotiation attempt RuleID : 33799 - Revision : 6 - Type : SERVER-OTHER |
2015-04-14 | SSL export grade ciphersuite server negotiation attempt RuleID : 33798 - Revision : 6 - Type : SERVER-OTHER |
2015-04-14 | SSL export grade ciphersuite server negotiation attempt RuleID : 33797 - Revision : 6 - Type : SERVER-OTHER |
2015-04-14 | SSL export grade ciphersuite server negotiation attempt RuleID : 33796 - Revision : 6 - Type : SERVER-OTHER |
2015-04-14 | SSL export grade ciphersuite server negotiation attempt RuleID : 33795 - Revision : 6 - Type : SERVER-OTHER |
2015-04-14 | SSL export grade ciphersuite server negotiation attempt RuleID : 33794 - Revision : 6 - Type : SERVER-OTHER |
2015-04-14 | SSL request for export grade ciphersuite attempt RuleID : 33793 - Revision : 5 - Type : SERVER-OTHER |
2015-04-14 | SSL request for export grade ciphersuite attempt RuleID : 33792 - Revision : 5 - Type : SERVER-OTHER |
2015-04-14 | SSL request for export grade ciphersuite attempt RuleID : 33791 - Revision : 5 - Type : SERVER-OTHER |
2015-04-14 | SSL request for export grade ciphersuite attempt RuleID : 33790 - Revision : 5 - Type : SERVER-OTHER |
2015-04-14 | SSL request for export grade ciphersuite attempt RuleID : 33789 - Revision : 5 - Type : SERVER-OTHER |
2015-04-14 | SSL request for export grade ciphersuite attempt RuleID : 33788 - Revision : 5 - Type : SERVER-OTHER |
2015-04-14 | SSL request for export grade ciphersuite attempt RuleID : 33787 - Revision : 5 - Type : SERVER-OTHER |
2015-04-14 | SSL request for export grade ciphersuite attempt RuleID : 33786 - Revision : 5 - Type : SERVER-OTHER |
2015-04-14 | SSL request for export grade cipher suite attempt RuleID : 33785 - Revision : 6 - Type : SERVER-OTHER |
2015-04-14 | SSL export grade ciphersuite server negotiation attempt RuleID : 33784 - Revision : 6 - Type : SERVER-OTHER |
2015-04-14 | SSL export grade ciphersuite server negotiation attempt RuleID : 33783 - Revision : 6 - Type : SERVER-OTHER |
2015-04-14 | SSL export grade ciphersuite server negotiation attempt RuleID : 33782 - Revision : 6 - Type : SERVER-OTHER |
2015-04-14 | SSL export grade ciphersuite server negotiation attempt RuleID : 33781 - Revision : 6 - Type : SERVER-OTHER |
2015-04-14 | SSL export grade ciphersuite server negotiation attempt RuleID : 33780 - Revision : 6 - Type : SERVER-OTHER |
2015-04-14 | SSL request for export grade ciphersuite attempt RuleID : 33779 - Revision : 5 - Type : SERVER-OTHER |
2015-04-14 | SSL export grade ciphersuite server negotiation attempt RuleID : 33778 - Revision : 6 - Type : SERVER-OTHER |
2015-04-14 | SSL export grade ciphersuite server negotiation attempt RuleID : 33777 - Revision : 6 - Type : SERVER-OTHER |
2015-04-07 | SSL request for export grade ciphersuite attempt RuleID : 33703 - Revision : 2 - Type : SERVER-OTHER |
2015-04-07 | SSL request for export grade ciphersuite attempt RuleID : 33702 - Revision : 2 - Type : SERVER-OTHER |
2015-04-07 | SSL request for export grade ciphersuite attempt RuleID : 33701 - Revision : 2 - Type : SERVER-OTHER |
2015-04-07 | SSL request for export grade ciphersuite attempt RuleID : 33700 - Revision : 2 - Type : SERVER-OTHER |
2015-04-07 | SSL request for export grade ciphersuite attempt RuleID : 33699 - Revision : 2 - Type : SERVER-OTHER |
2015-04-07 | SSL request for export grade ciphersuite attempt RuleID : 33698 - Revision : 2 - Type : SERVER-OTHER |
2015-04-07 | SSL request for export grade ciphersuite attempt RuleID : 33697 - Revision : 2 - Type : SERVER-OTHER |
2015-04-07 | SSL request for export grade ciphersuite attempt RuleID : 33696 - Revision : 2 - Type : SERVER-OTHER |
2015-04-07 | SSL request for export grade ciphersuite attempt RuleID : 33695 - Revision : 2 - Type : SERVER-OTHER |
2015-04-07 | SSL request for export grade ciphersuite attempt RuleID : 33694 - Revision : 2 - Type : SERVER-OTHER |
2015-04-07 | SSL request for export grade ciphersuite attempt RuleID : 33693 - Revision : 2 - Type : SERVER-OTHER |
2015-04-07 | SSL request for export grade ciphersuite attempt RuleID : 33692 - Revision : 2 - Type : SERVER-OTHER |
2015-04-07 | SSL request for export grade ciphersuite attempt RuleID : 33691 - Revision : 2 - Type : SERVER-OTHER |
2015-04-07 | SSL request for export grade ciphersuite attempt RuleID : 33690 - Revision : 2 - Type : SERVER-OTHER |
2015-04-07 | SSL request for export grade ciphersuite attempt RuleID : 33689 - Revision : 2 - Type : SERVER-OTHER |
2015-04-07 | SSL request for export grade ciphersuite attempt RuleID : 33688 - Revision : 2 - Type : SERVER-OTHER |
2015-04-07 | SSL request for export grade ciphersuite attempt RuleID : 33687 - Revision : 2 - Type : SERVER-OTHER |
2015-04-07 | SSL request for export grade ciphersuite attempt RuleID : 33686 - Revision : 2 - Type : SERVER-OTHER |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2017-12-07 | Name : The remote host is potentially affected by an SSL/TLS vulnerability. File : check_point_gaia_sk103683.nasl - Type : ACT_GATHER_INFO |
2016-07-22 | Name : The remote database server is affected by multiple vulnerabilities. File : oracle_rdbms_cpu_jul_2016.nasl - Type : ACT_GATHER_INFO |
2016-04-14 | Name : The remote device is missing a vendor-supplied security patch. File : cisco-sa-20150320-openssl-ios.nasl - Type : ACT_GATHER_INFO |
2016-04-14 | Name : The remote device is missing a vendor-supplied security patch. File : cisco-sa-20150320-openssl-iosxe.nasl - Type : ACT_GATHER_INFO |
2016-04-07 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2016-682.nasl - Type : ACT_GATHER_INFO |
2016-03-29 | Name : The remote web server is affected by multiple vulnerabilities. File : hpsmh_7_2_6.nasl - Type : ACT_GATHER_INFO |
2016-03-14 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-327.nasl - Type : ACT_GATHER_INFO |
2016-03-10 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20160309_openssl098e_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2016-03-09 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2016-0372.nasl - Type : ACT_GATHER_INFO |
2016-03-09 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2016-0372.nasl - Type : ACT_GATHER_INFO |
2016-03-09 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2016-0372.nasl - Type : ACT_GATHER_INFO |
2016-03-08 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-0678-1.nasl - Type : ACT_GATHER_INFO |
2016-03-07 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-0631-1.nasl - Type : ACT_GATHER_INFO |
2016-03-04 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-294.nasl - Type : ACT_GATHER_INFO |
2016-03-04 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-0624-1.nasl - Type : ACT_GATHER_INFO |
2016-03-04 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-0641-1.nasl - Type : ACT_GATHER_INFO |
2016-03-03 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-289.nasl - Type : ACT_GATHER_INFO |
2016-03-03 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-292.nasl - Type : ACT_GATHER_INFO |
2016-03-02 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2016-0303.nasl - Type : ACT_GATHER_INFO |
2016-03-02 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2016-0304.nasl - Type : ACT_GATHER_INFO |
2016-03-02 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-0617-1.nasl - Type : ACT_GATHER_INFO |
2016-03-02 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-0620-1.nasl - Type : ACT_GATHER_INFO |
2016-02-26 | Name : The remote device is missing a vendor-supplied security patch. File : cisco-sa-20140605-openssl-nxos.nasl - Type : ACT_GATHER_INFO |
2016-01-28 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL16302.nasl - Type : ACT_GATHER_INFO |
2016-01-14 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-0113-1.nasl - Type : ACT_GATHER_INFO |
2016-01-06 | Name : The remote database server is affected by multiple vulnerabilities. File : db2_105fp7_nix.nasl - Type : ACT_GATHER_INFO |
2016-01-06 | Name : The remote database server is affected by multiple vulnerabilities. File : db2_105fp7_win.nasl - Type : ACT_GATHER_INFO |
2015-12-30 | Name : A web application on the remote host is affected by multiple vulnerabilities. File : puppet_enterprise_380.nasl - Type : ACT_GATHER_INFO |
2015-12-21 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-2303-1.nasl - Type : ACT_GATHER_INFO |
2015-12-17 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2015-889.nasl - Type : ACT_GATHER_INFO |
2015-12-16 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-2168-2.nasl - Type : ACT_GATHER_INFO |
2015-12-11 | Name : The remote multi-function device is affected by multiple vulnerabilities. File : xerox_xrx15ad_colorqube.nasl - Type : ACT_GATHER_INFO |
2015-12-11 | Name : The remote multi-function device is affected by multiple vulnerabilities. File : xerox_xrx15aj.nasl - Type : ACT_GATHER_INFO |
2015-12-11 | Name : The remote multi-function device is affected by multiple vulnerabilities. File : xerox_xrx15am.nasl - Type : ACT_GATHER_INFO |
2015-12-11 | Name : The remote multi-function device is affected by a man-in-the-middle vulnerabi... File : xerox_xrx15ap.nasl - Type : ACT_GATHER_INFO |
2015-12-11 | Name : The remote multi-function device is affected by multiple vulnerabilities. File : xerox_xrx15av.nasl - Type : ACT_GATHER_INFO |
2015-12-11 | Name : The remote multi-function device is affected by multiple vulnerabilities. File : xerox_xrx15r.nasl - Type : ACT_GATHER_INFO |
2015-12-09 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-2216-1.nasl - Type : ACT_GATHER_INFO |
2015-12-04 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-2182-1.nasl - Type : ACT_GATHER_INFO |
2015-12-03 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-2166-1.nasl - Type : ACT_GATHER_INFO |
2015-12-03 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-2168-1.nasl - Type : ACT_GATHER_INFO |
2015-10-19 | Name : The remote printer is affected by a security bypass vulnerability known as FR... File : lexmark_printer_TE701.nasl - Type : ACT_GATHER_INFO |
2015-10-06 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL16321.nasl - Type : ACT_GATHER_INFO |
2015-10-05 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL16139.nasl - Type : ACT_GATHER_INFO |
2015-10-05 | Name : The remote host is missing a Mac OS X update that fixes multiple security vul... File : macosx_10_11.nasl - Type : ACT_GATHER_INFO |
2015-09-04 | Name : The remote Windows host has an application installed that is affected by mult... File : hp_version_control_repo_manager_7_5_0_0.nasl - Type : ACT_GATHER_INFO |
2015-09-04 | Name : The remote Linux host has an application installed that is affected by multip... File : hp_version_control_repo_manager_7_5_0_nix.nasl - Type : ACT_GATHER_INFO |
2015-08-21 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-1410-1.nasl - Type : ACT_GATHER_INFO |
2015-07-27 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2015-507.nasl - Type : ACT_GATHER_INFO |
2015-07-22 | Name : The remote web server is affected by multiple vulnerabilities. File : hpsmh_7_5.nasl - Type : ACT_GATHER_INFO |
2015-07-01 | Name : The remote host is missing a Mac OS X update that fixes multiple security vul... File : macosx_10_10_4.nasl - Type : ACT_GATHER_INFO |
2015-07-01 | Name : The remote host is missing a Mac OS X update that fixes multiple security vul... File : macosx_SecUpd2015-005.nasl - Type : ACT_GATHER_INFO |
2015-06-29 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-1086-4.nasl - Type : ACT_GATHER_INFO |
2015-06-26 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-1086-3.nasl - Type : ACT_GATHER_INFO |
2015-06-26 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-1138-1.nasl - Type : ACT_GATHER_INFO |
2015-06-25 | Name : The remote device is affected by multiple vulnerabilities. File : bluecoat_proxy_sg_6_5_7_5.nasl - Type : ACT_GATHER_INFO |
2015-06-23 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-1086-2.nasl - Type : ACT_GATHER_INFO |
2015-06-19 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-1085-1.nasl - Type : ACT_GATHER_INFO |
2015-06-19 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-1086-1.nasl - Type : ACT_GATHER_INFO |
2015-06-10 | Name : The remote AIX host has a version of Java SDK installed that is affected by m... File : aix_java_april2015_advisory.nasl - Type : ACT_GATHER_INFO |
2015-06-09 | Name : The remote Windows host has VPN client software installed that is affected by... File : smb_kb3062760.nasl - Type : ACT_GATHER_INFO |
2015-06-04 | Name : The remote web server is running an application that is affected by multiple ... File : splunk_618.nasl - Type : ACT_GATHER_INFO |
2015-05-27 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-0946-1.nasl - Type : ACT_GATHER_INFO |
2015-05-20 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-0541-1.nasl - Type : ACT_GATHER_INFO |
2015-05-19 | Name : The remote device is missing a vendor-supplied security patch. File : cisco-sa-20150310-ssl-nxos.nasl - Type : ACT_GATHER_INFO |
2015-05-19 | Name : The remote Apache Tomcat server is affected by multiple vulnerabilities. File : tomcat_7_0_60.nasl - Type : ACT_GATHER_INFO |
2015-05-19 | Name : The remote Apache Tomcat server is affected by multiple vulnerabilities. File : tomcat_8_0_21.nasl - Type : ACT_GATHER_INFO |
2015-05-15 | Name : The remote Apache Tomcat server is affected by multiple vulnerabilities. File : tomcat_6_0_44.nasl - Type : ACT_GATHER_INFO |
2015-05-05 | Name : The remote Fedora host is missing a security update. File : fedora_2015-6855.nasl - Type : ACT_GATHER_INFO |
2015-05-04 | Name : The remote Fedora host is missing a security update. File : fedora_2015-6951.nasl - Type : ACT_GATHER_INFO |
2015-04-22 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2015-111-09.nasl - Type : ACT_GATHER_INFO |
2015-04-21 | Name : The remote device is missing a vendor-supplied security patch. File : juniper_jsa10679.nasl - Type : ACT_GATHER_INFO |
2015-04-21 | Name : The remote host is affected by multiple vulnerabilities. File : juniper_nsm_jsa10679.nasl - Type : ACT_GATHER_INFO |
2015-04-20 | Name : The remote AIX host has a version of OpenSSL installed that is affected by mu... File : aix_openssl_advisory13.nasl - Type : ACT_GATHER_INFO |
2015-04-16 | Name : The remote Windows host contains a programming platform that is affected by m... File : oracle_java_cpu_apr_2015.nasl - Type : ACT_GATHER_INFO |
2015-04-16 | Name : The remote Unix host contains a programming platform that is affected by mult... File : oracle_java_cpu_apr_2015_unix.nasl - Type : ACT_GATHER_INFO |
2015-04-16 | Name : The remote Windows host contains a programming platform that is affected by m... File : oracle_jrockit_cpu_apr_2015.nasl - Type : ACT_GATHER_INFO |
2015-04-15 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2015-0800.nasl - Type : ACT_GATHER_INFO |
2015-04-14 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2015-0800.nasl - Type : ACT_GATHER_INFO |
2015-04-14 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-0800.nasl - Type : ACT_GATHER_INFO |
2015-04-14 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20150413_openssl_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2015-04-10 | Name : The remote host is missing a Mac OS X update that fixes multiple security vul... File : macosx_10_10_3.nasl - Type : ACT_GATHER_INFO |
2015-04-10 | Name : The remote host is missing a Mac OS X update that fixes multiple security vul... File : macosx_SecUpd2015-004.nasl - Type : ACT_GATHER_INFO |
2015-04-09 | Name : The remote device is affected by a security feature bypass vulnerability. File : bluecoat_proxy_sg_6_5_6_2.nasl - Type : ACT_GATHER_INFO |
2015-04-01 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-0752.nasl - Type : ACT_GATHER_INFO |
2015-03-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2015-062.nasl - Type : ACT_GATHER_INFO |
2015-03-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2015-063.nasl - Type : ACT_GATHER_INFO |
2015-03-27 | Name : The remote Windows host has an application that is affected by the FREAK vuln... File : blackberry_es_freak_kb36811.nasl - Type : ACT_GATHER_INFO |
2015-03-26 | Name : The remote host is affected by multiple vulnerabilities. File : cisco_anyconnect_3_1_7021.nasl - Type : ACT_GATHER_INFO |
2015-03-26 | Name : The remote Debian host is missing a security update. File : debian_DLA-132.nasl - Type : ACT_GATHER_INFO |
2015-03-26 | Name : The remote Debian host is missing a security update. File : debian_DLA-177.nasl - Type : ACT_GATHER_INFO |
2015-03-26 | Name : The remote host is affected by multiple vulnerabilities. File : macosx_cisco_anyconnect_3_1_7021.nasl - Type : ACT_GATHER_INFO |
2015-03-26 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20150324_openssl_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2015-03-26 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20150324_openssl_on_SL7_x.nasl - Type : ACT_GATHER_INFO |
2015-03-25 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2015-498.nasl - Type : ACT_GATHER_INFO |
2015-03-25 | Name : The remote Fedora host is missing a security update. File : fedora_2015-4300.nasl - Type : ACT_GATHER_INFO |
2015-03-25 | Name : The remote Fedora host is missing a security update. File : fedora_2015-4303.nasl - Type : ACT_GATHER_INFO |
2015-03-25 | Name : The remote Fedora host is missing a security update. File : fedora_2015-4320.nasl - Type : ACT_GATHER_INFO |
2015-03-25 | Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2015-0039.nasl - Type : ACT_GATHER_INFO |
2015-03-25 | Name : The remote Windows host contains a program that is affected by multiple vulne... File : stunnel_5_12.nasl - Type : ACT_GATHER_INFO |
2015-03-24 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2015-0715.nasl - Type : ACT_GATHER_INFO |
2015-03-24 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2015-0716.nasl - Type : ACT_GATHER_INFO |
2015-03-24 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201503-11.nasl - Type : ACT_GATHER_INFO |
2015-03-24 | Name : The remote service is affected by multiple vulnerabilities. File : openssl_0_9_8zf.nasl - Type : ACT_GATHER_INFO |
2015-03-24 | Name : The remote service is affected by multiple vulnerabilities. File : openssl_1_0_0r.nasl - Type : ACT_GATHER_INFO |
2015-03-24 | Name : The remote service is affected by multiple vulnerabilities. File : openssl_1_0_1m.nasl - Type : ACT_GATHER_INFO |
2015-03-24 | Name : The remote service is affected by multiple vulnerabilities. File : openssl_1_0_2a.nasl - Type : ACT_GATHER_INFO |
2015-03-24 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2015-0715.nasl - Type : ACT_GATHER_INFO |
2015-03-24 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2015-0716.nasl - Type : ACT_GATHER_INFO |
2015-03-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-0715.nasl - Type : ACT_GATHER_INFO |
2015-03-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-0716.nasl - Type : ACT_GATHER_INFO |
2015-03-23 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2015-247.nasl - Type : ACT_GATHER_INFO |
2015-03-23 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libopenssl-devel-150317.nasl - Type : ACT_GATHER_INFO |
2015-03-20 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3197.nasl - Type : ACT_GATHER_INFO |
2015-03-20 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_9d15355bce7c11e49db0d050992ecde8.nasl - Type : ACT_GATHER_INFO |
2015-03-20 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_compat-openssl097g-150317.nasl - Type : ACT_GATHER_INFO |
2015-03-20 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2537-1.nasl - Type : ACT_GATHER_INFO |
2015-03-18 | Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2015-0030.nasl - Type : ACT_GATHER_INFO |
2015-03-17 | Name : The remote Mac OS X host has a web browser installed that is affected by the ... File : macosx_opera_28_0_1750_40.nasl - Type : ACT_GATHER_INFO |
2015-03-13 | Name : The remote host is affected by multiple vulnerabilities. File : mcafee_firewall_enterprise_SB10102.nasl - Type : ACT_GATHER_INFO |
2015-03-13 | Name : The remote web server contains an application that is affected by multiple vu... File : splunk_622.nasl - Type : ACT_GATHER_INFO |
2015-03-10 | Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2015-0029.nasl - Type : ACT_GATHER_INFO |
2015-03-05 | Name : The remote Mac OS X host contains a web browser that is affected by multiple ... File : macosx_google_chrome_41_0_2272_76.nasl - Type : ACT_GATHER_INFO |
2015-03-04 | Name : The remote host supports a set of weak ciphers. File : ssl_rsa_export_supported_ciphers.nasl - Type : ACT_GATHER_INFO |
2015-02-18 | Name : The remote AIX host has a version of OpenSSL installed that is affected by mu... File : aix_openssl_advisory12.nasl - Type : ACT_GATHER_INFO |
2015-02-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_compat-openssl097g-150122.nasl - Type : ACT_GATHER_INFO |
2015-02-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libopenssl-devel-150112.nasl - Type : ACT_GATHER_INFO |
2015-01-26 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2015-67.nasl - Type : ACT_GATHER_INFO |
2015-01-23 | Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2015-0005.nasl - Type : ACT_GATHER_INFO |
2015-01-22 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20150121_openssl_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2015-01-21 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2015-0066.nasl - Type : ACT_GATHER_INFO |
2015-01-21 | Name : The remote Fedora host is missing a security update. File : fedora_2015-0601.nasl - Type : ACT_GATHER_INFO |
2015-01-21 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2015-0066.nasl - Type : ACT_GATHER_INFO |
2015-01-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-0066.nasl - Type : ACT_GATHER_INFO |
2015-01-16 | Name : The remote service is affected by multiple vulnerabilities. File : openssl_0_9_8zd.nasl - Type : ACT_GATHER_INFO |
2015-01-16 | Name : The remote service is affected by multiple vulnerabilities. File : openssl_1_0_0p.nasl - Type : ACT_GATHER_INFO |
2015-01-16 | Name : The remote service is affected by multiple vulnerabilities. File : openssl_1_0_1k.nasl - Type : ACT_GATHER_INFO |
2015-01-13 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2015-469.nasl - Type : ACT_GATHER_INFO |
2015-01-13 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2459-1.nasl - Type : ACT_GATHER_INFO |
2015-01-12 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2015-009-01.nasl - Type : ACT_GATHER_INFO |
2015-01-12 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3125.nasl - Type : ACT_GATHER_INFO |
2015-01-12 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2015-019.nasl - Type : ACT_GATHER_INFO |
2015-01-09 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_4e536c14979111e4977dd050992ecde8.nasl - Type : ACT_GATHER_INFO |
2014-10-12 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2014-349.nasl - Type : ACT_GATHER_INFO |
2014-06-06 | Name : The remote service is affected by multiple vulnerabilities. File : openssl_1_0_1h.nasl - Type : ACT_GATHER_INFO |
2014-04-08 | Name : The remote service is affected by multiple vulnerabilities. File : openssl_1_0_0m.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2016-01-22 09:26:33 |
|
2015-12-05 13:27:57 |
|
2015-04-16 13:28:25 |
|
2015-04-15 13:28:36 |
|
2015-04-13 17:26:44 |
|