Vulnerability-Lookup

CVE-2012-0884 (GCVE-0-2012-0884)

Vulnerability from cvelistv5 – Published: 2012-03-13 01:00 – Updated: 2024-08-06 18:38

Summary

The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack (MMA) adaptive chosen ciphertext attack.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
	http://rhn.redhat.com/errata/RHSA-2012-0531.html	vendor-advisoryx_refsource_REDHAT
	http://www-01.ibm.com/support/docview.wss?uid=ssg…	x_refsource_CONFIRM
	http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
	https://downloads.avaya.com/css/P8/documents/100162507	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2012-1308.html	vendor-advisoryx_refsource_REDHAT
	https://hermes.opensuse.org/messages/14330767	vendor-advisoryx_refsource_SUSE
	http://rhn.redhat.com/errata/RHSA-2012-1307.html	vendor-advisoryx_refsource_REDHAT
	http://www.openssl.org/news/secadv_20120312.txt	x_refsource_CONFIRM
	http://secunia.com/advisories/48916	third-party-advisoryx_refsource_SECUNIA
	http://rhn.redhat.com/errata/RHSA-2012-0488.html	vendor-advisoryx_refsource_REDHAT
	http://www.debian.org/security/2012/dsa-2454	vendor-advisoryx_refsource_DEBIAN
	http://secunia.com/advisories/48895	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/48580	third-party-advisoryx_refsource_SECUNIA
	http://www.kb.cert.org/vuls/id/737740	third-party-advisoryx_refsource_CERT-VN
	http://rhn.redhat.com/errata/RHSA-2012-1306.html	vendor-advisoryx_refsource_REDHAT
	http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
	http://marc.info/?l=bugtraq&m=134039053214295&w=2	vendor-advisoryx_refsource_HP
	http://secunia.com/advisories/57353	third-party-advisoryx_refsource_SECUNIA
	http://rhn.redhat.com/errata/RHSA-2012-0426.html	vendor-advisoryx_refsource_REDHAT
	http://marc.info/?l=bugtraq&m=133728068926468&w=2	vendor-advisoryx_refsource_HP
	http://marc.info/?l=bugtraq&m=134039053214295&w=2	vendor-advisoryx_refsource_HP
	http://marc.info/?l=bugtraq&m=133951357207000&w=2	vendor-advisoryx_refsource_HP
	http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
	http://marc.info/?l=bugtraq&m=133951357207000&w=2	vendor-advisoryx_refsource_HP
	http://marc.info/?l=bugtraq&m=133728068926468&w=2	vendor-advisoryx_refsource_HP

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T18:38:14.951Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "FEDORA-2012-4630",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077666.html"
          },
          {
            "name": "RHSA-2012:0531",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564"
          },
          {
            "name": "FEDORA-2012-18035",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://downloads.avaya.com/css/P8/documents/100162507"
          },
          {
            "name": "RHSA-2012:1308",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-1308.html"
          },
          {
            "name": "openSUSE-SU-2012:0547",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "https://hermes.opensuse.org/messages/14330767"
          },
          {
            "name": "RHSA-2012:1307",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-1307.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.openssl.org/news/secadv_20120312.txt"
          },
          {
            "name": "48916",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48916"
          },
          {
            "name": "RHSA-2012:0488",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-0488.html"
          },
          {
            "name": "DSA-2454",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2012/dsa-2454"
          },
          {
            "name": "48895",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48895"
          },
          {
            "name": "48580",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48580"
          },
          {
            "name": "VU#737740",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/737740"
          },
          {
            "name": "RHSA-2012:1306",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-1306.html"
          },
          {
            "name": "FEDORA-2012-4665",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077086.html"
          },
          {
            "name": "HPSBOV02793",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
          },
          {
            "name": "57353",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/57353"
          },
          {
            "name": "RHSA-2012:0426",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-0426.html"
          },
          {
            "name": "HPSBUX02782",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2"
          },
          {
            "name": "SSRT100891",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
          },
          {
            "name": "SSRT100852",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
          },
          {
            "name": "FEDORA-2012-4659",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077221.html"
          },
          {
            "name": "HPSBMU02776",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
          },
          {
            "name": "SSRT100844",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-03-12T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack (MMA) adaptive chosen ciphertext attack."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-09T17:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "FEDORA-2012-4630",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077666.html"
        },
        {
          "name": "RHSA-2012:0531",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564"
        },
        {
          "name": "FEDORA-2012-18035",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://downloads.avaya.com/css/P8/documents/100162507"
        },
        {
          "name": "RHSA-2012:1308",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-1308.html"
        },
        {
          "name": "openSUSE-SU-2012:0547",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "https://hermes.opensuse.org/messages/14330767"
        },
        {
          "name": "RHSA-2012:1307",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-1307.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.openssl.org/news/secadv_20120312.txt"
        },
        {
          "name": "48916",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48916"
        },
        {
          "name": "RHSA-2012:0488",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-0488.html"
        },
        {
          "name": "DSA-2454",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2012/dsa-2454"
        },
        {
          "name": "48895",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48895"
        },
        {
          "name": "48580",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48580"
        },
        {
          "name": "VU#737740",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/737740"
        },
        {
          "name": "RHSA-2012:1306",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-1306.html"
        },
        {
          "name": "FEDORA-2012-4665",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077086.html"
        },
        {
          "name": "HPSBOV02793",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
        },
        {
          "name": "57353",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/57353"
        },
        {
          "name": "RHSA-2012:0426",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-0426.html"
        },
        {
          "name": "HPSBUX02782",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2"
        },
        {
          "name": "SSRT100891",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
        },
        {
          "name": "SSRT100852",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
        },
        {
          "name": "FEDORA-2012-4659",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077221.html"
        },
        {
          "name": "HPSBMU02776",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
        },
        {
          "name": "SSRT100844",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2012-0884",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack (MMA) adaptive chosen ciphertext attack."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "FEDORA-2012-4630",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077666.html"
            },
            {
              "name": "RHSA-2012:0531",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564"
            },
            {
              "name": "FEDORA-2012-18035",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html"
            },
            {
              "name": "https://downloads.avaya.com/css/P8/documents/100162507",
              "refsource": "CONFIRM",
              "url": "https://downloads.avaya.com/css/P8/documents/100162507"
            },
            {
              "name": "RHSA-2012:1308",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2012-1308.html"
            },
            {
              "name": "openSUSE-SU-2012:0547",
              "refsource": "SUSE",
              "url": "https://hermes.opensuse.org/messages/14330767"
            },
            {
              "name": "RHSA-2012:1307",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2012-1307.html"
            },
            {
              "name": "http://www.openssl.org/news/secadv_20120312.txt",
              "refsource": "CONFIRM",
              "url": "http://www.openssl.org/news/secadv_20120312.txt"
            },
            {
              "name": "48916",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48916"
            },
            {
              "name": "RHSA-2012:0488",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2012-0488.html"
            },
            {
              "name": "DSA-2454",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2012/dsa-2454"
            },
            {
              "name": "48895",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48895"
            },
            {
              "name": "48580",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48580"
            },
            {
              "name": "VU#737740",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/737740"
            },
            {
              "name": "RHSA-2012:1306",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2012-1306.html"
            },
            {
              "name": "FEDORA-2012-4665",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077086.html"
            },
            {
              "name": "HPSBOV02793",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
            },
            {
              "name": "57353",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/57353"
            },
            {
              "name": "RHSA-2012:0426",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2012-0426.html"
            },
            {
              "name": "HPSBUX02782",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2"
            },
            {
              "name": "SSRT100891",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
            },
            {
              "name": "SSRT100852",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
            },
            {
              "name": "FEDORA-2012-4659",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077221.html"
            },
            {
              "name": "HPSBMU02776",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
            },
            {
              "name": "SSRT100844",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2012-0884",
    "datePublished": "2012-03-13T01:00:00.000Z",
    "dateReserved": "2012-01-19T00:00:00.000Z",
    "dateUpdated": "2024-08-06T18:38:14.951Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2012-AVI-316

Vulnerability from certfr_avis - Published: 2012-06-12 - Updated: 2012-06-12

Onze vulnérabilités ont été corrigées dans HP Onboard Administrator. L'exploitation de ces vulnérabilités peut mener à divers accès non autorisés à des données distantes et à des dénis de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Versions antérieures à HP Onboard Adminitrator v3.56.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité HP du 07 juin 2012	None	vendor-advisory
Bulletin de sécurité HP c03315912 du 07 juin 2012 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eVersions ant\u00e9rieures \u00e0 HP Onboard Adminitrator v3.56.\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2012-0050",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0050"
    },
    {
      "name": "CVE-2012-0053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0053"
    },
    {
      "name": "CVE-2011-3192",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3192"
    },
    {
      "name": "CVE-2011-4619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4619"
    },
    {
      "name": "CVE-2012-2110",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2110"
    },
    {
      "name": "CVE-2011-4576",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4576"
    },
    {
      "name": "CVE-2012-0884",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0884"
    },
    {
      "name": "CVE-2011-4108",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4108"
    },
    {
      "name": "CVE-2012-1583",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1583"
    },
    {
      "name": "CVE-2011-2691",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2691"
    },
    {
      "name": "CVE-2011-1473",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1473"
    }
  ],
  "initial_release_date": "2012-06-12T00:00:00",
  "last_revision_date": "2012-06-12T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 HP c03315912 du 07 juin 2012 :",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03315912"
    }
  ],
  "reference": "CERTA-2012-AVI-316",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-06-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Onze vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan class=\"textit\"\u003eHP\nOnboard Administrator\u003c/span\u003e. L\u0027exploitation de ces vuln\u00e9rabilit\u00e9s peut\nmener \u00e0 divers acc\u00e8s non autoris\u00e9s \u00e0 des donn\u00e9es distantes et \u00e0 des\nd\u00e9nis de service \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans HP Onboard Administrator",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 HP du 07 juin 2012",
      "url": null
    }
  ]
}

CERTA-2012-AVI-419

Vulnerability from certfr_avis - Published: 2012-08-03 - Updated: 2012-08-03

Cinq vulnérabilités ont été corrigées dans IBM AIX. Elles concernent sa partie OpenSSL. Les failles sont des débordements de mémoire tampon, des écrasements de pointeurs et des faiblesses cryptographiques.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	AIX	IBM AIX 5.3 et antérieures ;
IBM	AIX	IBM VIOS 2.X.
IBM	AIX	IBM AIX 7.1 et antérieures ;
IBM	AIX	IBM AIX 6.1 et antérieures ;

References

Title

Publication Time

Tags

Bulletin de sécurité IBM du 01 aout 2012	None	vendor-advisory
Bulletin de sécurité IBM du 01 août 2012 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM AIX 5.3 et ant\u00e9rieures ;",
      "product": {
        "name": "AIX",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM VIOS 2.X.",
      "product": {
        "name": "AIX",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM AIX 7.1 et ant\u00e9rieures ;",
      "product": {
        "name": "AIX",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM AIX 6.1 et ant\u00e9rieures ;",
      "product": {
        "name": "AIX",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2012-2110",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2110"
    },
    {
      "name": "CVE-2012-0884",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0884"
    },
    {
      "name": "CVE-2012-1165",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1165"
    },
    {
      "name": "CVE-2012-2333",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2333"
    },
    {
      "name": "CVE-2012-2131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2131"
    }
  ],
  "initial_release_date": "2012-08-03T00:00:00",
  "last_revision_date": "2012-08-03T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM du 01 ao\u00fbt 2012 :",
      "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory4.asc"
    }
  ],
  "reference": "CERTA-2012-AVI-419",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-08-03T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Cinq vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan class=\"textit\"\u003eIBM\nAIX\u003c/span\u003e. Elles concernent sa partie \u003cspan\nclass=\"textit\"\u003eOpenSSL\u003c/span\u003e. Les failles sont des d\u00e9bordements de\nm\u00e9moire tampon, des \u00e9crasements de pointeurs et des faiblesses\ncryptographiques.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM AIX",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM du 01 aout 2012",
      "url": null
    }
  ]
}

CERTA-2012-AVI-518

Vulnerability from certfr_avis - Published: 2012-09-24 - Updated: 2012-09-24

De multiples vulnérabilités ont été corrigées dans les produits Avaya. Les correctifs sont liés à la mise à jour de leurs systèmes Redhat.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
AVAYA	N/A	Avaya Aura Presence Services versions 6.x
AVAYA	N/A	Avaya Aura Communication Manager versions 6.x
AVAYA	N/A	Avaya Proactive Contact versions 5.x
AVAYA	N/A	Avaya IP Office Application Server versions 7.x
AVAYA	N/A	Avaya IP Office Application Server versions 6.x
AVAYA	N/A	Avaya Aura Communication Manager versions 5.x
AVAYA	N/A	Avaya Voice Portal version 5.1
AVAYA	N/A	Avaya IQ versions 5.x
AVAYA	N/A	Avaya Aura System Platform versions 1.x
AVAYA	N/A	Avaya Voice Portal version 5.0
AVAYA	N/A	Avaya Aura Messaging versions 6.x
AVAYA	N/A	Avaya Aura System Platform versions 6.0.x
AVAYA	N/A	Avaya Aura System Manager versions 6.x
AVAYA	N/A	Avaya Voice Portal version 5.1.1
AVAYA	N/A	Avaya Voice Portal version 5.1.2
AVAYA	N/A	Avaya Aura SIP Enablement Services versions 5.x
AVAYA	N/A	Avaya Aurora Session Manager version 6.2
AVAYA	N/A	Avaya IP Office Application Server versions 8.x
AVAYA	N/A	Avaya Aurora Session Manager versions 5.x
AVAYA	N/A	Avaya Aura System Manager versions 5.x
AVAYA	N/A	Avaya Aura Application Enablement Services versions 5.x
AVAYA	N/A	Avaya Aura Experience Portal versions 6.x
AVAYA	N/A	Avaya Meeting Exchange versions 5.x
AVAYA	N/A	Avaya Messaging Storage Server 5.2.x
AVAYA	N/A	Avaya Aura Conferencing Standard Edition versions 6.x
AVAYA	N/A	Avaya Aura Communication Manager versions 4.x
AVAYA	N/A	Avaya Aura Application Server 5300
AVAYA	N/A	Avaya Aurora Session Manager versions 1.x
AVAYA	N/A	Avaya Aurora Session Manager version 6.2.1
AVAYA	N/A	Avaya Communication Server 1000 versions 7.x
AVAYA	N/A	Avaya Aura Application Enablement Services versions 6.x
AVAYA	N/A	Avaya Aurora Session Manager versions 6.0.x
AVAYA	N/A	Avaya Communication Server 1000 versions 6.x
AVAYA	N/A	Avaya Aura System Platform version 6.2
AVAYA	N/A	Avaya Aura Communication Manager Utility Services versions 6.x
AVAYA	N/A	Avaya Aurora Session Manager versions 6.1.x

References

Title

Publication Time

Tags

Bulletins de sécurité Avaya	None	vendor-advisory
Bulletin de sécurité AVAYA du 18 septembre 2012 :	-	other
Bulletin de sécurité AVAYA du 18 septembre 2012 :	-	other
Bulletin de sécurité AVAYA du 19 septembre 2012 :	-	other
Bulletin de sécurité AVAYA du 18 septembre 2012 :	-	other
Bulletin de sécurité AVAYA du 19 septembre 2012 :	-	other
Bulletin de sécurité AVAYA du 18 septembre 2012 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Avaya Aura Presence Services versions 6.x",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "AVAYA",
          "scada": false
        }
      }
    },
    {
      "description": "Avaya Aura Communication Manager versions 6.x",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "AVAYA",
          "scada": false
        }
      }
    },
    {
      "description": "Avaya Proactive Contact versions 5.x",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "AVAYA",
          "scada": false
        }
      }
    },
    {
      "description": "Avaya IP Office Application Server versions 7.x",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "AVAYA",
          "scada": false
        }
      }
    },
    {
      "description": "Avaya IP Office Application Server versions 6.x",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "AVAYA",
          "scada": false
        }
      }
    },
    {
      "description": "Avaya Aura Communication Manager versions 5.x",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "AVAYA",
          "scada": false
        }
      }
    },
    {
      "description": "Avaya Voice Portal version 5.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "AVAYA",
          "scada": false
        }
      }
    },
    {
      "description": "Avaya IQ versions 5.x",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "AVAYA",
          "scada": false
        }
      }
    },
    {
      "description": "Avaya Aura System Platform versions 1.x",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "AVAYA",
          "scada": false
        }
      }
    },
    {
      "description": "Avaya Voice Portal version 5.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "AVAYA",
          "scada": false
        }
      }
    },
    {
      "description": "Avaya Aura Messaging versions 6.x",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "AVAYA",
          "scada": false
        }
      }
    },
    {
      "description": "Avaya Aura System Platform versions 6.0.x",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "AVAYA",
          "scada": false
        }
      }
    },
    {
      "description": "Avaya Aura System Manager versions 6.x",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "AVAYA",
          "scada": false
        }
      }
    },
    {
      "description": "Avaya Voice Portal version 5.1.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "AVAYA",
          "scada": false
        }
      }
    },
    {
      "description": "Avaya Voice Portal version 5.1.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "AVAYA",
          "scada": false
        }
      }
    },
    {
      "description": "Avaya Aura SIP Enablement Services versions 5.x",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "AVAYA",
          "scada": false
        }
      }
    },
    {
      "description": "Avaya Aurora Session Manager version 6.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "AVAYA",
          "scada": false
        }
      }
    },
    {
      "description": "Avaya IP Office Application Server versions 8.x",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "AVAYA",
          "scada": false
        }
      }
    },
    {
      "description": "Avaya Aurora Session Manager versions 5.x",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "AVAYA",
          "scada": false
        }
      }
    },
    {
      "description": "Avaya Aura System Manager versions 5.x",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "AVAYA",
          "scada": false
        }
      }
    },
    {
      "description": "Avaya Aura Application Enablement Services versions 5.x",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "AVAYA",
          "scada": false
        }
      }
    },
    {
      "description": "Avaya Aura Experience Portal versions 6.x",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "AVAYA",
          "scada": false
        }
      }
    },
    {
      "description": "Avaya Meeting Exchange versions 5.x",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "AVAYA",
          "scada": false
        }
      }
    },
    {
      "description": "Avaya Messaging Storage Server 5.2.x",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "AVAYA",
          "scada": false
        }
      }
    },
    {
      "description": "Avaya Aura Conferencing Standard Edition versions 6.x",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "AVAYA",
          "scada": false
        }
      }
    },
    {
      "description": "Avaya Aura Communication Manager versions 4.x",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "AVAYA",
          "scada": false
        }
      }
    },
    {
      "description": "Avaya Aura Application Server 5300",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "AVAYA",
          "scada": false
        }
      }
    },
    {
      "description": "Avaya Aurora Session Manager versions 1.x",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "AVAYA",
          "scada": false
        }
      }
    },
    {
      "description": "Avaya Aurora Session Manager version 6.2.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "AVAYA",
          "scada": false
        }
      }
    },
    {
      "description": "Avaya Communication Server 1000 versions 7.x",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "AVAYA",
          "scada": false
        }
      }
    },
    {
      "description": "Avaya Aura Application Enablement Services versions 6.x",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "AVAYA",
          "scada": false
        }
      }
    },
    {
      "description": "Avaya Aurora Session Manager versions 6.0.x",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "AVAYA",
          "scada": false
        }
      }
    },
    {
      "description": "Avaya Communication Server 1000 versions 6.x",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "AVAYA",
          "scada": false
        }
      }
    },
    {
      "description": "Avaya Aura System Platform version 6.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "AVAYA",
          "scada": false
        }
      }
    },
    {
      "description": "Avaya Aura Communication Manager Utility Services versions 6.x",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "AVAYA",
          "scada": false
        }
      }
    },
    {
      "description": "Avaya Aurora Session Manager versions 6.1.x",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "AVAYA",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-2213",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2213"
    },
    {
      "name": "CVE-2010-4649",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4649"
    },
    {
      "name": "CVE-2011-1044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1044"
    },
    {
      "name": "CVE-2011-2022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2022"
    },
    {
      "name": "CVE-2011-1746",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1746"
    },
    {
      "name": "CVE-2011-0695",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0695"
    },
    {
      "name": "CVE-2011-1745",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1745"
    },
    {
      "name": "CVE-2012-0884",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0884"
    },
    {
      "name": "CVE-2011-1776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1776"
    },
    {
      "name": "CVE-2011-4028",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4028"
    },
    {
      "name": "CVE-2011-1936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1936"
    },
    {
      "name": "CVE-2011-1593",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1593"
    },
    {
      "name": "CVE-2011-1182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1182"
    },
    {
      "name": "CVE-2012-1165",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1165"
    },
    {
      "name": "CVE-2012-0864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0864"
    },
    {
      "name": "CVE-2012-0841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0841"
    },
    {
      "name": "CVE-2011-2492",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2492"
    },
    {
      "name": "CVE-2011-1573",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1573"
    },
    {
      "name": "CVE-2011-0419",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0419"
    },
    {
      "name": "CVE-2011-0711",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0711"
    },
    {
      "name": "CVE-2011-1576",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1576"
    }
  ],
  "initial_release_date": "2012-09-24T00:00:00",
  "last_revision_date": "2012-09-24T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 AVAYA du 18 septembre 2012 :",
      "url": "https://downloads.avaya.com/css/P8/documents/100160780"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 AVAYA du 18 septembre 2012 :",
      "url": "https://downloads.avaya.com/css/P8/documents/100160023"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 AVAYA du 19 septembre 2012 :",
      "url": "https://downloads.avaya.com/css/P8/documents/100162507"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 AVAYA du 18 septembre 2012 :",
      "url": "https://downloads.avaya.com/css/P8/documents/100160589"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 AVAYA du 19 septembre 2012 :",
      "url": "https://downloads.avaya.com/css/P8/documents/100147390"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 AVAYA du 18 septembre 2012 :",
      "url": "https://downloads.avaya.com/css/P8/documents/100141102"
    }
  ],
  "reference": "CERTA-2012-AVI-518",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-09-24T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eAvaya\u003c/span\u003e. Les correctifs sont li\u00e9s \u00e0 la mise \u00e0 jour\nde leurs syst\u00e8mes \u003cspan class=\"textit\"\u003eRedhat\u003c/span\u003e.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Avaya",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletins de s\u00e9curit\u00e9 Avaya",
      "url": null
    }
  ]
}

CERTA-2013-AVI-090

Vulnerability from certfr_avis - Published: 2013-02-04 - Updated: 2013-02-04

De multiples vulnérabilités ont été corrigées dans IBM InfoSphere Balanced Warehouse. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	N/A	IBM Smart Analytics System 5600 V2
IBM	N/A	IBM Smart Analytics System 5710
IBM	N/A	IBM Smart Analytics System 2050 pour Linux
IBM	N/A	IBM InfoSphere Balanced Warehouse C3000
IBM	N/A	IBM InfoSphere Balanced Warehouse C4000
IBM	N/A	IBM Smart Analytics System 1050 pour Linux
IBM	N/A	IBM InfoSphere Balanced Warehouse D5100
IBM	N/A	IBM Smart Analytics System 5600 V1

References

Title

Publication Time

Tags

Bulletin de sécurité IBM swg21619837 du 31 janvier 2013

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM Smart Analytics System 5600 V2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Smart Analytics System 5710",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Smart Analytics System 2050 pour Linux",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM InfoSphere Balanced Warehouse C3000",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM InfoSphere Balanced Warehouse C4000",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Smart Analytics System 1050 pour Linux",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM InfoSphere Balanced Warehouse D5100",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Smart Analytics System 5600 V1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2012-0050",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0050"
    },
    {
      "name": "CVE-2011-3210",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3210"
    },
    {
      "name": "CVE-2011-4619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4619"
    },
    {
      "name": "CVE-2012-2110",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2110"
    },
    {
      "name": "CVE-2011-4576",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4576"
    },
    {
      "name": "CVE-2011-4577",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4577"
    },
    {
      "name": "CVE-2012-0884",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0884"
    },
    {
      "name": "CVE-2011-4108",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4108"
    },
    {
      "name": "CVE-2010-3864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3864"
    },
    {
      "name": "CVE-2011-0014",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0014"
    },
    {
      "name": "CVE-2012-2131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2131"
    }
  ],
  "initial_release_date": "2013-02-04T00:00:00",
  "last_revision_date": "2013-02-04T00:00:00",
  "links": [],
  "reference": "CERTA-2013-AVI-090",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2013-02-04T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eIBM InfoSphere Balanced Warehouse\u003c/span\u003e. Certaines\nd\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM InfoSphere Balanced Warehouse",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM swg21619837 du 31 janvier 2013",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21619837"
    }
  ]
}

CERTFR-2016-AVI-300

Vulnerability from certfr_avis - Published: 2016-09-08 - Updated: 2016-09-08

De multiples vulnérabilités ont été corrigées dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Juniper Junos Space versions antérieures à 15.1R1

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper JSA10698 du 07 septembre 2016	None	vendor-advisory
Bulletin de sécurité Juniper JSA10659 du 07 septembre 2016	None	vendor-advisory
Bulletin de sécurité Juniper JSA10627 du 07 septembre 2016	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eJuniper Junos Space versions ant\u00e9rieures \u00e0 15.1R1\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2014-0460",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0460"
    },
    {
      "name": "CVE-2010-1429",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1429"
    },
    {
      "name": "CVE-2013-1557",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1557"
    },
    {
      "name": "CVE-2011-4619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4619"
    },
    {
      "name": "CVE-2013-2389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-2389"
    },
    {
      "name": "CVE-2012-2110",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2110"
    },
    {
      "name": "CVE-2013-3805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3805"
    },
    {
      "name": "CVE-2013-3801",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3801"
    },
    {
      "name": "CVE-2015-0975",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0975"
    },
    {
      "name": "CVE-2011-4576",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4576"
    },
    {
      "name": "CVE-2010-0738",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0738"
    },
    {
      "name": "CVE-2014-6491",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6491"
    },
    {
      "name": "CVE-2010-1428",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1428"
    },
    {
      "name": "CVE-2013-1502",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1502"
    },
    {
      "name": "CVE-2013-1544",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1544"
    },
    {
      "name": "CVE-2013-2392",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-2392"
    },
    {
      "name": "CVE-2014-0429",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0429"
    },
    {
      "name": "CVE-2013-0166",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0166"
    },
    {
      "name": "CVE-2014-0456",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0456"
    },
    {
      "name": "CVE-2013-3804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3804"
    },
    {
      "name": "CVE-2012-0884",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0884"
    },
    {
      "name": "CVE-2015-2620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2620"
    },
    {
      "name": "CVE-2014-0098",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0098"
    },
    {
      "name": "CVE-2013-3809",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3809"
    },
    {
      "name": "CVE-2014-0453",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0453"
    },
    {
      "name": "CVE-2013-0169",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0169"
    },
    {
      "name": "CVE-2014-1568",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1568"
    },
    {
      "name": "CVE-2014-0423",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0423"
    },
    {
      "name": "CVE-2013-3808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3808"
    },
    {
      "name": "CVE-2013-3783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3783"
    },
    {
      "name": "CVE-2014-0224",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0224"
    },
    {
      "name": "CVE-2014-4263",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4263"
    },
    {
      "name": "CVE-2014-6500",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6500"
    },
    {
      "name": "CVE-2014-6495",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6495"
    },
    {
      "name": "CVE-2012-3143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3143"
    },
    {
      "name": "CVE-2013-2422",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-2422"
    },
    {
      "name": "CVE-2014-6494",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6494"
    },
    {
      "name": "CVE-2013-2376",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-2376"
    },
    {
      "name": "CVE-2013-2249",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-2249"
    },
    {
      "name": "CVE-2015-3209",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3209"
    },
    {
      "name": "CVE-2013-3794",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3794"
    },
    {
      "name": "CVE-2011-4109",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4109"
    },
    {
      "name": "CVE-2012-0818",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0818"
    },
    {
      "name": "CVE-2013-1511",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1511"
    },
    {
      "name": "CVE-2013-1862",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1862"
    },
    {
      "name": "CVE-2014-6478",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6478"
    },
    {
      "name": "CVE-2014-6559",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6559"
    },
    {
      "name": "CVE-2014-3413",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3413"
    },
    {
      "name": "CVE-2014-4244",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4244"
    },
    {
      "name": "CVE-2013-3802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3802"
    },
    {
      "name": "CVE-2013-3839",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3839"
    },
    {
      "name": "CVE-2013-3812",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3812"
    },
    {
      "name": "CVE-2013-2375",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-2375"
    },
    {
      "name": "CVE-2015-7753",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7753"
    },
    {
      "name": "CVE-2014-6496",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6496"
    },
    {
      "name": "CVE-2013-6438",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-6438"
    },
    {
      "name": "CVE-2013-1896",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1896"
    },
    {
      "name": "CVE-2013-1532",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1532"
    },
    {
      "name": "CVE-2013-2391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-2391"
    },
    {
      "name": "CVE-2014-4264",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4264"
    },
    {
      "name": "CVE-2013-3793",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3793"
    },
    {
      "name": "CVE-2011-5245",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-5245"
    },
    {
      "name": "CVE-2013-1537",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1537"
    },
    {
      "name": "CVE-2015-0501",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0501"
    },
    {
      "name": "CVE-2012-2333",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2333"
    },
    {
      "name": "CVE-2013-5908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5908"
    }
  ],
  "initial_release_date": "2016-09-08T00:00:00",
  "last_revision_date": "2016-09-08T00:00:00",
  "links": [],
  "reference": "CERTFR-2016-AVI-300",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-09-08T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Juniper\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9\ndes donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10698 du 07 septembre 2016",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10698\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10659 du 07 septembre 2016",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10659\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10627 du 07 septembre 2016",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10627\u0026cat=SIRT_1\u0026actp=LIST"
    }
  ]
}

CERTA-2012-AVI-134

Vulnerability from certfr_avis - Published: 2012-03-13 - Updated: 2012-03-13

Des vulnérabilités ont été corrigées dans OpenSSL et permettent de provoquer un déni de service à distance.

Description

Deux vulnérabilités ont été corrigées dans OpenSSL. Elles permettent à un attaquant de contourner la politique de sécurité et de provoquer un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	OpenSSL	OpenSSL	OpenSSL versions 0.9.8t et antérieures.
	OpenSSL	OpenSSL	OpenSSL versions 1.0.0g et antérieures ;

References

Title

Publication Time

Tags

Bulletin de sécurité OpenSSL du 12 mars 2012

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "OpenSSL versions 0.9.8t et ant\u00e9rieures.",
      "product": {
        "name": "OpenSSL",
        "vendor": {
          "name": "OpenSSL",
          "scada": false
        }
      }
    },
    {
      "description": "OpenSSL versions 1.0.0g et ant\u00e9rieures ;",
      "product": {
        "name": "OpenSSL",
        "vendor": {
          "name": "OpenSSL",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDeux vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans OpenSSL. Elles permettent \u00e0\nun attaquant de contourner la politique de s\u00e9curit\u00e9 et de provoquer un\nd\u00e9ni de service \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2012-0884",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0884"
    },
    {
      "name": "CVE-2012-1165",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1165"
    }
  ],
  "initial_release_date": "2012-03-13T00:00:00",
  "last_revision_date": "2012-03-13T00:00:00",
  "links": [],
  "reference": "CERTA-2012-AVI-134",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-03-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Des vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans OpenSSL et permettent de\nprovoquer un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans OpenSSL",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 OpenSSL du 12 mars 2012",
      "url": "http://www.openssl.org/news/secadv_20120312.txt"
    }
  ]
}

CERTA-2012-AVI-286

Vulnerability from certfr_avis - Published: 2012-05-18 - Updated: 2012-05-18

De multiples vulnérabilités ont été corrigées dans HP-UX. Elles affectent l'environnement JAVA JRE et JDK ainsi que OpenSSL. Les failles sont majoritairement des dénis de service mais sont également présents des modifications de données et des accès non autorisés aux données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	HP-UX B.11.31.
N/A	N/A	HP-UX B.11.23 ;
N/A	N/A	HP-UX B.11.11 ;

References

Title

Publication Time

Tags

Bulletin de sécurité HP-UX c03316985 du 15 mai 2012	None	vendor-advisory
Bulletin de sécurité HP-UX c03333987 du 17 mai 2012	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "HP-UX B.11.31.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "HP-UX B.11.23 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "HP-UX B.11.11 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-4476",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4476"
    },
    {
      "name": "CVE-2010-4465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4465"
    },
    {
      "name": "CVE-2012-0502",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0502"
    },
    {
      "name": "CVE-2010-4473",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4473"
    },
    {
      "name": "CVE-2011-3556",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3556"
    },
    {
      "name": "CVE-2011-3545",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3545"
    },
    {
      "name": "CVE-2011-3548",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3548"
    },
    {
      "name": "CVE-2011-0864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0864"
    },
    {
      "name": "CVE-2010-4447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4447"
    },
    {
      "name": "CVE-2011-4619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4619"
    },
    {
      "name": "CVE-2012-2110",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2110"
    },
    {
      "name": "CVE-2012-0505",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0505"
    },
    {
      "name": "CVE-2011-3552",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3552"
    },
    {
      "name": "CVE-2012-0499",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0499"
    },
    {
      "name": "CVE-2011-0871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0871"
    },
    {
      "name": "CVE-2011-3560",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3560"
    },
    {
      "name": "CVE-2010-4448",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4448"
    },
    {
      "name": "CVE-2010-4462",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4462"
    },
    {
      "name": "CVE-2012-0884",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0884"
    },
    {
      "name": "CVE-2006-7250",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-7250"
    },
    {
      "name": "CVE-2012-0506",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0506"
    },
    {
      "name": "CVE-2011-0802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0802"
    },
    {
      "name": "CVE-2012-0503",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0503"
    },
    {
      "name": "CVE-2012-1165",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1165"
    },
    {
      "name": "CVE-2010-4454",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4454"
    },
    {
      "name": "CVE-2011-0862",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0862"
    },
    {
      "name": "CVE-2011-3563",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3563"
    },
    {
      "name": "CVE-2011-0865",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0865"
    },
    {
      "name": "CVE-2011-0815",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0815"
    },
    {
      "name": "CVE-2010-4469",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4469"
    },
    {
      "name": "CVE-2011-0814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0814"
    },
    {
      "name": "CVE-2010-4475",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4475"
    },
    {
      "name": "CVE-2011-3557",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3557"
    },
    {
      "name": "CVE-2011-0867",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0867"
    },
    {
      "name": "CVE-2011-3549",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3549"
    },
    {
      "name": "CVE-2011-3547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3547"
    },
    {
      "name": "CVE-2011-3389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3389"
    },
    {
      "name": "CVE-2012-2131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2131"
    }
  ],
  "initial_release_date": "2012-05-18T00:00:00",
  "last_revision_date": "2012-05-18T00:00:00",
  "links": [],
  "reference": "CERTA-2012-AVI-286",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-05-18T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eHP-UX\u003c/span\u003e. Elles affectent l\u0027environnement JAVA \u003cspan\nclass=\"textit\"\u003eJRE\u003c/span\u003e et \u003cspan class=\"textit\"\u003eJDK\u003c/span\u003e ainsi que\n\u003cspan class=\"textit\"\u003eOpenSSL\u003c/span\u003e. Les failles sont majoritairement\ndes d\u00e9nis de service mais sont \u00e9galement pr\u00e9sents des modifications de\ndonn\u00e9es et des acc\u00e8s non autoris\u00e9s aux donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans HP-UX",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 HP-UX c03316985 du 15 mai 2012",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03316985"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 HP-UX c03333987 du 17 mai 2012",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03316985"
    }
  ]
}

FKIE_CVE-2012-0884

Vulnerability from fkie_nvd - Published: 2012-03-13 03:12 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077086.html
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077221.html
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077666.html
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html
secalert@redhat.com	http://marc.info/?l=bugtraq&m=133728068926468&w=2
secalert@redhat.com	http://marc.info/?l=bugtraq&m=133951357207000&w=2
secalert@redhat.com	http://marc.info/?l=bugtraq&m=134039053214295&w=2
secalert@redhat.com	http://rhn.redhat.com/errata/RHSA-2012-0426.html
secalert@redhat.com	http://rhn.redhat.com/errata/RHSA-2012-0488.html
secalert@redhat.com	http://rhn.redhat.com/errata/RHSA-2012-0531.html
secalert@redhat.com	http://rhn.redhat.com/errata/RHSA-2012-1306.html
secalert@redhat.com	http://rhn.redhat.com/errata/RHSA-2012-1307.html
secalert@redhat.com	http://rhn.redhat.com/errata/RHSA-2012-1308.html
secalert@redhat.com	http://secunia.com/advisories/48580
secalert@redhat.com	http://secunia.com/advisories/48895
secalert@redhat.com	http://secunia.com/advisories/48916
secalert@redhat.com	http://secunia.com/advisories/57353
secalert@redhat.com	http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564
secalert@redhat.com	http://www.debian.org/security/2012/dsa-2454
secalert@redhat.com	http://www.kb.cert.org/vuls/id/737740	US Government Resource
secalert@redhat.com	http://www.openssl.org/news/secadv_20120312.txt	Vendor Advisory
secalert@redhat.com	https://downloads.avaya.com/css/P8/documents/100162507
secalert@redhat.com	https://hermes.opensuse.org/messages/14330767
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077086.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077221.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077666.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=133728068926468&w=2
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=133951357207000&w=2
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=134039053214295&w=2
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2012-0426.html
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2012-0488.html
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2012-0531.html
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2012-1306.html
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2012-1307.html
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2012-1308.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/48580
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/48895
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/48916
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/57353
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2012/dsa-2454
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/737740	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.openssl.org/news/secadv_20120312.txt	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://downloads.avaya.com/css/P8/documents/100162507
af854a3a-2127-422b-91ae-364da2661108	https://hermes.opensuse.org/messages/14330767

Impacted products

Vendor	Product	Version
openssl	openssl	*
openssl	openssl	0.9.0b
openssl	openssl	0.9.1b
openssl	openssl	0.9.1c
openssl	openssl	0.9.2b
openssl	openssl	0.9.3
openssl	openssl	0.9.3a
openssl	openssl	0.9.4
openssl	openssl	0.9.5
openssl	openssl	0.9.5a
openssl	openssl	0.9.6
openssl	openssl	0.9.6a
openssl	openssl	0.9.6b
openssl	openssl	0.9.6c
openssl	openssl	0.9.6d
openssl	openssl	0.9.6e
openssl	openssl	0.9.6f
openssl	openssl	0.9.6g
openssl	openssl	0.9.6h
openssl	openssl	0.9.6i
openssl	openssl	0.9.6j
openssl	openssl	0.9.6k
openssl	openssl	0.9.6l
openssl	openssl	0.9.6m
openssl	openssl	0.9.7
openssl	openssl	0.9.7a
openssl	openssl	0.9.7b
openssl	openssl	0.9.7c
openssl	openssl	0.9.7d
openssl	openssl	0.9.7e
openssl	openssl	0.9.7f
openssl	openssl	0.9.7g
openssl	openssl	0.9.7h
openssl	openssl	0.9.7i
openssl	openssl	0.9.7j
openssl	openssl	0.9.7k
openssl	openssl	0.9.7l
openssl	openssl	0.9.7m
openssl	openssl	0.9.8
openssl	openssl	0.9.8a
openssl	openssl	0.9.8b
openssl	openssl	0.9.8c
openssl	openssl	0.9.8d
openssl	openssl	0.9.8e
openssl	openssl	0.9.8f
openssl	openssl	0.9.8g
openssl	openssl	0.9.8h
openssl	openssl	0.9.8i
openssl	openssl	0.9.8j
openssl	openssl	0.9.8k
openssl	openssl	0.9.8l
openssl	openssl	0.9.8m
openssl	openssl	0.9.8n
openssl	openssl	0.9.8o
openssl	openssl	0.9.8p
openssl	openssl	0.9.8q
openssl	openssl	0.9.8r
openssl	openssl	0.9.8s
openssl	openssl	1.0.0
openssl	openssl	1.0.0a
openssl	openssl	1.0.0b
openssl	openssl	1.0.0c
openssl	openssl	1.0.0d
openssl	openssl	1.0.0e
openssl	openssl	1.0.0f
openssl	openssl	1.0.0g

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "696376CD-ED8A-4086-AD60-C0D5F6999F80",
              "versionEndIncluding": "0.9.8t",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.0b:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE4F6317-358E-4BFA-B826-DE1FEA965808",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.1b:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9C775A5-0E14-4BB4-8664-EFAF8E3B70FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*",
              "matchCriteriaId": "14D983EC-61B0-4FD9-89B5-9878E4CE4405",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5D7BE3C-8CA2-4FB2-B4AE-B201D88C2A9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC4C5F05-BC0B-478D-9A6F-7C804777BA41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.3a:*:*:*:*:*:*:*",
              "matchCriteriaId": "27F417A1-5D97-4BC4-8B97-5AC40236DA21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8847BD34-BDE6-4AE9-96D9-75B9CF93A6A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EDB5A09-BE86-4352-9799-A875649EDB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*",
              "matchCriteriaId": "F03FA9C0-24C7-46AC-92EC-7834BC34C79B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5E4742C-A983-4F00-B24F-AB280C0E876D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A0628DF-3A4C-4078-B615-22260671EABF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*",
              "matchCriteriaId": "962FCB86-15AD-4399-8B7D-EC1DEA919C59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FCA45CE-4127-47AD-BBA8-8A6DD83AE1C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CA1CA40-7DB5-4DCA-97A8-9A8CF4FECECC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*",
              "matchCriteriaId": "180D07AE-C571-4DD6-837C-43E2A946007A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA3E4D2A-6488-4F8B-A3CA-4161A10FA4DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*",
              "matchCriteriaId": "90789533-C741-4B1C-A24B-2C77B9E4DE5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*",
              "matchCriteriaId": "1520065B-46D7-48A4-B9D0-5B49F690C5B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B76FE2D-FBE0-4A3B-A0EA-179332D74F0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AA526B9-726A-49D5-B3CA-EBE2DA303CA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*",
              "matchCriteriaId": "494E48E7-EF86-4860-9A53-94F6C313746E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*",
              "matchCriteriaId": "2636B92E-47D5-42EA-9585-A2B84FBE71CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*",
              "matchCriteriaId": "72FE2F46-2D0C-4C90-AFBE-D2E7B496D6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "45A518E8-21BE-4C5C-B425-410AB1208E9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*",
              "matchCriteriaId": "78E79A05-64F3-4397-952C-A5BB950C967D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F7C9E77-1EB2-4720-A8FD-23DC1C877D5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*",
              "matchCriteriaId": "549BB01D-F322-4FE3-BDA2-4FEA8ED8568A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DE6CBD6-D6DD-4BC5-93F6-FDEA70163336",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*",
              "matchCriteriaId": "98693865-2E79-4BD6-9F89-1994BC9A3E73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6476506-EC37-4726-82DC-D0E8254A8CDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D6ECEF7-CB16-4604-894B-6EB19F1CEF55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C81EF3D-4DB7-4799-9670-8D79E28CA184",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8116A66-175C-4E6D-9A9B-D54C1D97D213",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*",
              "matchCriteriaId": "382C1679-DA1D-4FA4-9D5E-B86CC5052D49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CA28812-8A24-4FE1-BED9-D6D5BB023645",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7l:*:*:*:*:*:*:*",
              "matchCriteriaId": "9894D83E-2A27-446E-8B47-9C03CF802A2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7m:*:*:*:*:*:*:*",
              "matchCriteriaId": "55A9AC4D-E19B-431F-8679-B62F5F46BCF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A4E446D-B9D3-45F2-9722-B41FA14A6C31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF4EA988-FC80-4170-8933-7C6663731981",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*",
              "matchCriteriaId": "64F8F53B-24A1-4877-B16E-F1917C4E4E81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*",
              "matchCriteriaId": "75D3ACD5-905F-42BB-BE1A-8382E9D823BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*",
              "matchCriteriaId": "766EA6F2-7FA4-4713-9859-9971CCD2FDCB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFBC30B7-627D-48DC-8EF0-AE8FA0C6EDBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BB38AEA-BAF0-4920-9A71-747C24444770",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F33EA2B-DE15-4695-A383-7A337AC38908",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*",
              "matchCriteriaId": "261EE631-AB43-44FE-B02A-DFAAB8D35927",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA0E0BBF-D0BE-41A7-B9BB-C28F01000BC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A1365ED-4651-4AB2-A64B-43782EA2F0E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC82690C-DCED-47BA-AA93-4D0C9E95B806",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*",
              "matchCriteriaId": "43B90ED1-DAB4-4239-8AD8-87E8D568D5D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C9BF2DD-85EF-49CF-8D83-0DB46449E333",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*",
              "matchCriteriaId": "86C46AB8-52E5-4385-9C5C-F63FF9DB82AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*",
              "matchCriteriaId": "564AA4E7-223E-48D8-B3E0-A461969CF530",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*",
              "matchCriteriaId": "A82CFB41-BEA5-4B5F-BCAA-9BAED22EEAF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*",
              "matchCriteriaId": "35C2AE06-B6E8-41C4-BB60-177AC4819CE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8r:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB15C1F3-0DE8-4A50-B17C-618ECA58AABF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8s:*:*:*:*:*:*:*",
              "matchCriteriaId": "45491BD3-7C62-4422-B7DA-CB2741890FBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FBD8C92-6138-4274-ACBA-D7D42DAEC5AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*",
              "matchCriteriaId": "10FF0A06-DA61-4250-B083-67E55E362677",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A6BA453-C150-4159-B80B-5465EFF83F11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*",
              "matchCriteriaId": "638A2E69-8AB6-4FEA-852A-FEF16A500C1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*",
              "matchCriteriaId": "56C47D3A-B99D-401D-B6B8-1194B2DB4809",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*",
              "matchCriteriaId": "08355B10-E004-4BE6-A5AE-4D428810580B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*",
              "matchCriteriaId": "738BCFDC-1C49-4774-95AE-E099F707DEF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4B242C0-D27D-4644-AD19-5ACB853C9DC2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack (MMA) adaptive chosen ciphertext attack."
    },
    {
      "lang": "es",
      "value": "La implementaci\u00f3n de Cryptographic Message Syntax (CMS) y PKCS #7 de OpenSSL anteriores a 0.9.8u y 1.x anteriores a 1.0.0h no restringe apropiadamente un determinado uso de informaci\u00f3n posterior (\"oracle behavior\"), lo que facilita a atacantes dependientes del contexto desencriptar datos a trav\u00e9s de un ataque de tipo \"Million Message Attack (MMA) adaptive chosen ciphertext\"."
    }
  ],
  "id": "CVE-2012-0884",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-03-13T03:12:26.243",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077086.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077221.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077666.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0426.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0488.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-1306.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-1307.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-1308.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/48580"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/48895"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/48916"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/57353"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2012/dsa-2454"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/737740"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.openssl.org/news/secadv_20120312.txt"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://downloads.avaya.com/css/P8/documents/100162507"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://hermes.opensuse.org/messages/14330767"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077086.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077221.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077666.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0426.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0488.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-1306.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-1307.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-1308.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/48580"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/48895"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/48916"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/57353"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2012/dsa-2454"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/737740"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.openssl.org/news/secadv_20120312.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://downloads.avaya.com/css/P8/documents/100162507"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://hermes.opensuse.org/messages/14330767"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-310"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2012-0884

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2012-0884

Aliases

CVE-2012-0884

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2012-0884",
    "description": "The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack (MMA) adaptive chosen ciphertext attack.",
    "id": "GSD-2012-0884",
    "references": [
      "https://www.suse.com/security/cve/CVE-2012-0884.html",
      "https://www.debian.org/security/2012/dsa-2454",
      "https://access.redhat.com/errata/RHSA-2012:1308",
      "https://access.redhat.com/errata/RHSA-2012:1307",
      "https://access.redhat.com/errata/RHSA-2012:1306",
      "https://access.redhat.com/errata/RHSA-2012:0426",
      "https://alas.aws.amazon.com/cve/html/CVE-2012-0884.html",
      "https://linux.oracle.com/cve/CVE-2012-0884.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2012-0884"
      ],
      "details": "The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack (MMA) adaptive chosen ciphertext attack.",
      "id": "GSD-2012-0884",
      "modified": "2023-12-13T01:20:14.343966Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2012-0884",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack (MMA) adaptive chosen ciphertext attack."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "FEDORA-2012-4630",
            "refsource": "FEDORA",
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077666.html"
          },
          {
            "name": "RHSA-2012:0531",
            "refsource": "REDHAT",
            "url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html"
          },
          {
            "name": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564",
            "refsource": "CONFIRM",
            "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564"
          },
          {
            "name": "FEDORA-2012-18035",
            "refsource": "FEDORA",
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html"
          },
          {
            "name": "https://downloads.avaya.com/css/P8/documents/100162507",
            "refsource": "CONFIRM",
            "url": "https://downloads.avaya.com/css/P8/documents/100162507"
          },
          {
            "name": "RHSA-2012:1308",
            "refsource": "REDHAT",
            "url": "http://rhn.redhat.com/errata/RHSA-2012-1308.html"
          },
          {
            "name": "openSUSE-SU-2012:0547",
            "refsource": "SUSE",
            "url": "https://hermes.opensuse.org/messages/14330767"
          },
          {
            "name": "RHSA-2012:1307",
            "refsource": "REDHAT",
            "url": "http://rhn.redhat.com/errata/RHSA-2012-1307.html"
          },
          {
            "name": "http://www.openssl.org/news/secadv_20120312.txt",
            "refsource": "CONFIRM",
            "url": "http://www.openssl.org/news/secadv_20120312.txt"
          },
          {
            "name": "48916",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/48916"
          },
          {
            "name": "RHSA-2012:0488",
            "refsource": "REDHAT",
            "url": "http://rhn.redhat.com/errata/RHSA-2012-0488.html"
          },
          {
            "name": "DSA-2454",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2012/dsa-2454"
          },
          {
            "name": "48895",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/48895"
          },
          {
            "name": "48580",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/48580"
          },
          {
            "name": "VU#737740",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/737740"
          },
          {
            "name": "RHSA-2012:1306",
            "refsource": "REDHAT",
            "url": "http://rhn.redhat.com/errata/RHSA-2012-1306.html"
          },
          {
            "name": "FEDORA-2012-4665",
            "refsource": "FEDORA",
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077086.html"
          },
          {
            "name": "HPSBOV02793",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
          },
          {
            "name": "57353",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/57353"
          },
          {
            "name": "RHSA-2012:0426",
            "refsource": "REDHAT",
            "url": "http://rhn.redhat.com/errata/RHSA-2012-0426.html"
          },
          {
            "name": "HPSBUX02782",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2"
          },
          {
            "name": "SSRT100891",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
          },
          {
            "name": "SSRT100852",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
          },
          {
            "name": "FEDORA-2012-4659",
            "refsource": "FEDORA",
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077221.html"
          },
          {
            "name": "HPSBMU02776",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
          },
          {
            "name": "SSRT100844",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8s:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8r:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.3a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.1b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "0.9.8t",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.0b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2012-0884"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack (MMA) adaptive chosen ciphertext attack."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-310"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.openssl.org/news/secadv_20120312.txt",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.openssl.org/news/secadv_20120312.txt"
            },
            {
              "name": "HPSBOV02793",
              "refsource": "HP",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
            },
            {
              "name": "FEDORA-2012-4665",
              "refsource": "FEDORA",
              "tags": [],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077086.html"
            },
            {
              "name": "openSUSE-SU-2012:0547",
              "refsource": "SUSE",
              "tags": [],
              "url": "https://hermes.opensuse.org/messages/14330767"
            },
            {
              "name": "48895",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/48895"
            },
            {
              "name": "DSA-2454",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2012/dsa-2454"
            },
            {
              "name": "48916",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/48916"
            },
            {
              "name": "RHSA-2012:1306",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://rhn.redhat.com/errata/RHSA-2012-1306.html"
            },
            {
              "name": "RHSA-2012:1307",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://rhn.redhat.com/errata/RHSA-2012-1307.html"
            },
            {
              "name": "RHSA-2012:1308",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://rhn.redhat.com/errata/RHSA-2012-1308.html"
            },
            {
              "name": "FEDORA-2012-4630",
              "refsource": "FEDORA",
              "tags": [],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077666.html"
            },
            {
              "name": "RHSA-2012:0531",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html"
            },
            {
              "name": "RHSA-2012:0488",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://rhn.redhat.com/errata/RHSA-2012-0488.html"
            },
            {
              "name": "https://downloads.avaya.com/css/P8/documents/100162507",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://downloads.avaya.com/css/P8/documents/100162507"
            },
            {
              "name": "FEDORA-2012-18035",
              "refsource": "FEDORA",
              "tags": [],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html"
            },
            {
              "name": "VU#737740",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/737740"
            },
            {
              "name": "57353",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/57353"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564"
            },
            {
              "name": "SSRT100852",
              "refsource": "HP",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
            },
            {
              "name": "HPSBUX02782",
              "refsource": "HP",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2"
            },
            {
              "name": "48580",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/48580"
            },
            {
              "name": "FEDORA-2012-4659",
              "refsource": "FEDORA",
              "tags": [],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077221.html"
            },
            {
              "name": "RHSA-2012:0426",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://rhn.redhat.com/errata/RHSA-2012-0426.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-01-10T02:29Z",
      "publishedDate": "2012-03-13T03:12Z"
    }
  }
}

GHSA-WWWJ-58HM-MXM3

Vulnerability from github – Published: 2022-05-14 03:51 – Updated: 2022-05-14 03:51

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2012-0884"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2012-03-13T03:12:00Z",
    "severity": "MODERATE"
  },
  "details": "The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack (MMA) adaptive chosen ciphertext attack.",
  "id": "GHSA-wwwj-58hm-mxm3",
  "modified": "2022-05-14T03:51:35Z",
  "published": "2022-05-14T03:51:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-0884"
    },
    {
      "type": "WEB",
      "url": "https://downloads.avaya.com/css/P8/documents/100162507"
    },
    {
      "type": "WEB",
      "url": "https://hermes.opensuse.org/messages/14330767"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077086.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077221.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077666.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0426.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0488.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-1306.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-1307.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-1308.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/48580"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/48895"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/48916"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/57353"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2012/dsa-2454"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/737740"
    },
    {
      "type": "WEB",
      "url": "http://www.openssl.org/news/secadv_20120312.txt"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2012-0884 (GCVE-0-2012-0884)

Solution

Solution

Solution

Solution

Solution

Description

Solution

Solution

Tags

Sightings

Nomenclature