Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2016-8610 (GCVE-0-2016-8610)
Vulnerability from cvelistv5 – Published: 2017-11-13 22:00 – Updated: 2024-08-06 02:27
VLAI?
EPSS
Summary
A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.
Severity ?
No CVSS data available.
CWE
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:27:40.949Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "93841",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93841"
},
{
"name": "RHSA-2017:1659",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-1659.html"
},
{
"name": "RHSA-2017:1658",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1658"
},
{
"name": "RHSA-2017:1801",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1801"
},
{
"name": "RHSA-2017:0286",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0286.html"
},
{
"name": "RHSA-2017:1413",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1413"
},
{
"name": "RHSA-2017:2494",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2494"
},
{
"name": "FreeBSD-SA-16:35",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:35.openssl.asc"
},
{
"name": "RHSA-2017:1414",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1414"
},
{
"name": "[oss-security] 20161024 CVE-2016-8610: SSL Death Alert: OpenSSL SSL/TLS SSL3_AL_WARNING undefined alert Remote DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2016/q4/224"
},
{
"name": "RHSA-2017:0574",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0574.html"
},
{
"name": "DSA-3773",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2017/dsa-3773"
},
{
"name": "RHSA-2017:1415",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-1415.html"
},
{
"name": "1037084",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037084"
},
{
"name": "RHSA-2017:1802",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1802"
},
{
"name": "RHSA-2017:2493",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2493"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20171130-0001/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8610"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=af58be768ebb690f78530f796e92b8ae5c9a4401"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.360.cn/cve/CVE-2016-8610/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03897en_us"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2016-8610"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OpenSSL",
"vendor": "OpenSSL",
"versions": [
{
"status": "affected",
"version": "All 0.9.8"
},
{
"status": "affected",
"version": "All 1.0.1"
},
{
"status": "affected",
"version": "1.0.2 through 1.0.2h"
},
{
"status": "affected",
"version": "1.1.0"
}
]
}
],
"datePublic": "2016-10-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-20T21:14:51.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "93841",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93841"
},
{
"name": "RHSA-2017:1659",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-1659.html"
},
{
"name": "RHSA-2017:1658",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1658"
},
{
"name": "RHSA-2017:1801",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1801"
},
{
"name": "RHSA-2017:0286",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0286.html"
},
{
"name": "RHSA-2017:1413",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1413"
},
{
"name": "RHSA-2017:2494",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2494"
},
{
"name": "FreeBSD-SA-16:35",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:35.openssl.asc"
},
{
"name": "RHSA-2017:1414",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1414"
},
{
"name": "[oss-security] 20161024 CVE-2016-8610: SSL Death Alert: OpenSSL SSL/TLS SSL3_AL_WARNING undefined alert Remote DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2016/q4/224"
},
{
"name": "RHSA-2017:0574",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0574.html"
},
{
"name": "DSA-3773",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2017/dsa-3773"
},
{
"name": "RHSA-2017:1415",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-1415.html"
},
{
"name": "1037084",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037084"
},
{
"name": "RHSA-2017:1802",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1802"
},
{
"name": "RHSA-2017:2493",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2493"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20171130-0001/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8610"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=af58be768ebb690f78530f796e92b8ae5c9a4401"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.360.cn/cve/CVE-2016-8610/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03897en_us"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.paloaltonetworks.com/CVE-2016-8610"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-8610",
"datePublished": "2017-11-13T22:00:00.000Z",
"dateReserved": "2016-10-12T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:27:40.949Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
FKIE_CVE-2016-8610
Vulnerability from fkie_nvd - Published: 2017-11-13 22:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.
References
| URL | Tags | ||
|---|---|---|---|
| secalert@redhat.com | http://rhn.redhat.com/errata/RHSA-2017-0286.html | Third Party Advisory | |
| secalert@redhat.com | http://rhn.redhat.com/errata/RHSA-2017-0574.html | Third Party Advisory | |
| secalert@redhat.com | http://rhn.redhat.com/errata/RHSA-2017-1415.html | Third Party Advisory | |
| secalert@redhat.com | http://rhn.redhat.com/errata/RHSA-2017-1659.html | Third Party Advisory | |
| secalert@redhat.com | http://seclists.org/oss-sec/2016/q4/224 | Mailing List, Third Party Advisory | |
| secalert@redhat.com | http://www.securityfocus.com/bid/93841 | Third Party Advisory, VDB Entry | |
| secalert@redhat.com | http://www.securitytracker.com/id/1037084 | Third Party Advisory, VDB Entry | |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2017:1413 | Third Party Advisory | |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2017:1414 | Third Party Advisory | |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2017:1658 | Third Party Advisory | |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2017:1801 | Third Party Advisory | |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2017:1802 | Third Party Advisory | |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2017:2493 | Third Party Advisory | |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2017:2494 | Third Party Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8610 | Issue Tracking, Patch, Third Party Advisory | |
| secalert@redhat.com | https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=af58be768ebb690f78530f796e92b8ae5c9a4401 | Broken Link | |
| secalert@redhat.com | https://security.360.cn/cve/CVE-2016-8610/ | Third Party Advisory | |
| secalert@redhat.com | https://security.FreeBSD.org/advisories/FreeBSD-SA-16:35.openssl.asc | Third Party Advisory | |
| secalert@redhat.com | https://security.netapp.com/advisory/ntap-20171130-0001/ | Third Party Advisory | |
| secalert@redhat.com | https://security.paloaltonetworks.com/CVE-2016-8610 | Third Party Advisory | |
| secalert@redhat.com | https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03897en_us | Third Party Advisory | |
| secalert@redhat.com | https://www.debian.org/security/2017/dsa-3773 | Third Party Advisory | |
| secalert@redhat.com | https://www.oracle.com/security-alerts/cpuapr2020.html | Patch, Third Party Advisory | |
| secalert@redhat.com | https://www.oracle.com/security-alerts/cpujan2020.html | Patch, Third Party Advisory | |
| secalert@redhat.com | https://www.oracle.com/security-alerts/cpujul2020.html | Patch, Third Party Advisory | |
| secalert@redhat.com | https://www.oracle.com/security-alerts/cpuoct2020.html | Patch, Third Party Advisory | |
| secalert@redhat.com | https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | Patch, Third Party Advisory | |
| secalert@redhat.com | https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2017-0286.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2017-0574.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2017-1415.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2017-1659.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/oss-sec/2016/q4/224 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/93841 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1037084 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2017:1413 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2017:1414 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2017:1658 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2017:1801 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2017:1802 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2017:2493 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2017:2494 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8610 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=af58be768ebb690f78530f796e92b8ae5c9a4401 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.360.cn/cve/CVE-2016-8610/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.FreeBSD.org/advisories/FreeBSD-SA-16:35.openssl.asc | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20171130-0001/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.paloaltonetworks.com/CVE-2016-8610 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03897en_us | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2017/dsa-3773 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpuapr2020.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpujan2020.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpujul2020.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpuoct2020.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openssl | openssl | * | |
| openssl | openssl | 0.9.8 | |
| openssl | openssl | 1.0.1 | |
| openssl | openssl | 1.1.0 | |
| debian | debian_linux | 8.0 | |
| redhat | enterprise_linux_desktop | 6.0 | |
| redhat | enterprise_linux_desktop | 7.0 | |
| redhat | enterprise_linux_server | 6.0 | |
| redhat | enterprise_linux_server | 7.0 | |
| redhat | enterprise_linux_server_aus | 7.3 | |
| redhat | enterprise_linux_server_aus | 7.4 | |
| redhat | enterprise_linux_server_aus | 7.6 | |
| redhat | enterprise_linux_server_eus | 7.3 | |
| redhat | enterprise_linux_server_eus | 7.4 | |
| redhat | enterprise_linux_server_eus | 7.5 | |
| redhat | enterprise_linux_server_eus | 7.6 | |
| redhat | enterprise_linux_server_tus | 7.3 | |
| redhat | enterprise_linux_server_tus | 7.6 | |
| redhat | enterprise_linux_workstation | 6.0 | |
| redhat | enterprise_linux_workstation | 7.0 | |
| redhat | jboss_enterprise_application_platform | 6.0.0 | |
| redhat | jboss_enterprise_application_platform | 6.4.0 | |
| redhat | enterprise_linux | 6.0 | |
| redhat | enterprise_linux | 7.0 | |
| netapp | cn1610_firmware | - | |
| netapp | cn1610 | - | |
| netapp | clustered_data_ontap_antivirus_connector | - | |
| netapp | data_ontap | - | |
| netapp | data_ontap_edge | - | |
| netapp | e-series_santricity_os_controller | * | |
| netapp | host_agent | - | |
| netapp | oncommand_balance | - | |
| netapp | oncommand_unified_manager | - | |
| netapp | oncommand_workflow_automation | - | |
| netapp | ontap_select_deploy | - | |
| netapp | service_processor | - | |
| netapp | smi-s_provider | - | |
| netapp | snapcenter_server | - | |
| netapp | snapdrive | - | |
| netapp | storagegrid | - | |
| netapp | storagegrid_webscale | - | |
| netapp | clustered_data_ontap | - | |
| paloaltonetworks | pan-os | * | |
| paloaltonetworks | pan-os | * | |
| paloaltonetworks | pan-os | * | |
| oracle | adaptive_access_manager | 11.1.2.3.0 | |
| oracle | application_testing_suite | 13.3.0.1 | |
| oracle | communications_analytics | 12.1.1 | |
| oracle | communications_ip_service_activator | 7.3.4 | |
| oracle | communications_ip_service_activator | 7.4.0 | |
| oracle | core_rdbms | 11.2.0.4 | |
| oracle | core_rdbms | 12.1.0.2 | |
| oracle | core_rdbms | 12.2.0.1 | |
| oracle | core_rdbms | 18c | |
| oracle | core_rdbms | 19c | |
| oracle | enterprise_manager_ops_center | 12.3.3 | |
| oracle | enterprise_manager_ops_center | 12.4.0 | |
| oracle | goldengate_application_adapters | 12.3.2.1.0 | |
| oracle | jd_edwards_enterpriseone_tools | 9.2 | |
| oracle | peoplesoft_enterprise_peopletools | 8.56 | |
| oracle | peoplesoft_enterprise_peopletools | 8.57 | |
| oracle | peoplesoft_enterprise_peopletools | 8.58 | |
| oracle | retail_predictive_application_server | 15.0.3 | |
| oracle | retail_predictive_application_server | 16.0.3 | |
| oracle | timesten_in-memory_database | * | |
| oracle | weblogic_server | 10.3.6.0.0 | |
| oracle | weblogic_server | 12.1.3.0.0 | |
| oracle | weblogic_server | 12.2.1.3.0 | |
| oracle | weblogic_server | 12.2.1.4.0 | |
| fujitsu | m10-1_firmware | * | |
| fujitsu | m10-1_firmware | * | |
| fujitsu | m10-1 | - | |
| fujitsu | m10-4_firmware | * | |
| fujitsu | m10-4_firmware | * | |
| fujitsu | m10-4 | - | |
| fujitsu | m10-4s_firmware | * | |
| fujitsu | m10-4s_firmware | * | |
| fujitsu | m10-4s | - | |
| fujitsu | m12-1_firmware | * | |
| fujitsu | m12-1_firmware | * | |
| fujitsu | m12-1 | - | |
| fujitsu | m12-2_firmware | * | |
| fujitsu | m12-2_firmware | * | |
| fujitsu | m12-2 | - | |
| fujitsu | m12-2s_firmware | * | |
| fujitsu | m12-2s_firmware | * | |
| fujitsu | m12-2s | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0BD3F477-4078-42BC-AF81-A68487FCDBEC",
"versionEndIncluding": "1.0.2h",
"versionStartIncluding": "1.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "8A4E446D-B9D3-45F2-9722-B41FA14A6C31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2D1C00C0-C77E-4255-9ECA-20F2673C7366",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73104834-5810-48DD-9B97-549D223853F1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A8442C20-41F9-47FD-9A12-E724D3A31FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B142ACCC-F7A9-4A3B-BE60-0D6691D5058D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B1ABA871-3271-48E2-A69C-5AD70AF94E53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:cn1610_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB30733E-68FC-49C4-86C0-7FEE75C366BF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:cn1610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6361DAC6-600F-4B15-8797-D67F298F46FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*",
"matchCriteriaId": "62347994-1353-497C-9C4A-D5D8D95F67E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:data_ontap:-:*:*:*:*:7-mode:*:*",
"matchCriteriaId": "6C2ACC32-5147-4EA5-95BE-B6B4EAB3D82B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0C4B1E5-75BF-43AE-BBAC-0DD4124C71ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C82200F-A26E-4AD4-82FF-DC5601A28D52",
"versionEndIncluding": "11.40",
"versionStartIncluding": "11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:host_agent:-:*:*:*:*:*:*:*",
"matchCriteriaId": "546855F3-654C-48F0-B3A0-FF1ABBF04007",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*",
"matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:ontap_select_deploy:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E968916-8CE0-4165-851F-14E37ECEA948",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:service_processor:-:*:*:*:*:*:*:*",
"matchCriteriaId": "146A767F-DC04-454B-9913-17D3A2B5AAA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:smi-s_provider:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4BB0FDCF-3750-44C6-AC5C-0CC2AAD14093",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snapcenter_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E788440A-02B0-45F5-AFBC-7109F3177033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:unix:*:*",
"matchCriteriaId": "61D7EF01-F618-497F-9375-8003CEA3D380",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8ADFF451-740F-4DBA-BD23-3881945D3E40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:storagegrid_webscale:-:*:*:*:*:*:*:*",
"matchCriteriaId": "813CD8F9-9F05-49A7-BB4D-E9A1D54D6DFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FED6CAE-D97F-49E0-9D00-1642A3A427B4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "460EF266-5397-4FB9-B4C3-BECB2FB12AE4",
"versionEndIncluding": "6.1.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2C837CEA-991C-45BA-8DFF-20F4E98E4639",
"versionEndIncluding": "7.0.15",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1558B8D3-B289-4143-A3C2-F8EF29CECDD3",
"versionEndIncluding": "7.1.10",
"versionStartIncluding": "7.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:adaptive_access_manager:11.1.2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "530B1012-03DF-4AE2-863E-FB07351FE4A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A125E817-F974-4509-872C-B71933F42AD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55D98C27-734F-490B-92D5-251805C841B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_ip_service_activator:7.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BDB13348-C8CA-4E71-9DC6-091B09D52E96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DE7A60DB-A287-4E61-8131-B6314007191B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:core_rdbms:11.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E1367C5D-8815-41E6-B609-E855CB8B1AA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:core_rdbms:12.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7E150F02-5B34-4496-A024-335DF64D7F8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:core_rdbms:12.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4059F859-A7D8-4ADD-93EE-74AF082ED34A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:core_rdbms:18c:*:*:*:*:*:*:*",
"matchCriteriaId": "C9FFAF8E-4023-4599-9F0D-274E6517CB1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:core_rdbms:19c:*:*:*:*:*:*:*",
"matchCriteriaId": "9B639209-A651-43FB-8F0C-B25F605521EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "37209C6F-EF99-4D21-9608-B3A06D283D24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:goldengate_application_adapters:12.3.2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F6F259E6-10A8-4207-8FC2-85ABD70B04C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "41684398-18A4-4DC6-B8A2-3EBAA0CBF9A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*",
"matchCriteriaId": "D0A735B4-4F3C-416B-8C08-9CB21BAD2889",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*",
"matchCriteriaId": "7E1E416B-920B-49A0-9523-382898C2979D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
"matchCriteriaId": "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "24A3C819-5151-4543-A5C6-998C9387C8A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4FB98961-8C99-4490-A6B8-9A5158784F5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:timesten_in-memory_database:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6DA0527-562D-457F-A2BB-3DF5EAABA1AB",
"versionEndExcluding": "18.1.4.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B40B13B7-68B3-4510-968C-6A730EB46462",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C93CC705-1F8C-4870-99E6-14BF264C3811",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F14A818F-AA16-4438-A3E4-E64C9287AC66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "271CACEB-10F5-4CA8-9C99-3274F18EE62D",
"versionEndExcluding": "xcp2361",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EF82224E-9EED-472E-A038-768E4179B219",
"versionEndExcluding": "xcp3070",
"versionStartIncluding": "xcp3000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "983D27DE-BC89-454E-AE47-95A26A3651E2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "433EEE1B-134C-48F9-8688-23C5F1ABBF0F",
"versionEndExcluding": "xcp2361",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8B56D4BF-9328-4998-95F3-D23BD1349280",
"versionEndExcluding": "xcp3070",
"versionStartIncluding": "xcp3000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5825AEE1-B668-40BD-86A9-2799430C742C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "47FFEE5C-5DAE-4FAD-9651-7983DE092120",
"versionEndExcluding": "xcp2361",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "62AAD1D8-D312-452A-80E7-97FA3238C95F",
"versionEndExcluding": "xcp3070",
"versionStartIncluding": "xcp3000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3DA2D526-BDCF-4A65-914A-B3BA3A0CD613",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2FD8BD3B-C35B-4C44-B5A1-FA4646ACB374",
"versionEndExcluding": "xcp2361",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F429B6AB-44E3-412F-AAE6-33B6F1150262",
"versionEndExcluding": "xcp3070",
"versionStartIncluding": "xcp3000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EE0CF40B-E5BD-4558-9321-184D58EF621D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "66D6EF49-7094-41D9-BDF5-AE5846E37418",
"versionEndExcluding": "xcp2361",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "78152A31-DB06-4F13-94EA-D3C94B240EE0",
"versionEndExcluding": "xcp3070",
"versionStartIncluding": "xcp3000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F3C9C09-7B2B-4DB6-8BE0-35302ED35776",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6593DA00-EE33-4223-BEAE-8DC629E79287",
"versionEndExcluding": "xcp2361",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB1FF50C-D9D0-4DF0-90F8-9259BD7B315B",
"versionEndExcluding": "xcp3070",
"versionStartIncluding": "xcp3000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95503CE5-1D06-4092-A60D-D310AADCAFB1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients."
},
{
"lang": "es",
"value": "Se ha encontrado un fallo de denegaci\u00f3n de servicio en OpenSSL en las versiones 0.9.8, 1.0.1, 1.0.2 hasta la 1.0.2h y la 1.1.0 en la forma en la que el protocolo TLS/SSL defini\u00f3 el procesamiento de paquetes ALERT durante una negociaci\u00f3n de conexi\u00f3n. Un atacante remoto podr\u00eda emplear este fallo para hacer que un servidor TLS/SSL consuma una cantidad excesiva de recursos de CPU y fracase a la hora de aceptar conexiones de otros clientes."
}
],
"id": "CVE-2016-8610",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-13T22:29:00.203",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0286.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0574.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-1415.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-1659.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/oss-sec/2016/q4/224"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93841"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037084"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1413"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1414"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1658"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1801"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1802"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2493"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2494"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8610"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=af58be768ebb690f78530f796e92b8ae5c9a4401"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.360.cn/cve/CVE-2016-8610/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:35.openssl.asc"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20171130-0001/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2016-8610"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03897en_us"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2017/dsa-3773"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0286.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0574.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-1415.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-1659.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/oss-sec/2016/q4/224"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93841"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037084"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1413"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1414"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1658"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1801"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1802"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2493"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2494"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8610"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=af58be768ebb690f78530f796e92b8ae5c9a4401"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.360.cn/cve/CVE-2016-8610/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:35.openssl.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20171130-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2016-8610"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03897en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2017/dsa-3773"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
GHSA-V2Q2-JXH8-M5H8
Vulnerability from github – Published: 2022-05-13 01:14 – Updated: 2025-04-20 03:48
VLAI?
Details
A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.
Severity ?
7.5 (High)
{
"affected": [],
"aliases": [
"CVE-2016-8610"
],
"database_specific": {
"cwe_ids": [
"CWE-400"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-11-13T22:29:00Z",
"severity": "HIGH"
},
"details": "A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.",
"id": "GHSA-v2q2-jxh8-m5h8",
"modified": "2025-04-20T03:48:22Z",
"published": "2022-05-13T01:14:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8610"
},
{
"type": "WEB",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2017/dsa-3773"
},
{
"type": "WEB",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03897en_us"
},
{
"type": "WEB",
"url": "https://security.paloaltonetworks.com/CVE-2016-8610"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20171130-0001"
},
{
"type": "WEB",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:35.openssl.asc"
},
{
"type": "WEB",
"url": "https://security.360.cn/cve/CVE-2016-8610"
},
{
"type": "WEB",
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=af58be768ebb690f78530f796e92b8ae5c9a4401"
},
{
"type": "WEB",
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=af58be768ebb690f78530f796e92b8ae5c9a4401"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8610"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:2494"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:2493"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:1802"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:1801"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:1658"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:1414"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:1413"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0286.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0574.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2017-1415.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2017-1659.html"
},
{
"type": "WEB",
"url": "http://seclists.org/oss-sec/2016/q4/224"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/93841"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1037084"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
CERTFR-2018-AVI-539
Vulnerability from certfr_avis - Published: 2018-11-12 - Updated: 2018-11-12
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | N/A | IBM Case Manager versions 5.3.x antérieures à 5.3.3.0-ICM-IF003 | ||
| IBM | N/A | IBM Spectrum Protect (formerly Tivoli Storage Manager) for Virtual Environments: Data Protection for Hyper-V versions 8.1.x antérieures à 8.1.6.1 | ||
| IBM | N/A | IBM MQ versions V8, V9 LTS, V9 CD, V9.1 LTS | ||
| IBM | N/A | IBM Contact Optimization versions 9.1.0.x antérieures à 9.1.0.12 | ||
| IBM | N/A | IBM Connections 5.0 versions antérieures à 5.0 CR4 et sans le correctif temporaire APAR LO94099 | ||
| IBM | N/A | IBM Spectrum Protect (formerly Tivoli Storage Manager) for Virtual Environments: Data Protection for VMware versions 7.1.x antérieures à 7.1.8.4 | ||
| IBM | N/A | IBM Case Manager versions antérieures à 5.2.0.4-ICM-IF003 | ||
| IBM | N/A | IBM Spectrum Protect (formerly Tivoli Storage Manager) Client versions 7.1.x antérieures à 7.1.8.3 | ||
| IBM | N/A | IBM Case Manager versions 5.2.1.x antérieures à 5.2.1.7-ICM-IF004 | ||
| IBM | N/A | IBM Spectrum Protect (formerly Tivoli Storage Manager) Client versions 8.1.x antérieures à 8.1.6.1 | ||
| IBM | VIOS | VIOS versions 2.2.x | ||
| IBM | N/A | IBM Spectrum Protect (formerly Tivoli Storage Manager) for Virtual Environments: Data Protection for VMware versions 8.1.x antérieures à 8.1.6.1 | ||
| IBM | N/A | IBM Connections 5.5 versions antérieures à 5.5 CR3 et sans le correctif temporaire APAR LO94099 | ||
| IBM | AIX | AIX versions 5.3, 6.1, 7.1 et 7.2 | ||
| IBM | N/A | IBM Spectrum Protect for Virtual Environments (formerly Tivoli Storage for Virtual Environments): Data Protection for Hyper-V versions 7.1.x antérieures à 7.1.8.4 | ||
| IBM | WebSphere | IBM WebSphere versions 9.0, 8.5, 8.0 et 7.0 | ||
| IBM | N/A | IBM Connections 6.0 versions antérieures à 6.0 CR3 et sans le correctif temporaire APAR LO94099 | ||
| IBM | N/A | IBM Contact Optimization versions 9.1.2.x antérieures à 9.1.2.5 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM Case Manager versions 5.3.x ant\u00e9rieures \u00e0 5.3.3.0-ICM-IF003",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect (formerly Tivoli Storage Manager) for Virtual Environments: Data Protection for Hyper-V versions 8.1.x ant\u00e9rieures \u00e0 8.1.6.1",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM MQ versions V8, V9 LTS, V9 CD, V9.1 LTS",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Contact Optimization versions 9.1.0.x ant\u00e9rieures \u00e0 9.1.0.12",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Connections 5.0 versions ant\u00e9rieures \u00e0 5.0 CR4 et sans le correctif temporaire APAR LO94099",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect (formerly Tivoli Storage Manager) for Virtual Environments: Data Protection for VMware versions 7.1.x ant\u00e9rieures \u00e0 7.1.8.4",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Case Manager versions ant\u00e9rieures \u00e0 5.2.0.4-ICM-IF003",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect (formerly Tivoli Storage Manager) Client versions 7.1.x ant\u00e9rieures \u00e0 7.1.8.3",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Case Manager versions 5.2.1.x ant\u00e9rieures \u00e0 5.2.1.7-ICM-IF004",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect (formerly Tivoli Storage Manager) Client versions 8.1.x ant\u00e9rieures \u00e0 8.1.6.1",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "VIOS versions 2.2.x",
"product": {
"name": "VIOS",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect (formerly Tivoli Storage Manager) for Virtual Environments: Data Protection for VMware versions 8.1.x ant\u00e9rieures \u00e0 8.1.6.1",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Connections 5.5 versions ant\u00e9rieures \u00e0 5.5 CR3 et sans le correctif temporaire APAR LO94099",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "AIX versions 5.3, 6.1, 7.1 et 7.2",
"product": {
"name": "AIX",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect for Virtual Environments (formerly Tivoli Storage for Virtual Environments): Data Protection for Hyper-V versions 7.1.x ant\u00e9rieures \u00e0 7.1.8.4",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM WebSphere versions 9.0, 8.5, 8.0 et 7.0",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Connections 6.0 versions ant\u00e9rieures \u00e0 6.0 CR3 et sans le correctif temporaire APAR LO94099",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Contact Optimization versions 9.1.2.x ant\u00e9rieures \u00e0 9.1.2.5",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-3009",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3009"
},
{
"name": "CVE-2018-3092",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3092"
},
{
"name": "CVE-2018-2768",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-2768"
},
{
"name": "CVE-2018-1656",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1656"
},
{
"name": "CVE-2018-3094",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3094"
},
{
"name": "CVE-2018-6922",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6922"
},
{
"name": "CVE-2018-3104",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3104"
},
{
"name": "CVE-2018-3103",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3103"
},
{
"name": "CVE-2018-3099",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3099"
},
{
"name": "CVE-2018-3098",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3098"
},
{
"name": "CVE-2018-2801",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-2801"
},
{
"name": "CVE-2018-1553",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1553"
},
{
"name": "CVE-2018-3010",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3010"
},
{
"name": "CVE-2018-1884",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1884"
},
{
"name": "CVE-2018-3096",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3096"
},
{
"name": "CVE-2018-2992",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-2992"
},
{
"name": "CVE-2018-3093",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3093"
},
{
"name": "CVE-2018-3097",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3097"
},
{
"name": "CVE-2016-8610",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8610"
},
{
"name": "CVE-2018-1792",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1792"
},
{
"name": "CVE-2018-2806",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-2806"
},
{
"name": "CVE-2018-3095",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3095"
},
{
"name": "CVE-2018-3102",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3102"
},
{
"name": "CVE-2018-1798",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1798"
},
{
"name": "CVE-2018-12539",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12539"
},
{
"name": "CVE-2018-1786",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1786"
}
],
"initial_release_date": "2018-11-12T00:00:00",
"last_revision_date": "2018-11-12T00:00:00",
"links": [],
"reference": "CERTFR-2018-AVI-539",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-11-12T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10730703 du 09 novembre 2018",
"url": "http://www-01.ibm.com/support/docview.wss?uid=ibm10730703"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10739387 du 09 novembre 2018",
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10739387"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10737709 du 09 novembre 2018",
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10737709"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10737897 du 09 novembre 2018",
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10737897"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10738765 du 09 novembre 2018",
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10738765"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10738677 du 09 novembre 2018",
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10738677"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10734447 du 10 novembre 2018",
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10734447"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10737761 du 09 novembre 2018",
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10737761"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10739391 du 09 novembre 2018",
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10739391"
}
]
}
CERTFR-2017-AVI-348
Vulnerability from certfr_avis - Published: 2017-10-12 - Updated: 2017-10-12
De multiples vulnérabilités ont été découvertes dans les produits Juniper . Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS | Junos OS versions 15.1X49 antérieures à 15.1X49-D110 | ||
| Juniper Networks | N/A | Contrail versions 3.1.x antérieures à 3.1.4.0 | ||
| Juniper Networks | Junos OS | Junos OS versions 17 antérieures à 17.3R1 | ||
| Juniper Networks | Junos OS | Junos OS versions antérieures à 14.2R7-S8 | ||
| Juniper Networks | Junos OS | Junos OS versions antérieures à 14.1X53-D50 | ||
| Juniper Networks | Junos OS | Junos OS versions antérieures à 14.1R8-S4 | ||
| Juniper Networks | Junos Space | Junos Space versions 16.1 antérieures à 16.1R3 | ||
| Juniper Networks | N/A | Contrail versions 3.0.x antérieures à 3.0.3.4 | ||
| Juniper Networks | N/A | ScreenOS versions 6.3.0 antérieures à 6.3.0r24 | ||
| Juniper Networks | N/A | Contrail versions 3.2.x antérieures à 3.2.5.0 | ||
| Juniper Networks | N/A | Contrail versions 2.x antérieures à 2.21.4 | ||
| Juniper Networks | Junos OS | Junos OS versions 12.1X46 antérieures à 12.1X46-D71 | ||
| Juniper Networks | Junos OS | Junos OS versions antérieures à 14.2R8 | ||
| Juniper Networks | Junos Space | Junos Space version 17.1R1 sans le correctif de sécurité Patch-v1 | ||
| Juniper Networks | Junos OS | Junos OS versions 12.3X48 antérieures à 12.3X48-D55 | ||
| Juniper Networks | Junos OS | Junos OS versions antérieures à 14.1R9 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Junos OS versions 15.1X49 ant\u00e9rieures \u00e0 15.1X49-D110",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Contrail versions 3.1.x ant\u00e9rieures \u00e0 3.1.4.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 17 ant\u00e9rieures \u00e0 17.3R1",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 14.2R7-S8",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 14.1X53-D50",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 14.1R8-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos Space versions 16.1 ant\u00e9rieures \u00e0 16.1R3",
"product": {
"name": "Junos Space",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Contrail versions 3.0.x ant\u00e9rieures \u00e0 3.0.3.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "ScreenOS versions 6.3.0 ant\u00e9rieures \u00e0 6.3.0r24",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Contrail versions 3.2.x ant\u00e9rieures \u00e0 3.2.5.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Contrail versions 2.x ant\u00e9rieures \u00e0 2.21.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 12.1X46 ant\u00e9rieures \u00e0 12.1X46-D71",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 14.2R8",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos Space version 17.1R1 sans le correctif de s\u00e9curit\u00e9 Patch-v1",
"product": {
"name": "Junos Space",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 12.3X48 ant\u00e9rieures \u00e0 12.3X48-D55",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 14.1R9",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-10614",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10614"
},
{
"name": "CVE-2017-10618",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10618"
},
{
"name": "CVE-2017-10622",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10622"
},
{
"name": "CVE-2017-10620",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10620"
},
{
"name": "CVE-2017-10608",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10608"
},
{
"name": "CVE-2017-10606",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10606"
},
{
"name": "CVE-2017-10616",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10616"
},
{
"name": "CVE-2017-10619",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10619"
},
{
"name": "CVE-2017-10615",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10615"
},
{
"name": "CVE-2017-10610",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10610"
},
{
"name": "CVE-2017-10611",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10611"
},
{
"name": "CVE-2016-8610",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8610"
},
{
"name": "CVE-2017-10621",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10621"
},
{
"name": "CVE-2017-10617",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10617"
},
{
"name": "CVE-2016-5195",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5195"
},
{
"name": "CVE-2017-10613",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10613"
},
{
"name": "CVE-2017-10607",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10607"
}
],
"initial_release_date": "2017-10-12T00:00:00",
"last_revision_date": "2017-10-12T00:00:00",
"links": [],
"reference": "CERTFR-2017-AVI-348",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2017-10-12T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper . Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10810 du 11 octobre 2017",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10810\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10822 du 11 octobre 2017",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10822\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10808 du 11 octobre 2017",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10808\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10818 du 11 octobre 2017",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10818\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10807 du 11 octobre 2017",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10807\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10813 du 11 octobre 2017",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10813\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10814 du 11 octobre 2017",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10814\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10811 du 11 octobre 2017",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10811\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10819 du 11 octobre 2017",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10819\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10816 du 11 octobre 2017",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10816\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10820 du 11 octobre 2017",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10820\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10821 du 11 octobre 2017",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10821\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10809 du 11 octobre 2017",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10809\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10824 du 11 octobre 2017",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10824\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10817 du 11 octobre 2017",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10817\u0026cat=SIRT_1\u0026actp=LIST"
}
]
}
GSD-2016-8610
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2016-8610",
"description": "A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.",
"id": "GSD-2016-8610",
"references": [
"https://www.suse.com/security/cve/CVE-2016-8610.html",
"https://www.debian.org/security/2017/dsa-3773",
"https://access.redhat.com/errata/RHSA-2017:2494",
"https://access.redhat.com/errata/RHSA-2017:2493",
"https://access.redhat.com/errata/RHSA-2017:1802",
"https://access.redhat.com/errata/RHSA-2017:1801",
"https://access.redhat.com/errata/RHSA-2017:1659",
"https://access.redhat.com/errata/RHSA-2017:1658",
"https://access.redhat.com/errata/RHSA-2017:1415",
"https://access.redhat.com/errata/RHSA-2017:1414",
"https://access.redhat.com/errata/RHSA-2017:1413",
"https://access.redhat.com/errata/RHSA-2017:0574",
"https://access.redhat.com/errata/RHSA-2017:0286",
"https://ubuntu.com/security/CVE-2016-8610",
"https://advisories.mageia.org/CVE-2016-8610.html",
"https://alas.aws.amazon.com/cve/html/CVE-2016-8610.html",
"https://linux.oracle.com/cve/CVE-2016-8610.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2016-8610"
],
"details": "A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.",
"id": "GSD-2016-8610",
"modified": "2023-12-13T01:21:22.740296Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-8610",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OpenSSL",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All 0.9.8"
},
{
"version_affected": "=",
"version_value": "All 1.0.1"
},
{
"version_affected": "=",
"version_value": "1.0.2 through 1.0.2h"
},
{
"version_affected": "=",
"version_value": "1.1.0"
}
]
}
}
]
},
"vendor_name": "OpenSSL"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-400",
"lang": "eng",
"value": "CWE-400"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"name": "https://security.360.cn/cve/CVE-2016-8610/",
"refsource": "MISC",
"url": "https://security.360.cn/cve/CVE-2016-8610/"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"name": "http://rhn.redhat.com/errata/RHSA-2017-0286.html",
"refsource": "MISC",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0286.html"
},
{
"name": "http://rhn.redhat.com/errata/RHSA-2017-0574.html",
"refsource": "MISC",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0574.html"
},
{
"name": "http://rhn.redhat.com/errata/RHSA-2017-1415.html",
"refsource": "MISC",
"url": "http://rhn.redhat.com/errata/RHSA-2017-1415.html"
},
{
"name": "http://rhn.redhat.com/errata/RHSA-2017-1659.html",
"refsource": "MISC",
"url": "http://rhn.redhat.com/errata/RHSA-2017-1659.html"
},
{
"name": "http://seclists.org/oss-sec/2016/q4/224",
"refsource": "MISC",
"url": "http://seclists.org/oss-sec/2016/q4/224"
},
{
"name": "http://www.securityfocus.com/bid/93841",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/93841"
},
{
"name": "http://www.securitytracker.com/id/1037084",
"refsource": "MISC",
"url": "http://www.securitytracker.com/id/1037084"
},
{
"name": "https://access.redhat.com/errata/RHSA-2017:1413",
"refsource": "MISC",
"url": "https://access.redhat.com/errata/RHSA-2017:1413"
},
{
"name": "https://access.redhat.com/errata/RHSA-2017:1414",
"refsource": "MISC",
"url": "https://access.redhat.com/errata/RHSA-2017:1414"
},
{
"name": "https://access.redhat.com/errata/RHSA-2017:1658",
"refsource": "MISC",
"url": "https://access.redhat.com/errata/RHSA-2017:1658"
},
{
"name": "https://access.redhat.com/errata/RHSA-2017:1801",
"refsource": "MISC",
"url": "https://access.redhat.com/errata/RHSA-2017:1801"
},
{
"name": "https://access.redhat.com/errata/RHSA-2017:1802",
"refsource": "MISC",
"url": "https://access.redhat.com/errata/RHSA-2017:1802"
},
{
"name": "https://access.redhat.com/errata/RHSA-2017:2493",
"refsource": "MISC",
"url": "https://access.redhat.com/errata/RHSA-2017:2493"
},
{
"name": "https://access.redhat.com/errata/RHSA-2017:2494",
"refsource": "MISC",
"url": "https://access.redhat.com/errata/RHSA-2017:2494"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8610",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8610"
},
{
"name": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=af58be768ebb690f78530f796e92b8ae5c9a4401",
"refsource": "MISC",
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=af58be768ebb690f78530f796e92b8ae5c9a4401"
},
{
"name": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:35.openssl.asc",
"refsource": "MISC",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:35.openssl.asc"
},
{
"name": "https://security.netapp.com/advisory/ntap-20171130-0001/",
"refsource": "MISC",
"url": "https://security.netapp.com/advisory/ntap-20171130-0001/"
},
{
"name": "https://security.paloaltonetworks.com/CVE-2016-8610",
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2016-8610"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03897en_us",
"refsource": "MISC",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03897en_us"
},
{
"name": "https://www.debian.org/security/2017/dsa-3773",
"refsource": "MISC",
"url": "https://www.debian.org/security/2017/dsa-3773"
}
]
}
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0BD3F477-4078-42BC-AF81-A68487FCDBEC",
"versionEndIncluding": "1.0.2h",
"versionStartIncluding": "1.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "8A4E446D-B9D3-45F2-9722-B41FA14A6C31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2D1C00C0-C77E-4255-9ECA-20F2673C7366",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73104834-5810-48DD-9B97-549D223853F1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A8442C20-41F9-47FD-9A12-E724D3A31FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B142ACCC-F7A9-4A3B-BE60-0D6691D5058D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B1ABA871-3271-48E2-A69C-5AD70AF94E53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:cn1610_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB30733E-68FC-49C4-86C0-7FEE75C366BF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:cn1610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6361DAC6-600F-4B15-8797-D67F298F46FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*",
"matchCriteriaId": "62347994-1353-497C-9C4A-D5D8D95F67E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:data_ontap:-:*:*:*:*:7-mode:*:*",
"matchCriteriaId": "6C2ACC32-5147-4EA5-95BE-B6B4EAB3D82B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0C4B1E5-75BF-43AE-BBAC-0DD4124C71ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C82200F-A26E-4AD4-82FF-DC5601A28D52",
"versionEndIncluding": "11.40",
"versionStartIncluding": "11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:host_agent:-:*:*:*:*:*:*:*",
"matchCriteriaId": "546855F3-654C-48F0-B3A0-FF1ABBF04007",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*",
"matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:ontap_select_deploy:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E968916-8CE0-4165-851F-14E37ECEA948",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:service_processor:-:*:*:*:*:*:*:*",
"matchCriteriaId": "146A767F-DC04-454B-9913-17D3A2B5AAA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:smi-s_provider:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4BB0FDCF-3750-44C6-AC5C-0CC2AAD14093",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snapcenter_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E788440A-02B0-45F5-AFBC-7109F3177033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:unix:*:*",
"matchCriteriaId": "61D7EF01-F618-497F-9375-8003CEA3D380",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8ADFF451-740F-4DBA-BD23-3881945D3E40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:storagegrid_webscale:-:*:*:*:*:*:*:*",
"matchCriteriaId": "813CD8F9-9F05-49A7-BB4D-E9A1D54D6DFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FED6CAE-D97F-49E0-9D00-1642A3A427B4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "460EF266-5397-4FB9-B4C3-BECB2FB12AE4",
"versionEndIncluding": "6.1.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2C837CEA-991C-45BA-8DFF-20F4E98E4639",
"versionEndIncluding": "7.0.15",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1558B8D3-B289-4143-A3C2-F8EF29CECDD3",
"versionEndIncluding": "7.1.10",
"versionStartIncluding": "7.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:adaptive_access_manager:11.1.2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "530B1012-03DF-4AE2-863E-FB07351FE4A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A125E817-F974-4509-872C-B71933F42AD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55D98C27-734F-490B-92D5-251805C841B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_ip_service_activator:7.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BDB13348-C8CA-4E71-9DC6-091B09D52E96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DE7A60DB-A287-4E61-8131-B6314007191B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:core_rdbms:11.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E1367C5D-8815-41E6-B609-E855CB8B1AA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:core_rdbms:12.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7E150F02-5B34-4496-A024-335DF64D7F8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:core_rdbms:12.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4059F859-A7D8-4ADD-93EE-74AF082ED34A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:core_rdbms:18c:*:*:*:*:*:*:*",
"matchCriteriaId": "C9FFAF8E-4023-4599-9F0D-274E6517CB1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:core_rdbms:19c:*:*:*:*:*:*:*",
"matchCriteriaId": "9B639209-A651-43FB-8F0C-B25F605521EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "37209C6F-EF99-4D21-9608-B3A06D283D24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:goldengate_application_adapters:12.3.2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F6F259E6-10A8-4207-8FC2-85ABD70B04C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "41684398-18A4-4DC6-B8A2-3EBAA0CBF9A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*",
"matchCriteriaId": "D0A735B4-4F3C-416B-8C08-9CB21BAD2889",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*",
"matchCriteriaId": "7E1E416B-920B-49A0-9523-382898C2979D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
"matchCriteriaId": "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "24A3C819-5151-4543-A5C6-998C9387C8A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4FB98961-8C99-4490-A6B8-9A5158784F5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:timesten_in-memory_database:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6DA0527-562D-457F-A2BB-3DF5EAABA1AB",
"versionEndExcluding": "18.1.4.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B40B13B7-68B3-4510-968C-6A730EB46462",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C93CC705-1F8C-4870-99E6-14BF264C3811",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F14A818F-AA16-4438-A3E4-E64C9287AC66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "271CACEB-10F5-4CA8-9C99-3274F18EE62D",
"versionEndExcluding": "xcp2361",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EF82224E-9EED-472E-A038-768E4179B219",
"versionEndExcluding": "xcp3070",
"versionStartIncluding": "xcp3000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "983D27DE-BC89-454E-AE47-95A26A3651E2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "433EEE1B-134C-48F9-8688-23C5F1ABBF0F",
"versionEndExcluding": "xcp2361",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8B56D4BF-9328-4998-95F3-D23BD1349280",
"versionEndExcluding": "xcp3070",
"versionStartIncluding": "xcp3000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5825AEE1-B668-40BD-86A9-2799430C742C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "47FFEE5C-5DAE-4FAD-9651-7983DE092120",
"versionEndExcluding": "xcp2361",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "62AAD1D8-D312-452A-80E7-97FA3238C95F",
"versionEndExcluding": "xcp3070",
"versionStartIncluding": "xcp3000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3DA2D526-BDCF-4A65-914A-B3BA3A0CD613",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2FD8BD3B-C35B-4C44-B5A1-FA4646ACB374",
"versionEndExcluding": "xcp2361",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F429B6AB-44E3-412F-AAE6-33B6F1150262",
"versionEndExcluding": "xcp3070",
"versionStartIncluding": "xcp3000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EE0CF40B-E5BD-4558-9321-184D58EF621D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "66D6EF49-7094-41D9-BDF5-AE5846E37418",
"versionEndExcluding": "xcp2361",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "78152A31-DB06-4F13-94EA-D3C94B240EE0",
"versionEndExcluding": "xcp3070",
"versionStartIncluding": "xcp3000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F3C9C09-7B2B-4DB6-8BE0-35302ED35776",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6593DA00-EE33-4223-BEAE-8DC629E79287",
"versionEndExcluding": "xcp2361",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB1FF50C-D9D0-4DF0-90F8-9259BD7B315B",
"versionEndExcluding": "xcp3070",
"versionStartIncluding": "xcp3000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95503CE5-1D06-4092-A60D-D310AADCAFB1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"descriptions": [
{
"lang": "en",
"value": "A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients."
},
{
"lang": "es",
"value": "Se ha encontrado un fallo de denegaci\u00f3n de servicio en OpenSSL en las versiones 0.9.8, 1.0.1, 1.0.2 hasta la 1.0.2h y la 1.1.0 en la forma en la que el protocolo TLS/SSL defini\u00f3 el procesamiento de paquetes ALERT durante una negociaci\u00f3n de conexi\u00f3n. Un atacante remoto podr\u00eda emplear este fallo para hacer que un servidor TLS/SSL consuma una cantidad excesiva de recursos de CPU y fracase a la hora de aceptar conexiones de otros clientes."
}
],
"id": "CVE-2016-8610",
"lastModified": "2024-01-26T17:44:24.227",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-13T22:29:00.203",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0286.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0574.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-1415.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-1659.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/oss-sec/2016/q4/224"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93841"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037084"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1413"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1414"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1658"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1801"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1802"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2493"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2494"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8610"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=af58be768ebb690f78530f796e92b8ae5c9a4401"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.360.cn/cve/CVE-2016-8610/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:35.openssl.asc"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20171130-0001/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2016-8610"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03897en_us"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2017/dsa-3773"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "secalert@redhat.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
}
}
}
CNVD-2016-09982
Vulnerability from cnvd - Published: 2016-10-25
VLAI Severity ?
Title
OpenSSL存在远程匿名拒绝服务漏洞(SSL Death Alert)
Description
OpenSSL是一种开放源码的SSL实现,用来实现网络通信的高强度加密。
OpenSSL存在远程匿名拒绝服务漏洞。OpenSSL针对SSL/TLS协议握手过程的实现中,允许客户端重复发送打包的"SSL3_RT_ALERT"->"SSL3_AL_WARNING"类型明文未定义警告包,且OpenSSL在实现中遇到未定义警告包时仍选择忽略并继续处理接下来的通信内容(如果有的话)。攻击者利用漏洞可在一个消息中打包大量未定义类型警告包,使服务或进程陷入无意义的循环,从而导致占用服务或进程100%的CPU使用率。
Severity
高
Patch Name
OpenSSL存在SSL Death Alert远程匿名拒绝服务漏洞的补丁
Patch Description
OpenSSL是一种开放源码的SSL实现,用来实现网络通信的高强度加密,现在被广泛地用于各种网络应用程序中。
OpenSSL存在SSL Death Alert远程匿名拒绝服务漏洞。由于在OpenSSL针对SSL/TLS协议握手过程的实现中,允许客户端重复发送打包的 "SSL3_RT_ALERT" -> "SSL3_AL_WARNING" 类型明文未定义警告包,且OpenSSL在实现中遇到未定义警告包时仍选择忽略并继续处理接下来的通信内容(如果有的话)。攻击者利用漏洞可在一个消息中打包大量未定义类型警告包,使服务或进程陷入无意义的循环,从而导致占用掉服务或进程100%的CPU使用率。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
用户可关注厂商主页,将软件升级至1.1.0b、1.0.2j版本: https://www.openssl.org/source/
Reference
http://www.securityfocus.com/bid/93841
Impacted products
| Name | ['OpenSSL OpenSSL 1.1.0', 'OpenSSL OpenSSL OpenSSL 1.0.2 - 1.0.2h', 'OpenSSL OpenSSL OpenSSL All 1.0.1', 'OpenSSL OpenSSL OpenSSL All 0.9.8'] |
|---|
{
"bids": {
"bid": {
"bidNumber": "93841"
}
},
"cves": {
"cve": {
"cveNumber": "CVE-2016-8610"
}
},
"description": "OpenSSL\u662f\u4e00\u79cd\u5f00\u653e\u6e90\u7801\u7684SSL\u5b9e\u73b0\uff0c\u7528\u6765\u5b9e\u73b0\u7f51\u7edc\u901a\u4fe1\u7684\u9ad8\u5f3a\u5ea6\u52a0\u5bc6\u3002\r\n\r\nOpenSSL\u5b58\u5728\u8fdc\u7a0b\u533f\u540d\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002OpenSSL\u9488\u5bf9SSL/TLS\u534f\u8bae\u63e1\u624b\u8fc7\u7a0b\u7684\u5b9e\u73b0\u4e2d\uff0c\u5141\u8bb8\u5ba2\u6237\u7aef\u91cd\u590d\u53d1\u9001\u6253\u5305\u7684\"SSL3_RT_ALERT\"-\u003e\"SSL3_AL_WARNING\"\u7c7b\u578b\u660e\u6587\u672a\u5b9a\u4e49\u8b66\u544a\u5305\uff0c\u4e14OpenSSL\u5728\u5b9e\u73b0\u4e2d\u9047\u5230\u672a\u5b9a\u4e49\u8b66\u544a\u5305\u65f6\u4ecd\u9009\u62e9\u5ffd\u7565\u5e76\u7ee7\u7eed\u5904\u7406\u63a5\u4e0b\u6765\u7684\u901a\u4fe1\u5185\u5bb9\uff08\u5982\u679c\u6709\u7684\u8bdd\uff09\u3002\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u53ef\u5728\u4e00\u4e2a\u6d88\u606f\u4e2d\u6253\u5305\u5927\u91cf\u672a\u5b9a\u4e49\u7c7b\u578b\u8b66\u544a\u5305\uff0c\u4f7f\u670d\u52a1\u6216\u8fdb\u7a0b\u9677\u5165\u65e0\u610f\u4e49\u7684\u5faa\u73af\uff0c\u4ece\u800c\u5bfc\u81f4\u5360\u7528\u670d\u52a1\u6216\u8fdb\u7a0b100%\u7684CPU\u4f7f\u7528\u7387\u3002",
"discovererName": "\u77f3\u78ca",
"formalWay": "\u7528\u6237\u53ef\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff0c\u5c06\u8f6f\u4ef6\u5347\u7ea7\u81f31.1.0b\u30011.0.2j\u7248\u672c\uff1a\r\nhttps://www.openssl.org/source/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2016-09982",
"openTime": "2016-10-25",
"patchDescription": "OpenSSL\u662f\u4e00\u79cd\u5f00\u653e\u6e90\u7801\u7684SSL\u5b9e\u73b0\uff0c\u7528\u6765\u5b9e\u73b0\u7f51\u7edc\u901a\u4fe1\u7684\u9ad8\u5f3a\u5ea6\u52a0\u5bc6\uff0c\u73b0\u5728\u88ab\u5e7f\u6cdb\u5730\u7528\u4e8e\u5404\u79cd\u7f51\u7edc\u5e94\u7528\u7a0b\u5e8f\u4e2d\u3002 \r\n\r\nOpenSSL\u5b58\u5728SSL Death Alert\u8fdc\u7a0b\u533f\u540d\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u7531\u4e8e\u5728OpenSSL\u9488\u5bf9SSL/TLS\u534f\u8bae\u63e1\u624b\u8fc7\u7a0b\u7684\u5b9e\u73b0\u4e2d\uff0c\u5141\u8bb8\u5ba2\u6237\u7aef\u91cd\u590d\u53d1\u9001\u6253\u5305\u7684 \"SSL3_RT_ALERT\" -\u003e \"SSL3_AL_WARNING\" \u7c7b\u578b\u660e\u6587\u672a\u5b9a\u4e49\u8b66\u544a\u5305\uff0c\u4e14OpenSSL\u5728\u5b9e\u73b0\u4e2d\u9047\u5230\u672a\u5b9a\u4e49\u8b66\u544a\u5305\u65f6\u4ecd\u9009\u62e9\u5ffd\u7565\u5e76\u7ee7\u7eed\u5904\u7406\u63a5\u4e0b\u6765\u7684\u901a\u4fe1\u5185\u5bb9\uff08\u5982\u679c\u6709\u7684\u8bdd\uff09\u3002\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u53ef\u5728\u4e00\u4e2a\u6d88\u606f\u4e2d\u6253\u5305\u5927\u91cf\u672a\u5b9a\u4e49\u7c7b\u578b\u8b66\u544a\u5305\uff0c\u4f7f\u670d\u52a1\u6216\u8fdb\u7a0b\u9677\u5165\u65e0\u610f\u4e49\u7684\u5faa\u73af\uff0c\u4ece\u800c\u5bfc\u81f4\u5360\u7528\u6389\u670d\u52a1\u6216\u8fdb\u7a0b100%\u7684CPU\u4f7f\u7528\u7387\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "OpenSSL\u5b58\u5728SSL Death Alert\u8fdc\u7a0b\u533f\u540d\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"OpenSSL OpenSSL 1.1.0",
"OpenSSL OpenSSL OpenSSL 1.0.2 - 1.0.2h",
"OpenSSL OpenSSL OpenSSL All 1.0.1",
"OpenSSL OpenSSL OpenSSL All 0.9.8"
]
},
"referenceLink": "http://www.securityfocus.com/bid/93841",
"serverity": "\u9ad8",
"submitTime": "2016-10-25",
"title": "OpenSSL\u5b58\u5728\u8fdc\u7a0b\u533f\u540d\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08SSL Death Alert\uff09"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…