Vulnerability-Lookup

CVE-2014-3572 (GCVE-0-2014-3572)

Vulnerability from cvelistv5 – Published: 2015-01-09 02:00 – Updated: 2024-08-06 10:50

Summary

The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	http://marc.info/?l=bugtraq&m=142895206924048&w=2	vendor-advisoryx_refsource_HP
	http://www.oracle.com/technetwork/topics/security…	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://tools.cisco.com/security/center/content/Ci…	vendor-advisoryx_refsource_CISCO
	http://marc.info/?l=bugtraq&m=142720981827617&w=2	vendor-advisoryx_refsource_HP
	http://marc.info/?l=bugtraq&m=144050155601375&w=2	vendor-advisoryx_refsource_HP
	https://support.apple.com/HT204659	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/71942	vdb-entryx_refsource_BID
	http://www.oracle.com/technetwork/security-adviso…	x_refsource_CONFIRM
	http://www.oracle.com/technetwork/topics/security…	x_refsource_CONFIRM
	http://marc.info/?l=bugtraq&m=143748090628601&w=2	vendor-advisoryx_refsource_HP
	https://github.com/openssl/openssl/commit/b15f876…	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1033378	vdb-entryx_refsource_SECTRACK
	http://marc.info/?l=bugtraq&m=142721102728110&w=2	vendor-advisoryx_refsource_HP
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	https://www.openssl.org/news/secadv_20150108.txt	x_refsource_CONFIRM
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://www.oracle.com/technetwork/topics/security…	x_refsource_CONFIRM
	http://kb.juniper.net/InfoCenter/index?page=conte…	x_refsource_CONFIRM
	http://www.oracle.com/technetwork/security-adviso…	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://rhn.redhat.com/errata/RHSA-2015-0066.html	vendor-advisoryx_refsource_REDHAT
	http://marc.info/?l=bugtraq&m=142496289803847&w=2	vendor-advisoryx_refsource_HP
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	https://kc.mcafee.com/corporate/index?page=conten…	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	https://kc.mcafee.com/corporate/index?page=conten…	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://marc.info/?l=bugtraq&m=144050297101809&w=2	vendor-advisoryx_refsource_HP
	http://www.oracle.com/technetwork/topics/security…	x_refsource_CONFIRM
	http://marc.info/?l=bugtraq&m=144050205101530&w=2	vendor-advisoryx_refsource_HP
	http://marc.info/?l=bugtraq&m=142496179803395&w=2	vendor-advisoryx_refsource_HP
	http://marc.info/?l=bugtraq&m=142720981827617&w=2	vendor-advisoryx_refsource_HP
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	https://support.citrix.com/article/CTX216642	x_refsource_CONFIRM
	http://marc.info/?l=bugtraq&m=144050254401665&w=2	vendor-advisoryx_refsource_HP
	http://marc.info/?l=bugtraq&m=142496289803847&w=2	vendor-advisoryx_refsource_HP
	https://bto.bluecoat.com/security-advisory/sa88	x_refsource_CONFIRM
	http://www.debian.org/security/2015/dsa-3125	vendor-advisoryx_refsource_DEBIAN

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:50:17.438Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "HPSBOV03318",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142895206924048\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
          },
          {
            "name": "openSUSE-SU-2015:0130",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html"
          },
          {
            "name": "20150310 Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl"
          },
          {
            "name": "HPSBGN03299",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142720981827617\u0026w=2"
          },
          {
            "name": "HPSBMU03409",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT204659"
          },
          {
            "name": "71942",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/71942"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
          },
          {
            "name": "HPSBMU03380",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/openssl/openssl/commit/b15f8769644b00ef7283521593360b7b2135cb63"
          },
          {
            "name": "1033378",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1033378"
          },
          {
            "name": "HPSBHF03289",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142721102728110\u0026w=2"
          },
          {
            "name": "openSUSE-SU-2016:0640",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv_20150108.txt"
          },
          {
            "name": "MDVSA-2015:019",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:019"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10679"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "name": "openSUSE-SU-2015:1277",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
          },
          {
            "name": "RHSA-2015:0066",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0066.html"
          },
          {
            "name": "HPSBUX03244",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2"
          },
          {
            "name": "APPLE-SA-2015-04-08-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10108"
          },
          {
            "name": "SUSE-SU-2015:0578",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10102"
          },
          {
            "name": "SUSE-SU-2015:0946",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
          },
          {
            "name": "HPSBMU03397",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
          },
          {
            "name": "HPSBMU03396",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050205101530\u0026w=2"
          },
          {
            "name": "HPSBUX03162",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142496179803395\u0026w=2"
          },
          {
            "name": "SSRT101987",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142720981827617\u0026w=2"
          },
          {
            "name": "MDVSA-2015:062",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.citrix.com/article/CTX216642"
          },
          {
            "name": "HPSBMU03413",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2"
          },
          {
            "name": "SSRT101885",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa88"
          },
          {
            "name": "DSA-3125",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3125"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-01-08T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-14T10:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "HPSBOV03318",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142895206924048\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
        },
        {
          "name": "openSUSE-SU-2015:0130",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html"
        },
        {
          "name": "20150310 Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl"
        },
        {
          "name": "HPSBGN03299",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142720981827617\u0026w=2"
        },
        {
          "name": "HPSBMU03409",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT204659"
        },
        {
          "name": "71942",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/71942"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
        },
        {
          "name": "HPSBMU03380",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/openssl/openssl/commit/b15f8769644b00ef7283521593360b7b2135cb63"
        },
        {
          "name": "1033378",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1033378"
        },
        {
          "name": "HPSBHF03289",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142721102728110\u0026w=2"
        },
        {
          "name": "openSUSE-SU-2016:0640",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.openssl.org/news/secadv_20150108.txt"
        },
        {
          "name": "MDVSA-2015:019",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:019"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10679"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "name": "openSUSE-SU-2015:1277",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
        },
        {
          "name": "RHSA-2015:0066",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0066.html"
        },
        {
          "name": "HPSBUX03244",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2"
        },
        {
          "name": "APPLE-SA-2015-04-08-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10108"
        },
        {
          "name": "SUSE-SU-2015:0578",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10102"
        },
        {
          "name": "SUSE-SU-2015:0946",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
        },
        {
          "name": "HPSBMU03397",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
        },
        {
          "name": "HPSBMU03396",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050205101530\u0026w=2"
        },
        {
          "name": "HPSBUX03162",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142496179803395\u0026w=2"
        },
        {
          "name": "SSRT101987",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142720981827617\u0026w=2"
        },
        {
          "name": "MDVSA-2015:062",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.citrix.com/article/CTX216642"
        },
        {
          "name": "HPSBMU03413",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2"
        },
        {
          "name": "SSRT101885",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bto.bluecoat.com/security-advisory/sa88"
        },
        {
          "name": "DSA-3125",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3125"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2014-3572",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "HPSBOV03318",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142895206924048\u0026w=2"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
            },
            {
              "name": "openSUSE-SU-2015:0130",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html"
            },
            {
              "name": "20150310 Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl"
            },
            {
              "name": "HPSBGN03299",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142720981827617\u0026w=2"
            },
            {
              "name": "HPSBMU03409",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
            },
            {
              "name": "https://support.apple.com/HT204659",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT204659"
            },
            {
              "name": "71942",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/71942"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
            },
            {
              "name": "HPSBMU03380",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
            },
            {
              "name": "https://github.com/openssl/openssl/commit/b15f8769644b00ef7283521593360b7b2135cb63",
              "refsource": "CONFIRM",
              "url": "https://github.com/openssl/openssl/commit/b15f8769644b00ef7283521593360b7b2135cb63"
            },
            {
              "name": "1033378",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1033378"
            },
            {
              "name": "HPSBHF03289",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142721102728110\u0026w=2"
            },
            {
              "name": "openSUSE-SU-2016:0640",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
            },
            {
              "name": "https://www.openssl.org/news/secadv_20150108.txt",
              "refsource": "CONFIRM",
              "url": "https://www.openssl.org/news/secadv_20150108.txt"
            },
            {
              "name": "MDVSA-2015:019",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:019"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
            },
            {
              "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10679",
              "refsource": "CONFIRM",
              "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10679"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
            },
            {
              "name": "openSUSE-SU-2015:1277",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
            },
            {
              "name": "RHSA-2015:0066",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-0066.html"
            },
            {
              "name": "HPSBUX03244",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2"
            },
            {
              "name": "APPLE-SA-2015-04-08-2",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10108",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10108"
            },
            {
              "name": "SUSE-SU-2015:0578",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10102",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10102"
            },
            {
              "name": "SUSE-SU-2015:0946",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
            },
            {
              "name": "HPSBMU03397",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
            },
            {
              "name": "HPSBMU03396",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=144050205101530\u0026w=2"
            },
            {
              "name": "HPSBUX03162",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142496179803395\u0026w=2"
            },
            {
              "name": "SSRT101987",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142720981827617\u0026w=2"
            },
            {
              "name": "MDVSA-2015:062",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
            },
            {
              "name": "https://support.citrix.com/article/CTX216642",
              "refsource": "CONFIRM",
              "url": "https://support.citrix.com/article/CTX216642"
            },
            {
              "name": "HPSBMU03413",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2"
            },
            {
              "name": "SSRT101885",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2"
            },
            {
              "name": "https://bto.bluecoat.com/security-advisory/sa88",
              "refsource": "CONFIRM",
              "url": "https://bto.bluecoat.com/security-advisory/sa88"
            },
            {
              "name": "DSA-3125",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2015/dsa-3125"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2014-3572",
    "datePublished": "2015-01-09T02:00:00.000Z",
    "dateReserved": "2014-05-14T00:00:00.000Z",
    "dateUpdated": "2024-08-06T10:50:17.438Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GHSA-38R9-R99V-9JF8

Vulnerability from github – Published: 2022-05-17 00:24 – Updated: 2022-05-17 00:24

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2014-3572"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-01-09T02:59:00Z",
    "severity": "MODERATE"
  },
  "details": "The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message.",
  "id": "GHSA-38r9-r99v-9jf8",
  "modified": "2022-05-17T00:24:12Z",
  "published": "2022-05-17T00:24:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3572"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openssl/openssl/commit/b15f8769644b00ef7283521593360b7b2135cb63"
    },
    {
      "type": "WEB",
      "url": "https://bto.bluecoat.com/security-advisory/sa88"
    },
    {
      "type": "WEB",
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10102"
    },
    {
      "type": "WEB",
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10108"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT204659"
    },
    {
      "type": "WEB",
      "url": "https://support.citrix.com/article/CTX216642"
    },
    {
      "type": "WEB",
      "url": "https://www.openssl.org/news/secadv_20150108.txt"
    },
    {
      "type": "WEB",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10679"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=142496179803395\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=142720981827617\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=142721102728110\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=142895206924048\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=144050205101530\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0066.html"
    },
    {
      "type": "WEB",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2015/dsa-3125"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:019"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/71942"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1033378"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTFR-2015-AVI-146

Vulnerability from certfr_avis - Published: 2015-04-13 - Updated: 2015-04-13

De multiples vulnérabilités ont été corrigées dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un déni de service.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Juniper Networks	N/A	Juniper NSM versions antérieures à 2012.2R12
Juniper Networks	Junos OS	Juniper Junos OS versions antérieures à 12.3R9
Juniper Networks	N/A	Juniper CTPOS versions antérieures à 6.6R5
Juniper Networks	Junos OS	Juniper Junos OS versions antérieures à 12.2X50-D70
Juniper Networks	Junos OS	Juniper Junos OS versions antérieures à 11.4R12
Juniper Networks	Junos OS	Juniper Junos OS versions antérieures à 13.2X51-D30
Juniper Networks	Junos OS	Juniper Junos OS versions antérieures à 12.3R7
Juniper Networks	N/A	Juniper NSM versions antérieures à 2012.2R11
Juniper Networks	Junos OS	Juniper Junos OS versions antérieures à 12.3R10
Juniper Networks	Junos OS	Juniper Junos OS versions antérieures à 13.2R6
Juniper Networks	N/A	Juniper CTPView versions antérieures à 7.1R1
Juniper Networks	Junos OS	Juniper Junos OS versions antérieures à 13.3R6
Juniper Networks	Junos OS	Juniper Junos OS versions antérieures à 14.2R1
Juniper Networks	Junos OS	Juniper Junos OS versions antérieures à 12.3X48-D10
Juniper Networks	N/A	Juniper CTPOS versions antérieures à 7.0R4
Juniper Networks	Junos OS	Juniper Junos OS versions antérieures à 14.1X53-D10
Juniper Networks	Junos OS	Juniper Junos OS versions antérieures à 12.1X46-D35
Juniper Networks	Junos OS	Juniper Junos OS versions antérieures à 12.1X47-D25
Juniper Networks	Junos OS	Juniper Junos OS versions antérieures à 14.1R5
Juniper Networks	N/A	Juniper CTPOS versions antérieures à 7.1R1
Juniper Networks	Junos OS	Juniper Junos OS versions antérieures à 12.1X44-D50
Juniper Networks	Junos OS	Juniper Junos OS versions antérieures à 13.3R5
Juniper Networks	Junos OS	Juniper Junos OS versions antérieures à 13.2X52-D15
Juniper Networks	Junos OS	Juniper Junos OS versions antérieures à 14.1R3
Juniper Networks	Junos OS	Juniper Junos OS versions antérieures à 14.2R3
Juniper Networks	Junos OS	Juniper Junos OS versions antérieures à 13.2R8
Juniper Networks	Junos OS	Juniper Junos OS versions antérieures à 12.2R9
Juniper Networks	Junos OS	Juniper Junos OS versions antérieures à 13.1X50-D30
Juniper Networks	N/A	Juniper IDP OS versions antérieures à 5.1r4

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper JSA10679 du 07 avril 2015	None	vendor-advisory
Bulletin de sécurité Juniper JSA10676 du 07 avril 2015	None	vendor-advisory
Bulletin de sécurité Juniper JSA10673 du 07 avril 2015	None	vendor-advisory
Bulletin de sécurité Juniper JSA10672 du 07 avril 2015	None	vendor-advisory
Bulletin de sécurité Juniper JSA10680 du 07 avril 2015	None	vendor-advisory
Bulletin de sécurité Juniper JSA10677 du 07 avril 2015	None	vendor-advisory
Bulletin de sécurité Juniper JSA10678 du 07 avril 2015	None	vendor-advisory
Bulletin de sécurité Juniper JSA10675 du 07 avril 2015	None	vendor-advisory
Bulletin de sécurité Juniper JSA10674 du 07 avril 2015	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Juniper NSM versions ant\u00e9rieures \u00e0 2012.2R12",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos OS versions ant\u00e9rieures \u00e0 12.3R9",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper CTPOS versions ant\u00e9rieures \u00e0 6.6R5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos OS versions ant\u00e9rieures \u00e0 12.2X50-D70",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos OS versions ant\u00e9rieures \u00e0 11.4R12",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos OS versions ant\u00e9rieures \u00e0 13.2X51-D30",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos OS versions ant\u00e9rieures \u00e0 12.3R7",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper NSM versions ant\u00e9rieures \u00e0 2012.2R11",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos OS versions ant\u00e9rieures \u00e0 12.3R10",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos OS versions ant\u00e9rieures \u00e0 13.2R6",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper CTPView versions ant\u00e9rieures \u00e0 7.1R1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos OS versions ant\u00e9rieures \u00e0 13.3R6",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos OS versions ant\u00e9rieures \u00e0 14.2R1",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos OS versions ant\u00e9rieures \u00e0 12.3X48-D10",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper CTPOS versions ant\u00e9rieures \u00e0 7.0R4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos OS versions ant\u00e9rieures \u00e0 14.1X53-D10",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos OS versions ant\u00e9rieures \u00e0 12.1X46-D35",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos OS versions ant\u00e9rieures \u00e0 12.1X47-D25",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos OS versions ant\u00e9rieures \u00e0 14.1R5",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper CTPOS versions ant\u00e9rieures \u00e0 7.1R1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos OS versions ant\u00e9rieures \u00e0 12.1X44-D50",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos OS versions ant\u00e9rieures \u00e0 13.3R5",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos OS versions ant\u00e9rieures \u00e0 13.2X52-D15",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos OS versions ant\u00e9rieures \u00e0 14.1R3",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos OS versions ant\u00e9rieures \u00e0 14.2R3",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos OS versions ant\u00e9rieures \u00e0 13.2R8",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos OS versions ant\u00e9rieures \u00e0 12.2R9",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos OS versions ant\u00e9rieures \u00e0 13.1X50-D30",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper IDP OS versions ant\u00e9rieures \u00e0 5.1r4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2015-0208",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0208"
    },
    {
      "name": "CVE-2015-0292",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0292"
    },
    {
      "name": "CVE-2014-3571",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3571"
    },
    {
      "name": "CVE-2015-0286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0286"
    },
    {
      "name": "CVE-2015-3002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3002"
    },
    {
      "name": "CVE-2014-3570",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3570"
    },
    {
      "name": "CVE-2015-3004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3004"
    },
    {
      "name": "CVE-2009-3563",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3563"
    },
    {
      "name": "CVE-2015-0288",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0288"
    },
    {
      "name": "CVE-2015-0206",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0206"
    },
    {
      "name": "CVE-2015-0290",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0290"
    },
    {
      "name": "CVE-2014-6271",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6271"
    },
    {
      "name": "CVE-2012-5195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5195"
    },
    {
      "name": "CVE-2011-0539",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0539"
    },
    {
      "name": "CVE-2015-0207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0207"
    },
    {
      "name": "CVE-2010-4478",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4478"
    },
    {
      "name": "CVE-2015-0285",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0285"
    },
    {
      "name": "CVE-2014-4478",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4478"
    },
    {
      "name": "CVE-2015-3003",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3003"
    },
    {
      "name": "CVE-2012-0814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0814"
    },
    {
      "name": "CVE-2015-0204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0204"
    },
    {
      "name": "CVE-2015-0293",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0293"
    },
    {
      "name": "CVE-2015-0287",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0287"
    },
    {
      "name": "CVE-2015-1787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1787"
    },
    {
      "name": "CVE-2014-8275",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8275"
    },
    {
      "name": "CVE-2015-0205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0205"
    },
    {
      "name": "CVE-2015-0209",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0209"
    },
    {
      "name": "CVE-2015-0291",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0291"
    },
    {
      "name": "CVE-2015-0289",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0289"
    },
    {
      "name": "CVE-2014-3572",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3572"
    },
    {
      "name": "CVE-2014-3569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3569"
    },
    {
      "name": "CVE-2015-3005",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3005"
    },
    {
      "name": "CVE-2014-8500",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8500"
    },
    {
      "name": "CVE-2012-2131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2131"
    },
    {
      "name": "CVE-2015-3006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3006"
    }
  ],
  "initial_release_date": "2015-04-13T00:00:00",
  "last_revision_date": "2015-04-13T00:00:00",
  "links": [],
  "reference": "CERTFR-2015-AVI-146",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-04-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eJuniper\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un\nd\u00e9ni de service \u00e0 distance et un d\u00e9ni de service.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10679 du 07 avril 2015",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10679"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10676 du 07 avril 2015",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10676"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10673 du 07 avril 2015",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10673"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10672 du 07 avril 2015",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10672"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10680 du 07 avril 2015",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10680"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10677 du 07 avril 2015",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10677"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10678 du 07 avril 2015",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10678"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10675 du 07 avril 2015",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10675"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10674 du 07 avril 2015",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10674"
    }
  ]
}

CERTFR-2015-AVI-139

Vulnerability from certfr_avis - Published: 2015-04-09 - Updated: 2015-04-09

De multiples vulnérabilités ont été corrigées dans Apple Macintosh OS X. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et une atteinte à la confidentialité des données.g

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Apple Macintosh OS X

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Apple APPLE-SA-2015-04-08-2 du 09 avril 2015	None	vendor-advisory
Bulletin de sécurité Apple APPLE-SA-2015-04-08-2 du 09 avril 2015	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eApple Macintosh OS X\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2014-3479",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3479"
    },
    {
      "name": "CVE-2015-1134",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1134"
    },
    {
      "name": "CVE-2015-1098",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1098"
    },
    {
      "name": "CVE-2014-0238",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0238"
    },
    {
      "name": "CVE-2015-1132",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1132"
    },
    {
      "name": "CVE-2014-0207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0207"
    },
    {
      "name": "CVE-2015-1545",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1545"
    },
    {
      "name": "CVE-2014-0118",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0118"
    },
    {
      "name": "CVE-2014-3571",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3571"
    },
    {
      "name": "CVE-2015-1117",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1117"
    },
    {
      "name": "CVE-2015-1131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1131"
    },
    {
      "name": "CVE-2014-3669",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3669"
    },
    {
      "name": "CVE-2015-1136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1136"
    },
    {
      "name": "CVE-2015-1144",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1144"
    },
    {
      "name": "CVE-2015-1104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1104"
    },
    {
      "name": "CVE-2015-1105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1105"
    },
    {
      "name": "CVE-2014-4380",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4380"
    },
    {
      "name": "CVE-2014-5120",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-5120"
    },
    {
      "name": "CVE-2015-1146",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1146"
    },
    {
      "name": "CVE-2014-3538",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3538"
    },
    {
      "name": "CVE-2015-1093",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1093"
    },
    {
      "name": "CVE-2015-1141",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1141"
    },
    {
      "name": "CVE-2014-0237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0237"
    },
    {
      "name": "CVE-2014-0117",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0117"
    },
    {
      "name": "CVE-2014-4405",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4405"
    },
    {
      "name": "CVE-2015-1102",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1102"
    },
    {
      "name": "CVE-2014-0098",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0098"
    },
    {
      "name": "CVE-2015-1137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1137"
    },
    {
      "name": "CVE-2014-2497",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2497"
    },
    {
      "name": "CVE-2015-1091",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1091"
    },
    {
      "name": "CVE-2015-1100",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1100"
    },
    {
      "name": "CVE-2015-1133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1133"
    },
    {
      "name": "CVE-2014-4404",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4404"
    },
    {
      "name": "CVE-2014-3710",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3710"
    },
    {
      "name": "CVE-2015-1088",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1088"
    },
    {
      "name": "CVE-2013-5704",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5704"
    },
    {
      "name": "CVE-2014-0231",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0231"
    },
    {
      "name": "CVE-2014-4670",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4670"
    },
    {
      "name": "CVE-2015-1099",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1099"
    },
    {
      "name": "CVE-2015-1138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1138"
    },
    {
      "name": "CVE-2014-8830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8830"
    },
    {
      "name": "CVE-2015-1145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1145"
    },
    {
      "name": "CVE-2015-0204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0204"
    },
    {
      "name": "CVE-2014-3480",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3480"
    },
    {
      "name": "CVE-2014-3478",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3478"
    },
    {
      "name": "CVE-2015-1101",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1101"
    },
    {
      "name": "CVE-2015-1140",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1140"
    },
    {
      "name": "CVE-2015-1089",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1089"
    },
    {
      "name": "CVE-2014-8275",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8275"
    },
    {
      "name": "CVE-2015-1546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1546"
    },
    {
      "name": "CVE-2014-4698",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4698"
    },
    {
      "name": "CVE-2014-3668",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3668"
    },
    {
      "name": "CVE-2015-1143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1143"
    },
    {
      "name": "CVE-2015-1130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1130"
    },
    {
      "name": "CVE-2013-6438",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-6438"
    },
    {
      "name": "CVE-2014-3572",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3572"
    },
    {
      "name": "CVE-2014-3569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3569"
    },
    {
      "name": "CVE-2014-3670",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3670"
    },
    {
      "name": "CVE-2014-3587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3587"
    },
    {
      "name": "CVE-2015-1135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1135"
    },
    {
      "name": "CVE-2014-3487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3487"
    },
    {
      "name": "CVE-2014-4049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4049"
    },
    {
      "name": "CVE-2014-3597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3597"
    },
    {
      "name": "CVE-2014-3523",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3523"
    }
  ],
  "initial_release_date": "2015-04-09T00:00:00",
  "last_revision_date": "2015-04-09T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple APPLE-SA-2015-04-08-2 du 09    avril 2015",
      "url": "https://support.apple.com/en-us/HT204659"
    }
  ],
  "reference": "CERTFR-2015-AVI-139",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-04-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eApple Macintosh OS X\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire, un d\u00e9ni de\nservice et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.g\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple Macintosh OS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple APPLE-SA-2015-04-08-2 du 09 avril 2015",
      "url": null
    }
  ]
}

CERTFR-2015-AVI-008

Vulnerability from certfr_avis - Published: 2015-01-08 - Updated: 2015-01-08

De multiples vulnérabilités ont été corrigées dans OpenSSL. Elles permettent à un attaquant de provoquer un déni de service à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
OpenSSL	OpenSSL	OpenSSL 1.0.0 (versions antérieures à 1.0.0p)
OpenSSL	OpenSSL	OpenSSL 1.0.1 (versions antérieures à 1.0.1k)
OpenSSL	OpenSSL	OpenSSL 0.9.8 (versions antérieures à 0.9.8zd)

References

Title

Publication Time

Tags

Bulletin de sécurité OpenSSL du 08 janvier 2015

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "OpenSSL 1.0.0 (versions ant\u00e9rieures \u00e0 1.0.0p)",
      "product": {
        "name": "OpenSSL",
        "vendor": {
          "name": "OpenSSL",
          "scada": false
        }
      }
    },
    {
      "description": "OpenSSL 1.0.1 (versions ant\u00e9rieures \u00e0 1.0.1k)",
      "product": {
        "name": "OpenSSL",
        "vendor": {
          "name": "OpenSSL",
          "scada": false
        }
      }
    },
    {
      "description": "OpenSSL 0.9.8 (versions ant\u00e9rieures \u00e0 0.9.8zd)",
      "product": {
        "name": "OpenSSL",
        "vendor": {
          "name": "OpenSSL",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2014-3571",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3571"
    },
    {
      "name": "CVE-2014-3570",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3570"
    },
    {
      "name": "CVE-2015-0206",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0206"
    },
    {
      "name": "CVE-2015-0204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0204"
    },
    {
      "name": "CVE-2014-8275",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8275"
    },
    {
      "name": "CVE-2015-0205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0205"
    },
    {
      "name": "CVE-2014-3572",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3572"
    },
    {
      "name": "CVE-2014-3569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3569"
    }
  ],
  "initial_release_date": "2015-01-08T00:00:00",
  "last_revision_date": "2015-01-08T00:00:00",
  "links": [],
  "reference": "CERTFR-2015-AVI-008",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-01-08T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eOpenSSL\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un d\u00e9ni de service \u00e0 distance, un contournement de la\npolitique de s\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans OpenSSL",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 OpenSSL du 08 janvier 2015",
      "url": "https://mta.opensslfoundation.net/pipermail/openssl-announce/2015-January/000007.html"
    }
  ]
}

CERTFR-2015-AVI-108

Vulnerability from certfr_avis - Published: 2015-03-11 - Updated: 2015-03-11

De multiples vulnérabilités ont été corrigées dans les produits Cisco. Elles permettent à un attaquant de provoquer un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

De multiples produits sont impactés. Se référer au bulletin de l'éditeur pour la liste exhaustive des produits.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco cisco-sa-20150310-ssl du 10 mars 2015	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20150310-ssl du 10 mars 2015	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eDe multiples produits sont impact\u00e9s. Se r\u00e9f\u00e9rer au bulletin de  l\u0027\u00e9diteur pour la liste exhaustive des produits.\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2014-3571",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3571"
    },
    {
      "name": "CVE-2014-3570",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3570"
    },
    {
      "name": "CVE-2015-0206",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0206"
    },
    {
      "name": "CVE-2015-0204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0204"
    },
    {
      "name": "CVE-2014-8275",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8275"
    },
    {
      "name": "CVE-2015-0205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0205"
    },
    {
      "name": "CVE-2014-3572",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3572"
    },
    {
      "name": "CVE-2014-3569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3569"
    }
  ],
  "initial_release_date": "2015-03-11T00:00:00",
  "last_revision_date": "2015-03-11T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20150310-ssl du 10 mars    2015",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl"
    }
  ],
  "reference": "CERTFR-2015-AVI-108",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-03-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eCisco\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un d\u00e9ni de service \u00e0 distance et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20150310-ssl du 10 mars 2015",
      "url": null
    }
  ]
}

CERTFR-2016-AVI-303

Vulnerability from certfr_avis - Published: 2016-09-09 - Updated: 2016-09-09

De multiples vulnérabilités ont été corrigées dans les produits Citrix. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Citrix	XenServer	Citrix XenServer version 6.0 sans le correctif de sécurité XS60E063
Citrix	NetScaler	Micrologiciel LOM versions antérieures à 3.39 pour solutions matérielles embarquées NetScaler MPX/SDX de type 11500/13500/14500/16500/18500/20500, 115xx, 17550/19550/20550/21550 et T1110, ainsi que CloudBridge CB4000 et CB5000
Citrix	XenServer	Citrix XenServer version 6.2 SP1 sans le correctif de sécurité XS62ESP1048
Citrix	XenServer	Citrix XenServer version 6.1 sans le correctif de sécurité XS61E073
Citrix	NetScaler	Micrologiciel LOM versions antérieures à 4.08 pour solutions matérielles embarquées NetScaler MPX/SDX de type 14xxx, 25xxx, T1120 et T1300
Citrix	XenServer	Citrix XenServer version 6.0.2 Common Criteria sans le correctif de sécurité XS602ECC034
Citrix	NetScaler	Micrologiciel LOM versions antérieures à 3.21 pour solutions matérielles embarquées NetScaler MPX/SDX de type 8xxx et T1010, ainsi que CloudBridge CB2000 et CB3000
Citrix	XenServer	Citrix XenServer version 6.0.2 sans le correctif de sécurité XS602E057
Citrix	XenServer	Citrix XenServer version 6.5 SP1 sans le correctif de sécurité XS65ESP1038
Citrix	XenServer	Citrix XenServer version 7.0 sans le correctif de sécurité XS70E012
Citrix	NetScaler	Micrologiciel LOM versions antérieures à 3.24 pour solutions matérielles embarquées NetScaler de type 22xxx et T1200

References

Title

Publication Time

Tags

Bulletin de sécurité Citrix CTX216071 du 08 septembre 2016	None	vendor-advisory
Bulletin de sécurité Citrix CTX216642 du 08 septembre 2016	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Citrix XenServer version 6.0 sans le correctif de s\u00e9curit\u00e9 XS60E063",
      "product": {
        "name": "XenServer",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Micrologiciel LOM versions ant\u00e9rieures \u00e0 3.39 pour solutions mat\u00e9rielles embarqu\u00e9es NetScaler MPX/SDX de type 11500/13500/14500/16500/18500/20500, 115xx, 17550/19550/20550/21550 et T1110, ainsi que CloudBridge CB4000 et CB5000",
      "product": {
        "name": "NetScaler",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix XenServer version 6.2 SP1 sans le correctif de s\u00e9curit\u00e9 XS62ESP1048",
      "product": {
        "name": "XenServer",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix XenServer version 6.1 sans le correctif de s\u00e9curit\u00e9 XS61E073",
      "product": {
        "name": "XenServer",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Micrologiciel LOM versions ant\u00e9rieures \u00e0 4.08 pour solutions mat\u00e9rielles embarqu\u00e9es NetScaler MPX/SDX de type 14xxx, 25xxx, T1120 et T1300",
      "product": {
        "name": "NetScaler",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix XenServer version 6.0.2 Common Criteria sans le correctif de s\u00e9curit\u00e9 XS602ECC034",
      "product": {
        "name": "XenServer",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Micrologiciel LOM versions ant\u00e9rieures \u00e0 3.21 pour solutions mat\u00e9rielles embarqu\u00e9es NetScaler MPX/SDX de type 8xxx et T1010, ainsi que CloudBridge CB2000 et CB3000",
      "product": {
        "name": "NetScaler",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix XenServer version 6.0.2 sans le correctif de s\u00e9curit\u00e9 XS602E057",
      "product": {
        "name": "XenServer",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix XenServer version 6.5 SP1 sans le correctif de s\u00e9curit\u00e9 XS65ESP1038",
      "product": {
        "name": "XenServer",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix XenServer version 7.0 sans le correctif de s\u00e9curit\u00e9 XS70E012",
      "product": {
        "name": "XenServer",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Micrologiciel LOM versions ant\u00e9rieures \u00e0 3.24 pour solutions mat\u00e9rielles embarqu\u00e9es NetScaler de type 22xxx et T1200",
      "product": {
        "name": "NetScaler",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2014-3566",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3566"
    },
    {
      "name": "CVE-2015-0292",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0292"
    },
    {
      "name": "CVE-2016-7094",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7094"
    },
    {
      "name": "CVE-2015-0286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0286"
    },
    {
      "name": "CVE-2015-1791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1791"
    },
    {
      "name": "CVE-2013-4434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4434"
    },
    {
      "name": "CVE-2014-3570",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3570"
    },
    {
      "name": "CVE-2015-0288",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0288"
    },
    {
      "name": "CVE-2016-7093",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7093"
    },
    {
      "name": "CVE-2014-3509",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3509"
    },
    {
      "name": "CVE-2015-4000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-4000"
    },
    {
      "name": "CVE-2014-3567",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3567"
    },
    {
      "name": "CVE-2015-1789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1789"
    },
    {
      "name": "CVE-2016-7154",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7154"
    },
    {
      "name": "CVE-2013-3619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3619"
    },
    {
      "name": "CVE-2015-1788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1788"
    },
    {
      "name": "CVE-2015-1792",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1792"
    },
    {
      "name": "CVE-2013-3622",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3622"
    },
    {
      "name": "CVE-2014-3511",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3511"
    },
    {
      "name": "CVE-2014-3568",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3568"
    },
    {
      "name": "CVE-2016-7092",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7092"
    },
    {
      "name": "CVE-2015-0204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0204"
    },
    {
      "name": "CVE-2015-0293",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0293"
    },
    {
      "name": "CVE-2013-4421",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4421"
    },
    {
      "name": "CVE-2015-0287",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0287"
    },
    {
      "name": "CVE-2013-3608",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3608"
    },
    {
      "name": "CVE-2014-8275",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8275"
    },
    {
      "name": "CVE-2015-0205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0205"
    },
    {
      "name": "CVE-2013-3620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3620"
    },
    {
      "name": "CVE-2013-3609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3609"
    },
    {
      "name": "CVE-2015-0209",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0209"
    },
    {
      "name": "CVE-2014-3572",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3572"
    },
    {
      "name": "CVE-2014-3508",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3508"
    },
    {
      "name": "CVE-2014-3569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3569"
    },
    {
      "name": "CVE-2013-3607",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3607"
    },
    {
      "name": "CVE-2013-3621",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3621"
    },
    {
      "name": "CVE-2013-3623",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3623"
    }
  ],
  "initial_release_date": "2016-09-09T00:00:00",
  "last_revision_date": "2016-09-09T00:00:00",
  "links": [],
  "reference": "CERTFR-2016-AVI-303",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-09-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Citrix\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Citrix",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX216071 du 08 septembre 2016",
      "url": "http://support.citrix.com/article/CTX216071"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX216642 du 08 septembre 2016",
      "url": "http://support.citrix.com/article/CTX216642"
    }
  ]
}

FKIE_CVE-2014-3572

Vulnerability from fkie_nvd - Published: 2015-01-09 02:59 - Updated: 2025-04-12 10:46

Severity ?

Summary

References

URL	Tags
secalert@redhat.com	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10679
secalert@redhat.com	http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
secalert@redhat.com	http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html
secalert@redhat.com	http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html
secalert@redhat.com	http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html
secalert@redhat.com	http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html
secalert@redhat.com	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
secalert@redhat.com	http://marc.info/?l=bugtraq&m=142496179803395&w=2
secalert@redhat.com	http://marc.info/?l=bugtraq&m=142496289803847&w=2
secalert@redhat.com	http://marc.info/?l=bugtraq&m=142720981827617&w=2
secalert@redhat.com	http://marc.info/?l=bugtraq&m=142721102728110&w=2
secalert@redhat.com	http://marc.info/?l=bugtraq&m=142895206924048&w=2
secalert@redhat.com	http://marc.info/?l=bugtraq&m=143748090628601&w=2
secalert@redhat.com	http://marc.info/?l=bugtraq&m=144050155601375&w=2
secalert@redhat.com	http://marc.info/?l=bugtraq&m=144050205101530&w=2
secalert@redhat.com	http://marc.info/?l=bugtraq&m=144050254401665&w=2
secalert@redhat.com	http://marc.info/?l=bugtraq&m=144050297101809&w=2
secalert@redhat.com	http://rhn.redhat.com/errata/RHSA-2015-0066.html
secalert@redhat.com	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl
secalert@redhat.com	http://www.debian.org/security/2015/dsa-3125
secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDVSA-2015:019
secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDVSA-2015:062
secalert@redhat.com	http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
secalert@redhat.com	http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
secalert@redhat.com	http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
secalert@redhat.com	http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
secalert@redhat.com	http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
secalert@redhat.com	http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
secalert@redhat.com	http://www.securityfocus.com/bid/71942
secalert@redhat.com	http://www.securitytracker.com/id/1033378
secalert@redhat.com	https://bto.bluecoat.com/security-advisory/sa88
secalert@redhat.com	https://github.com/openssl/openssl/commit/b15f8769644b00ef7283521593360b7b2135cb63
secalert@redhat.com	https://kc.mcafee.com/corporate/index?page=content&id=SB10102
secalert@redhat.com	https://kc.mcafee.com/corporate/index?page=content&id=SB10108
secalert@redhat.com	https://support.apple.com/HT204659
secalert@redhat.com	https://support.citrix.com/article/CTX216642
secalert@redhat.com	https://www.openssl.org/news/secadv_20150108.txt	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10679
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=142496179803395&w=2
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=142496289803847&w=2
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=142720981827617&w=2
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=142721102728110&w=2
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=142895206924048&w=2
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=143748090628601&w=2
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=144050155601375&w=2
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=144050205101530&w=2
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=144050254401665&w=2
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=144050297101809&w=2
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2015-0066.html
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2015/dsa-3125
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2015:019
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2015:062
af854a3a-2127-422b-91ae-364da2661108	http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
af854a3a-2127-422b-91ae-364da2661108	http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
af854a3a-2127-422b-91ae-364da2661108	http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
af854a3a-2127-422b-91ae-364da2661108	http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
af854a3a-2127-422b-91ae-364da2661108	http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
af854a3a-2127-422b-91ae-364da2661108	http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/71942
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1033378
af854a3a-2127-422b-91ae-364da2661108	https://bto.bluecoat.com/security-advisory/sa88
af854a3a-2127-422b-91ae-364da2661108	https://github.com/openssl/openssl/commit/b15f8769644b00ef7283521593360b7b2135cb63
af854a3a-2127-422b-91ae-364da2661108	https://kc.mcafee.com/corporate/index?page=content&id=SB10102
af854a3a-2127-422b-91ae-364da2661108	https://kc.mcafee.com/corporate/index?page=content&id=SB10108
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT204659
af854a3a-2127-422b-91ae-364da2661108	https://support.citrix.com/article/CTX216642
af854a3a-2127-422b-91ae-364da2661108	https://www.openssl.org/news/secadv_20150108.txt	Vendor Advisory

Impacted products

Vendor	Product	Version
openssl	openssl	*
openssl	openssl	1.0.0a
openssl	openssl	1.0.0b
openssl	openssl	1.0.0c
openssl	openssl	1.0.0d
openssl	openssl	1.0.0e
openssl	openssl	1.0.0f
openssl	openssl	1.0.0g
openssl	openssl	1.0.0h
openssl	openssl	1.0.0i
openssl	openssl	1.0.0j
openssl	openssl	1.0.0k
openssl	openssl	1.0.0l
openssl	openssl	1.0.0m
openssl	openssl	1.0.0n
openssl	openssl	1.0.0o
openssl	openssl	1.0.1a
openssl	openssl	1.0.1b
openssl	openssl	1.0.1c
openssl	openssl	1.0.1d
openssl	openssl	1.0.1e
openssl	openssl	1.0.1f
openssl	openssl	1.0.1g
openssl	openssl	1.0.1h
openssl	openssl	1.0.1i
openssl	openssl	1.0.1j

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCFDFDB8-6939-44E8-8B2D-C84D008AE169",
              "versionEndIncluding": "0.9.8zc",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*",
              "matchCriteriaId": "10FF0A06-DA61-4250-B083-67E55E362677",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A6BA453-C150-4159-B80B-5465EFF83F11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*",
              "matchCriteriaId": "638A2E69-8AB6-4FEA-852A-FEF16A500C1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*",
              "matchCriteriaId": "56C47D3A-B99D-401D-B6B8-1194B2DB4809",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*",
              "matchCriteriaId": "08355B10-E004-4BE6-A5AE-4D428810580B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*",
              "matchCriteriaId": "738BCFDC-1C49-4774-95AE-E099F707DEF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4B242C0-D27D-4644-AD19-5ACB853C9DC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DC683F2-4346-4E5E-A8D7-67B4F4D7827B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*",
              "matchCriteriaId": "764B7D38-BC1B-47DB-B1DF-D092BDA4BFCB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*",
              "matchCriteriaId": "6604E7BE-9F9B-444D-A63A-F65D1CFDF3BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*",
              "matchCriteriaId": "132B9217-B0E0-4E3E-9096-162AA28E158E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*",
              "matchCriteriaId": "7619F9A0-9054-4217-93D1-3EA64876C5B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D82C405-17E2-4DF1-8DF5-315BD5A41595",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C96806F-4718-4BD3-9102-55A26AA86498",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.0o:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A16CD99-AF7F-4931-AD2E-77727BA18FBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A66E6CF-39CF-412E-8EF0-8E10BA21B4A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*",
              "matchCriteriaId": "C684FB18-FDDC-4BED-A28C-C23EE6CD0094",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*",
              "matchCriteriaId": "A74A79A7-4FAF-4C81-8622-050008B96AE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEDACCB9-8D61-49EE-9957-9E58BC7BB031",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*",
              "matchCriteriaId": "4993DD56-F9E3-4AC8-AC3E-BF204B950DEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*",
              "matchCriteriaId": "E884B241-F9C3-44F8-A420-DE65F5F3D660",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A383620-B4F7-44A7-85DA-A4FF2E115D80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F0C6812-F455-49CF-B29B-9AC00306DA43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F2D462C-A1B4-4572-A615-BDE9DC5F1E55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*",
              "matchCriteriaId": "3703E445-17C0-4C85-A496-A35641C0C8DB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n ssl3_get_key_exchange function en s3_clnt.c en OpenSSL en versiones anteriores a 0.9.8zd, 1.0.0 en versiones anteriores a 1.0.0p y 1.0.1 en versiones anteriores a 1.0.1k permite a servidores SSL remotos llevar a cabo ataques de desactualizaci\u00f3n ECDHE-to-ECDH y desencadenar una p\u00e9rdida de confidencialidad directa omitiendo los mensajes ServerKeyExchange."
    }
  ],
  "id": "CVE-2014-3572",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-01-09T02:59:02.320",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10679"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=142496179803395\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=142720981827617\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=142721102728110\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=142895206924048\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=144050205101530\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0066.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2015/dsa-3125"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:019"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/71942"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securitytracker.com/id/1033378"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bto.bluecoat.com/security-advisory/sa88"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://github.com/openssl/openssl/commit/b15f8769644b00ef7283521593360b7b2135cb63"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10102"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10108"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://support.apple.com/HT204659"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://support.citrix.com/article/CTX216642"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.openssl.org/news/secadv_20150108.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10679"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=142496179803395\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=142720981827617\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=142721102728110\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=142895206924048\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=144050205101530\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0066.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2015/dsa-3125"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:019"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/71942"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1033378"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bto.bluecoat.com/security-advisory/sa88"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/openssl/openssl/commit/b15f8769644b00ef7283521593360b7b2135cb63"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10102"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10108"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://support.apple.com/HT204659"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://support.citrix.com/article/CTX216642"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.openssl.org/news/secadv_20150108.txt"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-310"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2015-00213

Vulnerability from cnvd - Published: 2015-01-12

Title

OpenSSL安全绕过漏洞

Description

OpenSSL是一种开放源码的SSL实现，用来实现网络通信的高强度加密，现在被广泛地用于各种网络应用程序中。 OpenSSL存在安全绕过漏洞，允许攻击者利用漏洞执行未经授权的操作。

Severity

中

Patch Name

OpenSSL安全绕过漏洞的补丁

Patch Description

OpenSSL是一种开放源码的SSL实现，用来实现网络通信的高强度加密，现在被广泛地用于各种网络应用程序中。OpenSSL存在安全绕过漏洞，允许攻击者利用漏洞执行未经授权的操作。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可联系供应商获得补丁信息： http://openssl.org/

Reference

http://www.securityfocus.com/bid/71942 https://www.openssl.org/news/secadv_20150108.txt

Impacted products

Name
['OpenSSL OpenSSL <0.9.8zd', 'OpenSSL OpenSSL 1.0.0(<1.0.0p)', 'OpenSSL OpenSSL 1.0.1(<1.0.1k)']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "71942"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2014-3572"
    }
  },
  "description": "OpenSSL\u662f\u4e00\u79cd\u5f00\u653e\u6e90\u7801\u7684SSL\u5b9e\u73b0\uff0c\u7528\u6765\u5b9e\u73b0\u7f51\u7edc\u901a\u4fe1\u7684\u9ad8\u5f3a\u5ea6\u52a0\u5bc6\uff0c\u73b0\u5728\u88ab\u5e7f\u6cdb\u5730\u7528\u4e8e\u5404\u79cd\u7f51\u7edc\u5e94\u7528\u7a0b\u5e8f\u4e2d\u3002 \r\n\r\nOpenSSL\u5b58\u5728\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u6267\u884c\u672a\u7ecf\u6388\u6743\u7684\u64cd\u4f5c\u3002",
  "discovererName": "Karthikeyan Bhargavan of the PROSECCO team at INRIA",
  "formalWay": "\u7528\u6237\u53ef\u8054\u7cfb\u4f9b\u5e94\u5546\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttp://openssl.org/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-00213",
  "openTime": "2015-01-12",
  "patchDescription": "OpenSSL\u662f\u4e00\u79cd\u5f00\u653e\u6e90\u7801\u7684SSL\u5b9e\u73b0\uff0c\u7528\u6765\u5b9e\u73b0\u7f51\u7edc\u901a\u4fe1\u7684\u9ad8\u5f3a\u5ea6\u52a0\u5bc6\uff0c\u73b0\u5728\u88ab\u5e7f\u6cdb\u5730\u7528\u4e8e\u5404\u79cd\u7f51\u7edc\u5e94\u7528\u7a0b\u5e8f\u4e2d\u3002OpenSSL\u5b58\u5728\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u6267\u884c\u672a\u7ecf\u6388\u6743\u7684\u64cd\u4f5c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "OpenSSL\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "OpenSSL  OpenSSL \u003c0.9.8zd",
      "OpenSSL  OpenSSL 1.0.0(\u003c1.0.0p)",
      "OpenSSL  OpenSSL 1.0.1(\u003c1.0.1k)"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/bid/71942\r\nhttps://www.openssl.org/news/secadv_20150108.txt",
  "serverity": "\u4e2d",
  "submitTime": "2015-01-09",
  "title": "OpenSSL\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e"
}

GSD-2014-3572

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2014-3572

Aliases

CVE-2014-3572

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2014-3572",
    "description": "The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message.",
    "id": "GSD-2014-3572",
    "references": [
      "https://www.suse.com/security/cve/CVE-2014-3572.html",
      "https://www.debian.org/security/2015/dsa-3125",
      "https://access.redhat.com/errata/RHSA-2015:0066",
      "https://ubuntu.com/security/CVE-2014-3572",
      "https://advisories.mageia.org/CVE-2014-3572.html",
      "https://alas.aws.amazon.com/cve/html/CVE-2014-3572.html",
      "https://linux.oracle.com/cve/CVE-2014-3572.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2014-3572"
      ],
      "details": "The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message.",
      "id": "GSD-2014-3572",
      "modified": "2023-12-13T01:22:52.861249Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2014-3572",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "HPSBOV03318",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=142895206924048\u0026w=2"
          },
          {
            "name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
            "refsource": "CONFIRM",
            "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
          },
          {
            "name": "openSUSE-SU-2015:0130",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html"
          },
          {
            "name": "20150310 Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products",
            "refsource": "CISCO",
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl"
          },
          {
            "name": "HPSBGN03299",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=142720981827617\u0026w=2"
          },
          {
            "name": "HPSBMU03409",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
          },
          {
            "name": "https://support.apple.com/HT204659",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/HT204659"
          },
          {
            "name": "71942",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/71942"
          },
          {
            "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
            "refsource": "CONFIRM",
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
          },
          {
            "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html",
            "refsource": "CONFIRM",
            "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
          },
          {
            "name": "HPSBMU03380",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
          },
          {
            "name": "https://github.com/openssl/openssl/commit/b15f8769644b00ef7283521593360b7b2135cb63",
            "refsource": "CONFIRM",
            "url": "https://github.com/openssl/openssl/commit/b15f8769644b00ef7283521593360b7b2135cb63"
          },
          {
            "name": "1033378",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1033378"
          },
          {
            "name": "HPSBHF03289",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=142721102728110\u0026w=2"
          },
          {
            "name": "openSUSE-SU-2016:0640",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
          },
          {
            "name": "https://www.openssl.org/news/secadv_20150108.txt",
            "refsource": "CONFIRM",
            "url": "https://www.openssl.org/news/secadv_20150108.txt"
          },
          {
            "name": "MDVSA-2015:019",
            "refsource": "MANDRIVA",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:019"
          },
          {
            "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html",
            "refsource": "CONFIRM",
            "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
          },
          {
            "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10679",
            "refsource": "CONFIRM",
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10679"
          },
          {
            "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
            "refsource": "CONFIRM",
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "name": "openSUSE-SU-2015:1277",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
          },
          {
            "name": "RHSA-2015:0066",
            "refsource": "REDHAT",
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0066.html"
          },
          {
            "name": "HPSBUX03244",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2"
          },
          {
            "name": "APPLE-SA-2015-04-08-2",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
          },
          {
            "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10108",
            "refsource": "CONFIRM",
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10108"
          },
          {
            "name": "SUSE-SU-2015:0578",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
          },
          {
            "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10102",
            "refsource": "CONFIRM",
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10102"
          },
          {
            "name": "SUSE-SU-2015:0946",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
          },
          {
            "name": "HPSBMU03397",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
          },
          {
            "name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
            "refsource": "CONFIRM",
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
          },
          {
            "name": "HPSBMU03396",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=144050205101530\u0026w=2"
          },
          {
            "name": "HPSBUX03162",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=142496179803395\u0026w=2"
          },
          {
            "name": "SSRT101987",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=142720981827617\u0026w=2"
          },
          {
            "name": "MDVSA-2015:062",
            "refsource": "MANDRIVA",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
          },
          {
            "name": "https://support.citrix.com/article/CTX216642",
            "refsource": "CONFIRM",
            "url": "https://support.citrix.com/article/CTX216642"
          },
          {
            "name": "HPSBMU03413",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2"
          },
          {
            "name": "SSRT101885",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2"
          },
          {
            "name": "https://bto.bluecoat.com/security-advisory/sa88",
            "refsource": "CONFIRM",
            "url": "https://bto.bluecoat.com/security-advisory/sa88"
          },
          {
            "name": "DSA-3125",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2015/dsa-3125"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "0.9.8zc",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0o:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2014-3572"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-310"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.openssl.org/news/secadv_20150108.txt",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.openssl.org/news/secadv_20150108.txt"
            },
            {
              "name": "https://github.com/openssl/openssl/commit/b15f8769644b00ef7283521593360b7b2135cb63",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://github.com/openssl/openssl/commit/b15f8769644b00ef7283521593360b7b2135cb63"
            },
            {
              "name": "71942",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/71942"
            },
            {
              "name": "MDVSA-2015:019",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:019"
            },
            {
              "name": "DSA-3125",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2015/dsa-3125"
            },
            {
              "name": "SSRT101885",
              "refsource": "HP",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2"
            },
            {
              "name": "openSUSE-SU-2015:0130",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html"
            },
            {
              "name": "20150310 Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products",
              "refsource": "CISCO",
              "tags": [],
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl"
            },
            {
              "name": "RHSA-2015:0066",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-0066.html"
            },
            {
              "name": "SSRT101987",
              "refsource": "HP",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=142720981827617\u0026w=2"
            },
            {
              "name": "HPSBHF03289",
              "refsource": "HP",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=142721102728110\u0026w=2"
            },
            {
              "name": "SUSE-SU-2015:0578",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
            },
            {
              "name": "MDVSA-2015:062",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
            },
            {
              "name": "https://support.apple.com/HT204659",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://support.apple.com/HT204659"
            },
            {
              "name": "APPLE-SA-2015-04-08-2",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
            },
            {
              "name": "SUSE-SU-2015:0946",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
            },
            {
              "name": "HPSBMU03397",
              "refsource": "HP",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2"
            },
            {
              "name": "HPSBMU03413",
              "refsource": "HP",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2"
            },
            {
              "name": "HPSBMU03380",
              "refsource": "HP",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
            },
            {
              "name": "HPSBMU03409",
              "refsource": "HP",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
            },
            {
              "name": "HPSBOV03318",
              "refsource": "HP",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=142895206924048\u0026w=2"
            },
            {
              "name": "HPSBMU03396",
              "refsource": "HP",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=144050205101530\u0026w=2"
            },
            {
              "name": "HPSBUX03162",
              "refsource": "HP",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=142496179803395\u0026w=2"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
            },
            {
              "name": "https://bto.bluecoat.com/security-advisory/sa88",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://bto.bluecoat.com/security-advisory/sa88"
            },
            {
              "name": "openSUSE-SU-2016:0640",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
            },
            {
              "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10679",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10679"
            },
            {
              "name": "1033378",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1033378"
            },
            {
              "name": "openSUSE-SU-2015:1277",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10108",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10108"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10102",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10102"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
            },
            {
              "name": "https://support.citrix.com/article/CTX216642",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://support.citrix.com/article/CTX216642"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-11-15T02:29Z",
      "publishedDate": "2015-01-09T02:59Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2014-3572 (GCVE-0-2014-3572)

Solution

Solution

Solution

Solution

Solution

Tags

Sightings

Nomenclature