{"result": {"nessus": [{"id": "HP_VERSION_CONTROL_REPO_MANAGER_7_5_0_0.NASL", "type": "nessus", "title": "HP Version Control Repository Manager < 7.5.0 Multiple Vulnerabilities (HPSBMU03396) (FREAK)", "description": "The version of HP Version Control Repository Manager (VCRM) installed on the remote Windows host is prior to 7.5.0. It is, therefore, affected by multiple vulnerabilities :\n\n - A NULL pointer dereference flaw exists when the SSLv3 option isn't enabled and an SSLv3 ClientHello is received. This allows a remote attacker, using an unexpected handshake, to crash the daemon, resulting in a denial of service. (CVE-2014-3569)\n\n - The BIGNUM squaring (BN_sqr) implementation does not properly calculate the square of a BIGNUM value. This allows remote attackers to defeat cryptographic protection mechanisms. (CVE-2014-3570)\n\n - A NULL pointer dereference flaw exists in the dtls1_get_record() function when handling DTLS messages.\n A remote attacker, using a specially crafted DTLS message, can cause a denial of service. (CVE-2014-3571)\n\n - A flaw exists with ECDH handshakes when using an ECDSA certificate without a ServerKeyExchange message. This allows a remote attacker to trigger a loss of forward secrecy from the ciphersuite. (CVE-2014-3572)\n\n - A flaw exists when accepting non-DER variations of certificate signature algorithms and signature encodings due to a lack of enforcement of matches between signed and unsigned portions. A remote attacker, by including crafted data within a certificate's unsigned portion, can bypass fingerprint-based certificate-blacklist protection mechanisms. (CVE-2014-8275)\n\n - A security feature bypass vulnerability, known as FREAK (Factoring attack on RSA-EXPORT Keys), exists due to the support of weak EXPORT_RSA cipher suites with keys less than or equal to 512 bits. A man-in-the-middle attacker may be able to downgrade the SSL/TLS connection to use EXPORT_RSA cipher suites which can be factored in a short amount of time, allowing the attacker to intercept and decrypt the traffic. (CVE-2015-0204)\n\n - A flaw exists when accepting DH certificates for client authentication without the CertificateVerify message.\n This allows a remote attacker to authenticate to the service without a private key. (CVE-2015-0205)\n\n - A memory leak occurs in dtls1_buffer_record() when handling a saturation of DTLS records containing the same number sequence but for the next epoch. This allows a remote attacker to cause a denial of service.\n (CVE-2015-0206)\n\n - An unspecified buffer overflow condition exists in VCRM due to improper validation of user-supplied input. A remote, authenticated attacker can exploit this to cause a denial of service or execute arbitrary code.\n (CVE-2015-5409)\n\n - An unspecified flaw exists in VCRM that allows a remote, authenticated attacker to modify values without proper authorization, gain unspecified access, cause a denial of service, or execute arbitrary code. (CVE-2015-5410)\n\n - An unspecified flaw exists in VCRM that allows a remote, authenticated attacker to gain access to sensitive information. (CVE-2015-5411, CVE-2015-5413)\n\n - A flaw exists in VCRM when handling certain sensitive actions due to HTTP requests not requiring multiple steps, explicit confirmation, or a unique token. A remote, authenticated attacker can exploit this to conduct a cross-site request forgery attack via a specially crafted link. (CVE-2015-5412)", "published": "2015-09-04T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:PARTIAL/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=85802", "cvelist": ["CVE-2015-5411", "CVE-2015-5410", "CVE-2014-3572", "CVE-2015-0206", "CVE-2014-3571", "CVE-2014-8275", "CVE-2014-3570", "CVE-2015-5413", "CVE-2015-0204", "CVE-2015-5412", "CVE-2015-5409", "CVE-2015-0205", "CVE-2014-3569"], "lastseen": "2017-10-29T13:39:59"}, {"id": "HP_VERSION_CONTROL_REPO_MANAGER_7_5_0_NIX.NASL", "type": "nessus", "title": "HP Version Control Repository Manager for Linux < 7.5.0 Multiple Vulnerabilities (HPSBMU03396) (FREAK)", "description": "The version of HP Version Control Repository Manager (VCRM) installed on the remote Linux host is prior to 7.5.0. It is, therefore, affected by multiple vulnerabilities :\n\n - A NULL pointer dereference flaw exists when the SSLv3 option isn't enabled and an SSLv3 ClientHello is received. This allows a remote attacker, using an unexpected handshake, to crash the daemon, resulting in a denial of service. (CVE-2014-3569)\n\n - The BIGNUM squaring (BN_sqr) implementation does not properly calculate the square of a BIGNUM value. This allows remote attackers to defeat cryptographic protection mechanisms. (CVE-2014-3570)\n\n - A NULL pointer dereference flaw exists in the dtls1_get_record() function when handling DTLS messages.\n A remote attacker, using a specially crafted DTLS message, can cause a denial of service. (CVE-2014-3571)\n\n - A flaw exists with ECDH handshakes when using an ECDSA certificate without a ServerKeyExchange message. This allows a remote attacker to trigger a loss of forward secrecy from the ciphersuite. (CVE-2014-3572)\n\n - A flaw exists when accepting non-DER variations of certificate signature algorithms and signature encodings due to a lack of enforcement of matches between signed and unsigned portions. A remote attacker, by including crafted data within a certificate's unsigned portion, can bypass fingerprint-based certificate-blacklist protection mechanisms. (CVE-2014-8275)\n\n - A security feature bypass vulnerability, known as FREAK (Factoring attack on RSA-EXPORT Keys), exists due to the support of weak EXPORT_RSA cipher suites with keys less than or equal to 512 bits. A man-in-the-middle attacker may be able to downgrade the SSL/TLS connection to use EXPORT_RSA cipher suites which can be factored in a short amount of time, allowing the attacker to intercept and decrypt the traffic. (CVE-2015-0204)\n\n - A flaw exists when accepting DH certificates for client authentication without the CertificateVerify message.\n This allows a remote attacker to authenticate to the service without a private key. (CVE-2015-0205)\n\n - A memory leak occurs in dtls1_buffer_record() when handling a saturation of DTLS records containing the same number sequence but for the next epoch. This allows a remote attacker to cause a denial of service.\n (CVE-2015-0206)\n\n - An unspecified buffer overflow condition exists in VCRM due to improper validation of user-supplied input. A remote, authenticated attacker can exploit this to cause a denial of service or execute arbitrary code.\n (CVE-2015-5409)\n\n - An unspecified flaw exists in VCRM that allows a remote, authenticated attacker to modify values without proper authorization, gain unspecified access, cause a denial of service, or execute arbitrary code. (CVE-2015-5410)\n\n - An unspecified flaw exists in VCRM that allows a remote, authenticated attacker to gain access to sensitive information. (CVE-2015-5411, CVE-2015-5413)\n\n - A flaw exists in VCRM when handling certain sensitive actions due to HTTP requests not requiring multiple steps, explicit confirmation, or a unique token. A remote, authenticated attacker can exploit this to conduct a cross-site request forgery attack via a specially crafted link. (CVE-2015-5412)", "published": "2015-09-04T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:PARTIAL/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=85803", "cvelist": ["CVE-2015-5411", "CVE-2015-5410", "CVE-2014-3572", "CVE-2015-0206", "CVE-2014-3571", "CVE-2014-8275", "CVE-2014-3570", "CVE-2015-5413", "CVE-2015-0204", "CVE-2015-5412", "CVE-2015-5409", "CVE-2015-0205", "CVE-2014-3569"], "lastseen": "2017-10-29T13:33:03"}]}}