OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for Online Certificate Status Protocol (OCSP) responses, which allow remote attackers to cause a denial-of-service (DoS) (NULL pointer dereference and application crash) by way of an invalid key.

Impact

Attackers may be able to cause a DoS by using an invalid key in OCSP responses.

CPENameOperatorVersion
big-ip afmeq11.3.0
big-ip afmeq11.4.0
big-ip analyticseq11.0.0
big-ip analyticseq11.1.0
big-ip analyticseq11.2.0
big-ip analyticseq11.2.1
big-ip analyticseq11.3.0
big-ip analyticseq11.4.0
big-ip aameq11.4.0
big-ip apmeq10.1.0

Name	Operator	Version
big-ip afm	eq	11.3.0
big-ip afm	eq	11.4.0
big-ip analytics	eq	11.0.0
big-ip analytics	eq	11.1.0
big-ip analytics	eq	11.2.0
big-ip analytics	eq	11.2.1
big-ip analytics	eq	11.3.0
big-ip analytics	eq	11.4.0
big-ip aam	eq	11.4.0
big-ip apm	eq	10.1.0

Rows per page:

1-10 of 2471

prion 1

nessus 47

veracode 1

ubuntucve 1

debiancve 1

f5 1

cve 1

openssl 1

openvas 32

altlinux 5

freebsd 2

redhat 5

fedora 2

aix 1

debian 1

freebsd_advisory 1

osv 1

centos 1

amazon 1

ibm 13

slackware 1

ubuntu 1

oraclelinux 5

securityvulns 2

vmware 2

gentoo 1

cert 1

suse 2

lenovo 2

prion

Null pointer dereference

2013-02-08 19:55:00

nessus

F5 Networks BIG-IP : OpenSSL OCSP vulnerability (SOL14261)

2014-10-10 00:00:00

Debian DSA-2621-1 : openssl - several vulnerabilities

2013-02-14 00:00:00

Oracle Solaris Third-Party Patch Update : openssl (lucky_thirteen_vulnerability_in_solaris)

2015-01-19 00:00:00

veracode

Denial Of Service (DoS) Through Null Pointer Dereference

2017-02-08 05:51:39

ubuntucve

CVE-2013-0166

2013-02-08 00:00:00

debiancve

CVE-2013-0166

2013-02-08 19:55:00

SOL14261 - OpenSSL OCSP vulnerability CVE-2013-0166

2013-03-07 00:00:00

cve

CVE-2013-0166

2013-02-08 19:55:00

openssl

Vulnerability in OpenSSL CVE-2013-0166

2013-02-05 00:00:00

openvas

OpenSSL: OCSP Invalid Key DoS Issue (20130205) - Linux

2021-08-17 00:00:00

OpenSSL: OCSP Invalid Key DoS Issue (20130205) - Windows

2021-08-17 00:00:00

VMware Security Updates for vCenter Server (VMSA-2013-0009)

2014-01-09 00:00:00

altlinux

Security fix for the ALT Linux 6 package openssl10 version 1.0.0k-alt1

2013-02-27 00:00:00

Security fix for the ALT Linux 7 package openssl10 version 1.0.0k-alt1

2013-02-27 00:00:00

Security fix for the ALT Linux 9 package openssl10 version 1.0.0k-alt1

2013-02-27 00:00:00

freebsd

FreeBSD -- OpenSSL multiple vulnerabilities

2013-04-02 00:00:00

OpenSSL -- TLS 1.1, 1.2 denial of service

2013-02-05 00:00:00

redhat

(RHSA-2013:0783) Moderate: openssl security update

2013-05-01 17:58:17

(RHSA-2013:0587) Moderate: openssl security update

2013-03-04 00:00:00

(RHSA-2014:0416) Important: rhevm-spice-client security update

2014-04-17 00:00:00

fedora

[SECURITY] Fedora 18 Update: openssl-1.0.1e-3.fc18

2013-03-02 19:55:52

[SECURITY] Fedora 17 Update: openssl-1.0.0k-1.fc17

2013-03-08 00:02:36

aix

Multiple OpenSSL vulnerabilities

2013-03-15 03:20:11

debian

[SECURITY] [DSA 2621-1] openssl security update

2013-02-13 20:07:41

freebsd_advisory

FreeBSD-SA-13:03.openssl

2013-04-02 00:00:00

osv

openssl - several vulnerabilities

2013-02-13 00:00:00

centos

openssl security update

2013-03-04 22:46:45

amazon

Medium: openssl

2013-03-14 22:04:00

ibm

Security Bulletin: IBM Smart Analytics System 1050, 2050, and 5600 and IBM InfoSphere Balanced Warehouse C3000, C4000, and D5100 are affected by vulnerabilities in OpenSSL (CVE-2013-0166, CVE-2013-0169)

2022-09-25 23:13:40

Security Bulletin: IBM Tivoli Network Manager - GSKit Security Vulnerabilities (CVE-2013-0169), (CVE-2012-2190) and (CVE-2013-0166)

2018-06-17 14:37:51

Security Bulletin: Tivoli Management Framework affected by vulnerabilities in OpenSSL 1.0.1c

2022-09-25 21:06:56

slackware

openssl

2013-02-09 15:03:57

ubuntu

OpenSSL vulnerabilities

2013-02-21 00:00:00

oraclelinux

openssl security update

2013-03-04 00:00:00

openssl-fips security update

2015-04-02 00:00:00

openssl security update

2016-09-27 00:00:00

securityvulns

OpenSSL / PolarSSL / GnuTLS security vulnerabilities

2013-03-02 00:00:00

APPLE-SA-2013-09-12-1 OS X Mountain Lion v10.8.5 and Security Update 2013-004

2013-10-03 00:00:00

vmware

VMware vSphere, ESX and ESXi updates to third party libraries

2013-07-31 00:00:00

VMware vSphere, ESX and ESXi updates to third party libraries

2013-07-31 00:00:00

gentoo

OpenSSL: Multiple Vulnerabilities

2013-12-03 00:00:00

cert

Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier use a vulnerable version of OpenSSL

2013-03-18 00:00:00

suse

Security update for compat-openssl097g (important)

2015-03-24 00:05:09

Security update for libopenssl0_9_8 (important)

2016-03-03 14:11:44

lenovo

Intel® PROSet/Wireless WiFi Software Vulnerabilities - Lenovo Support US

2018-11-13 17:10:51

Intel® PROSet/Wireless WiFi Software Vulnerabilities - US

2018-11-13 17:10:51

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

7.5 High

AI Score

Confidence

High

JSON

Related for F5:K14261