{"result": {"f5": [{"id": "F5:K34144932", "type": "f5", "title": "libwww-perl vulnerability CVE-2014-3230", "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP AAM| None| 12.0.0 \n11.4.0 - 11.6.0| Not vulnerable| None \nBIG-IP AFM| None| 12.0.0 \n11.3.0 - 11.6.0| Not vulnerable| None \nBIG-IP Analytics| None| 12.0.0 \n11.0.0 - 11.6.0| Not vulnerable| None \nBIG-IP APM| None| 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP ASM| None| 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP DNS| None| 12.0.0| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP GTM| None| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP Link Controller| None| 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP PEM| None| 12.0.0 \n11.3.0 - 11.6.0| Not vulnerable| None \nBIG-IP PSM| None| 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP WOM| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nARX| None| 6.0.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| None| 3.0.0 - 3.1.1| Not vulnerable| None \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.2.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| None| 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1| Not vulnerable| None\n\nNone\n\n * K9970: Subscribing to email notifications regarding F5 products\n * K9957: Creating a custom RSS feed to view new and updated documents\n * K4602: Overview of the F5 security vulnerability response policy\n * K4918: Overview of the F5 critical issue hotfix policy\n", "published": "2016-01-15T01:59:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://support.f5.com/csp/article/K34144932", "cvelist": ["CVE-2014-3230"], "lastseen": "2017-06-08T00:16:18"}], "nessus": [{"id": "FEDORA_2014-6369.NASL", "type": "nessus", "title": "Fedora 19 : perl-LWP-Protocol-https-6.04-2.fc19 (2014-6369)", "description": "This release fixes a server certification validation when a certificate authority is defined by HTTPS_CA_DIR or HTTPS_CA_FILE environement variable.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2014-05-25T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=74169", "cvelist": ["CVE-2014-3230"], "lastseen": "2017-10-29T13:37:22"}, {"id": "OPENSUSE-2014-390.NASL", "type": "nessus", "title": "openSUSE Security Update : perl-LWP-Protocol-https (openSUSE-SU-2014:0710-1)", "description": "perl-LWP-Protocol-https was updated to prevent a possible MITM if the environment variables HTTPS_CA_DIR or HTTPS_CA_FILE were set (CVE-2014-3230).", "published": "2014-06-13T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=75370", "cvelist": ["CVE-2014-3230"], "lastseen": "2017-10-29T13:45:10"}, {"id": "FEDORA_2014-6303.NASL", "type": "nessus", "title": "Fedora 20 : perl-LWP-Protocol-https-6.04-4.fc20 (2014-6303)", "description": "This release fixes a server certification validation when a certificate authority is defined by HTTPS_CA_DIR or HTTPS_CA_FILE environement variable.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2014-05-22T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=74131", "cvelist": ["CVE-2014-3230"], "lastseen": "2017-10-29T13:39:18"}, {"id": "UBUNTU_USN-2292-1.NASL", "type": "nessus", "title": "Ubuntu 14.04 LTS : liblwp-protocol-https-perl vulnerability (USN-2292-1)", "description": "It was discovered that the LWP::Protocol::https perl module incorrectly disabled peer certificate verification completely when only hostname verification was requested to be disabled. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could possibly be exploited in certain scenarios to alter or compromise confidential information in applications that used the LWP::Protocol::https module.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2014-07-18T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=76587", "cvelist": ["CVE-2014-3230"], "lastseen": "2017-10-29T13:42:21"}], "openvas": [{"id": "OPENVAS:1361412562310867814", "type": "openvas", "title": "Fedora Update for perl-LWP-Protocol-https FEDORA-2014-6303", "description": "Check for the Version of perl-LWP-Protocol-https", "published": "2014-05-26T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867814", "cvelist": ["CVE-2014-3230"], "lastseen": "2018-04-09T11:13:40"}, {"id": "OPENVAS:1361412562310841894", "type": "openvas", "title": "Ubuntu Update for liblwp-protocol-https-perl USN-2292-1", "description": "Check for the Version of liblwp-protocol-https-perl", "published": "2014-07-21T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841894", "cvelist": ["CVE-2014-3230"], "lastseen": "2018-04-30T13:48:08"}, {"id": "OPENVAS:1361412562310867823", "type": "openvas", "title": "Fedora Update for perl-LWP-Protocol-https FEDORA-2014-6369", "description": "Check for the Version of perl-LWP-Protocol-https", "published": "2014-05-26T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867823", "cvelist": ["CVE-2014-3230"], "lastseen": "2018-04-09T11:12:24"}], "ubuntu": [{"id": "USN-2292-1", "type": "ubuntu", "title": "LWP", "description": "It was discovered that the LWP::Protocol::https perl module incorrectly disabled peer certificate verification completely when only hostname verification was requested to be disabled. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could possibly be exploited in certain scenarios to alter or compromise confidential information in applications that used the LWP::Protocol::https module.", "published": "2014-07-17T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://usn.ubuntu.com/2292-1/", "cvelist": ["CVE-2014-3230"], "lastseen": "2018-03-29T18:19:09"}]}}
