Security Bulletin: A vulnerability in GSKit affects IBM Security Network Intrusion Prevention System (CVE-2015-1788)

2022-02-23T19:48:26

Description

## Summary A security vulnerability has been discovered in GSKit used with IBM Security Network Intrusion Prevention System. ## Vulnerability Details **CVE ID:** [_CVE-2015-1788_](<https://vulners.com/cve/CVE-2015-1788>) **DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error when processing an ECParameters structure over a specially crafted binary polynomial field. A remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. IBM GSKit has the same vulnerability. CVSS Base Score: 5.0 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103778> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) ## Affected Products and Versions Products: GX3002, GX4002, GX4004, GX4004-v2, GX5008, GX5008-v2, GX5108, GX5108-v2, GX5208, GX5208-v2, GX6116, GX7412, GX7412-10, GX7412-05, GX7800, GV200, GV1000 Firmware versions 4.6.2, and 4.6.1 ## Remediation/Fixes _Product_ | _VRMF_| _Remediation/First Fix_ ---|---|--- IBM Security Network Intrusion Prevention System | Firmware version 4.6.2| [_4.6.2.0-ISS-ProvG-AllModels-Hotfix-FP0012_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security+Systems&product=ibm/Tivoli/Proventia+Network+Intrusion+Prevention+System&release=All&platform=All&function=all>) IBM Security Network Intrusion Prevention System | Firmware version 4.6.1| [_4.6.1.0-ISS-ProvG-AllModels-Hotfix-FP0013_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security+Systems&product=ibm/Tivoli/Proventia+Network+Intrusion+Prevention+System&release=All&platform=All&function=all>) ## Workarounds and Mitigations None ##

Affected Software

CPE Name	Name	Version
	proventia network intrusion prevention system	4.6.1
	proventia network intrusion prevention system	4.6.2

{"id": "2FE4FAEC11A5A595193A03B9D60E81D9623A26BB5D27D6ACC64201D05E5AFAA9", "vendorId": null, "type": "ibm", "bulletinFamily": "software", "title": "Security Bulletin: A vulnerability in GSKit affects IBM Security Network Intrusion Prevention System (CVE-2015-1788)", "description": "## Summary\n\nA security vulnerability has been discovered in GSKit used with IBM Security Network Intrusion Prevention System.\n\n## Vulnerability Details\n\n**CVE ID:** [_CVE-2015-1788_](<https://vulners.com/cve/CVE-2015-1788>)\n\n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error when processing an ECParameters structure over a specially crafted binary polynomial field. A remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. IBM GSKit has the same vulnerability.\n\n \n \nCVSS Base Score: 5.0 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103778> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n## Affected Products and Versions\n\nProducts: GX3002, GX4002, GX4004, GX4004-v2, GX5008, GX5008-v2, GX5108, GX5108-v2, GX5208, GX5208-v2, GX6116, GX7412, GX7412-10, GX7412-05, GX7800, GV200, GV1000 \n \nFirmware versions 4.6.2, and 4.6.1\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _Remediation/First Fix_ \n---|---|--- \nIBM Security Network Intrusion Prevention System | Firmware version 4.6.2| [_4.6.2.0-ISS-ProvG-AllModels-Hotfix-FP0012_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security+Systems&product=ibm/Tivoli/Proventia+Network+Intrusion+Prevention+System&release=All&platform=All&function=all>) \nIBM Security Network Intrusion Prevention System | Firmware version 4.6.1| [_4.6.1.0-ISS-ProvG-AllModels-Hotfix-FP0013_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security+Systems&product=ibm/Tivoli/Proventia+Network+Intrusion+Prevention+System&release=All&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "published": "2022-02-23T19:48:26", "modified": "2022-02-23T19:48:26", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3}, "severity": "MEDIUM", "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {}, "href": "https://www.ibm.com/support/pages/node/532097", "reporter": "IBM", "references": [], "cvelist": ["CVE-2015-1788"], "immutableFields": [], "lastseen": "2023-02-21T05:36:58", "viewCount": 96, "enchantments": {"dependencies": {"references": [{"type": "aix", "idList": ["OPENSSL_ADVISORY14.ASC"]}, {"type": "archlinux", "idList": ["ASA-201506-3"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2015-0994"]}, {"type": "cisco", "idList": ["CISCO-SA-20150612-OPENSSL"]}, {"type": "citrix", "idList": ["CTX216642"]}, {"type": "cve", "idList": ["CVE-2015-1788"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3287-1:1A401"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2015-1788"]}, {"type": "f5", "idList": ["F5:K16938", "SOL16938"]}, {"type": "fortinet", "idList": ["FG-IR-15-014"]}, {"type": "freebsd", "idList": ["8305E215-1080-11E5-8BA2-000C2980A9F3"]}, {"type": "freebsd_advisory", "idList": ["FREEBSD_ADVISORY:FREEBSD-SA-15:10.OPENSSL"]}, {"type": "gentoo", "idList": ["GLSA-201506-02"]}, {"type": "hackerone", "idList": ["H1:73241"]}, {"type": "ibm", "idList": ["09EFBF1EDC3D056A4C55B6D328B0019A52124F7A8C7DCA88E25031BCFD79F86E", "0B963717F89450DA332A8F619DDD9CE7A603E588666B7A5DE7227A89ADD7D81D", "0C850FECD02720FE8E127F730E7172757B14E40919BABE4F7D431689A5B199DB", "0E96665079E56894EA39AFB24283955B35E3838213DCD87205604F5B1858EEA7", "12D9F191717460AECB934B007F4CDE9698A96A4B8B98144C3F39DD87E57929EA", "1552258BC602B501CB144C17FE55DEC12CEDE82B9F4351E9E4F47BE8C7003BA9", "160974CCBC12FDC44262159FC9737359086DF0317D260FA132DE5D77C6CF279E", "1625261D52D4F7681DDD4AD119C0D00ED593A0BDB39B248876E1FFDAF88D6F39", "201018C415242F0DA1C06575A912CA5C445B3279D15C72F87C78C22FECC5D78A", "218390BFF75A1EE9F5782E6F5D8A4974DE9C74872244CE63508F8AC545A1D314", "2666C659D997588714E14C01634C94F0B9A9EF963A2F6BD072D0D717E4DAB9DA", "2B57635893A008B30DACCBFC585DFBEFC6815B10A081CE771A451CBB98704E62", "2F044E6D3403CF1CE244F404A02D2A1E0F016AD4BEEC5C72C153F07E02439876", "44581CEFAAC57F6BA083046E8D17AC3B05F7A3FDCFB70055DF3548236FC99CA6", "5329CD1C63D2F95E92A27532DD149EA30C54823558FD6ECF9F637F7793762B35", "573D5194C5FA6D57BF7D7107395D0823BF59A24F4A6BFB8961AB7839F18340F7", "6680272534C119E2F4255DAC0A5F66CF25F5D99D47E9760C164E835E0C60EF0F", "6771D22CBA4F411B776687E7E7DFC88A07A853D3773656BFD792DBCA38A8939C", "6808EC84BE4A9DD5A0B439C6FCE9D4EA1BDF91E3E0DEBF72E5BEFD925D973E99", "69708648D7347A46AB7B2DD1702D4EBF5A57623CDB811A18663D65A9AB17A3C8", "6C1FFD4C64A90ADEECC342C463AE4A2D627A083EBFD6A4348B199A8C68A07F9C", "74CEE8219E1D60BC6A66BBFFF067E8FF68222101E533A8C6D0FA63EFC99459E2", "7560A74E2926246941C9FBAEBB3EC98EF899CD0E877EBB53F3C2438F3C7CB29A", "787C1621D06EE465998FEBEFA80BA8B6DAEC2388BAF60D434FCE4B04471920AA", "7D14B08C045BFDC910143AB7478EEF037B7EDE9D4C014BE6212BF743A8294BD7", "7E0744D5936EDC5F018B0850D801B665D388060D6A81B986BC7AD81C9A78C0EE", "86A0EA0159959C48BE8EE2EC91274A454DF3095B67D0C80CF9DB99E4B05F7F88", "8A87036F5C290A7EB193FCCEE8F258BACCA1FC57CC5D8A56759A27F177621DF5", "8CF70E6991DFDEA5B82E28E7377F3F5FD2B97A890585F6756AD1FD870B0DCE3A", "8EEBB0B8FAC8DFA33C0405E2C48BAF0FD71BF64FEE9E71DFF45B1738CA5A7E36", "99E2A8F47F4108C69540D005070137804DC7E040890DE030D99CAAB2C61648E6", "A5EE6903D383C042ADBB5FEF76C2F60C5F1B6BFAAA0ABAB88DC4660244B7AED4", "A84A7C9BF929868F8166CB87D5CEFBA3C864431A4299CB147A963BF97FDE753B", "AB1990CCF9D6A307BC98A44FDCD73837D64D583DA165615A5EAB1AC9A7D0F3F2", "AD5AEF2A5C571C6008D3EFAB58A32CF97C5454F4FD7A2DF5AEB0C657936F1BE2", "AFB18C01001C1ED3C57D258D7EAEF5E63B8016D0093506248A32EF21FB399220", "B0AEB074FFA0854656EFE3CAF612805ED0F2B662B12263D2B3084481427FAB2B", "B84251E3C31E8FAF9BA0B73449F8A92CA84F7B802070A7A5FB283B62300DC251", "C18F1AC2D0D0C2B07F75AF3BA243CEDC4570C2610325B9CFF40F409EC37A5644", "C31D150033FD48D09A309BBEFA4383E996752BB2E541CB9E4A69082ABF2CFD19", "C83F675C530B12620988F0C65F58B32931125E0012C4B7C771823623ECB73255", "C95E77161B48C2969E6AAB743AAD921249B05B139C9E6DB99D47B8254D0339E9", "C98742B877B2C201166B837BC2C23F231BE604BF071711015BA45A10D5709CDE", "CC1A30E8E2330D238749CFFBD49D7E9838BBE1BEFE625CE5C43D437242EE4573", "D453C632FF9EC3087898B06E3DFD86A6FE0EFBF4D9E74F1A54E4DB3CBADA0D49", "D696D6BA5722A0DBAF997A72F8E1B1364740C100E291AB2426A4BDD7BDD5DA93", "D798A2662F653C58B07EF7AB7952BA9F9D262CA55D27B779D34C5A7F3DECACDF", "D87699740B30BB25DEC2F8B16CA15FBC5C6247D272AD4BA218F8A206B588A8C2", "DD1039AD603CD497738F840D32655E5B15E168D7E31F54FA722E4A3C3742244E", "DD6B46FA2DDAAE6080D5C927EEA372B16800D8CB903BB5366DA05ECEEBE80546", "DEC8B1857975B965D873A8BB6F56B19058C4EFA0C242EB808E499279F11EE7B2", "E9A3E2EA3AE2ADD4620D37196036A6030F0C51283082B6F6903A10C2A73E5C49", "EC4680A726FB50E4B12980B4ADD271AC01D733FEC93E24F9E55438A2237587BA", "EF5A55D8CCABA9019F6306256CB26946DC810DE7EBB1EA5F4D90251B35752411", "F549A2FEAC9B8235BEDEAB1D1110EF3A8710606A890D4EE5C62A7F21A7169A12", "F55ABDFF87575503ED1A594C10571C58606CD661947C9F188A65571C4868F922", "FBF8D5380A8667F5D239F868F077DAD8E14459BF18DCA6E0C2C65E35815C9F4A"]}, {"type": "mageia", "idList": ["MGASA-2015-0246"]}, {"type": "nessus", "idList": ["8790.PRM", "8791.PRM", "8981.PRM", "AIX_OPENSSL_ADVISORY14.NASL", "CISCO_ACE_A5_3_3.NASL", "DB2_105FP7_NIX.NASL", "DB2_105FP7_WIN.NASL", "DB2_97FP10_MULTI_VULN.NASL", "DEBIAN_DSA-3287.NASL", "FREEBSD_PKG_8305E215108011E58BA2000C2980A9F3.NASL", "GENTOO_GLSA-201506-02.NASL", "HPSMH_7_2_6.NASL", "HPSMH_7_5_4.NASL", "IBM_HTTP_SERVER_533837.NASL", "MACOSX_10_10_5.NASL", "MACOSX_SECUPD2015-006.NASL", "NESSUS_TNS_2015_07.NASL", "OPENSSL_0_9_8ZG.NASL", "OPENSSL_1_0_0S.NASL", "OPENSSL_1_0_1N.NASL", "OPENSSL_1_0_2B.NASL", "OPENSUSE-2015-447.NASL", "OPENSUSE-2015-507.NASL", "OPENSUSE-2016-294.NASL", "PFSENSE_SA-15_06.NASL", "PUPPET_ENTERPRISE_ACTIVEMQ_PSQL_SSL.NASL", "SLACKWARE_SSA_2015-162-01.NASL", "SPLUNK_625.NASL", "SUSE_SU-2015-1143-1.NASL", "SUSE_SU-2015-1150-1.NASL", "SUSE_SU-2015-1181-2.NASL", "SUSE_SU-2015-1182-2.NASL", "SUSE_SU-2015-1184-1.NASL", "SUSE_SU-2015-1184-2.NASL", "UBUNTU_USN-2639-1.NASL", "WEBSPHERE_8_5_5_7.NASL"]}, {"type": "openssl", "idList": ["OPENSSL:CVE-2015-1788"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310105308", "OPENVAS:1361412562310105678", "OPENVAS:1361412562310105692", "OPENVAS:1361412562310105798", "OPENVAS:1361412562310106048", "OPENVAS:1361412562310121379", "OPENVAS:1361412562310703287", "OPENVAS:1361412562310806746", "OPENVAS:1361412562310806747", "OPENVAS:1361412562310842242", "OPENVAS:1361412562310850661", "OPENVAS:1361412562310850678", "OPENVAS:1361412562310850749", "OPENVAS:1361412562310850877", "OPENVAS:1361412562310850914", "OPENVAS:1361412562310850964", "OPENVAS:1361412562310851077", "OPENVAS:1361412562310851223", "OPENVAS:703287"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2017", "ORACLE:CPUJAN2016", "ORACLE:CPUJAN2017", "ORACLE:CPUJUL2016", "ORACLE:CPUJUL2017", "ORACLE:CPUOCT2015", "ORACLE:CPUOCT2016", "ORACLE:CPUOCT2017"]}, {"type": "osv", "idList": ["OSV:DSA-3287-1"]}, {"type": "paloalto", "idList": ["PAN-SA-2016-0020", "PAN-SA-2016-0028"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:32203", "SECURITYVULNS:DOC:32390", "SECURITYVULNS:DOC:32494", "SECURITYVULNS:VULN:14530", "SECURITYVULNS:VULN:14630"]}, {"type": "slackware", "idList": ["SSA-2015-162-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2015:1139-1", "OPENSUSE-SU-2015:1277-1", "OPENSUSE-SU-2016:0640-1", "SUSE-SU-2015:1143-1", "SUSE-SU-2015:1150-1", "SUSE-SU-2015:1181-1", "SUSE-SU-2015:1181-2", "SUSE-SU-2015:1182-1", "SUSE-SU-2015:1182-2", "SUSE-SU-2015:1184-1", "SUSE-SU-2015:1184-2", "SUSE-SU-2015:1185-1"]}, {"type": "symantec", "idList": ["SMNTC-1325"]}, {"type": "ubuntu", "idList": ["USN-2639-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2015-1788"]}]}, "score": {"value": 1.4, "vector": "NONE"}, "backreferences": {"references": [{"type": "archlinux", "idList": ["ASA-201506-3"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2015-0994"]}, {"type": "cisco", "idList": ["CISCO-SA-20150612-OPENSSL"]}, {"type": "cve", "idList": ["CVE-2015-1788"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2015-1788"]}, {"type": "f5", "idList": ["F5:K16938"]}, {"type": "fortinet", "idList": ["FG-IR-15-014"]}, {"type": "freebsd", "idList": ["8305E215-1080-11E5-8BA2-000C2980A9F3"]}, {"type": "gentoo", "idList": ["GLSA-201506-02"]}, {"type": "hackerone", "idList": ["H1:73241"]}, {"type": "ibm", "idList": ["0C850FECD02720FE8E127F730E7172757B14E40919BABE4F7D431689A5B199DB", "12D9F191717460AECB934B007F4CDE9698A96A4B8B98144C3F39DD87E57929EA", "160974CCBC12FDC44262159FC9737359086DF0317D260FA132DE5D77C6CF279E", "A5EE6903D383C042ADBB5FEF76C2F60C5F1B6BFAAA0ABAB88DC4660244B7AED4", "AB1990CCF9D6A307BC98A44FDCD73837D64D583DA165615A5EAB1AC9A7D0F3F2", "C83F675C530B12620988F0C65F58B32931125E0012C4B7C771823623ECB73255", "CC1A30E8E2330D238749CFFBD49D7E9838BBE1BEFE625CE5C43D437242EE4573", "FBF8D5380A8667F5D239F868F077DAD8E14459BF18DCA6E0C2C65E35815C9F4A"]}, {"type": "nessus", "idList": ["DB2_105FP7_WIN.NASL", "OPENSUSE-2015-447.NASL", "SLACKWARE_SSA_2015-162-01.NASL", "SPLUNK_625.NASL", "SUSE_SU-2015-1143-1.NASL", "SUSE_SU-2015-1181-2.NASL", "SUSE_SU-2015-1184-2.NASL"]}, {"type": "openssl", "idList": ["OPENSSL:CVE-2015-1788"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310121379", "OPENVAS:1361412562310703287", "OPENVAS:1361412562310806746"]}, {"type": "oracle", "idList": ["ORACLE:CPUJAN2016", "ORACLE:CPUJUL2017-3236622", "ORACLE:CPUOCT2017-3236626"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:32203"]}, {"type": "slackware", "idList": ["SSA-2015-162-01"]}, {"type": "suse", "idList": ["SUSE-SU-2015:1181-1", "SUSE-SU-2015:1181-2", "SUSE-SU-2015:1182-2", "SUSE-SU-2015:1184-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2015-1788"]}]}, "exploitation": null, "affected_software": {"major_version": [{"name": "proventia network intrusion prevention system", "version": 4}, {"name": "proventia network intrusion prevention system", "version": 4}]}, "epss": [{"cve": "CVE-2015-1788", "epss": "0.562990000", "percentile": "0.971020000", "modified": "2023-03-17"}], "vulnersScore": 1.4}, "_state": {"dependencies": 1676957828, "score": 1676958121, "affected_software_major_version": 1677355290, "epss": 1679165106}, "_internal": {"score_hash": "53335bb0f6702267f2dc04793b2abda5"}, "affectedSoftware": [{"version": "4.6.1", "operator": "eq", "name": "proventia network intrusion prevention system"}, {"version": "4.6.2", "operator": "eq", "name": "proventia network intrusion prevention system"}]}

{"nessus": [{"lastseen": "2023-01-11T14:37:55", "description": "The version of IBM HTTP Server running on the remote host is affected by a vulnerability. The BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b does not properly handle ECParameters structures in which the curve is over a malformed binary polynomial field, which allows remote attackers to cause a denial of service (infinite loop) via a session that uses an Elliptic Curve algorithm, as demonstrated by an attack against a server that supports client authentication.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-01-06T00:00:00", "type": "nessus", "title": "IBM HTTP Server 8.0.0.0 <= 8.0.0.11 / 8.5.0.0 <= 8.5.5.6 (533837)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1788"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:ibm:http_server"], "id": "IBM_HTTP_SERVER_533837.NASL", "href": "https://www.tenable.com/plugins/nessus/144776", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144776);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2015-1788\");\n script_bugtraq_id(75164);\n\n script_name(english:\"IBM HTTP Server 8.0.0.0 <= 8.0.0.11 / 8.5.0.0 <= 8.5.5.6 (533837)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of IBM HTTP Server running on the remote host is affected by a vulnerability. The BN_GF2m_mod_inv function\nin crypto/bn/bn_gf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b does\nnot properly handle ECParameters structures in which the curve is over a malformed binary polynomial field, which allows\nremote attackers to cause a denial of service (infinite loop) via a session that uses an Elliptic Curve algorithm, as\ndemonstrated by an attack against a server that supports client authentication.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.ibm.com/support/pages/node/533837\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to IBM HTTP Server version 8.5.5.7, 8.0.0.12 or later. Alternatively, upgrade to the minimal fix pack level\nrequired by the interim fix and then apply Interim Fix PI44809.\");\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-1788\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/09/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:http_server\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ibm_http_server_nix_installed.nbin\");\n script_require_keys(\"installed_sw/IBM HTTP Server (IHS)\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\napp = 'IBM HTTP Server (IHS)';\n\napp_info = vcf::get_app_info(app:app);\nvcf::check_granularity(app_info:app_info, sig_segments:4);\n\nif ('PI44809' >< app_info['Fixes'])\n audit(AUDIT_INST_VER_NOT_VULN, app);\n\nconstraints = [\n { 'min_version' : '8.5.0.0', 'max_version' : '8.5.5.6', 'fixed_display' : '8.5.5.7 or Interim Fix PI44809'},\n { 'min_version' : '8.0.0.0', 'max_version' : '8.0.0.11', 'fixed_display' : '8.0.0.12 or Interim Fix PI44809'}\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-03-03T14:21:32", "description": "According to its version, the installation of Tenable Nessus running on the remote host is version 5.x prior to 5.2.12 or 6.x prior to 6.4.\nIt is, therefore, affected by multiple denial of service vulnerabilities in the bundled OpenSSL component :\n\n - A denial of service vulnerability exists when processing an ECParameters structure due to an infinite loop that occurs when a specified curve is over a malformed binary polynomial field. A remote attacker can exploit this to perform a denial of service against any system that processes public keys, certificate requests, or certificates. This includes TLS clients and TLS servers with client authentication enabled. (CVE-2015-1788)\n\n - A denial of service vulnerability exists due to improper validation of the content and length of the ASN1_TIME string by the X509_cmp_time() function. A remote attacker can exploit this, via a malformed certificate and CRLs of various sizes, to cause a segmentation fault, resulting in a denial of service condition. TLS clients that verify CRLs are affected. TLS clients and servers with client authentication enabled may be affected if they use custom verification callbacks.\n (CVE-2015-1789)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-11-19T00:00:00", "type": "nessus", "title": "Nessus 5.x < 5.2.12 / 6.x < 6.4 Multiple OpenSSL Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1788", "CVE-2015-1789"], "modified": "2023-02-08T00:00:00", "cpe": ["cpe:/a:tenable:nessus"], "id": "NESSUS_TNS_2015_07.NASL", "href": "https://www.tenable.com/plugins/nessus/86949", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(86949);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/08\");\n\n script_cve_id(\"CVE-2015-1788\", \"CVE-2015-1789\");\n script_bugtraq_id(75156, 75158);\n\n script_name(english:\"Nessus 5.x < 5.2.12 / 6.x < 6.4 Multiple OpenSSL Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Nessus installation is affected by multiple denial of\nservice vulnerabilities in the bundled OpenSSL component.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its version, the installation of Tenable Nessus running\non the remote host is version 5.x prior to 5.2.12 or 6.x prior to 6.4.\nIt is, therefore, affected by multiple denial of service\nvulnerabilities in the bundled OpenSSL component :\n\n - A denial of service vulnerability exists when processing\n an ECParameters structure due to an infinite loop that\n occurs when a specified curve is over a malformed binary\n polynomial field. A remote attacker can exploit this to\n perform a denial of service against any system that\n processes public keys, certificate requests, or\n certificates. This includes TLS clients and TLS servers\n with client authentication enabled. (CVE-2015-1788)\n\n - A denial of service vulnerability exists due to improper\n validation of the content and length of the ASN1_TIME\n string by the X509_cmp_time() function. A remote\n attacker can exploit this, via a malformed certificate\n and CRLs of various sizes, to cause a segmentation\n fault, resulting in a denial of service condition. TLS\n clients that verify CRLs are affected. TLS clients and\n servers with client authentication enabled may be\n affected if they use custom verification callbacks.\n (CVE-2015-1789)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.tenable.com/security/tns-2015-07\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20150611.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Tenable Nessus 5.2.12 / 6.4 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-1789\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/11/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:tenable:nessus\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"nessus_detect.nasl\", \"nessus_installed_win.nbin\", \"nessus_installed_linux.nbin\", \"macos_nessus_installed.nbin\"); \t\t\t\t \n script_require_keys(\"installed_sw/Tenable Nessus\");\n\n exit(0);\n}\n\ninclude('vcf_extras.inc');\n\nvar app_info, constraints;\n\napp_info = vcf::combined_get_app_info(app:'Tenable Nessus');\n\nvcf::check_granularity(app_info:app_info, sig_segments:3);\n\nconstraints = [\n { \"min_version\" : \"5.0.0\", \"fixed_version\" : \"5.2.12\" },\n { \"min_version\" : \"6.0.0\", \"fixed_version\" : \"6.4.0\" }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING); \n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-03-02T14:26:15", "description": "OpenSSL was updated to fix several security issues.\n\nCVE-2015-4000: The Logjam Attack ( weakdh.org ) has been addressed by rejecting connections with DH parameters shorter than 1024 bits. We now also generate 2048-bit DH parameters by default.\n\nCVE-2015-1788: Malformed ECParameters could cause an infinite loop.\n\nCVE-2015-1789: An out-of-bounds read in X509_cmp_time was fixed.\n\nCVE-2015-1790: A PKCS7 decoder crash with missing EnvelopedContent was fixed.\n\nfixed a timing side channel in RSA decryption (bnc#929678)\n\nAdditional changes :\n\nIn the default SSL cipher string EXPORT ciphers are now disabled. This will only get active if applications get rebuilt and actually use this string. (bnc#931698)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-07-07T00:00:00", "type": "nessus", "title": "SUSE SLES10 Security Update : OpenSSL (SUSE-SU-2015:1181-2) (Logjam)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-4000"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:openssl", "p-cpe:/a:novell:suse_linux:openssl-devel", "p-cpe:/a:novell:suse_linux:openssl-doc", "cpe:/o:novell:suse_linux:10"], "id": "SUSE_SU-2015-1181-2.NASL", "href": "https://www.tenable.com/plugins/nessus/84558", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:1181-2.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84558);\n script_version(\"2.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2015-1788\",\n \"CVE-2015-1789\",\n \"CVE-2015-1790\",\n \"CVE-2015-4000\"\n );\n script_bugtraq_id(\n 74733,\n 75156,\n 75157,\n 75158\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"SUSE SLES10 Security Update : OpenSSL (SUSE-SU-2015:1181-2) (Logjam)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"OpenSSL was updated to fix several security issues.\n\nCVE-2015-4000: The Logjam Attack ( weakdh.org ) has been addressed by\nrejecting connections with DH parameters shorter than 1024 bits. We\nnow also generate 2048-bit DH parameters by default.\n\nCVE-2015-1788: Malformed ECParameters could cause an infinite loop.\n\nCVE-2015-1789: An out-of-bounds read in X509_cmp_time was fixed.\n\nCVE-2015-1790: A PKCS7 decoder crash with missing EnvelopedContent was\nfixed.\n\nfixed a timing side channel in RSA decryption (bnc#929678)\n\nAdditional changes :\n\nIn the default SSL cipher string EXPORT ciphers are now disabled. This\nwill only get active if applications get rebuilt and actually use this\nstring. (bnc#931698)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=929678\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=931698\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=934487\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=934489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=934491\");\n # https://download.suse.com/patch/finder/?keywords=9f7ad0f893ed0c841ceae726daca55cd\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?cfee53bc\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-1788/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-1789/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-1790/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-4000/\");\n # https://www.suse.com/support/update/announcement/2015/suse-su-20151181-2.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?564cd0d6\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected OpenSSL packages\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES10)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES10\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES10\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES10 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"x86_64\", reference:\"openssl-32bit-0.9.8a-18.92.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"x86_64\", reference:\"openssl-devel-32bit-0.9.8a-18.92.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"s390x\", reference:\"openssl-32bit-0.9.8a-18.92.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"s390x\", reference:\"openssl-devel-32bit-0.9.8a-18.92.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", reference:\"openssl-0.9.8a-18.92.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", reference:\"openssl-devel-0.9.8a-18.92.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", reference:\"openssl-doc-0.9.8a-18.92.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"OpenSSL\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-17T14:41:47", "description": "Versions of OpenSSL prior to 0.9.8zg, or 1.0.0 prior to 1.0.0s are unpatched for the following vulnerabilities :\n\n - A denial of service vulnerability exists when processing an ECParameters structure due to an infinite loop that occurs when a specified curve is over a malformed binary polynomial field. A remote attacker can exploit this to perform a denial of service against any system that processes public keys, certificate requests, or certificates. This includes TLS clients and TLS servers with client authentication enabled. (CVE-2015-1788)\n\n - A denial of service vulnerability exists due to improper validation of the content and length of the ASN1_TIME string by the X509_cmp_time() function. A remote attacker can exploit this, via a malformed certificate and CRLs of various sizes, to cause a segmentation fault, resulting in a denial of service condition. TLS clients that verify CRLs are affected. TLS clients and servers with client authentication enabled may be affected if they use custom verification callbacks. (CVE-2015-1789)\n\n - A NULL pointer dereference flaw exists in the PKCS#7 parsing code due to incorrect handling of missing inner 'EncryptedContent'. This allows a remote attacker, via specially crafted ASN.1-encoded PKCS#7 blobs with missing content, to cause a denial of service condition or other potential unspecified impacts. (CVE-2015-1790)\n\n - A double-free error exists due to a race condition that occurs when a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket. (CVE-2015-1791)\n\n - A denial of service vulnerability exists in the CMS code due to an infinite loop that occurs when verifying a signedData message. A remote attacker can exploit this to cause a denial of service condition. (CVE-2015-1792)\n\n - An off-by-one overflow condition affects the BN_rand() function in 'crypto/bn/random.c'. The issue is triggered as user-supplied input is not properly validated. This may allow an attacker to cause a buffer overflow, resulting in a denial of service.\n\n - An off-by-one overflow condition affects the BN_bn2hex() function in 'crypto/bn/bn_print.c'. The issue is triggered as user-supplied input is not properly validated. This may allow an attacker to cause a buffer overflow, potentially resulting in a denial of service or another, more severe impact.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-06-22T00:00:00", "type": "nessus", "title": "OpenSSL 0.9.8 < 0.9.8zg / 1.0.0 < 1.0.0s Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:/a:openssl:openssl"], "id": "8791.PRM", "href": "https://www.tenable.com/plugins/nnm/8791", "sourceData": "Binary data 8791.prm", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:57:13", "description": "According to its banner, the remote web server uses a version of OpenSSL 1.0.0 prior to 1.0.0s. The OpenSSL library is, therefore, affected by the following vulnerabilities :\n\n - A denial of service vulnerability exists when processing an ECParameters structure due to an infinite loop that occurs when a specified curve is over a malformed binary polynomial field. A remote attacker can exploit this to perform a denial of service against any system that processes public keys, certificate requests, or certificates. This includes TLS clients and TLS servers with client authentication enabled. (CVE-2015-1788)\n\n - A denial of service vulnerability exists due to improper validation of the content and length of the ASN1_TIME string by the X509_cmp_time() function. A remote attacker can exploit this, via a malformed certificate and CRLs of various sizes, to cause a segmentation fault, resulting in a denial of service condition. TLS clients that verify CRLs are affected.\n TLS clients and servers with client authentication enabled may be affected if they use custom verification callbacks. (CVE-2015-1789)\n\n - A NULL pointer dereference flaw exists in the PKCS#7 parsing code due to incorrect handling of missing inner 'EncryptedContent'. This allows a remote attacker, via specially crafted ASN.1-encoded PKCS#7 blobs with missing content, to cause a denial of service condition or other potential unspecified impacts. (CVE-2015-1790)\n\n - A double-free error exists due to a race condition that occurs when a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket. (CVE-2015-1791)\n\n - A denial of service vulnerability exists in the CMS code due to an infinite loop that occurs when verifying a signedData message. A remote attacker can exploit this to cause a denial of service condition. (CVE-2015-1792)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-06-12T00:00:00", "type": "nessus", "title": "OpenSSL 1.0.0 < 1.0.0s Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792"], "modified": "2019-01-02T00:00:00", "cpe": ["cpe:/a:openssl:openssl"], "id": "OPENSSL_1_0_0S.NASL", "href": "https://www.tenable.com/plugins/nessus/84152", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84152);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/01/02 16:37:56\");\n\n script_cve_id(\n \"CVE-2015-1788\",\n \"CVE-2015-1789\",\n \"CVE-2015-1790\",\n \"CVE-2015-1791\",\n \"CVE-2015-1792\"\n );\n script_bugtraq_id(\n 75154,\n 75156,\n 75157,\n 75158,\n 75161\n );\n\n script_name(english:\"OpenSSL 1.0.0 < 1.0.0s Multiple Vulnerabilities\");\n script_summary(english:\"Performs a banner check.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote service is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the remote web server uses a version of\nOpenSSL 1.0.0 prior to 1.0.0s. The OpenSSL library is, therefore,\naffected by the following vulnerabilities :\n\n - A denial of service vulnerability exists when processing\n an ECParameters structure due to an infinite loop that\n occurs when a specified curve is over a malformed binary\n polynomial field. A remote attacker can exploit this to\n perform a denial of service against any system that\n processes public keys, certificate requests, or\n certificates. This includes TLS clients and TLS servers\n with client authentication enabled. (CVE-2015-1788)\n\n - A denial of service vulnerability exists due to improper\n validation of the content and length of the\n ASN1_TIME string by the X509_cmp_time() function. A\n remote attacker can exploit this, via a malformed\n certificate and CRLs of various sizes, to cause a\n segmentation fault, resulting in a denial of service\n condition. TLS clients that verify CRLs are affected.\n TLS clients and servers with client authentication\n enabled may be affected if they use custom verification\n callbacks. (CVE-2015-1789)\n\n - A NULL pointer dereference flaw exists in the PKCS#7\n parsing code due to incorrect handling of missing inner\n 'EncryptedContent'. This allows a remote attacker, via\n specially crafted ASN.1-encoded PKCS#7 blobs with\n missing content, to cause a denial of service condition\n or other potential unspecified impacts. (CVE-2015-1790)\n\n - A double-free error exists due to a race condition that\n occurs when a NewSessionTicket is received by a\n multi-threaded client when attempting to reuse a\n previous ticket. (CVE-2015-1791)\n\n - A denial of service vulnerability exists in the CMS code\n due to an infinite loop that occurs when verifying a\n signedData message. A remote attacker can exploit this\n to cause a denial of service condition. (CVE-2015-1792)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20150611.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to OpenSSL 1.0.0s or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"openssl_version.nasl\");\n script_require_keys(\"openssl/port\");\n\n exit(0);\n}\n\ninclude(\"openssl_version.inc\");\n\nopenssl_check_version(fixed:'1.0.0s', min:\"1.0.0\", severity:SECURITY_WARNING);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:57:42", "description": "According to its banner, the remote web server uses a version of OpenSSL 0.9.8 prior to 0.9.8zg. The OpenSSL library is, therefore, affected by the following vulnerabilities :\n\n - A denial of service vulnerability exists when processing an ECParameters structure due to an infinite loop that occurs when a specified curve is over a malformed binary polynomial field. A remote attacker can exploit this to perform a denial of service against any system that processes public keys, certificate requests, or certificates. This includes TLS clients and TLS servers with client authentication enabled. (CVE-2015-1788)\n\n - A denial of service vulnerability exists due to improper validation of the content and length of the ASN1_TIME string by the X509_cmp_time() function. A remote attacker can exploit this, via a malformed certificate and CRLs of various sizes, to cause a segmentation fault, resulting in a denial of service condition. TLS clients that verify CRLs are affected.\n TLS clients and servers with client authentication enabled may be affected if they use custom verification callbacks. (CVE-2015-1789)\n\n - A NULL pointer dereference flaw exists in the PKCS#7 parsing code due to incorrect handling of missing inner 'EncryptedContent'. This allows a remote attacker, via specially crafted ASN.1-encoded PKCS#7 blobs with missing content, to cause a denial of service condition or other potential unspecified impacts. (CVE-2015-1790)\n\n - A double-free error exists due to a race condition that occurs when a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket. (CVE-2015-1791)\n\n - A denial of service vulnerability exists in the CMS code due to an infinite loop that occurs when verifying a signedData message. A remote attacker can exploit this to cause a denial of service condition. (CVE-2015-1792)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-06-12T00:00:00", "type": "nessus", "title": "OpenSSL 0.9.8 < 0.9.8zg Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792"], "modified": "2019-01-02T00:00:00", "cpe": ["cpe:/a:openssl:openssl"], "id": "OPENSSL_0_9_8ZG.NASL", "href": "https://www.tenable.com/plugins/nessus/84151", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84151);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/01/02 16:37:56\");\n\n script_cve_id(\n \"CVE-2015-1788\",\n \"CVE-2015-1789\",\n \"CVE-2015-1790\",\n \"CVE-2015-1791\",\n \"CVE-2015-1792\"\n );\n script_bugtraq_id(\n 75154,\n 75156,\n 75157,\n 75158,\n 75161\n );\n\n script_name(english:\"OpenSSL 0.9.8 < 0.9.8zg Multiple Vulnerabilities\");\n script_summary(english:\"Performs a banner check.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote service is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the remote web server uses a version of\nOpenSSL 0.9.8 prior to 0.9.8zg. The OpenSSL library is, therefore,\naffected by the following vulnerabilities :\n\n - A denial of service vulnerability exists when processing\n an ECParameters structure due to an infinite loop that\n occurs when a specified curve is over a malformed binary\n polynomial field. A remote attacker can exploit this to\n perform a denial of service against any system that\n processes public keys, certificate requests, or\n certificates. This includes TLS clients and TLS servers\n with client authentication enabled. (CVE-2015-1788)\n\n - A denial of service vulnerability exists due to improper\n validation of the content and length of the\n ASN1_TIME string by the X509_cmp_time() function. A\n remote attacker can exploit this, via a malformed\n certificate and CRLs of various sizes, to cause a\n segmentation fault, resulting in a denial of service\n condition. TLS clients that verify CRLs are affected.\n TLS clients and servers with client authentication\n enabled may be affected if they use custom verification\n callbacks. (CVE-2015-1789)\n\n - A NULL pointer dereference flaw exists in the PKCS#7\n parsing code due to incorrect handling of missing inner\n 'EncryptedContent'. This allows a remote attacker, via\n specially crafted ASN.1-encoded PKCS#7 blobs with\n missing content, to cause a denial of service condition\n or other potential unspecified impacts. (CVE-2015-1790)\n\n - A double-free error exists due to a race condition that\n occurs when a NewSessionTicket is received by a\n multi-threaded client when attempting to reuse a\n previous ticket. (CVE-2015-1791)\n\n - A denial of service vulnerability exists in the CMS code\n due to an infinite loop that occurs when verifying a\n signedData message. A remote attacker can exploit this\n to cause a denial of service condition. (CVE-2015-1792)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20150611.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to OpenSSL 0.9.8gz or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"openssl_version.nasl\");\n script_require_keys(\"openssl/port\");\n\n exit(0);\n}\n\ninclude(\"openssl_version.inc\");\n\nopenssl_check_version(fixed:'0.9.8zg', min:\"0.9.8\", severity:SECURITY_WARNING);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:56:52", "description": "New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-06-12T00:00:00", "type": "nessus", "title": "Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : openssl (SSA:2015-162-01)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:openssl", "p-cpe:/a:slackware:slackware_linux:openssl-solibs", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:13.0", "cpe:/o:slackware:slackware_linux:13.1", "cpe:/o:slackware:slackware_linux:13.37", "cpe:/o:slackware:slackware_linux:14.0", "cpe:/o:slackware:slackware_linux:14.1"], "id": "SLACKWARE_SSA_2015-162-01.NASL", "href": "https://www.tenable.com/plugins/nessus/84126", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2015-162-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84126);\n script_version(\"2.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-1788\", \"CVE-2015-1789\", \"CVE-2015-1790\", \"CVE-2015-1791\", \"CVE-2015-1792\");\n script_xref(name:\"SSA\", value:\"2015-162-01\");\n\n script_name(english:\"Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : openssl (SSA:2015-162-01)\");\n script_summary(english:\"Checks for updated packages in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New openssl packages are available for Slackware 13.0, 13.1, 13.37,\n14.0, 14.1, and -current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.750596\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cf3fe0df\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl and / or openssl-solibs packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:openssl-solibs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.37\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"13.0\", pkgname:\"openssl\", pkgver:\"0.9.8zg\", pkgarch:\"i486\", pkgnum:\"1_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", pkgname:\"openssl-solibs\", pkgver:\"0.9.8zg\", pkgarch:\"i486\", pkgnum:\"1_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", arch:\"x86_64\", pkgname:\"openssl\", pkgver:\"0.9.8zg\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", arch:\"x86_64\", pkgname:\"openssl-solibs\", pkgver:\"0.9.8zg\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.0\")) flag++;\n\nif (slackware_check(osver:\"13.1\", pkgname:\"openssl\", pkgver:\"0.9.8zg\", pkgarch:\"i486\", pkgnum:\"1_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", pkgname:\"openssl-solibs\", pkgver:\"0.9.8zg\", pkgarch:\"i486\", pkgnum:\"1_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", arch:\"x86_64\", pkgname:\"openssl\", pkgver:\"0.9.8zg\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", arch:\"x86_64\", pkgname:\"openssl-solibs\", pkgver:\"0.9.8zg\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.1\")) flag++;\n\nif (slackware_check(osver:\"13.37\", pkgname:\"openssl\", pkgver:\"0.9.8zg\", pkgarch:\"i486\", pkgnum:\"1_slack13.37\")) flag++;\nif (slackware_check(osver:\"13.37\", pkgname:\"openssl-solibs\", pkgver:\"0.9.8zg\", pkgarch:\"i486\", pkgnum:\"1_slack13.37\")) flag++;\nif (slackware_check(osver:\"13.37\", arch:\"x86_64\", pkgname:\"openssl\", pkgver:\"0.9.8zg\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.37\")) flag++;\nif (slackware_check(osver:\"13.37\", arch:\"x86_64\", pkgname:\"openssl-solibs\", pkgver:\"0.9.8zg\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.37\")) flag++;\n\nif (slackware_check(osver:\"14.0\", pkgname:\"openssl\", pkgver:\"1.0.1n\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", pkgname:\"openssl-solibs\", pkgver:\"1.0.1n\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"openssl\", pkgver:\"1.0.1n\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"openssl-solibs\", pkgver:\"1.0.1n\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"14.1\", pkgname:\"openssl\", pkgver:\"1.0.1n\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", pkgname:\"openssl-solibs\", pkgver:\"1.0.1n\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"openssl\", pkgver:\"1.0.1n\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"openssl-solibs\", pkgver:\"1.0.1n\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"openssl\", pkgver:\"1.0.1n\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", pkgname:\"openssl-solibs\", pkgver:\"1.0.1n\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"openssl\", pkgver:\"1.0.1n\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"openssl-solibs\", pkgver:\"1.0.1n\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T16:30:18", "description": "According to its version, the installation of IBM DB2 10.5 running on the remote host is prior to Fix Pack 7. It is, therefore, affected by the following vulnerabilities :\n\n - A security feature bypass vulnerability, known as FREAK (Factoring attack on RSA-EXPORT Keys), exists due to the support of weak EXPORT_RSA cipher suites with keys less than or equal to 512 bits. A man-in-the-middle attacker may be able to downgrade the SSL/TLS connection to use EXPORT_RSA cipher suites which can be factored in a short amount of time, allowing the attacker to intercept and decrypt the traffic. (CVE-2015-0204)\n\n - A denial of service vulnerability exists when processing an ECParameters structure due to an infinite loop that occurs when a specified curve is over a malformed binary polynomial field. A remote attacker can exploit this to perform a denial of service against any system that processes public keys, certificate requests, or certificates. This includes TLS clients and TLS servers with client authentication enabled. (CVE-2015-1788)\n\n - A privilege escalation vulnerability exists due to an untrusted search path flaw. A local attacker can exploit this, via a specially crafted library that is loaded by a setuid or setgid process, to gain elevated privileges on the system. (CVE-2015-1947)\n\n - A security feature bypass vulnerability exists, known as Bar Mitzvah, due to improper combination of state data with key data by the RC4 cipher algorithm during the initialization phase. A man-in-the-middle attacker can exploit this, via a brute-force attack using LSB values, to decrypt the traffic. (CVE-2015-2808)\n\n - A man-in-the-middle vulnerability, known as Logjam, exists due to a flaw in the SSL/TLS protocol. A remote attacker can exploit this flaw to downgrade connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. (CVE-2015-4000)\n\nNote that several of these vulnerabilities are due to the bundled GSKit component and the embedded FCM 4.1 libraries.", "cvss3": {"exploitabilityScore": 1.4, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.4, "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-01-06T00:00:00", "type": "nessus", "title": "IBM DB2 10.5 < Fix Pack 7 Multiple Vulnerabilities (Linux) (Bar Mitzvah) (FREAK) (Logjam)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0204", "CVE-2015-1788", "CVE-2015-1947", "CVE-2015-2808", "CVE-2015-4000"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/a:ibm:db2"], "id": "DB2_105FP7_NIX.NASL", "href": "https://www.tenable.com/plugins/nessus/87764", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87764);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2015-0204\",\n \"CVE-2015-1788\",\n \"CVE-2015-1947\",\n \"CVE-2015-2808\",\n \"CVE-2015-4000\"\n );\n script_bugtraq_id(\n 71936,\n 73684,\n 74733,\n 75158,\n 79693\n );\n script_xref(name:\"CERT\", value:\"243585\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"IBM DB2 10.5 < Fix Pack 7 Multiple Vulnerabilities (Linux) (Bar Mitzvah) (FREAK) (Logjam)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its version, the installation of IBM DB2 10.5 running on\nthe remote host is prior to Fix Pack 7. It is, therefore, affected by\nthe following vulnerabilities :\n\n - A security feature bypass vulnerability, known as FREAK\n (Factoring attack on RSA-EXPORT Keys), exists due to the\n support of weak EXPORT_RSA cipher suites with keys less\n than or equal to 512 bits. A man-in-the-middle attacker\n may be able to downgrade the SSL/TLS connection to use\n EXPORT_RSA cipher suites which can be factored in a\n short amount of time, allowing the attacker to intercept\n and decrypt the traffic. (CVE-2015-0204)\n\n - A denial of service vulnerability exists when processing\n an ECParameters structure due to an infinite loop that\n occurs when a specified curve is over a malformed binary\n polynomial field. A remote attacker can exploit this to\n perform a denial of service against any system that\n processes public keys, certificate requests, or\n certificates. This includes TLS clients and TLS servers\n with client authentication enabled. (CVE-2015-1788)\n\n - A privilege escalation vulnerability exists due to an\n untrusted search path flaw. A local attacker can exploit\n this, via a specially crafted library that is loaded by\n a setuid or setgid process, to gain elevated privileges\n on the system. (CVE-2015-1947)\n\n - A security feature bypass vulnerability exists, known as\n Bar Mitzvah, due to improper combination of state data\n with key data by the RC4 cipher algorithm during the\n initialization phase. A man-in-the-middle attacker can\n exploit this, via a brute-force attack using LSB values,\n to decrypt the traffic. (CVE-2015-2808)\n\n - A man-in-the-middle vulnerability, known as Logjam,\n exists due to a flaw in the SSL/TLS protocol. A remote\n attacker can exploit this flaw to downgrade connections\n using ephemeral Diffie-Hellman key exchange to 512-bit\n export-grade cryptography. (CVE-2015-4000)\n\nNote that several of these vulnerabilities are due to the bundled\nGSKit component and the embedded FCM 4.1 libraries.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www-01.ibm.com/support/docview.wss?uid=swg21647054#7\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www-01.ibm.com/support/docview.wss?uid=swg1IT07394\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www-01.ibm.com/support/docview.wss?uid=swg1IT08753\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www-01.ibm.com/support/docview.wss?uid=swg1IT09900\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www-01.ibm.com/support/docview.wss?uid=swg1IT09964\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www-01.ibm.com/support/docview.wss?uid=swg1IT09969\");\n # https://www.blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness-wp.pdf\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4bbf45ac\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.smacktls.com/#freak\");\n script_set_attribute(attribute:\"see_also\", value:\"https://weakdh.org/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply IBM DB2 version 10.5 Fix Pack 7 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:TF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:T/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-4000\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/01/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:db2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"db2_installed.nbin\");\n script_require_keys(\"installed_sw/DB2 Server\");\n\n exit(0);\n}\n\ninclude('vcf_extras_db2.inc');\n\n# The remote host's OS is Windows, not Linux.\nif (get_kb_item('SMB/db2/Installed'))\n audit(AUDIT_OS_NOT, 'Linux', 'Windows');\n\nvar app_info = vcf::ibm_db2::get_app_info();\n# DB2 has an optional OpenSSH server that will run on\n# windows. We need to exit out if we picked up the windows\n# installation that way.\nif ('Windows' >< app_info['platform'])\n audit(AUDIT_HOST_NOT, 'a Linux based operating system');\n\nvar constraints = [\n {'min_version':'10.5', 'fixed_version':'10.5.0.7'}\n];\n\nvcf::ibm_db2::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_NOTE\n);\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T16:31:18", "description": "According to its version, the installation of IBM DB2 10.5 running on the remote host is prior to Fix Pack 7. It is, therefore, affected by the following vulnerabilities :\n\n - A security feature bypass vulnerability, known as FREAK (Factoring attack on RSA-EXPORT Keys), exists due to the support of weak EXPORT_RSA cipher suites with keys less than or equal to 512 bits. A man-in-the-middle attacker may be able to downgrade the SSL/TLS connection to use EXPORT_RSA cipher suites which can be factored in a short amount of time, allowing the attacker to intercept and decrypt the traffic. (CVE-2015-0204)\n\n - A denial of service vulnerability exists when processing an ECParameters structure due to an infinite loop that occurs when a specified curve is over a malformed binary polynomial field. A remote attacker can exploit this to perform a denial of service against any system that processes public keys, certificate requests, or certificates. This includes TLS clients and TLS servers with client authentication enabled. (CVE-2015-1788)\n\n - A privilege escalation vulnerability exists due to an untrusted search path flaw. A local attacker can exploit this, via a specially crafted library that is loaded by a setuid or setgid process, to gain elevated privileges on the system. (CVE-2015-1947)\n\n - A security feature bypass vulnerability exists, known as Bar Mitzvah, due to improper combination of state data with key data by the RC4 cipher algorithm during the initialization phase. A man-in-the-middle attacker can exploit this, via a brute-force attack using LSB values, to decrypt the traffic. (CVE-2015-2808)\n\n - A man-in-the-middle vulnerability, known as Logjam, exists due to a flaw in the SSL/TLS protocol. A remote attacker can exploit this flaw to downgrade connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. (CVE-2015-4000)\n\nNote that several of these vulnerabilities are due to the bundled GSKit component and the embedded FCM 4.1 libraries.", "cvss3": {"exploitabilityScore": 1.4, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.4, "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-01-06T00:00:00", "type": "nessus", "title": "IBM DB2 10.5 < Fix Pack 7 Multiple Vulnerabilities (Bar Mitzvah) (FREAK) (Logjam)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0204", "CVE-2015-1788", "CVE-2015-1947", "CVE-2015-2808", "CVE-2015-4000"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/a:ibm:db2"], "id": "DB2_105FP7_WIN.NASL", "href": "https://www.tenable.com/plugins/nessus/87765", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87765);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2015-0204\",\n \"CVE-2015-1788\",\n \"CVE-2015-1947\",\n \"CVE-2015-2808\",\n \"CVE-2015-4000\"\n );\n script_bugtraq_id(\n 71936,\n 73684,\n 74733,\n 75158,\n 79693\n );\n script_xref(name:\"CERT\", value:\"243585\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"IBM DB2 10.5 < Fix Pack 7 Multiple Vulnerabilities (Bar Mitzvah) (FREAK) (Logjam)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its version, the installation of IBM DB2 10.5 running on\nthe remote host is prior to Fix Pack 7. It is, therefore, affected by\nthe following vulnerabilities :\n\n - A security feature bypass vulnerability, known as FREAK\n (Factoring attack on RSA-EXPORT Keys), exists due to the\n support of weak EXPORT_RSA cipher suites with keys less\n than or equal to 512 bits. A man-in-the-middle attacker\n may be able to downgrade the SSL/TLS connection to use\n EXPORT_RSA cipher suites which can be factored in a\n short amount of time, allowing the attacker to intercept\n and decrypt the traffic. (CVE-2015-0204)\n\n - A denial of service vulnerability exists when processing\n an ECParameters structure due to an infinite loop that\n occurs when a specified curve is over a malformed binary\n polynomial field. A remote attacker can exploit this to\n perform a denial of service against any system that\n processes public keys, certificate requests, or\n certificates. This includes TLS clients and TLS servers\n with client authentication enabled. (CVE-2015-1788)\n\n - A privilege escalation vulnerability exists due to an\n untrusted search path flaw. A local attacker can exploit\n this, via a specially crafted library that is loaded by\n a setuid or setgid process, to gain elevated privileges\n on the system. (CVE-2015-1947)\n\n - A security feature bypass vulnerability exists, known as\n Bar Mitzvah, due to improper combination of state data\n with key data by the RC4 cipher algorithm during the\n initialization phase. A man-in-the-middle attacker can\n exploit this, via a brute-force attack using LSB values,\n to decrypt the traffic. (CVE-2015-2808)\n\n - A man-in-the-middle vulnerability, known as Logjam,\n exists due to a flaw in the SSL/TLS protocol. A remote\n attacker can exploit this flaw to downgrade connections\n using ephemeral Diffie-Hellman key exchange to 512-bit\n export-grade cryptography. (CVE-2015-4000)\n\nNote that several of these vulnerabilities are due to the bundled\nGSKit component and the embedded FCM 4.1 libraries.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www-01.ibm.com/support/docview.wss?uid=swg21647054#7\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www-01.ibm.com/support/docview.wss?uid=swg1IT07394\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www-01.ibm.com/support/docview.wss?uid=swg1IT08753\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www-01.ibm.com/support/docview.wss?uid=swg1IT09900\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www-01.ibm.com/support/docview.wss?uid=swg1IT09964\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www-01.ibm.com/support/docview.wss?uid=swg1IT09969\");\n # https://www.blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness-wp.pdf\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4bbf45ac\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.smacktls.com/#freak\");\n script_set_attribute(attribute:\"see_also\", value:\"https://weakdh.org/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply IBM DB2 version 10.5 Fix Pack 7 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:TF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:T/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/01/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:db2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"db2_and_db2_connect_installed.nbin\");\n script_require_ports(\"SMB/db2/Installed\", \"SMB/db2_connect/Installed\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"db2_report_func.inc\");\n\n# Check each installation.\ndb2_installed = get_kb_item(\"SMB/db2/Installed\");\nif (db2_installed)\n db2_installs = get_kb_list(\"SMB/db2/*\");\n\ndb2connect_installed = get_kb_item(\"SMB/db2_connect/Installed\");\nif (db2_installed)\n db2connect_installs = get_kb_list(\"SMB/db2_connect/*\");\n\nif (!db2_installed && !db2connect_installed)\n audit(AUDIT_NOT_INST, \"DB2 and/or DB2 Connect\");\n\ninfo = \"\";\nfix_version = '10.5.700.375';\nnot_affected = make_list();\nvuln = FALSE;\n\n# Check DB2 first\nforeach install(sort(keys(db2_installs)))\n{\n if (\"/Installed\" >< install) continue;\n\n version = db2_installs[install];\n\n prod = install - \"SMB/db2/\";\n prod = prod - (strstr(prod, \"/\"));\n\n path = install - \"SMB/db2/\";\n path = path - (prod + \"/\");\n\n if (version =~ \"^10\\.5\\.\" && ver_compare(ver:version, fix:fix_version, strict:FALSE) == -1)\n vuln = TRUE;\n else\n not_affected = make_list(not_affected, prod + ' version ' + version + ' at ' + path);\n}\n\n# Check DB2 Connect second\nforeach install(sort(keys(db2connect_installs)))\n{\n if (\"/Installed\" >< install) continue;\n\n version = db2connect_installs[install];\n\n prod = install - \"SMB/db2_connect/\";\n prod = prod - (strstr(prod, \"/\"));\n\n path = install - \"SMB/db2_connect/\";\n path = path - (prod + \"/\");\n\n if (version =~ \"^10\\.5\\.\" && ver_compare(ver:version, fix:fix_version, strict:FALSE) == -1)\n vuln = TRUE;\n else\n not_affected = make_list(not_affected, prod + ' version ' + version + ' at ' + path);\n}\n\nport = get_kb_item(\"SMB/transport\");\nif (!port) port = 445;\n\n# Report if vulnerable installs were found.\nif (vuln)\n{\n report_db2(port:port, path:path, product:prod, installed_version:version, fixed_version:fix_version, severity:SECURITY_WARNING);\n}\nelse\n{\n if (max_index(not_affected) > 1)\n exit(0, join(not_affected, sep:\", \") + \" are installed and, therefore, not affected.\");\n else\n audit(AUDIT_INST_VER_NOT_VULN, not_affected[0]);\n}\n\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-17T14:41:48", "description": "Versions of OpenSSL prior to 1.0.1n, or 1.0.2b are unpatched for the following vulnerabilities :\n\n - A man-in-the-middle vulnerability, known as Logjam, exists due to a flaw in the SSL/TLS protocol. A remote attacker can exploit this flaw to downgrade connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. (CVE-2015-4000)\n\n - A denial of service vulnerability exists when processing an ECParameters structure due to an infinite loop that occurs when a specified curve is over a malformed binary polynomial field. A remote attacker can exploit this to perform a denial of service against any system that processes public keys, certificate requests, or certificates. This includes TLS clients and TLS servers with client authentication enabled. (CVE-2015-1788)\n\n - A denial of service vulnerability exists due to improper validation of the content and length of the ASN1_TIME string by the X509_cmp_time() function. A remote attacker can exploit this, via a malformed certificate and CRLs of various sizes, to cause a segmentation fault, resulting in a denial of service condition. TLS clients that verify CRLs are affected. TLS clients and servers with client authentication enabled may be affected if they use custom verification callbacks. (CVE-2015-1789)\n\n - A NULL pointer dereference flaw exists in the PKCS#7 parsing code due to incorrect handling of missing inner 'EncryptedContent'. This allows a remote attacker, via specially crafted ASN.1-encoded PKCS#7 blobs with missing content, to cause a denial of service condition or other potential unspecified impacts. (CVE-2015-1790)\n\n - A double-free error exists due to a race condition that occurs when a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket. (CVE-2015-1791)\n\n - A denial of service vulnerability exists in the CMS code due to an infinite loop that occurs when verifying a signedData message. A remote attacker can exploit this to cause a denial of service condition. (CVE-2015-1792)\n\n - An off-by-one overflow condition affects the BN_rand() function in 'crypto/bn/random.c'. The issue is triggered as user-supplied input is not properly validated. This may allow an attacker to cause a buffer overflow, resulting in a denial of service.\n\n - An off-by-one overflow condition affects the BN_bn2hex() function in 'crypto/bn/bn_print.c'. The issue is triggered as user-supplied input is not properly validated. This may allow an attacker to cause a buffer overflow, potentially resulting in a denial of service or another, more severe impact.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-06-22T00:00:00", "type": "nessus", "title": "OpenSSL 1.0.1 < 1.0.1n / 1.0.2 < 1.0.2b Multiple Vulnerabilities (Logjam)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-4000"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:/a:openssl:openssl"], "id": "8790.PRM", "href": "https://www.tenable.com/plugins/nnm/8790", "sourceData": "Binary data 8790.prm", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:57:12", "description": "According to its banner, the remote web server uses a version of OpenSSL 1.0.2 prior to 1.0.2b. The OpenSSL library is, therefore, affected by the following vulnerabilities :\n\n - A denial of service vulnerability exists when processing an ECParameters structure due to an infinite loop that occurs when a specified curve is over a malformed binary polynomial field. A remote attacker can exploit this to perform a denial of service against any system that processes public keys, certificate requests, or certificates. This includes TLS clients and TLS servers with client authentication enabled. (CVE-2015-1788)\n\n - A denial of service vulnerability exists due to improper validation of the content and length of the ASN1_TIME string by the X509_cmp_time() function. A remote attacker can exploit this, via a malformed certificate and CRLs of various sizes, to cause a segmentation fault, resulting in a denial of service condition. TLS clients that verify CRLs are affected.\n TLS clients and servers with client authentication enabled may be affected if they use custom verification callbacks. (CVE-2015-1789)\n\n - A NULL pointer dereference flaw exists in the PKCS#7 parsing code due to incorrect handling of missing inner 'EncryptedContent'. This allows a remote attacker, via specially crafted ASN.1-encoded PKCS#7 blobs with missing content, to cause a denial of service condition or other potential unspecified impacts. (CVE-2015-1790)\n\n - A double-free error exists due to a race condition that occurs when a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket. (CVE-2015-1791)\n\n - A denial of service vulnerability exists in the CMS code due to an infinite loop that occurs when verifying a signedData message. A remote attacker can exploit this to cause a denial of service condition. (CVE-2015-1792)\n\n - A man-in-the-middle vulnerability, known as Logjam, exists due to a flaw in the SSL/TLS protocol. A remote attacker can exploit this flaw to downgrade connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. (CVE-2015-4000)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-06-12T00:00:00", "type": "nessus", "title": "OpenSSL 1.0.2 < 1.0.2b Multiple Vulnerabilities (Logjam)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-4000"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/a:openssl:openssl"], "id": "OPENSSL_1_0_2B.NASL", "href": "https://www.tenable.com/plugins/nessus/84154", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84154);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2015-1788\",\n \"CVE-2015-1789\",\n \"CVE-2015-1790\",\n \"CVE-2015-1791\",\n \"CVE-2015-1792\",\n \"CVE-2015-4000\"\n );\n script_bugtraq_id(\n 74733,\n 75154,\n 75156,\n 75157,\n 75158,\n 75161\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"OpenSSL 1.0.2 < 1.0.2b Multiple Vulnerabilities (Logjam)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote service is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the remote web server uses a version of\nOpenSSL 1.0.2 prior to 1.0.2b. The OpenSSL library is, therefore,\naffected by the following vulnerabilities :\n\n - A denial of service vulnerability exists when processing\n an ECParameters structure due to an infinite loop that\n occurs when a specified curve is over a malformed binary\n polynomial field. A remote attacker can exploit this to\n perform a denial of service against any system that\n processes public keys, certificate requests, or\n certificates. This includes TLS clients and TLS servers\n with client authentication enabled. (CVE-2015-1788)\n\n - A denial of service vulnerability exists due to improper\n validation of the content and length of the\n ASN1_TIME string by the X509_cmp_time() function. A\n remote attacker can exploit this, via a malformed\n certificate and CRLs of various sizes, to cause a\n segmentation fault, resulting in a denial of service\n condition. TLS clients that verify CRLs are affected.\n TLS clients and servers with client authentication\n enabled may be affected if they use custom verification\n callbacks. (CVE-2015-1789)\n\n - A NULL pointer dereference flaw exists in the PKCS#7\n parsing code due to incorrect handling of missing inner\n 'EncryptedContent'. This allows a remote attacker, via\n specially crafted ASN.1-encoded PKCS#7 blobs with\n missing content, to cause a denial of service condition\n or other potential unspecified impacts. (CVE-2015-1790)\n\n - A double-free error exists due to a race condition that\n occurs when a NewSessionTicket is received by a\n multi-threaded client when attempting to reuse a\n previous ticket. (CVE-2015-1791)\n\n - A denial of service vulnerability exists in the CMS code\n due to an infinite loop that occurs when verifying a\n signedData message. A remote attacker can exploit this\n to cause a denial of service condition. (CVE-2015-1792)\n\n - A man-in-the-middle vulnerability, known as Logjam,\n exists due to a flaw in the SSL/TLS protocol. A remote\n attacker can exploit this flaw to downgrade connections\n using ephemeral Diffie-Hellman key exchange to 512-bit\n export-grade cryptography. (CVE-2015-4000)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20150611.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"https://weakdh.org/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to OpenSSL 1.0.2b or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"openssl_version.nasl\");\n script_require_keys(\"openssl/port\");\n\n exit(0);\n}\n\ninclude(\"openssl_version.inc\");\n\nopenssl_check_version(fixed:'1.0.2b', min:\"1.0.2\", severity:SECURITY_WARNING);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:57:42", "description": "According to its banner, the remote web server uses a version of OpenSSL 1.0.1 prior to 1.0.1n. The OpenSSL library is, therefore, affected by the following vulnerabilities :\n\n - A denial of service vulnerability exists when processing an ECParameters structure due to an infinite loop that occurs when a specified curve is over a malformed binary polynomial field. A remote attacker can exploit this to perform a denial of service against any system that processes public keys, certificate requests, or certificates. This includes TLS clients and TLS servers with client authentication enabled. (CVE-2015-1788)\n\n - A denial of service vulnerability exists due to improper validation of the content and length of the ASN1_TIME string by the X509_cmp_time() function. A remote attacker can exploit this, via a malformed certificate and CRLs of various sizes, to cause a segmentation fault, resulting in a denial of service condition. TLS clients that verify CRLs are affected.\n TLS clients and servers with client authentication enabled may be affected if they use custom verification callbacks. (CVE-2015-1789)\n\n - A NULL pointer dereference flaw exists in the PKCS#7 parsing code due to incorrect handling of missing inner 'EncryptedContent'. This allows a remote attacker, via specially crafted ASN.1-encoded PKCS#7 blobs with missing content, to cause a denial of service condition or other potential unspecified impacts. (CVE-2015-1790)\n\n - A double-free error exists due to a race condition that occurs when a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket. (CVE-2015-1791)\n\n - A denial of service vulnerability exists in the CMS code due to an infinite loop that occurs when verifying a signedData message. A remote attacker can exploit this to cause a denial of service condition. (CVE-2015-1792)\n\n - A man-in-the-middle vulnerability exists, known as Logjam, due to a flaw in the SSL/TLS protocol. A remote attacker can exploit this flaw to downgrade connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. (CVE-2015-4000)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-06-12T00:00:00", "type": "nessus", "title": "OpenSSL 1.0.1 < 1.0.1n Multiple Vulnerabilities (Logjam)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-4000"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/a:openssl:openssl"], "id": "OPENSSL_1_0_1N.NASL", "href": "https://www.tenable.com/plugins/nessus/84153", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84153);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2015-1788\",\n \"CVE-2015-1789\",\n \"CVE-2015-1790\",\n \"CVE-2015-1791\",\n \"CVE-2015-1792\",\n \"CVE-2015-4000\"\n );\n script_bugtraq_id(\n 74733,\n 75154,\n 75156,\n 75157,\n 75158,\n 75161\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"OpenSSL 1.0.1 < 1.0.1n Multiple Vulnerabilities (Logjam)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote service is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the remote web server uses a version of\nOpenSSL 1.0.1 prior to 1.0.1n. The OpenSSL library is, therefore,\naffected by the following vulnerabilities :\n\n - A denial of service vulnerability exists when processing\n an ECParameters structure due to an infinite loop that\n occurs when a specified curve is over a malformed binary\n polynomial field. A remote attacker can exploit this to\n perform a denial of service against any system that\n processes public keys, certificate requests, or\n certificates. This includes TLS clients and TLS servers\n with client authentication enabled. (CVE-2015-1788)\n\n - A denial of service vulnerability exists due to improper\n validation of the content and length of the\n ASN1_TIME string by the X509_cmp_time() function. A\n remote attacker can exploit this, via a malformed\n certificate and CRLs of various sizes, to cause a\n segmentation fault, resulting in a denial of service\n condition. TLS clients that verify CRLs are affected.\n TLS clients and servers with client authentication\n enabled may be affected if they use custom verification\n callbacks. (CVE-2015-1789)\n\n - A NULL pointer dereference flaw exists in the PKCS#7\n parsing code due to incorrect handling of missing inner\n 'EncryptedContent'. This allows a remote attacker, via\n specially crafted ASN.1-encoded PKCS#7 blobs with\n missing content, to cause a denial of service condition\n or other potential unspecified impacts. (CVE-2015-1790)\n\n - A double-free error exists due to a race condition that\n occurs when a NewSessionTicket is received by a\n multi-threaded client when attempting to reuse a\n previous ticket. (CVE-2015-1791)\n\n - A denial of service vulnerability exists in the CMS code\n due to an infinite loop that occurs when verifying a\n signedData message. A remote attacker can exploit this\n to cause a denial of service condition. (CVE-2015-1792)\n\n - A man-in-the-middle vulnerability exists, known as\n Logjam, due to a flaw in the SSL/TLS protocol. A remote\n attacker can exploit this flaw to downgrade connections\n using ephemeral Diffie-Hellman key exchange to 512-bit\n export-grade cryptography. (CVE-2015-4000)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20150611.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"https://weakdh.org/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to OpenSSL 1.0.1n or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"openssl_version.nasl\");\n script_require_keys(\"openssl/port\");\n\n exit(0);\n}\n\ninclude(\"openssl_version.inc\");\n\nopenssl_check_version(fixed:'1.0.1n', min:\"1.0.1\", severity:SECURITY_WARNING);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T15:01:22", "description": "The IBM HTTP Server running on the remote host is version 6.1 prior to or equal to 6.1.0.47, 7.0 prior to 7.0.0.39, 8.0 prior to 8.0.0.12, or 8.5 prior to 8.5.5.7. It is, therefore, potentially affected by multiple vulnerabilities :\n\n - An overflow condition exists in the XML_GetBuffer() function in xmlparse.c due to improper validation of user-supplied input when handling compressed XML content. An attacker can exploit this to cause a buffer overflow, resulting in the execution of arbitrary code.\n (CVE-2015-1283)\n\n - A denial of service vulnerability exists when processing an ECParameters structure due to an infinite loop that occurs when a specified curve is over a malformed binary polynomial field. A remote attacker can exploit this to perform a denial of service against any system that processes public keys, certificate requests, or certificates. This includes TLS clients and TLS servers with client authentication enabled. (CVE-2015-1788)\n\n - An information disclosure vulnerability exists that allows an unauthenticated, remote attacker to identify the proxy server software by reading the HTTP 'Via' header. (CVE-2015-1932)\n\n - A flaw exists in the chunked transfer coding implementation due to a failure to properly parse chunk headers. A remote attacker can exploit this to conduct HTTP request smuggling attacks. (CVE-2015-3183)\n\n - An unspecified flaw exists that allows an unauthenticated, remote attacker to spoof servlets or disclose sensitive information. (CVE-2015-4938)\n\n - An overflow condition exists in the Administration Server due to improper validation of user-supplied input. An attacker can exploit this, via a specially crafted request, to cause a stack-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2015-4947)\n\nNote that :\n - CVE-2015-1788 does not affect the 6.1 and 7.0 branches.\n - CVE-2015-1932 and CVE-2015-4938 do not affect the 6.1 branch.", "cvss3": {}, "published": "2015-09-18T00:00:00", "type": "nessus", "title": "IBM HTTP Server 6.1 <= 6.1.0.47 (FP47) / 7.0 < 7.0.0.39 (FP39) / 8.0 < 8.0.0.12 (FP12) / 8.5 < 8.5.5.7 (FP7) Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1283", "CVE-2015-1788", "CVE-2015-1932", "CVE-2015-3183", "CVE-2015-4938", "CVE-2015-4947"], "modified": "2018-08-06T00:00:00", "cpe": ["cpe:/a:ibm:websphere_application_server", "cpe:/a:ibm:http_server"], "id": "WEBSPHERE_8_5_5_7.NASL", "href": "https://www.tenable.com/plugins/nessus/86018", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86018);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/08/06 14:03:16\");\n\n script_cve_id(\n \"CVE-2015-1283\",\n \"CVE-2015-1788\",\n \"CVE-2015-1932\",\n \"CVE-2015-3183\",\n \"CVE-2015-4938\",\n \"CVE-2015-4947\"\n );\n script_bugtraq_id(\n 75158,\n 75963,\n 75973,\n 76463,\n 76466,\n 76658\n );\n script_xref(name:\"IAVB\", value:\"2015-B-0115\");\n\n script_name(english:\"IBM HTTP Server 6.1 <= 6.1.0.47 (FP47) / 7.0 < 7.0.0.39 (FP39) / 8.0 < 8.0.0.12 (FP12) / 8.5 < 8.5.5.7 (FP7) Multiple Vulnerabilities\");\n script_summary(english:\"Reads the version number from the SOAP port.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote IBM HTTP Server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The IBM HTTP Server running on the remote host is version 6.1 prior\nto or equal to 6.1.0.47, 7.0 prior to 7.0.0.39, 8.0 prior to 8.0.0.12,\nor 8.5 prior to 8.5.5.7. It is, therefore, potentially affected by\nmultiple vulnerabilities :\n\n - An overflow condition exists in the XML_GetBuffer()\n function in xmlparse.c due to improper validation of\n user-supplied input when handling compressed XML\n content. An attacker can exploit this to cause a buffer\n overflow, resulting in the execution of arbitrary code.\n (CVE-2015-1283)\n\n - A denial of service vulnerability exists when processing\n an ECParameters structure due to an infinite loop that\n occurs when a specified curve is over a malformed binary\n polynomial field. A remote attacker can exploit this to\n perform a denial of service against any system that\n processes public keys, certificate requests, or\n certificates. This includes TLS clients and TLS servers\n with client authentication enabled. (CVE-2015-1788)\n\n - An information disclosure vulnerability exists that\n allows an unauthenticated, remote attacker to identify\n the proxy server software by reading the HTTP 'Via'\n header. (CVE-2015-1932)\n\n - A flaw exists in the chunked transfer coding\n implementation due to a failure to properly parse chunk\n headers. A remote attacker can exploit this to conduct\n HTTP request smuggling attacks. (CVE-2015-3183)\n\n - An unspecified flaw exists that allows an\n unauthenticated, remote attacker to spoof servlets or\n disclose sensitive information. (CVE-2015-4938)\n\n - An overflow condition exists in the Administration\n Server due to improper validation of user-supplied\n input. An attacker can exploit this, via a specially\n crafted request, to cause a stack-based buffer overflow,\n resulting in a denial of service condition or the\n execution of arbitrary code. (CVE-2015-4947)\n\nNote that :\n - CVE-2015-1788 does not affect the 6.1 and 7.0 branches.\n \n - CVE-2015-1932 and CVE-2015-4938 do not affect the 6.1\n branch.\");\n # CVE-2015-3183 / PI42928 / PI45596 (6.1.x)\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21963361\");\n # CVE-2015-4947 / PI44793 / PI45596 (6.1.x)\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21965419\");\n # CVE-2015-1788 / PI44809\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21963362\");\n # CVE-2015-1283 / PI45596\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21964428\");\n # CVE-2015-1932 / PI38403 and CVE-2015-4938 / PI37396\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21963275\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply IBM 7.0 Fix Pack 39 (7.0.0.39) / 8.0 Fix Pack 12 (8.0.0.12) /\n8.5 Fix Pack 7 (8.5.5.7) or later. Alternatively, apply the Interim\nFixes as recommended in the vendor advisory.\n\nIn the case of the 6.1 branch, apply IBM 6.1 Fix Pack 47 (6.1.0.47)\nand then apply Interim Fixes PI39833 and PI45596.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/04/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/18\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:websphere_application_server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:http_server\");\n\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"websphere_detect.nasl\");\n script_require_ports(\"Services/www\", 8880, 8881);\n script_require_keys(\"www/WebSphere\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nport = get_http_port(default:8880, embedded:0);\n\nversion = get_kb_item_or_exit(\"www/WebSphere/\"+port+\"/version\");\nsource = get_kb_item_or_exit(\"www/WebSphere/\"+port+\"/source\");\n\napp_name = \"IBM WebSphere Application Server\";\n\nif (version =~ \"^[0-9]+(\\.[0-9]+)?$\")\n audit(AUDIT_VER_NOT_GRANULAR, app_name, port, version);\n\nfix = FALSE; # Fixed version for compare\nmin = FALSE; # Min version for branch\npck = FALSE; # Fix pack name (tacked onto fix in report)\nitr = \"PI42928, PI44793, PI44809 and PI45596\"; # Required interim fixes\nvuln = FALSE; # Flag for branches requiring <= checks\n\nif (version =~ \"^8\\.5\\.\")\n{\n fix = '8.5.5.7';\n min = '8.5.0.0';\n itr = 'PI37396, PI38403, ' + itr;\n pck = \" (Fix Pack 7)\";\n}\nelse if (version =~ \"^8\\.0\\.\")\n{\n fix = '8.0.0.12';\n min = '8.0.0.0';\n pck = \" (Fix Pack 12) Available 2016/01/18\";\n}\nelse if (version =~ \"^7\\.0\\.\")\n{\n fix = '7.0.0.39';\n min = '7.0.0.0';\n itr = 'PI37396, PI38403, ' + itr;\n pck = \" (Fix Pack 39)\";\n}\n\n# V6.1.0.0 through 6.1.0.47 (without PI45596)\nelse if (version =~ \"^6\\.1\\.\")\n{\n if (ver_compare(ver:version, fix:'6.1.0.47', strict:FALSE) <= 0)\n {\n fix = '6.1.0.47';\n min = '6.1.0.0';\n pck = \" (Fix Pack 47) plus PI45596\";\n vuln = TRUE;\n }\n}\n\nif (\n (\n fix && min &&\n ver_compare(ver:version, fix:fix, strict:FALSE) < 0 &&\n ver_compare(ver:version, fix:min, strict:FALSE) >= 0\n )\n ||\n vuln\n)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Version source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix + pck +\n '\\n Interim fixes : ' + itr +\n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, app_name, port, version);\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T15:01:00", "description": "According to its version number, the instance of Splunk hosted on the remote web server is Enterprise 5.0.x prior to 5.0.14, 6.0.x prior to 6.0.10, 6.1.x prior to 6.1.9, 6.2.x prior to 6.2.5, or Light 6.2.x prior to 6.2.5. It is, therefore, affected by the following vulnerabilities in the bundled OpenSSL library :\n\n - A denial of service vulnerability exists when processing an ECParameters structure due to an infinite loop that occurs when a specified curve is over a malformed binary polynomial field. A remote attacker can exploit this to perform a denial of service against any system that processes public keys, certificate requests, or certificates. This includes TLS clients and TLS servers with client authentication enabled. (CVE-2015-1788)\n\n - A denial of service vulnerability exists due to improper validation of the content and length of the ASN1_TIME string by the X509_cmp_time() function. A remote attacker can exploit this, via a malformed certificate and CRLs of various sizes, to cause a segmentation fault, resulting in a denial of service condition. TLS clients that verify CRLs are affected. TLS clients and servers with client authentication enabled may be affected if they use custom verification callbacks.\n (CVE-2015-1789)\n\n - A NULL pointer dereference flaw exists in the PKCS#7 parsing code due to incorrect handling of missing inner 'EncryptedContent'. This allows a remote attacker, via specially crafted ASN.1-encoded PKCS#7 blobs with missing content, to cause a denial of service condition or other potential unspecified impacts. (CVE-2015-1790)\n\n - A double-free error exists due to a race condition that occurs when a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket. (CVE-2015-1791)\n\n - A denial of service vulnerability exists in the CMS code due to an infinite loop that occurs when verifying a signedData message. A remote attacker can exploit this to cause a denial of service condition. (CVE-2015-1792)\n\n - A certificate validation bypass vulnerability exists due to a flaw in the X509_verify_cert() function in file x509_vfy.c, which occurs when locating alternate certificate chains whenever the first attempt to build such a chain fails. A remote attacker can exploit this, by using a valid leaf certificate as a certificate authority (CA), to issue invalid certificates that will bypass authentication. (CVE-2015-1793)\n\nAdditionally, a cross-site scripting vulnerability exists in Splunk Enterprise due to improper validation of user-supplied input before returning it to users. An attacker can exploit this, via a crafted request, to execute arbitrary script code.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-08-21T00:00:00", "type": "nessus", "title": "Splunk Enterprise < 5.0.14 / 6.0.10 / 6.1.9 / 6.2.5 or Splunk Light < 6.2.5 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-1793"], "modified": "2021-01-19T00:00:00", "cpe": ["cpe:/a:splunk:splunk", "cpe:/a:openssl:openssl"], "id": "SPLUNK_625.NASL", "href": "https://www.tenable.com/plugins/nessus/85581", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85581);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\n \"CVE-2015-1788\",\n \"CVE-2015-1789\",\n \"CVE-2015-1790\",\n \"CVE-2015-1791\",\n \"CVE-2015-1792\",\n \"CVE-2015-1793\"\n );\n script_bugtraq_id(\n 75154,\n 75156,\n 75157,\n 75158,\n 75161,\n 75652\n );\n\n script_name(english:\"Splunk Enterprise < 5.0.14 / 6.0.10 / 6.1.9 / 6.2.5 or Splunk Light < 6.2.5 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of Splunk Enterprise and Light.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is running an application that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its version number, the instance of Splunk hosted on the\nremote web server is Enterprise 5.0.x prior to 5.0.14, 6.0.x prior to\n6.0.10, 6.1.x prior to 6.1.9, 6.2.x prior to 6.2.5, or Light 6.2.x\nprior to 6.2.5. It is, therefore, affected by the following\nvulnerabilities in the bundled OpenSSL library :\n\n - A denial of service vulnerability exists when processing\n an ECParameters structure due to an infinite loop that\n occurs when a specified curve is over a malformed binary\n polynomial field. A remote attacker can exploit this to\n perform a denial of service against any system that\n processes public keys, certificate requests, or\n certificates. This includes TLS clients and TLS servers\n with client authentication enabled. (CVE-2015-1788)\n\n - A denial of service vulnerability exists due to improper\n validation of the content and length of the ASN1_TIME\n string by the X509_cmp_time() function. A remote\n attacker can exploit this, via a malformed certificate\n and CRLs of various sizes, to cause a segmentation\n fault, resulting in a denial of service condition. TLS\n clients that verify CRLs are affected. TLS clients and\n servers with client authentication enabled may be\n affected if they use custom verification callbacks.\n (CVE-2015-1789)\n\n - A NULL pointer dereference flaw exists in the PKCS#7\n parsing code due to incorrect handling of missing inner\n 'EncryptedContent'. This allows a remote attacker, via\n specially crafted ASN.1-encoded PKCS#7 blobs with\n missing content, to cause a denial of service condition\n or other potential unspecified impacts. (CVE-2015-1790)\n\n - A double-free error exists due to a race condition that\n occurs when a NewSessionTicket is received by a\n multi-threaded client when attempting to reuse a\n previous ticket. (CVE-2015-1791)\n\n - A denial of service vulnerability exists in the CMS code\n due to an infinite loop that occurs when verifying a\n signedData message. A remote attacker can exploit this\n to cause a denial of service condition. (CVE-2015-1792)\n\n - A certificate validation bypass vulnerability exists due\n to a flaw in the X509_verify_cert() function in file\n x509_vfy.c, which occurs when locating alternate\n certificate chains whenever the first attempt to build\n such a chain fails. A remote attacker can exploit this,\n by using a valid leaf certificate as a certificate\n authority (CA), to issue invalid certificates that will\n bypass authentication. (CVE-2015-1793)\n\nAdditionally, a cross-site scripting vulnerability exists in Splunk\nEnterprise due to improper validation of user-supplied input before\nreturning it to users. An attacker can exploit this, via a crafted\nrequest, to execute arbitrary script code.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.splunk.com/view/SP-CAAAN84\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20150611.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20150709.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Splunk Enterprise 5.0.14 / 6.0.10 / 6.1.9 / 6.2.5 or later,\nor Splunk Light 6.2.5 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:splunk:splunk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"splunkd_detect.nasl\", \"splunk_web_detect.nasl\");\n script_require_keys(\"installed_sw/Splunk\");\n script_require_ports(\"Services/www\", 8089, 8000);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"install_func.inc\");\n\napp = \"Splunk\";\n\nget_install_count(app_name:app, exit_if_zero:TRUE);\n\nport = get_http_port(default:8000, embedded:TRUE);\n\ninstall = get_single_install(\n app_name : app,\n port : port,\n exit_if_unknown_ver : TRUE\n);\n\ndir = install['path'];\nver = install['version'];\nfix = FALSE;\n\ninstall_url = build_url(qs:dir, port:port);\n\nxss = FALSE;\n\n# 5.0.x < 5.0.14\nif (ver =~ \"^5\\.0($|[^0-9])\")\n{\n fix = '5.0.14';\n xss = TRUE;\n}\n# 6.0.x < 6.0.10\nelse if (ver =~ \"^6\\.0($|[^0-9])\")\n{\n fix = '6.0.10';\n xss = TRUE;\n}\n# 6.1.x < 6.1.9\nelse if (ver =~ \"^6\\.1($|[^0-9])\")\n fix = '6.1.9';\n\n# 6.2.x < 6.2.5\nelse if (ver =~ \"^6\\.2($|[^0-9])\")\n fix = '6.2.5';\n\n\nif (fix && ver_compare(ver:ver,fix:fix,strict:FALSE) < 0)\n{\n if (xss) set_kb_item(name:'www/'+port+'/XSS', value:TRUE);\n\n if (report_verbosity > 0)\n {\n report =\n '\\n URL : ' + install_url +\n '\\n Installed version : ' + ver +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n}\nelse audit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_url, ver);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-28T14:37:23", "description": "Praveen Kariyanahalli, Ivan Fratric and Felix Groebert discovered that OpenSSL incorrectly handled memory when buffering DTLS data. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code.\n(CVE-2014-8176)\n\nJoseph Barr-Pixton discovered that OpenSSL incorrectly handled malformed ECParameters structures. A remote attacker could use this issue to cause OpenSSL to hang, resulting in a denial of service.\n(CVE-2015-1788)\n\nRobert Swiecki and Hanno Bock discovered that OpenSSL incorrectly handled certain ASN1_TIME strings. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service.\n(CVE-2015-1789)\n\nMichal Zalewski discovered that OpenSSL incorrectly handled missing content when parsing ASN.1-encoded PKCS#7 blobs. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2015-1790)\n\nEmilia Kasper discovered that OpenSSL incorrectly handled NewSessionTicket when being used by a multi-threaded client. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2015-1791)\n\nJohannes Bauer discovered that OpenSSL incorrectly handled verifying signedData messages using the CMS code. A remote attacker could use this issue to cause OpenSSL to hang, resulting in a denial of service.\n(CVE-2015-1792)\n\nAs a security improvement, this update also modifies OpenSSL behaviour to reject DH key sizes below 768 bits, preventing a possible downgrade attack.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-06-12T00:00:00", "type": "nessus", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 14.10 / 15.04 : openssl vulnerabilities (USN-2639-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8176", "CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libssl1.0.0", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:14.10", "cpe:/o:canonical:ubuntu_linux:15.04"], "id": "UBUNTU_USN-2639-1.NASL", "href": "https://www.tenable.com/plugins/nessus/84148", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2639-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84148);\n script_version(\"2.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-8176\", \"CVE-2015-1788\", \"CVE-2015-1789\", \"CVE-2015-1790\", \"CVE-2015-1791\", \"CVE-2015-1792\");\n script_bugtraq_id(75159);\n script_xref(name:\"USN\", value:\"2639-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 14.10 / 15.04 : openssl vulnerabilities (USN-2639-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Praveen Kariyanahalli, Ivan Fratric and Felix Groebert discovered that\nOpenSSL incorrectly handled memory when buffering DTLS data. A remote\nattacker could use this issue to cause OpenSSL to crash, resulting in\na denial of service, or possibly execute arbitrary code.\n(CVE-2014-8176)\n\nJoseph Barr-Pixton discovered that OpenSSL incorrectly handled\nmalformed ECParameters structures. A remote attacker could use this\nissue to cause OpenSSL to hang, resulting in a denial of service.\n(CVE-2015-1788)\n\nRobert Swiecki and Hanno Bock discovered that OpenSSL incorrectly\nhandled certain ASN1_TIME strings. A remote attacker could use this\nissue to cause OpenSSL to crash, resulting in a denial of service.\n(CVE-2015-1789)\n\nMichal Zalewski discovered that OpenSSL incorrectly handled missing\ncontent when parsing ASN.1-encoded PKCS#7 blobs. A remote attacker\ncould use this issue to cause OpenSSL to crash, resulting in a denial\nof service. (CVE-2015-1790)\n\nEmilia Kasper discovered that OpenSSL incorrectly handled\nNewSessionTicket when being used by a multi-threaded client. A remote\nattacker could use this issue to cause OpenSSL to crash, resulting in\na denial of service. (CVE-2015-1791)\n\nJohannes Bauer discovered that OpenSSL incorrectly handled verifying\nsignedData messages using the CMS code. A remote attacker could use\nthis issue to cause OpenSSL to hang, resulting in a denial of service.\n(CVE-2015-1792)\n\nAs a security improvement, this update also modifies OpenSSL behaviour\nto reject DH key sizes below 768 bits, preventing a possible downgrade\nattack.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2639-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libssl1.0.0 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libssl1.0.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04|14\\.10|15\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 14.10 / 15.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libssl1.0.0\", pkgver:\"1.0.1-4ubuntu5.31\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libssl1.0.0\", pkgver:\"1.0.1f-1ubuntu2.15\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"libssl1.0.0\", pkgver:\"1.0.1f-1ubuntu9.8\")) flag++;\nif (ubuntu_check(osver:\"15.04\", pkgname:\"libssl1.0.0\", pkgver:\"1.0.1f-1ubuntu11.4\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libssl1.0.0\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:59:19", "description": "OpenSSL 0.9.8j was updated to fix several security issues.\n\nCVE-2015-4000: The Logjam Attack ( weakdh.org ) has been addressed by rejecting connections with DH parameters shorter than 1024 bits. We now also generate 2048-bit DH parameters by default.\n\nCVE-2015-1788: Malformed ECParameters could cause an infinite loop.\n\nCVE-2015-1789: An out-of-bounds read in X509_cmp_time was fixed.\n\nCVE-2015-1790: A PKCS7 decoder crash with missing EnvelopedContent was fixed.\n\nCVE-2015-1792: A CMS verification infinite loop when using an unknown hash function was fixed.\n\nCVE-2015-1791: Fixed a race condition in NewSessionTicket creation.\n\nCVE-2015-3216: Fixed a potential crash in ssleay_rand_bytes due to locking regression.\n\nfixed a timing side channel in RSA decryption (bnc#929678)\n\nAdditional changes :\n\nIn the default SSL cipher string EXPORT ciphers are now disabled. This will only get active if applications get rebuilt and actually use this string. (bnc#931698)\n\nAdded the ECC ciphersuites to the DEFAULT cipher class (bnc#879179)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-07-06T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : OpenSSL (SUSE-SU-2015:1184-1) (Logjam)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-3216", "CVE-2015-4000"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libopenssl-devel", "p-cpe:/a:novell:suse_linux:libopenssl0_9_8", "p-cpe:/a:novell:suse_linux:libopenssl0_9_8-hmac", "p-cpe:/a:novell:suse_linux:openssl", "p-cpe:/a:novell:suse_linux:openssl-doc", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2015-1184-1.NASL", "href": "https://www.tenable.com/plugins/nessus/84548", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:1184-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84548);\n script_version(\"2.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2015-1788\",\n \"CVE-2015-1789\",\n \"CVE-2015-1790\",\n \"CVE-2015-1791\",\n \"CVE-2015-1792\",\n \"CVE-2015-3216\",\n \"CVE-2015-4000\"\n );\n script_bugtraq_id(\n 74733,\n 75154,\n 75156,\n 75157,\n 75158,\n 75161,\n 75219\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"SUSE SLES11 Security Update : OpenSSL (SUSE-SU-2015:1184-1) (Logjam)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"OpenSSL 0.9.8j was updated to fix several security issues.\n\nCVE-2015-4000: The Logjam Attack ( weakdh.org ) has been addressed by\nrejecting connections with DH parameters shorter than 1024 bits. We\nnow also generate 2048-bit DH parameters by default.\n\nCVE-2015-1788: Malformed ECParameters could cause an infinite loop.\n\nCVE-2015-1789: An out-of-bounds read in X509_cmp_time was fixed.\n\nCVE-2015-1790: A PKCS7 decoder crash with missing EnvelopedContent was\nfixed.\n\nCVE-2015-1792: A CMS verification infinite loop when using an unknown\nhash function was fixed.\n\nCVE-2015-1791: Fixed a race condition in NewSessionTicket creation.\n\nCVE-2015-3216: Fixed a potential crash in ssleay_rand_bytes due to\nlocking regression.\n\nfixed a timing side channel in RSA decryption (bnc#929678)\n\nAdditional changes :\n\nIn the default SSL cipher string EXPORT ciphers are now disabled. This\nwill only get active if applications get rebuilt and actually use this\nstring. (bnc#931698)\n\nAdded the ECC ciphersuites to the DEFAULT cipher class (bnc#879179)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=929678\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=931698\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=933911\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=934487\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=934489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=934491\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=934493\");\n # https://download.suse.com/patch/finder/?keywords=ab1c52f77471cf8a61e7eae79f57f9bf\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0e541e2a\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-1788/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-1789/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-1790/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-1791/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-1792/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-3216/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-4000/\");\n # https://www.suse.com/support/update/announcement/2015/suse-su-20151184-1.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6d18e8f2\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11 SP1 LTSS :\n\nzypper in -t patch slessp1-libopenssl-devel=10794\n\nTo bring your system up-to-date, use 'zypper patch'.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl0_9_8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl0_9_8-hmac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"x86_64\", reference:\"libopenssl0_9_8-32bit-0.9.8j-0.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"x86_64\", reference:\"libopenssl0_9_8-hmac-32bit-0.9.8j-0.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"s390x\", reference:\"libopenssl0_9_8-32bit-0.9.8j-0.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"s390x\", reference:\"libopenssl0_9_8-hmac-32bit-0.9.8j-0.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", reference:\"libopenssl-devel-0.9.8j-0.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", reference:\"libopenssl0_9_8-0.9.8j-0.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", reference:\"libopenssl0_9_8-hmac-0.9.8j-0.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", reference:\"openssl-0.9.8j-0.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", reference:\"openssl-doc-0.9.8j-0.72.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"OpenSSL\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-28T14:37:31", "description": "The OpenSSL team reports :\n\n- Missing DHE man-in-the-middle protection (Logjam) (CVE-2015-4000)\n\n- Malformed ECParameters causes infinite loop (CVE-2015-1788)\n\n- Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)\n\n- PKCS#7 crash with missing EnvelopedContent (CVE-2015-1790)\n\n- CMS verify infinite loop with unknown hash function (CVE-2015-1792)\n\n- Race condition handling NewSessionTicket (CVE-2015-1791)\n\n- Invalid free in DTLS (CVE-2014-8176)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-06-12T00:00:00", "type": "nessus", "title": "FreeBSD : openssl -- multiple vulnerabilities (8305e215-1080-11e5-8ba2-000c2980a9f3) (Logjam)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8176", "CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-4000"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:libressl", "p-cpe:/a:freebsd:freebsd:linux-c6-openssl", "p-cpe:/a:freebsd:freebsd:mingw32-openssl", "p-cpe:/a:freebsd:freebsd:openssl", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_8305E215108011E58BA2000C2980A9F3.NASL", "href": "https://www.tenable.com/plugins/nessus/84133", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84133);\n script_version(\"2.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2014-8176\",\n \"CVE-2015-1788\",\n \"CVE-2015-1789\",\n \"CVE-2015-1790\",\n \"CVE-2015-1791\",\n \"CVE-2015-1792\",\n \"CVE-2015-4000\"\n );\n script_xref(name:\"FreeBSD\", value:\"SA-15:10.openssl\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"FreeBSD : openssl -- multiple vulnerabilities (8305e215-1080-11e5-8ba2-000c2980a9f3) (Logjam)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The OpenSSL team reports :\n\n- Missing DHE man-in-the-middle protection (Logjam) (CVE-2015-4000)\n\n- Malformed ECParameters causes infinite loop (CVE-2015-1788)\n\n- Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)\n\n- PKCS#7 crash with missing EnvelopedContent (CVE-2015-1790)\n\n- CMS verify infinite loop with unknown hash function (CVE-2015-1792)\n\n- Race condition handling NewSessionTicket (CVE-2015-1791)\n\n- Invalid free in DTLS (CVE-2014-8176)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20150611.txt\");\n # https://vuxml.freebsd.org/freebsd/8305e215-1080-11e5-8ba2-000c2980a9f3.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8779dead\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:libressl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-c6-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mingw32-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"openssl<1.0.2_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mingw32-openssl>=1.0.1<1.0.2b\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-c6-openssl<1.0.1e_6\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"libressl<2.1.7\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:57:26", "description": "openssl was updated to fix six security issues.\n\nThe following vulnerabilities were fixed :\n\n - CVE-2015-4000: The Logjam Attack / weakdh.org. Rject connections with DH parameters shorter than 768 bits, generates 2048-bit DH parameters by default.\n (boo#931698)\n\n - CVE-2015-1788: Malformed ECParameters causes infinite loop (boo#934487)\n\n - CVE-2015-1789: Exploitable out-of-bounds read in X509_cmp_time (boo#934489)\n\n - CVE-2015-1790: PKCS7 crash with missing EnvelopedContent (boo#934491)\n\n - CVE-2015-1792: CMS verify infinite loop with unknown hash function (boo#934493)\n\n - CVE-2015-1791: race condition in NewSessionTicket (boo#933911)\n\n - CVE-2015-3216: Crash in ssleay_rand_bytes due to locking regression (boo#933898)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-06-26T00:00:00", "type": "nessus", "title": "openSUSE Security Update : openssl (openSUSE-2015-447) (Logjam)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-3216", "CVE-2015-4000"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libopenssl-devel", "p-cpe:/a:novell:opensuse:libopenssl-devel-32bit", "p-cpe:/a:novell:opensuse:libopenssl1_0_0", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-32bit", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-hmac", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-hmac-32bit", "p-cpe:/a:novell:opensuse:openssl", "p-cpe:/a:novell:opensuse:openssl-debuginfo", "p-cpe:/a:novell:opensuse:openssl-debugsource", "cpe:/o:novell:opensuse:13.1", "cpe:/o:novell:opensuse:13.2"], "id": "OPENSUSE-2015-447.NASL", "href": "https://www.tenable.com/plugins/nessus/84414", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2015-447.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84414);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2015-1788\",\n \"CVE-2015-1789\",\n \"CVE-2015-1790\",\n \"CVE-2015-1791\",\n \"CVE-2015-1792\",\n \"CVE-2015-3216\",\n \"CVE-2015-4000\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"openSUSE Security Update : openssl (openSUSE-2015-447) (Logjam)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"openssl was updated to fix six security issues.\n\nThe following vulnerabilities were fixed :\n\n - CVE-2015-4000: The Logjam Attack / weakdh.org. Rject\n connections with DH parameters shorter than 768 bits,\n generates 2048-bit DH parameters by default.\n (boo#931698)\n\n - CVE-2015-1788: Malformed ECParameters causes infinite\n loop (boo#934487)\n\n - CVE-2015-1789: Exploitable out-of-bounds read in\n X509_cmp_time (boo#934489)\n\n - CVE-2015-1790: PKCS7 crash with missing EnvelopedContent\n (boo#934491)\n\n - CVE-2015-1792: CMS verify infinite loop with unknown\n hash function (boo#934493)\n\n - CVE-2015-1791: race condition in NewSessionTicket\n (boo#933911)\n\n - CVE-2015-3216: Crash in ssleay_rand_bytes due to locking\n regression (boo#933898)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=931698\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=933898\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=933911\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=934487\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=934489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=934491\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=934493\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=934494\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected openssl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-hmac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-hmac-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1|SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1 / 13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libopenssl-devel-1.0.1k-11.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libopenssl1_0_0-1.0.1k-11.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libopenssl1_0_0-debuginfo-1.0.1k-11.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openssl-1.0.1k-11.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openssl-debuginfo-1.0.1k-11.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openssl-debugsource-1.0.1k-11.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libopenssl-devel-32bit-1.0.1k-11.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-32bit-1.0.1k-11.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.1k-11.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libopenssl-devel-1.0.1k-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libopenssl1_0_0-1.0.1k-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libopenssl1_0_0-debuginfo-1.0.1k-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libopenssl1_0_0-hmac-1.0.1k-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"openssl-1.0.1k-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"openssl-debuginfo-1.0.1k-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"openssl-debugsource-1.0.1k-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libopenssl-devel-32bit-1.0.1k-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-32bit-1.0.1k-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.1k-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-hmac-32bit-1.0.1k-2.24.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libopenssl-devel / libopenssl-devel-32bit / libopenssl1_0_0 / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-28T14:37:23", "description": "The remote host is affected by the vulnerability described in GLSA-201506-02 (OpenSSL: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been found in OpenSSL. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker can cause Denial of Service and information disclosure.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-06-23T00:00:00", "type": "nessus", "title": "GLSA-201506-02 : OpenSSL: Multiple vulnerabilities (Logjam)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8176", "CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-4000"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:openssl", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201506-02.NASL", "href": "https://www.tenable.com/plugins/nessus/84330", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201506-02.\n#\n# The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84330);\n script_version(\"2.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2014-8176\",\n \"CVE-2015-1788\",\n \"CVE-2015-1789\",\n \"CVE-2015-1790\",\n \"CVE-2015-1791\",\n \"CVE-2015-1792\",\n \"CVE-2015-4000\"\n );\n script_bugtraq_id(\n 74733,\n 75154,\n 75156,\n 75157,\n 75158,\n 75159,\n 75161\n );\n script_xref(name:\"GLSA\", value:\"201506-02\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"GLSA-201506-02 : OpenSSL: Multiple vulnerabilities (Logjam)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is affected by the vulnerability described in GLSA-201506-02\n(OpenSSL: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been found in OpenSSL. Please review the\n CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker can cause Denial of Service and information\n disclosure.\n \nWorkaround :\n\n There is no known workaround at this time.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security.gentoo.org/glsa/201506-02\");\n script_set_attribute(attribute:\"solution\", value:\n\"All OpenSSL 1.0.1 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-libs/openssl-1.0.1o'\n All OpenSSL 0.9.8 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-libs/openssl-0.9.8z_p7'\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-libs/openssl\", unaffected:make_list(\"ge 1.0.1o\", \"rge 0.9.8z_p7\", \"rge 0.9.8z_p8\", \"rge 0.9.8z_p9\", \"rge 0.9.8z_p10\", \"rge 0.9.8z_p11\", \"rge 0.9.8z_p12\", \"rge 0.9.8z_p13\", \"rge 0.9.8z_p14\", \"rge 0.9.8z_p15\"), vulnerable:make_list(\"lt 1.0.1o\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"OpenSSL\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-28T14:37:40", "description": "Multiple vulnerabilities were discovered in OpenSSL, a Secure Sockets Layer toolkit.\n\n - CVE-2014-8176 Praveen Kariyanahalli, Ivan Fratric and Felix Groebert discovered that an invalid memory free could be triggered when buffering DTLS data. This could allow remote attackers to cause a denial of service (crash) or potentially execute arbitrary code. This issue only affected the oldstable distribution (wheezy).\n\n - CVE-2015-1788 Joseph Barr-Pixton discovered that an infinite loop could be triggered due to incorrect handling of malformed ECParameters structures. This could allow remote attackers to cause a denial of service.\n\n - CVE-2015-1789 Robert Swiecki and Hanno Bock discovered that the X509_cmp_time function could read a few bytes out of bounds. This could allow remote attackers to cause a denial of service (crash) via crafted certificates and CRLs.\n\n - CVE-2015-1790 Michal Zalewski discovered that the PKCS#7 parsing code did not properly handle missing content which could lead to a NULL pointer dereference. This could allow remote attackers to cause a denial of service (crash) via crafted ASN.1-encoded PKCS#7 blobs.\n\n - CVE-2015-1791 Emilia Kasper discovered that a race condition could occur due to incorrect handling of NewSessionTicket in a multi-threaded client, leading to a double free. This could allow remote attackers to cause a denial of service (crash).\n\n - CVE-2015-1792 Johannes Bauer discovered that the CMS code could enter an infinite loop when verifying a signedData message, if presented with an unknown hash function OID. This could allow remote attackers to cause a denial of service.\n\nAdditionally OpenSSL will now reject handshakes using DH parameters shorter than 768 bits as a countermeasure against the Logjam attack (CVE-2015-4000 ).", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-06-15T00:00:00", "type": "nessus", "title": "Debian DSA-3287-1 : openssl - security update (Logjam)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8176", "CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-4000"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:openssl", "cpe:/o:debian:debian_linux:7.0", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-3287.NASL", "href": "https://www.tenable.com/plugins/nessus/84170", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3287. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84170);\n script_version(\"2.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2014-8176\",\n \"CVE-2015-1788\",\n \"CVE-2015-1789\",\n \"CVE-2015-1790\",\n \"CVE-2015-1791\",\n \"CVE-2015-1792\",\n \"CVE-2015-4000\"\n );\n script_xref(name:\"DSA\", value:\"3287\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"Debian DSA-3287-1 : openssl - security update (Logjam)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing a security-related update.\");\n script_set_attribute(attribute:\"description\", value:\n\"Multiple vulnerabilities were discovered in OpenSSL, a Secure Sockets\nLayer toolkit.\n\n - CVE-2014-8176\n Praveen Kariyanahalli, Ivan Fratric and Felix Groebert\n discovered that an invalid memory free could be\n triggered when buffering DTLS data. This could allow\n remote attackers to cause a denial of service (crash) or\n potentially execute arbitrary code. This issue only\n affected the oldstable distribution (wheezy).\n\n - CVE-2015-1788\n Joseph Barr-Pixton discovered that an infinite loop\n could be triggered due to incorrect handling of\n malformed ECParameters structures. This could allow\n remote attackers to cause a denial of service.\n\n - CVE-2015-1789\n Robert Swiecki and Hanno Bock discovered that the\n X509_cmp_time function could read a few bytes out of\n bounds. This could allow remote attackers to cause a\n denial of service (crash) via crafted certificates and\n CRLs.\n\n - CVE-2015-1790\n Michal Zalewski discovered that the PKCS#7 parsing code\n did not properly handle missing content which could lead\n to a NULL pointer dereference. This could allow remote\n attackers to cause a denial of service (crash) via\n crafted ASN.1-encoded PKCS#7 blobs.\n\n - CVE-2015-1791\n Emilia Kasper discovered that a race condition could\n occur due to incorrect handling of NewSessionTicket in a\n multi-threaded client, leading to a double free. This\n could allow remote attackers to cause a denial of\n service (crash).\n\n - CVE-2015-1792\n Johannes Bauer discovered that the CMS code could enter\n an infinite loop when verifying a signedData message, if\n presented with an unknown hash function OID. This could\n allow remote attackers to cause a denial of service.\n\nAdditionally OpenSSL will now reject handshakes using DH parameters\nshorter than 768 bits as a countermeasure against the Logjam attack\n(CVE-2015-4000 ).\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2014-8176\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2015-1788\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2015-1789\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2015-1790\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2015-1791\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2015-1792\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2015-4000\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/wheezy/openssl\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/jessie/openssl\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/security/2015/dsa-3287\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the openssl packages.\n\nFor the oldstable distribution (wheezy), these problems have been\nfixed in version 1.0.1e-2+deb7u17.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 1.0.1k-3+deb8u1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libssl-dev\", reference:\"1.0.1e-2+deb7u17\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libssl-doc\", reference:\"1.0.1e-2+deb7u17\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libssl1.0.0\", reference:\"1.0.1e-2+deb7u17\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libssl1.0.0-dbg\", reference:\"1.0.1e-2+deb7u17\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"openssl\", reference:\"1.0.1e-2+deb7u17\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcrypto1.0.0-udeb\", reference:\"1.0.1k-3+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libssl-dev\", reference:\"1.0.1k-3+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libssl-doc\", reference:\"1.0.1k-3+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libssl1.0.0\", reference:\"1.0.1k-3+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libssl1.0.0-dbg\", reference:\"1.0.1k-3+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"openssl\", reference:\"1.0.1k-3+deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:59:19", "description": "OpenSSL 0.9.8k was updated to fix several security issues :\n\nCVE-2015-4000: The Logjam Attack (weakdh.org) has been addressed by rejecting connections with DH parameters shorter than 1024 bits.\n2048-bit DH parameters are now generated by default.\n\nCVE-2015-1788: Malformed ECParameters could cause an infinite loop.\n\nCVE-2015-1789: An out-of-bounds read in X509_cmp_time was fixed.\n\nCVE-2015-1790: A PKCS7 decoder crash with missing EnvelopedContent was fixed.\n\nCVE-2015-1792: A CMS verification infinite loop when using an unknown hash function was fixed.\n\nCVE-2015-1791: Fixed a race condition in NewSessionTicket creation.\n\nCVE-2015-3216: Fixed a potential crash in ssleay_rand_bytes due to locking regression.\n\nFixed a timing side channel in RSA decryption. (bsc#929678)\n\nAdditional changes :\n\nIn the default SSL cipher string EXPORT ciphers are now disabled. This will only get active if applications get rebuilt and actually use this string. (bsc#931698)\n\nAdded the ECC ciphersuites to the DEFAULT cipher class. (bsc#879179)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-07-07T00:00:00", "type": "nessus", "title": "SUSE SLED11 / SLES11 Security Update : OpenSSL (SUSE-SU-2015:1182-2) (Logjam)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-3216", "CVE-2015-4000"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libopenssl0_9_8", "p-cpe:/a:novell:suse_linux:libopenssl0_9_8-hmac", "p-cpe:/a:novell:suse_linux:openssl", "p-cpe:/a:novell:suse_linux:openssl-doc", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2015-1182-2.NASL", "href": "https://www.tenable.com/plugins/nessus/84559", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:1182-2.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84559);\n script_version(\"2.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2015-1788\",\n \"CVE-2015-1789\",\n \"CVE-2015-1790\",\n \"CVE-2015-1791\",\n \"CVE-2015-1792\",\n \"CVE-2015-3216\",\n \"CVE-2015-4000\"\n );\n script_bugtraq_id(\n 74733,\n 75154,\n 75156,\n 75157,\n 75158,\n 75161,\n 75219\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"SUSE SLED11 / SLES11 Security Update : OpenSSL (SUSE-SU-2015:1182-2) (Logjam)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"OpenSSL 0.9.8k was updated to fix several security issues :\n\nCVE-2015-4000: The Logjam Attack (weakdh.org) has been addressed by\nrejecting connections with DH parameters shorter than 1024 bits.\n2048-bit DH parameters are now generated by default.\n\nCVE-2015-1788: Malformed ECParameters could cause an infinite loop.\n\nCVE-2015-1789: An out-of-bounds read in X509_cmp_time was fixed.\n\nCVE-2015-1790: A PKCS7 decoder crash with missing EnvelopedContent was\nfixed.\n\nCVE-2015-1792: A CMS verification infinite loop when using an unknown\nhash function was fixed.\n\nCVE-2015-1791: Fixed a race condition in NewSessionTicket creation.\n\nCVE-2015-3216: Fixed a potential crash in ssleay_rand_bytes due to\nlocking regression.\n\nFixed a timing side channel in RSA decryption. (bsc#929678)\n\nAdditional changes :\n\nIn the default SSL cipher string EXPORT ciphers are now disabled. This\nwill only get active if applications get rebuilt and actually use this\nstring. (bsc#931698)\n\nAdded the ECC ciphersuites to the DEFAULT cipher class. (bsc#879179)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=879179\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=929678\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=931698\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=933898\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=933911\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=934487\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=934489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=934491\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=934493\");\n # https://download.suse.com/patch/finder/?keywords=fcf228a4143edf49a5ca32558bfe9721\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1bcc8915\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-1788/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-1789/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-1790/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-1791/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-1792/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-3216/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-4000/\");\n # https://www.suse.com/support/update/announcement/2015/suse-su-20151182-2.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?46cf76fa\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11 SP3 :\n\nzypper in -t patch sdksp3-libopenssl-devel=10781\n\nSUSE Linux Enterprise Server 11 SP3 for VMware :\n\nzypper in -t patch slessp3-libopenssl-devel=10781\n\nSUSE Linux Enterprise Server 11 SP3 :\n\nzypper in -t patch slessp3-libopenssl-devel=10781\n\nSUSE Linux Enterprise Desktop 11 SP3 :\n\nzypper in -t patch sledsp3-libopenssl-devel=10781\n\nTo bring your system up-to-date, use 'zypper patch'.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl0_9_8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl0_9_8-hmac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED11|SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED11 / SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED11\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED11 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"libopenssl0_9_8-32bit-0.9.8j-0.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"libopenssl0_9_8-hmac-32bit-0.9.8j-0.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"s390x\", reference:\"libopenssl0_9_8-32bit-0.9.8j-0.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"s390x\", reference:\"libopenssl0_9_8-hmac-32bit-0.9.8j-0.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"libopenssl0_9_8-0.9.8j-0.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"libopenssl0_9_8-hmac-0.9.8j-0.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"openssl-0.9.8j-0.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"openssl-doc-0.9.8j-0.72.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"libopenssl0_9_8-0.9.8j-0.72.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"openssl-0.9.8j-0.72.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"libopenssl0_9_8-32bit-0.9.8j-0.72.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"libopenssl0_9_8-0.9.8j-0.72.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"openssl-0.9.8j-0.72.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"OpenSSL\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:58:57", "description": "OpenSSL 0.9.8j was updated to fix several security issues.\n\nCVE-2015-4000: The Logjam Attack ( weakdh.org ) has been addressed by rejecting connections with DH parameters shorter than 1024 bits. We now also generate 2048-bit DH parameters by default.\n\nCVE-2015-1788: Malformed ECParameters could cause an infinite loop.\n\nCVE-2015-1789: An out-of-bounds read in X509_cmp_time was fixed.\n\nCVE-2015-1790: A PKCS7 decoder crash with missing EnvelopedContent was fixed.\n\nCVE-2015-1792: A CMS verification infinite loop when using an unknown hash function was fixed.\n\nCVE-2015-1791: Fixed a race condition in NewSessionTicket creation.\n\nCVE-2015-3216: Fixed a potential crash in ssleay_rand_bytes due to locking regression.\n\nfixed a timing side channel in RSA decryption (bnc#929678)\n\nAdditional changes :\n\nIn the default SSL cipher string EXPORT ciphers are now disabled. This will only get active if applications get rebuilt and actually use this string. (bnc#931698)\n\nAdded the ECC ciphersuites to the DEFAULT cipher class (bnc#879179)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-07-07T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : OpenSSL (SUSE-SU-2015:1184-2) (Logjam)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-3216", "CVE-2015-4000"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libopenssl-devel", "p-cpe:/a:novell:suse_linux:libopenssl0_9_8", "p-cpe:/a:novell:suse_linux:libopenssl0_9_8-hmac", "p-cpe:/a:novell:suse_linux:openssl", "p-cpe:/a:novell:suse_linux:openssl-doc", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2015-1184-2.NASL", "href": "https://www.tenable.com/plugins/nessus/84561", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:1184-2.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84561);\n script_version(\"2.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2015-1788\",\n \"CVE-2015-1789\",\n \"CVE-2015-1790\",\n \"CVE-2015-1791\",\n \"CVE-2015-1792\",\n \"CVE-2015-3216\",\n \"CVE-2015-4000\"\n );\n script_bugtraq_id(\n 74733,\n 75154,\n 75156,\n 75157,\n 75158,\n 75161,\n 75219\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"SUSE SLES11 Security Update : OpenSSL (SUSE-SU-2015:1184-2) (Logjam)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"OpenSSL 0.9.8j was updated to fix several security issues.\n\nCVE-2015-4000: The Logjam Attack ( weakdh.org ) has been addressed by\nrejecting connections with DH parameters shorter than 1024 bits. We\nnow also generate 2048-bit DH parameters by default.\n\nCVE-2015-1788: Malformed ECParameters could cause an infinite loop.\n\nCVE-2015-1789: An out-of-bounds read in X509_cmp_time was fixed.\n\nCVE-2015-1790: A PKCS7 decoder crash with missing EnvelopedContent was\nfixed.\n\nCVE-2015-1792: A CMS verification infinite loop when using an unknown\nhash function was fixed.\n\nCVE-2015-1791: Fixed a race condition in NewSessionTicket creation.\n\nCVE-2015-3216: Fixed a potential crash in ssleay_rand_bytes due to\nlocking regression.\n\nfixed a timing side channel in RSA decryption (bnc#929678)\n\nAdditional changes :\n\nIn the default SSL cipher string EXPORT ciphers are now disabled. This\nwill only get active if applications get rebuilt and actually use this\nstring. (bnc#931698)\n\nAdded the ECC ciphersuites to the DEFAULT cipher class (bnc#879179)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=929678\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=931698\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=933911\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=934487\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=934489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=934491\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=934493\");\n # https://download.suse.com/patch/finder/?keywords=75ca56dc2ed43571b870081da3f3b615\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bba27a17\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-1788/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-1789/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-1790/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-1791/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-1792/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-3216/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-4000/\");\n # https://www.suse.com/support/update/announcement/2015/suse-su-20151184-2.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1071f86d\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11 SP2 LTSS :\n\nzypper in -t patch slessp2-libopenssl-devel=10795\n\nTo bring your system up-to-date, use 'zypper patch'.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl0_9_8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl0_9_8-hmac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"x86_64\", reference:\"libopenssl0_9_8-32bit-0.9.8j-0.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"x86_64\", reference:\"libopenssl0_9_8-hmac-32bit-0.9.8j-0.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"s390x\", reference:\"libopenssl0_9_8-32bit-0.9.8j-0.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"s390x\", reference:\"libopenssl0_9_8-hmac-32bit-0.9.8j-0.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"libopenssl-devel-0.9.8j-0.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"libopenssl0_9_8-0.9.8j-0.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"libopenssl0_9_8-hmac-0.9.8j-0.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"openssl-0.9.8j-0.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"openssl-doc-0.9.8j-0.72.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"OpenSSL\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-28T14:37:55", "description": "The version of OpenSSL installed on the remote AIX host is affected by multiple vulnerabilities :\n\n - An invalid free memory error exists due to improper validation of user-supplied input when a DTLS peer receives application data between ChangeCipherSpec and Finished messages. A remote attacker can exploit this to corrupt memory, resulting in a denial of service or the execution of arbitrary code. (CVE-2014-8176)\n\n - A denial of service vulnerability exists when processing an ECParameters structure due to an infinite loop that occurs when a specified curve is over a malformed binary polynomial field. A remote attacker can exploit this to perform a denial of service against any system that processes public keys, certificate requests, or certificates. This includes TLS clients and TLS servers with client authentication enabled. (CVE-2015-1788)\n\n - A denial of service vulnerability exists due to improper validation of the content and length of the ASN1_TIME string by the X509_cmp_time() function. A remote attacker can exploit this, via a malformed certificate and CRLs of various sizes, to cause a segmentation fault, resulting in a denial of service condition. TLS clients that verify CRLs are affected. TLS clients and servers with client authentication enabled may be affected if they use custom verification callbacks.\n (CVE-2015-1789)\n\n - A NULL pointer dereference flaw exists in the PKCS#7 parsing code due to incorrect handling of missing inner 'EncryptedContent'. This allows a remote attacker, via specially crafted ASN.1-encoded PKCS#7 blobs with missing content, to cause a denial of service condition or other potential unspecified impacts. (CVE-2015-1790)\n\n - A double-free error exists due to a race condition that occurs when a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket. (CVE-2015-1791)\n\n - A denial of service vulnerability exists in the CMS code due to an infinite loop that occurs when verifying a signedData message. A remote attacker can exploit this to cause a denial of service condition. (CVE-2015-1792)\n\n - A man-in-the-middle vulnerability, known as Logjam, exists due to a flaw in the SSL/TLS protocol. A remote attacker can exploit this flaw to downgrade connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. (CVE-2015-4000)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-07-20T00:00:00", "type": "nessus", "title": "AIX OpenSSL Advisory : openssl_advisory14.asc (Logjam)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8176", "CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-4000"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:ibm:aix", "cpe:/a:openssl:openssl"], "id": "AIX_OPENSSL_ADVISORY14.NASL", "href": "https://www.tenable.com/plugins/nessus/84880", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84880);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2014-8176\",\n \"CVE-2015-1788\",\n \"CVE-2015-1789\",\n \"CVE-2015-1790\",\n \"CVE-2015-1791\",\n \"CVE-2015-1792\",\n \"CVE-2015-4000\"\n );\n script_bugtraq_id(\n 74733,\n 75154,\n 75156,\n 75157,\n 75158,\n 75159,\n 75161\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"AIX OpenSSL Advisory : openssl_advisory14.asc (Logjam)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AIX host has a version of OpenSSL installed that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of OpenSSL installed on the remote AIX host is affected by\nmultiple vulnerabilities :\n\n - An invalid free memory error exists due to improper\n validation of user-supplied input when a DTLS peer\n receives application data between ChangeCipherSpec and\n Finished messages. A remote attacker can exploit this to\n corrupt memory, resulting in a denial of service or\n the execution of arbitrary code. (CVE-2014-8176)\n\n - A denial of service vulnerability exists when processing\n an ECParameters structure due to an infinite loop that\n occurs when a specified curve is over a malformed binary\n polynomial field. A remote attacker can exploit this to\n perform a denial of service against any system that\n processes public keys, certificate requests, or\n certificates. This includes TLS clients and TLS servers\n with client authentication enabled. (CVE-2015-1788)\n\n - A denial of service vulnerability exists due to improper\n validation of the content and length of the ASN1_TIME\n string by the X509_cmp_time() function. A remote\n attacker can exploit this, via a malformed certificate\n and CRLs of various sizes, to cause a segmentation\n fault, resulting in a denial of service condition. TLS\n clients that verify CRLs are affected. TLS clients and\n servers with client authentication enabled may be\n affected if they use custom verification callbacks.\n (CVE-2015-1789)\n\n - A NULL pointer dereference flaw exists in the PKCS#7\n parsing code due to incorrect handling of missing inner\n 'EncryptedContent'. This allows a remote attacker, via\n specially crafted ASN.1-encoded PKCS#7 blobs with\n missing content, to cause a denial of service condition\n or other potential unspecified impacts. (CVE-2015-1790)\n\n - A double-free error exists due to a race condition that\n occurs when a NewSessionTicket is received by a\n multi-threaded client when attempting to reuse a\n previous ticket. (CVE-2015-1791)\n\n - A denial of service vulnerability exists in the CMS code\n due to an infinite loop that occurs when verifying a\n signedData message. A remote attacker can exploit this\n to cause a denial of service condition. (CVE-2015-1792)\n\n - A man-in-the-middle vulnerability, known as Logjam,\n exists due to a flaw in the SSL/TLS protocol. A remote\n attacker can exploit this flaw to downgrade connections\n using ephemeral Diffie-Hellman key exchange to 512-bit\n export-grade cryptography. (CVE-2015-4000)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://aix.software.ibm.com/aix/efixes/security/openssl_advisory14.asc\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www-01.ibm.com/marketing/iwm/iwm/web/preLogin.do?source=aixbp\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20150611.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"A fix is available and can be downloaded from the AIX website.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"AIX Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\ninclude(\"aix.inc\");\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\noslevel = get_kb_item(\"Host/AIX/version\");\nif (isnull(oslevel)) audit(AUDIT_UNKNOWN_APP_VER, \"AIX\");\nif ( oslevel != \"AIX-5.3\" && oslevel != \"AIX-6.1\" && oslevel != \"AIX-7.1\" )\n{\n oslevel = ereg_replace(string:oslevel, pattern:\"-\", replace:\" \");\n audit(AUDIT_OS_NOT, \"AIX 5.3 / 6.1 / 7.1\", oslevel);\n}\n\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit(0, \"This AIX package check is disabled because : \"+get_kb_item(\"Host/AIX/emgr_failure\") );\n\nflag = 0;\n\n#0.9.8.2505\nif (aix_check_ifix(release:\"5.3\", patch:\"IV74809s9b\", package:\"openssl.base\", minfilesetver:\"0.0.0.0\", maxfilesetver:\"0.9.8.2505\") < 0) flag++;\nif (aix_check_ifix(release:\"6.1\", patch:\"IV74809s9b\", package:\"openssl.base\", minfilesetver:\"0.0.0.0\", maxfilesetver:\"0.9.8.2505\") < 0) flag++;\nif (aix_check_ifix(release:\"7.1\", patch:\"IV74809s9b\", package:\"openssl.base\", minfilesetver:\"0.0.0.0\", maxfilesetver:\"0.9.8.2505\") < 0) flag++;\n\n#12.9.8.2505\nif (aix_check_ifix(release:\"5.3\", patch:\"IV74809s9c\", package:\"openssl.base\", minfilesetver:\"12.0.0.0\", maxfilesetver:\"12.9.8.2505\") < 0) flag++;\nif (aix_check_ifix(release:\"6.1\", patch:\"IV74809s9c\", package:\"openssl.base\", minfilesetver:\"12.0.0.0\", maxfilesetver:\"12.9.8.2505\") < 0) flag++;\nif (aix_check_ifix(release:\"7.1\", patch:\"IV74809s9c\", package:\"openssl.base\", minfilesetver:\"12.0.0.0\", maxfilesetver:\"12.9.8.2505\") < 0) flag++;\n\n# Check 1.0.1 versions only after other two pass, this one has the\n# potential to audit out early.\nif (flag == 0)\n{\n #1.0.1.514\n # ifix on POWER8 machines is IV75570m9a. ifix on all others is IV74809s9a\n aix_processor = get_kb_item(\"Host/AIX/processor\");\n if (empty_or_null(aix_processor)) audit(AUDIT_KB_MISSING, \"Host/AIX/processor\");\n ifix = \"(IV74809s9a|IV75570m9a)\";\n if (\"POWER8\" >< aix_processor) ifix = \"IV75570m9a\";\n if (aix_check_ifix(release:\"5.3\", patch:ifix, package:\"openssl.base\", minfilesetver:\"1.0.1.500\", maxfilesetver:\"1.0.1.514\") < 0) flag++;\n if (aix_check_ifix(release:\"6.1\", patch:ifix, package:\"openssl.base\", minfilesetver:\"1.0.1.500\", maxfilesetver:\"1.0.1.514\") < 0) flag++;\n if (aix_check_ifix(release:\"7.1\", patch:ifix, package:\"openssl.base\", minfilesetver:\"1.0.1.500\", maxfilesetver:\"1.0.1.514\") < 0) flag++;\n}\n\nif (flag)\n{\n aix_report_extra = ereg_replace(string:aix_report_get(), pattern:\"[()]\", replace:\"\");\n aix_report_extra = ereg_replace(string:aix_report_extra, pattern:\"[|]\", replace:\" or \");\n if (report_verbosity > 0) security_hole(port:0, extra:aix_report_extra);\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = aix_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl.base\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:57:26", "description": "This update fixes the following security issues :\n\n - CVE-2015-4000 (boo#931698)\n\n - The Logjam Attack / weakdh.org\n\n - reject connections with DH parameters shorter than 1024 bits\n\n - generates 2048-bit DH parameters by default\n\n - CVE-2015-1788 (boo#934487)\n\n - Malformed ECParameters causes infinite loop\n\n - CVE-2015-1789 (boo#934489)\n\n - Exploitable out-of-bounds read in X509_cmp_time\n\n - CVE-2015-1790 (boo#934491)\n\n - PKCS7 crash with missing EnvelopedContent\n\n - CVE-2015-1792 (boo#934493)\n\n - CMS verify infinite loop with unknown hash function\n\n - CVE-2015-1791 (boo#933911)\n\n - race condition in NewSessionTicket\n\n - CVE-2015-3216 (boo#933898)\n\n - Crash in ssleay_rand_bytes due to locking regression\n\n - modified openssl-1.0.1i-fipslocking.patch\n\n - fix timing side channel in RSA decryption (bnc#929678)\n\n - add ECC ciphersuites to DEFAULT (bnc#879179)\n\n - Disable EXPORT ciphers by default (bnc#931698, comment #3)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-06-29T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : compat-openssl098 (SUSE-SU-2015:1150-1) (Logjam)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-3216", "CVE-2015-4000"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:compat-openssl098-debugsource", "p-cpe:/a:novell:suse_linux:libopenssl0_9_8", "p-cpe:/a:novell:suse_linux:libopenssl0_9_8-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2015-1150-1.NASL", "href": "https://www.tenable.com/plugins/nessus/84442", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:1150-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84442);\n script_version(\"2.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2015-1788\",\n \"CVE-2015-1789\",\n \"CVE-2015-1790\",\n \"CVE-2015-1791\",\n \"CVE-2015-1792\",\n \"CVE-2015-3216\",\n \"CVE-2015-4000\"\n );\n script_bugtraq_id(\n 74733,\n 75154,\n 75156,\n 75157,\n 75158,\n 75161,\n 75219\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : compat-openssl098 (SUSE-SU-2015:1150-1) (Logjam)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update fixes the following security issues :\n\n - CVE-2015-4000 (boo#931698)\n\n - The Logjam Attack / weakdh.org\n\n - reject connections with DH parameters shorter than 1024\n bits\n\n - generates 2048-bit DH parameters by default\n\n - CVE-2015-1788 (boo#934487)\n\n - Malformed ECParameters causes infinite loop\n\n - CVE-2015-1789 (boo#934489)\n\n - Exploitable out-of-bounds read in X509_cmp_time\n\n - CVE-2015-1790 (boo#934491)\n\n - PKCS7 crash with missing EnvelopedContent\n\n - CVE-2015-1792 (boo#934493)\n\n - CMS verify infinite loop with unknown hash function\n\n - CVE-2015-1791 (boo#933911)\n\n - race condition in NewSessionTicket\n\n - CVE-2015-3216 (boo#933898)\n\n - Crash in ssleay_rand_bytes due to locking regression\n\n - modified openssl-1.0.1i-fipslocking.patch\n\n - fix timing side channel in RSA decryption (bnc#929678)\n\n - add ECC ciphersuites to DEFAULT (bnc#879179)\n\n - Disable EXPORT ciphers by default (bnc#931698, comment\n #3)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=879179\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=929678\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=931698\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=933898\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=933911\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=934487\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=934489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=934491\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=934493\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-1788/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-1789/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-1790/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-1791/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-1792/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-3216/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-4000/\");\n # https://www.suse.com/support/update/announcement/2015/suse-su-20151150-1.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4eea51db\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Legacy Software 12 :\n\nzypper in -t patch SUSE-SLE-Module-Legacy-12-2015-285=1\n\nSUSE Linux Enterprise Desktop 12 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-2015-285=1\n\nTo bring your system up-to-date, use 'zypper patch'.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:compat-openssl098-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl0_9_8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl0_9_8-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"compat-openssl098-debugsource-0.9.8j-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libopenssl0_9_8-0.9.8j-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libopenssl0_9_8-32bit-0.9.8j-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libopenssl0_9_8-debuginfo-0.9.8j-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libopenssl0_9_8-debuginfo-32bit-0.9.8j-78.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"compat-openssl098-debugsource-0.9.8j-78.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libopenssl0_9_8-0.9.8j-78.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libopenssl0_9_8-32bit-0.9.8j-78.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libopenssl0_9_8-debuginfo-0.9.8j-78.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libopenssl0_9_8-debuginfo-32bit-0.9.8j-78.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"compat-openssl098\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:57:12", "description": "This update of openssl fixes the following security issues :\n\n - CVE-2015-4000 (bsc#931698)\n\n - The Logjam Attack / weakdh.org\n\n - reject connections with DH parameters shorter than 1024 bits\n\n - generates 2048-bit DH parameters by default\n\n - CVE-2015-1788 (bsc#934487)\n\n - Malformed ECParameters causes infinite loop\n\n - CVE-2015-1789 (bsc#934489)\n\n - Exploitable out-of-bounds read in X509_cmp_time\n\n - CVE-2015-1790 (bsc#934491)\n\n - PKCS7 crash with missing EnvelopedContent\n\n - CVE-2015-1792 (bsc#934493)\n\n - CMS verify infinite loop with unknown hash function\n\n - CVE-2015-1791 (bsc#933911)\n\n - race condition in NewSessionTicket\n\n - CVE-2015-3216 (bsc#933898)\n\n - Crash in ssleay_rand_bytes due to locking regression\n\n - fix a timing side channel in RSA decryption (bnc#929678)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-06-26T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2015:1143-1) (Logjam)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-3216", "CVE-2015-4000"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libopenssl1_0_0", "p-cpe:/a:novell:suse_linux:libopenssl1_0_0-debuginfo", "p-cpe:/a:novell:suse_linux:libopenssl1_0_0-hmac", "p-cpe:/a:novell:suse_linux:openssl", "p-cpe:/a:novell:suse_linux:openssl-debuginfo", "p-cpe:/a:novell:suse_linux:openssl-debugsource", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2015-1143-1.NASL", "href": "https://www.tenable.com/plugins/nessus/84426", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:1143-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84426);\n script_version(\"2.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2015-1788\",\n \"CVE-2015-1789\",\n \"CVE-2015-1790\",\n \"CVE-2015-1791\",\n \"CVE-2015-1792\",\n \"CVE-2015-3216\",\n \"CVE-2015-4000\"\n );\n script_bugtraq_id(\n 74733,\n 75154,\n 75156,\n 75157,\n 75158,\n 75161,\n 75219\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2015:1143-1) (Logjam)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update of openssl fixes the following security issues :\n\n - CVE-2015-4000 (bsc#931698)\n\n - The Logjam Attack / weakdh.org\n\n - reject connections with DH parameters shorter than 1024\n bits\n\n - generates 2048-bit DH parameters by default\n\n - CVE-2015-1788 (bsc#934487)\n\n - Malformed ECParameters causes infinite loop\n\n - CVE-2015-1789 (bsc#934489)\n\n - Exploitable out-of-bounds read in X509_cmp_time\n\n - CVE-2015-1790 (bsc#934491)\n\n - PKCS7 crash with missing EnvelopedContent\n\n - CVE-2015-1792 (bsc#934493)\n\n - CMS verify infinite loop with unknown hash function\n\n - CVE-2015-1791 (bsc#933911)\n\n - race condition in NewSessionTicket\n\n - CVE-2015-3216 (bsc#933898)\n\n - Crash in ssleay_rand_bytes due to locking regression\n\n - fix a timing side channel in RSA decryption (bnc#929678)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=926597\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=929678\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=931698\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=933898\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=933911\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=934487\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=934489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=934491\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=934493\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-1788/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-1789/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-1790/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-1791/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-1792/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-3216/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-4000/\");\n # https://www.suse.com/support/update/announcement/2015/suse-su-20151143-1.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1fad401c\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12 :\n\nzypper in -t patch SUSE-SLE-SDK-12-2015-282=1\n\nSUSE Linux Enterprise Server 12 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-2015-282=1\n\nSUSE Linux Enterprise Desktop 12 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-2015-282=1\n\nTo bring your system up-to-date, use 'zypper patch'.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_0_0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_0_0-hmac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libopenssl1_0_0-1.0.1i-25.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libopenssl1_0_0-debuginfo-1.0.1i-25.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libopenssl1_0_0-hmac-1.0.1i-25.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"openssl-1.0.1i-25.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"openssl-debuginfo-1.0.1i-25.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"openssl-debugsource-1.0.1i-25.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libopenssl1_0_0-32bit-1.0.1i-25.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.1i-25.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libopenssl1_0_0-hmac-32bit-1.0.1i-25.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-1.0.1i-25.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-32bit-1.0.1i-25.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-debuginfo-1.0.1i-25.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.1i-25.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"openssl-1.0.1i-25.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"openssl-debuginfo-1.0.1i-25.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"openssl-debugsource-1.0.1i-25.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-28T14:24:27", "description": "The Cisco Application Control Engine (ACE) software installed on the remote Cisco ACE 4710 device or ACE30 module is version A5 prior to A5(3.3). It is, therefore, affected by multiple vulnerabilities :\n\n - An invalid free memory error exists due to improper validation of user-supplied input when a DTLS peer receives application data between ChangeCipherSpec and Finished messages. A remote attacker can exploit this to corrupt memory, resulting in a denial of service or the execution of arbitrary code. (CVE-2014-8176)\n\n - A denial of service vulnerability exists when processing an ECParameters structure due to an infinite loop that occurs when a specified curve is over a malformed binary polynomial field. A remote attacker can exploit this to perform a denial of service against any system that processes public keys, certificate requests, or certificates. This includes TLS clients and TLS servers with client authentication enabled. (CVE-2015-1788)\n\n - A denial of service vulnerability exists due to improper validation of the content and length of the ASN1_TIME string by the X509_cmp_time() function. A remote attacker can exploit this, via a malformed certificate and CRLs of various sizes, to cause a segmentation fault, resulting in a denial of service condition. TLS clients that verify CRLs are affected. TLS clients and servers with client authentication enabled may be affected if they use custom verification callbacks.\n (CVE-2015-1789)\n\n - A NULL pointer dereference flaw exists in the PKCS#7 parsing code due to incorrect handling of missing inner 'EncryptedContent'. This allows a remote attacker, via specially crafted ASN.1-encoded PKCS#7 blobs with missing content, to cause a denial of service condition or other potential unspecified impacts. (CVE-2015-1790)\n\n - A double-free error exists due to a race condition that occurs when a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket. A remote attacker can exploit this to cause a denial of service condition or other potential unspecified impact. (CVE-2015-1791)\n\n - A denial of service vulnerability exists in the CMS code due to an infinite loop that occurs when verifying a signedData message. A remote attacker can exploit this to cause a denial of service condition. (CVE-2015-1792)\n\n - The symmetric-key feature in the receive function requires a correct message authentication code (MAC) only if the MAC field has a nonzero length. This makes it easier for a man-in-the-middle attacker to spoof packets by omitting the MAC. (CVE-2015-1798)\n\n - A flaw exists in the symmetric-key feature in the receive function when handling a specially crafted packet sent to one of two hosts that are peering with each other. This allows an attacker to cause the next attempt by the servers to synchronize to fail.\n (CVE-2015-1799)\n\n - A man-in-the-middle vulnerability, known as Logjam, exists due to a flaw in the SSL/TLS protocol. A remote attacker can exploit this flaw to downgrade connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. (CVE-2015-4000)\n\n - A flaw exists in the TLS 1.x implementation in the Cavium SDK due to a failure to check the first byte of the padding bytes. A man-in-the-middle attacker can exploit this, by sending specially crafted requests to the server, to induce requests that allow determining the plaintext chunks of data. This vulnerability is a variant of the POODLE attack. (CVE-2015-4595)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-06-01T00:00:00", "type": "nessus", "title": "Cisco ACE 4710 Appliance / ACE30 Module Multiple Vulnerabilities (Logjam)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8176", "CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-1798", "CVE-2015-1799", "CVE-2015-4000", "CVE-2015-4595"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/a:cisco:application_control_engine_software", "cpe:/a:openssl:openssl"], "id": "CISCO_ACE_A5_3_3.NASL", "href": "https://www.tenable.com/plugins/nessus/91427", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91427);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2014-8176\",\n \"CVE-2015-1788\",\n \"CVE-2015-1789\",\n \"CVE-2015-1790\",\n \"CVE-2015-1791\",\n \"CVE-2015-1792\",\n \"CVE-2015-1798\",\n \"CVE-2015-1799\",\n \"CVE-2015-4000\",\n \"CVE-2015-4595\"\n );\n script_bugtraq_id(\n 73950,\n 73951,\n 74733,\n 75154,\n 75156,\n 75157,\n 75158,\n 75159,\n 75161\n );\n script_xref(name:\"CERT\", value:\"374268\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCut83796\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCuu82343\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCuv33150\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"Cisco ACE 4710 Appliance / ACE30 Module Multiple Vulnerabilities (Logjam)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Cisco Application Control Engine (ACE) software installed on the\nremote Cisco ACE 4710 device or ACE30 module is version A5 prior to\nA5(3.3). It is, therefore, affected by multiple vulnerabilities :\n\n - An invalid free memory error exists due to improper\n validation of user-supplied input when a DTLS peer\n receives application data between ChangeCipherSpec and\n Finished messages. A remote attacker can exploit this to\n corrupt memory, resulting in a denial of service or\n the execution of arbitrary code. (CVE-2014-8176)\n\n - A denial of service vulnerability exists when processing\n an ECParameters structure due to an infinite loop that\n occurs when a specified curve is over a malformed binary\n polynomial field. A remote attacker can exploit this to\n perform a denial of service against any system that\n processes public keys, certificate requests, or\n certificates. This includes TLS clients and TLS servers\n with client authentication enabled. (CVE-2015-1788)\n\n - A denial of service vulnerability exists due to improper\n validation of the content and length of the ASN1_TIME\n string by the X509_cmp_time() function. A remote\n attacker can exploit this, via a malformed certificate\n and CRLs of various sizes, to cause a segmentation\n fault, resulting in a denial of service condition. TLS\n clients that verify CRLs are affected. TLS clients and\n servers with client authentication enabled may be\n affected if they use custom verification callbacks.\n (CVE-2015-1789)\n\n - A NULL pointer dereference flaw exists in the PKCS#7\n parsing code due to incorrect handling of missing inner\n 'EncryptedContent'. This allows a remote attacker, via\n specially crafted ASN.1-encoded PKCS#7 blobs with\n missing content, to cause a denial of service condition\n or other potential unspecified impacts. (CVE-2015-1790)\n\n - A double-free error exists due to a race condition that\n occurs when a NewSessionTicket is received by a\n multi-threaded client when attempting to reuse a\n previous ticket. A remote attacker can exploit this to\n cause a denial of service condition or other potential\n unspecified impact. (CVE-2015-1791)\n\n - A denial of service vulnerability exists in the CMS code\n due to an infinite loop that occurs when verifying a\n signedData message. A remote attacker can exploit this\n to cause a denial of service condition. (CVE-2015-1792)\n\n - The symmetric-key feature in the receive function\n requires a correct message authentication code (MAC)\n only if the MAC field has a nonzero length. This makes\n it easier for a man-in-the-middle attacker to spoof\n packets by omitting the MAC. (CVE-2015-1798)\n\n - A flaw exists in the symmetric-key feature in the\n receive function when handling a specially crafted\n packet sent to one of two hosts that are peering with\n each other. This allows an attacker to cause the next\n attempt by the servers to synchronize to fail.\n (CVE-2015-1799)\n\n - A man-in-the-middle vulnerability, known as Logjam,\n exists due to a flaw in the SSL/TLS protocol. A remote\n attacker can exploit this flaw to downgrade connections\n using ephemeral Diffie-Hellman key exchange to 512-bit\n export-grade cryptography. (CVE-2015-4000)\n\n - A flaw exists in the TLS 1.x implementation in the\n Cavium SDK due to a failure to check the first byte of\n the padding bytes. A man-in-the-middle attacker can\n exploit this, by sending specially crafted requests to\n the server, to induce requests that allow determining\n the plaintext chunks of data. This vulnerability is a\n variant of the POODLE attack. (CVE-2015-4595)\");\n # https://www.cisco.com/c/en/us/td/docs/app_ntwk_services/data_center_app_services/ace_appliances/VA5_3_x/release/note/ACE_app_rn_A53x.html#pgfId-947807\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8bf8fa00\");\n script_set_attribute(attribute:\"see_also\", value:\"https://tools.cisco.com/bugsearch/bug/CSCut83796\");\n script_set_attribute(attribute:\"see_also\", value:\"https://tools.cisco.com/bugsearch/bug/CSCuu82343\");\n script_set_attribute(attribute:\"see_also\", value:\"https://tools.cisco.com/bugsearch/bug/CSCuv33150\");\n # https://vivaldi.net/en-US/userblogs/entry/there-are-more-poodles-in-the-forest\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0f38496c\");\n script_set_attribute(attribute:\"see_also\", value:\"https://weakdh.org/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Cisco ACE version A5(3.3) or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/04/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:cisco:application_control_engine_software\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CISCO\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"cisco_ace_version.nasl\");\n script_require_keys(\"Host/Cisco/ACE/Version\", \"Host/Cisco/ACE/Model\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit(\"Host/Cisco/ACE/Version\");\nmodel = get_kb_item_or_exit(\"Host/Cisco/ACE/Model\");\n\nif (model != \"4710\" && model != \"ACE30\") audit(AUDIT_DEVICE_NOT_VULN, \"Cisco ACE \" + model);\n\nif (\n version =~ \"^A[34][^0-9]\" ||\n version =~ \"^A5\$[0-2][^0-9]\" ||\n version =~ \"^A5\\(3(\\.[0-2][a-z]*)?\$\"\n)\n{\n report = '\\n Installed version : ' + version +\n '\\n Fixed version : A5(3.3)' +\n '\\n';\n security_report_v4(port:0, extra:report, severity:SECURITY_HOLE);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, \"Cisco ACE\", version);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-28T14:37:55", "description": "According to its self-reported version number, the Puppet Enterprise application running on the remote host is 3.x prior to 3.8.1. It is, therefore, affected by the following vulnerabilities :\n\n - An XML external entity injection (XXE) flaw exists in the Apache ActiveMQ component due to a faulty configuration that allows an XML parser to accept XML external entities from untrusted sources. A remote attacker, by sending crafted XML data, can exploit this to disclose arbitrary files. (CVE-2014-3600)\n\n - An authentication bypass vulnerability exists in the Apache ActiveMQ component due to a flaw in the LDAPLoginModule implementation. A remote attacker can exploit this to bypass authentication mechanisms.\n (CVE-2014-3612)\n\n - Multiple cross-site scripting vulnerabilities exist in the administrative console of Apache ActiveMQ that allow a remote attacker to inject arbitrary HTML or web scripts. (CVE-2014-8110)\n\n - An invalid free memory error exists due to improper validation of user-supplied input when a DTLS peer receives application data between ChangeCipherSpec and Finished messages. A remote attacker can exploit this to corrupt memory, resulting in a denial of service or the execution of arbitrary code. (CVE-2014-8176)\n\n - A denial of service vulnerability exists when processing an ECParameters structure due to an infinite loop that occurs when a specified curve is over a malformed binary polynomial field. A remote attacker can exploit this to perform a denial of service against any system that processes public keys, certificate requests, or certificates. This includes TLS clients and TLS servers with client authentication enabled. (CVE-2015-1788)\n\n - A denial of service vulnerability exists due to improper validation of the content and length of the ASN1_TIME string by the X509_cmp_time() function. A remote attacker can exploit this, via a malformed certificate and CRLs of various sizes, to cause a segmentation fault, resulting in a denial of service condition. TLS clients that verify CRLs are affected. TLS clients and servers with client authentication enabled may be affected if they use custom verification callbacks.\n (CVE-2015-1789)\n\n - A NULL pointer dereference flaw exists in the PKCS#7 parsing code due to incorrect handling of missing inner 'EncryptedContent'. This allows a remote attacker, via specially crafted ASN.1-encoded PKCS#7 blobs with missing content, to cause a denial of service condition or other potential unspecified impacts. (CVE-2015-1790)\n\n - A double-free error exists due to a race condition that occurs when a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket. (CVE-2015-1791)\n\n - A denial of service vulnerability exists in the CMS code due to an infinite loop that occurs when verifying a signedData message. A remote attacker can exploit this to cause a denial of service condition. (CVE-2015-1792)\n\n - A double-free memory flaw exists in PostgreSQL due to a timeout interrupt occurring partway in the session shutdown sequence. A remote attacker, by closing an SSL session when the authentication timeout expires, can exploit this flaw to cause a denial of service.\n (CVE-2015-3165)\n\n - An out-of-memory condition exists in the printf() functions in PostgreSQL due to a failure to check for errors. A remote attacker can exploit this to access sensitive information. (CVE-2015-3166)\n\n - A flaw exists in contrib/pgcrypto in PostgreSQL due to cases of decryption reporting other error message texts, which a remote attacker can use to recover keys from other systems. (CVE-2015-3167)\n\n - A man-in-the-middle vulnerability, known as Logjam, exists due to a flaw in the SSL/TLS protocol. A remote attacker can exploit this flaw to downgrade connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. (CVE-2015-4000)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2015-07-23T00:00:00", "type": "nessus", "title": "Puppet Enterprise 3.x < 3.8.1 Multiple Vulnerabilities (Logjam)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3600", "CVE-2014-3612", "CVE-2014-8110", "CVE-2014-8176", "CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-3165", "CVE-2015-3166", "CVE-2015-3167", "CVE-2015-4000"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/a:puppetlabs:puppet"], "id": "PUPPET_ENTERPRISE_ACTIVEMQ_PSQL_SSL.NASL", "href": "https://www.tenable.com/plugins/nessus/84960", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84960);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2014-3600\",\n \"CVE-2014-3612\",\n \"CVE-2014-8110\",\n \"CVE-2014-8176\",\n \"CVE-2015-1788\",\n \"CVE-2015-1789\",\n \"CVE-2015-1790\",\n \"CVE-2015-1791\",\n \"CVE-2015-1792\",\n \"CVE-2015-3165\",\n \"CVE-2015-3166\",\n \"CVE-2015-3167\",\n \"CVE-2015-4000\"\n );\n script_bugtraq_id(\n 72510,\n 72511,\n 72513,\n 74733,\n 74787,\n 74789,\n 74790,\n 75154,\n 75156,\n 75157,\n 75158,\n 75159,\n 75161\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"Puppet Enterprise 3.x < 3.8.1 Multiple Vulnerabilities (Logjam)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web application on the remote host is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the Puppet Enterprise\napplication running on the remote host is 3.x prior to 3.8.1. It is,\ntherefore, affected by the following vulnerabilities :\n\n - An XML external entity injection (XXE) flaw exists in\n the Apache ActiveMQ component due to a faulty\n configuration that allows an XML parser to accept XML\n external entities from untrusted sources. A remote\n attacker, by sending crafted XML data, can exploit this\n to disclose arbitrary files. (CVE-2014-3600)\n\n - An authentication bypass vulnerability exists in the\n Apache ActiveMQ component due to a flaw in the\n LDAPLoginModule implementation. A remote attacker can\n exploit this to bypass authentication mechanisms.\n (CVE-2014-3612)\n\n - Multiple cross-site scripting vulnerabilities exist in\n the administrative console of Apache ActiveMQ that allow\n a remote attacker to inject arbitrary HTML or web\n scripts. (CVE-2014-8110)\n\n - An invalid free memory error exists due to improper\n validation of user-supplied input when a DTLS peer\n receives application data between ChangeCipherSpec and\n Finished messages. A remote attacker can exploit this to\n corrupt memory, resulting in a denial of service or\n the execution of arbitrary code. (CVE-2014-8176)\n\n - A denial of service vulnerability exists when processing\n an ECParameters structure due to an infinite loop that\n occurs when a specified curve is over a malformed binary\n polynomial field. A remote attacker can exploit this to\n perform a denial of service against any system that\n processes public keys, certificate requests, or\n certificates. This includes TLS clients and TLS servers\n with client authentication enabled. (CVE-2015-1788)\n\n - A denial of service vulnerability exists due to improper\n validation of the content and length of the ASN1_TIME\n string by the X509_cmp_time() function. A remote\n attacker can exploit this, via a malformed certificate\n and CRLs of various sizes, to cause a segmentation\n fault, resulting in a denial of service condition. TLS\n clients that verify CRLs are affected. TLS clients and\n servers with client authentication enabled may be\n affected if they use custom verification callbacks.\n (CVE-2015-1789)\n\n - A NULL pointer dereference flaw exists in the PKCS#7\n parsing code due to incorrect handling of missing inner\n 'EncryptedContent'. This allows a remote attacker, via\n specially crafted ASN.1-encoded PKCS#7 blobs with\n missing content, to cause a denial of service condition\n or other potential unspecified impacts. (CVE-2015-1790)\n\n - A double-free error exists due to a race condition that\n occurs when a NewSessionTicket is received by a\n multi-threaded client when attempting to reuse a\n previous ticket. (CVE-2015-1791)\n\n - A denial of service vulnerability exists in the CMS code\n due to an infinite loop that occurs when verifying a\n signedData message. A remote attacker can exploit this\n to cause a denial of service condition. (CVE-2015-1792)\n\n - A double-free memory flaw exists in PostgreSQL due to\n a timeout interrupt occurring partway in the session\n shutdown sequence. A remote attacker, by closing\n an SSL session when the authentication timeout expires,\n can exploit this flaw to cause a denial of service.\n (CVE-2015-3165)\n\n - An out-of-memory condition exists in the printf()\n functions in PostgreSQL due to a failure to check for\n errors. A remote attacker can exploit this to access\n sensitive information. (CVE-2015-3166)\n\n - A flaw exists in contrib/pgcrypto in PostgreSQL due\n to cases of decryption reporting other error message\n texts, which a remote attacker can use to recover\n keys from other systems. (CVE-2015-3167)\n\n - A man-in-the-middle vulnerability, known as Logjam,\n exists due to a flaw in the SSL/TLS protocol. A remote\n attacker can exploit this flaw to downgrade connections\n using ephemeral Diffie-Hellman key exchange to 512-bit\n export-grade cryptography. (CVE-2015-4000)\");\n # https://puppet.com/security/cve/activemq-february-2015-vulnerability-fix\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f903b0fa\");\n # https://puppet.com/security/cve/postgresql-may-2015-vulnerability-fix\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?50c9bedd\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.postgresql.org/about/news/1587/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://puppet.com/security/cve/CVE-2015-4000\");\n script_set_attribute(attribute:\"see_also\", value:\"https://puppet.com/security/cve/openssl-june-2015-vulnerability-fix\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20150611.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"https://weakdh.org/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Puppet Enterprise version 3.8.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-3166\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/02/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:puppetlabs:puppet\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"puppet_rest_detect.nasl\");\n script_require_keys(\"puppet/rest_port\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\napp_name = \"Puppet Enterprise\";\n\nport = get_kb_item_or_exit('puppet/rest_port');\nver = get_kb_item_or_exit('puppet/' + port + '/version');\n\nif ('Enterprise' >< ver)\n{\n # convert something like\n # 2.7.19 (Puppet Enterprise 2.7.0)\n # to\n # 2.7.0\n match = eregmatch(string:ver, pattern:\"Enterprise ([0-9.]+)\\)\");\n if (isnull(match)) audit(AUDIT_UNKNOWN_WEB_APP_VER, app_name, build_url(port:port));\n ver = match[1];\n}\nelse audit(AUDIT_WEB_APP_NOT_INST, app_name, port);\n\nif (\n ver =~ \"^3\\.[0-7]($|[^0-9])\" ||\n ver =~ \"^3\\.8\\.0($|[^0-9])\"\n)\n{\n set_kb_item(name: 'www/'+port+'/XSS', value: TRUE);\n\n if (report_verbosity > 0)\n {\n report =\n '\\n Installed version : Puppet Enterprise ' + ver +\n '\\n Fixed version : Puppet Enterprise 3.8.1\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\nelse audit(AUDIT_WEB_APP_NOT_AFFECTED, app_name, build_url(port:port), ver);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:58:58", "description": "According to its version, the installation of IBM DB2 9.7 running on the remote host is prior to Fix Pack 11. It is, therefore, affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists in the monitoring and audit features that occurs when handling a specially crafted command. An authenticated, remote attacker can exploit this to disclose sensitive information. (CVE-2014-0919)\n\n - A flaw exists that is triggered during the handling of a specially crafted ALTER TABLE statement on an identity column. An authenticated, remote attacker can exploit this to cause the server to terminate, resulting in a denial of service condition. (CVE-2014-6209)\n\n - A flaw exists that is triggered during the handling of multiple ALTER TABLE statements on the same column. An authenticated, remote attacker can exploit this to cause the server to terminate, resulting in a denial of service condition. (CVE-2014-6210)\n\n - A man-in-the-middle (MitM) information disclosure vulnerability, known as POODLE, exists due to the TLS server not verifying block cipher padding when using a cipher suite that employs a block cipher such as AES and DES. The lack of padding checking can allow encrypted TLS traffic to be decrypted. This vulnerability could allow for the decryption of HTTPS traffic by an unauthorized third party. (CVE-2014-8730)\n\n - A flaw exists that is triggered when handling a specially crafted XML query. An authenticated, remote attacker can exploit this to cause excessive consumption of CPU resources, resulting in a denial of service condition. (CVE-2014-8901)\n\n - An unspecified error exists during the handling of SELECT statements with XML/XSLT functions that allows a remote attacker to gain access to arbitrary files.\n (CVE-2014-8910)\n\n - A security feature bypass vulnerability, known as FREAK (Factoring attack on RSA-EXPORT Keys), exists in the IBM Global Security Kit (GSKit) due to the support of weak EXPORT_RSA cipher suites with keys less than or equal to 512 bits. A man-in-the-middle attacker may be able to downgrade the SSL/TLS connection to use EXPORT_RSA cipher suites which can be factored in a short amount of time, allowing the attacker to intercept and decrypt the traffic. (CVE-2015-0138)\n\n - A flaw exists in the LUW component when handling SQL statements with unspecified Scaler functions. A remote, authenticated attacker can exploit this to cause a denial of service. (CVE-2015-0157)\n\n - A denial of service vulnerability exists when processing an ECParameters structure due to an infinite loop that occurs when a specified curve is over a malformed binary polynomial field. A remote attacker can exploit this to perform a denial of service against any system that processes public keys, certificate requests, or certificates. This includes TLS clients and TLS servers with client authentication enabled. (CVE-2015-1788)\n\n - An information disclosure vulnerability exists in the automated maintenance feature. An attacker with elevated privileges, by manipulating a stored procedure, can exploit this issue to disclose arbitrary files owned by the DB2 fenced ID on UNIX/Linux or the administrator on Windows. (CVE-2015-1883)\n\n - A flaw exists in the Data Movement feature when handling specially crafted queries. An authenticated, remote attacker can exploit this to delete database rows from a table without having the appropriate privileges.\n (CVE-2015-1922)\n\n - A flaw exists when handling SQL statements having unspecified LUW Scaler functions. An authenticated, remote attacker can exploit this to run arbitrary code, under the privileges of the DB2 instance owner, or to cause a denial of service. (CVE-2015-1935)\n\n - A security feature bypass vulnerability exists, known as Bar Mitzvah, due to improper combination of state data with key data by the RC4 cipher algorithm during the initialization phase. A man-in-the-middle attacker can exploit this, via a brute-force attack using LSB values, to decrypt the traffic. (CVE-2015-2808)\n\n - A denial of service vulnerability exists in the query compiler QGM due to improper handling of duplicate reloc entry queries. An authenticated, remote attacker can exploit this to crash the database.\n\n - A denial of service vulnerability exists in the SQLEX_FIND_GROUP() function due to improper handling of group name results. An authenticated, remote attacker can exploit this to crash the database.\n\n - A denial of service vulnerability exists in the query compiler QGM due to improper handling of DBCLOB column types. An authenticated, remote attacker can exploit this to crash the database.\n\n - A denial of service vulnerability exists in the Relational Data Services component in the SQLRA_GET_SECT_INFO_BY_CURSOR_NAME() function due to improper handling of stored procedures. An authenticated, remote attacker can exploit this to crash the database.", "cvss3": {}, "published": "2015-07-18T00:00:00", "type": "nessus", "title": "IBM DB2 9.7 < Fix Pack 11 Multiple Vulnerabilities (Bar Mitzvah) (FREAK) (TLS POODLE)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 8.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 8.5, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0919", "CVE-2014-6209", "CVE-2014-6210", "CVE-2014-8730", "CVE-2014-8901", "CVE-2014-8910", "CVE-2015-0138", "CVE-2015-0157", "CVE-2015-1788", "CVE-2015-1883", "CVE-2015-1922", "CVE-2015-1935", "CVE-2015-2808"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:ibm:db2"], "id": "DB2_97FP10_MULTI_VULN.NASL", "href": "https://www.tenable.com/plugins/nessus/84828", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84828);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2014-0919\",\n \"CVE-2014-6209\",\n \"CVE-2014-6210\",\n \"CVE-2014-8730\",\n \"CVE-2014-8901\",\n \"CVE-2014-8910\",\n \"CVE-2015-0138\",\n \"CVE-2015-0157\",\n \"CVE-2015-1788\",\n \"CVE-2015-1883\",\n \"CVE-2015-1922\",\n \"CVE-2015-1935\",\n \"CVE-2015-2808\"\n );\n script_bugtraq_id(\n 71549,\n 71729,\n 71730,\n 71734,\n 73326,\n 73684,\n 74217,\n 75158,\n 75908,\n 75911,\n 75946,\n 75947,\n 75949\n );\n script_xref(name:\"CERT\", value:\"243585\");\n\n script_name(english:\"IBM DB2 9.7 < Fix Pack 11 Multiple Vulnerabilities (Bar Mitzvah) (FREAK) (TLS POODLE)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its version, the installation of IBM DB2 9.7 running on\nthe remote host is prior to Fix Pack 11. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An information disclosure vulnerability exists in the\n monitoring and audit features that occurs when handling\n a specially crafted command. An authenticated, remote\n attacker can exploit this to disclose sensitive\n information. (CVE-2014-0919)\n\n - A flaw exists that is triggered during the handling of a\n specially crafted ALTER TABLE statement on an identity\n column. An authenticated, remote attacker can exploit\n this to cause the server to terminate, resulting in a\n denial of service condition. (CVE-2014-6209)\n\n - A flaw exists that is triggered during the handling of \n multiple ALTER TABLE statements on the same column. An\n authenticated, remote attacker can exploit this to cause\n the server to terminate, resulting in a denial of\n service condition. (CVE-2014-6210)\n\n - A man-in-the-middle (MitM) information disclosure\n vulnerability, known as POODLE, exists due to the TLS\n server not verifying block cipher padding when using a\n cipher suite that employs a block cipher such as AES and\n DES. The lack of padding checking can allow encrypted\n TLS traffic to be decrypted. This vulnerability could\n allow for the decryption of HTTPS traffic by an\n unauthorized third party. (CVE-2014-8730)\n\n - A flaw exists that is triggered when handling a\n specially crafted XML query. An authenticated, remote\n attacker can exploit this to cause excessive consumption\n of CPU resources, resulting in a denial of service\n condition. (CVE-2014-8901)\n\n - An unspecified error exists during the handling of\n SELECT statements with XML/XSLT functions that allows a\n remote attacker to gain access to arbitrary files.\n (CVE-2014-8910)\n\n - A security feature bypass vulnerability, known as FREAK\n (Factoring attack on RSA-EXPORT Keys), exists in the IBM\n Global Security Kit (GSKit) due to the support of weak\n EXPORT_RSA cipher suites with keys less than or equal to\n 512 bits. A man-in-the-middle attacker may be able to\n downgrade the SSL/TLS connection to use EXPORT_RSA\n cipher suites which can be factored in a short amount of\n time, allowing the attacker to intercept and decrypt the\n traffic. (CVE-2015-0138)\n\n - A flaw exists in the LUW component when handling SQL\n statements with unspecified Scaler functions. A remote,\n authenticated attacker can exploit this to cause a\n denial of service. (CVE-2015-0157)\n\n - A denial of service vulnerability exists when processing\n an ECParameters structure due to an infinite loop that\n occurs when a specified curve is over a malformed binary\n polynomial field. A remote attacker can exploit this to\n perform a denial of service against any system that\n processes public keys, certificate requests, or\n certificates. This includes TLS clients and TLS servers\n with client authentication enabled. (CVE-2015-1788)\n\n - An information disclosure vulnerability exists in the\n automated maintenance feature. An attacker with elevated\n privileges, by manipulating a stored procedure, can\n exploit this issue to disclose arbitrary files owned by\n the DB2 fenced ID on UNIX/Linux or the administrator on\n Windows. (CVE-2015-1883)\n\n - A flaw exists in the Data Movement feature when handling\n specially crafted queries. An authenticated, remote\n attacker can exploit this to delete database rows from a\n table without having the appropriate privileges.\n (CVE-2015-1922)\n\n - A flaw exists when handling SQL statements having\n unspecified LUW Scaler functions. An authenticated,\n remote attacker can exploit this to run arbitrary code,\n under the privileges of the DB2 instance owner, or to\n cause a denial of service. (CVE-2015-1935)\n\n - A security feature bypass vulnerability exists, known as\n Bar Mitzvah, due to improper combination of state data\n with key data by the RC4 cipher algorithm during the\n initialization phase. A man-in-the-middle attacker can\n exploit this, via a brute-force attack using LSB values,\n to decrypt the traffic. (CVE-2015-2808)\n\n - A denial of service vulnerability exists in the query\n compiler QGM due to improper handling of duplicate reloc\n entry queries. An authenticated, remote attacker can\n exploit this to crash the database.\n\n - A denial of service vulnerability exists in the\n SQLEX_FIND_GROUP() function due to improper handling of\n group name results. An authenticated, remote attacker\n can exploit this to crash the database.\n\n - A denial of service vulnerability exists in the query\n compiler QGM due to improper handling of DBCLOB column\n types. An authenticated, remote attacker can exploit\n this to crash the database.\n\n - A denial of service vulnerability exists in the\n Relational Data Services component in the\n SQLRA_GET_SECT_INFO_BY_CURSOR_NAME() function due to\n improper handling of stored procedures. An\n authenticated, remote attacker can exploit this to crash\n the database.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg24040935\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www-304.ibm.com/support/docview.wss?uid=swg21697987\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www-304.ibm.com/support/docview.wss?uid=swg21697988\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www-304.ibm.com/support/docview.wss?uid=swg21698308\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www-304.ibm.com/support/docview.wss?uid=swg21959650\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21902661\");\n # https://www.blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness-wp.pdf\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4bbf45ac\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.imperialviolet.org/2014/12/08/poodleagain.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.smacktls.com/#freak\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply IBM DB2 version 9.7 Fix Pack 11 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:db2\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"db2_das_detect.nasl\");\n script_require_ports(\"Services/db2das\", 523);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"db2_report_func.inc\");\n\nport = get_service(svc:\"db2das\", default:523, exit_on_fail:TRUE);\n\nlevel = get_kb_item_or_exit(\"DB2/\" + port + \"/Level\");\nif (level !~ \"^9\\.7\\.\") audit(AUDIT_NOT_LISTEN, \"DB2 9.7\", port);\n\nplatform = get_kb_item_or_exit(\"DB2/\"+port+\"/Platform\");\nplatform_name = get_kb_item(\"DB2/\"+port+\"/Platform_Name\");\nif (isnull(platform_name))\n{\n platform_name = platform;\n report_phrase = \"platform \" + platform;\n}\nelse\n report_phrase = platform_name;\n\n\nvuln = FALSE;\n# Windows 32-bit/64-bit\nif (platform == 5 || platform == 23)\n{\n fixed_level = '9.7.1100.352';\n if (ver_compare(ver:level, fix:fixed_level) < 0)\n vuln = TRUE;\n}\n# Others\nelse if (\n # Linux, 2.6 kernel 32/64-bit\n platform == 18 ||\n platform == 30 ||\n # AIX\n platform == 20\n)\n{\n fixed_level = '9.7.0.11';\n if (ver_compare(ver:level, fix:fixed_level) < 0)\n vuln = TRUE;\n}\nelse\n{\n info =\n 'Nessus does not support version checks against ' + report_phrase + '.\\n' +\n 'To help us better identify vulnerable versions, please send the platform\\n' +\n 'number along with details about the platform, including the operating system\\n' +\n 'version, CPU architecture, and DB2 version to db2-platform-info@nessus.org.\\n';\n exit(1, info);\n}\n\nif (vuln)\n report_db2(\n severity : SECURITY_HOLE,\n port : port,\n platform_name : platform_name,\n installed_level : level,\n fixed_level : fixed_level);\nelse audit(AUDIT_LISTEN_NOT_VULN, \"DB2\", port, level);\n", "cvss": {"score": 8.0, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:C"}}, {"lastseen": "2023-01-11T16:35:21", "description": "According to the web server's banner, the version of HP System Management Homepage (SMH) hosted on the remote web server is a version prior to 7.5.4. It is, therefore, affected by the following vulnerabilities :\n\n - A denial of service vulnerability exists when processing an ECParameters structure due to an infinite loop that occurs when a specified curve is over a malformed binary polynomial field. A remote attacker can exploit this to perform a denial of service against any system that processes public keys, certificate requests, or certificates. This includes TLS clients and TLS servers with client authentication enabled. (CVE-2015-1788) \n\n - A denial of service vulnerability exists due to improper validation of the content and length of the ASN1_TIME string by the X509_cmp_time() function. A remote attacker can exploit this, via a malformed certificate and CRLs of various sizes, to cause a segmentation fault, resulting in a denial of service condition. TLS clients that verify CRLs are affected. TLS clients and servers with client authentication enabled may be affected if they use custom verification callbacks.\n (CVE-2015-1789)\n\n - A NULL pointer dereference flaw exists in the PKCS#7 parsing code due to incorrect handling of missing inner 'EncryptedContent'. This allows a remote attacker, via specially crafted ASN.1-encoded PKCS#7 blobs with missing content, to cause a denial of service condition or other potential unspecified impacts. (CVE-2015-1790)\n\n - A double-free error exists due to a race condition that occurs when a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket. (CVE-2015-1791)\n\n - A denial of service vulnerability exists in the CMS code due to an infinite loop that occurs when verifying a signedData message. A remote attacker can exploit this to cause a denial of service condition. (CVE-2015-1792)\n\n - A certificate validation bypass vulnerability exists in the Security:Encryption subcomponent due to a flaw in the X509_verify_cert() function in x509_vfy.c that is triggered when locating alternate certificate chains when the first attempt to build such a chain fails. A remote attacker can exploit this, by using a valid leaf certificate as a certificate authority (CA), to issue invalid certificates that will bypass authentication.\n (CVE-2015-1793)\n\n - A cross-request authentication bypass vulnerability exists in libcurl due to the use of an existing, authenticated connection when performing a subsequent unauthenticated NTLM HTTP request. An attacker can exploit this to bypass authentication mechanisms.\n (CVE-2015-3143)\n\n - A denial of service vulnerability exists in libcurl due to a flaw in the sanitize_cookie_path() function that is triggered when handling a cookie path element that consists of a single double-quote. An attacker can exploit this to cause the application to crash.\n (CVE-2015-3145)\n\n - A cross-request authentication bypass vulnerability exists in libcurl due to a flaw that is triggered when a request is 'Negotiate' authenticated, which can cause the program to treat the entire connection as authenticated rather than just that specific request. An attacker can exploit this to bypass authentication mechanisms for subsequent requests. (CVE-2015-3148)\n\n - A man-in-the-middle vulnerability, known as Logjam, exists due to a flaw in the SSL/TLS protocol. A remote attacker can exploit this flaw to downgrade connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. (CVE-2015-4000)\n\n - A flaw exists in the multipart_buffer_headers() function in rfc1867.c due to improper handling of multipart/form-data in HTTP requests. A remote attacker can exploit this flaw to cause a consumption of CPU resources, resulting in a denial of service condition.\n (CVE-2015-4024)\n\n - An unspecified flaw exists that allows an authenticated, remote attacker to impact confidentiality and integrity.\n (CVE-2016-1993)\n\n - An unspecified information disclosure vulnerability exists that allows an authenticated, remote attacker to gain unauthorized access to information. (CVE-2016-1994)\n\n - An unspecified remote code execution vulnerability exists that allows an unauthenticated, remote attacker to take complete control of the system. (CVE-2016-1995)\n\n - An unspecified flaw exists that allows a local attacker to impact confidentiality and integrity. (CVE-2016-1996)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-03-24T00:00:00", "type": "nessus", "title": "HP System Management Homepage < 7.5.4 Multiple Vulnerabilities (Logjam)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-1793", "CVE-2015-3143", "CVE-2015-3145", "CVE-2015-3148", "CVE-2015-4000", "CVE-2015-4024", "CVE-2016-1993", "CVE-2016-1994", "CVE-2016-1995", "CVE-2016-1996"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/a:hp:system_management_homepage"], "id": "HPSMH_7_5_4.NASL", "href": "https://www.tenable.com/plugins/nessus/90150", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90150);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2015-1788\",\n \"CVE-2015-1789\",\n \"CVE-2015-1790\",\n \"CVE-2015-1791\",\n \"CVE-2015-1792\",\n \"CVE-2015-1793\",\n \"CVE-2015-3143\",\n \"CVE-2015-3145\",\n \"CVE-2015-3148\",\n \"CVE-2015-4000\",\n \"CVE-2015-4024\",\n \"CVE-2016-1993\",\n \"CVE-2016-1994\",\n \"CVE-2016-1995\",\n \"CVE-2016-1996\"\n );\n script_bugtraq_id(\n 74299,\n 74301,\n 74303,\n 74733,\n 74903,\n 75154,\n 75156,\n 75157,\n 75158,\n 75161,\n 75652\n );\n script_xref(name:\"HP\", value:\"HPSBMU03546\");\n script_xref(name:\"HP\", value:\"emr_na-c05045763\");\n script_xref(name:\"HP\", value:\"SSRT101447\");\n script_xref(name:\"HP\", value:\"SSRT101858\");\n script_xref(name:\"HP\", value:\"SSRT102109\");\n script_xref(name:\"HP\", value:\"SSRT102164\");\n script_xref(name:\"HP\", value:\"PSRT110050\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"HP System Management Homepage < 7.5.4 Multiple Vulnerabilities (Logjam)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the web server's banner, the version of HP System\nManagement Homepage (SMH) hosted on the remote web server is a version\nprior to 7.5.4. It is, therefore, affected by the following\nvulnerabilities :\n\n - A denial of service vulnerability exists when processing\n an ECParameters structure due to an infinite loop that\n occurs when a specified curve is over a malformed binary\n polynomial field. A remote attacker can exploit this to\n perform a denial of service against any system that\n processes public keys, certificate requests, or\n certificates. This includes TLS clients and TLS servers\n with client authentication enabled. (CVE-2015-1788) \n\n - A denial of service vulnerability exists due to improper\n validation of the content and length of the ASN1_TIME\n string by the X509_cmp_time() function. A remote\n attacker can exploit this, via a malformed certificate\n and CRLs of various sizes, to cause a segmentation\n fault, resulting in a denial of service condition. TLS\n clients that verify CRLs are affected. TLS clients and\n servers with client authentication enabled may be\n affected if they use custom verification callbacks.\n (CVE-2015-1789)\n\n - A NULL pointer dereference flaw exists in the PKCS#7\n parsing code due to incorrect handling of missing inner\n 'EncryptedContent'. This allows a remote attacker, via\n specially crafted ASN.1-encoded PKCS#7 blobs with\n missing content, to cause a denial of service condition\n or other potential unspecified impacts. (CVE-2015-1790)\n\n - A double-free error exists due to a race condition that\n occurs when a NewSessionTicket is received by a\n multi-threaded client when attempting to reuse a\n previous ticket. (CVE-2015-1791)\n\n - A denial of service vulnerability exists in the CMS code\n due to an infinite loop that occurs when verifying a\n signedData message. A remote attacker can exploit this\n to cause a denial of service condition. (CVE-2015-1792)\n\n - A certificate validation bypass vulnerability exists in\n the Security:Encryption subcomponent due to a flaw in\n the X509_verify_cert() function in x509_vfy.c that is\n triggered when locating alternate certificate chains\n when the first attempt to build such a chain fails. A\n remote attacker can exploit this, by using a valid leaf\n certificate as a certificate authority (CA), to issue\n invalid certificates that will bypass authentication.\n (CVE-2015-1793)\n\n - A cross-request authentication bypass vulnerability\n exists in libcurl due to the use of an existing,\n authenticated connection when performing a subsequent\n unauthenticated NTLM HTTP request. An attacker can\n exploit this to bypass authentication mechanisms.\n (CVE-2015-3143)\n\n - A denial of service vulnerability exists in libcurl due\n to a flaw in the sanitize_cookie_path() function that is\n triggered when handling a cookie path element that\n consists of a single double-quote. An attacker can\n exploit this to cause the application to crash.\n (CVE-2015-3145)\n\n - A cross-request authentication bypass vulnerability\n exists in libcurl due to a flaw that is triggered when a\n request is 'Negotiate' authenticated, which can cause\n the program to treat the entire connection as\n authenticated rather than just that specific request. An\n attacker can exploit this to bypass authentication\n mechanisms for subsequent requests. (CVE-2015-3148)\n\n - A man-in-the-middle vulnerability, known as Logjam,\n exists due to a flaw in the SSL/TLS protocol. A remote\n attacker can exploit this flaw to downgrade connections\n using ephemeral Diffie-Hellman key exchange to 512-bit\n export-grade cryptography. (CVE-2015-4000)\n\n - A flaw exists in the multipart_buffer_headers() function\n in rfc1867.c due to improper handling of\n multipart/form-data in HTTP requests. A remote attacker\n can exploit this flaw to cause a consumption of CPU\n resources, resulting in a denial of service condition.\n (CVE-2015-4024)\n\n - An unspecified flaw exists that allows an authenticated,\n remote attacker to impact confidentiality and integrity.\n (CVE-2016-1993)\n\n - An unspecified information disclosure vulnerability\n exists that allows an authenticated, remote attacker to\n gain unauthorized access to information. (CVE-2016-1994)\n\n - An unspecified remote code execution vulnerability\n exists that allows an unauthenticated, remote attacker\n to take complete control of the system. (CVE-2016-1995)\n\n - An unspecified flaw exists that allows a local attacker\n to impact confidentiality and integrity. (CVE-2016-1996)\");\n # https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05045763\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d91095a9\");\n script_set_attribute(attribute:\"see_also\", value:\"https://weakdh.org/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to HP System Management Homepage (SMH) version 7.5.4 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-1995\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:hp:system_management_homepage\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"compaq_wbem_detect.nasl\", \"os_fingerprint.nasl\");\n script_require_keys(\"www/hp_smh\");\n script_require_ports(\"Services/www\", 2301, 2381);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:2381, embedded:TRUE);\n\ninstall = get_install_from_kb(appname:'hp_smh', port:port, exit_on_fail:TRUE);\ndir = install['dir'];\nversion = install['ver'];\nprod = get_kb_item_or_exit(\"www/\"+port+\"/hp_smh/variant\");\n\nif (version == UNKNOWN_VER) exit(1, 'The version of '+prod+' installed at '+build_url(port:port, qs:dir+\"/\")+' is unknown.');\n\n# Only Linux and Windows are affected -- HP-UX is not mentioned\nif (report_paranoia < 2)\n{\n os = get_kb_item_or_exit(\"Host/OS\");\n if (\"Windows\" >!< os && \"Linux\" >!< os) audit(AUDIT_OS_NOT, \"Windows or Linux\", os);\n}\n\n# nb: 'version' can have non-numeric characters in it so we'll create\n# an alternate form and make sure that's safe for use in 'ver_compare()'.\nversion_alt = ereg_replace(pattern:\"[_-]\", replace:\".\", string:version);\nif (!ereg(pattern:\"^[0-9][0-9.]+$\", string:version_alt)) exit(1, 'The version of '+prod+' installed at '+build_url(port:port, qs:dir+\"/\")+' does not look valid ('+version+').');\n\nfixed_version = '7.5.4';\nif (ver_compare(ver:version_alt, fix:fixed_version, strict:FALSE) == -1)\n{\n source_line = get_kb_item(\"www/\"+port+\"/hp_smh/source\");\n report = '\\n Product : ' + prod;\n if (!isnull(source_line))\n report += '\\n Version source : ' + source_line;\n report +=\n '\\n Installed version : ' + version_alt +\n '\\n Fixed version : ' + fixed_version +\n '\\n';\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:report);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, prod, port, version);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-03T15:14:32", "description": "libressl was updated to version 2.2.1 to fix 16 security issues.\n\nLibreSSL is a fork of OpenSSL. Because of that CVEs affecting OpenSSL often also affect LibreSSL.\n\nThese security issues were fixed :\n\n - CVE-2014-3570: The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k did not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c (bsc#912296).\n\n - CVE-2014-3572: The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allowed remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message (bsc#912015).\n\n - CVE-2015-1792: The do_free_upto function in crypto/cms/cms_smime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allowed remote attackers to cause a denial of service (infinite loop) via vectors that trigger a NULL value of a BIO data structure, as demonstrated by an unrecognized X.660 OID for a hash function (bsc#934493).\n\n - CVE-2014-8275: OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k did not enforce certain constraints on certificate data, which allowed remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c (bsc#912018).\n\n - CVE-2015-0209: Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed Elliptic Curve (EC) private-key file that is improperly handled during import (bsc#919648).\n\n - CVE-2015-1789: The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allowed remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback (bsc#934489).\n\n - CVE-2015-1788: The BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b did not properly handle ECParameters structures in which the curve is over a malformed binary polynomial field, which allowed remote attackers to cause a denial of service (infinite loop) via a session that used an Elliptic Curve algorithm, as demonstrated by an attack against a server that supports client authentication (bsc#934487).\n\n - CVE-2015-1790: The PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a PKCS#7 blob that used ASN.1 encoding and lacks inner EncryptedContent data (bsc#934491).\n\n - CVE-2015-0287: The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a did not reinitialize CHOICE and ADB data structures, which might allowed attackers to cause a denial of service (invalid write operation and memory corruption) by leveraging an application that relies on ASN.1 structure reuse (bsc#922499).\n\n - CVE-2015-0286: The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a did not properly perform boolean-type comparisons, which allowed remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted X.509 certificate to an endpoint that used the certificate-verification feature (bsc#922496).\n\n - CVE-2015-0289: The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a did not properly handle a lack of outer ContentInfo, which allowed attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, related to crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c (bsc#922500).\n\n - CVE-2015-0288: The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allowed attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid certificate key (bsc#920236).\n\n - CVE-2014-8176: The dtls1_clear_queues function in ssl/d1_lib.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h frees data structures without considering that application data can arrive between a ChangeCipherSpec message and a Finished message, which allowed remote DTLS peers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unexpected application data (bsc#934494).\n\n - CVE-2015-4000: The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, did not properly convey a DHE_EXPORT choice, which allowed man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the 'Logjam' issue (bsc#931600).\n\n - CVE-2015-0205: The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allowed remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support (bsc#912293).\n\n - CVE-2015-0206: Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allowed remote attackers to cause a denial of service (memory consumption) by sending many duplicate records for the next epoch, leading to failure of replay detection (bsc#912292).", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-07-27T00:00:00", "type": "nessus", "title": "openSUSE Security Update : libressl (openSUSE-2015-507) (Logjam)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3570", "CVE-2014-3572", "CVE-2014-8176", "CVE-2014-8275", "CVE-2015-0205", "CVE-2015-0206", "CVE-2015-0209", "CVE-2015-0286", "CVE-2015-0287", "CVE-2015-0288", "CVE-2015-0289", "CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1792", "CVE-2015-4000"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libcrypto34", "p-cpe:/a:novell:opensuse:libcrypto34-32bit", "p-cpe:/a:novell:opensuse:libcrypto34-debuginfo", "p-cpe:/a:novell:opensuse:libcrypto34-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libressl", "p-cpe:/a:novell:opensuse:libressl-debuginfo", "p-cpe:/a:novell:opensuse:libressl-debugsource", "p-cpe:/a:novell:opensuse:libressl-devel", "p-cpe:/a:novell:opensuse:libressl-devel-32bit", "p-cpe:/a:novell:opensuse:libssl33", "p-cpe:/a:novell:opensuse:libssl33-32bit", "p-cpe:/a:novell:opensuse:libssl33-debuginfo", "p-cpe:/a:novell:opensuse:libssl33-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libtls4", "p-cpe:/a:novell:opensuse:libtls4-32bit", "p-cpe:/a:novell:opensuse:libtls4-debuginfo", "p-cpe:/a:novell:opensuse:libtls4-debuginfo-32bit", "cpe:/o:novell:opensuse:13.2"], "id": "OPENSUSE-2015-507.NASL", "href": "https://www.tenable.com/plugins/nessus/84998", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2015-507.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84998);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2014-3570\",\n \"CVE-2014-3572\",\n \"CVE-2014-8176\",\n \"CVE-2014-8275\",\n \"CVE-2015-0205\",\n \"CVE-2015-0206\",\n \"CVE-2015-0209\",\n \"CVE-2015-0286\",\n \"CVE-2015-0287\",\n \"CVE-2015-0288\",\n \"CVE-2015-0289\",\n \"CVE-2015-1788\",\n \"CVE-2015-1789\",\n \"CVE-2015-1790\",\n \"CVE-2015-1792\",\n \"CVE-2015-4000\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"openSUSE Security Update : libressl (openSUSE-2015-507) (Logjam)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"libressl was updated to version 2.2.1 to fix 16 security issues.\n\nLibreSSL is a fork of OpenSSL. Because of that CVEs affecting OpenSSL\noften also affect LibreSSL.\n\nThese security issues were fixed :\n\n - CVE-2014-3570: The BN_sqr implementation in OpenSSL\n before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before\n 1.0.1k did not properly calculate the square of a BIGNUM\n value, which might make it easier for remote attackers\n to defeat cryptographic protection mechanisms via\n unspecified vectors, related to crypto/bn/asm/mips.pl,\n crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c\n (bsc#912296).\n\n - CVE-2014-3572: The ssl3_get_key_exchange function in\n s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before\n 1.0.0p, and 1.0.1 before 1.0.1k allowed remote SSL\n servers to conduct ECDHE-to-ECDH downgrade attacks and\n trigger a loss of forward secrecy by omitting the\n ServerKeyExchange message (bsc#912015).\n\n - CVE-2015-1792: The do_free_upto function in\n crypto/cms/cms_smime.c in OpenSSL before 0.9.8zg, 1.0.0\n before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before\n 1.0.2b allowed remote attackers to cause a denial of\n service (infinite loop) via vectors that trigger a NULL\n value of a BIO data structure, as demonstrated by an\n unrecognized X.660 OID for a hash function (bsc#934493).\n\n - CVE-2014-8275: OpenSSL before 0.9.8zd, 1.0.0 before\n 1.0.0p, and 1.0.1 before 1.0.1k did not enforce certain\n constraints on certificate data, which allowed remote\n attackers to defeat a fingerprint-based\n certificate-blacklist protection mechanism by including\n crafted data within a certificate's unsigned portion,\n related to crypto/asn1/a_verify.c,\n crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and\n crypto/x509/x_all.c (bsc#912018).\n\n - CVE-2015-0209: Use-after-free vulnerability in the\n d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in\n OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1\n before 1.0.1m, and 1.0.2 before 1.0.2a might allowed\n remote attackers to cause a denial of service (memory\n corruption and application crash) or possibly have\n unspecified other impact via a malformed Elliptic Curve\n (EC) private-key file that is improperly handled during\n import (bsc#919648).\n\n - CVE-2015-1789: The X509_cmp_time function in\n crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0\n before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before\n 1.0.2b allowed remote attackers to cause a denial of\n service (out-of-bounds read and application crash) via a\n crafted length field in ASN1_TIME data, as demonstrated\n by an attack against a server that supports client\n authentication with a custom verification callback\n (bsc#934489).\n\n - CVE-2015-1788: The BN_GF2m_mod_inv function in\n crypto/bn/bn_gf2m.c in OpenSSL before 0.9.8s, 1.0.0\n before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before\n 1.0.2b did not properly handle ECParameters structures\n in which the curve is over a malformed binary polynomial\n field, which allowed remote attackers to cause a denial\n of service (infinite loop) via a session that used an\n Elliptic Curve algorithm, as demonstrated by an attack\n against a server that supports client authentication\n (bsc#934487).\n\n - CVE-2015-1790: The PKCS7_dataDecodefunction in\n crypto/pkcs7/pk7_doit.c in OpenSSL before 0.9.8zg, 1.0.0\n before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before\n 1.0.2b allowed remote attackers to cause a denial of\n service (NULL pointer dereference and application crash)\n via a PKCS#7 blob that used ASN.1 encoding and lacks\n inner EncryptedContent data (bsc#934491).\n\n - CVE-2015-0287: The ASN1_item_ex_d2i function in\n crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0\n before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before\n 1.0.2a did not reinitialize CHOICE and ADB data\n structures, which might allowed attackers to cause a\n denial of service (invalid write operation and memory\n corruption) by leveraging an application that relies on\n ASN.1 structure reuse (bsc#922499).\n\n - CVE-2015-0286: The ASN1_TYPE_cmp function in\n crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0\n before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before\n 1.0.2a did not properly perform boolean-type\n comparisons, which allowed remote attackers to cause a\n denial of service (invalid read operation and\n application crash) via a crafted X.509 certificate to an\n endpoint that used the certificate-verification feature\n (bsc#922496).\n\n - CVE-2015-0289: The PKCS#7 implementation in OpenSSL\n before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before\n 1.0.1m, and 1.0.2 before 1.0.2a did not properly handle\n a lack of outer ContentInfo, which allowed attackers to\n cause a denial of service (NULL pointer dereference and\n application crash) by leveraging an application that\n processes arbitrary PKCS#7 data and providing malformed\n data with ASN.1 encoding, related to\n crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c\n (bsc#922500).\n\n - CVE-2015-0288: The X509_to_X509_REQ function in\n crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0\n before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before\n 1.0.2a might allowed attackers to cause a denial of\n service (NULL pointer dereference and application crash)\n via an invalid certificate key (bsc#920236).\n\n - CVE-2014-8176: The dtls1_clear_queues function in\n ssl/d1_lib.c in OpenSSL before 0.9.8za, 1.0.0 before\n 1.0.0m, and 1.0.1 before 1.0.1h frees data structures\n without considering that application data can arrive\n between a ChangeCipherSpec message and a Finished\n message, which allowed remote DTLS peers to cause a\n denial of service (memory corruption and application\n crash) or possibly have unspecified other impact via\n unexpected application data (bsc#934494).\n\n - CVE-2015-4000: The TLS protocol 1.2 and earlier, when a\n DHE_EXPORT ciphersuite is enabled on a server but not on\n a client, did not properly convey a DHE_EXPORT choice,\n which allowed man-in-the-middle attackers to conduct\n cipher-downgrade attacks by rewriting a ClientHello with\n DHE replaced by DHE_EXPORT and then rewriting a\n ServerHello with DHE_EXPORT replaced by DHE, aka the\n 'Logjam' issue (bsc#931600).\n\n - CVE-2015-0205: The ssl3_get_cert_verify function in\n s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1\n before 1.0.1k accepts client authentication with a\n Diffie-Hellman (DH) certificate without requiring a\n CertificateVerify message, which allowed remote\n attackers to obtain access without knowledge of a\n private key via crafted TLS Handshake Protocol traffic\n to a server that recognizes a Certification Authority\n with DH support (bsc#912293).\n\n - CVE-2015-0206: Memory leak in the dtls1_buffer_record\n function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and\n 1.0.1 before 1.0.1k allowed remote attackers to cause a\n denial of service (memory consumption) by sending many\n duplicate records for the next epoch, leading to failure\n of replay detection (bsc#912292).\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=912015\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=912018\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=912292\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=912293\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=912296\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=919648\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=920236\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=922496\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=922499\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=922500\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=931600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=934487\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=934489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=934491\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=934493\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=934494\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=937891\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libressl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcrypto34\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcrypto34-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcrypto34-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcrypto34-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libressl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libressl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libressl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libressl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libressl-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libssl33\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libssl33-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libssl33-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libssl33-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtls4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtls4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtls4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtls4-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libcrypto34-2.2.1-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libcrypto34-debuginfo-2.2.1-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libressl-2.2.1-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libressl-debuginfo-2.2.1-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libressl-debugsource-2.2.1-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libressl-devel-2.2.1-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libssl33-2.2.1-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libssl33-debuginfo-2.2.1-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libtls4-2.2.1-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libtls4-debuginfo-2.2.1-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libcrypto34-32bit-2.2.1-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libcrypto34-debuginfo-32bit-2.2.1-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libressl-devel-32bit-2.2.1-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libssl33-32bit-2.2.1-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libssl33-debuginfo-32bit-2.2.1-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libtls4-32bit-2.2.1-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libtls4-debuginfo-32bit-2.2.1-2.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libcrypto34 / libcrypto34-32bit / libcrypto34-debuginfo / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-27T14:09:03", "description": "According to its self-reported version number, the remote pfSense install is prior to 2.2.3. It is, therefore, affected by multiple vulnerabilities as stated in the referenced vendor advisories.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-01-31T00:00:00", "type": "nessus", "title": "pfSense < 2.2.3 Multiple Vulnerabilities (SA-15_07) (Logjam)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8176", "CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-2325", "CVE-2015-2326", "CVE-2015-3414", "CVE-2015-3415", "CVE-2015-3416", "CVE-2015-4000", "CVE-2015-4029", "CVE-2015-4171", "CVE-2015-4598", "CVE-2015-4642", "CVE-2015-4643", "CVE-2015-4644", "CVE-2015-6508", "CVE-2015-6509", "CVE-2015-6510", "CVE-2015-6511"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/a:pfsense:pfsense", "cpe:/a:bsdperimeter:pfsense"], "id": "PFSENSE_SA-15_06.NASL", "href": "https://www.tenable.com/plugins/nessus/106495", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(106495);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2014-8176\",\n \"CVE-2015-1788\",\n \"CVE-2015-1789\",\n \"CVE-2015-1790\",\n \"CVE-2015-1791\",\n \"CVE-2015-1792\",\n \"CVE-2015-2325\",\n \"CVE-2015-2326\",\n \"CVE-2015-3414\",\n \"CVE-2015-3415\",\n \"CVE-2015-3416\",\n \"CVE-2015-4000\",\n \"CVE-2015-4029\",\n \"CVE-2015-4171\",\n \"CVE-2015-4598\",\n \"CVE-2015-4642\",\n \"CVE-2015-4643\",\n \"CVE-2015-4644\",\n \"CVE-2015-6508\",\n \"CVE-2015-6509\",\n \"CVE-2015-6510\",\n \"CVE-2015-6511\"\n );\n script_bugtraq_id(\n 74228,\n 75174,\n 75175,\n 75244,\n 75290,\n 75291,\n 75292\n );\n script_xref(name:\"FreeBSD\", value:\"SA-15:10.openssl\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"pfSense < 2.2.3 Multiple Vulnerabilities (SA-15_07) (Logjam)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote firewall host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the remote pfSense\ninstall is prior to 2.2.3. It is, therefore, affected by multiple\nvulnerabilities as stated in the referenced vendor advisories.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://doc.pfsense.org/index.php/2.2.3_New_Features_and_Changes\");\n # https://www.pfsense.org/security/advisories/pfSense-SA-15_06.webgui.asc\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?61bea99f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to pfSense version 2.2.3 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-4642\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:pfsense:pfsense\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:bsdperimeter:pfsense\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Firewalls\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"pfsense_detect.nbin\");\n script_require_keys(\"Host/pfSense\");\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\ninclude(\"vcf_extras.inc\");\n\nif (!get_kb_item(\"Host/pfSense\")) audit(AUDIT_HOST_NOT, \"pfSense\");\n\napp_info = vcf::pfsense::get_app_info();\nconstraints = [\n { \"fixed_version\" : \"2.2.3\" }\n];\n\nvcf::pfsense::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_HOLE,\n flags:{xss:TRUE}\n);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-02T14:30:20", "description": "According to the web server's banner, the version of HP System Management Homepage (SMH) hosted on the remote web server is prior to 7.2.6. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several components and third-party libraries :\n\n - HP SMH (XSRF)\n - libcurl\n - OpenSSL", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-03-29T00:00:00", "type": "nessus", "title": "HP System Management Homepage < 7.2.6 Multiple Vulnerabilities (FREAK)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0015", "CVE-2014-0138", "CVE-2014-0139", "CVE-2014-2522", "CVE-2014-2641", "CVE-2014-3569", "CVE-2014-3570", "CVE-2014-3571", "CVE-2014-3572", "CVE-2014-8275", "CVE-2015-0204", "CVE-2015-0205", "CVE-2015-0206", "CVE-2015-0207", "CVE-2015-0208", "CVE-2015-0209", "CVE-2015-0285", "CVE-2015-0286", "CVE-2015-0287", "CVE-2015-0288", "CVE-2015-0289", "CVE-2015-0290", "CVE-2015-0291", "CVE-2015-0292", "CVE-2015-0293", "CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-3143", "CVE-2015-3145", "CVE-2015-3148"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:hp:system_management_homepage", "cpe:/a:openssl:openssl", "cpe:/a:haxx:curl", "cpe:/a:haxx:libcurl"], "id": "HPSMH_7_2_6.NASL", "href": "https://www.tenable.com/plugins/nessus/90251", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90251);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2014-0015\",\n \"CVE-2014-0138\",\n \"CVE-2014-0139\",\n \"CVE-2014-2522\",\n \"CVE-2014-2641\",\n \"CVE-2014-3569\",\n \"CVE-2014-3570\",\n \"CVE-2014-3571\",\n \"CVE-2014-3572\",\n \"CVE-2014-8275\",\n \"CVE-2015-0204\",\n \"CVE-2015-0205\",\n \"CVE-2015-0206\",\n \"CVE-2015-0207\",\n \"CVE-2015-0208\",\n \"CVE-2015-0209\",\n \"CVE-2015-0285\",\n \"CVE-2015-0286\",\n \"CVE-2015-0287\",\n \"CVE-2015-0288\",\n \"CVE-2015-0289\",\n \"CVE-2015-0290\",\n \"CVE-2015-0291\",\n \"CVE-2015-0292\",\n \"CVE-2015-0293\",\n \"CVE-2015-1788\",\n \"CVE-2015-1789\",\n \"CVE-2015-1790\",\n \"CVE-2015-1791\",\n \"CVE-2015-1792\",\n \"CVE-2015-3143\",\n \"CVE-2015-3145\",\n \"CVE-2015-3148\"\n );\n script_bugtraq_id(\n 65270,\n 66296,\n 66457,\n 66458,\n 70208,\n 71934,\n 71935,\n 71936,\n 71937,\n 71939,\n 71940,\n 71941,\n 71942,\n 73225,\n 73226,\n 73227,\n 73228,\n 73229,\n 73230,\n 73231,\n 73232,\n 73234,\n 73235,\n 73237,\n 73239,\n 74299,\n 74301,\n 74303,\n 75154,\n 75156,\n 75157,\n 75158,\n 75161\n );\n script_xref(name:\"CERT\", value:\"243585\");\n script_xref(name:\"HP\", value:\"HPSBMU03422\");\n script_xref(name:\"HP\", value:\"emr_na-c04805275\");\n script_xref(name:\"HP\", value:\"SSRT101438\");\n script_xref(name:\"HP\", value:\"SSRT101447\");\n script_xref(name:\"HP\", value:\"SSRT102109\");\n\n script_name(english:\"HP System Management Homepage < 7.2.6 Multiple Vulnerabilities (FREAK)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the web server's banner, the version of HP System\nManagement Homepage (SMH) hosted on the remote web server is prior to\n7.2.6. It is, therefore, affected by multiple vulnerabilities,\nincluding remote code execution vulnerabilities, in several components\nand third-party libraries :\n\n - HP SMH (XSRF)\n - libcurl\n - OpenSSL\");\n # https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c04805275\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5bc0a4e1\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20150108.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.smacktls.com/#freak\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20150319.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to HP System Management Homepage (SMH) version 7.2.6 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/01/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:hp:system_management_homepage\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:haxx:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:haxx:libcurl\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"compaq_wbem_detect.nasl\");\n script_require_keys(\"www/hp_smh\");\n script_require_ports(\"Services/www\", 2301, 2381);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nget_kb_item_or_exit(\"www/hp_smh\");\n\nport = get_http_port(default:2381, embedded:TRUE);\n\ninstall = get_install_from_kb(appname:'hp_smh', port:port, exit_on_fail:TRUE);\ndir = install['dir'];\nversion = install['ver'];\nprod = get_kb_item_or_exit(\"www/\"+port+\"/hp_smh/variant\");\n\nif (version == UNKNOWN_VER) exit(1, 'The version of '+prod+' installed at '+build_url(port:port, qs:dir+\"/\")+' is unknown.');\n\n# nb: 'version' can have non-numeric characters in it so we'll create\n# an alternate form and make sure that's safe for use in 'ver_compare()'.\nversion_alt = ereg_replace(pattern:\"[_-]\", replace:\".\", string:version);\nif (!ereg(pattern:\"^[0-9][0-9.]+$\", string:version_alt)) exit(1, 'The version of '+prod+' installed at '+build_url(port:port, qs:dir+\"/\")+' does not look valid ('+version+').');\n\nfixed_version = '7.2.6';\nif (ver_compare(ver:version_alt, fix:fixed_version, strict:FALSE) == -1)\n{\n source_line = get_kb_item(\"www/\"+port+\"/hp_smh/source\");\n\n report = '\\n Product : ' + prod;\n if (!isnull(source_line))\n report += '\\n Version source : ' + source_line;\n report +=\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version +\n '\\n';\n\n security_report_v4(severity:SECURITY_HOLE, port:port, extra:report, xsrf:TRUE);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, prod, port, version);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T16:35:52", "description": "This update for libopenssl0_9_8 fixes the following issues :\n\n - CVE-2016-0800 aka the 'DROWN' attack (bsc#968046):\n OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle.\n\n This update changes the openssl library to :\n\n - Disable SSLv2 protocol support by default.\n\n This can be overridden by setting the environment variable 'OPENSSL_ALLOW_SSL2' or by using SSL_CTX_clear_options using the SSL_OP_NO_SSLv2 flag.\n\n Note that various services and clients had already disabled SSL protocol 2 by default previously.\n\n - Disable all weak EXPORT ciphers by default. These can be reenabled if required by old legacy software using the environment variable 'OPENSSL_ALLOW_EXPORT'.\n\n - CVE-2016-0797 (bnc#968048): The BN_hex2bn() and BN_dec2bn() functions had a bug that could result in an attempt to de-reference a NULL pointer leading to crashes. This could have security consequences if these functions were ever called by user applications with large untrusted hex/decimal data. Also, internal usage of these functions in OpenSSL uses data from config files or application command line arguments. If user developed applications generated config file data based on untrusted data, then this could have had security consequences as well.\n\n - CVE-2016-0799 (bnc#968374) On many 64 bit systems, the internal fmtstr() and doapr_outch() functions could miscalculate the length of a string and attempt to access out-of-bounds memory locations. These problems could have enabled attacks where large amounts of untrusted data is passed to the BIO_*printf functions.\n If applications use these functions in this way then they could have been vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could have been vulnerable if the data is from untrusted sources. OpenSSL command line applications could also have been vulnerable when they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable.\n\n - The package was updated to 0.9.8zh :\n\n - fixes many security vulnerabilities (not separately listed): CVE-2015-3195, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1792, CVE-2015-1791, CVE-2015-0286, CVE-2015-0287, CVE-2015-0289, CVE-2015-0293, CVE-2015-0209, CVE-2015-0288, CVE-2014-3571, CVE-2014-3569, CVE-2014-3572, CVE-2015-0204, CVE-2014-8275, CVE-2014-3570, CVE-2014-3567, CVE-2014-3568, CVE-2014-3566, CVE-2014-3510, CVE-2014-3507, CVE-2014-3506, CVE-2014-3505, CVE-2014-3508, CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-3470, CVE-2014-0076, CVE-2013-0169, CVE-2013-0166\n\n - avoid running OPENSSL_config twice. This avoids breaking engine loading. (boo#952871, boo#967787)\n\n - fix CVE-2015-3197 (boo#963415)\n\n - SSLv2 doesn't block disabled ciphers", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-03-04T00:00:00", "type": "nessus", "title": "openSUSE Security Update : libopenssl0_9_8 (openSUSE-2016-294) (DROWN) (FREAK) (POODLE)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0166", "CVE-2013-0169", "CVE-2014-0076", "CVE-2014-0195", "CVE-2014-0221", "CVE-2014-0224", "CVE-2014-3470", "CVE-2014-3505", "CVE-2014-3506", "CVE-2014-3507", "CVE-2014-3508", "CVE-2014-3510", "CVE-2014-3566", "CVE-2014-3567", "CVE-2014-3568", "CVE-2014-3569", "CVE-2014-3570", "CVE-2014-3571", "CVE-2014-3572", "CVE-2014-8275", "CVE-2015-0204", "CVE-2015-0209", "CVE-2015-0286", "CVE-2015-0287", "CVE-2015-0288", "CVE-2015-0289", "CVE-2015-0293", "CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-3195", "CVE-2015-3197", "CVE-2016-0797", "CVE-2016-0799", "CVE-2016-0800"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libopenssl0_9_8", "p-cpe:/a:novell:opensuse:libopenssl0_9_8-32bit", "p-cpe:/a:novell:opensuse:libopenssl0_9_8-debuginfo", "p-cpe:/a:novell:opensuse:libopenssl0_9_8-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libopenssl0_9_8-debugsource", "cpe:/o:novell:opensuse:13.2", "cpe:/o:novell:opensuse:42.1"], "id": "OPENSUSE-2016-294.NASL", "href": "https://www.tenable.com/plugins/nessus/89651", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-294.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89651);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2013-0166\",\n \"CVE-2013-0169\",\n \"CVE-2014-0076\",\n \"CVE-2014-0195\",\n \"CVE-2014-0221\",\n \"CVE-2014-0224\",\n \"CVE-2014-3470\",\n \"CVE-2014-3505\",\n \"CVE-2014-3506\",\n \"CVE-2014-3507\",\n \"CVE-2014-3508\",\n \"CVE-2014-3510\",\n \"CVE-2014-3566\",\n \"CVE-2014-3567\",\n \"CVE-2014-3568\",\n \"CVE-2014-3569\",\n \"CVE-2014-3570\",\n \"CVE-2014-3571\",\n \"CVE-2014-3572\",\n \"CVE-2014-8275\",\n \"CVE-2015-0204\",\n \"CVE-2015-0209\",\n \"CVE-2015-0286\",\n \"CVE-2015-0287\",\n \"CVE-2015-0288\",\n \"CVE-2015-0289\",\n \"CVE-2015-0293\",\n \"CVE-2015-1788\",\n \"CVE-2015-1789\",\n \"CVE-2015-1790\",\n \"CVE-2015-1791\",\n \"CVE-2015-1792\",\n \"CVE-2015-3195\",\n \"CVE-2015-3197\",\n \"CVE-2016-0797\",\n \"CVE-2016-0799\",\n \"CVE-2016-0800\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0547\");\n\n script_name(english:\"openSUSE Security Update : libopenssl0_9_8 (openSUSE-2016-294) (DROWN) (FREAK) (POODLE)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for libopenssl0_9_8 fixes the following issues :\n\n - CVE-2016-0800 aka the 'DROWN' attack (bsc#968046):\n OpenSSL was vulnerable to a cross-protocol attack that\n could lead to decryption of TLS sessions by using a\n server supporting SSLv2 and EXPORT cipher suites as a\n Bleichenbacher RSA padding oracle.\n\n This update changes the openssl library to :\n\n - Disable SSLv2 protocol support by default.\n\n This can be overridden by setting the environment\n variable 'OPENSSL_ALLOW_SSL2' or by using\n SSL_CTX_clear_options using the SSL_OP_NO_SSLv2 flag.\n\n Note that various services and clients had already\n disabled SSL protocol 2 by default previously.\n\n - Disable all weak EXPORT ciphers by default. These can be\n reenabled if required by old legacy software using the\n environment variable 'OPENSSL_ALLOW_EXPORT'.\n\n - CVE-2016-0797 (bnc#968048): The BN_hex2bn() and\n BN_dec2bn() functions had a bug that could result in an\n attempt to de-reference a NULL pointer leading to\n crashes. This could have security consequences if these\n functions were ever called by user applications with\n large untrusted hex/decimal data. Also, internal usage\n of these functions in OpenSSL uses data from config\n files or application command line arguments. If user\n developed applications generated config file data based\n on untrusted data, then this could have had security\n consequences as well.\n\n - CVE-2016-0799 (bnc#968374) On many 64 bit systems, the\n internal fmtstr() and doapr_outch() functions could\n miscalculate the length of a string and attempt to\n access out-of-bounds memory locations. These problems\n could have enabled attacks where large amounts of\n untrusted data is passed to the BIO_*printf functions.\n If applications use these functions in this way then\n they could have been vulnerable. OpenSSL itself uses\n these functions when printing out human-readable dumps\n of ASN.1 data. Therefore applications that print this\n data could have been vulnerable if the data is from\n untrusted sources. OpenSSL command line applications\n could also have been vulnerable when they print out\n ASN.1 data, or if untrusted data is passed as command\n line arguments. Libssl is not considered directly\n vulnerable.\n\n - The package was updated to 0.9.8zh :\n\n - fixes many security vulnerabilities (not separately\n listed): CVE-2015-3195, CVE-2015-1788, CVE-2015-1789,\n CVE-2015-1790, CVE-2015-1792, CVE-2015-1791,\n CVE-2015-0286, CVE-2015-0287, CVE-2015-0289,\n CVE-2015-0293, CVE-2015-0209, CVE-2015-0288,\n CVE-2014-3571, CVE-2014-3569, CVE-2014-3572,\n CVE-2015-0204, CVE-2014-8275, CVE-2014-3570,\n CVE-2014-3567, CVE-2014-3568, CVE-2014-3566,\n CVE-2014-3510, CVE-2014-3507, CVE-2014-3506,\n CVE-2014-3505, CVE-2014-3508, CVE-2014-0224,\n CVE-2014-0221, CVE-2014-0195, CVE-2014-3470,\n CVE-2014-0076, CVE-2013-0169, CVE-2013-0166\n\n - avoid running OPENSSL_config twice. This avoids breaking\n engine loading. (boo#952871, boo#967787)\n\n - fix CVE-2015-3197 (boo#963415)\n\n - SSLv2 doesn't block disabled ciphers\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=952871\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=963415\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=967787\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=968046\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=968048\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=968374\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libopenssl0_9_8 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl0_9_8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl0_9_8-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl0_9_8-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl0_9_8-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl0_9_8-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2|SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2 / 42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libopenssl0_9_8-0.9.8zh-9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libopenssl0_9_8-debuginfo-0.9.8zh-9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libopenssl0_9_8-debugsource-0.9.8zh-9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libopenssl0_9_8-32bit-0.9.8zh-9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libopenssl0_9_8-debuginfo-32bit-0.9.8zh-9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libopenssl0_9_8-0.9.8zh-14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libopenssl0_9_8-debuginfo-0.9.8zh-14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libopenssl0_9_8-debugsource-0.9.8zh-14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libopenssl0_9_8-32bit-0.9.8zh-14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libopenssl0_9_8-debuginfo-32bit-0.9.8zh-14.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libopenssl0_9_8 / libopenssl0_9_8-32bit / libopenssl0_9_8-debuginfo / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:59:44", "description": "The remote host is running a version of Mac OS X 10.8.5 or 10.9.5 that is missing Security Update 2015-006. It is, therefore, affected by multiple vulnerabilities in the following components :\n\n - apache\n - apache_mod_php\n - CoreText\n - FontParser\n - Libinfo\n - libxml2\n - OpenSSL\n - perl\n - PostgreSQL\n - QL Office\n - Quartz Composer Framework\n - QuickTime 7\n - SceneKit\n\nNote that successful exploitation of the most serious issues can result in arbitrary code execution.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2015-08-17T00:00:00", "type": "nessus", "title": "Mac OS X Multiple Vulnerabilities (Security Update 2015-006)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-6685", "CVE-2014-0067", "CVE-2014-0191", "CVE-2014-3581", "CVE-2014-3583", "CVE-2014-3660", "CVE-2014-8109", "CVE-2014-8161", "CVE-2015-0228", "CVE-2015-0241", "CVE-2015-0242", "CVE-2015-0243", "CVE-2015-0244", "CVE-2015-0253", "CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-2783", "CVE-2015-2787", "CVE-2015-3183", "CVE-2015-3185", "CVE-2015-3307", "CVE-2015-3329", "CVE-2015-3330", "CVE-2015-3729", "CVE-2015-3730", "CVE-2015-3731", "CVE-2015-3732", "CVE-2015-3733", "CVE-2015-3734", "CVE-2015-3735", "CVE-2015-3736", "CVE-2015-3737", "CVE-2015-3738", "CVE-2015-3739", "CVE-2015-3740", "CVE-2015-3741", "CVE-2015-3742", "CVE-2015-3743", "CVE-2015-3744", "CVE-2015-3745", "CVE-2015-3746", "CVE-2015-3747", "CVE-2015-3748", "CVE-2015-3749", "CVE-2015-3750", "CVE-2015-3751", "CVE-2015-3752", "CVE-2015-3753", "CVE-2015-3754", "CVE-2015-3755", "CVE-2015-3765", "CVE-2015-3779", "CVE-2015-3783", "CVE-2015-3788", "CVE-2015-3789", "CVE-2015-3790", "CVE-2015-3791", "CVE-2015-3792", "CVE-2015-3804", "CVE-2015-3807", "CVE-2015-4021", "CVE-2015-4022", "CVE-2015-4024", "CVE-2015-4025", "CVE-2015-4026", "CVE-2015-4147", "CVE-2015-4148", "CVE-2015-5751", "CVE-2015-5753", "CVE-2015-5756", "CVE-2015-5761", "CVE-2015-5771", "CVE-2015-5773", "CVE-2015-5775", "CVE-2015-5776", "CVE-2015-5779"], "modified": "2019-11-22T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "MACOSX_SECUPD2015-006.NASL", "href": "https://www.tenable.com/plugins/nessus/85409", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85409);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2019/11/22\");\n\n script_cve_id(\n \"CVE-2012-6685\",\n \"CVE-2014-0067\",\n \"CVE-2014-0191\",\n \"CVE-2014-3581\",\n \"CVE-2014-3583\",\n \"CVE-2014-3660\",\n \"CVE-2014-8109\",\n \"CVE-2014-8161\",\n \"CVE-2015-0228\",\n \"CVE-2015-0241\",\n \"CVE-2015-0242\",\n \"CVE-2015-0243\",\n \"CVE-2015-0244\",\n \"CVE-2015-0253\",\n \"CVE-2015-1788\",\n \"CVE-2015-1789\",\n \"CVE-2015-1790\",\n \"CVE-2015-1791\",\n \"CVE-2015-1792\",\n \"CVE-2015-2783\",\n \"CVE-2015-2787\",\n \"CVE-2015-3183\",\n \"CVE-2015-3185\",\n \"CVE-2015-3307\",\n \"CVE-2015-3329\",\n \"CVE-2015-3330\",\n \"CVE-2015-3729\",\n \"CVE-2015-3730\",\n \"CVE-2015-3731\",\n \"CVE-2015-3732\",\n \"CVE-2015-3733\",\n \"CVE-2015-3734\",\n \"CVE-2015-3735\",\n \"CVE-2015-3736\",\n \"CVE-2015-3737\",\n \"CVE-2015-3738\",\n \"CVE-2015-3739\",\n \"CVE-2015-3740\",\n \"CVE-2015-3741\",\n \"CVE-2015-3742\",\n \"CVE-2015-3743\",\n \"CVE-2015-3744\",\n \"CVE-2015-3745\",\n \"CVE-2015-3746\",\n \"CVE-2015-3747\",\n \"CVE-2015-3748\",\n \"CVE-2015-3749\",\n \"CVE-2015-3750\",\n \"CVE-2015-3751\",\n \"CVE-2015-3752\",\n \"CVE-2015-3753\",\n \"CVE-2015-3754\",\n \"CVE-2015-3755\",\n \"CVE-2015-3765\",\n \"CVE-2015-3779\",\n \"CVE-2015-3783\",\n \"CVE-2015-3788\",\n \"CVE-2015-3789\",\n \"CVE-2015-3790\",\n \"CVE-2015-3791\",\n \"CVE-2015-3792\",\n \"CVE-2015-3804\",\n \"CVE-2015-3807\",\n \"CVE-2015-4021\",\n \"CVE-2015-4022\",\n \"CVE-2015-4024\",\n \"CVE-2015-4025\",\n \"CVE-2015-4026\",\n \"CVE-2015-4147\",\n \"CVE-2015-4148\",\n \"CVE-2015-5751\",\n \"CVE-2015-5753\",\n \"CVE-2015-5756\",\n \"CVE-2015-5761\",\n \"CVE-2015-5771\",\n \"CVE-2015-5773\",\n \"CVE-2015-5775\",\n \"CVE-2015-5776\",\n \"CVE-2015-5779\"\n );\n script_bugtraq_id(\n 65721,\n 67233,\n 70644,\n 71656,\n 71657,\n 72538,\n 72540,\n 72542,\n 72543,\n 73040,\n 73041,\n 73357,\n 73431,\n 74174,\n 74204,\n 74239,\n 74240,\n 74700,\n 74703,\n 74902,\n 74903,\n 74904,\n 75056,\n 75103,\n 75154,\n 75156,\n 75157,\n 75158,\n 75161,\n 75963,\n 75964,\n 75965,\n 76338,\n 76339,\n 76340,\n 76341,\n 76342,\n 76343,\n 76344\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2015-08-13-2\");\n\n script_name(english:\"Mac OS X Multiple Vulnerabilities (Security Update 2015-006)\");\n script_summary(english:\"Checks for the presence of Security Update 2015-006.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a Mac OS X update that fixes multiple\nsecurity vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Mac OS X 10.8.5 or 10.9.5\nthat is missing Security Update 2015-006. It is, therefore, affected\nby multiple vulnerabilities in the following components :\n\n - apache\n - apache_mod_php\n - CoreText\n - FontParser\n - Libinfo\n - libxml2\n - OpenSSL\n - perl\n - PostgreSQL\n - QL Office\n - Quartz Composer Framework\n - QuickTime 7\n - SceneKit\n\nNote that successful exploitation of the most serious issues can\nresult in arbitrary code execution.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT205031\");\n script_set_attribute(attribute:\"solution\", value:\n\"Install Security Update 2015-006 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-5779\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"Host/MacOSX/packages/boms\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\npatch = \"2015-006\";\n\n# Compare 2 patch numbers to determine if patch requirements are satisfied.\n# Return true if this patch or a later patch is applied\n# Return false otherwise\nfunction check_patch(year, number)\n{\n local_var p_split = split(patch, sep:\"-\");\n local_var p_year = int( p_split[0]);\n local_var p_num = int( p_split[1]);\n\n if (year > p_year) return TRUE;\n else if (year < p_year) return FALSE;\n else if (number >= p_num) return TRUE;\n else return FALSE;\n}\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\n# Advisory states that the update is available for 10.10.2\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X\");\nif (!ereg(pattern:\"Mac OS X 10\\.[89]\\.5([^0-9]|$)\", string:os)) audit(AUDIT_OS_NOT, \"Mac OS X 10.8.5 or Mac OS X 10.9.5\");\n\npackages = get_kb_item_or_exit(\"Host/MacOSX/packages/boms\", exit_code:1);\nsec_boms_report = egrep(pattern:\"^com\\.apple\\.pkg\\.update\\.security\\..*bom$\", string:packages);\nsec_boms = split(sec_boms_report, sep:'\\n');\n\nforeach package (sec_boms)\n{\n # Grab patch year and number\n match = eregmatch(pattern:\"[^0-9](20[0-9][0-9])[-.]([0-9]{3})[^0-9]\", string:package);\n if (empty_or_null(match[1]) || empty_or_null(match[2]))\n continue;\n\n patch_found = check_patch(year:int(match[1]), number:int(match[2]));\n if (patch_found) exit(0, \"The host has Security Update \" + patch + \" or later installed and is therefore not affected.\");\n}\n\nreport = '\\n Missing security update : ' + patch;\nreport += '\\n Installed security BOMs : ';\nif (sec_boms_report) report += str_replace(find:'\\n', replace:'\\n ', string:sec_boms_report);\nelse report += 'n/a';\nreport += '\\n';\n\nsecurity_report_v4(port:0, severity:SECURITY_HOLE, extra:report);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-17T14:44:47", "description": "The remote host is running a version of Mac OS X 10.10.x that is prior to version 10.10.5. The installed version is affected by multiple vulnerabilities in the following components :\n\n - apache (CVE-2014-3581, CVE-2014-3583, CVE-2014-8109, CVE-2015-0228, CVE-2015-0253, CVE-2015-3183, CVE-2015-3185)\n - apache_mod_php (CVE-2015-2783, CVE-2015-2787, CVE-2015-3307, CVE-2015-3329, CVE-2015-3330, CVE-2015-4021, CVE-2015-4022, CVE-2015-4024, CVE-2015-4025, CVE-2015-4026, CVE-2015-4147, CVE-2015-4148)\n - Apple ID OD Plug-in (CVE-2015-3799)\n - AppleGraphicsControl (CVE-2015-5768)\n - Bluetooth (CVE-2015-3777, CVE-2015-3779, CVE-2015-3780, CVE-2015-3786, CVE-2015-3787)\n - bootp (CVE-2015-3778)\n - CloudKit (CVE-2015-3782)\n - CoreMedia Playback (CVE-2015-5777, CVE-2015-5778)\n - CoreText (CVE-2015-5761, CVE-2015-5755)\n - curl (CVE-2014-3613, CVE-2014-3620, CVE-2014-3707, CVE-2014-8150, CVE-2014-8151, CVE-2015-3143, CVE-2015-3144, CVE-2015-3145, CVE-2015-3148, CVE-2015-3153)\n - Data Detectors Engine (CVE-2015-5750)\n - Date & Time pref pane (CVE-2015-3757)\n - Dictionary Application (CVE-2015-3774)\n - DiskImages (CVE-2015-3800)\n - dyld (CVE-2015-3760)\n - FontParser (CVE-2015-3804, CVE-2015-5775, CVE-2015-5756)\n - groff (CVE-2009-5044, CVE-2009-5078)\n - ImageIO (CVE-2015-5758, CVE-2015-5781, CVE-2015-5782)\n - Install Framework Legacy (CVE-2015-5784, CVE-2015-5754)\n - IOFireWireFamily (CVE-2015-3769, CVE-2015-3771, CVE-2015-3772)\n - IOGraphics (CVE-2015-3770, CVE-2015-5783)\n - IOHIDFamily (CVE-2015-5774)\n - Kernel (CVE-2015-3766, CVE-2015-3768, CVE-2015-5747, CVE-2015-5748, CVE-2015-3806, CVE-2015-3803, CVE-2015-3802, CVE-2015-3805, CVE-2015-3776, CVE-2015-3761)\n - Libc (CVE-2015-3796, CVE-2015-3797, CVE-2015-3798)\n - Libinfo (CVE-2015-5776)\n - libpthread (CVE-2015-5757)\n - libxml2 (CVE-2014-0191, CVE-2014-3660, CVE-2015-3807)\n - libxpc (CVE-2015-3795)\n - mail_cmds (CVE-2014-7844)\n - Notification Center OSX (CVE-2015-3764)\n - ntfs (CVE-2015-5763)\n - OpenSSH (CVE-2015-5600)\n - OpenSSL (CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792)\n - perl (CVE-2013-7422)\n - PostgreSQL (CVE-2014-0067, CVE-2014-8161, CVE-2015-0241, CVE-2015-0242, CVE-2015-0243, CVE-2015-0244)\n - python (CVE-2013-7040, CVE-2013-7338, CVE-2014-1912, CVE-2014-7185, CVE-2014-9365)\n - QL Office (CVE-2015-5773, CVE-2015-3784)\n - Quartz Composer Framework (CVE-2015-5771)\n - Quick Look (CVE-2015-3781)\n - QuickTime 7 (CVE-2015-3779, CVE-2015-5753, CVE-2015-5779, CVE-2015-3765, CVE-2015-3788, CVE-2015-3789, CVE-2015-3790, CVE-2015-3791, CVE-2015-3792, CVE-2015-5751)\n - SceneKit (CVE-2015-5772, CVE-2015-3783)\n - Security (CVE-2015-3775)\n - SMBClient (CVE-2015-3773)\n - Speech UI (CVE-2015-3794)\n - sudo (CVE-2013-1775, CVE-2013-1776, CVE-2013-2776, CVE-2013-2777, CVE-2014-0106, CVE-2014-9680)\n - tcpdump (CVE-2014-8767, CVE-2014-8769, CVE-2014-9140)\n - Text Formats (CVE-2015-3762)\n - udf (CVE-2015-3767)\n\n Note that successful exploitation of the most serious issues can result in arbitrary code execution.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2015-10-16T00:00:00", "type": "nessus", "title": "Mac OS X < 10.10.5 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-5044", "CVE-2009-5078", "CVE-2013-1775", "CVE-2013-1776", "CVE-2013-2776", "CVE-2013-2777", "CVE-2013-7040", "CVE-2013-7338", "CVE-2013-7422", "CVE-2014-0067", "CVE-2014-0106", "CVE-2014-0191", "CVE-2014-1912", "CVE-2014-3581", "CVE-2014-3583", "CVE-2014-3613", "CVE-2014-3620", "CVE-2014-3660", "CVE-2014-3707", "CVE-2014-7185", "CVE-2014-7844", "CVE-2014-8109", "CVE-2014-8150", "CVE-2014-8151", "CVE-2014-8161", "CVE-2014-8767", "CVE-2014-8769", "CVE-2014-9140", "CVE-2014-9365", "CVE-2014-9680", "CVE-2015-0228", "CVE-2015-0241", "CVE-2015-0242", "CVE-2015-0243", "CVE-2015-0244", "CVE-2015-0253", "CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-2783", "CVE-2015-2787", "CVE-2015-3143", "CVE-2015-3144", "CVE-2015-3145", "CVE-2015-3148", "CVE-2015-3153", "CVE-2015-3183", "CVE-2015-3185", "CVE-2015-3307", "CVE-2015-3329", "CVE-2015-3330", "CVE-2015-3757", "CVE-2015-3760", "CVE-2015-3761", "CVE-2015-3762", "CVE-2015-3764", "CVE-2015-3765", "CVE-2015-3766", "CVE-2015-3767", "CVE-2015-3768", "CVE-2015-3769", "CVE-2015-3770", "CVE-2015-3771", "CVE-2015-3772", "CVE-2015-3773", "CVE-2015-3774", "CVE-2015-3775", "CVE-2015-3776", "CVE-2015-3777", "CVE-2015-3778", "CVE-2015-3779", "CVE-2015-3780", "CVE-2015-3781", "CVE-2015-3782", "CVE-2015-3783", "CVE-2015-3784", "CVE-2015-3786", "CVE-2015-3787", "CVE-2015-3788", "CVE-2015-3789", "CVE-2015-3790", "CVE-2015-3791", "CVE-2015-3792", "CVE-2015-3794", "CVE-2015-3795", "CVE-2015-3796", "CVE-2015-3797", "CVE-2015-3798", "CVE-2015-3799", "CVE-2015-3800", "CVE-2015-3802", "CVE-2015-3803", "CVE-2015-3804", "CVE-2015-3805", "CVE-2015-3806", "CVE-2015-3807", "CVE-2015-4021", "CVE-2015-4022", "CVE-2015-4024", "CVE-2015-4025", "CVE-2015-4026", "CVE-2015-4147", "CVE-2015-4148", "CVE-2015-5600", "CVE-2015-5747", "CVE-2015-5748", "CVE-2015-5750", "CVE-2015-5751", "CVE-2015-5753", "CVE-2015-5754", "CVE-2015-5755", "CVE-2015-5756", "CVE-2015-5757", "CVE-2015-5758", "CVE-2015-5761", "CVE-2015-5763", "CVE-2015-5768", "CVE-2015-5771", "CVE-2015-5772", "CVE-2015-5773", "CVE-2015-5774", "CVE-2015-5775", "CVE-2015-5776", "CVE-2015-5777", "CVE-2015-5778", "CVE-2015-5779", "CVE-2015-5781", "CVE-2015-5782", "CVE-2015-5783", "CVE-2015-5784"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "8981.PRM", "href": "https://www.tenable.com/plugins/nnm/8981", "sourceData": "Binary data 8981.prm", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-16T15:20:19", "description": "The remote host is running a version of Mac OS X 10.10.x that is prior to 10.10.5. It is, therefore, affected by multiple vulnerabilities in the following components :\n\n - apache\n - apache_mod_php\n - Apple ID OD Plug-in\n - AppleGraphicsControl\n - Bluetooth\n - bootp\n - CloudKit\n - CoreMedia Playback\n - CoreText\n - curl\n - Data Detectors Engine\n - Date & Time pref pane\n - Dictionary Application\n - DiskImages\n - dyld\n - FontParser\n - groff\n - ImageIO\n - Install Framework Legacy\n - IOFireWireFamily\n - IOGraphics\n - IOHIDFamily\n - Kernel\n - Libc\n - Libinfo\n - libpthread\n - libxml2\n - libxpc\n - mail_cmds\n - Notification Center OSX\n - ntfs\n - OpenSSH\n - OpenSSL\n - perl\n - PostgreSQL\n - python\n - QL Office\n - Quartz Composer Framework\n - Quick Look\n - QuickTime 7\n - SceneKit\n - Security\n - SMBClient\n - Speech UI\n - sudo\n - tcpdump\n - Text Formats\n - udf \n\nNote that successful exploitation of the most serious issues can result in arbitrary code execution.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2015-08-17T00:00:00", "type": "nessus", "title": "Mac OS X 10.10.x < 10.10.5 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-5044", "CVE-2009-5078", "CVE-2012-6685", "CVE-2013-1775", "CVE-2013-1776", "CVE-2013-2776", "CVE-2013-2777", "CVE-2013-7040", "CVE-2013-7338", "CVE-2013-7422", "CVE-2014-0067", "CVE-2014-0106", "CVE-2014-0191", "CVE-2014-1912", "CVE-2014-3581", "CVE-2014-3583", "CVE-2014-3613", "CVE-2014-3620", "CVE-2014-3660", "CVE-2014-3707", "CVE-2014-7185", "CVE-2014-7844", "CVE-2014-8109", "CVE-2014-8150", "CVE-2014-8151", "CVE-2014-8161", "CVE-2014-8767", "CVE-2014-8769", "CVE-2014-9140", "CVE-2014-9365", "CVE-2014-9680", "CVE-2015-0228", "CVE-2015-0241", "CVE-2015-0242", "CVE-2015-0243", "CVE-2015-0244", "CVE-2015-0253", "CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-2783", "CVE-2015-2787", "CVE-2015-3143", "CVE-2015-3144", "CVE-2015-3145", "CVE-2015-3148", "CVE-2015-3153", "CVE-2015-3183", "CVE-2015-3185", "CVE-2015-3307", "CVE-2015-3329", "CVE-2015-3330", "CVE-2015-3729", "CVE-2015-3730", "CVE-2015-3731", "CVE-2015-3732", "CVE-2015-3733", "CVE-2015-3734", "CVE-2015-3735", "CVE-2015-3736", "CVE-2015-3737", "CVE-2015-3738", "CVE-2015-3739", "CVE-2015-3740", "CVE-2015-3741", "CVE-2015-3742", "CVE-2015-3743", "CVE-2015-3744", "CVE-2015-3745", "CVE-2015-3746", "CVE-2015-3747", "CVE-2015-3748", "CVE-2015-3749", "CVE-2015-3750", "CVE-2015-3751", "CVE-2015-3752", "CVE-2015-3753", "CVE-2015-3754", "CVE-2015-3755", "CVE-2015-3757", "CVE-2015-3760", "CVE-2015-3761", "CVE-2015-3762", "CVE-2015-3764", "CVE-2015-3765", "CVE-2015-3766", "CVE-2015-3767", "CVE-2015-3768", "CVE-2015-3769", "CVE-2015-3770", "CVE-2015-3771", "CVE-2015-3772", "CVE-2015-3773", "CVE-2015-3774", "CVE-2015-3775", "CVE-2015-3776", "CVE-2015-3777", "CVE-2015-3778", "CVE-2015-3779", "CVE-2015-3780", "CVE-2015-3781", "CVE-2015-3782", "CVE-2015-3783", "CVE-2015-3784", "CVE-2015-3786", "CVE-2015-3787", "CVE-2015-3788", "CVE-2015-3789", "CVE-2015-3790", "CVE-2015-3791", "CVE-2015-3792", "CVE-2015-3794", "CVE-2015-3795", "CVE-2015-3796", "CVE-2015-3797", "CVE-2015-3798", "CVE-2015-3799", "CVE-2015-3800", "CVE-2015-3802", "CVE-2015-3803", "CVE-2015-3804", "CVE-2015-3805", "CVE-2015-3806", "CVE-2015-3807", "CVE-2015-4021", "CVE-2015-4022", "CVE-2015-4024", "CVE-2015-4025", "CVE-2015-4026", "CVE-2015-4147", "CVE-2015-4148", "CVE-2015-5600", "CVE-2015-5747", "CVE-2015-5748", "CVE-2015-5750", "CVE-2015-5751", "CVE-2015-5753", "CVE-2015-5754", "CVE-2015-5755", "CVE-2015-5756", "CVE-2015-5757", "CVE-2015-5758", "CVE-2015-5761", "CVE-2015-5763", "CVE-2015-5768", "CVE-2015-5771", "CVE-2015-5772", "CVE-2015-5773", "CVE-2015-5774", "CVE-2015-5775", "CVE-2015-5776", "CVE-2015-5777", "CVE-2015-5778", "CVE-2015-5779", "CVE-2015-5781", "CVE-2015-5782", "CVE-2015-5783", "CVE-2015-5784"], "modified": "2018-07-16T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "MACOSX_10_10_5.NASL", "href": "https://www.tenable.com/plugins/nessus/85408", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85408);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2018/07/16 12:48:31\");\n\n script_cve_id(\n \"CVE-2009-5044\",\n \"CVE-2009-5078\",\n \"CVE-2012-6685\",\n \"CVE-2013-1775\",\n \"CVE-2013-1776\",\n \"CVE-2013-2776\",\n \"CVE-2013-2777\",\n \"CVE-2013-7040\",\n \"CVE-2013-7338\",\n \"CVE-2013-7422\",\n \"CVE-2014-0067\",\n \"CVE-2014-0106\",\n \"CVE-2014-0191\",\n \"CVE-2014-1912\",\n \"CVE-2014-3581\",\n \"CVE-2014-3583\",\n \"CVE-2014-3613\",\n \"CVE-2014-3620\",\n \"CVE-2014-3660\",\n \"CVE-2014-3707\",\n \"CVE-2014-7185\",\n \"CVE-2014-7844\",\n \"CVE-2014-8109\",\n \"CVE-2014-8150\",\n \"CVE-2014-8151\",\n \"CVE-2014-8161\",\n \"CVE-2014-8767\",\n \"CVE-2014-8769\",\n \"CVE-2014-9140\",\n \"CVE-2014-9365\",\n \"CVE-2014-9680\",\n \"CVE-2015-0228\",\n \"CVE-2015-0241\",\n \"CVE-2015-0242\",\n \"CVE-2015-0243\",\n \"CVE-2015-0244\",\n \"CVE-2015-0253\",\n \"CVE-2015-1788\",\n \"CVE-2015-1789\",\n \"CVE-2015-1790\",\n \"CVE-2015-1791\",\n \"CVE-2015-1792\",\n \"CVE-2015-2783\",\n \"CVE-2015-2787\",\n \"CVE-2015-3143\",\n \"CVE-2015-3144\",\n \"CVE-2015-3145\",\n \"CVE-2015-3148\",\n \"CVE-2015-3153\",\n \"CVE-2015-3183\",\n \"CVE-2015-3185\",\n \"CVE-2015-3307\",\n \"CVE-2015-3329\",\n \"CVE-2015-3330\",\n \"CVE-2015-3729\",\n \"CVE-2015-3730\",\n \"CVE-2015-3731\",\n \"CVE-2015-3732\",\n \"CVE-2015-3733\",\n \"CVE-2015-3734\",\n \"CVE-2015-3735\",\n \"CVE-2015-3736\",\n \"CVE-2015-3737\",\n \"CVE-2015-3738\",\n \"CVE-2015-3739\",\n \"CVE-2015-3740\",\n \"CVE-2015-3741\",\n \"CVE-2015-3742\",\n \"CVE-2015-3743\",\n \"CVE-2015-3744\",\n \"CVE-2015-3745\",\n \"CVE-2015-3746\",\n \"CVE-2015-3747\",\n \"CVE-2015-3748\",\n \"CVE-2015-3749\",\n \"CVE-2015-3750\",\n \"CVE-2015-3751\",\n \"CVE-2015-3752\",\n \"CVE-2015-3753\",\n \"CVE-2015-3754\",\n \"CVE-2015-3755\",\n \"CVE-2015-3757\",\n \"CVE-2015-3760\",\n \"CVE-2015-3761\",\n \"CVE-2015-3762\",\n \"CVE-2015-3764\",\n \"CVE-2015-3765\",\n \"CVE-2015-3766\",\n \"CVE-2015-3767\",\n \"CVE-2015-3768\",\n \"CVE-2015-3769\",\n \"CVE-2015-3770\",\n \"CVE-2015-3771\",\n \"CVE-2015-3772\",\n \"CVE-2015-3773\",\n \"CVE-2015-3774\",\n \"CVE-2015-3775\",\n \"CVE-2015-3776\",\n \"CVE-2015-3777\",\n \"CVE-2015-3778\",\n \"CVE-2015-3779\",\n \"CVE-2015-3780\",\n \"CVE-2015-3781\",\n \"CVE-2015-3782\",\n \"CVE-2015-3783\",\n \"CVE-2015-3784\",\n \"CVE-2015-3786\",\n \"CVE-2015-3787\",\n \"CVE-2015-3788\",\n \"CVE-2015-3789\",\n \"CVE-2015-3790\",\n \"CVE-2015-3791\",\n \"CVE-2015-3792\",\n \"CVE-2015-3794\",\n \"CVE-2015-3795\",\n \"CVE-2015-3796\",\n \"CVE-2015-3797\",\n \"CVE-2015-3798\",\n \"CVE-2015-3799\",\n \"CVE-2015-3800\",\n \"CVE-2015-3802\",\n \"CVE-2015-3803\",\n \"CVE-2015-3804\",\n \"CVE-2015-3805\",\n \"CVE-2015-3806\",\n \"CVE-2015-3807\",\n \"CVE-2015-4021\",\n \"CVE-2015-4022\",\n \"CVE-2015-4024\",\n \"CVE-2015-4025\",\n \"CVE-2015-4026\",\n \"CVE-2015-4147\",\n \"CVE-2015-4148\",\n \"CVE-2015-5600\",\n \"CVE-2015-5747\",\n \"CVE-2015-5748\",\n \"CVE-2015-5750\",\n \"CVE-2015-5751\",\n \"CVE-2015-5753\",\n \"CVE-2015-5754\",\n \"CVE-2015-5755\",\n \"CVE-2015-5756\",\n \"CVE-2015-5757\",\n \"CVE-2015-5758\",\n \"CVE-2015-5761\",\n \"CVE-2015-5763\",\n \"CVE-2015-5768\",\n \"CVE-2015-5771\",\n \"CVE-2015-5772\",\n \"CVE-2015-5773\",\n \"CVE-2015-5774\",\n \"CVE-2015-5775\",\n \"CVE-2015-5776\",\n \"CVE-2015-5777\",\n \"CVE-2015-5778\",\n \"CVE-2015-5779\",\n \"CVE-2015-5781\",\n \"CVE-2015-5782\",\n \"CVE-2015-5783\",\n \"CVE-2015-5784\"\n );\n script_bugtraq_id(\n 36381,\n 58203,\n 58207,\n 62741,\n 64194,\n 65179,\n 65379,\n 65721,\n 65997,\n 67233,\n 69742,\n 69748,\n 70089,\n 70644,\n 70988,\n 71150,\n 71153,\n 71468,\n 71639,\n 71656,\n 71657,\n 71701,\n 71964,\n 72538,\n 72540,\n 72542,\n 72543,\n 72649,\n 72981,\n 73040,\n 73041,\n 73357,\n 73431,\n 74174,\n 74204,\n 74239,\n 74240,\n 74299,\n 74300,\n 74301,\n 74303,\n 74408,\n 74700,\n 74703,\n 74902,\n 74903,\n 74904,\n 75056,\n 75103,\n 75154,\n 75156,\n 75157,\n 75158,\n 75161,\n 75704,\n 75963,\n 75964,\n 75965,\n 75990,\n 76337,\n 76338,\n 76339,\n 76340,\n 76341,\n 76342,\n 76343,\n 76344\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2015-08-13-2\");\n\n script_name(english:\"Mac OS X 10.10.x < 10.10.5 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of Mac OS X.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a Mac OS X update that fixes multiple\nsecurity vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Mac OS X 10.10.x that is prior\nto 10.10.5. It is, therefore, affected by multiple vulnerabilities in\nthe following components :\n\n - apache\n - apache_mod_php\n - Apple ID OD Plug-in\n - AppleGraphicsControl\n - Bluetooth\n - bootp\n - CloudKit\n - CoreMedia Playback\n - CoreText\n - curl\n - Data Detectors Engine\n - Date & Time pref pane\n - Dictionary Application\n - DiskImages\n - dyld\n - FontParser\n - groff\n - ImageIO\n - Install Framework Legacy\n - IOFireWireFamily\n - IOGraphics\n - IOHIDFamily\n - Kernel\n - Libc\n - Libinfo\n - libpthread\n - libxml2\n - libxpc\n - mail_cmds\n - Notification Center OSX\n - ntfs\n - OpenSSH\n - OpenSSL\n - perl\n - PostgreSQL\n - python\n - QL Office\n - Quartz Composer Framework\n - Quick Look\n - QuickTime 7\n - SceneKit\n - Security\n - SMBClient\n - Speech UI\n - sudo\n - tcpdump\n - Text Formats\n - udf \n\nNote that successful exploitation of the most serious issues can\nresult in arbitrary code execution.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT205031\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mac OS X 10.10.5 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Apple OS X DYLD_PRINT_TO_FILE Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/07/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"os_fingerprint.nasl\");\n script_require_ports(\"Host/MacOSX/Version\", \"Host/OS\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os)\n{\n os = get_kb_item_or_exit(\"Host/OS\");\n if (\"Mac OS X\" >!< os) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\n c = get_kb_item(\"Host/OS/Confidence\");\n if (c <= 70) exit(1, \"Can't determine the host's OS with sufficient confidence.\");\n}\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\nmatch = eregmatch(pattern:\"Mac OS X ([0-9]+(\\.[0-9]+)+)\", string:os);\nif (isnull(match)) exit(1, \"Failed to parse the Mac OS X version ('\" + os + \"').\");\n\nversion = match[1];\nif (!ereg(pattern:\"^10\\.10([^0-9]|$)\", string:version)) audit(AUDIT_OS_NOT, \"Mac OS X 10.10\", \"Mac OS X \"+version);\n\nfixed_version = \"10.10.5\";\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)\n{\n if (report_verbosity > 0)\n {\n report = '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version +\n '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected since it is running Mac OS X \"+version+\".\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "ibm": [{"lastseen": "2023-02-21T01:37:25", "description": "## Summary\n\nAn OpenSSL denial of service vulnerability disclosed by the OpenSSL Project affects GSKit. Informix Dynamic Server uses GSKit and addressed the applicable CVE.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-1788_](<https://vulners.com/cve/CVE-2015-1788>) \n** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error when processing an ECParameters structure over a specially crafted binary polynomial field. A remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \n \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103778_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103778>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## Affected Products and Versions\n\nInformix Dynamic Server (IDS) 11.50, 11.70, and 12.10.xC1-xC5 and and Client Software Development Kit (CSDK) 3.50, 3.70, and 4.10 xC1-xC5.\n\n## Remediation/Fixes\n\nUpgrade to [IDS version 12.10.xC6](<http://www-01.ibm.com/software/howtobuy/passportadvantage/pao_customers.htm>), otherwise replace GSKit as per chart below. \n \nGSKit 8.0.50.52 is available as a separate package for 11.70 and 12.10, and for CSDK versions 3.70 and 4.10 products. For Informix Dynamic Server 11.50 and CSDK 3.50, GSKit version 7.0.5.6 is available for download. \n \n**_Informix Dynamic Server_**\n\n**Product**| **Remediation/ First Fix **| **Download options, based on GSKit version and OS** \n---|---|--- \n \n**_12.10.xC1_**_ through_ \n**_ 12.10.xC5_** \n \n**_\\-------------------------_** \n \n**_11.70 _**_ (all versions)_\n\n| \n\n_Install GSKit _**_ 8.0.50.52_**\n\n| [**Linux(32)**](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%2FInformation%2BManagement&product=ibm/Information+Management/Informix+Client+Software+Development+Kit&release=All&platform=All&function=fixId&fixids=IFX_GSKIT_8.0.50.52_LIN_x86_32_IFix&includeRequisites=1&includeSupersedes=0&downloadMethod=http>)** **[**Linux(64)**](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/Informix+Client+Software+Development+Kit&release=All&platform=All&function=fixId&fixids=IFX_GSKIT_8.0.50.52_LIN-x86_64_IFix&includeRequisites=1&includeSupersedes=0&downloadMethod=http>)** ** \n[**Linux(pSeries32)**](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/Informix+Client+Software+Development+Kit&release=All&platform=All&function=fixId&fixids=IFX_GSKIT_8.0.50.52_LIN-pSeries_32_IFix&includeRequisites=1&includeSupersedes=0&downloadMethod=http>)** **[**Linux(pSeriesLE64) **](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/Informix+Client+Software+Development+Kit&release=All&platform=All&function=fixId&fixids=IFX_GSKIT_8.0.50.52_LIN-pSeriesLE_64_IFix&includeRequisites=1&includeSupersedes=0&downloadMethod=http>) \n[**Linux (zSeries32)**](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/Informix+Client+Software+Development+Kit&release=All&platform=All&function=fixId&fixids=IFX_GSKIT_8.0.50.52_LIN-zSeries_32_IFix&includeRequisites=1&includeSupersedes=0&downloadMethod=http>)** **[**Linux(zSeries64)**](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%2FInformation%2BManagement&product=ibm/Information+Management/Informix+Client+Software+Development+Kit&release=All&platform=All&function=fixId&fixids=IFX_GSKIT_8.0.50.52_LIN-zSeries_64_IFix&includeRequisites=1&includeSupersedes=0&downloadMethod=http>) \n[**Linux(ARM32)**](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/Informix+Client+Software+Development+Kit&release=All&platform=All&function=fixId&fixids=IFX_GSKIT_8.0.50.52_LIN-ARM_32_IFix&includeRequisites=1&includeSupersedes=0&downloadMethod=http>)** **[**Linux(ARM64)**](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/Informix+Client+Software+Development+Kit&release=All&platform=All&function=fixId&fixids=IFX_GSKIT_8.0.50.52_LIN-ARM_64_IFix&includeRequisites=1&includeSupersedes=0&downloadMethod=http>) \n \n \n[**Windows(32)**](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%2FInformation%2BManagement&product=ibm/Information+Management/Informix+Client+Software+Development+Kit&release=All&platform=All&function=fixId&fixids=IFX_GSKIT_8.0.50.52_WIN_x86_32_IFix&includeRequisites=1&includeSupersedes=0&downloadMethod=http>)** **[**Windows(64)**](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%2FInformation%2BManagement&product=ibm/Information+Management/Informix+Client+Software+Development+Kit&release=All&platform=All&function=fixId&fixids=IFX_GSKIT_8.0.50.52_WIN_x86_64_IFix&includeRequisites=1&includeSupersedes=0&downloadMethod=http>) \n \n[**AIX (pSeries32)**](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%2FInformation%2BManagement&product=ibm/Information+Management/Informix+Client+Software+Development+Kit&release=All&platform=All&function=fixId&fixids=IFX_GSKIT_8.0.50.52_AIX_pSeries_32_IFix&includeRequisites=1&includeSupersedes=0&downloadMethod=http>)** **[**AIX (pSeries64)**](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%2FInformation%2BManagement&product=ibm/Information+Management/Informix+Client+Software+Development+Kit&release=All&platform=All&function=fixId&fixids=IFX_GSKIT_8.0.50.52_AIX_pSeries_64_IFix&includeRequisites=1&includeSupersedes=0&downloadMethod=http>) \n \n[**Solaris (Intel32)**](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%2FInformation%2BManagement&product=ibm/Information+Management/Informix+Client+Software+Development+Kit&release=All&platform=All&function=fixId&fixids=IFX_GSKIT_8.0.50.52_SOL_x86_32_IFix&includeRequisites=1&includeSupersedes=0&downloadMethod=http>)** **[** Solaris (Intel64)**](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%2FInformation%2BManagement&product=ibm/Information+Management/Informix+Client+Software+Development+Kit&release=All&platform=All&function=fixId&fixids=IFX_GSKIT_8.0.50.52_SOL_x86_64_IFix&includeRequisites=1&includeSupersedes=0&downloadMethod=http>)** ** \n[**Solaris (SPARC32)**](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%2FInformation%2BManagement&product=ibm/Information+Management/Informix+Client+Software+Development+Kit&release=All&platform=All&function=fixId&fixids=IFX_GSKIT_8.0.50.52_SOL_SPARC_32_IFix&includeRequisites=1&includeSupersedes=0&downloadMethod=http>)** **[** Solaris (SPARC64)**](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%2FInformation%2BManagement&product=ibm/Information+Management/Informix+Client+Software+Development+Kit&release=All&platform=All&function=fixId&fixids=IFX_GSKIT_8.0.50.52_SOL_SPARC_64_IFix&includeRequisites=1&includeSupersedes=0&downloadMethod=http>) \n \n[**HP-UX(IA-32)**](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%2FInformation%2BManagement&product=ibm/Information+Management/Informix+Client+Software+Development+Kit&release=All&platform=All&function=fixId&fixids=IFX_GSKIT_8.0.50.52_HPUX_Itanium_32_IFix&includeRequisites=1&includeSupersedes=0&downloadMethod=http>)** **[** HP-UX(IA-64)**](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%2FInformation%2BManagement&product=ibm/Information+Management/Informix+Client+Software+Development+Kit&release=All&platform=All&function=fixId&fixids=IFX_GSKIT_8.0.50.52_HPUX_Itanium_64_IFix&includeRequisites=1&includeSupersedes=0&downloadMethod=http>) \n \n[**MacOSX(64)**](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/Informix+Client+Software+Development+Kit&release=All&platform=All&function=fixId&fixids=IFX_GSKIT_8.0.50.52_MAC-x86_64_IFix&includeRequisites=1&includeSupersedes=0&downloadMethod=http>) \n \n**_11.50 _**(all versions) \n \n \n\n\n \n \n| \n\n_Install GSKit_**_ 7.0.5.6_** \n\n\n \n \n \n \n| [**Linux(32)**](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/Informix+Client+Software+Development+Kit&release=All&platform=All&function=fixId&fixids=IFX_GSKIT_7.0.5.6_LIN_x86_32_IFix&includeRequisites=1&includeSupersedes=0&downloadMethod=http>)** **[**Linux (64)**](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/Informix+Client+Software+Development+Kit&release=All&platform=All&function=fixId&fixids=IFX_GSKIT_7.0.5.6_LIN-x86_64_IFix&includeRequisites=1&includeSupersedes=0&downloadMethod=http>)** ** \n[**Linux (zSeries32)**](<http://http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/Informix+Client+Software+Development+Kit&release=All&platform=All&function=fixId&fixids=IFX_GSKIT_7.0.5.6_LIN-zSeries_32_IFix&includeRequisites=1&includeSupersedes=0&downloadMethod=http>)** **[**Linux (zSeries64)**](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/Informix+Client+Software+Development+Kit&release=All&platform=All&function=fixId&fixids=IFX_GSKIT_7.0.5.6_LIN-zSeries_64_IFix&includeRequisites=1&includeSupersedes=0&downloadMethod=http>) \n[**Linux(IA-64)**](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/Informix+Client+Software+Development+Kit&release=All&platform=All&function=fixId&fixids=IFX_GSKIT_7.0.5.6_LINIA_64_IFix&includeRequisites=1&includeSupersedes=0&downloadMethod=http>)** **[**Linux (pSeries64)**](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/Informix+Client+Software+Development+Kit&release=All&platform=All&function=fixId&fixids=IFX_GSKIT_7.0.5.6_LIN-pSeries_64_IFix&includeRequisites=1&includeSupersedes=0&downloadMethod=http>) \n \n[**Windows(32)**](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/Informix+Client+Software+Development+Kit&release=All&platform=All&function=fixId&fixids=IFX_GSKIT_7.0.5.6_WIN_x86_32_IFix&includeRequisites=1&includeSupersedes=0&downloadMethod=http>)** **[**Windows (64)**](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/Informix+Client+Software+Development+Kit&release=All&platform=All&function=fixId&fixids=IFX_GSKIT_7.0.5.6_WIN_x86_64_IFix&includeRequisites=1&includeSupersedes=0&downloadMethod=http>)** ** \n** ** \n[**AIX (pSeries32)**](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/Informix+Client+Software+Development+Kit&release=All&platform=All&function=fixId&fixids=IFX_GSKIT_7.0.5.6_AIX_pSeries_32_IFix&includeRequisites=1&includeSupersedes=0&downloadMethod=http>)** **[**AIX (pSeries64)**](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/Informix+Client+Software+Development+Kit&release=All&platform=All&function=fixId&fixids=IFX_GSKIT_7.0.5.6_AIX_pSeries_64_IFix&includeRequisites=1&includeSupersedes=0&downloadMethod=http>) \n** ** \n[**Solaris (Intel32)**](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/Informix+Client+Software+Development+Kit&release=All&platform=All&function=fixId&fixids=IFX_GSKIT_7.0.5.6_SOL_x86_32_IFix&includeRequisites=1&includeSupersedes=0&downloadMethod=http>)** **[**Solaris (Intel-64)**](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/Informix+Client+Software+Development+Kit&release=All&platform=All&function=fixId&fixids=IFX_GSKIT_7.0.5.6_SOL_x86_64_IFix&includeRequisites=1&includeSupersedes=0&downloadMethod=http>) \n[**Solaris (SPARC32)**](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/Informix+Client+Software+Development+Kit&release=All&platform=All&function=fixId&fixids=IFX_GSKIT_7.0.5.6_SOL_SPARC_32_IFix&includeRequisites=1&includeSupersedes=0&downloadMethod=http>)** **[**Solaris (SPARC64)**](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/Informix+Client+Software+Development+Kit&release=All&platform=All&function=fixId&fixids=IFX_GSKIT_7.0.5.6_SOL_SPARC_64_IFix&includeRequisites=1&includeSupersedes=0&downloadMethod=http>) \n \n[**HP-UX (RISC32)**](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/Informix+Client+Software+Development+Kit&release=All&platform=All&function=fixId&fixids=IFX_GSKIT_7.0.5.6_HPUX_PARISC_32_IFix&includeRequisites=1&includeSupersedes=0&downloadMethod=http>)** **[**HP-UX (RISC64)**](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/Informix+Client+Software+Development+Kit&release=All&platform=All&function=fixId&fixids=IFX_GSKIT_7.0.5.6_HPUX_PARISC_64_IFix&includeRequisites=1&includeSupersedes=0&downloadMethod=http>) \n[**HP-UX (IA-32)**](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/Informix+Client+Software+Development+Kit&release=All&platform=All&function=fixId&fixids=IFX_GSKIT_7.0.5.6_HPUX_Itanium_32_IFix&includeRequisites=1&includeSupersedes=0&downloadMethod=http>)** **[**HP-UX (IA-64)**](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/Informix+Client+Software+Development+Kit&release=All&platform=All&function=fixId&fixids=IFX_GSKIT_7.0.5.6_HPUX_Itanium_64_IFix&includeRequisites=1&includeSupersedes=0&downloadMethod=http>) \n \n**CSDK** **Product**| **Remediation/First Fix **| **Download options, based on GSKit version and OS** \n---|---|--- \n \n**_4.10.xC1_**_ through_ \n**_4.10.xFC5_** \n \n**_\\-------------------------_** \n \n**3.70 ** (all versions)\n\n| \n\n_Install GSKit_**_ 8.0.50.52_**\n\n| [**Linux(32)**](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%2FInformation%2BManagement&product=ibm/Information+Management/Informix+Client+Software+Development+Kit&release=All&platform=All&function=fixId&fixids=IFX_GSKIT_8.0.50.52_LIN_x86_32_IFix&includeRequisites=1&includeSupersedes=0&downloadMethod=http>)** **[**Linux(64)**](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/Informix+Client+Software+Development+Kit&release=All&platform=All&function=fixId&fixids=IFX_GSKIT_8.0.50.52_LIN-x86_64_IFix&includeRequisites=1&includeSupersedes=0&downloadMethod=http>)** ** \n[**Linux(pSeries32)**](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/Informix+Client+Software+Development+Kit&release=All&platform=All&function=fixId&fixids=IFX_GSKIT_8.0.50.52_LIN-pSeries_32_IFix&includeRequisites=1&includeSupersedes=0&downloadMethod=http>)** **[**Linux(pSeriesLE64) **](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/Informix+Client+Software+Development+Kit&release=All&platform=All&function=fixId&fixids=IFX_GSKIT_8.0.50.52_LIN-pSeriesLE_64_IFix&includeRequisites=1&includeSupersedes=0&downloadMethod=http>) \n[**Linux (zSeries32)**](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/Informix+Client+Software+Development+Kit&release=All&platform=All&function=fixId&fixids=IFX_GSKIT_8.0.50.52_LIN-zSeries_32_IFix&includeRequisites=1&includeSupersedes=0&downloadMethod=http>)** **[**Linux(zSeries64)**](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%2FInformation%2BManagement&product=ibm/Information+Management/Informix+Client+Software+Development+Kit&release=All&platform=All&function=fixId&fixids=IFX_GSKIT_8.0.50.52_LIN-zSeries_64_IFix&includeRequisites=1&includeSupersedes=0&downloadMethod=http>) \n[**Linux(ARM32)**](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/Informix+Client+Software+Development+Kit&release=All&platform=All&function=fixId&fixids=IFX_GSKIT_8.0.50.52_LIN-ARM_32_IFix&includeRequisites=1&includeSupersedes=0&downloadMethod=http>)** **[**Linux(ARM64)**](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/Informix+Client+Software+Development+Kit&release=All&platform=All&function=fixId&fixids=IFX_GSKIT_8.0.50.52_LIN-ARM_64_IFix&includeRequisites=1&includeSupersedes=0&downloadMethod=http>) \n \n \n[**Windows(32)**](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%2FInformation%2BManagement&product=ibm/Information+Management/Informix+Client+Software+Development+Kit&release=All&platform=All&function=fixId&fixids=IFX_GSKIT_8.0.50.52_WIN_x86_32_IFix&includeRequisites=1&includeSupersedes=0&downloadMethod=http>)** **[**Windows(64)**](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%2FInformation%2BManagement&product=ibm/Information+Management/Informix+Client+Software+Development+Kit&release=All&platform=All&function=fixId&fixids=IFX_GSKIT_8.0.50.52_WIN_x86_64_IFix&includeRequisites=1&includeSupersedes=0&downloadMethod=http>) \n \n[**AIX (pSeries32)**](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%2FInformation%2BManagement&product=ibm/Information+Management/Informix+Client+Software+Development+Kit&release=All&platform=All&function=fixId&fixids=IFX_GSKIT_8.0.50.52_AIX_pSeries_32_IFix&includeRequisites=1&includeSupersedes=0&downloadMethod=http>)** **[**AIX (pSeries64)**](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%2FInformation%2BManagement&product=ibm/Information+Management/Informix+Client+Software+Development+Kit&release=All&platform=All&function=fixId&fixids=IFX_GSKIT_8.0.50.52_AIX_pSeries_64_IFix&includeRequisites=1&includeSupersedes=0&downloadMethod=http>) \n \n[**Solaris (Intel32)**](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%2FInformation%2BManagement&product=ibm/Information+Management/Informix+Client+Software+Development+Kit&release=All&platform=All&function=fixId&fixids=IFX_GSKIT_8.0.50.52_SOL_x86_32_IFix&includeRequisites=1&includeSupersedes=0&downloadMethod=http>)** **[** Solaris (Intel64)**](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%2FInformation%2BManagement&product=ibm/Information+Management/Informix+Client+Software+Development+Kit&release=All&platform=All&function=fixId&fixids=IFX_GSKIT_8.0.50.52_SOL_x86_64_IFix&includeRequisites=1&includeSupersedes=0&downloadMethod=http>)** ** \n[**Solaris (SPARC32)**](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%2FInformation%2BManagement&product=ibm/Information+Management/Informix+Client+Software+Development+Kit&release=All&platform=All&function=fixId&fixids=IFX_GSKIT_8.0.50.52_SOL_SPARC_32_IFix&includeRequisites=1&includeSupersedes=0&downloadMethod=http>)** **[** Solaris (SPARC64)**](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%2FInformation%2BManagement&product=ibm/Information+Management/Informix+Client+Software+Development+Kit&release=All&platform=All&function=fixId&fixids=IFX_GSKIT_8.0.50.52_SOL_SPARC_64_IFix&includeRequisites=1&includeSupersedes=0&downloadMethod=http>) \n \n[**HP-UX(IA-32)**](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%2FInformation%2BManagement&product=ibm/Information+Management/Informix+Client+Software+Development+Kit&release=All&platform=All&function=fixId&fixids=IFX_GSKIT_8.0.50.52_HPUX_Itanium_32_IFix&includeRequisites=1&includeSupersedes=0&downloadMethod=http>)** **[** HP-UX(IA-64)**](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%2FInformation%2BManagement&product=ibm/Information+Management/Informix+Client+Software+Development+Kit&release=All&platform=All&function=fixId&fixids=IFX_GSKIT_8.0.50.52_HPUX_Itanium_64_IFix&includeRequisites=1&includeSupersedes=0&downloadMethod=http>) \n \n[**MacOSX(64)**](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/Informix+Client+Software+Development+Kit&release=All&platform=All&function=fixId&fixids=IFX_GSKIT_8.0.50.52_MAC-x86_64_IFix&includeRequisites=1&includeSupersedes=0&downloadMethod=http>) \n \n**_3.50_** (all versions) \n \n \n \n\n\n \n| \n\n_Install GSKit_**_ _****_7.0.5.6_** \n \n \n \n\n\n \n| [**Linux(32)**](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/Informix+Client+Software+Development+Kit&release=All&platform=All&function=fixId&fixids=IFX_GSKIT_7.0.5.6_LIN_x86_32_IFix&includeRequisites=1&includeSupersedes=0&downloadMethod=http>)** **[**Linux (64)**](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/Informix+Client+Software+Development+Kit&release=All&platform=All&function=fixId&fixids=IFX_GSKIT_7.0.5.6_LIN-x86_64_IFix&includeRequisites=1&includeSupersedes=0&downloadMethod=http>)** ** \n[**Linux(zSeries32)**](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EInformation%2BManagement&product=ibm/Information+Management/Informix+Client+Software+Development+Kit&release=All&platform=All&function=fixId&fixids=IFX_GSKIT_7.0.5.6_LIN-zSeries_32_IFix&includeSupersedes=0>)** **[**Linux (zSeries64)**](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/Informix+Client+Software+Development+Kit&release=All&platform=All&function=fixId&fixids=IFX_GSKIT_7.0.5.6_LIN-zSeries_64_IFix&includeRequisites=1&includeSupersedes=0&downloadMethod=http>) \n[**Linux(IA-64)**](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/Informix+Client+Software+Development+Kit&release=All&platform=All&function=fixId&fixids=IFX_GSKIT_7.0.5.6_LINIA_64_IFix&includeRequisites=1&includeSupersedes=0&downloadMethod=http>)** **[**Linux (pSeries64)**](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/Informix+Client+Software+Development+Kit&release=All&platform=All&function=fixId&fixids=IFX_GSKIT_7.0.5.6_LIN-pSeries_64_IFix&includeRequisites=1&includeSupersedes=0&downloadMethod=http>) \n \n[**Windows(32)**](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/Informix+Client+Software+Development+Kit&release=All&platform=All&function=fixId&fixids=IFX_GSKIT_7.0.5.6_WIN_x86_32_IFix&includeRequisites=1&includeSupersedes=0&downloadMethod=http>)** **[**Windows (64)**](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/Informix+Client+Software+Development+Kit&release=All&platform=All&function=fixId&fixids=IFX_GSKIT_7.0.5.6_WIN_x86_64_IFix&includeRequisites=1&includeSupersedes=0&downloadMethod=http>)** ** \n** ** \n[**AIX (pSeries32)**](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/Informix+Client+Software+Development+Kit&release=All&platform=All&function=fixId&fixids=IFX_GSKIT_7.0.5.6_AIX_pSeries_32_IFix&includeRequisites=1&includeSupersedes=0&downloadMethod=http>)** **[**AIX (pSeries64)**](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/Informix+Client+Software+Development+Kit&release=All&platform=All&function=fixId&fixids=IFX_GSKIT_7.0.5.6_AIX_pSeries_64_IFix&includeRequisites=1&includeSupersedes=0&downloadMethod=http>) \n** ** \n[**Solaris (Intel32)**](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/Informix+Client+Software+Development+Kit&release=All&platform=All&function=fixId&fixids=IFX_GSKIT_7.0.5.6_SOL_x86_32_IFix&includeRequisites=1&includeSupersedes=0&downloadMethod=http>)** **[**Solaris (Intel-64)**](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/Informix+Client+Software+Development+Kit&release=All&platform=All&function=fixId&fixids=IFX_GSKIT_7.0.5.6_SOL_x86_64_IFix&includeRequisites=1&includeSupersedes=0&downloadMethod=http>) \n[**Solaris (SPARC32)**](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/Informix+Client+Software+Development+Kit&release=All&platform=All&function=fixId&fixids=IFX_GSKIT_7.0.5.6_SOL_SPARC_32_IFix&includeRequisites=1&includeSupersedes=0&downloadMethod=http>)** **[**Solaris (SPARC64)**](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/Informix+Client+Software+Development+Kit&release=All&platform=All&function=fixId&fixids=IFX_GSKIT_7.0.5.6_SOL_SPARC_64_IFix&includeRequisites=1&includeSupersedes=0&downloadMethod=http>) \n \n[**HP-UX (RISC32)**](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/Informix+Client+Software+Development+Kit&release=All&platform=All&function=fixId&fixids=IFX_GSKIT_7.0.5.6_HPUX_PARISC_32_IFix&includeRequisites=1&includeSupersedes=0&downloadMethod=http>)** **[**HP-UX (RISC64)**](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/Informix+Client+Software+Development+Kit&release=All&platform=All&function=fixId&fixids=IFX_GSKIT_7.0.5.6_HPUX_PARISC_64_IFix&includeRequisites=1&includeSupersedes=0&downloadMethod=http>) \n[**HP-UX (IA-32)**](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/Informix+Client+Software+Development+Kit&release=All&platform=All&function=fixId&fixids=IFX_GSKIT_7.0.5.6_HPUX_Itanium_32_IFix&includeRequisites=1&includeSupersedes=0&downloadMethod=http>)** **[**HP-UX (IA-64)**](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/Informix+Client+Software+Development+Kit&release=All&platform=All&function=fixId&fixids=IFX_GSKIT_7.0.5.6_HPUX_Itanium_64_IFix&includeRequisites=1&includeSupersedes=0&downloadMethod=http>) \n \n_IBM recommends upgrading to a fixed, supported version/ release/ platform of CSDK which includes GSKit 8.0.50.52 or GSKit 7.0.5.6._ \n_*Informix Dynamic Server (IDS 12.10.xC6) is available through Passport Advantage online, or your Partnerworld Provider._\n\n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {}, "published": "2021-06-03T22:08:14", "type": "ibm", "title": "Security Bulletin: Vulnerability in OpenSSL affects Informix Dynamic Server and CSDK (CVE-2015-1788)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1788"], "modified": "2021-06-03T22:08:14", "id": "EF5A55D8CCABA9019F6306256CB26946DC810DE7EBB1EA5F4D90251B35752411", "href": "https://www.ibm.com/support/pages/node/273073", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T01:35:53", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Asset Management Essentials, Maximo Industry Solutions (including Maximo for Aviation, Maximo for Energy Optimization, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities), Maximo Adapter for Primavera, SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Change and Configuration Management Database, and TRIRIGA Energy Optimization. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nPlease consult the Security Bulletin, [_Security Bulletin: Denial of service may affect IBM HTTP Server (CVE-2015-1788)_](<https://www-304.ibm.com/support/docview.wss?uid=swg21963362>) for vulnerability details and information about fixes.\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product and Version \n---|--- \nMaximo Asset Management 7.6 \nSmartCloud Control Desk 7.6 \nMaximo for Aviation 7.6 \nMaximo for Life Sciences 7.6| IBM WebSphere Application Server 8.5.5 Full Profile \nIBM WebSphere Application Server 8.5 Full Profile \nMaximo Asset Management 7.5 \nMaximo Asset Management Essentials 7.5 \nMaximo for Government 7.5 \nMaximo for Nuclear Power 7.5 \nMaximo for Transportation 7.5 \nMaximo for Life Sciences 7.5 \nMaximo for Oil and Gas 7.5 \nMaximo for Utilities 7.5 \nMaximo Adapter for Primavera 7.5 \nSmartCloud Control Desk 7.5 \nTRIRIGA Energy Optimization 1.1| IBM WebSphere Application Server 8.5.5 Full Profile \nIBM WebSphere Application Server 8.5 Full Profile \nIBM WebSphere Application Server 8.0 \nTivoli Asset Management for IT 7.2 \nTivoli Service Request Manager 7.2 \nChange and Configuration Management Database 7.2| IBM WebSphere Application Server 8.5.5 Full Profile \n \n## ", "cvss3": {}, "published": "2022-09-22T03:02:31", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2015-1788)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1788"], "modified": "2022-09-22T03:02:31", "id": "8CF70E6991DFDEA5B82E28E7377F3F5FD2B97A890585F6756AD1FD870B0DCE3A", "href": "https://www.ibm.com/support/pages/node/265973", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T21:39:01", "description": "## Summary\n\nAn OpenSSL denial of service vulnerability disclosed by the OpenSSL Project affects GSKit. IBM GPFS V4.1 and IBM Spectrum Scale V4.1.1 use GSKit and addressed the applicable CVE.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-1788_](<https://vulners.com/cve/CVE-2015-1788>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error when processing an ECParameters structure over a specially crafted binary polynomial field. A remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103778_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103778>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n## Affected Products and Versions\n\nIBM GPFS V4.1.0.0 thru V4.1.0.8 and IBM Spectrum Scale V4.1.1.0 thru V4.1.1.1\n\n## Remediation/Fixes\n\nInstall IBM Spectrum Scale V4.1.1.2 available at FixCentral \n\n \n[http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%2Bdefined%2Bstorage&product=ibm/StorageSoftware/IBM+Spectrum+Scale&release=4.1.1&platform=All&function=all](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%2Bdefined%2Bstorage&product=ibm/StorageSoftware/IBM+Spectrum+Scale&release=4.1.1&platform=All&function=all>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2021-06-25T16:46:35", "type": "ibm", "title": "Security Bulletin: Vulnerability in OpenSSL affects IBM GPFS V4.1 and IBM Spectrum Scale V4.1.1 (CVE-2015-1788)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1788"], "modified": "2021-06-25T16:46:35", "id": "69708648D7347A46AB7B2DD1702D4EBF5A57623CDB811A18663D65A9AB17A3C8", "href": "https://www.ibm.com/support/pages/node/681227", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T05:51:27", "description": "## Summary\n\nOpenSSL is vulnerable to a denial of service, caused by an error when processing an ECParameters structure over a specially crafted binary polynomial field. A remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \n\n## Vulnerability Details\n\n**CVEID:** [CVE-2015-1788](<https://vulners.com/cve/CVE-2015-1788>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error when processing an ECParameters structure over a specially crafted binary polynomial field. A remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/103778> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n## Affected Products and Versions\n\nIBM Tivoli Directory Server 6.3 \n\nIBM Security Directory Server 6.3.1, 6.4\n\n## Remediation/Fixes\n\n \nApply GSKit 8.0.50.44 or later from the following fix directories. \n \n\n\nAffected products and Versions| Fix Availabilitiy \n---|--- \nIBM Tivoli Directory Server 6.3| [IBM Tivoli Directory Server 6.3.0.37](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Tivoli+Directory+Server&release=6.3.0.37&platform=All&function=all>) \nIBM Security Directory Server 6.3.1| [IBM Security Directory Server 6.3.1.11](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/IBM+Security+Directory+Server&release=6.3.1.11&platform=All&function=all>) \nIBM Security Directory Server 6.4| [IBM Security Directory Server 6.4.0.2](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/IBM+Security+Directory+Server&release=6.4.0.2&platform=All&function=all>) \n \n## ", "cvss3": {}, "published": "2018-06-16T21:44:25", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in OpenSSL affect IBM Security Directory Server (CVE-2015-1788)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1788"], "modified": "2018-06-16T21:44:25", "id": "160974CCBC12FDC44262159FC9737359086DF0317D260FA132DE5D77C6CF279E", "href": "https://www.ibm.com/support/pages/node/530905", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T05:52:08", "description": "## Summary\n\nA security vulnerability has been discovered in GSKit used with IBM Security Network Protection.\n\n## Vulnerability Details\n\n**CVE ID:** [_CVE-2015-1788_](<https://vulners.com/cve/CVE-2015-1788>)\n\n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error when processing an ECParameters structure over a specially crafted binary polynomial field. A remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. IBM GSKit has the same vulnerability.\n\n \n \nCVSS Base Score: 5.0 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103778> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n## Affected Products and Versions\n\nIBM Security Network Protection 5.2 \nIBM Security Network Protection 5.3 \n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _Remediation/First Fix_ \n---|---|--- \nIBM Security Network Protection | Firmware version 5.2| Download 5.2.0.0-ISS-XGS-All-Models-Hotfix-FP0011 from [_IBM Fix Central_](<http://www-933.ibm.com/support/fixcentral/>) and upload and install via the Fix Packs page of the local management interface. \nIBM Security Network Protection| Firmware version 5.3| Install Fixpack 5.3.1.3 from the Available Updates page of the Local Management Interface, or by performing a One Time Scheduled Installation from SiteProtector. \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-16T21:25:50", "type": "ibm", "title": "Security Bulletin: A vulnerability in GSKit affects IBM Security Network Protection (CVE-2015-1788)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1788"], "modified": "2018-06-16T21:25:50", "id": "12D9F191717460AECB934B007F4CDE9698A96A4B8B98144C3F39DD87E57929EA", "href": "https://www.ibm.com/support/pages/node/532121", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T21:53:42", "description": "## Summary\n\nOpenSSL is vulnerable to a denial of service, caused by an error when processing an ECParameters structure over a specially crafted binary polynomial field. A remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-1788_](<https://vulners.com/cve/CVE-2015-1788>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error when processing an ECParameters structure over a specially crafted binary polynomial field. A remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103778_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103778>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n## Affected Products and Versions\n\nAIX 5.3, 6.1, 7.1 \n\nVIOS 2.2.x\n\n## Remediation/Fixes\n\nThe GSKit package contains a fix and needs to be installed on AIX/VIOS systems. \n** \nThe fixes for the GSKit components can be downloaded at the following link:** \n[Vulnerabilities in OpenSSL affect IBM Security Directory Server (CVE-2015-1788)](<http://www-01.ibm.com/support/docview.wss?uid=swg21961111>)\n\n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {}, "published": "2018-06-18T01:28:45", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in OpenSSL affect IBM Security Directory Server for AIX/VIOS (CVE-2015-1788)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1788"], "modified": "2018-06-18T01:28:45", "id": "99E2A8F47F4108C69540D005070137804DC7E040890DE030D99CAAB2C61648E6", "href": "https://www.ibm.com/support/pages/node/681083", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T21:52:28", "description": "## Summary\n\nIBM Tivoli Monitoring is shipped as a component of IBM Systems Director Editions. Information about a security vulnerability affecting IBM Tivoli Monitoring has been published in a security bulletin.\n\n## Vulnerability Details\n\nPlease consult the security bulletins listed below for the vulnerability details of the affected product.\n\n## Affected Products and Versions\n\n**Affected Product and Version(s)**\n\n| \n\n**Product and Version shipped as a component**\n\n| **Security Bulletin** \n---|---|--- \nIBM Systems Director Editions 6.3.2.0| IBM Tivoli Monitoring 6.3.0 FP1| [_http://www-01.ibm.com/support/docview.wss?uid=swg21997156_](<http://www-01.ibm.com/support/docview.wss?uid=swg21997156>) \n \n## Remediation/Fixes\n\nFollow the instructions in the Security Bulletin listed above.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-18T01:34:52", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in\u00a0IBM Tivoli Monitoring\u00a0shipped with IBM Systems Director Editions(CVE-2015-1788)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2015-1788"], "modified": "2018-06-18T01:34:52", "id": "EC4680A726FB50E4B12980B4ADD271AC01D733FEC93E24F9E55438A2237587BA", "href": "https://www.ibm.com/support/pages/node/630517", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-21T01:48:52", "description": "## Summary\n\nGSKit is an IBM component that is used by IBM Rational ClearQuest. The GSKit that is shipped with IBM Rational ClearQuest contains a security vulnerability. IBM Rational ClearQuest has addressed the applicable CVEs. \n\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-1788_](<https://vulners.com/cve/CVE-2015-1788>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error when processing an ECParameters structure over a specially crafted binary polynomial field. A remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103778_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103778>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n## Affected Products and Versions\n\nRational ClearQuest 8.0.0.4 through 8.0.0.15, and 8.0.1 through 8.0.1.8 when SSL is enabled for CQ and LDAP server. \n \n\n\n**ClearQuest Version**\n\n| \n\n**Status** \n \n---|--- \n \n8.0.1 through 8.0.1.8\n\n| \n\nAffected \n \n8.0.0.4 through 8.0.0.15\n\n| \n\nAffected \n \n8.0 through 8.0.0.3\n\n| \n\nNot affected \n \n7.1.2 through 7.1.2.18\n\n| \n\nNot affected \n \n7.1.1 all version\n\n| \n\nNot affected \n \n## Remediation/Fixes\n\nThe solution is to update to the latest fix pack. \n \n\n\n**Affected Versions**\n\n| \n\n** Applying the fix** \n \n---|--- \n \n8.0.1 through 8.0.1.8\n\n| Install [Rational ClearQuest Fix Pack 9 (8.0.1.9) for 8.0.1](<http://www.ibm.com/support/docview.wss?uid=swg24040515>) \n \n8.0.0.4 through 8.0.0.15\n\n| Install [Rational ClearQuest Fix Pack 16 (8.0.0.16) for 8.0](<http://www.ibm.com/support/docview.wss?uid=swg24040513>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-17T05:05:48", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in GSKit affect IBM Rational ClearQuest (CVE-2015-1788)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1788"], "modified": "2018-06-17T05:05:48", "id": "C31D150033FD48D09A309BBEFA4383E996752BB2E541CB9E4A69082ABF2CFD19", "href": "https://www.ibm.com/support/pages/node/265627", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T01:39:30", "description": "## Summary\n\nAn OpenSSL denial of service vulnerability disclosed by the OpenSSL Project affects GSKit. IBM Netezza Performance Portal embeds IBM HTTP Server (IHS), that uses GSKit where the applicable CVE was addressed.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-1788_](<https://vulners.com/cve/CVE-2015-1788>) \n** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error when processing an ECParameters structure over a specially crafted binary polynomial field. A remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \n \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103778_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103778>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## Affected Products and Versions\n\nIBM Netezza Performance Portal 2.1.1.3 and prior\n\n## Remediation/Fixes\n\nIBM Netezza Performance Portal\n\n| 2.1.1.4| [Link to Fix Central](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EInformation%2BManagement&product=ibm/Information+Management/Netezza+Applications&release=PERFPORTAL_2.1&platform=All&function=fixId&fixids=2.1.1.4-IM-Netezza-PERFPORTAL-fp98404&includeRequisites=1&includeSupersedes=0&downloadMethod=http&source=fc>) \n---|---|--- \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2019-10-18T03:10:29", "type": "ibm", "title": "Security Bulletin: Vulnerability in OpenSSL affects IBM Netezza Performance Portal (CVE-2015-1788)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1788"], "modified": "2019-10-18T03:10:29", "id": "AD5AEF2A5C571C6008D3EFAB58A32CF97C5454F4FD7A2DF5AEB0C657936F1BE2", "href": "https://www.ibm.com/support/pages/node/274341", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T01:50:56", "description": "## Summary\n\nAn OpenSSL denial of service vulnerability disclosed by the OpenSSL Project affects GSKit. IBM Security SiteProtector System uses GSKit and addressed the applicable CVE.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-1788_](<https://vulners.com/cve/CVE-2015-1788>) \n** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error when processing an ECParameters structure over a specially crafted binary polynomial field. A remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \n \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103778_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103778>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## Affected Products and Versions\n\nIBM Security SiteProtector System 3.0 and 3.1.1\n\n## Remediation/Fixes\n\nApply the appropriate eXPress Updates (XPUs) as identified in the SiteProtector Console Agent view: \n \n**For SiteProtector 3.0:** \n \nSiteProtector Core Component: ServicePack3_0_0_8a.xpu \nEvent Collector Component: RSEvntCol_WINNT_ST_3_0_0_7.xpu \nAgent Manager Component: AgentManager_WINNT_XXX_ST_3_0_0_48.xpu \n \n \n**For SiteProtector 3.1.1:** \n \nSiteProtector Core Component: ServicePack3_1_1_3a.xpu \nEvent Collector Component: RSEvntCol_WINNT_ST_3_1_1_3.xpu \nAgent Manager Component: AgentManager_WINNT_XXX_ST_3_1_1_18.xpu \nUpdate Server Component: UpdateServer_3_1_1_3.pkg \nEvent Archiver Component: EventArchiver_3_1_1_3.pkg \nEvent Archiver Importer Component: EventArchiverImporter_3_1_1_3.zip \nManual Upgrader Component: MU_3_1_1_4.xpu \n \nThese updates are also available to be manualy downloaded from the IBM Security License Key and Download Center at [_https://ibmss.flexnetoperations.com/service/ibms/login_](<https://ibmss.flexnetoperations.com/service/ibms/login>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-16T21:30:28", "type": "ibm", "title": "Security Bulletin: Vulnerability in OpenSSL affects IBM Security SiteProtector System (CVE-2015-1788)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1788"], "modified": "2018-06-16T21:30:28", "id": "F549A2FEAC9B8235BEDEAB1D1110EF3A8710606A890D4EE5C62A7F21A7169A12", "href": "https://www.ibm.com/support/pages/node/265441", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-13T05:36:34", "description": "## Summary\n\nIBM Cloud Manager with Openstack is vulnerable to a denial of service which could allow a remote attacker to expoit this vulnerability to cause the application to enter into an infinite loop.\n\n## Vulnerability Details\n\n**CVEID:**** CVE-2015-1788** \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error when processing an ECParameters structure over a specially crafted binary polynomial field. A remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103778_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103778>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n## Affected Products and Versions\n\nIBM Cloud Manager with OpenStack 4.2.0 through 4.2.0.3 \nIBM Cloud Manager with OpenStack 4.3.0 through 4.3.0.3\n\n## Remediation/Fixes\n\nProduct\n\n| VRMF| APAR| Remediation/First Fix \n---|---|---|--- \nIBM Cloud Manager with OpenStack| 4.2.0| None| IBM Cloud Manager with OpenStack 4.2 interim fix 2 for fix pack 3: \n[http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware&product=ibm/Other+software/Cloud+Manager+with+Openstack&release=4.2.0.3&platform=All&function=fixId&fixids=4.2.0.3-IBM-CMWO-IF002&includeSupersedes=0](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware&product=ibm/Other+software/Cloud+Manager+with+Openstack&release=4.2.0.3&platform=All&function=fixId&fixids=4.2.0.3-IBM-CMWO-IF002&includeSupersedes=0>) \nIBM Cloud Manager with OpenStack| 4.3.0| None| IBM Cloud Manager with Openstack 4.3 fix pack 4: \n[http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware&product=ibm/Other+software/Cloud+Manager+with+Openstack&release=4.3.0.3&platform=All&function=fixId&fixids=+4.3.0.4-IBM-CMWO-FP04+&includeSupersedes=0](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware&product=ibm/Other+software/Cloud+Manager+with+Openstack&release=4.3.0.3&platform=All&function=fixId&fixids=+4.3.0.4-IBM-CMWO-FP04+&includeSupersedes=0>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-18T08:02:59", "type": "ibm", "title": "Security Bulletin: Malformed ECParameters causes infinite loop (CVE-2015-1788)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1788"], "modified": "2018-06-18T08:02:59", "id": "2666C659D997588714E14C01634C94F0B9A9EF963A2F6BD072D0D717E4DAB9DA", "href": "https://www.ibm.com/support/pages/node/681767", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T01:46:08", "description": "## Summary\n\nA vulnerability has been addressed in the GSKit component of IBM Tivoli Monitoring (ITM). \n \nIBM Tivoli Monitoring also utilizes the IBM HTTP Server (IHS) as the default HTTP server for the portal server. IBM HTTP Server is also affected by the CVE as listed below.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2015-1788](<https://vulners.com/cve/CVE-2015-1788>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error when processing an ECParameters structure over a specially crafted binary polynomial field. A remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/103778> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n## Affected Products and Versions\n\nThe following components for IBM Tivoli Monitoring versions 6.30 through 6.30 FP6 are affected: \n\n * Portal Server - IBM HTTP Server\n * Portal Server, Distributed Management Servers, and Distributed Agents (GSKit/Basic Services) \n\n\n## Remediation/Fixes\n\n**Portal Server - IBM HTTP Server** \nThe following link contains a package to upgrade IBM HTTP Server to version 8.0.0.12 plus interim fix block two which includes PI44809. \n \n<http://www.ibm.com/support/docview.wss?uid=swg24043182>\n\n**Portal Server, Distributed Management Servers, and Distributed Agents (GSKit/Basic Services)**\n\nThe following link contains information for provided fix pack which addresses the vulnerability in common code that is shared across ITM components. Refer to this link for more details about this fix pack <http://www.ibm.com/support/docview.wss?uid=swg24041633>\n\n## ", "cvss3": {}, "published": "2018-06-17T15:33:48", "type": "ibm", "title": "Security Bulletin: A vulnerability in the GSKit component of IBM Tivoli Monitoring (CVE-2015-1788)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1788"], "modified": "2018-06-17T15:33:48", "id": "AB1990CCF9D6A307BC98A44FDCD73837D64D583DA165615A5EAB1AC9A7D0F3F2", "href": "https://www.ibm.com/support/pages/node/289439", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T05:56:56", "description": "## Summary\n\nAn OpenSSL vulnerability has been identified in the current levels of IBM Spectrum Scale V4.1.1 and IBM GPFS V4.1. \n \nIBM PureApplication System provides a GPFS pattern and addressed the applicable CVE.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-1788_](<https://vulners.com/cve/CVE-2015-1788>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error when processing an ECParameters structure over a specially crafted binary polynomial field. A remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103778_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103778>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## Affected Products and Versions\n\nIBM PureApplication System V2.1 (GPFS Pattern type 1.2.1.0) using IBM GPFS V4.1.0.5 \nIBM PureApplication System V2.1.0.1 (GPFS Pattern type 1.2.2.0) using IBM GPFS V4.1.0.7 \nIBM PureApplication System V2.1.1 (GPFS Pattern type 1.2.3.0) using IBM GPFS V4.1.0.7\n\n## Remediation/Fixes\n\nGPFS server or client instances deployed with the affected GPFS Pattern versions are vulnerable. To determine whether deployed GPFS sever or client instances are affected by these GPFS security vulnerabilities, run the Get Cluster Status operation ( for a GPFS server instance ) or the GPFS Client Status operation ( for a GPFS client instance ) to verify the version reported for the GPFS nodes. The instance is affected if the GPFS version is V4.1.0.5 or V4.1.0.7. \n \nThe solution is to apply one of the following interim fixes or upgrade the PureApplication System to V2.1.2 or higher, and upgrade this instance using the pattern upgrade procedure. \n \nGPFS 4.1.1.2 \n[_http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=PureSystems&product=ibm/WebSphere/PureApplication+System&release=2.1.1.0&platform=Linux&function=fixId&fixids=update-gpfs-4.1.1.2&includeRequisites=0&includeSupersedes=0&downloadMethod=http_](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=PureSystems&product=ibm/WebSphere/PureApplication+System&release=2.1.1.0&platform=Linux&function=fixId&fixids=update-gpfs-4.1.1.2&includeRequisites=0&includeSupersedes=0&downloadMethod=http>) \n \nThe GPFS Pattern type 1.2.4.0 that is delivered with IBM PureApplication System V2.1.2.0 installs GPFS 4.1.1.2. Any instances deployed with this GPFS pattern type version or upgraded to this version will not be affected by this CVE. \n \nWhenever possible, the PureApplication System upgrade option is recommended instead of the interim fixes.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-15T07:05:16", "type": "ibm", "title": "Security Bulletin: The GPFS pattern provided with IBM PureApplication System is affected by a security vulnerability. (CVE-2015-1788)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1788"], "modified": "2018-06-15T07:05:16", "id": "CC1A30E8E2330D238749CFFBD49D7E9838BBE1BEFE625CE5C43D437242EE4573", "href": "https://www.ibm.com/support/pages/node/544265", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T05:53:49", "description": "## Summary\n\nGSKit is an internal component used by IBM SPSS Modeler. The GSKit contains a security vulnerability which may cause infinite loop. The issue is identified by the specified CVE below.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-1788_](<https://vulners.com/cve/CVE-2015-1788>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error when processing an ECParameters structure over a specially crafted binary polynomial field. A remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103778_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103778>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## Affected Products and Versions\n\nIBM SPSS Modeler 16 \n\nIBM SPSS Modeler 17\n\n## Remediation/Fixes\n\nProduct\n\n| VRMF| APAR| Remediation/First Fix \n---|---|---|--- \nIBM SPSS Modeler| 17 FP1| PI49007| [SPSS Modeler 16.0 Fix Pack 2 Interim Fix 008](<http://www-01.ibm.com/support/docview.wss?uid=swg24040634>) \nIBM SPSS Modeler| 16 FP1| PI49007| [SPSS Modeler 17.0 Fix Pack 1 Interim Fix 008](<http://www-01.ibm.com/support/docview.wss?uid=swg24040635>) \n \nYou should verify applying this configuration change does not cause any compatibility issues. \n\n## Workarounds and Mitigations\n\nNone \n \n**Important note: **IBM strongly suggests that all System z customers subscribe to the System z Security Portal to receive the latest critical System z security and integrity service. If you are not subscribed, see the instructions on the [_System z Security web site_](<http://www-03.ibm.com/systems/hu/z/solutions/enterprise-security.html>). Security and integrity APARs and associated fixes will be posted to this portal. IBM suggests reviewing the CVSS scores and applying all security or integrity fixes as soon as possible to minimize any potential risk.\n\n## ", "cvss3": {}, "published": "2018-06-16T13:36:20", "type": "ibm", "title": "Security Bulletin: Vulnerability in GSKit affect IBM SPSS Modeler (CVE-2015-1788)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1788"], "modified": "2018-06-16T13:36:20", "id": "D453C632FF9EC3087898B06E3DFD86A6FE0EFBF4D9E74F1A54E4DB3CBADA0D49", "href": "https://www.ibm.com/support/pages/node/537217", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T01:48:51", "description": "## Summary\n\nGSKit is an IBM component that is used by IBM Rational RequisitePro. The GSKit that is shipped with IBM Rational RequisitePro contains a security vulnerability. IBM Rational RequisitePro has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-1788_](<https://vulners.com/cve/CVE-2015-1788>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error when processing an ECParameters structure over a specially crafted binary polynomial field. A remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103778_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103778>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n## Affected Products and Versions\n\n**Version**\n\n| \n\n**Status** \n \n---|--- \n \n7.1.4 through 7.1.4.8\n\n| \n\nAffected \n \n7.1.3 through 7.1.3.15\n\n| \n\nAffected \n \n## Remediation/Fixes\n\n**Affected version**\n\n| \n\n**Applying the fix** \n \n---|--- \n \n7.1.4.x\n\n| \n\nInstall [Rational RequisitePro Fix Pack 9 (7.1.4.9) for 7.1.4](<http://www.ibm.com/support/docview.wss?uid=swg24040619>) \n \n7.1.3.x\n\n| \n\nInstall [Rational RequisitePro Fix Pack 16 (7.1.3.16) for 7.1.3](<http://www.ibm.com/support/docview.wss?uid=swg24040673>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-17T05:06:16", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in GSKit affect Rational RequisitePro (CVE-2015-1788)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1788"], "modified": "2018-06-17T05:06:16", "id": "6C1FFD4C64A90ADEECC342C463AE4A2D627A083EBFD6A4348B199A8C68A07F9C", "href": "https://www.ibm.com/support/pages/node/266683", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T01:47:02", "description": "## Summary\n\nDenial of service in GSKit may affect IBM MessageSight, if using MQ Connectivity support\n\n## Vulnerability Details\n\n**CVEID: **[_CVE-2015-1788_](<https://vulners.com/cve/CVE-2015-1788>)\n\nOpenSSL is vulnerable to a denial of service, caused by an error when processing an ECParameters structure over a specially crafted binary polynomial field. A remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop.\n\nCVSS Base Score: 5\n\nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103778_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103778>) for the current score\n\nCVSS Environmental Score*: Undefined\n\nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## Affected Products and Versions\n\nIBM MessageSight 1.2\n\n## Remediation/Fixes\n\n_Product_\n\n| \n_VRMF_| \n_APAR_| \n_Remediation/First Fix_ \n---|---|---|--- \n \n_IBM MessageSight_\n\n| \n\n_1.2_\n\n| \n\n_IT12294_\n\n| \n\n1.2.0.3-IBM-IMA-IFIT12295 \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-17T15:13:11", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in OpenSSL affect IBM MessageSight (CVE-2015-1788)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1788"], "modified": "2018-06-17T15:13:11", "id": "8A87036F5C290A7EB193FCCEE8F258BACCA1FC57CC5D8A56759A27F177621DF5", "href": "https://www.ibm.com/support/pages/node/272083", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T05:53:50", "description": "## Summary\n\nAn OpenSSL denial of service vulnerability disclosed by the OpenSSL Project affects GSKit and IBM Tivoli Flash Copy Manager. IBM DB2 LUW uses GSKit & IBM Tivoli Flash Copy Manager and addressed the applicable CVE.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-1788_](<https://vulners.com/cve/CVE-2015-1788>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error when processing an ECParameters structure over a specially crafted binary polynomial field. A remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \n \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103778_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103778>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n## Affected Products and Versions\n\nThis vulnerability affects two components of DB2: SSL support and DB2 Advanced Copy Services. \n \n**_For DB2 SSL Support_** \nCustomers who have Secure Sockets Layer (SSL) support enabled in their DB2 database system or DB2 client are affected. SSL support is not enabled in DB2 by default. \n \nAll fix pack levels of IBM DB2 V9.7, V10.1 and V10.5 editions listed below and running on AIX, Linux, HP, Solaris or Windows are affected. \n \nIBM\u00ae DB2\u00ae Express Edition \nIBM\u00ae DB2\u00ae Workgroup Server Edition \nIBM\u00ae DB2\u00ae Enterprise Server Edition \nIBM\u00ae DB2\u00ae Advanced Enterprise Server Edition \nIBM\u00ae DB2\u00ae Advanced Workgroup Server Edition \nIBM\u00ae DB2\u00ae Connect\u2122 Application Server Edition \nIBM\u00ae DB2\u00ae Connect\u2122 Enterprise Edition \nIBM\u00ae DB2\u00ae Connect\u2122 Unlimited Edition for System i\u00ae \nIBM\u00ae DB2\u00ae Connect\u2122 Unlimited Edition for System z\u00ae \n \nIBM\u00ae DB2\u00ae pureScale\u2122 Feature for Enterprise Server Edition, V9.8, running on AIX or Linux is affected. \n \nThe IBM data server client and driver types are as follows: \n \nIBM Data Server Driver Package \nIBM Data Server Driver for ODBC and CLI \nIBM Data Server Runtime Client \nIBM Data Server Client \n \n**_For DB2 Advanced Copy Services_** \nIBM DB2 Advanced Copy Services included in IBM DB2 and DB2 Connect V10.1 and V10.5 editions listed below and running on AIX and Linux are affected. \n \nIBM DB2 Express Edition \nIBM DB2 Workgroup Server Edition \nIBM DB2 Enterprise Server Edition \nIBM DB2 Connect\u2122 Application Server Edition \nIBM DB2 Connect Application Server Advanced Edition \nIBM DB2 Connect Enterprise Edition \nIBM DB2 Connect Unlimited Edition for System i\u00ae \nIBM DB2 Connect Unlimited Edition for System z\u00ae \nIBM DB2 Connect Unlimited Advanced Edition for System z \nIBM DB2 10.1 pureScale Feature \nIBM DB2 10.5 Advanced Enterprise Server Edition \nIBM DB2 10.5 Advanced Workgroup Server Edition \nIBM DB2 10.5 Developer Edition for Linux, Unix and Windows \n \nNOTE: The DB2 Connect products mentioned are affected only if a local database has been created. \n \nOnly users of DB2 Advanced Copy Services (snapshot backup) are affected by this vulnerability. IBM DB2 includes restricted version of IBM Tivoli Flash Copy Manager, i.e. FCM v3.2 and v4.1, and both versions are affected by this vulnerability. IBM DB2 Advanced Copy Services in conjunction with IBM Tivoli FCM 3.2 or 4.1, on all current fix packs of IBM DB2 V10.1 and V10.5, are affected. AIX installations of DB2 may have this package installed by default, though it may not be in use on the system. \n\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the appropriate fix for this vulnerability. \n \n**Fix for DB2 SSL Support:** \n\n\n**_For customer running IBM DB2 Server and DB2 Connect Server_** \n \nThe fix for DB2 and DB2 Connect V9.7 is in V9.7 FP11, V10.1 is in V10.1 FP6 and V10.5 is in V10.5 FP7, available for download from Fix Central. \n \nCustomers running any vulnerable fixpack level of an affected Program, V9.8 can contact support to obtain a special build containing an interim fix for this issue. These special builds are available based on the most recent fixpack level for each impacted release: DB2 V9.8 FP5. They can be applied to any affected fixpack level of the appropriate release to remediate this vulnerability. \n \nRefer to the following chart to determine how to proceed to obtain a needed fixpack or special build. \n\n**Release**| **Fixed in fix pack**| **APAR**| **Download URL** \n---|---|---|--- \nV9.7 | FP11| [IT09897](<http://www-01.ibm.com/support/docview.wss?uid=swg1IT09897>)| <http://www-01.ibm.com/support/docview.wss?uid=swg24040935> \nV9.8| TBD| [IT09901](<http://www-01.ibm.com/support/docview.wss?uid=swg1IT09901>)| Please contact technical support. \nV10.1| FP6| [IT09899](<http://www-01.ibm.com/support/docview.wss?uid=swg1IT09899>)| <http://www-01.ibm.com/support/docview.wss?uid=swg24043366> \nV10.5 | FP7| [IT09900](<http://www-01.ibm.com/support/docview.wss?uid=swg1IT09900>)| <http://www-01.ibm.com/support/docview.wss?uid=swg24041243> \n \n \n \n**_Fix for customer running IBM data server client and driver types_** \n \nCustomers running on V10.5 FP5 and without additional global GSKit version installed, please contact customer support to obtain a special build containing a fix for this issue. \n \n**Upgrading of global GSKit is required if either of the following applies to you:**\n * IBM data server client and driver types V9.7, V10.1 level and any V10.5 level before fixpack 5.\n * IBM data server client and driver types V10.5 fixpack 5 and the additionally installed global GSKit version is 8.0.50.46 or less.\n \n**Where to obtain the global GSKit depends on the DB2 release and platform:** \n\n * IBM data server client and driver types V10.5 fix pack 5 and additionally installed global GSKit version is 8.0.50.46 or less, download \"IBM DB2 Support Files for SSL Functionality\" from IBM Passport Advantage and perform the GSKit upgrade.\n * * IBM data server client and driver types V9.7, V10.1 level and any V10.5 level before fixpack 5:\n * _Client and the server are on the same physical computer_: For the Windows platform, you do not need to upgrade the GSKit as GSKit is automatically installed with the DB2 server image. For all other platforms, you will need to download \"IBM DB2 Support Files for SSL Functionality\" from IBM Passport Advantage.\n * _Client and the server are on different computer_: For all platforms, download \"IBM DB2 Support Files for SSL Functionality\" from IBM Passport Advantage and perform the GSKit upgrade.\n \nThe following link gives instructions on downloading \"IBM DB2 Support Files for SSL Functionality\" from IBM Passport Advantage \n[_http://www-01.ibm.com/support/docview.wss?uid=swg21433407_](<http://www-01.ibm.com/support/docview.wss?uid=swg21433407>) \n \nTo know the existing global GSKit version in the current setup, one can run the GSKit version executable eg: gsk8ver_64. \n \n**Refer to the following chart below for the proper version of global GSKit ** \n\n\n \n**Release**| **GSKit Version** \n---|--- \nV9.7| V8.0.50.47 \nV10.1| V8.0.50.47 \nV10.5| V8.0.50.47 \n \n**Fix for**** ****DB2 Advanced Copy Services****:** \n\n\nThe fix for DB2 and DB2 Connect release V10.1 is in V10.1 FP6 and V10.5 is in V10.5 FP7, available for download from Fix Central. \n \nRefer to the folowing chart to determine how to proceed to obtain a needed fixpack.\n\n**Release**| **Fixed in fix pack**| **APAR**| **Download URL** \n---|---|---|--- \nV10.1| FP6| [](<http://www-01.ibm.com/support/docview.wss?uid=swg1IT05074>)[IT10083](<http://www-01.ibm.com/support/docview.wss?uid=swg1IT10083>)| <http://www-01.ibm.com/support/docview.wss?uid=swg24043366> \nV10.5 | FP7| [IT09969](<http://www-01.ibm.com/support/docview.wss?uid=swg1IT09969>)| <http://www-01.ibm.com/support/docview.wss?uid=swg24041243> \n \n \n \nIn the United States and Canada dial **1-800-IBM-SERV** \nView the support [_contacts for other countries_](<http://www.ibm.com/planetwide/>) outside of the United States. \nElectronically [_open a Service Request_](<http://www.ibm.com/software/data/db2/support/db2_9/probsub.html>) with DB2 Technical Support. \n**_Note:_**_ IBM\u2019s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM\u2019s sole discretion. Information regarding potential future products is intended to outline our general product direction and it should not be relied on in making a purchasing decision. The information mentioned regarding potential future products is not a commitment, promise, or legal obligation to deliver any material, code or functionality. Information about potential future products may not be incorporated into any contract. The development, release, and timing of any future features or functionality described for our products remains at our sole discretion._\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-16T13:35:57", "type": "ibm", "title": "Security Bulletin: Vulnerability in OpenSSL affects IBM\u00ae DB2\u00ae LUW (CVE-2015-1788)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1788"], "modified": "2018-06-16T13:35:57", "id": "DD6B46FA2DDAAE6080D5C927EEA372B16800D8CB903BB5366DA05ECEEBE80546", "href": "https://www.ibm.com/support/pages/node/535609", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T01:37:17", "description": "## Summary\n\nAn OpenSSL denial of service vulnerability disclosed by the OpenSSL Project affects GSKit. IBM DataPower Gateways uses GSKit in certain moduels - namely MQ, ISAM/TAM, JMS. IBM DataPower Gateways has addressed the applicable CVE.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-1788_](<https://vulners.com/cve/CVE-2015-1788>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error when processing an ECParameters structure over a specially crafted binary polynomial field. A remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103778_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103778>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n## Affected Products and Versions\n\nIBM DataPower Gateway appliances all versions through 6.0.0.16, 6.0.1.12, 7.0.0.9, 7.1.0.6, 7.2.0.0\n\n## Remediation/Fixes\n\nFix is available in versions 6.0.0.17, 6.0.1.13, 7.0.0.10, 7.1.0.7, 7.2.0.1. Refer to [APAR IT10105](<http://www-01.ibm.com/support/docview.wss?uid=swg1IT10105>) for URLs to download the fix. \n \nThis SSL vulnerability in other modules of IBM DataPower Gateways that do not use GSKit has already been addressed. Please refer to the following Security Bulletin for details: <http://www-01.ibm.com/support/docview.wss?uid=swg21965415> \n \nYou should verify applying this fix does not cause any compatibility issues. \n\n_For DataPower customers using versions 5.x and earlier versions, IBM recommends upgrading to a fixed, supported version/release/platform of the product._\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2021-06-08T22:18:27", "type": "ibm", "title": "Security Bulletin: A vulnerability in GSKit affects IBM DataPower Gateways (CVE-2015-1788)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1788"], "modified": "2021-06-08T22:18:27", "id": "787C1621D06EE465998FEBEFA80BA8B6DAEC2388BAF60D434FCE4B04471920AA", "href": "https://www.ibm.com/support/pages/node/269457", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-13T05:37:37", "description": "## Summary\n\nAn OpenSSL denial of service vulnerability disclosed by the OpenSSL Project affects GSKit, which is used by the version of IBM GPFS used by the TS7700.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-1788_](<https://vulners.com/cve/CVE-2015-1788>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error when processing an ECParameters structure over a specially crafted binary polynomial field. A remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103778_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103778>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n## Affected Products and Versions\n\nAll versions of microcode for the IBM Virtualization Engine TS7700 (3957-V06, 3957-V07, 3957-VEA, 3957-VEB) in release R3.3 prior to and including the following are affected: \n\n**Release**\n\n| **Version** \n---|--- \nR3.3| 8.33.0.45 \n \n## Remediation/Fixes\n\nContact IBM Service at 1-800-IBM-SERV to arrange an upgrade to the latest microcode level followed by the installation of vtd_exec.229. Minimum microcode levels are shown below: \n\n**Release**\n\n| **Fix** \n---|--- \nR3.3| Upgrade to 8.33.0.45 or later + vtd_exec.229 \n \nPlease note that vtd_exec packages carry their own internal version numbers. For the vulnerabilities reported in this Security Bulletin, the minimum required vtd_exec version is as follows: **Package**| **Version** \n---|--- \nvtd_exec.229| 2.0 \n \n## Workarounds and Mitigations\n\nAlthough IBM recommends that you upgrade to the fixes identified above, you can mitigate, but not eliminate the risk of these vulnerabilities by restricting physical and network access to the TS7700 to authorized users and IBM Service Personnel only.\n\n## ", "cvss3": {}, "published": "2018-06-18T00:10:37", "type": "ibm", "title": "Security Bulletin: IBM Virtualization Engine TS7700 Is Affected by IBM GPFS Security Vulnerability (CVE-2015-1788)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1788"], "modified": "2018-06-18T00:10:37", "id": "1625261D52D4F7681DDD4AD119C0D00ED593A0BDB39B248876E1FFDAF88D6F39", "href": "https://www.ibm.com/support/pages/node/690937", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T05:57:10", "description": "## Summary\n\nAn OpenSSL denial of service vulnerability disclosed by the OpenSSL Project affects GSKit. IBM PureApplication System uses GSKit in user registry components in the Web application pattern type and GPFS pattern type. IBM PureApplication System addressed the applicable CVE.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-1788_](<https://vulners.com/cve/CVE-2015-1788>) \n** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error when processing an ECParameters structure over a specially crafted binary polynomial field. A remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \n \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103778_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103778>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## Affected Products and Versions\n\nIBM PureApplication System V2.1 \nIBM PureApplication System V2.0\n\n## Remediation/Fixes\n\nThe Tivoli Directory Server user registry components on IBM PureApplication System are affected. The solution is to upgrade the IBM PureApplication System and the Web Application pattern types to the following fix level: \n \nIBM PureApplication System V2.1 \nUpgrade to IBM PureApplication System V2.1.2 \nUpgrade to Web Application pattern type 2.0.5.0 and 1.0.5.0 \n \nIBM PureApplication System V2.0 \nUpgrade to IBM PureApplication System V2.0.0.1 Interim Fix 6 \nUpgrade to Web Application pattern type 2.0.2.5 and 1.0.2.5 \n \nThe GPFS Pattern is affected and the solution is to apply one of the following interim fixes: \n \nGPFS 3.5.0.28 \n[_http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=PureSystems&product=ibm/WebSphere/PureApplication+System&release=2.0.0.1&platform=All&function=fixId&fixids=update-gpfs-3.5.0.28&includeRequisites=0&includeSupersedes=0&downloadMethod=http_](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=PureSystems&product=ibm/WebSphere/PureApplication+System&release=2.0.0.1&platform=All&function=fixId&fixids=update-gpfs-3.5.0.28&includeRequisites=0&includeSupersedes=0&downloadMethod=http>) \n \nGPFS 4.1.1.2 \n[_http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=PureSystems&product=ibm/WebSphere/PureApplication+System&release=2.1.1.0&platform=Linux&function=fixId&fixids=update-gpfs-4.1.1.2&includeRequisites=0&includeSupersedes=0&downloadMethod=http_](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=PureSystems&product=ibm/WebSphere/PureApplication+System&release=2.1.1.0&platform=Linux&function=fixId&fixids=update-gpfs-4.1.1.2&includeRequisites=0&includeSupersedes=0&downloadMethod=http>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-15T07:04:30", "type": "ibm", "title": "Security Bulletin:Vulnerability in OpenSSL affects IBM PureApplication System. (CVE-2015-1788)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1788"], "modified": "2018-06-15T07:04:30", "id": "94ACEFBEFFBA49771399FF33D2EF1D2D11EB6E0F190C7FB9DB9DEE9B1481FF55", "href": "https://www.ibm.com/support/pages/node/538147", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T05:57:29", "description": "## Summary\n\nOpenSSL vulnerabilities were disclosed on June 11, 2015 by the OpenSSL Project. OpenSSL is used by IBM API Management. IBM API Management has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2015-1788](<https://vulners.com/cve/CVE-2015-1788>)\n\n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error when processing an ECParameters structure over a specially crafted binary polynomial field. A remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop.\n\nCVSS Base Score: 5\n\nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103778_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103778>) for the current score\n\nCVSS Environmental Score*: Undefined\n\nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## Affected Products and Versions\n\nIBM API Management V3.0 and V4.0\n\n## Remediation/Fixes\n\n**Product**\n\n| **VRMF**| **APAR**| **Remediation/First Fix** \n---|---|---|--- \nIBM API Management| 3.0.0| | [http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/IBM+API+Management&release=3.0.4.0&platform=All&function=fixId&fixids=3.0.4.2-APIManagement-ManagementAppliance-20151209-1511.vcrypt2,3.0.4.2-APIManagement-ManagementAppliance-20151209-1511.ova&includeSupersedes=0](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/IBM+API+Management&release=3.0.4.0&platform=All&function=fixId&fixids=3.0.4.2-APIManagement-ManagementAppliance-20151209-1511.vcrypt2,3.0.4.2-APIManagement-ManagementAppliance-20151209-1511.ova&includeSupersedes=0>) \nIBM API Management| 4.0.0| \n| <http://www-01.ibm.com/support/docview.wss?uid=swg21969793> \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-15T07:03:32", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in OpenSSL affect IBM API Management (CVE-2015-1788)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1788"], "modified": "2018-06-15T07:03:32", "id": "96664DF53BE11FAED301819DD1D116C7E6AE673C7799FAA06ACD6383A47F4D50", "href": "https://www.ibm.com/support/pages/node/536227", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T17:46:03", "description": "## Summary\n\nDenial of Service vulnerability has been identified in OpenSSL. IBM Cloud Orchestrator\u00ae and IBM Cloud Orchestrator Enterprise Edition have addressed this issue. \nThis issue was also addressed by IBM Cloud Manager with OpenStack, IBM HTTP Server, and IBM DB2\u00ae LUW which are shipped with IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise edition. \nAdditionally, the issue has been identified in IBM Tivoli Monitoring that is shipped with IBM Cloud Orchestrator Enterprise edition. \n\n\n## Vulnerability Details\n\nCVEID: [CVE-2015-1788](<https://vulners.com/cve/CVE-2015-1788>) \nDESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an error when processing an ECParameters structure over a specially crafted binary polynomial field. A remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/103778> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P\n\n## Affected Products and Versions\n\n**Principal Product and Version(s)**\n\n| **Affected Supporting Product and Version** \n---|--- \nIBM Cloud Orchestrator V2.5, V2.5.0.1| IBM Cloud Manager with OpenStack 4.3 \nIBM HTTP Server 8.5.5 \nIBM DB2 LUW 10.5.0.6 \nIBM Cloud Orchestrator V2.4, V2.4.0.1, V2.4.0.2, V2.4.0.3| IBM Cloud Manager with OpenStack 4.2 \nIBM HTTP Server 8.5 \nIBM DB2 LUW 10.5.0.6 \nIBM SmartCloud Orchestrator V2.3, V2.3.0.1| IBM DB2 Enterprise Server Edition 10.1.0.5 \nIBM Cloud Orchestrator Enterprise Edition V2.5, V2.5.0.1| IBM Cloud Manager with OpenStack 4.3 \nIBM HTTP Server 8.5.5 \nIBM DB2 LUW 10.5.0.6 \nIBM Tivoli Monitoring 6.3.0.2 \nIBM Cloud Orchestrator Enterprise Edition V2.4, V2.4.0.1, V2.4.0.2, V2.4.0.3| IBM HTTP Server 8.5 \nIBM DB2 LUW 10.5.0.6 \nIBM Tivoli Monitoring 6.3.0.2 \nIBM SmartCloud Orchestrator Enterprise Edition V2.3, V2.3.0.1| IBM DB2 LUW 10.1.0.5 \nIBM Tivoli Monitoring 6.3.0.1 \n \n## Remediation/Fixes\n\nThis issue has been addressed by IBM Cloud Orchestrator (Standard and Enterprise Edition) and through IBM Cloud Manager with OpenStack, IBM HTTP Server, and IBM DB2 LUW which are shipped with IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise Edition. Additionally, this issue has been addressed by IBM Tivoli Monitoring that is shipped with IBM Cloud Orchestrator Enterprise Edition. \n \nFix delivery details for IBM Cloud Orchestrator: \n \n\n\n**Product**| **VRMF**| **Remediation/First Fix** \n---|---|--- \nIBM Cloud Orchestrator | V2.5, V2.5.0.1 IFix1| For 2.5 versions, IBM recommends upgrading to Fix Pack 2 (2.5.0.2) of IBM Cloud Orchestrator. \n \n<http://www-01.ibm.com/support/docview.wss?uid=swg27045667> \nIBM Cloud Orchestrator | V2.4, V2.4.0.1, V2.4.0.2, V2.4.0.3| For 2.4 versions, IBM recommends upgrading to Fix Pack 4 (2.4.0.4) of IBM Cloud Orchestrator. \n\n<https://www-01.ibm.com/support/docview.wss?uid=swg2C4000049> \n \nIBM SmartCloud Orchestrator | V2.3, V2.3.0.1| Contact [IBM Support ](<https://www-947.ibm.com/support/servicerequest/newServiceRequest.action>) \n \nFix delivery details for IBM Cloud Orchestrator Enterprise Edition: \n \n**Product**| **VRMF**| **Remediation/First Fix** \n---|---|--- \nIBM Cloud Orchestrator Enterprise Edition| V2.5 ,V2.5.0.1, V2.5.0.1 IFix1| For 2.5 versions, IBM recommends upgrading to Fix Pack 2 (2.5.0.2) of IBM Cloud Orchestrator Enterprise [](<http://www-01.ibm.com/support/docview.wss?uid=swg27045667>) \n<http://www-01.ibm.com/support/docview.wss?uid=swg27045667> \nIBM Cloud Orchestrator Enterprise Edition| V2.4, V2.4.0.1, V2.4.0.2, V2.4.0.3| For 2.4 versions, IBM recommends upgrading to Fix Pack 4 (2.4.0.4) of IBM Cloud Orchestrator Enterprise. \n\n<https://www-01.ibm.com/support/docview.wss?uid=swg2C4000049> \n \nIBM SmartCloud Orchestrator Enterprise Edition| V2.3, V2.3.0.1| Contact [IBM Support ](<https://www-947.ibm.com/support/servicerequest/newServiceRequest.action>) \n \nRefer to the following security bulletins for vulnerability details and information about fixes addressed by IBM Cloud Manager with OpenStack, IBM HTTP Server, and IBM DB2 LUW which are shipped with IBM Cloud Orchestrator. \n \n**Principal Product and Version(s)**| **Affected Supporting Product and Version**| **Affected Supporting Product Security Bulletin** \n---|---|--- \nIBM Cloud Orchestrator V2.5, V2.5.0.1| \n\n * IBM Cloud Manager with OpenStack 4.3 \n * IBM HTTP Server 8.5.5\n * IBM DB2 LUW 10.5.0.6\n| \n\n * [IBM Cloud Manager with OpenStack 4.3 ](<http://www.ibm.com/support/docview.wss?uid=isg3T1023038>)\n * [IBM HTTP Server 8.5.5](<http://www-01.ibm.com/support/docview.wss?uid=swg21963362>)\n * [IBM DB2 LUW 10.5.0.6](<http://www-01.ibm.com/support/docview.wss?uid=swg21964766>) \nIBM Cloud Orchestrator V2.4, V2.4.0.1, V2.4.0.2, V2.4.0.3| \n\n * IBM Cloud Manager with OpenStack 4.2 \n * IBM HTTP Server 8.5\n * IBM DB2 LUW 10.5.0.6\n| \n\n * [IBM HTTP Server 8.5](<http://www-01.ibm.com/support/docview.wss?uid=swg21963362>)\n * [IBM DB2 LUW10.5.0.6](<http://www-01.ibm.com/support/docview.wss?uid=swg21964766>) \nIBM SmartCloud Orchestrator V2.3, V2.3.0.1| IBM DB2 Enterprise Server Edition 10.1.0.5| [IBM DB2 LUW 10.1.0.5](<http://www-01.ibm.com/support/docview.wss?uid=swg21964766>) \n \n**Note:** IBM Cloud Manager with OpenStack is shipped as component of IBM Cloud Orchestrator 2.4. \n\nRefer to the following security bulletins for vulnerability details and information about fixes addressed by IBM Cloud Manager with OpenStack, IBM HTTP Server, IBM DB2 LUW, and IBM Tivoli Monitoring which are shipped with IBM Cloud Orchestrator Enterprise edition:\n\n \n \n**Principal Product and Version(s)**| **Affected Supporting Product and Version**| **Affected Supporting Product Security Bulletin** \n---|---|--- \nIBM Cloud Orchestrator Enterprise Edition V2.5, V2.5.0.1| \n\n * IBM Cloud Manager with OpenStack 4.3 \n * IBM HTTP Server 8.5.5\n * IBM DB2 LUW 10.5.0.6\n * IBM Tivoli Monitoring 6.3.0.2\n| [IBM Cloud Manager with OpenStack 4.3 ](<http://www.ibm.com/support/docview.wss?uid=isg3T1023038>) \n[IBM HTTP Server 8.5.5](<http://www-01.ibm.com/support/docview.wss?uid=swg21963362>) \n[IBM DB2 LUW10.5.0.6](<http://www-01.ibm.com/support/docview.wss?uid=swg21964766>) \n[IBM Tivoli Monitoring 6.3.0.2](<http://www-01.ibm.com/support/docview.wss?uid=swg21997156>) \nIBM Cloud Orchestrator Enterprise Edition V2.4, V2.4.0.1, V2.4.0.2, V2.4.0.3| \n\n * IBM HTTP Server 8.5\n * IBM DB2 LUW10.5.0.6\n * IBM Tivoli Monitoring 6.3.0.2\n| [IBM HTTP Server 8.5](<http://www-01.ibm.com/support/docview.wss?uid=swg21963362>) \n[IBM DB2 LUW10.5.0.6](<http://www-01.ibm.com/support/docview.wss?uid=swg21964766>) \n[IBM Tivoli Monitoring 6.3.0.2](<http://www-01.ibm.com/support/docview.wss?uid=swg21997156>) \nIBM SmartCloud Orchestrator Enterprise Edition V2.3, V2.3.0.1| \n\n * IBM DB2 LUW 10.1.0.5\n * IBM Tivoli Monitoring 6.3.0.1\n| [IBM DB2 LUW 10.1.0.5](<http://www-01.ibm.com/support/docview.wss?uid=swg21964766>) \n[IBM Tivoli Monitoring 6.3.0.1](<http://www-01.ibm.com/support/docview.wss?uid=swg21997156>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-17T22:33:01", "type": "ibm", "title": "Security Bulletin: Vulnerability in OpenSSL affects IBM Cloud Orchestrator, HTTP Server and bundling products shipped with Cloud Orchestrator and Cloud Orchestrator Enterprise (CVE-2015-1788)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1788"], "modified": "2018-06-17T22:33:01", "id": "C28ECCFDCD0F525C265D4CA3121879F0747D4AB8BCF451EB650EC6F8B50BB526", "href": "https://www.ibm.com/support/pages/node/599213", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T01:54:28", "description": "## Summary\n\nAn OpenSSL denial of service vulnerability disclosed by the OpenSSL Project affects GSKit. IBM WebSphere MQ uses GSKit and addressed the applicable CVE.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-1788_](<https://vulners.com/cve/CVE-2015-1788>) \n** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error when processing an ECParameters structure over a specially crafted binary polynomial field. A remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \n \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103778_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103778>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## Affected Products and Versions\n\nIBM WebSphere MQ 8.0 \n\n\\- Fixpack 8.0.0.3 and previous maintenance levels\n\nIBM WebSphere MQ 7.5\n\n\\- Fixpack 7.5.0.5 and previous maintenance levels\n\nIBM WebSphere MQ 7.1\n\n\\- Fixpack 7.1.0.6 and previous maintenance levels\n\nIBM WebSphere MQ 7.0.1\n\n\\- FIxpack 7.0.1.13 and previous maintenance levels\n\n## Remediation/Fixes\n\nIBM WebSphere MQ 8.0 \n\n\\- Apply [Fixpack 8.0.0.4](<http://www-01.ibm.com/support/docview.wss?uid=swg21969244>)\n\nIBM WebSphere MQ 7.5\n\n\\- Apply [Fixpack 7.5.0.6](<http://www-01.ibm.com/support/docview.wss?uid=swg21975660>)\n\nIBM WebSphere MQ 7.1\n\n\\- Apply [Fixpack 7.1.0.7](<http://www-01.ibm.com/support/docview.wss?uid=swg21965293>)\n\nIBM WebSphere MQ 7.0.1\n\n\\- Apply Fixpack 7.0.1.14 (when available), in the interim apply [APAR IV77604](<www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EWebSphere&product=ibm/WebSphere/WebSphere+MQ&release=7.0&platform=All&function=aparId&apars=IV77604&source=fc>)\n\n## ", "cvss3": {}, "published": "2018-06-15T07:04:24", "type": "ibm", "title": "Security Bulletin: Vulnerability in OpenSSL affects IBM WebSphere MQ (CVE-2015-1788)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1788"], "modified": "2018-06-15T07:04:24", "id": "C18F1AC2D0D0C2B07F75AF3BA243CEDC4570C2610325B9CFF40F409EC37A5644", "href": "https://www.ibm.com/support/pages/node/273475", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T01:54:35", "description": "## Summary\n\nAn OpenSSL denial of service vulnerability disclosed by the OpenSSL Project affects GSKit. IBM MQ Appliance uses GSKit and addressed the applicable CVE.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-1788_](<https://vulners.com/cve/CVE-2015-1788>) \n** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error when processing an ECParameters structure over a specially crafted binary polynomial field. A remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \n \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103778_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103778>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n## Affected Products and Versions\n\nIBM MQ Appliance M2000\n\n## Remediation/Fixes\n\nApply fix pack [8.0.0.4](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/IBM%20MQ%20Appliance%20M2000&release=All&platform=All&function=all>) or later maintenance\n\n## ", "cvss3": {}, "published": "2018-06-15T07:04:15", "type": "ibm", "title": "Security Bulletin: Vulnerability in OpenSSL affects IBM MQ Appliance (CVE-2015-1788)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1788"], "modified": "2018-06-15T07:04:15", "id": "218390BFF75A1EE9F5782E6F5D8A4974DE9C74872244CE63508F8AC545A1D314", "href": "https://www.ibm.com/support/pages/node/272563", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T01:47:07", "description": "## Summary\n\nAn OpenSSL denial of service vulnerability disclosed by the OpenSSL Project affects GSKit. Tivoli Storage Manager Unix and VMware are affected as GSKit is used for communication between FCM components.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-1788_](<https://vulners.com/cve/CVE-2015-1788>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error when processing an ECParameters structure over a specially crafted binary polynomial field. A remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103778_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103778>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n## Affected Products and Versions\n\nThe following IBM Tivoli Storage FlashCopy Manager components and levels are affected by this OpenSSL vulnerability: \n \nFlashCopy Manager for Unix and Linux, FlashCopy Manager for DB2, FlashCopy Manager for Oracle, FlashCopy Manager for Oracle with SAP environments, and FlashCopy Manager for Custom Applications at these levels: \n\\- 4.1.0.0 through 4.1.1.2 \n\\- 3.2.0.0 through 3.2.0.4 \n \nFlashCopy Manager for VMware at these levels: \n\\- 4.1.0.0 through 4.1.2.0 \n\\- 3.2.0.0 through 3.2.0.4\n\n## Remediation/Fixes\n\n**_Tivoli Storage FlashCopy Manager for Unix Release_**\n\n| **_First Fixing VRMF Level_**| **_ \nClient_** \n**_Platform_**| **_Link to Fix / Fix Availability Target_** \n---|---|---|--- \n4.1| 4.1.3.0| AIX| [http://www-933.ibm.com/support/fixcentral/swg/selectFix?product=ibm%2FTivoli%2FTivoli+Storage+FlashCopy+Manager&fixids=4.1.3.0-TIV-TSFCMFTP-AIX&source=myna&myns=swgtiv&mynp=OCSS36V9&mync=R&cm_sp=swgtiv-_-OCSS36V9-_-R&function=fixId&parent=ibm/Tivoli](<http://www-933.ibm.com/support/fixcentral/swg/selectFix?product=ibm%2FTivoli%2FTivoli+Storage+FlashCopy+Manager&fixids=4.1.3.0-TIV-TSFCMFTP-AIX&source=myna&myns=swgtiv&mynp=OCSS36V9&mync=R&cm_sp=swgtiv-_-OCSS36V9-_-R&function=fixId&parent=ibm/Tivoli>) \n \n| 4.1.3.0| Linux| [http://www-933.ibm.com/support/fixcentral/swg/selectFix?product=ibm%2FTivoli%2FTivoli+Storage+FlashCopy+Manager&fixids=4.1.3.0-TIV-TSFCMFTP-Linux&source=myna&myns=swgtiv&mynp=OCSS36V9&mync=R&cm_sp=swgtiv-_-OCSS36V9-_-R&function=fixId&parent=ibm/Tivoli](<http://www-933.ibm.com/support/fixcentral/swg/selectFix?product=ibm%2FTivoli%2FTivoli+Storage+FlashCopy+Manager&fixids=4.1.3.0-TIV-TSFCMFTP-Linux&source=myna&myns=swgtiv&mynp=OCSS36V9&mync=R&cm_sp=swgtiv-_-OCSS36V9-_-R&function=fixId&parent=ibm/Tivoli>) \n \n| 4.1.1.3| HP-UX| <ftp://public.dhe.ibm.com/storage/tivoli-storage-flashcopymanager/patches/v4r1/hpux/v4113/> \n \n \n| 4.1.1.3| Solaris| <ftp://public.dhe.ibm.com/storage/tivoli-storage-flashcopymanager/patches/v4r1/solaris/v4113/> \n \n \n| \n| \n| \n \n3.2| 3.2.0.5| AIX \nHP-UX \nLinux \nSolaris \n| Note that 3.2.0.5 is no longer available for download. You can download 3.2.0.9 to obtain the fix: \n<ftp://public.dhe.ibm.com/storage/tivoli-storage-flashcopymanager/patches/v3r2/> \n**_Tivoli Storage \nFlashCopy Manager for VMware Release_**| **_First Fixing VRMF Level_**| **_Client_** \n**_Platform_**| **_Link to Fix / Fix Availability Target_** \n---|---|---|--- \n4.1| 4.1.3.0| Linux| [http://www-933.ibm.com/support/fixcentral/swg/selectFix?product=ibm%2FTivoli%2FTivoli+Storage+FlashCopy+Manager&fixids=4.1.3.0-TIV-TSFCMFTP-Linux-VMware&source=myna&myns=swgtiv&mynp=OCSS36V9&mync=R&cm_sp=swgtiv-_-OCSS36V9-_-R&function=fixId&parent=ibm/Tivoli](<http://www-933.ibm.com/support/fixcentral/swg/selectFix?product=ibm%2FTivoli%2FTivoli+Storage+FlashCopy+Manager&fixids=4.1.3.0-TIV-TSFCMFTP-Linux-VMware&source=myna&myns=swgtiv&mynp=OCSS36V9&mync=R&cm_sp=swgtiv-_-OCSS36V9-_-R&function=fixId&parent=ibm/Tivoli>) \n \n| \n| \n| \n \n3.2| 3.2.0.5| Linux| Note that 3.2.0.5 is no longer available for download. You can download 3.2.0.9 to obtain the fix: \n<ftp://public.dhe.ibm.com/storage/tivoli-storage-flashcopymanager/patches/v3r2/vmware/> \n \n| \n| \n| \n \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-17T15:10:29", "type": "ibm", "title": "Security Bulletin: Vulnerability in OpenSSL affects Tivoli Storage FlashCopy Manager Unix and VMware (CVE-2015-1788)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1788"], "modified": "2018-06-17T15:10:29", "id": "D696D6BA5722A0DBAF997A72F8E1B1364740C100E291AB2426A4BDD7BDD5DA93", "href": "https://www.ibm.com/support/pages/node/267411", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-03-13T17:45:05", "description": "## Summary\n\nDenial of service in GSKit may affect IBM HTTP Server, if using SSL with IBM HTTP Server. The IBM HTTP Server is used by IBM WebSphere Application Server. \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-1788_](<https://vulners.com/cve/CVE-2015-1788>)** \n** \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error when processing an ECParameters structure over a specially crafted binary polynomial field. A remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103778_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103778>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n## Affected Products and Versions\n\nThis vulnerability affects the following versions and releases of IBM HTTP Server (powered by Apache) component in all editions of WebSphere Application Server and bundling products. \n\n * Version 8.5.5 \n * Version 8.5 \n * Version 8.0 \n\n## Remediation/Fixes\n\nThe recommended solutions is to apply the interim fix, Fix Pack or PTF containing APAR PI44809 for each named product as soon as practical. \n\n**For affected IBM HTTP Server for WebSphere Application Server:** ** \nFor V8.5.0.0 through 8.5.5.6 Full Profile:**\n\n\u00b7 Apply Interim Fix [PI44809](<http://www-01.ibm.com/support/docview.wss?uid=swg24040686>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24039197>)\n\n\\--OR-- \n\u00b7 Apply Fix Pack 8.5.5.7 or later. \n\n** \nFor V8.0 through 8.0.0.11:** \n\u00b7 Apply Interim Fix [PI44809](<http://www-01.ibm.com/support/docview.wss?uid=swg24040686>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24039197>)\n\n\\--OR-- \n\u00b7 Apply Fix Pack 8.0.0.12 or later.\n\n## Workarounds and Mitigations\n\nnone\n\n## ", "cvss3": {}, "published": "2022-09-08T00:09:56", "type": "ibm", "title": "Security Bulletin: Denial of service may affect IBM HTTP Server (CVE-2015-1788)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1788"], "modified": "2022-09-08T00:09:56", "id": "74CEE8219E1D60BC6A66BBFFF067E8FF68222101E533A8C6D0FA63EFC99459E2", "href": "https://www.ibm.com/support/pages/node/533837", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-06-28T22:07:50", "description": "## Summary\n\nGSKit is an IBM component that is used by IBM Rational ClearCase. The GSKit that is shipped with IBM Rational ClearCase contains a security vulnerability. IBM Rational ClearCase has addressed the applicable CVEs. \n\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-1788_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1788>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error when processing an ECParameters structure over a specially crafted binary polynomial field. A remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103778_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103778>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n## Affected Products and Versions\n\nRational ClearCase 7.1.2.9 through 7.1.2.18, 8.0.0.4 through 8.0.0.15, and 8.0.1 through 8.0.1.8. \n \nThe IBM GSKit is used if ClearCase on Windows platforms is configured to integrate with IBM Rational ClearQuest, Rational Team Concert, or Jira with communication over SSL (https). This applies to any integration using Change Management Interface (CMI), and to non-CMI based UCM-enabled CQ integration via OSLC. If your ClearCase deployment is not using these integrations, or not using SSL with the integrations, then your deployment is not sensitive to this attack. The UCM-enabled CQ integration without using OSLC (SQUID) is not sensitive to this attack. \n \n**CMI and OSLC integrations** \n \n\n\n**ClearCase Windows Client Version**\n\n| \n\n**Status** \n \n---|--- \n \n8.0.1 through 8.0.1.8\n\n| \n\nAffected if you use CMI or OSLC integrations \n \n8.0.0.4 through 8.0.0.15\n\n| \n\nAffected if you use CMI or OSLC integrations \n \n8.0 through 8.0.0.3\n\n| \n\nNot affected \n \n7.1.2.9 through 7.1.2.18\n\n| \n\nAffected if you use CMI or OSLC integrations \n \n7.1.2 through 7.1.2.8\n\n| \n\nNot affected \n \n7.0.x, 7.1.0.x, 7.1.1.x\n\n| \n\nNot affected \n \n## Remediation/Fixes\n\nThe solution is to update to the latest fix pack. \n \n\n\n**Affected Versions**\n\n| \n\n** Applying the fix** \n \n---|--- \n \n8.0.1 through 8.0.1.8\n\n| Install [Rational ClearCase Fix Pack 9 (8.0.1.9) for 8.0.1](<http://www.ibm.com/support/docview.wss?uid=swg24040516>) \n \n8.0.0.4 through 8.0.0.15\n\n| Install [Rational ClearCase Fix Pack 16 (8.0.0.16) for 8.0](<http://www.ibm.com/support/docview.wss?uid=swg24040514>) \n \n7.1.2.9 through 7.1.2.18\n\n| Customers on extended support contracts should install [Rational ClearCase Fix Pack 19 (7.1.2.19) for 7.1.2](<http://www.ibm.com/support/docview.wss?uid=swg24040512>) \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n## Important Note\n\nIBM strongly suggests that all System z customers be subscribed to the System z Security Portal to receive the latest critical System z security and integrity service. If you are not subscribed, see the instructions on the [System z Security web site](<http://www.ibm.com/systems/z/solutions/security_subintegrity.html>). Security and integrity APARs and associated fixes will be posted to this portal. IBM suggests reviewing the CVSS scores and applying all security or integrity fixes as soon as possible to minimize any potential risk.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Acknowledgement\n\nNone\n\n## Change History\n\n* 16 September 2015: Original Copy published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Product\":{\"code\":\"SSSH27\",\"label\":\"Rational ClearCase\"},\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud & Data Platform\"},\"Component\":\"Integrations: IBM\",\"Platform\":[{\"code\":\"PF033\",\"label\":\"Windows\"}],\"Version\":\"7.1.2.10;7.1.2.11;7.1.2.12;7.1.2.13;7.1.2.14;7.1.2.15;7.1.2.16;7.1.2.17;7.1.2.18;7.1.2.8;7.1.2.9;8.0.0.10;8.0.0.11;8.0.0.12;8.0.0.13;8.0.0.14;8.0.0.15;8.0.0.4;8.0.0.5;8.0.0.6;8.0.0.7;8.0.0.8;8.0.0.9;8.0.1;8.0.1.1;8.0.1.2;8.0.1.3;8.0.1.4;8.0.1.5;8.0.1.6;8.0.1.7;8.0.1.8\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}}]", "cvss3": {}, "published": "2018-07-10T08:34:12", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in GSKit affect IBM Rational ClearCase (CVE-2015-1788)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1788"], "modified": "2018-07-10T08:34:12", "id": "A84A7C9BF929868F8166CB87D5CEFBA3C864431A4299CB147A963BF97FDE753B", "href": "https://www.ibm.com/support/pages/node/531467", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-13T01:35:30", "description": "## Summary\n\nOpenSSL vulnerabilities were disclosed on June 11, 2015 by the OpenSSL Project. This includes Logjam Attack on TLS connections using the Diffie-Hellman (DH) key exchange protocol (CVE-2015-4000). OpenSSL is used by IBM MQ Light. IBM MQ Light has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2015-1788](<https://vulners.com/cve/CVE-2015-1788>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error when processing an ECParameters structure over a specially crafted binary polynomial field. A remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103778_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103778>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n**CVEID:** [CVE-2015-1789](<https://vulners.com/cve/CVE-2015-1789>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds read in X509_cmp_time. An attacker could exploit this vulnerability using a specially crafted certificate or CRL to trigger a segmentation fault. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103779_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103779>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n**CVEID:** [_CVE-2015-4000_](<https://vulners.com/cve/CVE-2015-4000>)** \nDESCRIPTION:** The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to properly convey a DHE_EXPORT ciphersuite choice. An attacker could exploit this vulnerability using man-in-the-middle techniques to force a downgrade to 512-bit export-grade cipher. Successful exploitation could allow an attacker to recover the session key as well as modify the contents of the traffic. This vulnerability is commonly referred to as \"Logjam\". \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103294_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103294>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\n## Affected Products and Versions\n\nThe vulnerabilities affect users of the [mqlight](<https://www.npmjs.com/package/mqlight>) IBM MQ Light Client Module for Node.js\u00ae on all platforms at the following versions: \n1.0.2014090800 \n1.0.2014090801 \n1.0.2014091000-red \n1.0.2014091001 \n \nIt also affects users of the [mqlight-dev](<https://www.npmjs.com/package/mqlight-dev>) IBM MQ Light Client Module for Node.js between versions 1.0.2014090300 and 1.0.2014111002 inclusive.\n\n## Remediation/Fixes\n\nUsers of the IBM MQ Light Client Module for Node.js at an affected version should update to the latest version of the IBM MQ Light Client Module for Node.js as found on [https://www.npmjs.com](<https://www.npmjs.com/>). \n \nFor CVE-2015-4000: You should verify applying this configuration change does not cause any compatibility issues. If you change the default setting after applying the fix, you will expose yourself to the attack described above. IBM recommends that you review your entire environment to identify other areas where you have enabled the Diffie-Hellman key-exchange protocol used in TLS and take appropriate mitigation and remediation actions. This includes the Node.js runtime environment.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-15T07:03:21", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in OpenSSL including Logjam affect IBM MQ Light (CVE-2015-1788, CVE-2015-1789, CVE-2015-4000)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1788", "CVE-2015-1789", "CVE-2015-4000"], "modified": "2018-06-15T07:03:21", "id": "F55ABDFF87575503ED1A594C10571C58606CD661947C9F188A65571C4868F922", "href": "https://www.ibm.com/support/pages/node/531117", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-13T01:34:36", "description": "## Summary\n\nOpenSSL vulnerabilities were disclosed in June 2015 by the OpenSSL Project. OpenSSL is used by SAN Volume Controller and Storwize Family. SAN Volume Controller and Storwize Family has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-1789_](<https://vulners.com/cve/CVE-2015-1789>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds read in X509_cmp_time. An attacker could exploit this vulnerability using a specially crafted certificate or CRL to trigger a segmentation fault. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#__/__vulnerabilities/103779_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103779>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n**CVEID:** [_CVE-2015-1791_](<https://vulners.com/cve/CVE-2015-1791>)** \nDESCRIPTION:** A double-free memory error in OpenSSL in the ssl3_get_new_session_ticket() function has an unknown impact. By returning a specially crafted NewSessionTicket message, an attacker could cause the client to reuse a previous ticket resulting in a race condition. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103609_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103609>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [_CVE-2015-1788_](<https://vulners.com/cve/CVE-2015-1788>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error when processing an ECParameters structure over a specially crafted binary polynomial field. A remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103778_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103778>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## Affected Products and Versions\n\nIBM SAN Volume Controller \nIBM Storwize V7000 \nIBM Storwize V5000 \nIBM Storwize V3700 \nIBM Storwize V3500 \n \nAll products are affected when running supported releases 1.1 to 7.5 except for versions 7.3.0.12, 7.4.0.6 and 7.5.0.3 and above.\n\n## Remediation/Fixes\n\nIBM recommends that you fix this vulnerability by upgrading affected versions of IBM SAN Volume Controller, IBM Storwize V7000, V5000, V3700 and V3500 to the following code levels or higher: \n \n7.3.0.12 \n7.4.0.6 \n7.5.0.3 \n \n[_Latest SAN Volume Controller Code_](<http://www-01.ibm.com/support/docview.wss?rs=591&uid=ssg1S1001707>) \n[_Latest Storwize V7000 Code_](<http://www-01.ibm.com/support/docview.wss?uid=ssg1S1003705>) \n[_Latest Storwize V5000 Code_](<http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004336>) \n[_Latest Storwize V3700 Code_](<http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004172>) \n[_Latest Storwize V3500 Code_](<http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004171>)\n\n## Workarounds and Mitigations\n\nAlthough IBM recommends that you install a level of code with a fix for this vulnerability, you can mitigate, although not eliminate, your risk until you have done so by ensuring that all users who have access to the system are authenticated by another security system such as a firewall.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-18T00:10:09", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in OpenSSL affects SAN Volume Controller and Storwize Family (CVE-2015-1789 CVE-2015-1791 CVE-2015-1788 )", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1791"], "modified": "2018-06-18T00:10:09", "id": "C95E77161B48C2969E6AAB743AAD921249B05B139C9E6DB99D47B8254D0339E9", "href": "https://www.ibm.com/support/pages/node/690729", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-23T21:52:05", "description": "## Summary\n\nThe following OpenSSL vulnerabilities are addressed by the IBM BladeCenter Switches listed below.\n\n## Vulnerability Details\n\n## Summary\n\nThe following OpenSSL vulnerabilities are addressed by the IBM BladeCenter Switches listed below.\n\n**Vulnerability Details:**\n\n**CVE-ID:** [CVE-2015-1788](<https://vulners.com/cve/CVE-2015-1788>)\n\n**Description:** OpenSSL is vulnerable to a denial of service, caused by an error when processing an ECParameters structure over a specially crafted binary polynomial field. A remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop.\n\nCVSS Base Score: 5 \nCVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/103778> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVE-ID:** [CVE-2015-1789](<https://vulners.com/cve/CVE-2015-1789>)\n\n**Description:** OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds read in X509_cmp_time. An attacker could exploit this vulnerability using a specially crafted certificate or CRL to trigger a segmentation fault.\n\nCVSS Base Score: 5 \nCVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/103779> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVE-ID:** [CVE-2015-1792](<https://vulners.com/cve/CVE-2015-1792>)\n\n**Description:** OpenSSL is vulnerable to a denial of service, caused by an error when verifying a signedData message. An attacker could exploit this vulnerability using an unknown hash function OID to cause the application to enter into an infinite loop.\n\nCVSS Base Score: 5 \nCVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/103781> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## Affected products and versions\n\nProduct | Affected Version | Fix Version \n---|---|--- \nIBM 1/10Gb Uplink Ethernet Switch Module \nibm_fw_bcsw_110gup-6.8.22.0_anyos_noarch | 6.8.21.0 | 6.8.22.0 \nIBM 1/10Gb Uplink Ethernet Switch Module \nibm_fw_bcsw_110gup-7.4.12.0_anyos_noarch | 7.4.11.0 | 7.4.12.0 \nIBM Virtual Fabric 10Gb Switch Module \nibm_fw_bcsw_24-10g-6.8.22.0_anyos_noarch | 6.8.21.0 | 6.8.22.0 \nIBM Virtual Fabric 10Gb Switch Module \nibm_fw_bcsw_24-10g-7.8.8.0_anyos_noarch | 7.8.7.0 | 7.8.8.0 \n \n## Remediation/Fixes:\n\nFirmware fix versions are available on Fix Central: <http://www.ibm.com/support/fixcentral/>\n\nYou should verify applying the fix does not cause any compatibility issues.\n\n## Workarounds and Mitigations:\n\nNone.\n\n## References:\n\n * [Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide.html>)\n * [On-line Calculator v2](<http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2>)\n\n**Related Information:** \n[IBM Secure Engineering Web Portal](<http://www-01.ibm.com/software/test/wenses/security/>) \n[IBM Product Security Incident Response Blog](<https://www.ibm.com/blogs/psirt/>) \n\n\n**Acknowledgement**\n\nNone.\n\n**Change History** \n02 November 2015: Original version published\n\n* The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n**Disclaimer**\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"AS IS\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-01-31T02:10:01", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in OpenSSL affect IBM BladeCenter Switches (CVE-2015-1788, CVE-2015-1789, CVE-2015-1792)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1792"], "modified": "2019-01-31T02:10:01", "id": "4D12E5BE07979EF0E8D6872D8803DB6EC73BE7AC4A1682631BC85622BE9A7B7F", "href": "https://www.ibm.com/support/pages/node/868036", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-23T21:52:06", "description": "## Summary\n\nThe following OpenSSL vulnerabilities are addressed by the IBM System Networking RackSwitch products listed below.\n\n## Vulnerability Details\n\n## Summary\n\nThe following OpenSSL vulnerabilities are addressed by the IBM System Networking RackSwitch products listed below.\n\n**Vulnerability Details:**\n\n**CVE-ID:** [CVE-2015-1788](<https://vulners.com/cve/CVE-2015-1788>)\n\n**Description:** OpenSSL is vulnerable to a denial of service, caused by an error when processing an ECParameters structure over a specially crafted binary polynomial field. A remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop.\n\nCVSS Base Score: 5 \nCVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/103778> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVE-ID:** [CVE-2015-1789](<https://vulners.com/cve/CVE-2015-1789>)\n\n**Description:** OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds read in X509_cmp_time. An attacker could exploit this vulnerability using a specially crafted certificate or CRL to trigger a segmentation fault.\n\nCVSS Base Score: 5 \nCVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/103779> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVE-ID:** [CVE-2015-1792](<https://vulners.com/cve/CVE-2015-1792>)\n\n**Description:** OpenSSL is vulnerable to a denial of service, caused by an error when verifying a signedData message. An attacker could exploit this vulnerability using an unknown hash function OID to cause the application to enter into an infinite loop.\n\nCVSS Base Score: 5 \nCVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/103781> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## Affected Products and Versions\n\nIBM System Networking RackSwitch | Affected Version \n---|--- \nG8052 | 7.9.14.0 \nG8052 | 7.11.4.0 \nG8124/G8124-E | 7.11.4.0 \nG8264 | 7.11.4.0 \nG8264 | 7.9.14.0 \nG8264CS | 7.8.11.0 \nG8264T | 7.9.14.0 \nG8316 | 7.9.14.0 \nG8332 | 7.7.20.0 \n \n## Remediation/Fixes:\n\nFirmware fix versions are available on Fix Central: <http://www.ibm.com/support/fixcentral/>\n\nYou should verify applying the fix does not cause any compatibility issues.\n\nIBM System Networking RackSwitch | Fix Version \n---|--- \nG8052 ([ G8052-7.9.15.0.zip](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=Ethernet+switches&product=ibm/Systems_Networking/IBM+BNT+RackSwitch+G8052R,F+G8264R,F&release=All&platform=All&function=fixId&fixids=G8052_Image_7.9.15.0&includeSupersedes=0&source=fc>)) | 7.9.15.0 \nG8052 ([ G8052-7.11.5.0.zip](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=Ethernet+switches&product=ibm/Systems_Networking/IBM+BNT+RackSwitch+G8052R,F+G8264R,F&release=All&platform=All&function=fixId&fixids=G8052_Image_7.9.15.0&includeSupersedes=0&source=fc>)) | 7.11.5.0 \nG8124/G8124-E ([ G8124_G8124E-7.11.5.0.zip](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=Ethernet+switches&product=ibm/Systems_Networking/IBM+BNT+RackSwitch+G8124&release=All&platform=All&function=fixId&fixids=G8124_G8124E_Image_7.11.5.0&includeSupersedes=0&source=fc>)) | 7.11.5.0 \nG8264 ([ G8264-7.11.5.0.zip](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=Ethernet+switches&product=ibm/Systems_Networking/IBM+BNT+RackSwitch+G8264&release=All&platform=All&function=fixId&fixids=G8264_Image_7.11.5.0&includeSupersedes=0&source=fc>)) | 7.11.5.0 \nG8264 ([ G8264-7.9.15.0.zip](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=Ethernet+switches&product=ibm/Systems_Networking/IBM+BNT+RackSwitch+G8264&release=All&platform=All&function=fixId&fixids=G8264_Image_7.9.15.0&includeSupersedes=0&source=fc>)) | 7.9.15.0 \nG8264CS ([ G8264CS-7.8.12.0.zip](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=Converged+switches&product=ibm/Systems_Networking/IBM+RackSwitch+G8264CS&release=All&platform=All&function=fixId&fixids=G8264CS_Image_7.8.12.0&includeSupersedes=0&source=fc>)) | 7.8.12.0 \nG8264T ([ G8264T-7.9.15.0.zip](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=Ethernet+switches&product=ibm/Systems_Networking/IBM+RackSwitch+G8264T&release=All&platform=All&function=fixId&fixids=G8264T_Image_7.9.15.0&includeSupersedes=0&source=fc>)) | 7.9.15.0 \nG8316 ([ G8316-7.9.15.0.zip](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=Ethernet+switches&product=ibm/Systems_Networking/IBM+System+Networking+RackSwitch+G8316&release=All&platform=All&function=fixId&fixids=G8316_Image_7.9.15.0&includeSupersedes=0&source=fc>)) | 7.9.15.0 \nG8332 ([ G8332-7.7.21.0.zip](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=Ethernet+switches&product=ibm/Systems_Networking/IBM+RackSwitch+G8332&release=All&platform=All&function=fixId&fixids=G8332_Image_7.7.21.0&includeSupersedes=0&source=fc>)) | 7.7.21.0 \n \n## Workarounds and Mitigations:\n\nNone.\n\n## References:\n\n * [Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide.html>)\n * [On-line Calculator v2](<http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2>)\n\n**Related Information:** \n[IBM Secure Engineering Web Portal](<http://www-01.ibm.com/software/test/wenses/security/>) \n[IBM Product Security Incident Response Blog](<https://www.ibm.com/blogs/psirt/>) \n\n\n**Acknowledgement**\n\nNone.\n\n**Change History** \n02 November 2015: Original version published\n\n* The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n**Disclaimer**\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"AS IS\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-01-31T02:10:01", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in OpenSSL affect IBM System Networking RackSwitch (CVE-2015-1788, CVE-2015-1789, CVE-2015-1792)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1792"], "modified": "2019-01-31T02:10:01", "id": "45F1C26D25DC54B1111841C7E8AF4B04A66D3C9CACBB5F447E428D3CDDC00C57", "href": "https://www.ibm.com/support/pages/node/868038", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-23T21:52:07", "description": "## Summary\n\nThe following OpenSSL vulnerabilities are addressed by the IBM Flex System Networking Switches listed below.\n\n## Vulnerability Details\n\n## Summary\n\nThe following OpenSSL vulnerabilities are addressed by the IBM Flex System Networking Switches listed below.\n\n**Vulnerability Details:**\n\n**CVE-ID:** [CVE-2015-1788](<https://vulners.com/cve/CVE-2015-1788>)\n\n**Description:** OpenSSL is vulnerable to a denial of service, caused by an error when processing an ECParameters structure over a specially crafted binary polynomial field. A remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop.\n\nCVSS Base Score: 5 \nCVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/103778> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVE-ID:** [CVE-2015-1789](<https://vulners.com/cve/CVE-2015-1789>)\n\n**Description:** OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds read in X509_cmp_time. An attacker could exploit this vulnerability using a specially crafted certificate or CRL to trigger a segmentation fault.\n\nCVSS Base Score: 5 \nCVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/103779> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVE-ID:** [CVE-2015-1792](<https://vulners.com/cve/CVE-2015-1792>)\n\n**Description:** OpenSSL is vulnerable to a denial of service, caused by an error when verifying a signedData message. An attacker could exploit this vulnerability using an unknown hash function OID to cause the application to enter into an infinite loop.\n\nCVSS Base Score: 5 \nCVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/103781> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## Affected products and Versions\n\nProduct | Affected Version | Fix Version \n---|---|--- \nIBM Flex System Fabric EN4093R 10Gb Scalable Switch (ibm_fw_scsw_en4093r-7.8.12.0) | 7.8.11.0 | 7.8.12.0 \nIBM Flex System Fabric CN4093 10Gb Converged Scalable Switch (ibm_fw_scsw_cn4093-7.8.12.0) | 7.8.11.0 | 7.8.12.0 \nIBM Flex System Fabric SI4093 System Interconnect Module (ibm_fw_scsw_si4093-7.8.12.0) | 7.8.11.0 | 7.8.12.0 \nIBM Flex System EN2092 1Gb Ethernet Scalable Switch (ibm_fw_scsw_en2092-7.8.12.0) | 7.8.11.0 | 7.8.12.0 \nIBM Flex System Interconnect Fabric (G8264CS_SI_Fabric_Image_7.8.12.0) | 7.8.11.0 | 7.8.12.0 \n \n## Remediation/Fixes:\n\nFirmware fix versions are available on Fix Central: \n<http://www-933.ibm.com/support/fixcentral/>\n\nYou should verify applying the fix does not cause any compatibility issues.\n\n## Workarounds and Mitigations:\n\nNone\n\n## References:\n\n * [Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide.html>)\n * [On-line Calculator v2](<http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2>)\n\n**Related Information:** \n[IBM Secure Engineering Web Portal](<http://www-01.ibm.com/software/test/wenses/security/>) \n[IBM Product Security Incident Response Blog](<https://www.ibm.com/blogs/psirt/>) \n\n\n**Acknowledgement**\n\nNone\n\n**Change History** \n29 October 2015: Original Copy Published\n\n* The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n**Disclaimer**\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"AS IS\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-01-31T02:10:01", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in OpenSSL affect IBM Flex System Networking Switches (CVE-2015-1788, CVE-2015-1789, CVE-2015-1792)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1792"], "modified": "2019-01-31T02:10:01", "id": "CC8C9E3E213B252611C58A980B905CDA01579A3982393A03C0CA88E7D0247D07", "href": "https://www.ibm.com/support/pages/node/868024", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-23T21:52:08", "description": "## Summary\n\nThe following OpenSSL vulnerabilities are addressed by the IBM Flex System Networking Switches listed below.\n\n## Vulnerability Details\n\n## Summary\n\nThe following OpenSSL vulnerabilities are addressed by the IBM Flex System Networking Switches listed below.\n\n**Vulnerability Details:**\n\n**CVE-ID:** [CVE-2015-1788](<https://vulners.com/cve/CVE-2015-1788>)\n\n**Description:** OpenSSL is vulnerable to a denial of service, caused by an error when processing an ECParameters structure over a specially crafted binary polynomial field. A remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop.\n\nCVSS Base Score: 5 \nCVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/103778> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVE-ID:** [CVE-2015-1789](<https://vulners.com/cve/CVE-2015-1789>)\n\n**Description:** OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds read in X509_cmp_time. An attacker could exploit this vulnerability using a specially crafted certificate or CRL to trigger a segmentation fault.\n\nCVSS Base Score: 5 \nCVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/103779> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVE-ID:** [CVE-2015-1792](<https://vulners.com/cve/CVE-2015-1792>)\n\n**Description:** OpenSSL is vulnerable to a denial of service, caused by an error when verifying a signedData message. An attacker could exploit this vulnerability using an unknown hash function OID to cause the application to enter into an infinite loop.\n\nCVSS Base Score: 5 \nCVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/103781> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## Affected products and Versions\n\nProduct | Affected Version | Fix Version \n---|---|--- \nIBM Flex System Fabric EN4093R 10Gb Scalable Switch (ibm_fw_scsw_en4093r-7.8.12.0) | 7.8.11.0 | 7.8.12.0 \nIBM Flex System Fabric CN4093 10Gb Converged Scalable Switch (ibm_fw_scsw_cn4093-7.8.12.0) | 7.8.11.0 | 7.8.12.0 \nIBM Flex System Fabric SI4093 System Interconnect Module (ibm_fw_scsw_si4093-7.8.12.0) | 7.8.11.0 | 7.8.12.0 \nIBM Flex System EN2092 1Gb Ethernet Scalable Switch (ibm_fw_scsw_en2092-7.8.12.0) | 7.8.11.0 | 7.8.12.0 \nIBM Flex System Interconnect Fabric (G8264CS_SI_Fabric_Image_7.8.12.0) | 7.8.11.0 | 7.8.12.0 \n \n## Remediation/Fixes:\n\nFirmware fix versions are available on Fix Central: \n<http://www-933.ibm.com/support/fixcentral/>\n\nYou should verify applying the fix does not cause any compatibility issues.\n\n## Workarounds and Mitigations:\n\nNone\n\n## References:\n\n * [Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide.html>)\n * [On-line Calculator v2](<http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2>)\n\n**Related Information:** \n[IBM Secure Engineering Web Portal](<http://www-01.ibm.com/software/test/wenses/security/>) \n[IBM Product Security Incident Response Blog](<https://www.ibm.com/blogs/PSIRT>) \n\n\n**Acknowledgement**\n\nNone\n\n**Change History** \n29 October 2015: Original Copy Published\n\n* The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n**Disclaimer**\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"AS IS\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-01-31T02:10:01", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in OpenSSL affect IBM Flex System Networking Switches (CVE-2015-1788, CVE-2015-1789, CVE-2015-1792)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1792"], "modified": "2019-01-31T02:10:01", "id": "C48BCCCB9C9D9824A3691807D1186751538A4148C753DE0274ECBC66A45D9086", "href": "https://www.ibm.com/support/pages/node/868034", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-23T21:52:08", "description": "## Summary\n\nThe following OpenSSL vulnerabilities are addressed by the IBM Flex System Networking Switches listed below.\n\n## Vulnerability Details\n\n## Summary\n\nThe following OpenSSL vulnerabilities are addressed by the IBM Flex System Networking Switches listed below.\n\n**Vulnerability Details:**\n\n**CVE-ID:** [CVE-2015-1788](<https://vulners.com/cve/CVE-2015-1788>)\n\n**Description:** OpenSSL is vulnerable to a denial of service, caused by an error when processing an ECParameters structure over a specially crafted binary polynomial field. A remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop.\n\nCVSS Base Score: 5 \nCVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/103778> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVE-ID:** [CVE-2015-1789](<https://vulners.com/cve/CVE-2015-1789>)\n\n**Description:** OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds read in X509_cmp_time. An attacker could exploit this vulnerability using a specially crafted certificate or CRL to trigger a segmentation fault.\n\nCVSS Base Score: 5 \nCVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/103779> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVE-ID:** [CVE-2015-1792](<https://vulners.com/cve/CVE-2015-1792>)\n\n**Description:** OpenSSL is vulnerable to a denial of service, caused by an error when verifying a signedData message. An attacker could exploit this vulnerability using an unknown hash function OID to cause the application to enter into an infinite loop.\n\nCVSS Base Score: 5 \nCVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/103781> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## Affected products and Versions\n\nProduct | Affected Version | Fix Version \n---|---|--- \nIBM Flex System Fabric EN4093R 10Gb Scalable Switch (ibm_fw_scsw_en4093r-7.8.12.0) | 7.8.11.0 | 7.8.12.0 \nIBM Flex System Fabric CN4093 10Gb Converged Scalable Switch (ibm_fw_scsw_cn4093-7.8.12.0) | 7.8.11.0 | 7.8.12.0 \nIBM Flex System Fabric SI4093 System Interconnect Module (ibm_fw_scsw_si4093-7.8.12.0) | 7.8.11.0 | 7.8.12.0 \nIBM Flex System EN2092 1Gb Ethernet Scalable Switch (ibm_fw_scsw_en2092-7.8.12.0) | 7.8.11.0 | 7.8.12.0 \nIBM Flex System Interconnect Fabric (G8264CS_SI_Fabric_Image_7.8.12.0) | 7.8.11.0 | 7.8.12.0 \n \n## Remediation/Fixes:\n\nFirmware fix versions are available on Fix Central: \n<http://www-933.ibm.com/support/fixcentral/>\n\nYou should verify applying the fix does not cause any compatibility issues.\n\n## Workarounds and Mitigations:\n\nNone\n\n## References:\n\n * [Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide.html>)\n * [On-line Calculator v2](<http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2>)\n\n**Related Information:** \n[IBM Secure Engineering Web Portal](<http://www-01.ibm.com/software/test/wenses/security/>) \n[IBM Product Security Incident Response Blog](<https://www.ibm.com/blogs/PSIRT>) \n\n\n**Acknowledgement**\n\nNone\n\n**Change History** \n29 October 2015: Original Copy Published\n\n* The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n**Disclaimer**\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"AS IS\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-01-31T02:10:01", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in OpenSSL affect IBM Flex System Networking Switches (CVE-2015-1788, CVE-2015-1789, CVE-2015-1792)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1792"], "modified": "2019-01-31T02:10:01", "id": "F77D882E57D3DF8BFA32289B35EE8D46A1AD0E81EF2A1D59F10C3294CA99EAFD", "href": "https://www.ibm.com/support/pages/node/868032", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T01:54:47", "description": "## Summary\n\nOpenSSL vulnerabilities were disclosed on June 11, 2015 by the OpenSSL Project. OpenSSL is used by WebSphere MQ 5.3 (HPNSS) has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2015-1788](<https://vulners.com/cve/CVE-2015-1788>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error when processing an ECParameters structure over a specially crafted binary polynomial field. A remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103778_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103778>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n**CVEID:** [CVE-2015-1789](<https://vulners.com/cve/CVE-2015-1789>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds read in X509_cmp_time. An attacker could exploit this vulnerability using a specially crafted certificate or CRL to trigger a segmentation fault. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103779_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103779>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [CVE-2015-1791](<https://vulners.com/cve/CVE-2015-1791>) \n**DESCRIPTION:** A double-free memory error in OpenSSL in the ssl3_get_new_session_ticket() function has an unknown impact. By returning a specially crafted NewSessionTicket message, an attacker could cause the client to reuse a previous ticket resulting in a race condition. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103609_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103609>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)\n\n## Affected Products and Versions\n\nIBM WebSphere MQ V5.3 for HP NonStop \n\n## Remediation/Fixes\n\n**_ \nIBM WebSphere MQ V5.3 for HP NonStop_** \nA patched version of OpenSSL will be made available in WebSphere MQ v531.11 Patch 1, which will be available from your IBM Support representative.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-15T07:03:37", "type": "ibm", "title": "Security Bulletin: Multiple OpenSSL Vulnerabilities affect IBM WebSphere MQ 5.3 on HP NonStop (CVE-2015-1788) (CVE-2015-1789) (CVE-2015-1791)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1791"], "modified": "2018-06-15T07:03:37", "id": "2B57635893A008B30DACCBFC585DFBEFC6815B10A081CE771A451CBB98704E62", "href": "https://www.ibm.com/support/pages/node/266093", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:42:08", "description": "## Summary\n\nOpenSSL vulnerabilities were disclosed on June 11, 2015 by the OpenSSL Project. OpenSSL is used by IBM Rational ClearCase. IBM Rational ClearCase has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2015-1788](<https://vulners.com/cve/CVE-2015-1788>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error when processing an ECParameters structure over a specially crafted binary polynomial field. A remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103778_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103778>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n**CVEID:** [CVE-2015-1789](<https://vulners.com/cve/CVE-2015-1789>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds read in X509_cmp_time. An attacker could exploit this vulnerability using a specially crafted certificate or CRL to trigger a segmentation fault. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103779_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103779>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [CVE-2015-1791](<https://vulners.com/cve/CVE-2015-1791>) \n**DESCRIPTION:** A double-free memory error in OpenSSL in the ssl3_get_new_session_ticket() function has an unknown impact. By returning a specially crafted NewSessionTicket message, an attacker could cause the client to reuse a previous ticket resulting in a race condition. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103609_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103609>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)\n\n## Affected Products and Versions\n\nIBM Rational ClearCase versions: \n \n\n\n**Version**\n\n| \n\n**Status** \n \n---|--- \n \n8.0.1 through 8.0.1.8\n\n| \n\nAffected \n \n8.0 through 8.0.0.15\n\n| \n\nAffected \n \n7.1.0.x, 7.1.1.x (all versions) \n7.1.2 through 7.1.2.18\n\n| \n\nAffected \n \n \nNot all deployments of Rational ClearCase use OpenSSL in a way that is affected by these vulnerabilities. \n \nYou are vulnerable if your use of Rational ClearCase includes _any_ of these configurations: \n\n\n 1. You use the base ClearCase/ClearQuest integration client on any platform, configured to use SSL to communicate with a ClearQuest server. \n\n 2. You use the UCM/ClearQuest integration on UNIX/Linux clients, configured to use SSL to communicate with a ClearQuest server. \n**Note:** Windows clients using the UCM/ClearQuest integration are not vulnerable. \n\n 3. On UNIX/Linux clients, you use the Change Management Integrations for base ClearCase with ClearQuest or Rational Team Concert (RTC), or for UCM with ClearQuest or RTC, or for Jira, when configured to use SSL to communicate with the server. \n**Note:** Windows clients using the CMI integration are not vulnerable. \n\n 4. You use ratlperl, ccperl, or cqperl to run your own perl scripts, **and** those scripts use SSL connections.\n\n## Remediation/Fixes\n\nApply a fix pack as listed in the table below. The fix pack includes OpenSSL 1.0.1p. \n \n\n\n**Affected Versions**\n\n| \n\n** Applying the fix** \n \n---|--- \n \n8.0.1 through 8.0.1.8\n\n| Install [Rational ClearCase Fix Pack 9 (8.0.1.9) for 8.0.1](<http://www.ibm.com/support/docview.wss?uid=swg24040516>) \n \n8.0 through 8.0.0.15\n\n| Install [Rational ClearCase Fix Pack 16 (8.0.0.16) for 8.0](<http://www.ibm.com/support/docview.wss?uid=swg24040514>) \n \n7.1.2 through 7.1.2.18 \n7.1.1.x (all fix packs) \n7.1.0.x (all fix packs)\n\n| Customers on extended support contracts should install [Rational ClearCase Fix Pack 19 (7.1.2.19) for 7.1.2](<http://www.ibm.com/support/docview.wss?uid=swg24040512>) \n \n_For 7.0.x and earlier releases, IBM recommends upgrading to a fixed, supported version/release/platform of the product._\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-07-10T08:34:12", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in OpenSSL affect IBM Rational ClearCase (CVE-2015-1788, CVE-2015-1789, CVE-2015-1791)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1791"], "modified": "2018-07-10T08:34:12", "id": "7F7D42194E4015B776224531EE3852B2B585177034C5ECE3EE02E228E4FE686D", "href": "https://www.ibm.com/support/pages/node/530347", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:49:05", "description": "## Summary\n\nOpenSSL vulnerabilities were disclosed on June 11, 2015 by the OpenSSL Project. OpenSSL is used by IBM Rational ClearQuest . IBM Rational ClearQuest has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2015-1788](<https://vulners.com/cve/CVE-2015-1788>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error when processing an ECParameters structure over a specially crafted binary polynomial field. A remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103778_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103778>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n**CVEID:** [CVE-2015-1789](<https://vulners.com/cve/CVE-2015-1789>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds read in X509_cmp_time. An attacker could exploit this vulnerability using a specially crafted certificate or CRL to trigger a segmentation fault. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103779_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103779>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [CVE-2015-1791](<https://vulners.com/cve/CVE-2015-1791>) \n**DESCRIPTION:** A double-free memory error in OpenSSL in the ssl3_get_new_session_ticket() function has an unknown impact. By returning a specially crafted NewSessionTicket message, an attacker could cause the client to reuse a previous ticket resulting in a race condition. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103609_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103609>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)\n\n## Affected Products and Versions\n\nIBM Rational ClearQuest versions: \n \n\n\n**Version**\n\n| \n\n**Status** \n \n---|--- \n \n8.0.1 through 8.0.1.8\n\n| \n\nAffected \n \n8.0 through 8.0.0.15\n\n| \n\nAffected \n \n7.1.0.x, 7.1.1.x (all versions) \n7.1.2 through 7.1.2.18\n\n| \n\nAffected \n \n \nNot all deployments of Rational ClearQuest use OpenSSL in a way that is affected by these vulnerabilities. \n \nYou are vulnerable if your use of Rational ClearQuest includes _any_ of these configurations: \n\n 1. You use SSL connections in perl scripts run by ratlperl or cqperl, or by ClearQuest hooks. In this situation, you should review all the fixes provided by the OpenSSL project to see which ones apply to your use of OpenSSL. See the references link below.\n 2. You integrate with ClearCase.\n\n## Remediation/Fixes\n\nThe solution is to update to the latest fix pack. The fix pack includes OpenSSL 1.0.1p. \n \n\n\n**Affected Versions**\n\n| \n\n** Applying the fix** \n \n---|--- \n \n8.0.1 through 8.0.1.8\n\n| Install [Rational ClearQuest Fix Pack 9 (8.0.1.9) for 8.0.1](<http://www.ibm.com/support/docview.wss?uid=swg24040515>) \n \n8.0 through 8.0.0.14\n\n| Install [Rational ClearQuest Fix Pack 16 (8.0.0.16) for 8.0](<http://www-01.ibm.com/support/docview.wss?uid=swg24040513>) \n \n7.1.2 through 7.1.2.17\n\n| Customers on extended support contracts should install [Rational ClearQuest Fix Pack 19 (7.1.2.19) for 7.1.2](<http://www-01.ibm.com/support/docview.wss?uid=swg24040511>) \n \n7.1.1.x (all fix packs) \n7.1.0.x (all fix packs)\n\n| Customers on extended support contracts should contact Rational Customer Support \n \n_For 7.0.x and earlier releases, IBM recommends upgrading to a fixed, supported version/release/platform of the product._\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-17T05:04:24", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in OpenSSL affect IBM Rational ClearQuest (CVE-2015-1788, CVE-2015-1789, CVE-2015-1791)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1791"], "modified": "2018-06-17T05:04:24", "id": "C3DE321F78B4C8F5AC5B1E58A1D07302D3EF4CC60E15AAA9DC7F80835BF64230", "href": "https://www.ibm.com/support/pages/node/533065", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:49:10", "description": "## Summary\n\nOpenSSL vulnerabilities were disclosed on June 11, 2015 by the OpenSSL Project. OpenSSL is used by IBM Rational RequisitePro. RequisitePro has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-1788_](<https://vulners.com/cve/CVE-2015-1788>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error when processing an ECParameters structure over a specially crafted binary polynomial field. A remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103778_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103778>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n**CVEID:** [_CVE-2015-1789_](<https://vulners.com/cve/CVE-2015-1789>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds read in X509_cmp_time. An attacker could exploit this vulnerability using a specially crafted certificate or CRL to trigger a segmentation fault. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103779_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103779>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2015-1791_](<https://vulners.com/cve/CVE-2015-1791>) \n**DESCRIPTION:** A double-free memory error in OpenSSL in the ssl3_get_new_session_ticket() function has an unknown impact. By returning a specially crafted NewSessionTicket message, an attacker could cause the client to reuse a previous ticket resulting in a race condition. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103609_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103609>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)\n\n## Affected Products and Versions\n\nIBM Rational RequisitePro versions: \n \n\n\n**Version**\n\n| \n\n**Status** \n \n---|--- \n \n7.1.4 through 7.1.4.7\n\n| \n\nAffected \n \n7.1.3 through 7.1.3.14\n\n| \n\nAffected \n \n7.1.2 through 7.1.2.17\n\n| \n\nAffected \n \n7.1.1.x (all versions)\n\n| \n\nAffected \n \n \nNot all deployments of Rational RequisitePro use OpenSSL in a way that is affected by these vulnerabilities. \n \nYou are vulnerable if your use of Rational RequisitePro includes _any_ of these configurations: \n\n\n 1. You use SSL connections in perl scripts run by ratlperl or cqperl.\n 2. You integrate with ClearQuest.\n\n## Remediation/Fixes\n\n**Affected Versions**\n\n| \n\n** Prerequisite before applying the fix** \n \n---|--- \n \n7.1.4 through 7.1.4.7\n\n| Install [Rational RequisitePro Fix Pack 8 (7.1.4.8) for 7.1.4](<http://www-01.ibm.com/support/docview.wss?uid=swg24040133>) \n \n7.1.3 through 7.1.3.14\n\n| Install [Rational RequisitePro Fix Pack 15 (7.1.3.15) for 7.1.3](<http://www-01.ibm.com/support/docview.wss?uid=swg24040132>) \n \n7.1.2.x (all fix packs) \n7.1.1.x (all fix packs) \n7.1.0.x (all fix packs)\n\n| Install [Rational RequisitePro Fix Pack 18 (7.1.2.18) for 7.1.2](<http://www-01.ibm.com/support/docview.wss?uid=swg24040131>). **Note: **7.1.2.18 interoperates with all 7.1.1.x and 7.1.0.x systems, and can be installed in the same way as 7.1.1.x and 7.1.0.x fix packs. \n \nThe fix is to install the latest version of RequisitePro, then contact Rational Support for instructions to apply the rest of the fix, which contains an updated version of OpenSSL. \n \nYou should verify applying this fix does not cause any compatibility issues. \n\n_For unsupported versions, IBM recommends upgrading to a fixed, supported version/release/platform of the product._\n\n## Workarounds and Mitigations\n\nDisable the integrations and any custom defined ratlperl or cqperl scripts with SSL until you apply the fixes listed above.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-17T05:03:07", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in OpenSSL affect Rational RequisitePro (CVE-2015-1788, CVE-2015-1789, CVE-2015-1791)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1791"], "modified": "2018-06-17T05:03:07", "id": "4B1403A2A854C3358EEDF7DDEBB346B2846BD8FAB7B18701B8EF4F762A75BEE5", "href": "https://www.ibm.com/support/pages/node/535199", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-13T05:37:49", "description": "## Summary\n\nThere are vulnerabilities in the Open Source OpenSSL version that is used by the IBM\u00ae FlashSystem\u2122 V9000. An exploit of these vulnerabilities could result in a denial of service. One vulnerability can result in a race condition, the result of which is of unknown impact.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-1788_](<https://vulners.com/cve/CVE-2015-1788>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error when processing an ECParameters structure over a specially crafted binary polynomial field. A remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103778_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103778>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n**CVEID:** [_CVE-2015-1789_](<https://vulners.com/cve/CVE-2015-1789>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds read in X509_cmp_time. An attacker could exploit this vulnerability using a specially crafted certificate or CRL to trigger a segmentation fault. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103779_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103779>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2015-1791_](<https://vulners.com/cve/CVE-2015-1791>) \n**DESCRIPTION:** A double-free memory error in OpenSSL in the ssl3_get_new_session_ticket() function has an unknown impact. By returning a specially crafted NewSessionTicket message, an attacker could cause the client to reuse a previous ticket resulting in a race condition. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103609_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103609>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [_CVE-2015-3216_](<https://vulners.com/cve/CVE-2015-3216>) \n**DESCRIPTION:** OpenSSL shipped with Red Hat Enterprise Linux is vulnerable to a denial of service, caused by an out-of-bounds memory read error in ssleay_rand_bytes() function. By sending specially crafted data, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103915_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103915>) \nfor the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P)\n\n## Affected Products and Versions\n\n_FlashSystem V9000 including machine type and models (MTMs) for all available code levels._ MTMs affected include 9846-AC2 and 9848-AC2. \n\n## Remediation/Fixes\n\nYou should verify that applying this fix does not cause any compatibility issues.\n\n_Product_| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \n**V9000 MTMs:** \n9846-AE2, \n9848-AE2, \n9846-AC2, \n9848-AC2| _A code fix is now available, the VRMF of this code level is 7.5.1.0 (or later) for both the storage enclosure nodes (-AEx) and the control nodes (-ACx)_| _ __N/A_| _No workarounds or mitigations, other than applying this code fix, are known for this vulnerability_ \n \n \n**7.5.1.0** is available @ IBM\u2019s Fix Central**: **[**_V9000 fixes, download 7.5.1.0 or later_**](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Flash%2Bhigh%2Bavailability%2Bsystems&product=ibm/StorageSoftware/IBM+FlashSystem+V9000&release=All&platform=All&function=all>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-18T00:09:58", "type": "ibm", "title": "Security Bulletin:Vulnerabilities in Open Source OpenSSL affects the IBM FlashSystem V9000 (CVE-2015-1788, CVE-2015-1789, CVE-2015-1791, and CVE-2015-3216)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1791", "CVE-2015-3216"], "modified": "2018-06-18T00:09:58", "id": "C98742B877B2C201166B837BC2C23F231BE604BF071711015BA45A10D5709CDE", "href": "https://www.ibm.com/support/pages/node/690661", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-18T05:32:41", "description": "## Summary\n\nThere are vulnerabilities in the Open Source OpenSSL version that is used by the IBM\u00ae FlashSystem\u2122 840 and IBM FlashSystem 900. An exploit of these vulnerabilities could result in a denial of service. One vulnerability can result in a race condition, the result of which is of unknown impact.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-1788_](<https://vulners.com/cve/CVE-2015-1788>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error when processing an ECParameters structure over a specially crafted binary polynomial field. A remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103778_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103778>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2015-1789_](<https://vulners.com/cve/CVE-2015-1789>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds read in X509_cmp_time. An attacker could exploit this vulnerability using a specially crafted certificate or CRL to trigger a segmentation fault. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103779_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103779>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2015-1791_](<https://vulners.com/cve/CVE-2015-1791>) \n**DESCRIPTION:** A double-free memory error in OpenSSL in the ssl3_get_new_session_ticket() function has an unknown impact. By returning a specially crafted NewSessionTicket message, an attacker could cause the client to reuse a previous ticket resulting in a race condition. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103609_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103609>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [_CVE-2015-3216_](<https://vulners.com/cve/CVE-2015-3216>) \n**DESCRIPTION:** OpenSSL shipped with Red Hat Enterprise Linux is vulnerable to a denial of service, caused by an out-of-bounds memory read error in ssleay_rand_bytes() function. By sending specially crafted data, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103915_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103915>) \nfor the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P) \n \n--- \n \n## Affected Products and Versions\n\n_FlashSystem 840 including machine type and models (MTMs) for all available code levels._ MTMs affected include 9840-AE1 and 9843-AE1. \n \n_FlashSystem 900 including machine type and models (MTMs) for all available code levels._ MTMs affected include 9840-AE2 and 9843-AE2.\n\n## Remediation/Fixes\n\n_FS840 & FS900 MTMs_\n\n| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \n**FlashSystem ****840 MTM: ** \n9840-AE1 9843-AE1 \n \n**FlashSystem 900 MTMs:** \n9840-AE2 & \n9843-AE2| _A code fix is now available, the VRMF of this code level is 1.3.0.2 (or later)_| _ __N/A_| _No workarounds or mitigations, other than applying this code fix, are known for this vulnerability_ \n \n \n1.3.0.2 is available @ IBM\u2019s Fix Central **: **[**_840 fixes, download 1.3.0.2 or later_**](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Flash%2Bhigh%2Bavailability%2Bsystems&product=ibm/StorageSoftware/IBM+FlashSystem+840&release=All&platform=All&function=all>) \n1.3.0.2 is available @ IBM\u2019s Fix Central **: **[**_900 fixes, download 1.3.0.2 or later_**](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Flash%2Bhigh%2Bavailability%2Bsystems&product=ibm/StorageSoftware/IBM+FlashSystem+900&release=All&platform=All&function=all>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-02-18T01:45:50", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in Open Source OpenSSL affects the IBM FlashSystem models 840 and 900 (CVE-2015-1788, CVE-2015-1789, CVE-2015-1791, and CVE-2015-3216)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1791", "CVE-2015-3216"], "modified": "2023-02-18T01:45:50", "id": "0B963717F89450DA332A8F619DDD9CE7A603E588666B7A5DE7227A89ADD7D81D", "href": "https://www.ibm.com/support/pages/node/690651", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-13T05:37:46", "description": "## Summary\n\nThere are vulnerabilities in the Open Source OpenSSL version that is used by the IBM\u00ae FlashSystem\u2122 V840. An exploit of these vulnerabilities could result in a denial of service. One vulnerability can result in a race condition, the result of which is of unknown impact.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-1788_](<https://vulners.com/cve/CVE-2015-1788>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error when processing an ECParameters structure over a specially crafted binary polynomial field. A remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103778_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103778>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n**CVEID:** [_CVE-2015-1789_](<https://vulners.com/cve/CVE-2015-1789>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds read in X509_cmp_time. An attacker could exploit this vulnerability using a specially crafted certificate or CRL to trigger a segmentation fault. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103779_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103779>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2015-1791_](<https://vulners.com/cve/CVE-2015-1791>) \n**DESCRIPTION:** A double-free memory error in OpenSSL in the ssl3_get_new_session_ticket() function has an unknown impact. By returning a specially crafted NewSessionTicket message, an attacker could cause the client to reuse a previous ticket resulting in a race condition. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103609_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103609>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [_CVE-2015-3216_](<https://vulners.com/cve/CVE-2015-3216>) \n**DESCRIPTION:** OpenSSL shipped with Red Hat Enterprise Linux is vulnerable to a denial of service, caused by an out-of-bounds memory read error in ssleay_rand_bytes() function. By sending specially crafted data, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103915_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103915>) \nfor the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P)\n\n## Affected Products and Versions\n\n_FlashSystem V840 including machine type and models (MTMs) for all available code levels._ MTMs affected include 9846-AE1, 9848-AE1, 9846-AC0, 9848-AC0, 9846-AC1, and 9848-AC1. \n\n\n## Remediation/Fixes\n\n_V840 MTMs_\n\n| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \n**Storage nodes:** \n9846-AE1 & \n9848-AE1 \n \n**Control nodes:** 9846-AC0, \n9846-AC1, \n9848-AC0, \n9848-AC1| _A code fix is now available, the VRMF of this code level is 1.3.0.2 (or later) for the storage enclosure nodes and 7.5.0.3 for the control nodes._| _ __N/A_| _No workarounds or mitigations, other than applying this code fix, are known for this vulnerability_ \n \n \n1.3.0.2 is available @ IBM\u2019s Fix Central **: **[**_V840 fixes, download 1.3.0.2 or later_**](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Flash+high+availability+systems&product=ibm/StorageSoftware/IBM+FlashSystem+V840&release=All&platform=All&function=all>) \n7.5.0.3 is available @ IBM\u2019s Fix Central**: **[**_V840 fixes, download 7.5.0.3 or later_**](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Flash+high+availability+systems&product=ibm/StorageSoftware/IBM+FlashSystem+V840&release=All&platform=All&function=all>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-18T00:09:57", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in Open Source OpenSSL affects the IBM FlashSystem V840 (CVE-2015-1788, CVE-2015-1789, CVE-2015-1791, and CVE-2015-3216)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1791", "CVE-2015-3216"], "modified": "2018-06-18T00:09:57", "id": "86A0EA0159959C48BE8EE2EC91274A454DF3095B67D0C80CF9DB99E4B05F7F88", "href": "https://www.ibm.com/support/pages/node/690655", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:57:12", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM HTTP Server 8.5.5.4 that is used by IBM API Management. IBM API Management has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-4947_](<https://vulners.com/cve/CVE-2015-4947>)** \nDESCRIPTION:** IBM HTTP Server Administration Server could be vulnerable to a stack buffer overflow, caused by improper handling of user input. An authenticated remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/104912_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/104912>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n**CVEID:** [_CVE-2015-1283_](<https://vulners.com/cve/CVE-2015-1283>)** \nDESCRIPTION:** Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716. \nCVSS Base Score: 6.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/104964_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/104964>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L) \n \n**CVEID:** [_CVE-2015-1788_](<https://vulners.com/cve/CVE-2015-1788>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error when processing an ECParameters structure over a specially crafted binary polynomial field. A remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103778_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103778>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n## Affected Products and Versions\n\nIBM API Management V3.0 and V4.0\n\n## Remediation/Fixes\n\n**Product**\n\n| **VRMF**| **APAR**| **Remediation/First Fix** \n---|---|---|--- \nIBM API Management| 3.0.0| LI78914| [http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/IBM+API+Management&release=3.0.4.2&platform=All&function=fixId&fixids=3.0.4.2-APIManagement-ManagementAppliance-20160106-1048.vcrypt2,3.0.4.2-APIManagement-ManagementAppliance-20160106-1048.ova&includeSupersedes=0](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/IBM+API+Management&release=3.0.4.2&platform=All&function=fixId&fixids=3.0.4.2-APIManagement-ManagementAppliance-20160106-1048.vcrypt2,3.0.4.2-APIManagement-ManagementAppliance-20160106-1048.ova&includeSupersedes=0>) \nIBM API Management| 4.0.0| LI78914| [http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/IBM+API+Management&release=4.0.4.0&platform=All&function=fixId&fixids=4.0.4.0-APIManagement-ManagementAppliance-20160112-1012.vcrypt2,4.0.4.0-APIManagement-ManagementAppliance-20160112-1012.ova&includeSupersedes=0](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/IBM+API+Management&release=4.0.4.0&platform=All&function=fixId&fixids=4.0.4.0-APIManagement-ManagementAppliance-20160112-1012.vcrypt2,4.0.4.0-APIManagement-ManagementAppliance-20160112-1012.ova&includeSupersedes=0>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-15T07:04:29", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM HTTP Server affect\u00a0IBM API Management (CVE-2015-4947 CVE-2015-1283 CVE-2015-1788)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1283", "CVE-2015-1788", "CVE-2015-2716", "CVE-2015-4947"], "modified": "2018-06-15T07:04:29", "id": "E040B2C005BAC239E46EB2070F3C1154030360D830EEC883FCE340E59CB928B2", "href": "https://www.ibm.com/support/pages/node/537733", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T05:52:54", "description": "## Summary\n\nOpenSSL vulnerabilities were disclosed on June 11, 2015 by the OpenSSL Project. OpenSSL is used by IBM Tealeaf Customer Experience. IBM Tealeaf Customer Experience has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-1788_](<https://vulners.com/cve/CVE-2015-1788>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error when processing an ECParameters structure over a specially crafted binary polynomial field. A remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103778_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103778>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n**CVEID:** [_CVE-2015-1789_](<https://vulners.com/cve/CVE-2015-1789>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds read in X509_cmp_time. An attacker could exploit this vulnerability using a specially crafted certificate or CRL to trigger a segmentation fault. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103779_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103779>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2015-1790_](<https://vulners.com/cve/CVE-2015-1790>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by the improper handling of missing inner EncryptedContent by the PKCS#7 parsing code. An attacker could exploit this vulnerability using specially crafted ASN.1-encoded PKCS#7 blobs with missing content to trigger a NULL pointer dereference. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103780_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103780>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2015-1791_](<https://vulners.com/cve/CVE-2015-1791>)** \nDESCRIPTION:** A double-free memory error in OpenSSL in the ssl3_get_new_session_ticket() function has an unknown impact. By returning a specially crafted NewSessionTicket message, an attacker could cause the client to reuse a previous ticket resulting in a race condition. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103609_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103609>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)\n\n## Affected Products and Versions\n\nIBM Tealeaf Customer Experience: v8.0-v9.0.2\n\n## Remediation/Fixes\n\nProduct \n\n| \n\nVRMF \n\n| \n\nRemediation/First Fix \n \n---|---|--- \n \nIBM Tealeaf Customer Experience\n\n| \n\n9.0.2A \n\n| `PCA: `[`https://www.ibm.com/support/entry/portal/search_results?sn=spe&filter=keywords:ibmsupportfixcentralsearch&q=9.0.2A_IBMTealeaf_PCA-3732-4_SecurityRollup_FixPack`](<https://www.ibm.com/support/entry/portal/search_results?sn=spe&filter=keywords:ibmsupportfixcentralsearch&q=9.0.2A_IBMTealeaf_PCA-3732-4_SecurityRollup_FixPack>) \n`Tealeaf CX: `[`https://www.ibm.com/support/entry/portal/search_results?sn=spe&filter=keywords:ibmsupportfixcentralsearch&q=9.0.2.5168_9.0.2A_IBMTealeaf_CXUpgrade_FixPack2`](<https://www.ibm.com/support/entry/portal/search_results?sn=spe&filter=keywords:ibmsupportfixcentralsearch&q=9.0.2.5168_9.0.2A_IBMTealeaf_CXUpgrade_FixPack2>) \n \nIBM Tealeaf Customer Experience \n\n| \n\n9.0.2 \n\n| `PCA: `[`https://www.ibm.com/support/entry/portal/search_results?sn=spe&filter=keywords:ibmsupportfixcentralsearch&q=9.0.2_IBMTealeaf_PCA-3682-4_SecurityRollup_FixPack`](<https://www.ibm.com/support/entry/portal/search_results?sn=spe&filter=keywords:ibmsupportfixcentralsearch&q=9.0.2_IBMTealeaf_PCA-3682-4_SecurityRollup_FixPack>) \n`Tealeaf CX: `[`https://www.ibm.com/support/entry/portal/search_results?sn=spe&filter=keywords:ibmsupportfixcentralsearch&q=9.0.2.1118_IBMTealeaf_CXUpgrade_FixPack2`](<https://www.ibm.com/support/entry/portal/search_results?sn=spe&filter=keywords:ibmsupportfixcentralsearch&q=9.0.2.1118_IBMTealeaf_CXUpgrade_FixPack2>) \n \nIBM Tealeaf Customer Experience\n\n| \n\n9.0.1A \n\n| PCA: [`https://www.ibm.com/support/entry/portal/search_results?sn=spe&filter=keywords:ibmsupportfixcentralsearch&q=9.0.1A_IBMTealeaf_PCA-3724-4_SecurityRollup_FixPack`](<https://www.ibm.com/support/entry/portal/search_results?sn=spe&filter=keywords:ibmsupportfixcentralsearch&q=9.0.1A_IBMTealeaf_PCA-3724-4_SecurityRollup_FixPack>) \nTealeaf CX: [`https://www.ibm.com/support/entry/portal/search_results?sn=spe&filter=keywords:ibmsupportfixcentralsearch&q=9.0.1.5091_9.0.1A_IBMTealeaf_CXUpgrade_FixPack4`](<https://www.ibm.com/support/entry/portal/search_results?sn=spe&filter=keywords:ibmsupportfixcentralsearch&q=9.0.1.5091_9.0.1A_IBMTealeaf_CXUpgrade_FixPack4>) \n \nIBM Tealeaf Customer Experience \n\n| \n\n9.0.1\n\n| `PCA: `[`https://www.ibm.com/support/entry/portal/search_results?sn=spe&filter=keywords:ibmsupportfixcentralsearch&q=9.0.1_IBMTealeaf_PCA-3673-4_SecurityRollup_FixPack`](<https://www.ibm.com/support/entry/portal/search_results?sn=spe&filter=keywords:ibmsupportfixcentralsearch&q=9.0.1_IBMTealeaf_PCA-3673-4_SecurityRollup_FixPack>) \nTealeaf CX: [`https://www.ibm.com/support/entry/portal/search_results?sn=spe&filter=keywords:ibmsupportfixcentralsearch&q=9.0.1.1097_IBMTealeaf_CXUpgrade_FixPack4`](<https://www.ibm.com/support/entry/portal/search_results?sn=spe&filter=keywords:ibmsupportfixcentralsearch&q=9.0.1.1097_IBMTealeaf_CXUpgrade_FixPack4>) \n \nIBM Tealeaf Customer Experience \n\n| \n\n9.0.0, 9.0.0A \n\n| You can contact the [_Technical Support_](<http://www.ibm.com/software/marketing-solutions/tealeaf/support>) team for guidance. \n \nIBM Tealeaf Customer Experience \n\n| \n\n8.8 \n\n| `PCA: `[`https://www.ibm.com/support/entry/portal/search_results?sn=spe&filter=keywords:ibmsupportfixcentralsearch&q=8.8_IBMTealeaf_PCA-3625-4_SecurityRollup_FixPack`](<https://www.ibm.com/support/entry/portal/search_results?sn=spe&filter=keywords:ibmsupportfixcentralsearch&q=8.8_IBMTealeaf_PCA-3625-4_SecurityRollup_FixPack>) \nTealeaf CX: [`https://www.ibm.com/support/entry/portal/search_results?sn=spe&filter=keywords:ibmsupportfixcentralsearch&q=8.8.0.9034_IBMTealeaf_CXUpgrade_FixPack8`](<https://www.ibm.com/support/entry/portal/search_results?sn=spe&filter=keywords:ibmsupportfixcentralsearch&q=8.8.0.9034_IBMTealeaf_CXUpgrade_FixPack8>) \n \nIBM Tealeaf Customer Experience \n\n| \n\n8.7 \n\n| `PCA: `[`https://www.ibm.com/support/entry/portal/search_results?sn=spe&filter=keywords:ibmsupportfixcentralsearch&q=8.7_IBMTealeaf_PCA-3615-4_SecurityRollup_FixPack`](<https://www.ibm.com/support/entry/portal/search_results?sn=spe&filter=keywords:ibmsupportfixcentralsearch&q=8.7_IBMTealeaf_PCA-3615-4_SecurityRollup_FixPack>) \nTealeaf CX: [`https://www.ibm.com/support/entry/portal/search_results?sn=spe&filter=keywords:ibmsupportfixcentralsearch&q=8.7.1.8830_IBMTealeaf_CXUpgrade_FixPack9`](<https://www.ibm.com/support/entry/portal/search_results?sn=spe&filter=keywords:ibmsupportfixcentralsearch&q=8.7.1.8830_IBMTealeaf_CXUpgrade_FixPack9>) \n \nIBM Tealeaf Customer Experience \n\n| \n\n8.6 and earlier \n\n| You can contact the [_Technical Support_](<http://www.ibm.com/software/marketing-solutions/tealeaf/support>) team for guidance. \nFor v9.0.0, 9.0.0A, and versions before v8.7, IBM recommends upgrading to a later supported version of the product. \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-16T19:45:48", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in OpenSSL affect IBM Tealeaf Customer Experience", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791"], "modified": "2018-06-16T19:45:48", "id": "82C91EE8B7C5AB72849CBFAA179C46D63EF5F9AAAEDD96E3D54F211CADA74041", "href": "https://www.ibm.com/support/pages/node/530433", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:46:20", "description": "## Summary\n\nOpenSSL vulnerabilities were disclosed on June 11, 2015 by the OpenSSL Project. This includes Logjam Attack on TLS connections using the Diffie-Hellman (DH) key exchange protocol (CVE-2015-4000). OpenSSL is used by IBM Tivoli Composite Application Manager for Transactions. IBM Tivoli Composite Application Manager for Transactions has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-4000_](<https://vulners.com/cve/CVE-2015-4000>)** \nDESCRIPTION:** The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to properly convey a DHE_EXPORT ciphersuite choice. An attacker could exploit this vulnerability using man-in-the-middle techniques to force a downgrade to 512-bit export-grade cipher. Successful exploitation could allow an attacker to recover the session key as well as modify the contents of the traffic. This vulnerability is commonly referred to as \"Logjam\". \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103294_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103294>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n\n**CVEID:** [_CVE-2015-1788_](<https://vulners.com/cve/CVE-2015-1788>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error when processing an ECParameters structure over a specially crafted binary polynomial field. A remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103778_](<https://exchange.xforce.ibmcloud.com/>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2015-1789_](<https://vulners.com/cve/CVE-2015-1789>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds read in X509_cmp_time. An attacker could exploit this vulnerability using a specially crafted certificate or CRL to trigger a segmentation fault. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103779_](<https://exchange.xforce.ibmcloud.com/>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2015-1791_](<https://vulners.com/cve/CVE-2015-1791>) \n**DESCRIPTION:** A double-free memory error in OpenSSL in the ssl3_get_new_session_ticket() function has an unknown impact. By returning a specially crafted NewSessionTicket message, an attacker could cause the client to reuse a previous ticket resulting in a race condition. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103609_](<https://exchange.xforce.ibmcloud.com/>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)\n\n## Affected Products and Versions\n\nIBM Tivoli Composite Application Manager (ITCAM) for Transactions is affected. ITCAM for Transactions contains multiple sub components (Agents). Only the Internet Service Monitor (ISM \u2013 Agent code \u2018IS\u2019) is affected. \n\nVersions:\n\n\u00b7 7.4 \u2013 Affected by CVE (CVE-2015-1788, CVE-2015-1789, CVE-2015-1791 and CVE-2015-4000)\n\n\u00b7 7.3 \u2013 Affected by CVE (CVE-2015-1788, CVE-2015-1789, CVE-2015-1791 and CVE-2015-4000)\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \n_7.4.0.0-TIV-CAMIS-FP0001_| _7.4.0.1_| _None_| [__http://www.ibm.com/support/docview.wss?uid=isg400002269__](<http://www-01.ibm.com/support/docview.wss?rs=0&uid=isg400002269>) \n_7.3.0.1-TIV-CAMIS-IF0036_| _7.3.0.1_| _None_| [**_http://www-01.ibm.com/support/docview.wss?rs=0&uid=isg400002358_**](<http://www-01.ibm.com/support/docview.wss?rs=0&uid=isg400002358>) \n \nFor CVE-2015-4000: As the length of the server key size are increased, the amount of CPU required for full TLS/SSL handshake can significantly increase. Please carefully test and assess the impact to your CPU requirements to ensure sufficient CPU resources, otherwise the system availability may be impacted. \n\n\nFor CVE-2015-4000: You should verify applying this configuration change does not cause any compatibility issues. If you change the default setting after applying the fix, you will expose yourself to the attack described above. IBM recommends that you review your entire environment to identify other areas where you have enabled the Diffie-Hellman key-exchange protocol used in TLS and take appropriate mitigation and remediation actions.\n\n \n\n\nFor ISM 7.1 and 7.2 IBM recommends upgrading to a fixed, supported version/release/platform of the productAdded th.\n\n## Workarounds and Mitigations\n\nFor CVE-2015-4000, ISM disable the DHE/EDH ciphers in all monitors. To disable the DHE/EDH ciphers, update the monitor properties: _SSLCipherSuite_ and _BridgeSSLCipherSet_. For example, to disable DHE/EDH ciphers in the HTTPS monitor, update the https.props file to include \n \nSSLCipherSuite : \"AES:3DES:DES:!EXP:!DHE:!EDH\" \nBridgeSSLCipherSet : \"AES:3DES:DES:!EXP:!DHE:!EDH\" \n\n\nFor CVE-2015-4000: You should verify applying this configuration change does not cause any compatibility issues. If you change the default setting after applying the fix, you will expose yourself to the attack described above. IBM recommends that you review your entire environment to identify other areas where you have enabled the Diffie-Hellman key-exchange protocol used in TLS and take appropriate mitigation and remediation actions.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-17T15:03:40", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in OpenSSL including Logjam affect IBM Tivoli Composite Application Manager for Transactions (CVE-2015-1788, CVE-2015-1789, CVE-2015-1791, CVE-2015-4000)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1791", "CVE-2015-4000"], "modified": "2018-06-17T15:03:40", "id": "5893BCC8180A72A564BE6328A5CE8FFBF90BC8FCCA1FC50585DDD39A15C2CEFA", "href": "https://www.ibm.com/support/pages/node/529577", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:36:52", "description": "## Summary\n\nOpenSSL vulnerabilities were disclosed on Jun 11, 2015 by the OpenSSL Project. OpenSSL is used by IBM InfoSphere Master Data Management and has addressed the applicable CVEs provided by OpenSSL\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-1788_](<https://vulners.com/cve/CVE-2015-1788>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error when processing an ECParameters structure over a specially crafted binary polynomial field. A remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 5 \nCVSS Temporal Score: See<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103778> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n**CVEID:** [_CVE-2015-1789_](<https://vulners.com/cve/CVE-2015-1789>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds read in X509_cmp_time. An attacker could exploit this vulnerability using a specially crafted certificate or CRL to trigger a segmentation fault. \nCVSS Base Score: 5 \nCVSS Temporal Score: See<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103779> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2015-1790_](<https://vulners.com/cve/CVE-2015-1790>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by the improper handling of missing inner EncryptedContent by the PKCS#7 parsing code. An attacker could exploit this vulnerability using specially crafted ASN.1-encoded PKCS#7 blobs with missing content to trigger a NULL pointer dereference. \nCVSS Base Score: 5 \nCVSS Temporal Score: See<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103780> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2015-1791_](<https://vulners.com/cve/CVE-2015-1791>) \n**DESCRIPTION:** A double-free memory error in OpenSSL in the ssl3_get_new_session_ticket() function has an unknown impact. By returning a specially crafted NewSessionTicket message, an attacker could cause the client to reuse a previous ticket resulting in a race condition. \nCVSS Base Score: 5 \nCVSS Temporal Score: See<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103609> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [_CVE-2015-1792_](<https://vulners.com/cve/CVE-2015-1792>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error when verifying a signedData message. An attacker could exploit this vulnerability using an unknown hash function OID to cause the application to enter into an infinite loop. \nCVSS Base Score: 5 \nCVSS Temporal Score: See<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103781> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## Affected Products and Versions\n\nThese vulnerabilities are known to affect the following offerings: \n \nIBM Initiate Master Data Service versions 8.1, 9.0, 9.2, 9.5, 9.7, 10.0, 10.1 (impacts _Master Data Engine_ component, [_Message Brokers_](<http://pic.dhe.ibm.com/infocenter/mdm/v11r0/topic/com.ibm.mdshs.hubover.doc/topics/c_hubover_message_broker_suite.html>) component and _Enterprise Integrator Toolkit_ component) \n \nIBM Initiate Master Data Service Patient Hub versions 9.5, 9.7 (impacts _Master Data Engine_ component, [_Message Brokers_](<http://pic.dhe.ibm.com/infocenter/mdm/v11r0/topic/com.ibm.mdshs.hubover.doc/topics/c_hubover_message_broker_suite.html>) component and _Enterprise Integrator Toolkit_ component) \n \nIBM Initiate Master Data Service Provider Hub versions 9.5, 9.7 (impacts _Master Data Engine_ component, [_Message Brokers_](<http://pic.dhe.ibm.com/infocenter/mdm/v11r0/topic/com.ibm.mdshs.hubover.doc/topics/c_hubover_message_broker_suite.html>) component and _Enterprise Integrator Toolkit_ component) \n \nIBM InfoSphere Master Data Management Patient Hub version 10.0 (impacts _Master Data Engine_ component, [_Message Brokers_](<http://pic.dhe.ibm.com/infocenter/mdm/v11r0/topic/com.ibm.mdshs.hubover.doc/topics/c_hubover_message_broker_suite.html>) component and _Enterprise Integrator Toolkit_ component) \n \nIBM InfoSphere Master Data Management Provider Hub version 10.0 (impacts _Master Data Engine_ component, [_Message Brokers_](<http://pic.dhe.ibm.com/infocenter/mdm/v11r0/topic/com.ibm.mdshs.hubover.doc/topics/c_hubover_message_broker_suite.html>) component and _Enterprise Integrator Toolkit_ component) \n \nIBM InfoSphere Master Data Management Standard/Advanced Edition version 11.0 (impacts [_Message Brokers_](<http://pic.dhe.ibm.com/infocenter/mdm/v11r0/topic/com.ibm.mdshs.hubover.doc/topics/c_hubover_message_broker_suite.html>) component and [_Enterprise Integrator Toolkit_](<http://pic.dhe.ibm.com/infocenter/initiate/v9r5/topic/com.ibm.release_notes.doc/topics/r_release_notes_GAenterprise_integrator_toolkit.html>) component) \n \nIBM InfoSphere Master Data Management Standard/Advanced Edition version 11.3 (impacts [_Message Brokers_](<http://pic.dhe.ibm.com/infocenter/mdm/v11r0/topic/com.ibm.mdshs.hubover.doc/topics/c_hubover_message_broker_suite.html>) component) \n \nIBM InfoSphere Master Data Management Standard/Advanced Edition version 11.4 (impacts [_Message Brokers_](<http://pic.dhe.ibm.com/infocenter/mdm/v11r0/topic/com.ibm.mdshs.hubover.doc/topics/c_hubover_message_broker_suite.html>) component)\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the fix as soon as practical. Please see below for information on the fixes available. \n \n\n\n**_Product_**| **_VRMF_**| **_APAR_**| **_Remediation/First Fix_** \n---|---|---|--- \nIBM Initiate Master Data Service | \n\n8.1\n\n| None| [8.1.102815](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%2FInformation%2BManagement&product=ibm/Information+Management/IBM+Initiate+Master+Data+Service&release=All&platform=All&function=fixId&fixids=8.1.102815_IM_Initiate_MasterDataService_ALL_RefreshPack&includeSupersedes=0&source=fc>) \nIBM Initiate Master Data Service | \n\n9.0\n\n| None| [9.0.102815](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EInformation%2BManagement&product=ibm/Information+Management/IBM+Initiate+Master+Data+Service&release=All&platform=All&function=fixId&fixids=9.0.102815_IM_Initiate_MasterDataService_ALL_RefreshPack&includeSupersedes=0&source=fc>) \nIBM Initiate Master Data Service Patient Hub| \n\n9.0\n\n| None| [9.0.102815](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EInformation%2BManagement&product=ibm/Information+Management/IBM+Initiate+Patient&release=All&platform=All&function=fixId&fixids=9.0.102815_IM_Initiate_Patient_ALL_RefreshPack&includeSupersedes=0&source=fc>) \nIBM Initiate Master Data Service Provider Hub| \n\n9.0\n\n| None| [9.0.102815](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EInformation%2BManagement&product=ibm/Information+Management/IBM+Initiate+Provider&release=All&platform=All&function=fixId&fixids=9.0.102815_IM_Initiate_Provider_ALL_RefreshPack&includeSupersedes=0&source=fc>) \nIBM Initiate Master Data Service | \n\n9.2\n\n| None| [9.2.102815](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EInformation%2BManagement&product=ibm/Information+Management/IBM+Initiate+Master+Data+Service&release=All&platform=All&function=fixId&fixids=9.2.102815_IM_Initiate_MasterDataService_ALL_RefreshPack&includeSupersedes=0&source=fc>) \nIBM Initiate Master Data Service Patient Hub| \n\n9.2\n\n| None| [9.2.102815](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EInformation%2BManagement&product=ibm/Information+Management/IBM+Initiate+Patient&release=All&platform=All&function=fixId&fixids=9.2.102815_IM_Initiate_Patient_ALL_RefreshPack&includeSupersedes=0&source=fc>) \nIBM Initiate Master Data Service Provider Hub| \n\n9.2\n\n| None| [9.2.102815](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EInformation%2BManagement&product=ibm/Information+Management/IBM+Initiate+Provider&release=All&platform=All&function=fixId&fixids=9.2.102815_IM_Initiate_Provider_ALL_RefreshPack&includeSupersedes=0&source=fc>) \nIBM Initiate Master Data Service | \n\n9.5\n\n| None| [9.5.071215](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EInformation%2BManagement&product=ibm/Information+Management/IBM+Initiate+Master+Data+Service&release=All&platform=All&function=fixId&fixids=9.5.071215_IM_Initiate_MasterDataService_ALL_RefreshPack&includeSupersedes=0&source=fc>) \nIBM Initiate Master Data Service Patient Hub| \n\n9.5\n\n| None| [9.5.071215](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EInformation%2BManagement&product=ibm/Information+Management/IBM+Initiate+Patient&release=All&platform=All&function=fixId&fixids=9.5.071215_IM_Initiate_Patient_ALL_RefreshPack&includeSupersedes=0&source=fc>) \nIBM Initiate Master Data Service Provider Hub| \n\n9.5\n\n| None| [9.5.071215](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EInformation%2BManagement&product=ibm/Information+Management/IBM+Initiate+Provider&release=All&platform=All&function=fixId&fixids=9.5.071215_IM_Initiate_Provider_ALL_RefreshPack&includeSupersedes=0&source=fc>) \nIBM Initiate Master Data Service | \n\n9.7\n\n| None| [9.7.071215](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EInformation%2BManagement&product=ibm/Information+Management/IBM+Initiate+Master+Data+Service&release=All&platform=All&function=fixId&fixids=9.7.071215_IM_Initiate_MasterDataService_ALL_RefreshPack&includeSupersedes=0&source=fc>) \nIBM Initiate Master Data Service Patient Hub | \n\n9.7\n\n| None| [9.7.071215](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EInformation%2BManagement&product=ibm/Information+Management/IBM+Initiate+Patient&release=All&platform=All&function=fixId&fixids=9.7.071215_IM_Initiate_Patient_ALL_RefreshPack&includeSupersedes=0&source=fc>) \nIBM Initiate Master Data Service Provider Hub| \n\n9.7\n\n| None| [9.7.071215](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EInformation%2BManagement&product=ibm/Information+Management/IBM+Initiate+Provider&release=All&platform=All&function=fixId&fixids=9.7.071215_IM_Initiate_Provider_ALL_RefreshPack&includeSupersedes=0&source=fc>) \nIBM Initiate Master Data Service| \n\n10.0\n\n| None| [10.0.071215](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EInformation%2BManagement&product=ibm/Information+Management/IBM+Initiate+Master+Data+Service&release=All&platform=All&function=fixId&fixids=10.0.071215_IM_Initiate_MasterDataService_ALL_RefreshPack&includeSupersedes=0&source=fc>) \nIBM InfoSphere Master Data Management Patient Hub | \n\n10.0\n\n| None| [10.0.071215](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EInformation%2BManagement&product=ibm/Information+Management/IBM+Initiate+Patient&release=All&platform=All&function=fixId&fixids=10.0.071215_IM_Initiate_Patient_ALL_RefreshPack&includeSupersedes=0&source=fc>) \nIBM InfoSphere Master Data Management Provider Hub| \n\n10.0\n\n| None| [10.0.071215](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EInformation%2BManagement&product=ibm/Information+Management/IBM+Initiate+Provider&release=All&platform=All&function=fixId&fixids=10.0.071215_IM_Initiate_Provider_ALL_RefreshPack&includeSupersedes=0&source=fc>) \nIBM Initiate Master Data Service| \n\n10.1\n\n| None| [10.1.071215](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EInformation%2BManagement&product=ibm/Information+Management/IBM+Initiate+Master+Data+Service&release=All&platform=All&function=fixId&fixids=10.1.071215_IM_Initiate_MasterDataService_ALL_RefreshPack&includeSupersedes=0&source=fc>) \nIBM InfoSphere Master Data Management Standard/Advanced Edition| \n\n11.0\n\n| None| [11.0-FP3-IF3](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EInformation%2BManagement&product=ibm/Information+Management/InfoSphere+Master+Data+Management&release=All&platform=All&function=fixId&fixids=11.0.0.3-MDM-SAE-FP03IF003&includeSupersedes=0&source=fc>) \nIBM InfoSphere Master Data Management Standard/Advanced Edition| \n\n11.3\n\n| None| [11.3-FP3-IF1](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EInformation%2BManagement&product=ibm/Information+Management/InfoSphere+Master+Data+Management&release=All&platform=All&function=fixId&fixids=11.3.0.3-MDM-SE-AE-FP03IF001&includeSupersedes=0&source=fc>) \nIBM InfoSphere Master Data Management Standard/Advanced Edition| \n\n11.4\n\n| None| [11.4-FP3-IF1](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EInformation%2BManagement&product=ibm/Information+Management/InfoSphere+Master+Data+Management&release=All&platform=All&function=fixId&fixids=11.4.0.3-MDM-SE-AE-FP03IF001&includeSupersedes=0&source=fc>) \n \n## Workarounds and Mitigations\n\nNone known.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-04-27T09:58:00", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in OpenSSL affect IBM InfoSphere Master Data Management (CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792"], "modified": "2022-04-27T09:58:00", "id": "7D14B08C045BFDC910143AB7478EEF037B7EDE9D4C014BE6212BF743A8294BD7", "href": "https://www.ibm.com/support/pages/node/531779", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T21:38:20", "description": "## Summary\n\nOpenSSL vulnerabilities were disclosed on June 11, 2015 by the OpenSSL Project. OpenSSL is used by multiple N series products. Multiple N series products have addressed the applicable CVEs.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-1788_](<https://vulners.com/cve/CVE-2015-1788>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error when processing an ECParameters structure over a specially crafted binary polynomial field. A remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103778_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103778>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n**CVEID:** [_CVE-2015-1789_](<https://vulners.com/cve/CVE-2015-1789>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds read in X509_cmp_time. An attacker could exploit this vulnerability using a specially crafted certificate or CRL to trigger a segmentation fault. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103779_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103779>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2015-1790_](<https://vulners.com/cve/CVE-2015-1790>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by the improper handling of missing inner EncryptedContent by the PKCS#7 parsing code. An attacker could exploit this vulnerability using specially crafted ASN.1-encoded PKCS#7 blobs with missing content to trigger a NULL pointer dereference. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103780_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103780>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2015-1791_](<https://vulners.com/cve/CVE-2015-1791>)** \nDESCRIPTION:** A double-free memory error in OpenSSL in the ssl3_get_new_session_ticket() function has an unknown impact. By returning a specially crafted NewSessionTicket message, an attacker could cause the client to reuse a previous ticket resulting in a race condition. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103609_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103609>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [_CVE-2015-1792_](<https://vulners.com/cve/CVE-2015-1792>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error when verifying a signedData message. An attacker could exploit this vulnerability using an unknown hash function OID to cause the application to enter into an infinite loop. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103781_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103781>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2014-8176_](<https://vulners.com/cve/CVE-2014-8176>)** \nDESCRIPTION:** OpenSSL could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an invalid free error when application data between the ChangeCipherSpec and Finished messages is received by the DTLS peer. An attacker could exploit this vulnerability to trigger a segmentation fault or possibly corrupt memory and execute arbitrary code on the system. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103782_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103782>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P)\n\n## Affected Products and Versions\n\nClustered Data ONTAP: 8.2.1, 8.2.2, 8.2.3, 8.2.4, ; \n\nClustered Data ONTAP Antivirus Connector: 1.0, 1.0.1, 1.0.2;\n\nData ONTAP operating in 7-Mode: 7.3.7, 8.1.4, 8.2.1, 8.2.2, 8.2.3;\n\nNS OnCommand Workflow Automation: 3.1;\n\nNS OnCommand Core Package: 5.1.2, 5.2.1, 5.2;\n\nOpen Systems SnapVault: 3.0.1;\n\nSnapDrive for Unix: 5.2, 5.2.2;\n\nSnapDrive for Windows: 7.0.3, 7.1.1, 7.1.2, 7.1.3;\n\n## Remediation/Fixes\n\nFor_ _SnapDrive for Unix: the fix exists from microcode version: 5.3; \n\nFor_ _SnapDrive for Windows: the fix exists from microcode version: 7.1.4;\n\nPlease contact IBM support or go to this [_link_](<https://www-945.ibm.com/support/fixcentral/>) to download a supported release. For customers who are using Clustered Data ONTAP, Clustered Data ONTAP Antivirus Connector, Data ONTAP operating in 7-Mode, NS OnCommand Workflow Automation, NS OnCommand Core Package or Open Systems SnapVault, please contact IBM support.\n\n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-12-15T18:05:07", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in OpenSSL affect multiple N series products", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8176", "CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792"], "modified": "2021-12-15T18:05:07", "id": "0E96665079E56894EA39AFB24283955B35E3838213DCD87205604F5B1858EEA7", "href": "https://www.ibm.com/support/pages/node/696435", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-28T22:06:38", "description": "## Summary\n\nPowerKVM is affected by OpenSSL vulnerabilities (multiple CVEs).\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-1788_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1788>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error when processing an ECParameters structure over a specially crafted binary polynomial field. A remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103778_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103778>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n**CVEID:** [_CVE-2015-1789_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1789>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds read in X509_cmp_time. An attacker could exploit this vulnerability using a specially crafted certificate or CRL to trigger a segmentation fault. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103779_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103779>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2015-1790_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1790>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by the improper handling of missing inner EncryptedContent by the PKCS#7 parsing code. An attacker could exploit this vulnerability using specially crafted ASN.1-encoded PKCS#7 blobs with missing content to trigger a NULL pointer dereference. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103780_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103780>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2015-1791_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1791>)** \nDESCRIPTION:** A double-free memory error in OpenSSL in the ssl3_get_new_session_ticket() function has an unknown impact. By returning a specially crafted NewSessionTicket message, an attacker could cause the client to reuse a previous ticket resulting in a race condition. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103609_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103609>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [_CVE-2015-1792_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1792>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error when verifying a signedData message. An attacker could exploit this vulnerability using an unknown hash function OID to cause the application to enter into an infinite loop. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103781_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103781>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2014-8176_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8176>)** \nDESCRIPTION:** OpenSSL could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an invalid free error when application data between the ChangeCipherSpec and Finished messages is received by the DTLS peer. An attacker could exploit this vulnerability to trigger a segmentation fault or possibly corrupt memory and execute arbitrary code on the system. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103782_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103782>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P)\n\n## Affected Products and Versions\n\nPowerKVM 2.1\n\n## Remediation/Fixes\n\nFix is made available via Fix Central ([_https://ibm.biz/BdEnT8_](<https://ibm.biz/BdEnT8>)) in 2.1.1 build 57 and all later builds and fix packs. For systems currently running fix levels of PowerKVM prior to 2.1.1, please see <http://download4.boulder.ibm.com/sar/CMA/OSA/05e4c/0/README> for prerequisite fixes and instructions. Customers can also update from 2.1.1 (GA and later levels) by using \"yum update\".\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n1 July 2015 - Initial version\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Product\":{\"code\":\"SSZJY4\",\"label\":\"PowerKVM\"},\"Business Unit\":{\"code\":\"BU054\",\"label\":\"Systems w\\/TPS\"},\"Component\":\"Not Applicable\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"2.1\",\"Edition\":\"KVM\",\"Line of Business\":{\"code\":\"LOB08\",\"label\":\"Cognitive Systems\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-18T01:28:42", "type": "ibm", "title": "Security Bulletin: PowerKVM is affected by OpenSSL vulnerabilities (multiple CVEs)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8176", "CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792"], "modified": "2018-06-18T01:28:42", "id": "A5EE6903D383C042ADBB5FEF76C2F60C5F1B6BFAAA0ABAB88DC4660244B7AED4", "href": "https://www.ibm.com/support/pages/node/681017", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-23T21:52:11", "description": "## Summary\n\nOpenSSL vulnerabilities were disclosed on June 11, 2015 by the OpenSSL Project. This includes Logjam Attack on TLS connections using the Diffie-Hellman (DH) key exchange protocol (CVE-2015-4000). OpenSSL is used by IBM Flex System FC43171 8Gb SAN Switchand SAN Pass-thru firmware, QLogic 8Gb Intelligent Pass-thru Module &amp; SAN Switch Module for BladeCenter and QLogic Virtual Fabric Extension Module for IBM BladeCenter which have addressed the applicable CVEs.\n\n## Vulnerability Details\n\n## Summary\n\nOpenSSL vulnerabilities were disclosed on June 11, 2015 by the OpenSSL Project. This includes Logjam Attack on TLS connections using the Diffie-Hellman (DH) key exchange protocol (CVE-2015-4000). OpenSSL is used by IBM Flex System FC43171 8Gb SAN Switch and SAN Pass-thru firmware, QLogic 8Gb Intelligent Pass-thru Module & SAN Switch Module for BladeCenter and QLogic Virtual Fabric Extension Module for IBM BladeCenter which have addressed the applicable CVEs.\n\n**Vulnerability Details**\n\n**CVE-ID:** [CVE-2015-4000](<https://vulners.com/cve/CVE-2015-4000>)\n\n**Description:** The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to properly convey a DHE_EXPORT ciphersuite choice. An attacker could exploit this vulnerability using man-in-the-middle techniques to force a downgrade to 512-bit export-grade cipher. Successful exploitation could allow an attacker to recover the session key as well as modify the contents of the traffic. This vulnerability is commonly referred to as \"Logjam\".\n\nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/103294> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\n**CVE-ID:** [CVE-2015-1788](<https://vulners.com/cve/CVE-2015-1788>)\n\n**Description:** OpenSSL is vulnerable to a denial of service, caused by an error when processing an ECParameters structure over a specially crafted binary polynomial field. A remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop.\n\nCVSS Base Score: 5 \nCVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/103778> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVE-ID:** [CVE-2015-1789](<https://vulners.com/cve/CVE-2015-1789>)\n\n**Description:** OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds read in X509_cmp_time. An attacker could exploit this vulnerability using a specially crafted certificate or CRL to trigger a segmentation fault.\n\nCVSS Base Score: 5 \nCVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/103779> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVE-ID:** [CVE-2015-1790](<https://vulners.com/cve/CVE-2015-1790>)\n\n**Description:** OpenSSL is vulnerable to a denial of service, caused by the improper handling of missing inner EncryptedContent by the PKCS#7 parsing code. An attacker could exploit this vulnerability using specially crafted ASN.1-encoded PKCS#7 blobs with missing content to trigger a NULL pointer dereference.\n\nCVSS Base Score: 5 \nCVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/103780> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVE-ID:** [CVE-2015-1791](<https://vulners.com/cve/CVE-2015-1791>)\n\n**Description:** A double-free memory error in OpenSSL in the ssl3_get_new_session_ticket() function has an unknown impact. By returning a specially crafted NewSessionTicket message, an attacker could cause the client to reuse a previous ticket resulting in a race condition\n\nCVSS Base Score: 5 \nCVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/103609> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)\n\n**CVE-ID:** [CVE-2015-1792](<https://vulners.com/cve/CVE-2015-1792>)\n\n**Description:** OpenSSL is vulnerable to a denial of service, caused by an error when verifying a signedData message. An attacker could exploit this vulnerability using an unknown hash function OID to cause the application to enter into an infinite loop.\n\nCVSS Base Score: 5 \nCVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/103781> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## Affected products and versions\n\nProduct | Affected Version \n---|--- \nIBM Flex System FC43171 8Gb SAN Switch and SAN Pass-thru | 9.1.5.03.00 \nQLogic 8Gb Intelligent Pass-thru Module & SAN Switch Module for BladeCenter | 7.10.1.31.00 \nQLogic Virtual Fabric Extension Module for IBM BladeCenter | 9.0.3.10.00 \n \n## Remediation/Fixes\n\nFirmware fix versions are available on Fix Central: <http://www.ibm.com/support/fixcentral/>\n\nYou should verify applying the fix does not cause any compatibility issues.\n\nProduct | Fixed Version \n---|--- \nIBM Flex System FC43171 8Gb SAN Switch and SAN Pass-thru \n(published in qlgc_fw_flex_9.1.7.01.00) | 9.1.5.04.00 \nQLogic 8Gb Intelligent Pass-thru Module and SAN Switch Module for BladeCenter \n(qlgc_fw_bcsw_7.10.1.35_anyos_noarch) | 7.10.1.35.00 \nQLogic Virtual Fabric Extension Module for IBM BladeCenter \n(qlgc_fw_bcsw_9.0.3.12.00_anyos_noarch) | 9.0.3.12.0 \n \nFor **CVE-2015-4000**: You should verify applying this configuration change does not cause any compatibility issues. If you change the default setting after applying the fix, you will expose yourself to the attack described above. IBM recommends that you review your entire environment to identify other areas where you have enabled the Diffie-Hellman key-exchange protocol used in TLS and take appropriate mitigation and remediation actions.\n\n## Workarounds and Mitigations\n\nNone.\n\n## References\n\n * [Complete CVSS V2 Guide](<http://www.first.org/cvss/v2/guide>)\n * [On-line Calculator V2](<http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2>)\n\n**Related Information** \n[IBM Secure Engineering Web Portal](<http://www-01.ibm.com/software/test/wenses/security/>) \n[IBM Product Security Incident Response Blog](<https://www.ibm.com/blogs/psirt/>) \n\n\n**Acknowledgement**\n\nNone.\n\n**Change History** \n11 December 2015: Original Version Published\n\n* The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n**Disclaimer**\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"AS IS\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-01-31T02:10:01", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in OpenSSL, including Logjam, affect IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru firmware, QLogic 8Gb Intelligent Pass-thru Module and SAN Switch Module and QLogic Virtual Fabric Extension Module", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-4000"], "modified": "2019-01-31T02:10:01", "id": "45A391F0E1CE99679546039D2F1C0C8B6B2EDCC706278DE6C16010592663C5F8", "href": "https://www.ibm.com/support/pages/node/868200", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:57:28", "description": "## Summary\n\nSSL vulnerabilities were disclosed on June 11, 2015 by the OpenSSL Project. IBM DataPower Gateways has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n**CVEID****:** [_CVE-2015-1788_](<https://vulners.com/cve/CVE-2015-1788>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error when processing an ECParameters structure over a specially crafted binary polynomial field. A remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103778_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103778>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n**CVEID:** [_CVE-2015-1789_](<https://vulners.com/cve/CVE-2015-1789>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds read in X509_cmp_time. An attacker could exploit this vulnerability using a specially crafted certificate or CRL to trigger a segmentation fault. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103779_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103779>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n**CVEID:** [_CVE-2015-1790_](<https://vulners.com/cve/CVE-2015-1790>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by the improper handling of missing inner EncryptedContent by the PKCS#7 parsing code. An attacker could exploit this vulnerability using specially crafted ASN.1-encoded PKCS#7 blobs with missing content to trigger a NULL pointer dereference. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103780_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103780>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2015-1792_](<https://vulners.com/cve/CVE-2015-1792>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error when verifying a signedData message. An attacker could exploit this vulnerability using an unknown hash function OID to cause the application to enter into an infinite loop. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103781_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103781>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\nNote that CVE-2015-1788 only affects IBM DataPower Gateways Crypto objects in version 7.2.0.0, and not earlier versions. Refer to the following bulletin for details of this advisory affecting IBM DataPower Gateways objects that use GSKit: <http://www-01.ibm.com/support/docview.wss?uid=swg21969271>.\n\n**Note that the following vulnerabilities disclosed on the same day do not impact DataPower appliances:**\n\n \nCVEID: CVE-2015-1791 \nCVEID: CVE-2014-8176 \n\n## Affected Products and Versions\n\nIBM DataPower Gateways appliances all versions through 6.0.0.15, 6.0.1.11, 7.0.0.8, 7.1.0.5, 7.2.0.0\n\n## Remediation/Fixes\n\nFix is available in versions 6.0.0.16, 6.0.1.12, 7.0.0.9, 7.1.0.6, 7.2.0.1. Refer to [APAR IT10104](<http://www-01.ibm.com/support/docview.wss?uid=swg1IT10104>) for URLs to download the fix. \n \nYou should verify applying this fix does not cause any compatibility issues. \n\n\n_For DataPower customers using versions 5.x and earlier versions, IBM recommends upgrading to a fixed, supported version/release/platform of the product. _\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-15T07:03:33", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in SSL affect IBM DataPower Gateways (CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1792)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8176", "CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792"], "modified": "2018-06-15T07:03:33", "id": "5E809025DAFEC4CB7FE0FA92E57B5B479AB4FCA9F07C50F0A73D0E25DCE67AF1", "href": "https://www.ibm.com/support/pages/node/536433", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:48:51", "description": "## Summary\n\nOpenSSL vulnerabilities were disclosed on June 11, 2015 by the OpenSSL Project. OpenSSL is used by IBM\u00ae Rational Team Concert\u2122 Build Agent. IBM\u00ae Rational Team Concert\u2122 Build Agent has addressed the applicable CVEs. \n\n## Vulnerability Details\n\n \n**CVEID:** [_CVE-2015-1788_](<https://vulners.com/cve/CVE-2015-1788>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error when processing an ECParameters structure over a specially crafted binary polynomial field. A remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103778_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103778>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n**CVEID:** [_CVE-2015-1789_](<https://vulners.com/cve/CVE-2015-1789>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds read in X509_cmp_time. An attacker could exploit this vulnerability using a specially crafted certificate or CRL to trigger a segmentation fault. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103779_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103779>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2015-1790_](<https://vulners.com/cve/CVE-2015-1790>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by the improper handling of missing inner EncryptedContent by the PKCS#7 parsing code. An attacker could exploit this vulnerability using specially crafted ASN.1-encoded PKCS#7 blobs with missing content to trigger a NULL pointer dereference. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103780_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103780>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2015-1791_](<https://vulners.com/cve/CVE-2015-1791>)** \nDESCRIPTION:** A double-free memory error in OpenSSL in the ssl3_get_new_session_ticket() function has an unknown impact. By returning a specially crafted NewSessionTicket message, an attacker could cause the client to reuse a previous ticket resulting in a race condition. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103609_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103609>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [_CVE-2015-1792_](<https://vulners.com/cve/CVE-2015-1792>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error when verifying a signedData message. An attacker could exploit this vulnerability using an unknown hash function OID to cause the application to enter into an infinite loop. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103781_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103781>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2014-8176_](<https://vulners.com/cve/CVE-2014-8176>)** \nDESCRIPTION:** OpenSSL could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an invalid free error when application data between the ChangeCipherSpec and Finished messages is received by the DTLS peer. An attacker could exploit this vulnerability to trigger a segmentation fault or possibly corrupt memory and execute arbitrary code on the system. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103782_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103782>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P)\n\n## Affected Products and Versions\n\nOnly the Rational Team Concert Build Agent uses the OpenSSL component and is affected by these vulnerabilities. No other part of Rational Team Concert is impacted. \n \nRational Team Concert 3.0.x, 4.0.x, 5.0.x, and 6.0 are affected versions. \n \nThe following operating systems are not impacted in any RTC release: \n\\- IBM i \n\\- Linux on Power\n\n## Remediation/Fixes\n\nThe remediation for this security exposure is to update the Rational Build Agent that is included with the Rational Team Concert Build System Toolkit. Refer to the following list to determine the approach to take for the operating system that is being used for the Build System Toolkit. \n \nThis[ Build Forge agent interim fix](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+Build+Forge&fixids=bfagent-8.0.0.2-3-0013&source=SAR>) or later can be used to obtain the replacement agent for your operating systems. \n\n\n * For the following combinations :\n \n\\- Windows and RTC 3.0.1.x, 4.0.x, 5.0.x, or 6.0 \n\\- Linux x86 and RTC 3.0.1.x, 4.0.x, 5.0.x, or 6.0 \n\\- Linux on System z and RTC 3.0.1.x, 4.0.x, 5.0.x, or 6.0 \n\\- Solaris and RTC 3.0.1.x, 4.0.x, 5.0.x Obtain the updated agent install package from the Build Forge Agent interim fix and replace it in the installed build system toolkit. \n * * For AIX in RTC 3.0.1.x, 4.0.x, 5.0.x, and 6.0 : Obtain the updated agent install package and install it on an AIX machine. Extract the resulting bfagent executable and replace in the build system toolkit.\n\n## Workarounds and Mitigations\n\nThese vulnerabilities are only in the Build Agent, so not using the build agent component is a mitigation.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-17T05:07:14", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in OpenSSL affect IBM\u00ae Rational Team Concert\u2122 Build Agent (CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792, CVE-2014-8176)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8176", "CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792"], "modified": "2018-06-17T05:07:14", "id": "201018C415242F0DA1C06575A912CA5C445B3279D15C72F87C78C22FECC5D78A", "href": "https://www.ibm.com/support/pages/node/268731", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T21:38:43", "description": "## Summary\n\nOpen SSL is used by Power Hardware Management Console (HMC). HMC has addressed the applicable CVEs\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-8176_](<https://vulners.com/cve/CVE-2014-8176>)** \nDESCRIPTION:** OpenSSL could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an invalid free error when application data between the ChangeCipherSpec and Finished messages is received by the DTLS peer. An attacker could exploit this vulnerability to trigger a segmentation fault or possibly corrupt memory and execute arbitrary code on the system. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103782_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103782>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P) \n\n**CVEID:** [_CVE-2015-1788_](<https://vulners.com/cve/CVE-2015-1788>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error when processing an ECParameters structure over a specially crafted binary polynomial field. A remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103778_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103778>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2015-1789_](<https://vulners.com/cve/CVE-2015-1789>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds read in X509_cmp_time. An attacker could exploit this vulnerability using a specially crafted certificate or CRL to trigger a segmentation fault. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103779_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103779>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2015-1790_](<https://vulners.com/cve/CVE-2015-1790>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by the improper handling of missing inner EncryptedContent by the PKCS#7 parsing code. An attacker could exploit this vulnerability using specially crafted ASN.1-encoded PKCS#7 blobs with missing content to trigger a NULL pointer dereference. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103780_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103780>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2015-1791_](<https://vulners.com/cve/CVE-2015-1791>)** \nDESCRIPTION:** A double-free memory error in OpenSSL in the ssl3_get_new_session_ticket() function has an unknown impact. By returning a specially crafted NewSessionTicket message, an attacker could cause the client to reuse a previous ticket resulting in a race condition. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103609_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103609>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [_CVE-2015-1792_](<https://vulners.com/cve/CVE-2015-1792>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error when verifying a signedData message. An attacker could exploit this vulnerability using an unknown hash function OID to cause the application to enter into an infinite loop. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103781_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103781>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n \n \n**CVEID:** [_CVE-2015-3216_](<https://vulners.com/cve/CVE-2015-3216>)** \nDESCRIPTION:** OpenSSL shipped with Red Hat Enterprise Linux is vulnerable to a denial of service, caused by an out-of-bounds memory read error in ssleay_rand_bytes() function. By sending specially crafted data, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103915_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103915>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n## Affected Products and Versions\n\n \nPower HMC V7.3.0.0 \nPower HMC V7.8.0.0 \nPower HMC V7.9.0.0 \nPower HMC V8.1.0.0 \nPower HMC V8.2.0.0 \nPower HMC V8.3.0.0\n\n## Remediation/Fixes\n\n \nThe following fixes are available on IBM Fix Central at: <http://www-933.ibm.com/support/fixcentral/>\n\nProduct\n\n| \n\nVRMF\n\n| \n\nAPAR\n\n| \n\nRemediation/Fix \n \n---|---|---|--- \n \nPower HMC\n\n| \n\nV7.7.3.0 SP7\n\n| \n\nMB03935\n\n| \n\nApply eFix MH01547 \n \nPower HMC\n\n| \n\nV7.7.8.0 SP2\n\n| \n\nMB03936\n\n| \n\nApply eFix MH01548 \n \nPower HMC\n\n| \n\nV7.7.9.0 SP2\n\n| \n\nMB03937\n\n| \n\nApply eFix MH01549 \n \nPower HMC\n\n| \n\nV8.8.1.0 SP2\n\n| \n\nMB03938\n\n| \n\nApply eFix MH01550 \n \nPower HMC\n\n| \n\nV8.8.2.0 SP2\n\n| \n\nMB03873 \n\n| \n\nApply Service Pack 2 MH01488 \n \nPower HMC\n\n| \n\nV8.8.3.0\n\n| \n\nMB03939\n\n| \n\nApply eFix MH01551 \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-09-23T01:31:39", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in Open SSL affect Power Hardware Management Console (CVE-2014-8176,CVE-2015-1788,CVE-2015-1789,CVE-2015-1790,CVE-2015-1791,CVE-2015-1792,CVE-2015-3216)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8176", "CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-3216"], "modified": "2021-09-23T01:31:39", "id": "44581CEFAAC57F6BA083046E8D17AC3B05F7A3FDCFB70055DF3548236FC99CA6", "href": "https://www.ibm.com/support/pages/node/666389", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:38:38", "description": "## Summary\n\nOpenSSL vulnerabilities were disclosed on June 11, 2015 by the OpenSSL Project. This includes Logjam Attack on TLS connections using the Diffie-Hellman (DH) key exchange protocol (CVE-2015-4000). OpenSSL is used by Sterling Connect:Express for UNIX. Sterling Connect:Express for UNIX has addressed the applicable CVEs. \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-4000_](<https://vulners.com/cve/CVE-2015-4000>) \n**DESCRIPTION:** The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to properly convey a DHE_EXPORT ciphersuite choice. An attacker could exploit this vulnerability using man-in-the-middle techniques to force a downgrade to 512-bit export-grade cipher. Successful exploitation could allow an attacker to recover the session key as well as modify the contents of the traffic. This vulnerability is commonly referred to as \"Logjam\". \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103294_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103294>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n \n**CVEID:** [_CVE-2014-8176_](<https://vulners.com/cve/CVE-2014-8176>)** \nDESCRIPTION:** OpenSSL could allow a remote attacker to execute arbitrary code on the system, caused by an invalid free error when application data between the ChangeCipherSpec and Finished messages is received by the DTLS peer. An attacker could exploit this vulnerability to trigger a segmentation fault or possibly corrupt memory and execute arbitrary \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103782_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103782>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P) \n\n**CVEID:** [_CVE-2015-1788 \n_](<https://vulners.com/cve/CVE-2015-1788>)**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error when processing an ECParameters structure over a specially crafted binary polynomial field. A remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103778_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103778>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2015-1789 \n_](<https://vulners.com/cve/CVE-2015-1789>)**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds read in X509_cmp_time. An attacker could exploit this vulnerability using a specially crafted certificate or CRL to trigger a segmentation fault. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103779_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103779>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2015-1790_](<https://vulners.com/cve/CVE-2015-1790>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by the improper handling of missing inner EncryptedContent by the PKCS#7 parsing code. An attacker could exploit this vulnerability using specially crafted ASN.1-encoded PKCS#7 blobs with missing content to trigger a NULL pointer dereference. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103780_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103780>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2015-1791 \n_](<https://vulners.com/cve/CVE-2015-1791>)**DESCRIPTION:** A double-free memory error in OpenSSL in the ssl3_get_new_session_ticket() function has an unknown impact. By returning a specially crafted NewSessionTicket message, an attacker could cause the client to reuse a previous ticket resulting in a race condition. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103609_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103609>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [_CVE-2015-1792_](<https://vulners.com/cve/CVE-2015-1792>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error when verifying a signedData message. An attacker could exploit this vulnerability using an unknown hash function OID to cause the application to enter into an infinite loop. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103781_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103781>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## Affected Products and Versions\n\nIBM Sterling Connect:Express for UNIX 1.4.6 \n\\- All versions prior to 1.4.6.1 iFix 146-110 \n \nIBM Sterling Connect:Express for UNIX 1.5.0.12 \n\\- All versions prior to 1.5.0.12\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the fix as soon as practical. Please see below for information about the available fixes \n \n\n\nVRMF| Remediation \n---|--- \n1.4.6| Please contact your local [IBM Remote Technical Support Center ](<https://www-304.ibm.com/webapp/set2/sas/f/handbook/contacts.html>)to request Connect:Express 1.4.6.1 iFix 146-111 \n1.5.0.12| Apply 1.5.0.12 iFix 150-1201, available on [_Fix Central_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Sterling+Connect%3AExpress+for+UNIX&release=All&platform=All&function=all>) \n \nFor CVE-2015-4000: As the length of the server key size are increased, the amount of CPU required for full TLS/SSL handshake can significantly increase. Please carefully test and assess the impact to your CPU requirements to ensure sufficient CPU resources, otherwise the system availability may be impacted. \n \nFor CVE-2015-4000: In addition to the fix installation and in order to protect Connect:Express from the CVE-2015-4000 vulnerability, EDH ciphers must be disabled in all SSL server definitions. Refer to the Chapter 4 of [IBM Sterling Connect:Express for UNIX Option SSL](<ftp://public.dhe.ibm.com/software/commerce/doc/mft/cexpress/cxunix/15/CXUX15_SSL_fr.pdf>) documentation to learn how to specify a cipher list in a SSL server definition. In the cipher list, all EDH ciphers must be disabled. See [https://www.openssl.org/ ](<https://www.openssl.org/>)to learn how to use the OpenSSL cipher list tool. \n \nYou should verify applying this configuration change does not cause any compatibility issues. If you change the default setting after applying the fix, you will expose yourself to the attack described above. IBM recommends that you review your entire environment to identify other areas where you have enabled the Diffie-Hellman key-exchange protocol used in TLS and take appropriate mitigation and remediation actions. \n\n## Workarounds and Mitigations\n\nNone, fix must be applied and EDH ciphers must be disabled in all SSL server definitions. \n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-07-24T22:49:37", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in OpenSSL including Logjam affect Sterling Connect:Express for UNIX (CVE-2015-4000, CVE-2014-8176, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8176", "CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-4000"], "modified": "2020-07-24T22:49:37", "id": "09EFBF1EDC3D056A4C55B6D328B0019A52124F7A8C7DCA88E25031BCFD79F86E", "href": "https://www.ibm.com/support/pages/node/528605", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:38:26", "description": "## Summary\n\nOpenSSL vulnerabilities were disclosed on June 11, 2015 by the OpenSSL Project. This includes Logjam Attack on TLS connections using the Diffie-Hellman (DH) key exchange protocol (CVE-2015-4000). OpenSSL is used by IBM SDK for Node.js for the Cordova tools in Rational Software Architect and Rational Software Architect for Websphere Software. RSA and RSA4WS have addressed the applicable CVEs \n\n## Vulnerability Details\n\n \n**CVEID:** [_CVE-2015-4000_](<https://vulners.com/cve/CVE-2015-4000>) \n \n**DESCRIPTION:** The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to properly convey a DHE_EXPORT ciphersuite choice. An attacker could exploit this vulnerability using man-in-the-middle techniques to force a downgrade to 512-bit export-grade cipher. Successful exploitation could allow an attacker to recover the session key as well as modify the contents of the traffic. This vulnerability is commonly referred to as \"Logjam\". \n \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103294_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103294>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n \n \n**CVEID:** [_CVE-2014-8176_](<https://vulners.com/cve/CVE-2014-8176>) \n[](<https://vulners.com/cve/CVE-2014-8176>) \n**DESCRIPTION:** OpenSSL could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an invalid free error when application data between the ChangeCipherSpec and Finished messages is received by the DTLS peer. An attacker could exploit this vulnerability to trigger a segmentation fault or possibly corrupt memory and execute arbitrary code on the system. \n \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103782_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103782>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P) \n \n \n**CVEID:** [_CVE-2015-1788_](<https://vulners.com/cve/CVE-2015-1788>) \n \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error when processing an ECParameters structure over a specially crafted binary polynomial field. A remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \n \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103778_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103778>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n \n**CVEID:** [_CVE-2015-1789_](<https://vulners.com/cve/CVE-2015-1789>) \n \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds read in X509_cmp_time. An attacker could exploit this vulnerability using a specially crafted certificate or CRL to trigger a segmentation fault. \n \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103779_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103779>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n \n**CVEID:** [_CVE-2015-1790_](<https://vulners.com/cve/CVE-2015-1790>) \n \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by the improper handling of missing inner EncryptedContent by the PKCS#7 parsing code. An attacker could exploit this vulnerability using specially crafted ASN.1-encoded PKCS#7 blobs with missing content to trigger a NULL pointer dereference. \n \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103780_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103780>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n \n**CVEID:** [_CVE-2015-1791_](<https://vulners.com/cve/CVE-2015-1791>) \n \n**DESCRIPTION:** A double-free memory error in OpenSSL in the ssl3_get_new_session_ticket() function has an unknown impact. By returning a specially crafted NewSessionTicket message, an attacker could cause the client to reuse a previous ticket resulting in a race condition. \n \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103609_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103609>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) \n \n \n**CVEID:** [_CVE-2015-1792_](<https://vulners.com/cve/CVE-2015-1792>) \n \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error when verifying a signedData message. An attacker could exploit this vulnerability using an unknown hash function OID to cause the application to enter into an infinite loop. \n \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103781_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103781>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n\n## Affected Products and Versions\n\nIBM Rational Software Architect and IBM Rational Software Architect for Websphere Software 9.1, 9.1.1 and 9.1.2 \n\n## Remediation/Fixes\n\nUpdate the IBM SDK for Node.js using by the Cordova platform in the product to address this vulnerability: \n \n\n\n**Product**| **VRMF**| **APAR**| **Remediation/Download FixCentral Link** \n---|---|---|--- \nRational Software Architect \nRational Software Architect for Websphere Software| 9.1, 9.1.1 and 9.1.2| \n| \n\n * Apply [IBM SDK for Node.js 1.1.0.15](<https://www.ibm.com/developerworks/web/nodesdk/>) to the Cordova platform in the product. The IBM SDK for Node.js package can be downloaded from the [IBM SDK for Node.js developerWorks community page](<https://www.ibm.com/developerworks/web/nodesdk/>). \n \nAfter the executable package for your platform is downloaded then launch the installation wizard, specify <installation folder>/cordova_cli/ as the installation location, and follow the wizard to complete the installation. The value of <installation folder> is your Software Delivery Platform product installation folder. \n \n**For **[**CVE-2015-4000**](<https://vulners.com/cve/CVE-2015-4000>)**: **As the length of the server key size are increased, the amount of CPU required for full TLS/SSL handshake can significantly increase. Please carefully test and assess the impact to your CPU requirements to ensure sufficient CPU resources, otherwise the system availability may be impacted. \nYou should verify applying this configuration change does not cause any compatibility issues. If you change the default setting after applying the fix, you will expose yourself to the attack described above. IBM recommends that you review your entire environment to identify other areas where you have enabled the Diffie-Hellman key-exchange protocol used in TLS and take appropriate mitigation and remediation actions. \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-09-10T17:03:14", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in OpenSSL including Logjam affect Rational Software Architect and Rational Software Architect for Websphere Software", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8176", "CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-4000"], "modified": "2020-09-10T17:03:14", "id": "2F044E6D3403CF1CE244F404A02D2A1E0F016AD4BEEC5C72C153F07E02439876", "href": "https://www.ibm.com/support/pages/node/531837", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:52:09", "description": "## Summary\n\nOpenSSL vulnerabilities were disclosed on June 11, 2015 by the OpenSSL Project. OpenSSL is used by IBM Security Access Manager for Web. IBM Security Access Manager for Web has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2014-8176](<https://vulners.com/cve/CVE-2014-8176>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to execute arbitrary code on the system, caused by an invalid free error when application data between the ChangeCipherSpec and Finished messages is received by the DTLS peer. An attacker could exploit this vulnerability to trigger a segmentation fault or possibly corrupt memory and execute arbitrary \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103782_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103782>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P) \n\n**CVEID:** [CVE-2015-1788](<https://vulners.com/cve/CVE-2015-1788>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error when processing an ECParameters structure over a specially crafted binary polynomial field. A remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103778_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103778>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [CVE-2015-1789](<https://vulners.com/cve/CVE-2015-1789>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds read in X509_cmp_time. An attacker could exploit this vulnerability using a specially crafted certificate or CRL to trigger a segmentation fault. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103779_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103779>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [CVE-2015-1790](<https://vulners.com/cve/CVE-2015-1790>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by the improper handling of missing inner EncryptedContent by the PKCS#7 parsing code. An attacker could exploit this vulnerability using specially crafted ASN.1-encoded PKCS#7 blobs with missing content to trigger a NULL pointer dereference. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103780_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103780>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [CVE-2015-1791](<https://vulners.com/cve/CVE-2015-1791>) \n**DESCRIPTION:** A double-free memory error in OpenSSL in the ssl3_get_new_session_ticket() function has an unknown impact. By returning a specially crafted NewSessionTicket message, an attacker could cause the client to reuse a previous ticket resulting in a race condition. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103609_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103609>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [CVE-2015-1792](<https://vulners.com/cve/CVE-2015-1792>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error when verifying a signedData message. An attacker could exploit this vulnerability using an unknown hash function OID to cause the application to enter into an infinite loop. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103781_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103781>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n \n**CVEID:** [_CVE-2015-3216_](<https://vulners.com/cve/CVE-2015-3216>)** \nDESCRIPTION:** OpenSSL shipped with Red Hat Enterprise Linux is vulnerable to a denial of service, caused by an out-of-bounds memory read error in ssleay_rand_bytes() function. By sending specially crafted data, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103915_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103915>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n## Affected Products and Versions\n\nIBM Security Access Manager for Web version 7.0 appliance, all firmware versions \nIBM Security Access Manager for Web version 8.0 appliance, all firmware versions \n\n## Remediation/Fixes\n\nThe table below provides links to patches for all affected IBM Security Access Manager for Web appliance versions. Follow the installation instructions in the README file included with the patch. \n\n\n**Product**| **VRMF**| **APAR**| **Remediation** \n---|---|---|--- \nIBM Security Access Manager for Web \n_(appliance-based)_| _7.0.0.0 - \n7.0.0.15_| IV75512 | Apply the 7.0.0.16 interim fix:_ \n_[_7.0.0-ISS-WGA-IF0016_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Tivoli+Access+Manager+for+e-business&release=7.0.0&platform=All&function=all>) \nIBM Security Access Manager for Web| _8.0.0.1 - \n8.0.1.3_| IV75321| Upgrade to the 8.0.1.3 interim fix: \n[_8.0.1.3-ISS-WGA-IF0001_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Tivoli+Access+Manager+for+e-business&release=8.0&platform=Linux&function=all>) \n \n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-16T21:26:04", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in OpenSSL affect IBM Security Access Manager for Web", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8176", "CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-3216"], "modified": "2018-06-16T21:26:04", "id": "5329CD1C63D2F95E92A27532DD149EA30C54823558FD6ECF9F637F7793762B35", "href": "https://www.ibm.com/support/pages/node/533493", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:52:09", "description": "## Summary\n\nThere are multiple vulnerabilities in OpenSSL that is used by IBM Security Network Protection. These vulnerabilities include CVE-2014-8176, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792, CVE-2015-3216, and CVE-2015-1788.\n\n## Vulnerability Details\n\n**CVE ID:** [_CVE-2014-8176_](<https://vulners.com/cve/CVE-2014-8176>)\n\n**DESCRIPTION:** OpenSSL could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an invalid free error when application data between the ChangeCipherSpec and Finished messages is received by the DTLS peer. An attacker could exploit this vulnerability to trigger a segmentation fault or possibly corrupt memory and execute arbitrary code on the system. \n\n \n \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103782> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P) \n\n\n**CVE ID:** [_CVE-2015-1789_](<https://vulners.com/cve/CVE-2015-1789>)\n\n**DESCRIPTION:** OpenSSL could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an invalid free error when application data between the ChangeCipherSpec and Finished messages is received by the DTLS peer. An attacker could exploit this vulnerability to trigger a segmentation fault or possibly corrupt memory and execute arbitrary code on the system. \n\n \n \nCVSS Base Score: 5.0 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103779> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n\n**CVE ID:** [_CVE-2015-1790_](<https://vulners.com/cve/CVE-2015-1790>)\n\n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by the improper handling of missing inner EncryptedContent by the PKCS#7 parsing code. An attacker could exploit this vulnerability using specially crafted ASN.1-encoded PKCS#7 blobs with missing content to trigger a NULL pointer dereference. \n\n \n \nCVSS Base Score: 5.0 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103780> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n\n**CVE ID:** [_CVE-2015-1791_](<https://vulners.com/cve/CVE-2015-1791>)\n\n**DESCRIPTION:** A double-free memory error in OpenSSL in the ssl3_get_new_session_ticket() function has an unknown impact. By returning a specially crafted NewSessionTicket message, an attacker could cause the client to reuse a previous ticket resulting in a race condition. \n\n \n \nCVSS Base Score: 5.0 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103609> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) \n\n\n**CVE ID:** [_CVE-2015-1792_](<https://vulners.com/cve/CVE-2015-1792>)\n\n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error when verifying a signedData message. An attacker could exploit this vulnerability using an unknown hash function OID to cause the application to enter into an infinite loop.\n\n \n \nCVSS Base Score: 5.0 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103781> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n\n**CVE ID:** [_CVE-2015-3216_](<https://vulners.com/cve/CVE-2015-3216>)\n\n**DESCRIPTION:** OpenSSL shipped with Red Hat Enterprise Linux is vulnerable to a denial of service, caused by an out-of-bounds memory read error in ssleay_rand_bytes() function. By sending specially crafted data, a remote attacker could exploit this vulnerability to cause the application to crash.\n\n \n \nCVSS Base Score: 5.0 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103915> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n\n**CVE ID:** [_CVE-2015-1788_](<https://vulners.com/cve/CVE-2015-1788>)\n\n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error when processing an ECParameters structure over a specially crafted binary polynomial field. A remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \n\n \n \nCVSS Base Score: 5.0 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103778> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n## Affected Products and Versions\n\nIBM Security Network Protection 5.2 \nIBM Security Network Protection 5.3 \n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _Remediation/First Fix_ \n---|---|--- \nIBM Security Network Protection | Firmware version 5.2| Download 5.2.0.0-ISS-XGS-All-Models-Hotfix-FP0010 from [_IBM Fix Central_](<http://www-933.ibm.com/support/fixcentral/>) and upload and install via the Available Updates page of the local management interface. \nIBM Security Network Protection| Firmware version 5.3| Install Fixpack 5.3.1.2 from the Available Updates page of the local management interface, or by performing a One Time Scheduled Installation from SiteProtector. \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-16T21:25:43", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Security Network Protection", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8176", "CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-3216"], "modified": "2018-06-16T21:25:43", "id": "0C850FECD02720FE8E127F730E7172757B14E40919BABE4F7D431689A5B199DB", "href": "https://www.ibm.com/support/pages/node/531321", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:36:57", "description": "## Summary\n\nThere are multiple vulnerabilities in OpenSSL that is used by IBM Security Network Intrusion Prevention System. These vulnerabilities include CVE-2014-8176, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792, CVE-2015-3216, and CVE-2015-1788.\n\n## Vulnerability Details\n\n**CVE ID:** [_CVE-2014-8176_](<https://vulners.com/cve/CVE-2014-8176>)\n\n**DESCRIPTION:** OpenSSL could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an invalid free error when application data between the ChangeCipherSpec and Finished messages is received by the DTLS peer. An attacker could exploit this vulnerability to trigger a segmentation fault or possibly corrupt memory and execute arbitrary code on the system. \n\n \n \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103782> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P) \n\n\n**CVE ID:** [_CVE-2015-1789_](<https://vulners.com/cve/CVE-2015-1789>)\n\n**DESCRIPTION:** OpenSSL could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an invalid free error when application data between the ChangeCipherSpec and Finished messages is received by the DTLS peer. An attacker could exploit this vulnerability to trigger a segmentation fault or possibly corrupt memory and execute arbitrary code on the system. \n\n \n \nCVSS Base Score: 5.0 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103779> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n\n**CVE ID:** [_CVE-2015-1790_](<https://vulners.com/cve/CVE-2015-1790>)\n\n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by the improper handling of missing inner EncryptedContent by the PKCS#7 parsing code. An attacker could exploit this vulnerability using specially crafted ASN.1-encoded PKCS#7 blobs with missing content to trigger a NULL pointer dereference. \n\n \n \nCVSS Base Score: 5.0 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103780> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n\n**CVE ID:** [_CVE-2015-1791_](<https://vulners.com/cve/CVE-2015-1791>)\n\n**DESCRIPTION:** A double-free memory error in OpenSSL in the ssl3_get_new_session_ticket() function has an unknown impact. By returning a specially crafted NewSessionTicket message, an attacker could cause the client to reuse a previous ticket resulting in a race condition. \n\n \n \nCVSS Base Score: 5.0 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103609> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) \n\n\n**CVE ID:** [_CVE-2015-1792_](<https://vulners.com/cve/CVE-2015-1792>)\n\n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error when verifying a signedData message. An attacker could exploit this vulnerability using an unknown hash function OID to cause the application to enter into an infinite loop.\n\n \n \nCVSS Base Score: 5.0 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103781> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n\n**CVE ID:** [_CVE-2015-3216_](<https://vulners.com/cve/CVE-2015-3216>)\n\n**DESCRIPTION:** OpenSSL shipped with Red Hat Enterprise Linux is vulnerable to a denial of service, caused by an out-of-bounds memory read error in ssleay_rand_bytes() function. By sending specially crafted data, a remote attacker could exploit this vulnerability to cause the application to crash.\n\n \n \nCVSS Base Score: 5.0 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103915> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n\n**CVE ID:** [_CVE-2015-1788_](<https://vulners.com/cve/CVE-2015-1788>)\n\n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error when processing an ECParameters structure over a specially crafted binary polynomial field. A remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \n\n \n \nCVSS Base Score: 5.0 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103778> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n## Affected Products and Versions\n\nProducts: GX3002, GX4002, GX4004, GX4004-v2, GX5008, GX5008-v2, GX5108, GX5108-v2, GX5208, GX5208-v2, GX6116, GX7412, GX7412-10, GX7412-05, GX7800, GV200, GV1000 \n \nFirmware versions 4.6.2, 4.6.1, 4.6, 4.5, 4.4, and 4.3\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _Remediation/First Fix_ \n---|---|--- \nIBM Security Network Intrusion Prevention System | Firmware version 4.6.2| [_4.6.2.0-ISS-ProvG-AllModels-System-FP0009_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security+Systems&product=ibm/Tivoli/Proventia+Network+Intrusion+Prevention+System&release=All&platform=All&function=all>) \nIBM Security Network Intrusion Prevention System | Firmware version 4.6.1| [_4.6.1.0-ISS-ProvG-AllModels-System-FP0013_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security+Systems&product=ibm/Tivoli/Proventia+Network+Intrusion+Prevention+System&release=All&platform=All&function=all>) \nIBM Security Network Intrusion Prevention System | Firmware version 4.6| [_4.6.0.0-ISS-ProvG-AllModels-System-FP0011_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security+Systems&product=ibm/Tivoli/Proventia+Network+Intrusion+Prevention+System&release=All&platform=All&function=all>) \nIBM Security Network Intrusion Prevention System | Firmware version 4.5| [_4.5.0.0-ISS-ProvG-AllModels-System-FP0013_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security+Systems&product=ibm/Tivoli/Proventia+Network+Intrusion+Prevention+System&release=All&platform=All&function=all>) \nIBM Security Network Intrusion Prevention System | Firmware version 4.4| [_4.4.0.0-ISS-ProvG-AllModels-System-FP0013_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security+Systems&product=ibm/Tivoli/Proventia+Network+Intrusion+Prevention+System&release=All&platform=All&function=all>) \nIBM Security Network Intrusion Prevention System | Firmware version 4.3| [_4.3.0.0-ISS-ProvG-AllModels-System-FP0011_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security+Systems&product=ibm/Tivoli/Proventia+Network+Intrusion+Prevention+System&release=All&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-02-23T19:48:26", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Security Network Intrusion Prevention System", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8176", "CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-3216"], "modified": "2022-02-23T19:48:26", "id": "C83F675C530B12620988F0C65F58B32931125E0012C4B7C771823623ECB73255", "href": "https://www.ibm.com/support/pages/node/532087", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-23T21:50:30", "description": "## Summary\n\nOpenSSL vulnerabilities were disclosed on June 11, 2015 by the OpenSSL Project. This includes Logjam Attack on TLS connections using the Diffie-Hellman (DH) key exchange protocol (CVE-2015-4000). OpenSSL is used by MegaRAID Storage Manager. MegaRAID Storage Manager has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n## Summary\n\nOpenSSL vulnerabilities were disclosed on June 11, 2015 by the OpenSSL Project. This includes Logjam Attack on TLS connections using the Diffie-Hellman (DH) key exchange protocol (CVE-2015-4000). OpenSSL is used by MegaRAID Storage Manager. MegaRAID Storage Manager has addressed the applicable CVEs.\n\n**Vulnerability Details:**\n\n**CVE-ID:** [CVE-2015-4000](<https://vulners.com/cve/CVE-2015-4000>)\n\n**Description:** The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to properly convey a DHE_EXPORT ciphersuite choice. An attacker could exploit this vulnerability using man-in-the-middle techniques to force a downgrade to 512-bit export-grade cipher. Successful exploitation could allow an attacker to recover the session key as well as modify the contents of the traffic. This vulnerability is commonly referred to as \"Logjam.\"\n\nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/103294> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\n**CVE-ID:** [CVE-2014-8176](<https://vulners.com/cve/CVE-2014-8176>)\n\n**Description:** OpenSSL could allow a remote attacker to execute arbitrary code on the system, caused by an invalid free error when application data between the ChangeCipherSpec and Finished messages is received by the DTLS peer. An attacker could exploit this vulnerability to trigger a segmentation fault or possibly corrupt memory and execute arbitrary code on the system.\n\nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [http://exchange.xforce.ibmcloud.com/vulnerabilities/103782](<http://exchange.xforce.ibmcloud.com/vulnerabilities/103782%20>) for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P)\n\n**CVE-ID:** [CVE-2015-1788](<https://vulners.com/cve/CVE-2015-1788>)\n\n**Description:** OpenSSL is vulnerable to a denial of service, caused by an error when processing an ECParameters structure over a specially crafted binary polynomial field. A remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop.\n\nCVSS Base Score: 5 \nCVSS Temporal Score: See [http://exchange.xforce.ibmcloud.com/vulnerabilities/103778](<http://exchange.xforce.ibmcloud.com/vulnerabilities/103778%20>) for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVE-ID:** [CVE-2015-1789](<https://vulners.com/cve/CVE-2015-1789>)\n\n**Description:** OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds read in X509_cmp_time. An attacker could exploit this vulnerability using a specially crafted certificate or CRL to trigger a segmentation fault.\n\nCVSS Base Score: 5 \nCVSS Temporal Score: See [http://exchange.xforce.ibmcloud.com/vulnerabilities/103779](<http://exchange.xforce.ibmcloud.com/vulnerabilities/103779%20>) for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVE-ID:** [CVE-2015-1790](<https://vulners.com/cve/CVE-2015-1790>)\n\n**Description:** OpenSSL is vulnerable to a denial of service, caused by the improper handling of missing inner EncryptedContent by the PKCS#7 parsing code. An attacker could exploit this vulnerability using specially crafted ASN.1-encoded PKCS#7 blobs with missing content to trigger a NULL pointer dereference.\n\nCVSS Base Score: 5 \nCVSS Temporal Score: See [http://exchange.xforce.ibmcloud.com/vulnerabilities/103780](<http://exchange.xforce.ibmcloud.com/vulnerabilities/103780%20>) for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVE-ID:** [CVE-2015-1791](<https://vulners.com/cve/CVE-2015-1791>)\n\n**Description:** A double-free memory error in OpenSSL in the ssl3_get_new_session_ticket() function has an unknown impact. By returning a specially crafted NewSessionTicket message, an attacker could cause the client to reuse a previous ticket resulting in a race condition.\n\nCVSS Base Score: 5 \nCVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/103609> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)\n\n**CVE-ID:** [CVE-2015-1792](<https://vulners.com/cve/CVE-2015-1792>)\n\n**Description:** OpenSSL is vulnerable to a denial of service, caused by an error when verifying a signedData message. An attacker could exploit this vulnerability using an unknown hash function OID to cause the application to enter into an infinite loop.\n\nCVSS Base Score: 5 \nCVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/103781> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## Affected Products and Versions\n\nProduct | Affected Version \n---|--- \nMegaRAID Storage Manager | 15.05.* \n \n## Remediation/Fixes:\n\nIt is recommended to update to the firmware level listed below, or later version. Firmware updates are available through IBM Fix Central: \n<http://www.ibm.com/support/fixcentral/>.\n\nProduct | Fixed Version \n---|--- \nMegaRAID Storage Manager \nibm_utl_msm_15.11.50.00_linux_32-64 \nibm_utl_msm_15.11.50.00_windows_32-64 | 15.11.50.00 \n \nYou should verify applying the fix does not cause any compatibility issues.\n\nFor CVE-2015-4000: You should verify applying this configuration change does not cause any compatibility issues. If you change the default setting after applying the fix, you will expose yourself to the attack described above. IBM recommends that you review your entire environment to identify other areas where you have enabled the Diffie-Hellman key-exchange protocol used in TLS and take appropriate mitigation and remediation actions.\n\n## Workaround(s) & Mitigation(s):\n\nFor CVE-2015-4000: You should verify applying this configuration change does not cause any compatibility issues. If you change the default setting after applying the fix, you will expose yourself to the attack described above. IBM recommends that you review your entire environment to identify other areas where you have enabled the Diffie-Hellman key-exchange protocol used in TLS and take appropriate mitigation and remediation actions.\n\n## References:\n\n * [Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide.html>)\n * [On-line Calculator v2](<http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2>)\n\n**Related Information:** \n[IBM Secure Engineering Web Portal](<http://www-01.ibm.com/software/test/wenses/security/>) \n[IBM Product Security Incident Response Blog](<https://www.ibm.com/blogs/psirt/>) \n\n\n**Acknowledgement**\n\nReported to IBM by The WeakDH team at <https://weakdh.org>\n\n**Change History** \n01 August 2016: Original Copy Published\n\n* The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n**Disclaimer**\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"AS IS\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-01-31T02:25:02", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in OpenSSL including Logjam affect MegaRAID Storage Manager", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8176", "CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-4000"], "modified": "2019-01-31T02:25:02", "id": "6680272534C119E2F4255DAC0A5F66CF25F5D99D47E9760C164E835E0C60EF0F", "href": "https://www.ibm.com/support/pages/node/868546", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:53:14", "description": "## Summary\n\nOpenSSL vulnerabilities were disclosed by the OpenSSL Project. This includes the alternate chains certificate forgery vulnerability (CVE-2015-1793). OpenSSL is used by the Progress Software DataDirect Connect ODBC drivers which are shipped as a component of IBM InfoSphere Information Server. The Progress Software DataDirect Connect ODBC drivers have addressed the applicable CVEs.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-1793_](<https://vulners.com/cve/CVE-2015-1793>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to bypass security restrictions, caused by an implementation error of the alternative certificate chain logic. An attacker could exploit this vulnerability to bypass the CA flag and other specific checks on untrusted certificates and issue an invalid certificate. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/104500_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/104500>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n**CVEID:** [CVE-2014-8176](<https://vulners.com/cve/CVE-2014-8176>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to execute arbitrary code on the system, caused by an invalid free error when application data between the ChangeCipherSpec and Finished messages is received by the DTLS peer. An attacker could exploit this vulnerability to trigger a segmentation fault or possibly corrupt memory and execute arbitrary \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103782_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103782>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P) \n \n**CVEID:** [CVE-2015-1788](<https://vulners.com/cve/CVE-2015-1788>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error when processing an ECParameters structure over a specially crafted binary polynomial field. A remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103778_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103778>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n**CVEID:** [CVE-2015-1789](<https://vulners.com/cve/CVE-2015-1789>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds read in X509_cmp_time. An attacker could exploit this vulnerability using a specially crafted certificate or CRL to trigger a segmentation fault. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103779_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103779>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n**CVEID:** [CVE-2015-1790](<https://vulners.com/cve/CVE-2015-1790>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by the improper handling of missing inner EncryptedContent by the PKCS#7 parsing code. An attacker could exploit this vulnerability using specially crafted ASN.1-encoded PKCS#7 blobs with missing content to trigger a NULL pointer dereference. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103780_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103780>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n**CVEID:** [CVE-2015-1791](<https://vulners.com/cve/CVE-2015-1791>) \n**DESCRIPTION:** A double-free memory error in OpenSSL in the ssl3_get_new_session_ticket() function has an unknown impact. By returning a specially crafted NewSessionTicket message, an attacker could cause the client to reuse a previous ticket resulting in a race condition. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103609_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103609>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) \n \n**CVEID:** [CVE-2015-1792](<https://vulners.com/cve/CVE-2015-1792>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error when verifying a signedData message. An attacker could exploit this vulnerability using an unknown hash function OID to cause the application to enter into an infinite loop. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103781_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103781>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## Affected Products and Versions\n\nThe following product, running on all supported platforms, is affected: \nIBM InfoSphere Information Server: versions 8.5, 8.7, 9.1, 11.3 and 11.5\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \nInfoSphere Information Server| 11.3 11.5| \nJR53677| \\--Upgrade to [_DataDirect ODBC drivers version 7.1.5_](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is_ddodbc_7.1.5_server*>) \n\\--Use [_TechNote_](<http://www-01.ibm.com/support/docview.wss?uid=swg21965326>) to choose which OpenSSL version the drivers will use \n\\--Use [_TechNote_](<http://www-01.ibm.com/support/docview.wss?uid=swg21679867>) to follow additional post installation configuration steps \nInfoSphere Information Server| 9.1| \nJR53677| \\--Upgrade to [_DataDirect ODBC drivers version 7.1.5_](<http://www.ibm.com/suppor