Security Bulletin: Vulnerability in SSLv3 affects InfoSphere MashupHub (CVE-2014-3566)

2018-06-16T13:09:08

Description

## Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack. SSLv3 can be enabled in InfoSphere MashupHub. ## Vulnerability Details **CVE-ID**: [_CVE-2014-3566_](<https://vulners.com/cve/CVE-2014-3566>) **DESCRIPTION**: Product could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections. CVSS Base Score: 4.3 CVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/97013_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/97013>) for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) ## Affected Products and Versions InfoSphere MashupHub - all versions ## Remediation/Fixes IBM announced withdrawal from marketing for InfoSphere MashupHub on May 8, 2012, and recommends that customers using the program should transition to other replacement products as listed in the Withdrawal Announcement (see Related Information). Customers still using InfoSphere MashupHub can mitigate this vulnerability by taking the steps documented in the _W__orkarounds and Mitigation_ section below. If further assistance is required, please open a PMR with IBM Technical Support and request assistance securing the InfoSphere MashupHub system against the SSL 3.0 Poodle vulnerability (CVE-20134-3566). ## Workarounds and Mitigations SSL is supported through the WebSphere Application Server (WAS) bundled with InfoSphere MashupHub. Websphere has released fixpacks with fixes for this vulnerability. Upgrading the WebSphere Application Server in the InfoSphere MashupHub installation with one of these fixpacks will mitigate this vulnerability for the installation. Refer to the information below and the directions in the [WebSphere Application Server Security Bulletin for CVE-2014-3566](<http://www-01.ibm.com/support/docview.wss?uid=swg21687173>) to perform such an upgrade. InfoSphere MashupHub versions 2.x and 3.x ship WebSphere Application Server 7.0.0.5 and 7.0.0.11 respectively. Refer to the _V7.0.0.0 through 7.0.0.35_ section of the WAS Security Bulletin for fixpack information. IBM recommends that you review your entire environment to identify areas that enable the SSLv3 protocol and take appropriate mitigation and remediation actions. The most immediate mitigation action that can be taken is disabling SSLv3. You should verify disabling SSLv3 does not cause any compatibility issues. ##

Affected Software

CPE Name	Name	Version
	infosphere mashuphub	3.0
	infosphere mashuphub	2.0

{"id": "B57836C680E5C7DF0307525BE8C7E45EFC17A6866B818F9F01947138A8ED9F8B", "vendorId": null, "type": "ibm", "bulletinFamily": "software", "title": "Security Bulletin: Vulnerability in SSLv3 affects InfoSphere MashupHub (CVE-2014-3566)", "description": "## Summary\n\nSSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack. SSLv3 can be enabled in InfoSphere MashupHub. \n\n## Vulnerability Details\n\n**CVE-ID**: [_CVE-2014-3566_](<https://vulners.com/cve/CVE-2014-3566>) \n \n**DESCRIPTION**: Product could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections. \n \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/97013_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/97013>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\n## Affected Products and Versions\n\nInfoSphere MashupHub - all versions\n\n## Remediation/Fixes\n\nIBM announced withdrawal from marketing for InfoSphere MashupHub on May 8, 2012, and recommends that customers using the program should transition to other replacement products as listed in the Withdrawal Announcement (see Related Information). \n \nCustomers still using InfoSphere MashupHub can mitigate this vulnerability by taking the steps documented in the _W__orkarounds and Mitigation_ section below. If further assistance is required, please open a PMR with IBM Technical Support and request assistance securing the InfoSphere MashupHub system against the SSL 3.0 Poodle vulnerability (CVE-20134-3566). \n\n## Workarounds and Mitigations\n\nSSL is supported through the WebSphere Application Server (WAS) bundled with InfoSphere MashupHub. Websphere has released fixpacks with fixes for this vulnerability. Upgrading the WebSphere Application Server in the InfoSphere MashupHub installation with one of these fixpacks will mitigate this vulnerability for the installation. Refer to the information below and the directions in the [WebSphere Application Server Security Bulletin for CVE-2014-3566](<http://www-01.ibm.com/support/docview.wss?uid=swg21687173>) to perform such an upgrade. \n \nInfoSphere MashupHub versions 2.x and 3.x ship WebSphere Application Server 7.0.0.5 and 7.0.0.11 respectively. Refer to the _V7.0.0.0 through 7.0.0.35_ section of the WAS Security Bulletin for fixpack information. \n \nIBM recommends that you review your entire environment to identify areas that enable the SSLv3 protocol and take appropriate mitigation and remediation actions. The most immediate mitigation action that can be taken is disabling SSLv3. You should verify disabling SSLv3 does not cause any compatibility issues. \n\n## ", "published": "2018-06-16T13:09:08", "modified": "2018-06-16T13:09:08", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3}, "severity": "MEDIUM", "exploitabilityScore": 8.6, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 3.4, "baseSeverity": "LOW"}, "exploitabilityScore": 1.6, "impactScore": 1.4}, "href": "https://www.ibm.com/support/pages/node/523685", "reporter": "IBM", "references": [], "cvelist": ["CVE-2014-3566"], "immutableFields": [], "lastseen": "2023-02-21T05:53:59", "viewCount": 13, "enchantments": {"dependencies": {"references": [{"type": "aix", "idList": ["JAVA_FEB2015_ADVISORY.ASC", "JAVA_OCT2014_ADVISORY.ASC", "NETTCP_ADVISORY.ASC", "OPENSSL_ADVISORY11.ASC"]}, {"type": "amazon", "idList": ["ALAS-2014-426", "ALAS-2014-429", "ALAS-2015-471", "ALAS-2015-472", "ALAS-2015-480"]}, {"type": "archlinux", "idList": ["ASA-201410-6", "ASA-201412-18", "ASA-201501-14", "ASA-201501-15", "ASA-201501-16", "ASA-201501-18", "ASA-201501-19", "ASA-201501-20"]}, {"type": "centos", "idList": ["CESA-2014:1652", "CESA-2014:1653", "CESA-2014:1948", "CESA-2015:0067", "CESA-2015:0068", "CESA-2015:0069", "CESA-2015:0085"]}, {"type": "cert", "idList": ["VU:577193"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2014-1909"]}, {"type": "checkpoint_security", "idList": ["CPS:SK102673", "CPS:SK102989", "CPS:SK103683", "CPS:SK105062"]}, {"type": "cisco", "idList": ["CISCO-SA-20141015-POODLE", "CISCO-SA-20141211-CVE-2014-8730"]}, {"type": "citrix", "idList": ["CTX200238", "CTX216642"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:ACE3C7E4A01EEFAC1C8D47279076DC77"]}, {"type": "cve", "idList": ["CVE-2014-3566", "CVE-2014-8730", "CVE-2015-2774", "CVE-2015-3642", "CVE-2015-4078", "CVE-2015-5537"]}, {"type": "debian", "idList": ["DEBIAN:DLA-157-1:370F5", "DEBIAN:DLA-282-1:F03D5", "DEBIAN:DLA-400-1:76CCE", "DEBIAN:DLA-81-1:C60A9", "DEBIAN:DSA-3053-1:A743E", "DEBIAN:DSA-3144-1:1ABE5", "DEBIAN:DSA-3147-1:2E393", "DEBIAN:DSA-3253-1:0C444", "DEBIAN:DSA-3489-1:1F09B", "DEBIAN:DSA-3489-1:3D620"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2014-3566", "DEBIANCVE:CVE-2015-2774"]}, {"type": "f5", "idList": ["F5:K10065173", "F5:K15702", "F5:K15882", "SOL15702", "SOL15882"]}, {"type": "fedora", "idList": ["FEDORA:0309060CF36E", "FEDORA:0FE8860E4374", "FEDORA:13EED60DC938", "FEDORA:1BCBD6087EFA", "FEDORA:2DDF56087EFC", "FEDORA:30C4560E4589", "FEDORA:30C4A60C450A", "FEDORA:361B46048FC9", "FEDORA:40D44605DFE4", "FEDORA:4227660CA765", "FEDORA:4329260E587A", "FEDORA:4413E6087D61", "FEDORA:4467B60E6CE0", "FEDORA:45EA7605A34A", "FEDORA:4EF2660E458B", "FEDORA:50E7D60F2C0C", "FEDORA:561B260CE121", "FEDORA:58A826087D72", "FEDORA:7B6DA60CB977", "FEDORA:955A2608A1F0", "FEDORA:997B660D68A4", "FEDORA:A8CDA60E1392", "FEDORA:ABDD7608A209", "FEDORA:AC832604E903", "FEDORA:B1D43608A1FC", "FEDORA:B758360EE970", "FEDORA:C4392608A4B4", "FEDORA:CA868607A1CD", "FEDORA:CF2EC6087E4E", "FEDORA:D241A60EFAEF", "FEDORA:DDD696087CE5", "FEDORA:E523360D8734", "FEDORA:E67696087B8D", "FEDORA:ED7C56087EF2", "FEDORA:F38FB60CBEE0"]}, {"type": "fortinet", "idList": ["FG-IR-14-031"]}, {"type": "freebsd", "idList": ["03175E62-5494-11E4-9CC1-BC5FF4FB5E7B", "03532A19-D68E-11E6-9171-14DAE9D210B8", "0DAD9114-60CC-11E4-9E84-0022156E8794", "384FC0B2-0144-11E5-8FDA-002590263BF5", "76C7A0F5-5928-11E4-ADC7-001999F8D30B"]}, {"type": "freebsd_advisory", "idList": ["FREEBSD_ADVISORY:FREEBSD-SA-14:23.OPENSSL"]}, {"type": "gentoo", "idList": ["GLSA-201411-10", "GLSA-201507-14", "GLSA-201606-11"]}, {"type": "hackerone", "idList": ["H1:216271", "H1:288966", "H1:318594", "H1:514421"]}, {"type": "hp", "idList": ["HP:C04720842"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20141215-01-POODLE"]}, {"type": "ibm", "idList": ["002FDF1996A1F8AE22AB4EDA4016102371CF4507D9043BDF345F9697E8F43C02", "014A0952C9BF2A19AE8DF89EB4454081B6A4928D460A3C9F5F71205645572224", "01762D3D37BB3ABAD72EAC79AB7F0CA81B4020CA550D2307B9B7977B86D63326", "0549E6A04D8E014BD20F61BA53EDE7D360312E8CCC2E5DF957288BCE5C14A2BB", "06C07D32B3694B9428DF66A58E914A3888518AA422ACA9C0FBE65C7D07FCACCA", "0751573D2E98D41D9FD5C53D769B2CC3007CDAB9443F2AB513D613437AF611AC", "07A7B6460487838EA6D909CF7053D5F8655D2911E06DDDDB16F801ECCC972111", "0A91F383EDB1A5476BA5F4BEFA4711A204F55592E531D145D7CB3D16EE4972D7", "0BFFC8DA3D20D61485D3B937CF8B08468DB94C6B523B29DE9871511B28C3EEAE", "0CE9B36358C9687E7112577EA1304074A68EA6DD5359A3F6615F7BA94A6B8E7D", "0CFEAADD69315D0F0E932E43BF8DC7DE4FBDB4E2972B845306BC37C67DDD52FA", "0D1060E5ABDA13ED7B41723370E8EECD9653B01BFAB3E94725DA29BBF5C49458", "0E4B8E4CE872494C0EA7FCE4FDB8417D22AA33EDCAD04DD8FF8DC09F35C78EB1", "0F73246124CA58D05064BB5D07082DCA6F2A1D48630CAAC82BCFFB4A71F45CA7", "104BE807C8577FF816DF414B5A588FABB581711BB54758F6F49C7CAC17CD68BE", "12087A8B4445F80A66FF7A76A029A1A563D7E1871C45411513E3FF84C1108486", "124BC5B239FE67EC0AE43A8E0F0918B0BA544E977E72754946EBD146C916D64C", "1552258BC602B501CB144C17FE55DEC12CEDE82B9F4351E9E4F47BE8C7003BA9", "159D15015A041EA5EFA6FE85663F44A48D3FD8F7BFC0631512B9DEB34EB3436A", "19FAFF710B3E3738F8567DADBCF7C6BE9748A2C12CD349CA0B858BA9A26AB606", "1C05640F6B68807584FE5FF3AD71AF9BC0A7EC65DAADF78BD051A35F87A3F6E0", "1CC7A3B18C6A6840C27A5AD471020D77EDB5E679DE0DE0349AD85905B0A529BC", "1E9BD129CC4C0CE5EAC032555B524FD952D9BD0764846CF6777DEC7DE10AED7A", "1EEDBBFA25F037FF307DAEA9F6042E24EE106E4F8AF27C8114DDFCBBA8D9BA17", "1F070315F8215C347FAB32FCD311C9E9E15B46919249CA009FC9A6BFC1ABC51F", "1F6B81AB154A80A146411D1C6D8DE37C9365C325F08662BCDC13FC95E852E7BE", "1F74D6BC309BEA8F923F52C3C67E5CBBE5A98B50E1DEAD6C1E0FAFAF175E52B7", "20794E03C012088F43D108422B1478C9325684907FA7B24CFC8730044E4F3041", "213AF3FD1E9EA001D7FD1F71FBA0E5A5E6FA9D1C1CACB638CC005673F5140EC1", "21DCD60F05F101131A882E7474AD57C6F427B431166473D46B1F1AFD8AEDC9CB", "22C97F8D26389180B6CF8D80471CCD5C903A0EA0B696342FE2B33FFCFA423812", "25C1074F226A6B4BF9D26303CD05D81E6EF8F31897BED7C326A31E4CF43B07D3", "286F906018056591F4A9027FC1AD845C489369D42499BEA30D89978EDA680EBE", "28A87AA21A3A63B76EB06532DDE145D08BAEA75DA55EB8D6ED802A5FCD8BF7CC", "2B1433F19093121457472DA5DF5E52AE542DBD8F435969C34F49B9AE9E8A2D1C", "2BE14C83F104B212F7F03E75A9E47BCF6A11B13E2A2CE204F79962F4503E465E", "2C4F22F636C4B6104086D878D368ED557175CBD8001494D71421811DE8CD342F", "2DF4487CB3C4D7660AFDC280F9C0E84F0C2D6C5F4A2207259A023074EA35AD70", "2E9D4568B743B9BD75F8462B4F4198F10C55ACF509C02151171249327D3AA277", "300A5B68EC886EF086580E92C5F17ED1D3D4C7112AFE9A52E34ACFF7B83457D6", "301B538BBFC46479C631567610002A3C90A71686F341C9C711106324BEB1487D", "30CE29210480BEEC2EB282BC15979827A9D22FD02B9CEC9C7CA1BFF2E6B78BD1", "336E9B55A0ECBC8F9A88833E9FA9380FAFD9D55323FC4120FA081C19C27D9AE7", "34AB6D6D15816E142F80D91517900A17DDA91DDBA48EE54CE98D3BB991F889F6", "353373C4A623A5744DD74EEE07125F990D4F2E48F4E256DF0B7CF2F89B296FE7", "35CEED27807DC1F06172146BBF8FEE7FFB0F2AF8AE15F30DAC2EB519801637DC", "3646DAD163BA0A8E0A9E8DF2F16916F37F637C31CF558A434D42601D980745CD", "37ADCA7312A00E2CDEC85D67EEF8ED4D9A33311E79729095A5E2B15EB7C1C658", "38CCAD85588053B1185755DE5EBFCC8A59355397A6A80B34342B66EC893B3A82", "3918C76EC7F53EFDF9D130FFCD6246ECA57AF2056C25E6C5539574FCFF5D00AA", "3996F61A39895C8BF5DB89481CC4F649E2B90762965374C8A32E5395AE4CF526", "3B9F6F5E9D79A8020104EEF5D0CC94C720D4533CBD170B94B66F7CFE87D9D97F", "3C86E9E9B80CE61FF34A70463FC2C9E86F96058B677B896D64601306CA1E6DE0", "3E23DDB4C3380B39D8666C5A0FD0663030F353603F83DC0E19F7843AA57B7A26", "3FDC0101985ADD7D5774F255D78C573813EE11684088944BAF72283AB319514E", "41A2B080355DFAE7EADFECB4D5D6C7105784D83B969140D731128E3E9EDA0757", "4236525AFBF4BBBAB3E2E3C6F2354D45B065C144D4682294F539A06FF126BE91", "4299FDB4C1137AFBA144CCA4554E86CDF64B9352E430F51DD67DEC55CEFBD44F", "42CD8D3219EBB2F9262228248E591AEF8A347AA1D644C8C78B1E5CF0F08F3525", "4459DBA28293AF1403AD407A733C16E72E17FD084713F91EEC73324E8EF214FD", "449A6C1406C0C6328BCC6840F5481FE1A2E362CB14052A0A6BAF6D37B42C7A89", "4532C7DA73DC2406AD4939A367B9E0C64E210793FA8F9E24679585A36617A133", "456117711B67FE5A3077187E1FB8C93AD48D23695D7E0E2D7CB9DAB3D2506DBA", "45A3D9451D9A042B4B823F72CB8D2728FECCB3D99F3D358EB95D984F7675F955", "4600571F6CE1CC296F684423035AFED51CBAFA3DBC1C24C76426526C65C05901", "4612852848947C6DD62BF5FE5C6BFED4A5CC21F3A848772A025002F124351739", "471BBFE8A1EFDC15AF1D36A5767B2EF9F797DA3612FAC452BD4034095D578539", "47E5C8834BBDFAE604FAA6690FAC0C662FD86964D169028CE14B5733B940193F", "47EA320BD697B3B3A010CEFFA26D721AAEFB370CE3B13E7AFAD938F617DCA5F0", "4809400533FD6C30023AE955C69A543142E0C7DF76FF919FD4AE1E2A5EE20F64", "4860004E4730D4BC7A65933E4FB92446D275C77E79F06E76043EF7AC5CCCD643", "492BC8C71A3E9420F07261F98411BB8198718D521D98B7257237EE7DBE93D602", "4A325EAEADE0B2570B74B5CC599F3C1975F694E5A8FF485F9EF08D83AF509833", "4BD0DFC4EA5C8F35DAE1CAB11062FBDF5B950423CAC42536F2727916ED8065D5", "4BD354244A517CDA55003D811BCEED5A9E9EB4CD17E6E3996C5E121E95EF93DA", "4D77034014EA28691F31F1A1AD3A78E0638E8CE056EBC57C6A804415C796E31B", "4E170B8FD5682769ED75972FAE0552F568BCBFC890B02D2B0B3E378720026C6B", "4EA215B3645DDAC4FD37F8734C45AA03E711B96215D9E5BD79734DA548CB9D4D", "4EF982C974766057C7B93AEAB363E572E77E92BC1EDE757D6871ACBFAED6158D", "4F4F2FCED404DED7D9E28E46E621E3CA2C77E44FDED68F5EC88654C31079B7CC", "5007847C128F9E3D31BFC95E261F4152F6B9DD1551B91A8CBFE6C1F12E8909A7", "50660F80F08A814533319751BDDA93DB0C5B6E231ADE9305297241186A9FD137", "517ED6B46A2D3B0E04DDB4B6B9CD4302B2390BD38C3C1127A87B5CADA67CA8DF", "523E603F9CB6DAA625DE97BC3524132F098EBC21A31108A9EFFCA3DA83C39A19", "527B5E90CAB7DAC1C518A59BF77CDE34841C309262297FB18D36716B2A007A6D", "53FF19D3C50F65D65C12C687E475BA589D39093B084C8AC4A00AAB1B499E7E8D", "5747FAAC4DB997450DF1E4A3CFD060AD69BFCD4B26D50DD3A841B69D1DA33433", "581C275093B683BB779DBFE1995D5CE6F40E4DDF3105B319DBB43DD3270F0131", "58B1FD2A5B0CF3936BE81E8FDD3A8D065E190253B6C6E257319A4442705B7536", "5B41DEBCF5F49169640E9C46254A5581FA9E8066E153CFC073F7BCB78C863D65", "5B8DB5501CBFC5531660077D652EC3653D10336551B5D40917AE357AD7F4FB93", "5C2390799BB97DA07374E9D168E7443454CDBEAE45FF8582FDC620C5F40FC1E4", "5D0CC6456D2278646647F1A4FEFECEB673F2B5D1F99FBBC5755735CEF5AA6268", "5EEF79A5DC151FBAC5D5E48B9BE47FAA1CF6798A1667C8D02D50EC663EBF4FB4", "6266ACC74295FF2D138A1AAB20D50CCD4E8EC9EE7F50E0E59B801F06DD3FB722", "6292A52330C7E761A7A1724EE7B7BBD10FE0F4D63151CFBD13434741593F8DE6", "63DAED287E5E589CB66DEE42D6AD62CBADA57BF5A22C757E4A6252674CC1D266", "691A7F683AC2496D21C51C44AD02D677C2E591E44FCEE5B5CB44D3527127C663", "6A83F3CD7CCB616B554B2BC3D122B8656D9554CC3A8E4D74D3E264EA095F7A20", "6BD8E3DAEA6988B5ECFA9DE1BCC8F44BBFD4AC94E0B6BAB1B72FAC68AE3397B2", "6DFC02A34D3BB730D9CBA6C97A8D3284FFD1FB8F5F3DD7D9B65FE6CA089C2006", "6E716AF00EBE1CCCB4A3A865B0D40DE0514995999C202F88A202AF7954B1EA51", "6EE1809EEC7F8E899D29A5D629693347DEF4BE3A98140451F3CFB1F6F3D44734", "70D598FB0EC5B16C61F969E93550D01E02981B6F45DF9C62FFECF6A39D205317", "72EF00C4B35D9599E1A58E00685282A8A55FD82A122F9FA814B19FB08B691740", "774447A42E7584CA310C1D881A1B9F22575B31868A10B3206AEFDCC52F166509", "7788F2A29C322319B7979D30A2FE0EE0BF9CE82A2D9DAD6D4859CB267DE91947", "7996A5B21090888A5E92985E9AA52C1DFFD5B468A73A1B32557A0A11DFBE0724", "7AD451AFF17F2B4F6EB9CD3090185A0E80620336B204FFA21179DB7F339B9F8F", "7B8428D9E0BA2548FA330113B97EF7612C6510AEFE90D164C776E1917C5DA68C", "7C32536CCC3AE2FC652286763B1CD20B210BA17E5CCD8D853CF310C392518CB3", "7DB2321060F037EED9642AAB07924E717FAF7A026E4DD0160E61F5300D06D17C", "7DB6C62E3DC8D14093067BD5875A863A8CE74E7D3D322F6342A9C74138ECF9B1", "7E0744D5936EDC5F018B0850D801B665D388060D6A81B986BC7AD81C9A78C0EE", "80CBA97D4C339564CDD3571C5AAD9B39B1141264FBCE736F56AFF8266EA88A1B", "80CE5AE28CB63EA9C59DCD3341ADFAF9A6896143362A5AFED51EA3A67C5B5A29", "814968E8DA38BD4EDC807F81466A9CB916F361B3980B9334A6F6CBDE0DD07FFC", "8483FC744260BAE368B6A7A745FC3C12199376285D52768078EF2000EA87FDB2", "8566BD5ED9DDE4A30397E9B8DB1B50B3904BFF15F087A9F1B8F47F9C8E60E4FA", "858AE0814B0606CAAD401114471EC230976E8E9BB8C23DEF159F31D3F5DBB1CE", "86068A3EE3A608D1F7EA675B6A18718AB78B3E482DFEBF95682F1449D557C582", "860C21F71059EC6EE3841F479A227576C776E7950302804857267C410F2FF005", "876891B543E663981BBDB1C50F7E5948B40E8F74F942B713B9EC008438EB3C65", "8900E3F86C0639CFDE784EE1B6DD40C1F351B8D0323201C5511E273A8DD93A05", "899EB53FF6D7EF5FCBB2C9D9531FFAF9D68313191F09BD0D43CD9D8F32F900AB", "89DB701FDA8D57E716DB17DC1D2B06DF3EA63347FFD5556F145651826A5D4927", "8A849D36F0CB717240DF022DA7AAEF54A1447EF1A668E66D6A6BE593AA034190", "8B152CDC9A53DF1C3A7E1D3C9E764839F5ED8E125E207AE55304C80E5625D456", "8C189A4A1E730005F1F6728800F9EEB4D76D43743AEC3B91CE47044F6F13EBE4", "8FE59C3DAC5B67E3738F0ACFDE8BFFA152F0EBC8A3516542288C4DF488E6BD7E", "92640DE0D3329771AA9E911C69D90A4970D57D796CCD9827561C866C175BDB7C", "94848C16029BFBFBE812A2B6CFCEE6411F037DEBD2A6C55A94A29047D7DE9759", "94B0133D91DD1AAA87A9EB1F82E658000D52DE57AFAFF6E711787FF54BEEB5D7", "95F5DAB0BA48FA2777414266F62F9E62F4494CA2CC8810A38D7367E50472D16C", "9A7098AD74B981441E43312E35B9AFBED984C118009934A0A383BB5B68A7A139", "9ACD7329FC1F831F1AB2B7D915AB63D8F111A7045260F93F9D9FAD2B89A76E99", "9B3FAF8E25D910B37ECDE9CDDF654F23BFDC8BF7D845184A2769393D46FD9EC9", "9C49B3B910ACAB3C030BC5586AFC34DCFAEE7EC64D7D8447E2AADA6C76053457", "9C5F005EDD59DDF4AA35915A18110FC11CB940EB2C453CB3DC3843CD28254682", "9CF7AFC641D593C078C001F6D73228861A95BD08ECC59A04A92C63E668ABAD78", "9DF6EAF70E62801DBA498357BD8476FBDD72BFD3C9EFDFC506BCC6C303304212", "9F7403E8AEF30FAFBBEDCAA947D855EF987E8FD49503FA56BAF29681570597A0", "A41DD61CB741B6A4172AD3E7F0BE5B692C5DC2F9AAF2A501BDAED1C866852504", "A53AB047D484B7CEFC288D2B4D810DAC537F3F75E6129B90A28D4BE9DA746C2D", "A705ABA01501A0DDCFF1162FE781B0D25BF0C629089E6B8446A0E7763A1A12C1", "A7250293B61C99DB2C76267519ED3AD9F350668659C00833E266654BA4362094", "A7D9F0241BE2D9397AAE8F1DD88653C257DBC2B8DC7B78A8F90BC6A60F559255", "A9CFDC9D4807EDD132C8A5C5CC10D1E0ED146D4064FDA44CF9F4A843B35576CC", "AABBE5894186FA3585E2F8A209136E97B5FCD670BB4E2B38605B485B8DF24AB7", "AAF98EDCD77216F7619EAA87B2183E6B8FD3629316B74220F9C3C826D5B93C05", "AC0E592FCE1E9D3D4DEF34F644262D5C6A30B24B66649C63B1CD9F28C55AD943", "ADB7392FA5FC9A8AAEE54A64933ADC904DAABB8A3306D84D94E7EF94FFB5FFE5", "AF1A2AFC7CB48695F42467DC6626570D2A7797795C71348461D189D6DA28509A", "AF1D55F9367D8FB751DD1FD18C65CF52A34F6F964CBE481B8F31E8BC393D71C3", "B0549540072FC1BB0D803052330E32E656605B46C7EDC1BE259FE2273831E00B", "B0A606101370774E5FB3E4409A17D910B4B5997971AC7B7045727379D355B696", "B29084C3C532B15CADCCB98C60BBAFDF73C3892E9FB118D55123241A187B51D8", "B34877D991F21B254E16D92D7328B03658AA2122E7631AA85688801D398E5BAF", "B4C324A6FD8EF22AF23E006EF9A141FD3EBA5B12341EF67665F1428E1D1AA71F", "B6DF932248CFC11C1791A9909F8D90A11F17FE413C2021DC898D6440B738A1E3", "B6EAD05385EED895F3061A046F58BA672C8248DB63A938B6C09DD2DBF9FBEB48", "B7448988D8062A4C0D534E9F1320D52F0346B8AEDE0B60AAB728FFBBFB4C6E81", "B80E857F01B07BE9A7EE60BFD8FF52F82A16A63194D34BC2560D982812DC6722", "B88B25D134FFE6D468065F1E3C3504DD01B96C7E993EE112B3AF7B2058575D82", "B8DB298FFDF545407E32E336A533F20C3E3BD4F331C5C255B7B339A48E6E1CB1", "B8FC645495931406611D7ADA020A43E98A4422DBEF64CF80BAD694E5518FBD40", "B92350DAAF295761666E616275C53B448D53547B60DB7478FE3FCCE518028947", "B9410A108CEB6D3C9DFE0C1617FB34D181E021D243C3FB7F5DB35969D7C4CE52", "BA6814371CACE2399DA5E125DB3A16275A6BBBC34A07D0728B2EEF88D9D60F96", "BCD5F3560070EFB2F642216AB024C08BDEF9EE66283C42C7EB4E984464A29879", "BD03EE478D44A7C4C899090C9FF328560060F0170A87F64F2E81D7DD96BC3A37", "BE0256201DD7E77AB8C2932152AA682F879C6285E8B73DFE3797258EC1BAF2CB", "BF245510DD3456E6B91B4CAC1041A675D62C74E268B2C0039096D2A32DE43FDE", "BFE9D544106C1541B7344450CDC8AF62BBFF45143A15E7B97523F39086B55E9A", "C05450FFDB392481643414F88F9150BF56385662E006B27CB5BA3386DA5295BC", "C0E0D2198BF99C1965DFAEC1C11F4784E7D189F41F262015ECEE9E5333D57537", "C0F6FE92963083A428FC3C5805A6A75E678691BF19257824F64DDD0CEE6145D0", "C288772B66D1EE7D2548AB9893315A88EF37DAAA5903A74756970E199AE4A91C", "C3CAB0A180C284A278B88B085EE66F70FE6A8F53A5C4AA6A67DE90BCD1ED4D01", "C51BA1064537F4B582DBDEEE1D038DBB1590A8A14FBE869FBADCCCD68029F2A6", "C7E2EE2B5D3F0DFC5649B9F63F1DF51AFC7792FF52AAD4B529CEB135D2713084", "C9292CC224765D91BCE96D9BC1F58E370F8741286C343745E315CF9B33BFC3DA", "C93810737B3A9011D99C779B457DD2804810F029C1CFDF10E0422BE2BEB65D2D", "C9A0F83DA43F98BB8749F1E06867002E1C69DB325BE1EE6ED8D3F245105C2D03", "C9B9C3B74AA9C47FD1EE5FC9560776AAE66F55010D974D183FA7510A40CE37A3", "CBAE0492C38AA01FC003E13DF32DD0C20AADD9BC2874AEBB77AEE27AB42027B1", "CC1827A64689B74570896388F9C886597BB1BF215F1D08F69BBBFD770F5275A3", "CCC6D48957ECA3F47A71227A950CA10E03F27DEE5E7F2458E5F9B6AA599422E8", "D06CD755DD4308E07BA22E8E6BEB92F9E30EE716DE6494CE9CFFE8486337E1E3", "D14EDC67B834C0978CC140C1E958B367C219D7AC61409ECE5A3D8285E6A6E34E", "D2A8B7FD0D3A20180EBF8484490243C0DC038E552B987004A03D622D69BBA611", "D2E48469AB3A6F2B1FEAEFDF00F68B8BC2F210C7E3BBABA5556DFDE4C6DB7ECD", "D3418B2E96E89CF57CA80D7EF71EB4B4A624C51867F542D04AC6C83CF95EA96D", "D528CCE84D3A26BB724A3D7A450784D5AE4C51476CEE59FD639160121DCCD849", "D5DD24C882DBB1D9A7CA1FF6A2B5E71A2110BD5524772EF5C4D134F94002AC84", "D9B33FAA9F87D18625F5A08EF5634D73168FBB4A49FD551EFF5B173DEC473E84", "DA2056CC2572D340E69B5DF83E45BDF54B724DC580631FC5BB2952F5233DDD39", "DBAF4C33F49BBCC61ACDBDE6AA7AE8290F4D2843B5E51CBCC45961E96FEA3DA0", "DBC08F11E8C546F68BF3DB9830663489611F4366FD7EB52BF39808F516F3BEA2", "DF7E743258EECE8D977DB6645A6CF8DFDE1F2111B2363A0A163830CA509AD664", "E0C9BAECEFA76A39F668375CCE1FEF586F0BFB09CFFC885A638463548385207C", "E20017A97A9859B8CC37A8056C552BDA3F7D28A33A6DEC258DF2A87E13304D14", "E47CC3D807E088442F7028350C85D08162FCCBC6A1643D768407619ABA4B9399", "E6153C35BD44471C95F1EFEED9B29C46E12A43C017CCADB1D87BD84154E4A620", "E6339192F4D5A34C5450757F6F89CD12C85BA22B7375FD57D5B1C48F67C117CC", "E7A61D23F37BFE71387F349B7ABC627B2069E0DD06334950ECFFA79FDC6D4BE8", "E8D1954E7F4E50A7F1CC861CDAF69D1A363FA2EE425AF143C971F230E8015C10", "E90A827315F4D1E7EFD5C211E5C6304ACDB9C6DC21BD79F1219D775E43F8EF31", "E94DE2A00A2C1D8282756AE6867DE9CFD231A5D1A7411CA8146CFF2E3FD9CE7D", "EB20B672B0F8880C0E9D8D5292F68305326883CCEA193494DABCBD14BB06A184", "EB5B1F8ABFF3A7B214FBC4418A883224B5D8C2FEDD066A997E53E0DC10D67F18", "EB67E51171F7C34A22B244E03166CB1F7D74162E476DCFA216B46A44310996E5", "EC3E23A99CFAAD88B2FA49B712651D754EE84446F6DFEB6CC3571A65A744E234", "EC7DD37D5F4B9A5D139BAD89ACB67C9048FD7B2CAF35F5F63861CE6E55EADBAB", "ED1637B2624D26362BDB52FFE4446CD922E21738E4C506EA23FFF9A92362A011", "EE7CE47E45F000B20D959427D19E89321C1C0E7DA85CD2ADF5A37945584874DC", "EF1E86E8C1821B2FE6F241A7F8B0060DAE69EB57B79276256A296E2116C4F120", "EF688F755C7D982501421F2F1DEA0FD588C287C1E7F4DCD881B51D80026C3918", "F0650A373BAAFA4560B631CEF4532A331D4E8099892CB3991846949884E9E3CE", "F08BFDC36857BBE15067A0715EC82D384F74D0BB5D6D364E364213D123C8F27A", "F203E7CA492B52CC28D1E01B183656FCCDFA7E752086B898CC45C35460E61070", "F2B352F4DC720419FC04247453DEC274FC98AA5421BA4E62FA6A25482A578C53", "F36268DA4E2DAE684A3A7ECA453BE573A8EE5CCB554BDE0D4BA5B92CCCF43D43", "F3758093EA44146C6BB9180D4A89ECCFA58C42ADF8707A861E087BF54975924C", "F4CFA699EC899CCAF7DDF874C8AEF2BC15C6B5C090343A5800D2CCF55AB99F48", "F631FBF3345C07F81D82B960695E1646F617E669785B8F63DB760D886F1B2C12", "FC4C804F44282D78247FA90BC4C8C855819430A02725094AC97DBD89D0227589", "FCC267B213F6C1DF5A83487BB826DF2EE0EA7286E865900FB3DDB498AB1480BC", "FE67874D43BC98A053A0BF58006D9985B49884BE885879B16D23006930E8AE3F", "FEFAC1672FAF9DBC8B3886836AAAA4CFF66280311554CE3CF62DDC395A9ACFEE", "FF1C8E476416565D4E4C82BE3480A7F13320280435F3E2FBE6FF27B24B8D6E25"]}, {"type": "ics", "idList": ["ICSA-17-094-04", "ICSMA-18-058-02"]}, {"type": "kaspersky", "idList": ["KLA10359", "KLA10447", "KLA10452", "KLA10570"]}, {"type": "kitploit", "idList": ["KITPLOIT:6372579284509577146", "KITPLOIT:7553690576096019209"]}, {"type": "lenovo", "idList": ["LENOVO:PS500041-NOSID", "LENOVO:PS500041-POODLE-SSLV3-VULNERABILITY-NOSID", "LENOVO:PS500190-INTEL-PROSETWIRELESS-WIFI-SOFTWARE-VULNERABILITIES-NOSID", "LENOVO:PS500190-NOSID"]}, {"type": "mageia", "idList": ["MGASA-2014-0416", "MGASA-2014-0489", "MGASA-2014-0490", "MGASA-2014-0507", "MGASA-2015-0037"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY-SCANNER-SSL-SSL_VERSION-"]}, {"type": "nessus", "idList": ["700649.PRM", "8552.PRM", "8562.PRM", "9081.PRM", "AIX_IV69768.NASL", "AIX_IV73316.NASL", "AIX_IV73319.NASL", "AIX_IV73324.NASL", "AIX_IV73416.NASL", "AIX_IV73417.NASL", "AIX_IV73418.NASL", "AIX_IV73419.NASL", "AIX_IV73973.NASL", "AIX_IV73974.NASL", "AIX_IV73975.NASL", "AIX_IV73976.NASL", "AIX_JAVA_FEB2015_ADVISORY.NASL", "AIX_JAVA_OCT2014_ADVISORY.NASL", "AIX_OPENSSL_ADVISORY11.NASL", "ALA_ALAS-2014-426.NASL", "ALA_ALAS-2014-429.NASL", "ALA_ALAS-2015-471.NASL", "ALA_ALAS-2015-472.NASL", "ALA_ALAS-2015-480.NASL", "APACHE_TRAFFIC_SERVER_511.NASL", "APPLETV_7_0_1.NASL", "APPLE_IOS_81_CHECK.NBIN", "ASTERISK_AST_2014_011.NASL", "CENTOS_RHSA-2014-1652.NASL", "CENTOS_RHSA-2014-1653.NASL", "CENTOS_RHSA-2014-1948.NASL", "CENTOS_RHSA-2015-0067.NASL", "CENTOS_RHSA-2015-0068.NASL", "CENTOS_RHSA-2015-0069.NASL", "CENTOS_RHSA-2015-0085.NASL", "CHECK_POINT_GAIA_SK103683.NASL", "CISCO-SA-20141015-POODLE-ASA.NASL", "CISCO-SA-20141015-POODLE-CUCM.NASL", "CISCO-SA-20141015-POODLE-WLC.NASL", "CISCO_ANYCONNECT_3_1_5187.NASL", "CUPS_2_0_1.NASL", "DEBIAN_DLA-157.NASL", "DEBIAN_DLA-282.NASL", "DEBIAN_DLA-400.NASL", "DEBIAN_DLA-81.NASL", "DEBIAN_DSA-3053.NASL", "DEBIAN_DSA-3144.NASL", "DEBIAN_DSA-3147.NASL", "DEBIAN_DSA-3253.NASL", "DEBIAN_DSA-3489.NASL", "EULEROS_SA-2019-1400.NASL", "EULEROS_SA-2019-2509.NASL", "F5_BIGIP_SOL10065173.NASL", "FEDORA_2014-12951.NASL", "FEDORA_2014-13012.NASL", "FEDORA_2014-13069.NASL", "FEDORA_2014-13399.NASL", "FEDORA_2014-13647.NASL", "FEDORA_2014-13764.NASL", "FEDORA_2014-13777.NASL", "FEDORA_2014-13781.NASL", "FEDORA_2014-13794.NASL", "FEDORA_2014-14217.NASL", "FEDORA_2014-14234.NASL", "FEDORA_2014-14237.NASL", "FEDORA_2014-15379.NASL", "FEDORA_2014-15390.NASL", "FEDORA_2014-15411.NASL", "FEDORA_2014-17576.NASL", "FEDORA_2014-17587.NASL", "FEDORA_2015-9090.NASL", "FEDORA_2015-9110.NASL", "FREEBSD_PKG_03175E62549411E49CC1BC5FF4FB5E7B.NASL", "FREEBSD_PKG_03532A19D68E11E6917114DAE9D210B8.NASL", "FREEBSD_PKG_0DAD911460CC11E49E840022156E8794.NASL", "FREEBSD_PKG_384FC0B2014411E58FDA002590263BF5.NASL", "FREEBSD_PKG_76C7A0F5592811E4ADC7001999F8D30B.NASL", "GENTOO_GLSA-201411-10.NASL", "GENTOO_GLSA-201507-14.NASL", "GENTOO_GLSA-201606-11.NASL", "GLASSFISH_CPU_APR_2015.NASL", "HPSMH_7_4_1.NASL", "HP_SITESCOPE_HPSBMU03184.NASL", "IBM_DOMINO_9_0_1_FP2.NASL", "IBM_DOMINO_SWG21693142.NASL", "IBM_GPFS_ISG3T1021546_WINDOWS.NASL", "IBM_HTTP_SERVER_521711.NASL", "IBM_RATIONAL_CLEARQUEST_8_0_1_6.NASL", "MACOSX_10_10.NASL", "MACOSX_10_10_2.NASL", "MACOSX_CISCO_ANYCONNECT_3_1_5187.NASL", "MACOSX_SECUPD2014-005.NASL", "MACOSX_SECUPD2015-001.NASL", "MACOSX_SERVER_2_2_5.NASL", "MACOSX_SERVER_3_2_2.NASL", "MACOSX_SERVER_4_0.NASL", "MACOSX_SERVER_4_1.NASL", "MACOSX_XCODE_7_0.NASL", "MANDRIVA_MDVSA-2014-203.NASL", "MANDRIVA_MDVSA-2014-218.NASL", "MANDRIVA_MDVSA-2014-252.NASL", "MANDRIVA_MDVSA-2015-033.NASL", "MANDRIVA_MDVSA-2015-062.NASL", "MANDRIVA_MDVSA-2015-198.NASL", "NEWSTART_CGSL_NS-SA-2019-0033_OPENSSL.NASL", "OPENSSL_0_9_8ZC.NASL", "OPENSSL_1_0_0O.NASL", "OPENSSL_1_0_1J.NASL", "OPENSUSE-2014-605.NASL", "OPENSUSE-2014-640.NASL", "OPENSUSE-2014-647.NASL", "OPENSUSE-2014-671.NASL", "OPENSUSE-2015-91.NASL", "OPENSUSE-2016-1339.NASL", "OPENSUSE-2016-294.NASL", "OPENSUSE-2017-459.NASL", "ORACLELINUX_ELSA-2014-1652.NASL", "ORACLELINUX_ELSA-2014-1653.NASL", "ORACLELINUX_ELSA-2014-1948.NASL", "ORACLELINUX_ELSA-2015-0067.NASL", "ORACLELINUX_ELSA-2015-0068.NASL", "ORACLELINUX_ELSA-2015-0069.NASL", "ORACLELINUX_ELSA-2015-0085.NASL", "ORACLEVM_OVMSA-2014-0032.NASL", "ORACLEVM_OVMSA-2014-0037.NASL", "ORACLEVM_OVMSA-2014-0038.NASL", "ORACLEVM_OVMSA-2014-0039.NASL", "ORACLEVM_OVMSA-2014-0040.NASL", "ORACLEVM_OVMSA-2014-0041.NASL", "ORACLEVM_OVMSA-2015-0068.NASL", "ORACLEVM_OVMSA-2018-0248.NASL", "ORACLEVM_OVMSA-2020-0039.NASL", "ORACLE_JAVA_CPU_JAN_2015.NASL", "ORACLE_JAVA_CPU_JAN_2015_UNIX.NASL", "ORACLE_JROCKIT_CPU_JAN_2015.NASL", "ORACLE_RDBMS_CPU_JUL_2017.NASL", "ORACLE_SECURE_GLOBAL_DESKTOP_JAN_2015_CPU.NASL", "ORACLE_WEBLOGIC_SERVER_CPU_APR_2015.NBIN", "REDHAT-RHSA-2014-1652.NASL", "REDHAT-RHSA-2014-1653.NASL", "REDHAT-RHSA-2014-1692.NASL", "REDHAT-RHSA-2014-1876.NASL", "REDHAT-RHSA-2014-1877.NASL", "REDHAT-RHSA-2014-1880.NASL", "REDHAT-RHSA-2014-1881.NASL", "REDHAT-RHSA-2014-1882.NASL", "REDHAT-RHSA-2014-1948.NASL", "REDHAT-RHSA-2015-0067.NASL", "REDHAT-RHSA-2015-0068.NASL", "REDHAT-RHSA-2015-0069.NASL", "REDHAT-RHSA-2015-0079.NASL", "REDHAT-RHSA-2015-0080.NASL", "REDHAT-RHSA-2015-0085.NASL", "REDHAT-RHSA-2015-0086.NASL", "REDHAT-RHSA-2015-0264.NASL", "REDHAT-RHSA-2015-0698.NASL", "REDHAT-RHSA-2015-1545.NASL", "REDHAT-RHSA-2015-1546.NASL", "SLACKWARE_SSA_2014-288-01.NASL", "SL_20141016_OPENSSL_ON_SL5_X.NASL", "SL_20141016_OPENSSL_ON_SL6_X.NASL", "SL_20141202_NSS__NSS_UTIL__AND_NSS_SOFTOKN_ON_SL5_X.NASL", "SL_20150121_JAVA_1_7_0_OPENJDK_ON_SL5_X.NASL", "SL_20150121_JAVA_1_7_0_OPENJDK_ON_SL6_X.NASL", "SL_20150121_JAVA_1_8_0_OPENJDK_ON_SL6_X.NASL", "SL_20150126_JAVA_1_6_0_OPENJDK_ON_SL5_X.NASL", "SMB_KB3009008.NASL", "SOLARIS10_142824-24.NASL", "SOLARIS11_OPENSSL_20141104.NASL", "SOLARWINDS_DAMEWARE_MINI_REMOTE_CONTROL_V12_0_HOTFIX_2.NASL", "SOLARWINDS_SRM_PROFILER_6_2_3.NASL", "SPLUNK_5011.NASL", "SPLUNK_607.NASL", "SSL_POODLE.NASL", "STUNNEL_5_06.NASL", "SUSE_11_COMPAT-OPENSSL097G-141202.NASL", "SUSE_11_EVOLUTION-DATA-SERVER-141114.NASL", "SUSE_11_JAVA-1_6_0-IBM-141119.NASL", "SUSE_11_JAVA-1_7_0-IBM-141121.NASL", "SUSE_11_JAVA-1_7_0-OPENJDK-150206.NASL", "SUSE_11_LIBOPENSSL-DEVEL-141024.NASL", "SUSE_11_LIBWSMAN-DEVEL-141021.NASL", "SUSE_11_PURE-FTPD-141120.NASL", "SUSE_11_SUSEREGISTER-141121.NASL", "SUSE_SU-2014-1387-1.NASL", "SUSE_SU-2014-1512-1.NASL", "SUSE_SU-2014-1524-1.NASL", "SUSE_SU-2014-1541-1.NASL", "SUSE_SU-2015-0503-1.NASL", "SUSE_SU-2016-1457-1.NASL", "SUSE_SU-2016-2285-1.NASL", "SUSE_SU-2016-2329-1.NASL", "SUSE_SU-2016-2396-1.NASL", "TOMCAT_6_0_43.NASL", "TOMCAT_7_0_57.NASL", "TOMCAT_8_0_15.NASL", "UBUNTU_USN-2486-1.NASL", "UBUNTU_USN-2487-1.NASL", "VCENTER_OPERATIONS_MANAGER_VMSA_2015-0003-LINUX.NASL", "VCENTER_OPERATIONS_MANAGER_VMSA_2015-0003-VAPP.NASL", "VCENTER_OPERATIONS_MANAGER_VMSA_2015-0003-WIN.NASL", "VMWARE_ESXI_5_5_BUILD_2352327_REMOTE.NASL", "VMWARE_HORIZON_VIEW_VMSA-2015-0003.NASL", "VMWARE_VCENTER_CHARGEBACK_MANAGER_VMSA_2015_0003.NASL", "VMWARE_VCENTER_VMSA-2015-0001.NASL", "VMWARE_VCENTER_VMSA-2015-0003.NASL", "VMWARE_VMSA-2015-0001.NASL", "VMWARE_WORKSPACE_PORTAL_VMSA2015-0003.NASL", "WEBSPHERE_7_0_0_37.NASL", "WEBSPHERE_8_0_0_10.NASL", "WEBSPHERE_8_5_5_4.NASL", "XEROX_XRX15AD_COLORQUBE.NASL", "XEROX_XRX15AJ.NASL", "XEROX_XRX15AM.NASL"]}, {"type": "nmap", "idList": ["NMAP:SSL-POODLE.NSE"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310105190", "OPENVAS:1361412562310105191", "OPENVAS:1361412562310105950", "OPENVAS:1361412562310111012", "OPENVAS:1361412562310120188", "OPENVAS:1361412562310120189", "OPENVAS:1361412562310120287", "OPENVAS:1361412562310120288", "OPENVAS:1361412562310120324", "OPENVAS:1361412562310121285", "OPENVAS:1361412562310121395", "OPENVAS:1361412562310123198", "OPENVAS:1361412562310123200", "OPENVAS:1361412562310123201", "OPENVAS:1361412562310123202", "OPENVAS:1361412562310123278", "OPENVAS:1361412562310703053", "OPENVAS:1361412562310703144", "OPENVAS:1361412562310703147", "OPENVAS:1361412562310703253", "OPENVAS:1361412562310703489", "OPENVAS:1361412562310802087", "OPENVAS:1361412562310806125", "OPENVAS:1361412562310806126", "OPENVAS:1361412562310808703", "OPENVAS:1361412562310810232", "OPENVAS:1361412562310810233", "OPENVAS:1361412562310842076", "OPENVAS:1361412562310842078", "OPENVAS:1361412562310842563", "OPENVAS:1361412562310850621", "OPENVAS:1361412562310850671", "OPENVAS:1361412562310850771", "OPENVAS:1361412562310850791", "OPENVAS:1361412562310850800", "OPENVAS:1361412562310850849", "OPENVAS:1361412562310850875", "OPENVAS:1361412562310850889", "OPENVAS:1361412562310850910", "OPENVAS:1361412562310850936", "OPENVAS:1361412562310850983", "OPENVAS:1361412562310851223", "OPENVAS:1361412562310851323", "OPENVAS:1361412562310868415", "OPENVAS:1361412562310868417", "OPENVAS:1361412562310868453", "OPENVAS:1361412562310868454", "OPENVAS:1361412562310868455", "OPENVAS:1361412562310868456", "OPENVAS:1361412562310868467", "OPENVAS:1361412562310868468", "OPENVAS:1361412562310868471", "OPENVAS:1361412562310868477", "OPENVAS:1361412562310868597", "OPENVAS:1361412562310868600", "OPENVAS:1361412562310868601", "OPENVAS:1361412562310868604", "OPENVAS:1361412562310868693", "OPENVAS:1361412562310868705", "OPENVAS:1361412562310868711", "OPENVAS:1361412562310868721", "OPENVAS:1361412562310868735", "OPENVAS:1361412562310868770", "OPENVAS:1361412562310868824", "OPENVAS:1361412562310868855", "OPENVAS:1361412562310868936", "OPENVAS:1361412562310869045", "OPENVAS:1361412562310869084", "OPENVAS:1361412562310869125", "OPENVAS:1361412562310871274", "OPENVAS:1361412562310871275", "OPENVAS:1361412562310871297", "OPENVAS:1361412562310871303", "OPENVAS:1361412562310871304", "OPENVAS:1361412562310871305", "OPENVAS:1361412562310882062", "OPENVAS:1361412562310882063", "OPENVAS:1361412562310882089", "OPENVAS:1361412562310882094", "OPENVAS:1361412562310882097", "OPENVAS:1361412562310882098", "OPENVAS:1361412562310882104", "OPENVAS:1361412562310882105", "OPENVAS:1361412562310882106", "OPENVAS:1361412562311220191400", "OPENVAS:1361412562311220192509", "OPENVAS:703053", "OPENVAS:703144", "OPENVAS:703147", "OPENVAS:703253", "OPENVAS:703489"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2015", "ORACLE:CPUAPR2016V3", "ORACLE:CPUJAN2015", "ORACLE:CPUJUL2015", "ORACLE:CPUJUL2016", "ORACLE:CPUJUL2017"]}, {"type": "oraclelinux", "idList": ["ELSA-2014-1652", "ELSA-2014-1653", "ELSA-2015-0067", "ELSA-2015-0068", "ELSA-2015-0069", "ELSA-2015-0085", "ELSA-2016-3621", "ELSA-2019-4581", "ELSA-2019-4747", "ELSA-2021-9150"]}, {"type": "osv", "idList": ["OSV:DLA-157-1", "OSV:DLA-282-1", "OSV:DLA-400-1", "OSV:DLA-81-1", "OSV:DSA-3053-1", "OSV:DSA-3092-1", "OSV:DSA-3144-1", "OSV:DSA-3147-1", "OSV:DSA-3253-1", "OSV:DSA-3489-1"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:132254"]}, {"type": "paloalto", "idList": ["PAN-SA-2014-0005"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:7535985DCB1FBEA5FAF46D9453037D10"]}, {"type": "redhat", "idList": ["RHSA-2014:1652", "RHSA-2014:1653", "RHSA-2014:1692", "RHSA-2014:1876", "RHSA-2014:1877", "RHSA-2014:1880", "RHSA-2014:1881", "RHSA-2014:1882", "RHSA-2014:1948", "RHSA-2015:0067", "RHSA-2015:0068", "RHSA-2015:0069", "RHSA-2015:0079", "RHSA-2015:0080", "RHSA-2015:0085", "RHSA-2015:0086", "RHSA-2015:0264", "RHSA-2015:0698", "RHSA-2015:1545", "RHSA-2015:1546"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:31293", "SECURITYVULNS:DOC:31299", "SECURITYVULNS:DOC:31300", "SECURITYVULNS:DOC:31301", "SECURITYVULNS:DOC:31302", "SECURITYVULNS:DOC:31303", "SECURITYVULNS:DOC:31305", "SECURITYVULNS:DOC:31317", "SECURITYVULNS:DOC:31318", "SECURITYVULNS:DOC:31532", "SECURITYVULNS:DOC:31679", "SECURITYVULNS:DOC:31682", "SECURITYVULNS:DOC:32516", "SECURITYVULNS:VULN:14045", "SECURITYVULNS:VULN:14050", "SECURITYVULNS:VULN:14062", "SECURITYVULNS:VULN:14063", "SECURITYVULNS:VULN:14164", "SECURITYVULNS:VULN:14233", "SECURITYVULNS:VULN:14245", "SECURITYVULNS:VULN:14393", "SECURITYVULNS:VULN:14601", "SECURITYVULNS:VULN:14697"]}, {"type": "seebug", "idList": ["SSV:92692"]}, {"type": "slackware", "idList": ["SSA-2014-288-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2014:1331-1", "OPENSUSE-SU-2015:0190-1", "OPENSUSE-SU-2016:0640-1", "SUSE-SU-2014:1357-1", "SUSE-SU-2014:1361-1", "SUSE-SU-2014:1386-1", "SUSE-SU-2014:1387-1", "SUSE-SU-2014:1387-2", "SUSE-SU-2014:1409-1", "SUSE-SU-2014:1526-1", "SUSE-SU-2014:1526-2", "SUSE-SU-2014:1549-1", "SUSE-SU-2015:0010-1", "SUSE-SU-2015:0336-1", "SUSE-SU-2015:0344-1", "SUSE-SU-2015:0345-1", "SUSE-SU-2015:0376-1", "SUSE-SU-2015:0392-1", "SUSE-SU-2015:0503-1", "SUSE-SU-2015:0578-1", "SUSE-SU-2016:1457-1", "SUSE-SU-2016:1459-1"]}, {"type": "threatpost", "idList": ["THREATPOST:6B6CA377F53631E389C8D36D80FC782A", "THREATPOST:CF8A831748EC23AA2B67F64081A55155"]}, {"type": "ubuntu", "idList": ["USN-2486-1", "USN-2487-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2014-3566", "UB:CVE-2015-2774"]}, {"type": "virtuozzo", "idList": ["VZA-2017-081"]}, {"type": "vmware", "idList": ["VMSA-2015-0001", "VMSA-2015-0001.2"]}]}, "score": {"value": -0.0, "vector": "NONE"}, "backreferences": {"references": [{"type": "aix", "idList": ["NETTCP_ADVISORY.ASC"]}, {"type": "amazon", "idList": ["ALAS-2015-480"]}, {"type": "archlinux", "idList": ["ASA-201501-16"]}, {"type": "centos", "idList": ["CESA-2014:1652", "CESA-2014:1653", "CESA-2014:1948", "CESA-2015:0067", "CESA-2015:0068", "CESA-2015:0069", "CESA-2015:0085"]}, {"type": "cert", "idList": ["VU:577193"]}, {"type": "checkpoint_security", "idList": ["CPS:SK102673", "CPS:SK102989", "CPS:SK103683", "CPS:SK105062"]}, {"type": "cisco", "idList": ["CISCO-SA-20141211-CVE-2014-8730"]}, {"type": "cve", "idList": ["CVE-2014-3566"]}, {"type": "debian", "idList": ["DEBIAN:DLA-282-1:F03D5", "DEBIAN:DLA-400-1:76CCE", "DEBIAN:DSA-3053-1:A743E"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2014-3566"]}, {"type": "f5", "idList": ["F5:K10065173"]}, {"type": "fedora", "idList": ["FEDORA:0FE8860E4374", "FEDORA:4227660CA765", "FEDORA:955A2608A1F0", "FEDORA:CA868607A1CD", "FEDORA:D241A60EFAEF"]}, {"type": "fortinet", "idList": ["FG-IR-14-031"]}, {"type": "freebsd", "idList": ["03532A19-D68E-11E6-9171-14DAE9D210B8", "384FC0B2-0144-11E5-8FDA-002590263BF5"]}, {"type": "gentoo", "idList": ["GLSA-201411-10"]}, {"type": "hackerone", "idList": ["H1:216271"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20141215-01-POODLE"]}, {"type": "ibm", "idList": ["01762D3D37BB3ABAD72EAC79AB7F0CA81B4020CA550D2307B9B7977B86D63326", "124BC5B239FE67EC0AE43A8E0F0918B0BA544E977E72754946EBD146C916D64C", "159D15015A041EA5EFA6FE85663F44A48D3FD8F7BFC0631512B9DEB34EB3436A", "301B538BBFC46479C631567610002A3C90A71686F341C9C711106324BEB1487D", "35CEED27807DC1F06172146BBF8FEE7FFB0F2AF8AE15F30DAC2EB519801637DC", "3646DAD163BA0A8E0A9E8DF2F16916F37F637C31CF558A434D42601D980745CD", "3E23DDB4C3380B39D8666C5A0FD0663030F353603F83DC0E19F7843AA57B7A26", "527B5E90CAB7DAC1C518A59BF77CDE34841C309262297FB18D36716B2A007A6D", "7C32536CCC3AE2FC652286763B1CD20B210BA17E5CCD8D853CF310C392518CB3", "9C5F005EDD59DDF4AA35915A18110FC11CB940EB2C453CB3DC3843CD28254682", "AAF98EDCD77216F7619EAA87B2183E6B8FD3629316B74220F9C3C826D5B93C05", "AF1A2AFC7CB48695F42467DC6626570D2A7797795C71348461D189D6DA28509A", "E7A61D23F37BFE71387F349B7ABC627B2069E0DD06334950ECFFA79FDC6D4BE8", "E8D1954E7F4E50A7F1CC861CDAF69D1A363FA2EE425AF143C971F230E8015C10", "EB5B1F8ABFF3A7B214FBC4418A883224B5D8C2FEDD066A997E53E0DC10D67F18"]}, {"type": "ics", "idList": ["ICSA-17-094-04"]}, {"type": "kaspersky", "idList": ["KLA10452"]}, {"type": "kitploit", "idList": ["KITPLOIT:6372579284509577146"]}, {"type": "lenovo", "idList": ["LENOVO:PS500041-POODLE-SSLV3-VULNERABILITY-NOSID", "LENOVO:PS500190-NOSID"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/SCANNER/HTTP/SSL_VERSION"]}, {"type": "nessus", "idList": ["AIX_IV73418.NASL", "AIX_IV73419.NASL", "AIX_IV73974.NASL", "ALA_ALAS-2014-429.NASL", "ALA_ALAS-2015-472.NASL", "CENTOS_RHSA-2014-1652.NASL", "CISCO-SA-20141015-POODLE-WLC.NASL", "DEBIAN_DLA-282.NASL", "DEBIAN_DSA-3053.NASL", "FEDORA_2014-15411.NASL", "FEDORA_2014-17587.NASL", "IBM_DOMINO_9_0_1_FP2.NASL", "MACOSX_10_10_2.NASL", "MACOSX_SECUPD2015-001.NASL", "MACOSX_SERVER_2_2_5.NASL", "MANDRIVA_MDVSA-2014-203.NASL", "OPENSUSE-2014-671.NASL", "ORACLELINUX_ELSA-2015-0068.NASL", "ORACLELINUX_ELSA-2015-0085.NASL", "ORACLEVM_OVMSA-2014-0037.NASL", "ORACLEVM_OVMSA-2020-0039.NASL", "ORACLE_JAVA_CPU_JAN_2015_UNIX.NASL", "ORACLE_SECURE_GLOBAL_DESKTOP_JAN_2015_CPU.NASL", "REDHAT-RHSA-2014-1652.NASL", "REDHAT-RHSA-2014-1653.NASL", "REDHAT-RHSA-2014-1882.NASL", "REDHAT-RHSA-2015-0086.NASL", "REDHAT-RHSA-2015-0264.NASL", "REDHAT-RHSA-2015-1545.NASL", "SLACKWARE_SSA_2014-288-01.NASL", "SL_20150126_JAVA_1_6_0_OPENJDK_ON_SL5_X.NASL", "SOLARWINDS_SRM_PROFILER_6_2_3.NASL", "SPLUNK_5011.NASL", "SUSE_11_JAVA-1_7_0-OPENJDK-150206.NASL", "SUSE_11_LIBWSMAN-DEVEL-141021.NASL", "SUSE_11_PURE-FTPD-141120.NASL", "SUSE_SU-2014-1524-1.NASL", "SUSE_SU-2015-0503-1.NASL", "VMWARE_HORIZON_VIEW_VMSA-2015-0003.NASL", "VMWARE_VMSA-2015-0001.NASL", "WEBSPHERE_7_0_0_37.NASL", "XEROX_XRX15AD_COLORQUBE.NASL", "XEROX_XRX15AJ.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310105191", "OPENVAS:1361412562310120287", "OPENVAS:1361412562310703489", "OPENVAS:1361412562310842078", "OPENVAS:1361412562310842563", "OPENVAS:1361412562310850621", "OPENVAS:1361412562310850936", "OPENVAS:1361412562310868600", "OPENVAS:1361412562310868604", "OPENVAS:1361412562310868705", "OPENVAS:1361412562310868711", "OPENVAS:1361412562310868721", "OPENVAS:1361412562310868855", "OPENVAS:1361412562310869125", "OPENVAS:1361412562310871275", "OPENVAS:1361412562310871304", "OPENVAS:1361412562310871305", "OPENVAS:1361412562310882094", "OPENVAS:1361412562310882105", "OPENVAS:703253"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2015", "ORACLE:CPUJUL2015-2367936"]}, {"type": "oraclelinux", "idList": ["ELSA-2019-4747"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:132254"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:7535985DCB1FBEA5FAF46D9453037D10"]}, {"type": "redhat", "idList": ["RHSA-2015:0069", "RHSA-2015:0080", "RHSA-2015:0698", "RHSA-2015:1545"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:31317", "SECURITYVULNS:DOC:31679", "SECURITYVULNS:VULN:14050", "SECURITYVULNS:VULN:14245", "SECURITYVULNS:VULN:14697"]}, {"type": "slackware", "idList": ["SSA-2014-288-01"]}, {"type": "suse", "idList": ["SUSE-SU-2014:1409-1", "SUSE-SU-2016:1457-1"]}, {"type": "threatpost", "idList": ["THREATPOST:6B6CA377F53631E389C8D36D80FC782A"]}, {"type": "ubuntu", "idList": ["USN-2487-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2014-3566"]}, {"type": "virtuozzo", "idList": ["VZA-2017-081"]}, {"type": "vmware", "idList": ["VMSA-2015-0001.2"]}]}, "exploitation": null, "affected_software": {"major_version": [{"name": "infosphere mashuphub", "version": 3}, {"name": "infosphere mashuphub", "version": 2}]}, "epss": [{"cve": "CVE-2014-3566", "epss": "0.975070000", "percentile": "0.999620000", "modified": "2023-03-17"}], "vulnersScore": -0.0}, "_state": {"dependencies": 1676958908, "score": 1676959003, "affected_software_major_version": 1677355290, "epss": 1679165106}, "_internal": {"score_hash": "59daba75d6b7b75539f90c5e76307ae9"}, "affectedSoftware": [{"version": "3.0", "operator": "eq", "name": "infosphere mashuphub"}, {"version": "2.0", "operator": "eq", "name": "infosphere mashuphub"}]}

{"centos": [{"lastseen": "2023-02-13T02:32:13", "description": "**CentOS Errata and Security Advisory** CESA-2014:1948\n\n\nNetwork Security Services (NSS) is a set of libraries designed to support\nthe cross-platform development of security-enabled client and server\napplications. Netscape Portable Runtime (NSPR) provides platform\nindependence for non-GUI operating system facilities.\n\nThis update adds support for the TLS Fallback Signaling Cipher Suite Value\n(TLS_FALLBACK_SCSV), which can be used to prevent protocol downgrade\nattacks against applications which re-connect using a lower SSL/TLS\nprotocol version when the initial connection indicating the highest\nsupported protocol version fails.\n\nThis can prevent a forceful downgrade of the communication to SSL 3.0.\nThe SSL 3.0 protocol was found to be vulnerable to the padding oracle\nattack when using block cipher suites in cipher block chaining (CBC) mode.\nThis issue is identified as CVE-2014-3566, and also known under the alias\nPOODLE. This SSL 3.0 protocol flaw will not be addressed in a future\nupdate; it is recommended that users configure their applications to\nrequire at least TLS protocol version 1.0 for secure communication.\n\nFor additional information about this flaw, see the Knowledgebase article\nat https://access.redhat.com/articles/1232123\n\nThe nss, nss-util, and nss-softokn packages have been upgraded to upstream\nversion 3.16.2.3, which provides a number of bug fixes and enhancements\nover the previous version, and adds the support for Mozilla Firefox 31.3.\n(BZ#1158159, BZ#1165003, BZ#1165525)\n\nUsers of nss, nss-util, and nss-softokn are advised to upgrade to these\nupdated packages, which contain a backported patch to mitigate the\nCVE-2014-3566 issue, fix these bugs, and add these enhancements. After\ninstalling this update, applications using NSS or NSPR must be restarted\nfor this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2014-December/070270.html\nhttps://lists.centos.org/pipermail/centos-announce/2014-December/070275.html\nhttps://lists.centos.org/pipermail/centos-announce/2014-December/070277.html\n\n**Affected packages:**\nnss\nnss-devel\nnss-pkcs11-devel\nnss-softokn\nnss-softokn-devel\nnss-softokn-freebl\nnss-softokn-freebl-devel\nnss-sysinit\nnss-tools\nnss-util\nnss-util-devel\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2014:1948", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2014-12-03T22:45:56", "type": "centos", "title": "nss security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2014-12-04T01:19:11", "id": "CESA-2014:1948", "href": "https://lists.centos.org/pipermail/centos-announce/2014-December/070270.html", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-13T02:32:20", "description": "**CentOS Errata and Security Advisory** CESA-2014:1653\n\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose cryptography\nlibrary.\n\nThis update adds support for the TLS Fallback Signaling Cipher Suite Value\n(TLS_FALLBACK_SCSV), which can be used to prevent protocol downgrade\nattacks against applications which re-connect using a lower SSL/TLS\nprotocol version when the initial connection indicating the highest\nsupported protocol version fails.\n\nThis can prevent a forceful downgrade of the communication to SSL 3.0.\nThe SSL 3.0 protocol was found to be vulnerable to the padding oracle\nattack when using block cipher suites in cipher block chaining (CBC) mode.\nThis issue is identified as CVE-2014-3566, and also known under the alias\nPOODLE. This SSL 3.0 protocol flaw will not be addressed in a future\nupdate; it is recommended that users configure their applications to\nrequire at least TLS protocol version 1.0 for secure communication.\n\nFor additional information about this flaw, see the Knowledgebase article\nat https://access.redhat.com/articles/1232123\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain a backported patch to mitigate the CVE-2014-3566 issue. For the\nupdate to take effect, all services linked to the OpenSSL library (such as\nhttpd and other SSL-enabled services) must be restarted or the system\nrebooted.\n\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2014-October/070168.html\nhttps://lists.centos.org/pipermail/centos-announce/2014-October/082858.html\n\n**Affected packages:**\nopenssl\nopenssl-devel\nopenssl-perl\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2014:1653", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2014-10-16T15:21:39", "type": "centos", "title": "openssl security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2014-10-16T17:53:19", "id": "CESA-2014:1653", "href": "https://lists.centos.org/pipermail/centos-announce/2014-October/070168.html", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "checkpoint_security": [{"lastseen": "2023-03-17T06:06:05", "description": "Symptoms\n\n * A POODLE attack may work against TLS connections allowing a network attacker to extract the plain text of targeted parts of a TLS connection, usually cookie data. \n \nFull Report published by ImperialViolet. See <https://www.imperialviolet.org/2014/12/08/poodleagain.html> \n \n\n * The following Check Point products are vulnerable to TLS 1.x Padding:\n\n 1. HTTPS Inspection \u2013 when HTTPS Inspection is enabled, POODLE attack may work against a TLS connection between the client machine (the browser) and the gateway. \n \n\n 2. Multi Portal (software blades portals) - Multi Portal is used to run different portals on TCP port 443. \nSoftware blades that can be configured with such portal are: Mobile Access Blade, VPN (Remote Access), Identity Awareness, DLP or when UserCheck is configured to use port 443. Gaia Portal and SecurePlatform WebUI will use Multi Portal if configured on TCP port 443 and one or more of these software blades are enabled. \nWhen Multi Portal is used, POODLE attack may work against a TLS connection between the client machine (the browser) and the gateway.\n \n \n\n * The following products are under investigation for this vulnerability: \n\n 1. LOM Card WebUI\n 2. X-Series Appliances (Bluecoat) \n \n \n\n * Other Check Point products are not vulnerable to TLS 1.x Padding, explicitly these products that run portals are not vulnerable:\n\n * Gaia Portal when configured on TCP port other than 443\n * SecurePlatform WebUI when configured on TCP port other than 443\n * Client Authentication Portal\n * Management Portal (SmartPortal)\n * Edge / Safe@Office devices\n * Endpoint Security Management Server\n * IPSO Network Voyager\n\nSolution\n\nThis problem was fixed. The fix is included in:\n\n * [Check Point R77.30](<http://supportcontent.checkpoint.com/solutions?id=sk104859>)\n * [Check Point vSEC Gateway R77.20VSEC](<http://supportcontent.checkpoint.com/solutions?id=sk105297>)\n * [Check Point R76SP.20 for 61000 / 41000](<http://supportcontent.checkpoint.com/solutions?id=sk105938>)\n * [Check Point R77.20 for 600 / 1100 / 1200R Appliance](<http://supportcontent.checkpoint.com/solutions?id=sk105379>)\n * [Check Point R77.20.15 for 700 Appliance](<http://supportcontent.checkpoint.com/solutions?id=sk109124>)\n * [Jumbo Hotfix Accumulator for R77.20](<http://supportcontent.checkpoint.com/solutions?id=sk101975>) \\- since _Take_50_\n * [Jumbo Hotfix Accumulator for R77.10](<http://supportcontent.checkpoint.com/solutions?id=sk98285>) \\- since _Take_88_\n * [Jumbo Hotfix Accumulator for R77](<http://supportcontent.checkpoint.com/solutions?id=sk96192>) \\- since _Take_37_\n * [Jumbo Hotfix Accumulator for R76](<http://supportcontent.checkpoint.com/solutions?id=sk96191>) \\- since _Take_50_\n * [Jumbo Hotfix Accumulator for R76SP.10 on 61000/41000](<http://supportcontent.checkpoint.com/solutions?id=sk103121>) \\- since _Take_37_\n * [Jumbo Hotfix Accumulator for R75.47](<http://supportcontent.checkpoint.com/solutions?id=sk95827>) \\- since _Take_67_\n\nCheck Point recommends to always upgrade to the most recent version ([upgrade Security Gateway](<https://supportcenter.checkpoint.com/supportcenter/portal? eventSubmit_doShowproductpage&productTab=downloads&product=73>) / [upgrade Cluster](<https://supportcenter.checkpoint.com/supportcenter/portal? eventSubmit_doShowproductpage&productTab=downloads&product=428>) / [upgrade Security Management Server](<https://supportcenter.checkpoint.com/supportcenter/portal? eventSubmit_doShowproductpage&productTab=downloads&product=184>) / [upgrade Multi-Domain Security Management Server](<https://supportcenter.checkpoint.com/supportcenter/portal? eventSubmit_doShowproductpage&productTab=downloads&product=166>) / [upgrade 600 appliance](<https://supportcenter.checkpoint.com/supportcenter/portal? eventSubmit_doShowproductpage&productTab=downloads&product=421>), [upgrade 1100 appliance](<https://supportcenter.checkpoint.com/supportcenter/portal? eventSubmit_doShowproductpage&productTab=downloads&product=420>)).\n\nFor **lower [supported](<http://www.checkpoint.com/support-services/support-life-cycle-policy/index.html>) versions:**\n\n * A Hotfix to address this vulnerability was released for R77.20, R77.10, R77, R76 and R75.47. \n \n\n * Customers who installed Jumbo Hotfix Accumulator for [R77.20](<http://supportcontent.checkpoint.com/solutions?id=sk101975>) / [R77.10](<http://supportcontent.checkpoint.com/solutions?id=sk98285>) / [R77](<http://supportcontent.checkpoint.com/solutions?id=sk96192>) / [R76](<http://supportcontent.checkpoint.com/solutions?id=sk96191>) / [R75.47](<http://supportcontent.checkpoint.com/solutions?id=sk95827>) should follow the relevant jumbo SecureKnowledge solution. An update to jumbo hotfix accumulator that includes the TLS hotfix is planned to be released soon. \n \n\n * A Hotfix to address this vulnerability was released for 600 / 1100 / Security Gateway 80 running R75.20 version. See below recommendations for 600 / 1100 / Security Gateway 80 appliances running R75.20.X (Gaia Embedded OS). \n \n\n * For other versions, [contact Check Point Support](<http://www.checkpoint.com/services/contact/index.html>) to get a Hotfix for this issue.\n\n \nOnce the Hotfix is installed, the Inbound HTTPS Inspection will protect internal Web servers from this POODLE attack against a TLS connection between the client machine (the browser) located at the Internet and the gateway.\n\n**IPS Protections \n \n**Once the HTTPS Inspection Hotfix is installed, the inbound HTTPS Inspection will protect the internal Web servers from TLS 1.X padding vulnerability. For now, no IPS protection is expected for this vulnerability.\n\n**Summary table with recommended hotfixes:**\n\n_In order to download these hotfix packages you will need to have a [Software Subscription or Active Support plan](<http://www.checkpoint.com/support-programs-and-plans/>)._** \n**\n\n**Note:** These hotfix packages also include the following fixes:\n\n * [sk102989 - Check Point response to the POODLE Bites vulnerability (CVE-2014-3566)](<https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102989>)\n * [sk101708 - Anti-Virus and Threat Emulation blades miss inspection](<https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk101708>)\n\n[Contact Check Point Support](<http://www.checkpoint.com/services/contact/index.html>) to get a Hotfix for older versions that are not referenced on this table.\n\n#### Installation Instructions:\n\n * Hotfix installation instructions for **Gaia OS** using **CPUSE** (Check Point Update Service Engine) \n \n\n\n 1. Connect to the Gaia Portal on your Security Gateway and navigate to the '**`Upgrades (CPUSE)`**' pane / to the '**`Software Updates`**' pane - click on '`Status and Actions`'.\n 2. Select the hotfix package - **`_<VERSION>_ Hotfix for sk103683 (Check Point response to TLS 1.x padding vulnerability`** \\- and click on '`Install Update`' button on the toolbar.\n\n**Notes:**\n\n * For detailed installation instructions, refer to [sk92449: CPUSE - Gaia Software Updates (including Gaia Software Updates Agent)](<https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk92449#How to work with CPUSE>) \\- section \"_(4) How to work with CPUSE_\".\n * Make sure to take a snapshot of your Check Point machine before installing this hotfix.\n * Hotfix has to be installed on **all Security Gateways running on Gaia OS**.\n * In cluster environment, this procedure must be performed on all members of the cluster.\n \n \n\n\n * Hotfix installation instructions for **Gaia / SecurePlatform / X-Series XOS / IPSO OS** (manual installation in Command Line) \n \n\n\n 1. Hotfix has to be installed on **all Security Gateways running on Gaia / SecurePlatform / X-Series XOS / IPSO OS**. \n\n**Notes:**\n\n * Make sure to take a snapshot of your Check Point machine before installing this hotfix.\n * In cluster environment, this procedure must be performed on all members of the cluster.\n \n \n\n 2. Download the relevant hotfix package from the summary table above.\n\n_In order to download these hotfix packages you will need to have a [Software Subscription or Active Support plan](<http://www.checkpoint.com/services/techsupport/index.html>)._ \n \n\n 3. Transfer the hotfix package to the Security Gateway (into some directory) and unpack it: \n**`[Expert@HostName]# tar -zxvf Check_Point_Hotfix__<VERSION>___<OS>__sk103683.tgz`** \n \n\n 4. Install the hotfix:\n\n * On Gaia, SecurePlatform, Linux OS: \n**`[Expert@HostName]# ./UnixInstallScript`** \n \n\n * On IPSO OS: \n**`[Expert@HostName]# ./fw1_wrapper_HOTFIX_FOXX_HF_HA47_068_<build-number>`** \n \n\n \nNote: The script will stop all of Check Point services ('`cpstop`') - read the output on the screen. \n \n\n 5. Reboot the Security Gateway. \n\n#### \n\nRecommendations for 600 / 1100 / Security Gateway 80 appliances running R75.20.X (Gaia Embedded OS)\n\n 1. Download [R75.20 HFA69](<http://supportcontent.checkpoint.com/solutions?id=sk103735>). \n \n**Note:** Do not install this firmware on appliances running R75.20.51 firmware version and managed by Check Point Cloud service. [Contact Check Point Support](<http://www.checkpoint.com/services/contact/index.html>) in order to get this fix over R75.20.51 firmware. \n \n\n 2. Perform an upgrade using the Appliance's WebUI.\n\nTo uninstall the improved firmware: \nGo to '_Device_' tab - go to '_System_' section - click on '_System Operations_' - click on the '_Revert to Previous image_' button. \n \nFor detailed instructions, refer to [Check Point 600 Appliance Admin Guide](<http://downloads.checkpoint.com/dc/download.htm?ID=24000>) (page 43), and to [Check Point 1100 Appliance Admin Guide](<http://downloads.checkpoint.com/dc/download.htm?ID=23999>) (page 69).\n\n#### Revision History\n\n**Related solution**: [sk27242 - How to change the SecurePlatform WebUI default access port](<http://supportcontent.checkpoint.com/solutions?id=sk27242>)\n\nApplies To:\n\n * 01528449, 01555275, 01575357, 01580673, 01657168, 01847018, 01550347, 01541329, 01532217, 01530191, 01562601, 01573576, 01785171, 01801469, 01531100, 01550910, 01539660, 01534077, 01531910, 01575371, 01830198, 01645036, 01529798, 01544095, 01542331, 01534285, 01719584, 01558086, 01531579, 01531583, 01532614, 01532514, 01531876, 01599975, 01529504, 01529783, 01531415, 01575737, 01536942, 01535614, 01534507, 01532802, 01531982, 01530192, 01531098, 01532513, 01539657, 01536923, 01532210, 01530687, 01530190, 01575648, 01642760, 01688586\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2014-12-08T22:00:00", "type": "checkpoint_security", "title": "Check Point response to TLS 1.x padding vulnerability", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2014-12-08T22:00:00", "id": "CPS:SK103683", "href": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk103683", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "nessus": [{"lastseen": "2023-02-21T16:42:32", "description": "This update adds support for the TLS Fallback Signaling Cipher Suite Value (TLS_FALLBACK_SCSV), which can be used to prevent protocol downgrade attacks against applications which re-connect using a lower SSL/TLS protocol version when the initial connection indicating the highest supported protocol version fails.\n\nThis can prevent a forceful downgrade of the communication to SSL 3.0.\nThe SSL 3.0 protocol was found to be vulnerable to the padding oracle attack when using block cipher suites in cipher block chaining (CBC) mode. This issue is identified as CVE-2014-3566, and also known under the alias POODLE. This SSL 3.0 protocol flaw will not be addressed in a future update; it is recommended that users configure their applications to require at least TLS protocol version 1.0 for secure communication.\n\nThe nss, nss-util, and nss-softokn packages have been upgraded to upstream version 3.16.2.3, which provides a number of bug fixes and enhancements over the previous version, and adds the support for Mozilla Firefox 31.3.\n\nAfter installing this update, applications using NSS or NSPR must be restarted for this update to take effect.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2014-12-04T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : nss, nss-util, and nss-softokn on SL5.x, SL6.x, SL7.x i386/x86_64 (20141202) (POODLE)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:nss", "p-cpe:/a:fermilab:scientific_linux:nss-debuginfo", "p-cpe:/a:fermilab:scientific_linux:nss-devel", "p-cpe:/a:fermilab:scientific_linux:nss-pkcs11-devel", "p-cpe:/a:fermilab:scientific_linux:nss-softokn", "p-cpe:/a:fermilab:scientific_linux:nss-softokn-debuginfo", "p-cpe:/a:fermilab:scientific_linux:nss-softokn-devel", "p-cpe:/a:fermilab:scientific_linux:nss-softokn-freebl", "p-cpe:/a:fermilab:scientific_linux:nss-softokn-freebl-devel", "p-cpe:/a:fermilab:scientific_linux:nss-sysinit", "p-cpe:/a:fermilab:scientific_linux:nss-tools", "p-cpe:/a:fermilab:scientific_linux:nss-util", "p-cpe:/a:fermilab:scientific_linux:nss-util-debuginfo", "p-cpe:/a:fermilab:scientific_linux:nss-util-devel", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20141202_NSS__NSS_UTIL__AND_NSS_SOFTOKN_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/79713", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79713);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-3566\");\n\n script_name(english:\"Scientific Linux Security Update : nss, nss-util, and nss-softokn on SL5.x, SL6.x, SL7.x i386/x86_64 (20141202) (POODLE)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update adds support for the TLS Fallback Signaling Cipher Suite\nValue (TLS_FALLBACK_SCSV), which can be used to prevent protocol\ndowngrade attacks against applications which re-connect using a lower\nSSL/TLS protocol version when the initial connection indicating the\nhighest supported protocol version fails.\n\nThis can prevent a forceful downgrade of the communication to SSL 3.0.\nThe SSL 3.0 protocol was found to be vulnerable to the padding oracle\nattack when using block cipher suites in cipher block chaining (CBC)\nmode. This issue is identified as CVE-2014-3566, and also known under\nthe alias POODLE. This SSL 3.0 protocol flaw will not be addressed in\na future update; it is recommended that users configure their\napplications to require at least TLS protocol version 1.0 for secure\ncommunication.\n\nThe nss, nss-util, and nss-softokn packages have been upgraded to\nupstream version 3.16.2.3, which provides a number of bug fixes and\nenhancements over the previous version, and adds the support for\nMozilla Firefox 31.3.\n\nAfter installing this update, applications using NSS or NSPR must be\nrestarted for this update to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1412&L=scientific-linux-errata&T=0&P=542\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2a43fe36\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:nss-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:nss-pkcs11-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:nss-softokn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:nss-softokn-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:nss-softokn-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:nss-softokn-freebl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:nss-softokn-freebl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:nss-sysinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:nss-util\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:nss-util-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:nss-util-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/04\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"nss-3.16.2.3-1.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"nss-debuginfo-3.16.2.3-1.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"nss-devel-3.16.2.3-1.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"nss-pkcs11-devel-3.16.2.3-1.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"nss-tools-3.16.2.3-1.el5_11\")) flag++;\n\nif (rpm_check(release:\"SL6\", reference:\"nss-3.16.2.3-3.el6_6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"nss-debuginfo-3.16.2.3-3.el6_6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"nss-devel-3.16.2.3-3.el6_6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"nss-pkcs11-devel-3.16.2.3-3.el6_6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"nss-sysinit-3.16.2.3-3.el6_6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"nss-tools-3.16.2.3-3.el6_6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"nss-util-3.16.2.3-2.el6_6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"nss-util-debuginfo-3.16.2.3-2.el6_6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"nss-util-devel-3.16.2.3-2.el6_6\")) flag++;\n\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"nss-3.16.2.3-2.el7_0\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"nss-debuginfo-3.16.2.3-2.el7_0\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"nss-devel-3.16.2.3-2.el7_0\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"nss-pkcs11-devel-3.16.2.3-2.el7_0\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"nss-softokn-3.16.2.3-1.el7_0\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"nss-softokn-debuginfo-3.16.2.3-1.el7_0\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"nss-softokn-devel-3.16.2.3-1.el7_0\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"nss-softokn-freebl-3.16.2.3-1.el7_0\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"nss-softokn-freebl-devel-3.16.2.3-1.el7_0\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"nss-sysinit-3.16.2.3-2.el7_0\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"nss-tools-3.16.2.3-2.el7_0\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"nss-util-3.16.2.3-1.el7_0\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"nss-util-debuginfo-3.16.2.3-1.el7_0\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"nss-util-devel-3.16.2.3-1.el7_0\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nss / nss-debuginfo / nss-devel / nss-pkcs11-devel / nss-softokn / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-03-04T16:28:03", "description": "Updated node.js packages that fix one security issue are now available for Red Hat OpenShift Enterprise 2.0.\n\nRed Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nOpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.\n\nNode.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.\n\nA flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. This flaw allows a man-in-the-middle (MITM) attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections.\n(CVE-2014-3566)\n\nAll OpenShift Enterprise users are advised to upgrade to these updated packages, which correct this issue.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2018-12-04T00:00:00", "type": "nessus", "title": "RHEL 6 : node.js (RHSA-2015:1546) (POODLE)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2020-06-11T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:openshift-origin-node-proxy", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2015-1546.NASL", "href": "https://www.tenable.com/plugins/nessus/119359", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:1546. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(119359);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/11\");\n\n script_cve_id(\"CVE-2014-3566\");\n script_xref(name:\"RHSA\", value:\"2015:1546\");\n\n script_name(english:\"RHEL 6 : node.js (RHSA-2015:1546) (POODLE)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Updated node.js packages that fix one security issue are now available\nfor Red Hat OpenShift Enterprise 2.0.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nOpenShift Enterprise by Red Hat is the company's cloud computing\nPlatform-as-a-Service (PaaS) solution designed for on-premise or\nprivate cloud deployments.\n\nNode.js is a software development platform for building fast and\nscalable network applications in the JavaScript programming language.\n\nA flaw was found in the way SSL 3.0 handled padding bytes when\ndecrypting messages encrypted using block ciphers in cipher block\nchaining (CBC) mode. This flaw allows a man-in-the-middle (MITM)\nattacker to decrypt a selected byte of a cipher text in as few as 256\ntries if they are able to force a victim application to repeatedly\nsend the same data over newly created SSL 3.0 connections.\n(CVE-2014-3566)\n\nAll OpenShift Enterprise users are advised to upgrade to these updated\npackages, which correct this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:1546\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-3566\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected openshift-origin-node-proxy package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-origin-node-proxy\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/12/04\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:1546\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"openshift-origin-node-proxy-1.16.4.2-1.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openshift-origin-node-proxy\");\n }\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-03-04T16:27:53", "description": "Updated node.js packages that fix one security issue are now available for Red Hat OpenShift Enterprise 2.1.\n\nRed Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nOpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.\n\nNode.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.\n\nA flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. This flaw allows a man-in-the-middle (MITM) attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections.\n(CVE-2014-3566)\n\nAll OpenShift Enterprise users are advised to upgrade to these updated packages, which correct this issue.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2018-12-04T00:00:00", "type": "nessus", "title": "RHEL 6 : node.js (RHSA-2015:1545) (POODLE)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2020-06-11T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:openshift-origin-node-proxy", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2015-1545.NASL", "href": "https://www.tenable.com/plugins/nessus/119358", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:1545. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(119358);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/11\");\n\n script_cve_id(\"CVE-2014-3566\");\n script_xref(name:\"RHSA\", value:\"2015:1545\");\n\n script_name(english:\"RHEL 6 : node.js (RHSA-2015:1545) (POODLE)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Updated node.js packages that fix one security issue are now available\nfor Red Hat OpenShift Enterprise 2.1.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nOpenShift Enterprise by Red Hat is the company's cloud computing\nPlatform-as-a-Service (PaaS) solution designed for on-premise or\nprivate cloud deployments.\n\nNode.js is a software development platform for building fast and\nscalable network applications in the JavaScript programming language.\n\nA flaw was found in the way SSL 3.0 handled padding bytes when\ndecrypting messages encrypted using block ciphers in cipher block\nchaining (CBC) mode. This flaw allows a man-in-the-middle (MITM)\nattacker to decrypt a selected byte of a cipher text in as few as 256\ntries if they are able to force a victim application to repeatedly\nsend the same data over newly created SSL 3.0 connections.\n(CVE-2014-3566)\n\nAll OpenShift Enterprise users are advised to upgrade to these updated\npackages, which correct this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:1545\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-3566\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected openshift-origin-node-proxy package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-origin-node-proxy\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/12/04\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:1545\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"openshift-origin-node-proxy-1.22.3.4-1.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openshift-origin-node-proxy\");\n }\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T16:40:23", "description": "libserf was updated to disable SSLv2 and SSLv3. 	 libserf was updated to version 1.3.8 on openSUSE 13.1 and 13.2. This release also fixes a problem with handling very large gzip-encoded HTTP responses.\n\nFor openSUSE 12.3 libserf 1.1.1 was patched to disable SSLv2 and SSLv3.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2014-11-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : libserf (openSUSE-SU-2014:1395-1) (POODLE)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libserf-1-0", "p-cpe:/a:novell:opensuse:libserf-1-0-debuginfo", "p-cpe:/a:novell:opensuse:libserf-1-1", "p-cpe:/a:novell:opensuse:libserf-1-1-debuginfo", "p-cpe:/a:novell:opensuse:libserf-debugsource", "p-cpe:/a:novell:opensuse:libserf-devel", "cpe:/o:novell:opensuse:12.3", "cpe:/o:novell:opensuse:13.1", "cpe:/o:novell:opensuse:13.2"], "id": "OPENSUSE-2014-647.NASL", "href": "https://www.tenable.com/plugins/nessus/79222", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-647.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79222);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-3566\");\n\n script_name(english:\"openSUSE Security Update : libserf (openSUSE-SU-2014:1395-1) (POODLE)\");\n script_summary(english:\"Check for the openSUSE-2014-647 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"libserf was updated to disable SSLv2 and SSLv3. 	 libserf was\nupdated to version 1.3.8 on openSUSE 13.1 and 13.2. This release also\nfixes a problem with handling very large gzip-encoded HTTP responses.\n\nFor openSUSE 12.3 libserf 1.1.1 was patched to disable SSLv2 and\nSSLv3.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-11/msg00035.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libserf packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libserf-1-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libserf-1-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libserf-1-1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libserf-1-1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libserf-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libserf-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/13\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.3|SUSE13\\.1|SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.3 / 13.1 / 13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libserf-1-0-1.1.1-2.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libserf-1-0-debuginfo-1.1.1-2.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libserf-debugsource-1.1.1-2.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libserf-devel-1.1.1-2.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libserf-1-1-1.3.8-20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libserf-1-1-debuginfo-1.3.8-20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libserf-debugsource-1.3.8-20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libserf-devel-1.3.8-20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libserf-1-1-1.3.8-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libserf-1-1-debuginfo-1.3.8-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libserf-debugsource-1.3.8-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libserf-devel-1.3.8-2.4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libserf\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-03-04T14:52:13", "description": "Update to latest release\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2015-10-16T00:00:00", "type": "nessus", "title": "Fedora 21 : fossil-1.33-1.fc21 (2015-9090) (POODLE)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:fossil", "cpe:/o:fedoraproject:fedora:21"], "id": "FEDORA_2015-9090.NASL", "href": "https://www.tenable.com/plugins/nessus/86409", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-9090.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(86409);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-3566\");\n script_xref(name:\"FEDORA\", value:\"2015-9090\");\n\n script_name(english:\"Fedora 21 : fossil-1.33-1.fc21 (2015-9090) (POODLE)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to latest release\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1191203\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-October/169374.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4ad252f0\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected fossil package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:fossil\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/10/14\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/10/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"fossil-1.33-1.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"fossil\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-03-04T14:52:22", "description": "Update to latest release\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2015-10-16T00:00:00", "type": "nessus", "title": "Fedora 22 : fossil-1.33-1.fc22 (2015-9110) (POODLE)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:fossil", "cpe:/o:fedoraproject:fedora:22"], "id": "FEDORA_2015-9110.NASL", "href": "https://www.tenable.com/plugins/nessus/86410", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-9110.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(86410);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-3566\");\n script_xref(name:\"FEDORA\", value:\"2015-9110\");\n\n script_name(english:\"Fedora 22 : fossil-1.33-1.fc22 (2015-9110) (POODLE)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to latest release\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1180999\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1191203\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-October/169361.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?109f08df\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected fossil package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:fossil\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/10/14\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/10/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"fossil-1.33-1.fc22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"fossil\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-03-04T14:48:11", "description": "A man-in-the-middle (MitM) information disclosure vulnerability, known as POODLE, exists due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. A MitM attacker can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2015-06-19T00:00:00", "type": "nessus", "title": "AIX 6.1 TL 8 : nettcp (IV73416) (POODLE)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2021-01-04T00:00:00", "cpe": ["cpe:/o:ibm:aix:6.1"], "id": "AIX_IV73416.NASL", "href": "https://www.tenable.com/plugins/nessus/84268", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84268);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2014-3566\");\n script_bugtraq_id(70574);\n script_xref(name:\"CERT\", value:\"577193\");\n\n script_name(english:\"AIX 6.1 TL 8 : nettcp (IV73416) (POODLE)\");\n script_summary(english:\"Check for APAR IV73416 or APAR IV75644.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AIX host is missing a security patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"A man-in-the-middle (MitM) information disclosure vulnerability,\nknown as POODLE, exists due to the way SSL 3.0 handles padding bytes\nwhen decrypting messages encrypted using block ciphers in cipher block\nchaining (CBC) mode. A MitM attacker can decrypt a selected byte of a\ncipher text in as few as 256 tries if they are able to force a victim\napplication to repeatedly send the same data over newly created SSL\n3.0 connections.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://aix.software.ibm.com/aix/efixes/security/nettcp_advisory.asc\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.imperialviolet.org/2014/10/14/poodle.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/~bodo/ssl-poodle.pdf\");\n script_set_attribute(attribute:\"see_also\", value:\"https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00\");\n script_set_attribute(attribute:\"solution\", value:\"Install the appropriate interim fix.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix:6.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/19\");\n\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"AIX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\", \"Host/AIX/oslevelsp\");\n\n exit(0);\n}\n\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"aix.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif ( ! get_kb_item(\"Host/AIX/version\") ) audit(AUDIT_OS_NOT, \"AIX\");\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit(0, \"This iFix check is disabled because : \"+get_kb_item(\"Host/AIX/emgr_failure\") );\n\noslevel = chomp(get_kb_item(\"Host/AIX/oslevelsp\"));\nif (isnull(oslevel)) audit(AUDIT_UNKNOWN_APP_VER, \"AIX\");\noslevelparts = split(oslevel, sep:'-', keep:0);\nif ( max_index(oslevelparts) != 4 ) audit(AUDIT_UNKNOWN_APP_VER, \"AIX\");\nif ( oslevelparts[0] != \"6100\" || oslevelparts[1] != \"08\" || oslevelparts[2] != \"06\" ) audit(AUDIT_OS_NOT, \"AIX 6100-08-06\", \"AIX \" + oslevel);\n\nflag = 0;\n\nif (aix_check_ifix(release:\"6.1\", ml:\"08\", sp:\"06\", patch:\"(IV73416s6a|IV75644m6a)\", package:\"bos.net.tcp.client\", minfilesetver:\"6.1.0.0\", maxfilesetver:\"6.1.8.19\") < 0) flag++;\nif (aix_check_ifix(release:\"6.1\", ml:\"08\", sp:\"06\", patch:\"(IV73416s6a|IV75644m6a)\", package:\"bos.net.tcp.server\", minfilesetver:\"6.1.0.0\", maxfilesetver:\"6.1.8.18\") < 0) flag++;\n\nif (flag)\n{\n aix_report_extra = ereg_replace(string:aix_report_get(), pattern:\"[()]\", replace:\"\");\n aix_report_extra = ereg_replace(string:aix_report_extra, pattern:\"[|]\", replace:\" or \");\n if (report_verbosity > 0) security_warning(port:0, extra:aix_report_extra);\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = aix_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bos.net.tcp.client / bos.net.tcp.server\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T16:41:37", "description": "pure-ftpd was updated to fix one security issue and two non-security bugs :\n\n - SSLv2 and SSLv3 have been disabled to avoid the attack named POODLE. (CVE-2014-3566, bnc#902229)\n\n - Added the disable_ascii option. (bnc#828469)\n\n - Fixed wait on TLS handshake. (bnc#856424)", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2014-12-05T00:00:00", "type": "nessus", "title": "SuSE 11.3 Security Update : pure-ftpd (SAT Patch Number 10004)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:pure-ftpd", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_PURE-FTPD-141120.NASL", "href": "https://www.tenable.com/plugins/nessus/79739", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79739);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-3566\");\n\n script_name(english:\"SuSE 11.3 Security Update : pure-ftpd (SAT Patch Number 10004)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"pure-ftpd was updated to fix one security issue and two non-security\nbugs :\n\n - SSLv2 and SSLv3 have been disabled to avoid the attack\n named POODLE. (CVE-2014-3566, bnc#902229)\n\n - Added the disable_ascii option. (bnc#828469)\n\n - Fixed wait on TLS handshake. (bnc#856424)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=828469\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=856424\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=902229\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-3566.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 10004.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:pure-ftpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, \"SuSE 11.3\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"pure-ftpd-1.0.22-3.25.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"pure-ftpd-1.0.22-3.25.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"pure-ftpd-1.0.22-3.25.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T16:40:41", "description": "Claws Mail was updated to version 3.11.0.\n\nChanges :\n\n + SSLv3 server connections are now disabled by default, in response to the POODLE vulnerability (CVE-2014-3566).\n\n + Several PGP/Core plugin improvements :\n\n - Indicate when a key has been revoked or has expired when displaying signature status.\n\n - When displaying the full information, show the Validity, and the Owner Trust level. Also indicate expired and revoked keys, and revoked UIDs.\n\n - The 'Content-Disposition: attachment' flag in PGP/MIME signed messages has been removed. It was confusing for cetain MUAs.\n\n + A new version of the RSSyl plugin, completely redesigned and rewritten.\n\n + The results of TAB address completion in the Compose window have improved ordering.\n\n + Due to popular demand, use of the Up key in the message body in the Compose window stops at the top of the message body and does not continue up to the header fields. This reverts the behaviour introduced in version 3.10.0.\n\n + In the Compose window, when navigating with the arrow keys, selecting, and thus modifying, the Account selector is now prevented.\n\n + In the Compose window, a mnemonic (s) has been added to the Subject line.\n\n + The Queue folder is highlighted if there are messages in its sub-folders and the tree is collapsed.\n\n + When sorting messages by 'thread date', clicking the 'Date' column header will now toggle between ascending/descending and will not switch to 'date' sorting.\n\n + A new QuickSearch filter has been added that searches a header's content only.\n\n + A Reply-To field has been added to the main Template configuration.\n\n + The menubar can now be hidden, default hotkey: F12.\n\n + Fancy plugin: A user-controlled stylesheet can now be used.\n\n + Python plugin: Add flag attributes to MessageInfo object.\n\n + Python plugin: Make 'account' property of ComposeWindow read/write.\n\n + Libravatar plugin: a network timeout option has been added.\n\n + The tbird2claws.py script, for converting a Thunderbird mailbox to a Claws Mail mailbox, now handles sub-directory recursion.\n\n + Updated translations", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2014-11-11T00:00:00", "type": "nessus", "title": "openSUSE Security Update : claws-mail (openSUSE-SU-2014:1384-1) (POODLE)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:claws-mail", "p-cpe:/a:novell:opensuse:claws-mail-debuginfo", "p-cpe:/a:novell:opensuse:claws-mail-debugsource", "p-cpe:/a:novell:opensuse:claws-mail-devel", "p-cpe:/a:novell:opensuse:claws-mail-lang", "cpe:/o:novell:opensuse:13.2"], "id": "OPENSUSE-2014-640.NASL", "href": "https://www.tenable.com/plugins/nessus/79106", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-640.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79106);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-3566\");\n\n script_name(english:\"openSUSE Security Update : claws-mail (openSUSE-SU-2014:1384-1) (POODLE)\");\n script_summary(english:\"Check for the openSUSE-2014-640 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Claws Mail was updated to version 3.11.0.\n\nChanges :\n\n + SSLv3 server connections are now disabled by default, in\n response to the POODLE vulnerability (CVE-2014-3566).\n\n + Several PGP/Core plugin improvements :\n\n - Indicate when a key has been revoked or has expired when\n displaying signature status.\n\n - When displaying the full information, show the Validity,\n and the Owner Trust level. Also indicate expired and\n revoked keys, and revoked UIDs.\n\n - The 'Content-Disposition: attachment' flag in PGP/MIME\n signed messages has been removed. It was confusing for\n cetain MUAs.\n\n + A new version of the RSSyl plugin, completely redesigned\n and rewritten.\n\n + The results of TAB address completion in the Compose\n window have improved ordering.\n\n + Due to popular demand, use of the Up key in the message\n body in the Compose window stops at the top of the\n message body and does not continue up to the header\n fields. This reverts the behaviour introduced in version\n 3.10.0.\n\n + In the Compose window, when navigating with the arrow\n keys, selecting, and thus modifying, the Account\n selector is now prevented.\n\n + In the Compose window, a mnemonic (s) has been added to\n the Subject line.\n\n + The Queue folder is highlighted if there are messages in\n its sub-folders and the tree is collapsed.\n\n + When sorting messages by 'thread date', clicking the\n 'Date' column header will now toggle between\n ascending/descending and will not switch to 'date'\n sorting.\n\n + A new QuickSearch filter has been added that searches a\n header's content only.\n\n + A Reply-To field has been added to the main Template\n configuration.\n\n + The menubar can now be hidden, default hotkey: F12.\n\n + Fancy plugin: A user-controlled stylesheet can now be\n used.\n\n + Python plugin: Add flag attributes to MessageInfo\n object.\n\n + Python plugin: Make 'account' property of ComposeWindow\n read/write.\n\n + Libravatar plugin: a network timeout option has been\n added.\n\n + The tbird2claws.py script, for converting a Thunderbird\n mailbox to a Claws Mail mailbox, now handles\n sub-directory recursion.\n\n + Updated translations\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=903276\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-11/msg00030.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected claws-mail packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:claws-mail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:claws-mail-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:claws-mail-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:claws-mail-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:claws-mail-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/11\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"claws-mail-3.11.0-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"claws-mail-debuginfo-3.11.0-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"claws-mail-debugsource-3.11.0-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"claws-mail-devel-3.11.0-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"claws-mail-lang-3.11.0-2.4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"claws-mail\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-03-05T15:14:48", "description": "A man-in-the-middle (MitM) information disclosure vulnerability, known as POODLE, exists due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. A MitM attacker can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2015-06-19T00:00:00", "type": "nessus", "title": "AIX 7.1 TL 3 : nettcp (IV73316) (POODLE)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2021-01-04T00:00:00", "cpe": ["cpe:/o:ibm:aix:7.1"], "id": "AIX_IV73316.NASL", "href": "https://www.tenable.com/plugins/nessus/84265", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84265);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2014-3566\");\n script_bugtraq_id(70574);\n script_xref(name:\"CERT\", value:\"577193\");\n\n script_name(english:\"AIX 7.1 TL 3 : nettcp (IV73316) (POODLE)\");\n script_summary(english:\"Check for APAR IV73316 or APAR IV75646.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AIX host is missing a security patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"A man-in-the-middle (MitM) information disclosure vulnerability,\nknown as POODLE, exists due to the way SSL 3.0 handles padding bytes\nwhen decrypting messages encrypted using block ciphers in cipher block\nchaining (CBC) mode. A MitM attacker can decrypt a selected byte of a\ncipher text in as few as 256 tries if they are able to force a victim\napplication to repeatedly send the same data over newly created SSL\n3.0 connections.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://aix.software.ibm.com/aix/efixes/security/nettcp_advisory.asc\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.imperialviolet.org/2014/10/14/poodle.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/~bodo/ssl-poodle.pdf\");\n script_set_attribute(attribute:\"see_also\", value:\"https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00\");\n script_set_attribute(attribute:\"solution\", value:\"Install the appropriate interim fix.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix:7.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/19\");\n\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"AIX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\", \"Host/AIX/oslevelsp\");\n\n exit(0);\n}\n\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"aix.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif ( ! get_kb_item(\"Host/AIX/version\") ) audit(AUDIT_OS_NOT, \"AIX\");\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit(0, \"This iFix check is disabled because : \"+get_kb_item(\"Host/AIX/emgr_failure\") );\n\noslevel = chomp(get_kb_item(\"Host/AIX/oslevelsp\"));\nif (isnull(oslevel)) audit(AUDIT_UNKNOWN_APP_VER, \"AIX\");\noslevelparts = split(oslevel, sep:'-', keep:0);\nif ( max_index(oslevelparts) != 4 ) audit(AUDIT_UNKNOWN_APP_VER, \"AIX\");\nif ( oslevelparts[0] != \"7100\" || oslevelparts[1] != \"03\" || oslevelparts[2] != \"05\" ) audit(AUDIT_OS_NOT, \"AIX 7100-03-05\", \"AIX \" + oslevel);\n\nflag = 0;\n\nif (aix_check_ifix(release:\"7.1\", ml:\"03\", sp:\"05\", patch:\"(IV73316s5a|IV75646m5a)\", package:\"bos.net.tcp.client\", minfilesetver:\"7.1.0.0\", maxfilesetver:\"7.1.3.48\") < 0) flag++;\nif (aix_check_ifix(release:\"7.1\", ml:\"03\", sp:\"05\", patch:\"(IV73316s5a|IV75646m5a)\", package:\"bos.net.tcp.server\", minfilesetver:\"7.1.0.0\", maxfilesetver:\"7.1.3.45\") < 0) flag++;\n\nif (flag)\n{\n aix_report_extra = ereg_replace(string:aix_report_get(), pattern:\"[()]\", replace:\"\");\n aix_report_extra = ereg_replace(string:aix_report_extra, pattern:\"[|]\", replace:\" or \");\n if (report_verbosity > 0) security_warning(port:0, extra:aix_report_extra);\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = aix_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bos.net.tcp.client / bos.net.tcp.server\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T16:40:41", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - xend: disable sslv3 due to (CVE-2014-3566)", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2014-11-26T00:00:00", "type": "nessus", "title": "OracleVM 3.3 : xen (OVMSA-2014-0038) (POODLE)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:xen", "p-cpe:/a:oracle:vm:xen-tools", "cpe:/o:oracle:vm_server:3.3"], "id": "ORACLEVM_OVMSA-2014-0038.NASL", "href": "https://www.tenable.com/plugins/nessus/79553", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2014-0038.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79553);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2014-3566\");\n script_bugtraq_id(70574);\n\n script_name(english:\"OracleVM 3.3 : xen (OVMSA-2014-0038) (POODLE)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - xend: disable sslv3 due to (CVE-2014-3566)\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2014-November/000239.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c3b9133e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xen / xen-tools packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/26\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.3\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.3\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.3\", reference:\"xen-4.3.0-55.el6.0.5\")) flag++;\nif (rpm_check(release:\"OVS3.3\", reference:\"xen-tools-4.3.0-55.el6.0.5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen / xen-tools\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-03-04T14:48:12", "description": "A man-in-the-middle (MitM) information disclosure vulnerability, known as POODLE, exists due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. A MitM attacker can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2015-06-19T00:00:00", "type": "nessus", "title": "AIX 7.1 TL 2 : nettcp (IV73974) (POODLE)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2021-01-04T00:00:00", "cpe": ["cpe:/o:ibm:aix:7.1"], "id": "AIX_IV73974.NASL", "href": "https://www.tenable.com/plugins/nessus/84273", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84273);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2014-3566\");\n script_bugtraq_id(70574);\n script_xref(name:\"CERT\", value:\"577193\");\n\n script_name(english:\"AIX 7.1 TL 2 : nettcp (IV73974) (POODLE)\");\n script_summary(english:\"Check for APAR IV73974 or APAR IV75645.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AIX host is missing a security patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"A man-in-the-middle (MitM) information disclosure vulnerability,\nknown as POODLE, exists due to the way SSL 3.0 handles padding bytes\nwhen decrypting messages encrypted using block ciphers in cipher block\nchaining (CBC) mode. A MitM attacker can decrypt a selected byte of a\ncipher text in as few as 256 tries if they are able to force a victim\napplication to repeatedly send the same data over newly created SSL\n3.0 connections.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://aix.software.ibm.com/aix/efixes/security/nettcp_advisory.asc\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.imperialviolet.org/2014/10/14/poodle.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/~bodo/ssl-poodle.pdf\");\n script_set_attribute(attribute:\"see_also\", value:\"https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00\");\n script_set_attribute(attribute:\"solution\", value:\"Install the appropriate interim fix.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix:7.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/19\");\n\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"AIX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\", \"Host/AIX/oslevelsp\");\n\n exit(0);\n}\n\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"aix.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif ( ! get_kb_item(\"Host/AIX/version\") ) audit(AUDIT_OS_NOT, \"AIX\");\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit(0, \"This iFix check is disabled because : \"+get_kb_item(\"Host/AIX/emgr_failure\") );\n\noslevel = chomp(get_kb_item(\"Host/AIX/oslevelsp\"));\nif (isnull(oslevel)) audit(AUDIT_UNKNOWN_APP_VER, \"AIX\");\noslevelparts = split(oslevel, sep:'-', keep:0);\nif ( max_index(oslevelparts) != 4 ) audit(AUDIT_UNKNOWN_APP_VER, \"AIX\");\nif ( oslevelparts[0] != \"7100\" || oslevelparts[1] != \"02\" || oslevelparts[2] != \"06\" ) audit(AUDIT_OS_NOT, \"AIX 7100-02-06\", \"AIX \" + oslevel);\n\nflag = 0;\n\nif (aix_check_ifix(release:\"7.1\", ml:\"02\", sp:\"06\", patch:\"(IV73974s6b|IV75645m6a)\", package:\"bos.net.tcp.client\", minfilesetver:\"7.1.0.0\", maxfilesetver:\"7.1.2.19\") < 0) flag++;\nif (aix_check_ifix(release:\"7.1\", ml:\"02\", sp:\"06\", patch:\"(IV73974s6b|IV75645m6a)\", package:\"bos.net.tcp.server\", minfilesetver:\"7.1.0.0\", maxfilesetver:\"7.1.2.18\") < 0) flag++;\n\nif (flag)\n{\n aix_report_extra = ereg_replace(string:aix_report_get(), pattern:\"[()]\", replace:\"\");\n aix_report_extra = ereg_replace(string:aix_report_extra, pattern:\"[|]\", replace:\" or \");\n if (report_verbosity > 0) security_warning(port:0, extra:aix_report_extra);\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = aix_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bos.net.tcp.client / bos.net.tcp.server\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T16:40:59", "description": "- SSLv3 server connections are now disabled by default, in response to the POODLE vulnerability, see https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014- 3566.\n\n - Several PGP/Core plugin improvements\n\n - A new version of the RSSyl plugin, completely redesigned and rewritten.\n\n - The results of TAB address completion in the Compose window have improved ordering.\n\n - Due to popular demand, use of the Up key in the message body in the Compose window stops at the top of the message body and does not continue up to the header fields. This reverts the behaviour introduced in version 3.10.0.\n\n - In the Compose window, when navigating with the arrow keys, selecting, and thus modifying, the Account selector is now prevented.\n\n - In the Compose window, a mnemonic (s) has been added to the Subject line.\n\n - The Queue folder is highlighted if there are messages in its sub-folders and the tree is collapsed.\n\n - When sorting messages by 'thread date', clicking the 'Date' column header will now toggle between ascending/descending and will not switch to 'date' sorting.\n\n - A new QuickSearch filter has been added that searches a header's content only. H S : messages which contain S in the value of any header.\n\n - A Reply-To field has been added to the main Template configuration.\n\n - The menubar can now be hidden, default hotkey: F12.\n\n - Fancy plugin: A user-controlled stylesheet can now be used.\n\n - Python plugin: Add flag attributes to MessageInfo object.\n\n - Python plugin: Make 'account' property of ComposeWindow read/write.\n\n - Libravatar plugin: a network timeout option has been added.\n\n - Use 'gnutls_priority' hidden account preference for POP3 and STARTTLS connections, in addition to SMTP.\n\n - RSSyl plugin: Enable use of .netrc to store network credentials.\n\n - The tbird2claws.py script, for converting a Thunderbird mailbox to a Claws Mail mailbox, now handles sub-directory recursion.\n\n - Updated translations\n\n - Various Bugfixes New in 3.10.1 :\n\n - Add an account preference to allow automatically accepting unknown and changed SSL certificates, if they're valid (that is, if the root CA is trusted by the distro).\n\n - RFE 3196, 'When changing quicksearch Search Type, set focus to search input box'\n\n - PGP/Core plugin: Generate 2048 bit RSA keys.\n\n - Major code cleanup.\n\n - Extended claws-mail.desktop with Compose and Receive actions.\n\n - Updated Bulgarian, Brazilian Portuguese, Czech, Dutch, Esperanto, Finnish, French, German,Hebrew, Hungarian, Indonesian, Lithuanian, Slovak, Spanish, and Swedish translations.\n\n - Bug fixes\n\nNew in 3.10.0 :\n\n - Complete SSL certificate chains are now saved, and if built with Libetpan 1.4.1, the IMAP SSL connection's certificate chain is made available. Both of these allow correct certificate verification instead of a bogus 'No certificate issuer found' status.\n\n - Auto-configuration of account email servers, based on SRV records, is now possible. (GLib >= 2.22 is required.)\n\n - Added a preference to avoid automatically drafting emails that are to be sent encrypted, (Configuration/Preferences/Compose/Writing).\n\n - Messages saved as Drafts are now saved as New, highlighting the Drafts folder, in order to draw the attention to unfinished mails there.\n\n - It is now possible to add a 'Replace signature' button to the Compose window toolbar.\n\n - Quotation wrapping and undo/redo in the Compose window has been improved.\n\n - 'Reply to all' now excludes your own address.\n\n - The 'Generate X-Mailer header' option has been renamed 'Add user agent header' and applies to both X-Mailer and X-Newsreader headers.\n\n - Added hidden preferences, 'address_search_wildcard' and 'folder_search_wildcard', to choose between matching from start of the folder name/address or any part of the name. (Activating these options restores the previous behaviour.)\n\n - Added hidden preference 'enable_avatars' to control the internal capture/render process, and which allows disabling it by external plugins for example.\n\n - 'Check for new folders' now only updates the folder list, not updating the contents of folders. If needed, it can be followed by 'Check for new messages'\n\n - When using Redirect, the redirecting account's address is used in the SMTP MAIL FROM instead of the original sender's address.\n\n - NEW: Libravatar plugin, which displays avatars from https://www.libravatar.org/\n\n - Added support for an arbitrary number and sources of 'avatars' and images for email senders, and migrated Face and X-Face headers.\n\n - Avatars are now included when printing mails.\n\n - The GPG keyring can now be used as the source for address auto-completion.\n\n - The vCalendar and RSSyl plugins now have an option to disable SSL certificate verification (and check them by default).\n\n - The ClamAV plugin now pops up an error message only once instead of repeatedly\n\n - Updated the man page and the manual.\n\n - Updated Brazilian Portuguese, British English, Czech, Dutch, Finnish, French, Hebrew, Hungarian, Indonesian, Lithuanian, Slovak, Spanish, and Swedish translations.\n\n - Added Esperanto translation.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2014-11-11T00:00:00", "type": "nessus", "title": "Fedora 20 : claws-mail-3.11.1-2.fc20 / claws-mail-plugins-3.11.1-1.fc20 / libetpan-1.6-1.fc20 (2014-14234) (POODLE)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:claws-mail", "p-cpe:/a:fedoraproject:fedora:claws-mail-plugins", "p-cpe:/a:fedoraproject:fedora:libetpan", "cpe:/o:fedoraproject:fedora:20"], "id": "FEDORA_2014-14234.NASL", "href": "https://www.tenable.com/plugins/nessus/79097", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-14234.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79097);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-3566\");\n script_bugtraq_id(70574);\n script_xref(name:\"FEDORA\", value:\"2014-14234\");\n\n script_name(english:\"Fedora 20 : claws-mail-3.11.1-2.fc20 / claws-mail-plugins-3.11.1-1.fc20 / libetpan-1.6-1.fc20 (2014-14234) (POODLE)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - SSLv3 server connections are now disabled by default, in\n response to the POODLE vulnerability, see\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-\n 3566.\n\n - Several PGP/Core plugin improvements\n\n - A new version of the RSSyl plugin, completely redesigned\n and rewritten.\n\n - The results of TAB address completion in the Compose\n window have improved ordering.\n\n - Due to popular demand, use of the Up key in the message\n body in the Compose window stops at the top of the\n message body and does not continue up to the header\n fields. This reverts the behaviour introduced in version\n 3.10.0.\n\n - In the Compose window, when navigating with the arrow\n keys, selecting, and thus modifying, the Account\n selector is now prevented.\n\n - In the Compose window, a mnemonic (s) has been added to\n the Subject line.\n\n - The Queue folder is highlighted if there are messages in\n its sub-folders and the tree is collapsed.\n\n - When sorting messages by 'thread date', clicking the\n 'Date' column header will now toggle between\n ascending/descending and will not switch to 'date'\n sorting.\n\n - A new QuickSearch filter has been added that searches a\n header's content only. H S : messages which contain S in\n the value of any header.\n\n - A Reply-To field has been added to the main Template\n configuration.\n\n - The menubar can now be hidden, default hotkey: F12.\n\n - Fancy plugin: A user-controlled stylesheet can now be\n used.\n\n - Python plugin: Add flag attributes to MessageInfo\n object.\n\n - Python plugin: Make 'account' property of ComposeWindow\n read/write.\n\n - Libravatar plugin: a network timeout option has been\n added.\n\n - Use 'gnutls_priority' hidden account preference for POP3\n and STARTTLS connections, in addition to SMTP.\n\n - RSSyl plugin: Enable use of .netrc to store network\n credentials.\n\n - The tbird2claws.py script, for converting a Thunderbird\n mailbox to a Claws Mail mailbox, now handles\n sub-directory recursion.\n\n - Updated translations\n\n - Various Bugfixes New in 3.10.1 :\n\n - Add an account preference to allow automatically\n accepting unknown and changed SSL certificates, if\n they're valid (that is, if the root CA is trusted by the\n distro).\n\n - RFE 3196, 'When changing quicksearch Search Type, set\n focus to search input box'\n\n - PGP/Core plugin: Generate 2048 bit RSA keys.\n\n - Major code cleanup.\n\n - Extended claws-mail.desktop with Compose and Receive\n actions.\n\n - Updated Bulgarian, Brazilian Portuguese, Czech, Dutch,\n Esperanto, Finnish, French, German,Hebrew, Hungarian,\n Indonesian, Lithuanian, Slovak, Spanish, and Swedish\n translations.\n\n - Bug fixes\n\nNew in 3.10.0 :\n\n - Complete SSL certificate chains are now saved, and if\n built with Libetpan 1.4.1, the IMAP SSL connection's\n certificate chain is made available. Both of these allow\n correct certificate verification instead of a bogus 'No\n certificate issuer found' status.\n\n - Auto-configuration of account email servers, based on\n SRV records, is now possible. (GLib >= 2.22 is\n required.)\n\n - Added a preference to avoid automatically drafting\n emails that are to be sent encrypted,\n (Configuration/Preferences/Compose/Writing).\n\n - Messages saved as Drafts are now saved as New,\n highlighting the Drafts folder, in order to draw the\n attention to unfinished mails there.\n\n - It is now possible to add a 'Replace signature' button\n to the Compose window toolbar.\n\n - Quotation wrapping and undo/redo in the Compose window\n has been improved.\n\n - 'Reply to all' now excludes your own address.\n\n - The 'Generate X-Mailer header' option has been renamed\n 'Add user agent header' and applies to both X-Mailer and\n X-Newsreader headers.\n\n - Added hidden preferences, 'address_search_wildcard' and\n 'folder_search_wildcard', to choose between matching\n from start of the folder name/address or any part of the\n name. (Activating these options restores the previous\n behaviour.)\n\n - Added hidden preference 'enable_avatars' to control the\n internal capture/render process, and which allows\n disabling it by external plugins for example.\n\n - 'Check for new folders' now only updates the folder\n list, not updating the contents of folders. If needed,\n it can be followed by 'Check for new messages'\n\n - When using Redirect, the redirecting account's address\n is used in the SMTP MAIL FROM instead of the original\n sender's address.\n\n - NEW: Libravatar plugin, which displays avatars from\n https://www.libravatar.org/\n\n - Added support for an arbitrary number and sources of\n 'avatars' and images for email senders, and migrated\n Face and X-Face headers.\n\n - Avatars are now included when printing mails.\n\n - The GPG keyring can now be used as the source for\n address auto-completion.\n\n - The vCalendar and RSSyl plugins now have an option to\n disable SSL certificate verification (and check them by\n default).\n\n - The ClamAV plugin now pops up an error message only once\n instead of repeatedly\n\n - Updated the man page and the manual.\n\n - Updated Brazilian Portuguese, British English, Czech,\n Dutch, Finnish, French, Hebrew, Hungarian, Indonesian,\n Lithuanian, Slovak, Spanish, and Swedish translations.\n\n - Added Esperanto translation.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1010993\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1011098\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1035851\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1036346\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1063035\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1070480\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1071327\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1076387\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1078996\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1079509\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1079620\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1081224\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1085382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1090300\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1096041\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1096895\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1110255\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1153970\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=569478\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=601982\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=977924\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=982533\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=990650\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-November/143133.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b097c80b\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-November/143134.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f807f410\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-November/143135.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7991626b\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.libravatar.org/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected claws-mail, claws-mail-plugins and / or libetpan\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:claws-mail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:claws-mail-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libetpan\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/11\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"claws-mail-3.11.1-2.fc20\")) flag++;\nif (rpm_check(release:\"FC20\", reference:\"claws-mail-plugins-3.11.1-1.fc20\")) flag++;\nif (rpm_check(release:\"FC20\", reference:\"libetpan-1.6-1.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"claws-mail / claws-mail-plugins / libetpan\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T16:40:04", "description": "- SSLv3 server connections are now disabled by default, in response to the POODLE vulnerability, see https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014- 3566.\n\n - Several PGP/Core plugin improvements\n\n - A new version of the RSSyl plugin, completely redesigned and rewritten.\n\n - The results of TAB address completion in the Compose window have improved ordering.\n\n - Due to popular demand, use of the Up key in the message body in the Compose window stops at the top of the message body and does not continue up to the header fields. This reverts the behaviour introduced in version 3.10.0.\n\n - In the Compose window, when navigating with the arrow keys, selecting, and thus modifying, the Account selector is now prevented.\n\n - In the Compose window, a mnemonic (s) has been added to the Subject line.\n\n - The Queue folder is highlighted if there are messages in its sub-folders and the tree is collapsed.\n\n - When sorting messages by 'thread date', clicking the 'Date' column header will now toggle between ascending/descending and will not switch to 'date' sorting.\n\n - A new QuickSearch filter has been added that searches a header's content only. H S : messages which contain S in the value of any header.\n\n - A Reply-To field has been added to the main Template configuration.\n\n - The menubar can now be hidden, default hotkey: F12.\n\n - Fancy plugin: A user-controlled stylesheet can now be used.\n\n - Python plugin: Add flag attributes to MessageInfo object.\n\n - Python plugin: Make 'account' property of ComposeWindow read/write.\n\n - Libravatar plugin: a network timeout option has been added.\n\n - Use 'gnutls_priority' hidden account preference for POP3 and STARTTLS connections, in addition to SMTP.\n\n - RSSyl plugin: Enable use of .netrc to store network credentials.\n\n - The tbird2claws.py script, for converting a Thunderbird mailbox to a Claws Mail mailbox, now handles sub-directory recursion.\n\n - Updated translations\n\n - Various Bugfixes New in 3.10.1 :\n\n - Add an account preference to allow automatically accepting unknown and changed SSL certificates, if they're valid (that is, if the root CA is trusted by the distro).\n\n - RFE 3196, 'When changing quicksearch Search Type, set focus to search input box'\n\n - PGP/Core plugin: Generate 2048 bit RSA keys.\n\n - Major code cleanup.\n\n - Extended claws-mail.desktop with Compose and Receive actions.\n\n - Updated Bulgarian, Brazilian Portuguese, Czech, Dutch, Esperanto, Finnish, French, German,Hebrew, Hungarian, Indonesian, Lithuanian, Slovak, Spanish, and Swedish translations.\n\n - Bug fixes\n\nNew in 3.10.0 :\n\n - Complete SSL certificate chains are now saved, and if built with Libetpan 1.4.1, the IMAP SSL connection's certificate chain is made available. Both of these allow correct certificate verification instead of a bogus 'No certificate issuer found' status.\n\n - Auto-configuration of account email servers, based on SRV records, is now possible. (GLib >= 2.22 is required.)\n\n - Added a preference to avoid automatically drafting emails that are to be sent encrypted, (Configuration/Preferences/Compose/Writing).\n\n - Messages saved as Drafts are now saved as New, highlighting the Drafts folder, in order to draw the attention to unfinished mails there.\n\n - It is now possible to add a 'Replace signature' button to the Compose window toolbar.\n\n - Quotation wrapping and undo/redo in the Compose window has been improved.\n\n - 'Reply to all' now excludes your own address.\n\n - The 'Generate X-Mailer header' option has been renamed 'Add user agent header' and applies to both X-Mailer and X-Newsreader headers.\n\n - Added hidden preferences, 'address_search_wildcard' and 'folder_search_wildcard', to choose between matching from start of the folder name/address or any part of the name. (Activating these options restores the previous behaviour.)\n\n - Added hidden preference 'enable_avatars' to control the internal capture/render process, and which allows disabling it by external plugins for example.\n\n - 'Check for new folders' now only updates the folder list, not updating the contents of folders. If needed, it can be followed by 'Check for new messages'\n\n - When using Redirect, the redirecting account's address is used in the SMTP MAIL FROM instead of the original sender's address.\n\n - NEW: Libravatar plugin, which displays avatars from https://www.libravatar.org/\n\n - Added support for an arbitrary number and sources of 'avatars' and images for email senders, and migrated Face and X-Face headers.\n\n - Avatars are now included when printing mails.\n\n - The GPG keyring can now be used as the source for address auto-completion.\n\n - The vCalendar and RSSyl plugins now have an option to disable SSL certificate verification (and check them by default).\n\n - The ClamAV plugin now pops up an error message only once instead of repeatedly\n\n - Updated the man page and the manual.\n\n - Updated Brazilian Portuguese, British English, Czech, Dutch, Finnish, French, Hebrew, Hungarian, Indonesian, Lithuanian, Slovak, Spanish, and Swedish translations.\n\n - Added Esperanto translation.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2014-11-11T00:00:00", "type": "nessus", "title": "Fedora 21 : claws-mail-3.11.1-2.fc21 / claws-mail-plugins-3.11.1-1.fc21 / libetpan-1.6-1.fc21 (2014-14217) (POODLE)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:claws-mail", "p-cpe:/a:fedoraproject:fedora:claws-mail-plugins", "p-cpe:/a:fedoraproject:fedora:libetpan", "cpe:/o:fedoraproject:fedora:21"], "id": "FEDORA_2014-14217.NASL", "href": "https://www.tenable.com/plugins/nessus/79096", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-14217.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79096);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-3566\");\n script_bugtraq_id(70574);\n script_xref(name:\"FEDORA\", value:\"2014-14217\");\n\n script_name(english:\"Fedora 21 : claws-mail-3.11.1-2.fc21 / claws-mail-plugins-3.11.1-1.fc21 / libetpan-1.6-1.fc21 (2014-14217) (POODLE)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - SSLv3 server connections are now disabled by default, in\n response to the POODLE vulnerability, see\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-\n 3566.\n\n - Several PGP/Core plugin improvements\n\n - A new version of the RSSyl plugin, completely redesigned\n and rewritten.\n\n - The results of TAB address completion in the Compose\n window have improved ordering.\n\n - Due to popular demand, use of the Up key in the message\n body in the Compose window stops at the top of the\n message body and does not continue up to the header\n fields. This reverts the behaviour introduced in version\n 3.10.0.\n\n - In the Compose window, when navigating with the arrow\n keys, selecting, and thus modifying, the Account\n selector is now prevented.\n\n - In the Compose window, a mnemonic (s) has been added to\n the Subject line.\n\n - The Queue folder is highlighted if there are messages in\n its sub-folders and the tree is collapsed.\n\n - When sorting messages by 'thread date', clicking the\n 'Date' column header will now toggle between\n ascending/descending and will not switch to 'date'\n sorting.\n\n - A new QuickSearch filter has been added that searches a\n header's content only. H S : messages which contain S in\n the value of any header.\n\n - A Reply-To field has been added to the main Template\n configuration.\n\n - The menubar can now be hidden, default hotkey: F12.\n\n - Fancy plugin: A user-controlled stylesheet can now be\n used.\n\n - Python plugin: Add flag attributes to MessageInfo\n object.\n\n - Python plugin: Make 'account' property of ComposeWindow\n read/write.\n\n - Libravatar plugin: a network timeout option has been\n added.\n\n - Use 'gnutls_priority' hidden account preference for POP3\n and STARTTLS connections, in addition to SMTP.\n\n - RSSyl plugin: Enable use of .netrc to store network\n credentials.\n\n - The tbird2claws.py script, for converting a Thunderbird\n mailbox to a Claws Mail mailbox, now handles\n sub-directory recursion.\n\n - Updated translations\n\n - Various Bugfixes New in 3.10.1 :\n\n - Add an account preference to allow automatically\n accepting unknown and changed SSL certificates, if\n they're valid (that is, if the root CA is trusted by the\n distro).\n\n - RFE 3196, 'When changing quicksearch Search Type, set\n focus to search input box'\n\n - PGP/Core plugin: Generate 2048 bit RSA keys.\n\n - Major code cleanup.\n\n - Extended claws-mail.desktop with Compose and Receive\n actions.\n\n - Updated Bulgarian, Brazilian Portuguese, Czech, Dutch,\n Esperanto, Finnish, French, German,Hebrew, Hungarian,\n Indonesian, Lithuanian, Slovak, Spanish, and Swedish\n translations.\n\n - Bug fixes\n\nNew in 3.10.0 :\n\n - Complete SSL certificate chains are now saved, and if\n built with Libetpan 1.4.1, the IMAP SSL connection's\n certificate chain is made available. Both of these allow\n correct certificate verification instead of a bogus 'No\n certificate issuer found' status.\n\n - Auto-configuration of account email servers, based on\n SRV records, is now possible. (GLib >= 2.22 is\n required.)\n\n - Added a preference to avoid automatically drafting\n emails that are to be sent encrypted,\n (Configuration/Preferences/Compose/Writing).\n\n - Messages saved as Drafts are now saved as New,\n highlighting the Drafts folder, in order to draw the\n attention to unfinished mails there.\n\n - It is now possible to add a 'Replace signature' button\n to the Compose window toolbar.\n\n - Quotation wrapping and undo/redo in the Compose window\n has been improved.\n\n - 'Reply to all' now excludes your own address.\n\n - The 'Generate X-Mailer header' option has been renamed\n 'Add user agent header' and applies to both X-Mailer and\n X-Newsreader headers.\n\n - Added hidden preferences, 'address_search_wildcard' and\n 'folder_search_wildcard', to choose between matching\n from start of the folder name/address or any part of the\n name. (Activating these options restores the previous\n behaviour.)\n\n - Added hidden preference 'enable_avatars' to control the\n internal capture/render process, and which allows\n disabling it by external plugins for example.\n\n - 'Check for new folders' now only updates the folder\n list, not updating the contents of folders. If needed,\n it can be followed by 'Check for new messages'\n\n - When using Redirect, the redirecting account's address\n is used in the SMTP MAIL FROM instead of the original\n sender's address.\n\n - NEW: Libravatar plugin, which displays avatars from\n https://www.libravatar.org/\n\n - Added support for an arbitrary number and sources of\n 'avatars' and images for email senders, and migrated\n Face and X-Face headers.\n\n - Avatars are now included when printing mails.\n\n - The GPG keyring can now be used as the source for\n address auto-completion.\n\n - The vCalendar and RSSyl plugins now have an option to\n disable SSL certificate verification (and check them by\n default).\n\n - The ClamAV plugin now pops up an error message only once\n instead of repeatedly\n\n - Updated the man page and the manual.\n\n - Updated Brazilian Portuguese, British English, Czech,\n Dutch, Finnish, French, Hebrew, Hungarian, Indonesian,\n Lithuanian, Slovak, Spanish, and Swedish translations.\n\n - Added Esperanto translation.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1010993\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1011098\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1035851\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1036346\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1063035\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1070480\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1071327\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1076387\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1078996\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1079509\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1079620\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1081224\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1085382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1090300\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1096041\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1096895\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1110255\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1153970\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=569478\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=601982\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=977924\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=982533\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=990650\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-November/143162.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?97a8a38f\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-November/143163.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e11dcb5d\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-November/143164.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a72459de\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.libravatar.org/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected claws-mail, claws-mail-plugins and / or libetpan\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:claws-mail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:claws-mail-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libetpan\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/11\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"claws-mail-3.11.1-2.fc21\")) flag++;\nif (rpm_check(release:\"FC21\", reference:\"claws-mail-plugins-3.11.1-1.fc21\")) flag++;\nif (rpm_check(release:\"FC21\", reference:\"libetpan-1.6-1.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"claws-mail / claws-mail-plugins / libetpan\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-03-04T14:47:51", "description": "A man-in-the-middle (MitM) information disclosure vulnerability, known as POODLE, exists due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. A MitM attacker can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2015-06-19T00:00:00", "type": "nessus", "title": "AIX 7.1 TL 2 : nettcp (IV73319) (POODLE)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2021-01-04T00:00:00", "cpe": ["cpe:/o:ibm:aix:7.1"], "id": "AIX_IV73319.NASL", "href": "https://www.tenable.com/plugins/nessus/84266", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84266);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2014-3566\");\n script_bugtraq_id(70574);\n script_xref(name:\"CERT\", value:\"577193\");\n\n script_name(english:\"AIX 7.1 TL 2 : nettcp (IV73319) (POODLE)\");\n script_summary(english:\"Check for APAR IV73319 or APAR IV75645.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AIX host is missing a security patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"A man-in-the-middle (MitM) information disclosure vulnerability,\nknown as POODLE, exists due to the way SSL 3.0 handles padding bytes\nwhen decrypting messages encrypted using block ciphers in cipher block\nchaining (CBC) mode. A MitM attacker can decrypt a selected byte of a\ncipher text in as few as 256 tries if they are able to force a victim\napplication to repeatedly send the same data over newly created SSL\n3.0 connections.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://aix.software.ibm.com/aix/efixes/security/nettcp_advisory.asc\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.imperialviolet.org/2014/10/14/poodle.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/~bodo/ssl-poodle.pdf\");\n script_set_attribute(attribute:\"see_also\", value:\"https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00\");\n script_set_attribute(attribute:\"solution\", value:\"Install the appropriate interim fix.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix:7.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/19\");\n\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"AIX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\", \"Host/AIX/oslevelsp\");\n\n exit(0);\n}\n\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"aix.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif ( ! get_kb_item(\"Host/AIX/version\") ) audit(AUDIT_OS_NOT, \"AIX\");\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit(0, \"This iFix check is disabled because : \"+get_kb_item(\"Host/AIX/emgr_failure\") );\n\noslevel = chomp(get_kb_item(\"Host/AIX/oslevelsp\"));\nif (isnull(oslevel)) audit(AUDIT_UNKNOWN_APP_VER, \"AIX\");\noslevelparts = split(oslevel, sep:'-', keep:0);\nif ( max_index(oslevelparts) != 4 ) audit(AUDIT_UNKNOWN_APP_VER, \"AIX\");\nif ( oslevelparts[0] != \"7100\" || oslevelparts[1] != \"02\" || oslevelparts[2] != \"06\" ) audit(AUDIT_OS_NOT, \"AIX 7100-02-06\", \"AIX \" + oslevel);\n\nflag = 0;\n\nif (aix_check_ifix(release:\"7.1\", ml:\"02\", sp:\"06\", patch:\"(IV73319s6a|IV75645m6a)\", package:\"bos.net.tcp.client\", minfilesetver:\"7.1.0.0\", maxfilesetver:\"7.1.2.19\") < 0) flag++;\nif (aix_check_ifix(release:\"7.1\", ml:\"02\", sp:\"06\", patch:\"(IV73319s6a|IV75645m6a)\", package:\"bos.net.tcp.server\", minfilesetver:\"7.1.0.0\", maxfilesetver:\"7.1.2.18\") < 0) flag++;\n\nif (flag)\n{\n aix_report_extra = ereg_replace(string:aix_report_get(), pattern:\"[()]\", replace:\"\");\n aix_report_extra = ereg_replace(string:aix_report_extra, pattern:\"[|]\", replace:\" or \");\n if (report_verbosity > 0) security_warning(port:0, extra:aix_report_extra);\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = aix_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bos.net.tcp.client / bos.net.tcp.server\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T16:39:11", "description": "A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. This flaw allows a man-in-the-middle (MITM) attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2014-10-20T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : nss (ALAS-2014-429) (POODLE)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2019-11-12T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:nss", "p-cpe:/a:amazon:linux:nss-debuginfo", "p-cpe:/a:amazon:linux:nss-devel", "p-cpe:/a:amazon:linux:nss-pkcs11-devel", "p-cpe:/a:amazon:linux:nss-sysinit", "p-cpe:/a:amazon:linux:nss-tools", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2014-429.NASL", "href": "https://www.tenable.com/plugins/nessus/78559", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2014-429.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78559);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2019/11/12\");\n\n script_cve_id(\"CVE-2014-3566\");\n script_xref(name:\"ALAS\", value:\"2014-429\");\n\n script_name(english:\"Amazon Linux AMI : nss (ALAS-2014-429) (POODLE)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was found in the way SSL 3.0 handled padding bytes when\ndecrypting messages encrypted using block ciphers in cipher block\nchaining (CBC) mode. This flaw allows a man-in-the-middle (MITM)\nattacker to decrypt a selected byte of a cipher text in as few as 256\ntries if they are able to force a victim application to repeatedly\nsend the same data over newly created SSL 3.0 connections.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2014-429.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update nss' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:nss-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:nss-pkcs11-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:nss-sysinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/20\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"nss-3.16.2-7.57.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"nss-debuginfo-3.16.2-7.57.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"nss-devel-3.16.2-7.57.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"nss-pkcs11-devel-3.16.2-7.57.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"nss-sysinit-3.16.2-7.57.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"nss-tools-3.16.2-7.57.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nss / nss-debuginfo / nss-devel / nss-pkcs11-devel / nss-sysinit / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-18T14:41:06", "description": "New features :\n\n - Send list of compliance reasons on dbus\n\n - Added client-side support for --matches on the list command.\n\nSecurity :\n\n - 1153375: Support TLSv1.2 and v1.1 by default.\n (CVE-2014-3566)\n\nBug fixes :\n\n - 1120772: Don't traceback on missing /ostree/repo\n\n - 1094747: add appdata metdata file\n\n - 1122107: Clarify registration --consumerid option in manpage.\n\n - 1151925: Improved filtered listing output when results are empty.\n\n - 990183: Add a manpage for rhsm.conf\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2014-11-07T00:00:00", "type": "nessus", "title": "Fedora 19 : python-rhsm-1.13.6-1.fc19 (2014-13794)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-3566"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:python-rhsm", "cpe:/o:fedoraproject:fedora:19"], "id": "FEDORA_2014-13794.NASL", "href": "https://www.tenable.com/plugins/nessus/78906", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-13794.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(78906);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_bugtraq_id(70574);\n script_xref(name:\"FEDORA\", value:\"2014-13794\");\n\n script_name(english:\"Fedora 19 : python-rhsm-1.13.6-1.fc19 (2014-13794)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New features :\n\n - Send list of compliance reasons on dbus\n\n - Added client-side support for --matches on the list\n command.\n\nSecurity :\n\n - 1153375: Support TLSv1.2 and v1.1 by default.\n (CVE-2014-3566)\n\nBug fixes :\n\n - 1120772: Don't traceback on missing /ostree/repo\n\n - 1094747: add appdata metdata file\n\n - 1122107: Clarify registration --consumerid option in\n manpage.\n\n - 1151925: Improved filtered listing output when results\n are empty.\n\n - 990183: Add a manpage for rhsm.conf\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-November/142743.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?600f5266\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python-rhsm package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:python-rhsm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"python-rhsm-1.13.6-1.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python-rhsm\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-21T16:39:43", "description": "Updated openssl packages that contain a backported patch to mitigate the CVE-2014-3566 issue are now available for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having Moderate security impact.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL), Transport Layer Security (TLS), and Datagram Transport Layer Security (DTLS) protocols, as well as a full-strength, general purpose cryptography library.\n\nThis update adds support for the TLS Fallback Signaling Cipher Suite Value (TLS_FALLBACK_SCSV), which can be used to prevent protocol downgrade attacks against applications which re-connect using a lower SSL/TLS protocol version when the initial connection indicating the highest supported protocol version fails.\n\nThis can prevent a forceful downgrade of the communication to SSL 3.0.\nThe SSL 3.0 protocol was found to be vulnerable to the padding oracle attack when using block cipher suites in cipher block chaining (CBC) mode. This issue is identified as CVE-2014-3566, and also known under the alias POODLE. This SSL 3.0 protocol flaw will not be addressed in a future update; it is recommended that users configure their applications to require at least TLS protocol version 1.0 for secure communication.\n\nFor additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1232123\n\nAll OpenSSL users are advised to upgrade to these updated packages, which contain a backported patch to mitigate the CVE-2014-3566 issue.\nFor the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2014-10-17T00:00:00", "type": "nessus", "title": "RHEL 5 : openssl (RHSA-2014:1653) (POODLE)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:openssl", "p-cpe:/a:redhat:enterprise_linux:openssl-debuginfo", "p-cpe:/a:redhat:enterprise_linux:openssl-devel", "p-cpe:/a:redhat:enterprise_linux:openssl-perl", "cpe:/o:redhat:enterprise_linux:5"], "id": "REDHAT-RHSA-2014-1653.NASL", "href": "https://www.tenable.com/plugins/nessus/78533", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:1653. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(78533);\n script_version(\"1.27\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-3566\");\n script_bugtraq_id(70574);\n script_xref(name:\"RHSA\", value:\"2014:1653\");\n\n script_name(english:\"RHEL 5 : openssl (RHSA-2014:1653) (POODLE)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated openssl packages that contain a backported patch to mitigate\nthe CVE-2014-3566 issue are now available for Red Hat Enterprise Linux\n5.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose\ncryptography library.\n\nThis update adds support for the TLS Fallback Signaling Cipher Suite\nValue (TLS_FALLBACK_SCSV), which can be used to prevent protocol\ndowngrade attacks against applications which re-connect using a lower\nSSL/TLS protocol version when the initial connection indicating the\nhighest supported protocol version fails.\n\nThis can prevent a forceful downgrade of the communication to SSL 3.0.\nThe SSL 3.0 protocol was found to be vulnerable to the padding oracle\nattack when using block cipher suites in cipher block chaining (CBC)\nmode. This issue is identified as CVE-2014-3566, and also known under\nthe alias POODLE. This SSL 3.0 protocol flaw will not be addressed in\na future update; it is recommended that users configure their\napplications to require at least TLS protocol version 1.0 for secure\ncommunication.\n\nFor additional information about this flaw, see the Knowledgebase\narticle at https://access.redhat.com/articles/1232123\n\nAll OpenSSL users are advised to upgrade to these updated packages,\nwhich contain a backported patch to mitigate the CVE-2014-3566 issue.\nFor the update to take effect, all services linked to the OpenSSL\nlibrary (such as httpd and other SSL-enabled services) must be\nrestarted or the system rebooted.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/articles/1232123\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:1653\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/16\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:1653\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"openssl-0.9.8e-31.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"openssl-debuginfo-0.9.8e-31.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"openssl-devel-0.9.8e-31.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"openssl-perl-0.9.8e-31.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"openssl-perl-0.9.8e-31.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"openssl-perl-0.9.8e-31.el5_11\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-debuginfo / openssl-devel / openssl-perl\");\n }\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-03-05T14:58:33", "description": "lighttpd, a small webserver, is vulnerable to the POODLE attack via the use of SSLv3. This protocol is now disabled by default.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2016-02-25T00:00:00", "type": "nessus", "title": "Debian DSA-3489-1 : lighttpd - security update (POODLE)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:lighttpd", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DSA-3489.NASL", "href": "https://www.tenable.com/plugins/nessus/88941", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3489. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(88941);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-3566\");\n script_xref(name:\"DSA\", value:\"3489\");\n\n script_name(english:\"Debian DSA-3489-1 : lighttpd - security update (POODLE)\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"lighttpd, a small webserver, is vulnerable to the POODLE attack via\nthe use of SSLv3. This protocol is now disabled by default.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765702\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/lighttpd\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2016/dsa-3489\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the lighttpd packages.\n\nFor the oldstable distribution (wheezy), this problem has been fixed\nin version 1.4.31-4+deb7u4.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/25\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"lighttpd\", reference:\"1.4.31-4+deb7u4\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"lighttpd-doc\", reference:\"1.4.31-4+deb7u4\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"lighttpd-mod-cml\", reference:\"1.4.31-4+deb7u4\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"lighttpd-mod-magnet\", reference:\"1.4.31-4+deb7u4\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"lighttpd-mod-mysql-vhost\", reference:\"1.4.31-4+deb7u4\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"lighttpd-mod-trigger-b4-dl\", reference:\"1.4.31-4+deb7u4\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"lighttpd-mod-webdav\", reference:\"1.4.31-4+deb7u4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T16:42:32", "description": "From Red Hat Security Advisory 2014:1948 :\n\nUpdated nss, nss-util, and nss-softokn packages that contain a patch to mitigate the CVE-2014-3566 issue, fix a number of bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5, 6, and 7.\n\nRed Hat Product Security has rated this update as having Important security impact.\n\nNetwork Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities.\n\nThis update adds support for the TLS Fallback Signaling Cipher Suite Value (TLS_FALLBACK_SCSV), which can be used to prevent protocol downgrade attacks against applications which re-connect using a lower SSL/TLS protocol version when the initial connection indicating the highest supported protocol version fails.\n\nThis can prevent a forceful downgrade of the communication to SSL 3.0.\nThe SSL 3.0 protocol was found to be vulnerable to the padding oracle attack when using block cipher suites in cipher block chaining (CBC) mode. This issue is identified as CVE-2014-3566, and also known under the alias POODLE. This SSL 3.0 protocol flaw will not be addressed in a future update; it is recommended that users configure their applications to require at least TLS protocol version 1.0 for secure communication.\n\nFor additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1232123\n\nThe nss, nss-util, and nss-softokn packages have been upgraded to upstream version 3.16.2.3, which provides a number of bug fixes and enhancements over the previous version, and adds the support for Mozilla Firefox 31.3. (BZ#1158159, BZ#1165003, BZ#1165525)\n\nUsers of nss, nss-util, and nss-softokn are advised to upgrade to these updated packages, which contain a backported patch to mitigate the CVE-2014-3566 issue, fix these bugs, and add these enhancements.\nAfter installing this update, applications using NSS or NSPR must be restarted for this update to take effect.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2014-12-03T00:00:00", "type": "nessus", "title": "Oracle Linux 5 / 6 / 7 : nss / nss-softokn / nss-util (ELSA-2014-1948) (POODLE)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:nss", "p-cpe:/a:oracle:linux:nss-devel", "p-cpe:/a:oracle:linux:nss-pkcs11-devel", "p-cpe:/a:oracle:linux:nss-softokn", "p-cpe:/a:oracle:linux:nss-softokn-devel", "p-cpe:/a:oracle:linux:nss-softokn-freebl", "p-cpe:/a:oracle:linux:nss-softokn-freebl-devel", "p-cpe:/a:oracle:linux:nss-sysinit", "p-cpe:/a:oracle:linux:nss-tools", "p-cpe:/a:oracle:linux:nss-util", "p-cpe:/a:oracle:linux:nss-util-devel", "cpe:/o:oracle:linux:5", "cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2014-1948.NASL", "href": "https://www.tenable.com/plugins/nessus/79681", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2014:1948 and \n# Oracle Linux Security Advisory ELSA-2014-1948 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79681);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-3566\");\n script_bugtraq_id(70574);\n script_xref(name:\"RHSA\", value:\"2014:1948\");\n\n script_name(english:\"Oracle Linux 5 / 6 / 7 : nss / nss-softokn / nss-util (ELSA-2014-1948) (POODLE)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2014:1948 :\n\nUpdated nss, nss-util, and nss-softokn packages that contain a patch\nto mitigate the CVE-2014-3566 issue, fix a number of bugs, and add\nvarious enhancements are now available for Red Hat Enterprise Linux 5,\n6, and 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact.\n\nNetwork Security Services (NSS) is a set of libraries designed to\nsupport the cross-platform development of security-enabled client and\nserver applications. Netscape Portable Runtime (NSPR) provides\nplatform independence for non-GUI operating system facilities.\n\nThis update adds support for the TLS Fallback Signaling Cipher Suite\nValue (TLS_FALLBACK_SCSV), which can be used to prevent protocol\ndowngrade attacks against applications which re-connect using a lower\nSSL/TLS protocol version when the initial connection indicating the\nhighest supported protocol version fails.\n\nThis can prevent a forceful downgrade of the communication to SSL 3.0.\nThe SSL 3.0 protocol was found to be vulnerable to the padding oracle\nattack when using block cipher suites in cipher block chaining (CBC)\nmode. This issue is identified as CVE-2014-3566, and also known under\nthe alias POODLE. This SSL 3.0 protocol flaw will not be addressed in\na future update; it is recommended that users configure their\napplications to require at least TLS protocol version 1.0 for secure\ncommunication.\n\nFor additional information about this flaw, see the Knowledgebase\narticle at https://access.redhat.com/articles/1232123\n\nThe nss, nss-util, and nss-softokn packages have been upgraded to\nupstream version 3.16.2.3, which provides a number of bug fixes and\nenhancements over the previous version, and adds the support for\nMozilla Firefox 31.3. (BZ#1158159, BZ#1165003, BZ#1165525)\n\nUsers of nss, nss-util, and nss-softokn are advised to upgrade to\nthese updated packages, which contain a backported patch to mitigate\nthe CVE-2014-3566 issue, fix these bugs, and add these enhancements.\nAfter installing this update, applications using NSS or NSPR must be\nrestarted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2014-December/004676.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2014-December/004677.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2014-December/004678.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected nss, nss-softokn and / or nss-util packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nss-pkcs11-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nss-softokn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nss-softokn-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nss-softokn-freebl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nss-softokn-freebl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nss-sysinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nss-util\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nss-util-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/03\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5 / 6 / 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"nss-3.16.2.3-1.el5_11\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"nss-devel-3.16.2.3-1.el5_11\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"nss-pkcs11-devel-3.16.2.3-1.el5_11\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"nss-tools-3.16.2.3-1.el5_11\")) flag++;\n\nif (rpm_check(release:\"EL6\", reference:\"nss-3.16.2.3-3.0.1.el6_6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"nss-devel-3.16.2.3-3.0.1.el6_6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"nss-pkcs11-devel-3.16.2.3-3.0.1.el6_6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"nss-sysinit-3.16.2.3-3.0.1.el6_6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"nss-tools-3.16.2.3-3.0.1.el6_6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"nss-util-3.16.2.3-2.el6_6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"nss-util-devel-3.16.2.3-2.el6_6\")) flag++;\n\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"nss-3.16.2.3-2.0.1.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"nss-devel-3.16.2.3-2.0.1.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"nss-pkcs11-devel-3.16.2.3-2.0.1.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"nss-softokn-3.16.2.3-1.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"nss-softokn-devel-3.16.2.3-1.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"nss-softokn-freebl-3.16.2.3-1.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"nss-softokn-freebl-devel-3.16.2.3-1.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"nss-sysinit-3.16.2.3-2.0.1.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"nss-tools-3.16.2.3-2.0.1.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"nss-util-3.16.2.3-1.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"nss-util-devel-3.16.2.3-1.el7_0\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nss / nss-devel / nss-pkcs11-devel / nss-softokn / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T16:42:17", "description": "Updated nss, nss-util, and nss-softokn packages that contain a patch to mitigate the CVE-2014-3566 issue, fix a number of bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5, 6, and 7.\n\nRed Hat Product Security has rated this update as having Important security impact.\n\nNetwork Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities.\n\nThis update adds support for the TLS Fallback Signaling Cipher Suite Value (TLS_FALLBACK_SCSV), which can be used to prevent protocol downgrade attacks against applications which re-connect using a lower SSL/TLS protocol version when the initial connection indicating the highest supported protocol version fails.\n\nThis can prevent a forceful downgrade of the communication to SSL 3.0.\nThe SSL 3.0 protocol was found to be vulnerable to the padding oracle attack when using block cipher suites in cipher block chaining (CBC) mode. This issue is identified as CVE-2014-3566, and also known under the alias POODLE. This SSL 3.0 protocol flaw will not be addressed in a future update; it is recommended that users configure their applications to require at least TLS protocol version 1.0 for secure communication.\n\nFor additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1232123\n\nThe nss, nss-util, and nss-softokn packages have been upgraded to upstream version 3.16.2.3, which provides a number of bug fixes and enhancements over the previous version, and adds the support for Mozilla Firefox 31.3. (BZ#1158159, BZ#1165003, BZ#1165525)\n\nUsers of nss, nss-util, and nss-softokn are advised to upgrade to these updated packages, which contain a backported patch to mitigate the CVE-2014-3566 issue, fix these bugs, and add these enhancements.\nAfter installing this update, applications using NSS or NSPR must be restarted for this update to take effect.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2014-12-03T00:00:00", "type": "nessus", "title": "RHEL 5 / 6 / 7 : nss, nss-util, and nss-softokn (RHSA-2014:1948) (POODLE)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:nss", "p-cpe:/a:redhat:enterprise_linux:nss-debuginfo", "p-cpe:/a:redhat:enterprise_linux:nss-devel", "p-cpe:/a:redhat:enterprise_linux:nss-pkcs11-devel", "p-cpe:/a:redhat:enterprise_linux:nss-softokn", "p-cpe:/a:redhat:enterprise_linux:nss-softokn-debuginfo", "p-cpe:/a:redhat:enterprise_linux:nss-softokn-devel", "p-cpe:/a:redhat:enterprise_linux:nss-softokn-freebl", "p-cpe:/a:redhat:enterprise_linux:nss-softokn-freebl-devel", "p-cpe:/a:redhat:enterprise_linux:nss-sysinit", "p-cpe:/a:redhat:enterprise_linux:nss-tools", "p-cpe:/a:redhat:enterprise_linux:nss-util", "p-cpe:/a:redhat:enterprise_linux:nss-util-debuginfo", "p-cpe:/a:redhat:enterprise_linux:nss-util-devel", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.6", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.3", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2014-1948.NASL", "href": "https://www.tenable.com/plugins/nessus/79685", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:1948. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79685);\n script_version(\"1.25\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-3566\");\n script_bugtraq_id(70574);\n script_xref(name:\"RHSA\", value:\"2014:1948\");\n\n script_name(english:\"RHEL 5 / 6 / 7 : nss, nss-util, and nss-softokn (RHSA-2014:1948) (POODLE)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated nss, nss-util, and nss-softokn packages that contain a patch\nto mitigate the CVE-2014-3566 issue, fix a number of bugs, and add\nvarious enhancements are now available for Red Hat Enterprise Linux 5,\n6, and 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact.\n\nNetwork Security Services (NSS) is a set of libraries designed to\nsupport the cross-platform development of security-enabled client and\nserver applications. Netscape Portable Runtime (NSPR) provides\nplatform independence for non-GUI operating system facilities.\n\nThis update adds support for the TLS Fallback Signaling Cipher Suite\nValue (TLS_FALLBACK_SCSV), which can be used to prevent protocol\ndowngrade attacks against applications which re-connect using a lower\nSSL/TLS protocol version when the initial connection indicating the\nhighest supported protocol version fails.\n\nThis can prevent a forceful downgrade of the communication to SSL 3.0.\nThe SSL 3.0 protocol was found to be vulnerable to the padding oracle\nattack when using block cipher suites in cipher block chaining (CBC)\nmode. This issue is identified as CVE-2014-3566, and also known under\nthe alias POODLE. This SSL 3.0 protocol flaw will not be addressed in\na future update; it is recommended that users configure their\napplications to require at least TLS protocol version 1.0 for secure\ncommunication.\n\nFor additional information about this flaw, see the Knowledgebase\narticle at https://access.redhat.com/articles/1232123\n\nThe nss, nss-util, and nss-softokn packages have been upgraded to\nupstream version 3.16.2.3, which provides a number of bug fixes and\nenhancements over the previous version, and adds the support for\nMozilla Firefox 31.3. (BZ#1158159, BZ#1165003, BZ#1165525)\n\nUsers of nss, nss-util, and nss-softokn are advised to upgrade to\nthese updated packages, which contain a backported patch to mitigate\nthe CVE-2014-3566 issue, fix these bugs, and add these enhancements.\nAfter installing this update, applications using NSS or NSPR must be\nrestarted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/articles/1232123\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:1948\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nss-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nss-pkcs11-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nss-softokn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nss-softokn-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nss-softokn-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nss-softokn-freebl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nss-softokn-freebl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nss-sysinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nss-util\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nss-util-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nss-util-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/03\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x / 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:1948\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"nss-3.16.2.3-1.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"nss-debuginfo-3.16.2.3-1.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"nss-devel-3.16.2.3-1.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"nss-pkcs11-devel-3.16.2.3-1.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"nss-tools-3.16.2.3-1.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"nss-tools-3.16.2.3-1.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"nss-tools-3.16.2.3-1.el5_11\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", reference:\"nss-3.16.2.3-3.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"nss-debuginfo-3.16.2.3-3.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"nss-devel-3.16.2.3-3.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"nss-pkcs11-devel-3.16.2.3-3.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"nss-sysinit-3.16.2.3-3.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"nss-sysinit-3.16.2.3-3.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"nss-sysinit-3.16.2.3-3.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"nss-tools-3.16.2.3-3.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"nss-tools-3.16.2.3-3.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"nss-tools-3.16.2.3-3.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"nss-util-3.16.2.3-2.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"nss-util-debuginfo-3.16.2.3-2.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"nss-util-devel-3.16.2.3-2.el6_6\")) flag++;\n\n\n if (rpm_check(release:\"RHEL7\", reference:\"nss-3.16.2.3-2.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"nss-debuginfo-3.16.2.3-2.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"nss-devel-3.16.2.3-2.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"nss-pkcs11-devel-3.16.2.3-2.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"nss-softokn-3.16.2.3-1.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"nss-softokn-debuginfo-3.16.2.3-1.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"nss-softokn-devel-3.16.2.3-1.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"nss-softokn-freebl-3.16.2.3-1.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"nss-softokn-freebl-devel-3.16.2.3-1.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"nss-sysinit-3.16.2.3-2.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"nss-sysinit-3.16.2.3-2.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"nss-tools-3.16.2.3-2.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"nss-tools-3.16.2.3-2.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"nss-util-3.16.2.3-1.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"nss-util-debuginfo-3.16.2.3-1.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"nss-util-devel-3.16.2.3-1.el7_0\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nss / nss-debuginfo / nss-devel / nss-pkcs11-devel / nss-softokn / etc\");\n }\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T16:41:00", "description": "evolution-data-server has been updated to disable support for SSLv3.\n\nThis security issues has been fixed :\n\n - SSLv3 POODLE attack (CVE-2014-3566)", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2014-11-28T00:00:00", "type": "nessus", "title": "SuSE 11.3 Security Update : evolution-data-server (SAT Patch Number 9969)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:evolution-data-server", "p-cpe:/a:novell:suse_linux:11:evolution-data-server-32bit", "p-cpe:/a:novell:suse_linux:11:evolution-data-server-lang", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_EVOLUTION-DATA-SERVER-141114.NASL", "href": "https://www.tenable.com/plugins/nessus/79618", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79618);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-3566\");\n\n script_name(english:\"SuSE 11.3 Security Update : evolution-data-server (SAT Patch Number 9969)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"evolution-data-server has been updated to disable support for SSLv3.\n\nThis security issues has been fixed :\n\n - SSLv3 POODLE attack (CVE-2014-3566)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=901553\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-3566.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 9969.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:evolution-data-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:evolution-data-server-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:evolution-data-server-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, \"SuSE 11.3\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"evolution-data-server-2.28.2-0.32.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"evolution-data-server-lang-2.28.2-0.32.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"evolution-data-server-2.28.2-0.32.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"evolution-data-server-32bit-2.28.2-0.32.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"evolution-data-server-lang-2.28.2-0.32.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"evolution-data-server-2.28.2-0.32.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"evolution-data-server-lang-2.28.2-0.32.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"evolution-data-server-32bit-2.28.2-0.32.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"evolution-data-server-32bit-2.28.2-0.32.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-03-05T15:01:48", "description": "suseRegister was updated to fix one security issue :\n\n - POODLE: Ensure that only TLS is used. (CVE-2014-3566)", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2015-01-06T00:00:00", "type": "nessus", "title": "SuSE 11.3 Security Update : suseRegister (SAT Patch Number 10008)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:suseRegister", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_SUSEREGISTER-141121.NASL", "href": "https://www.tenable.com/plugins/nessus/80390", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80390);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-3566\");\n\n script_name(english:\"SuSE 11.3 Security Update : suseRegister (SAT Patch Number 10008)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"suseRegister was updated to fix one security issue :\n\n - POODLE: Ensure that only TLS is used. (CVE-2014-3566)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=901757\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-3566.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 10008.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:suseRegister\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, \"SuSE 11.3\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"suseRegister-1.4-1.35.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"suseRegister-1.4-1.35.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"suseRegister-1.4-1.35.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-03-04T14:39:01", "description": "- SSLv3 server connections are now disabled by default, in response to the POODLE vulnerability, see https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014- 3566.\n\n - Several PGP/Core plugin improvements\n\n - A new version of the RSSyl plugin, completely redesigned and rewritten.\n\n - The results of TAB address completion in the Compose window have improved ordering.\n\n - Due to popular demand, use of the Up key in the message body in the Compose window stops at the top of the message body and does not continue up to the header fields. This reverts the behaviour introduced in version 3.10.0.\n\n - In the Compose window, when navigating with the arrow keys, selecting, and thus modifying, the Account selector is now prevented.\n\n - In the Compose window, a mnemonic (s) has been added to the Subject line.\n\n - The Queue folder is highlighted if there are messages in its sub-folders and the tree is collapsed.\n\n - When sorting messages by 'thread date', clicking the 'Date' column header will now toggle between ascending/descending and will not switch to 'date' sorting.\n\n - A new QuickSearch filter has been added that searches a header's content only. H S : messages which contain S in the value of any header.\n\n - A Reply-To field has been added to the main Template configuration.\n\n - The menubar can now be hidden, default hotkey: F12.\n\n - Fancy plugin: A user-controlled stylesheet can now be used.\n\n - Python plugin: Add flag attributes to MessageInfo object.\n\n - Python plugin: Make 'account' property of ComposeWindow read/write.\n\n - Libravatar plugin: a network timeout option has been added.\n\n - Use 'gnutls_priority' hidden account preference for POP3 and STARTTLS connections, in addition to SMTP.\n\n - RSSyl plugin: Enable use of .netrc to store network credentials.\n\n - The tbird2claws.py script, for converting a Thunderbird mailbox to a Claws Mail mailbox, now handles sub-directory recursion.\n\n - Updated translations\n\n - Various Bugfixes New in 3.10.1 :\n\n - Add an account preference to allow automatically accepting unknown and changed SSL certificates, if they're valid (that is, if the root CA is trusted by the distro).\n\n - RFE 3196, 'When changing quicksearch Search Type, set focus to search input box'\n\n - PGP/Core plugin: Generate 2048 bit RSA keys.\n\n - Major code cleanup.\n\n - Extended claws-mail.desktop with Compose and Receive actions.\n\n - Updated Bulgarian, Brazilian Portuguese, Czech, Dutch, Esperanto, Finnish, French, German,Hebrew, Hungarian, Indonesian, Lithuanian, Slovak, Spanish, and Swedish translations.\n\n - Bug fixes\n\nNew in 3.10.0 :\n\n - Complete SSL certificate chains are now saved, and if built with Libetpan 1.4.1, the IMAP SSL connection's certificate chain is made available. Both of these allow correct certificate verification instead of a bogus 'No certificate issuer found' status.\n\n - Auto-configuration of account email servers, based on SRV records, is now possible. (GLib >= 2.22 is required.)\n\n - Added a preference to avoid automatically drafting emails that are to be sent encrypted, (Configuration/Preferences/Compose/Writing).\n\n - Messages saved as Drafts are now saved as New, highlighting the Drafts folder, in order to draw the attention to unfinished mails there.\n\n - It is now possible to add a 'Replace signature' button to the Compose window toolbar.\n\n - Quotation wrapping and undo/redo in the Compose window has been improved.\n\n - 'Reply to all' now excludes your own address.\n\n - The 'Generate X-Mailer header' option has been renamed 'Add user agent header' and applies to both X-Mailer and X-Newsreader headers.\n\n - Added hidden preferences, 'address_search_wildcard' and 'folder_search_wildcard', to choose between matching from start of the folder name/address or any part of the name. (Activating these options restores the previous behaviour.)\n\n - Added hidden preference 'enable_avatars' to control the internal capture/render process, and which allows disabling it by external plugins for example.\n\n - 'Check for new folders' now only updates the folder list, not updating the contents of folders. If needed, it can be followed by 'Check for new messages'\n\n - When using Redirect, the redirecting account's address is used in the SMTP MAIL FROM instead of the original sender's address.\n\n - NEW: Libravatar plugin, which displays avatars from https://www.libravatar.org/\n\n - Added support for an arbitrary number and sources of 'avatars' and images for email senders, and migrated Face and X-Face headers.\n\n - Avatars are now included when printing mails.\n\n - The GPG keyring can now be used as the source for address auto-completion.\n\n - The vCalendar and RSSyl plugins now have an option to disable SSL certificate verification (and check them by default).\n\n - The ClamAV plugin now pops up an error message only once instead of repeatedly\n\n - Updated the man page and the manual.\n\n - Updated Brazilian Portuguese, British English, Czech, Dutch, Finnish, French, Hebrew, Hungarian, Indonesian, Lithuanian, Slovak, Spanish, and Swedish translations.\n\n - Added Esperanto translation.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2015-01-06T00:00:00", "type": "nessus", "title": "Fedora 19 : claws-mail-3.11.1-2.fc19 / claws-mail-plugins-3.11.1-1.fc19 / libetpan-1.6-1.fc19 (2014-14237) (POODLE)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:claws-mail", "p-cpe:/a:fedoraproject:fedora:claws-mail-plugins", "p-cpe:/a:fedoraproject:fedora:libetpan", "cpe:/o:fedoraproject:fedora:19"], "id": "FEDORA_2014-14237.NASL", "href": "https://www.tenable.com/plugins/nessus/80362", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-14237.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80362);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-3566\");\n script_bugtraq_id(70574);\n script_xref(name:\"FEDORA\", value:\"2014-14237\");\n\n script_name(english:\"Fedora 19 : claws-mail-3.11.1-2.fc19 / claws-mail-plugins-3.11.1-1.fc19 / libetpan-1.6-1.fc19 (2014-14237) (POODLE)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - SSLv3 server connections are now disabled by default, in\n response to the POODLE vulnerability, see\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-\n 3566.\n\n - Several PGP/Core plugin improvements\n\n - A new version of the RSSyl plugin, completely redesigned\n and rewritten.\n\n - The results of TAB address completion in the Compose\n window have improved ordering.\n\n - Due to popular demand, use of the Up key in the message\n body in the Compose window stops at the top of the\n message body and does not continue up to the header\n fields. This reverts the behaviour introduced in version\n 3.10.0.\n\n - In the Compose window, when navigating with the arrow\n keys, selecting, and thus modifying, the Account\n selector is now prevented.\n\n - In the Compose window, a mnemonic (s) has been added to\n the Subject line.\n\n - The Queue folder is highlighted if there are messages in\n its sub-folders and the tree is collapsed.\n\n - When sorting messages by 'thread date', clicking the\n 'Date' column header will now toggle between\n ascending/descending and will not switch to 'date'\n sorting.\n\n - A new QuickSearch filter has been added that searches a\n header's content only. H S : messages which contain S in\n the value of any header.\n\n - A Reply-To field has been added to the main Template\n configuration.\n\n - The menubar can now be hidden, default hotkey: F12.\n\n - Fancy plugin: A user-controlled stylesheet can now be\n used.\n\n - Python plugin: Add flag attributes to MessageInfo\n object.\n\n - Python plugin: Make 'account' property of ComposeWindow\n read/write.\n\n - Libravatar plugin: a network timeout option has been\n added.\n\n - Use 'gnutls_priority' hidden account preference for POP3\n and STARTTLS connections, in addition to SMTP.\n\n - RSSyl plugin: Enable use of .netrc to store network\n credentials.\n\n - The tbird2claws.py script, for converting a Thunderbird\n mailbox to a Claws Mail mailbox, now handles\n sub-directory recursion.\n\n - Updated translations\n\n - Various Bugfixes New in 3.10.1 :\n\n - Add an account preference to allow automatically\n accepting unknown and changed SSL certificates, if\n they're valid (that is, if the root CA is trusted by the\n distro).\n\n - RFE 3196, 'When changing quicksearch Search Type, set\n focus to search input box'\n\n - PGP/Core plugin: Generate 2048 bit RSA keys.\n\n - Major code cleanup.\n\n - Extended claws-mail.desktop with Compose and Receive\n actions.\n\n - Updated Bulgarian, Brazilian Portuguese, Czech, Dutch,\n Esperanto, Finnish, French, German,Hebrew, Hungarian,\n Indonesian, Lithuanian, Slovak, Spanish, and Swedish\n translations.\n\n - Bug fixes\n\nNew in 3.10.0 :\n\n - Complete SSL certificate chains are now saved, and if\n built with Libetpan 1.4.1, the IMAP SSL connection's\n certificate chain is made available. Both of these allow\n correct certificate verification instead of a bogus 'No\n certificate issuer found' status.\n\n - Auto-configuration of account email servers, based on\n SRV records, is now possible. (GLib >= 2.22 is\n required.)\n\n - Added a preference to avoid automatically drafting\n emails that are to be sent encrypted,\n (Configuration/Preferences/Compose/Writing).\n\n - Messages saved as Drafts are now saved as New,\n highlighting the Drafts folder, in order to draw the\n attention to unfinished mails there.\n\n - It is now possible to add a 'Replace signature' button\n to the Compose window toolbar.\n\n - Quotation wrapping and undo/redo in the Compose window\n has been improved.\n\n - 'Reply to all' now excludes your own address.\n\n - The 'Generate X-Mailer header' option has been renamed\n 'Add user agent header' and applies to both X-Mailer and\n X-Newsreader headers.\n\n - Added hidden preferences, 'address_search_wildcard' and\n 'folder_search_wildcard', to choose between matching\n from start of the folder name/address or any part of the\n name. (Activating these options restores the previous\n behaviour.)\n\n - Added hidden preference 'enable_avatars' to control the\n internal capture/render process, and which allows\n disabling it by external plugins for example.\n\n - 'Check for new folders' now only updates the folder\n list, not updating the contents of folders. If needed,\n it can be followed by 'Check for new messages'\n\n - When using Redirect, the redirecting account's address\n is used in the SMTP MAIL FROM instead of the original\n sender's address.\n\n - NEW: Libravatar plugin, which displays avatars from\n https://www.libravatar.org/\n\n - Added support for an arbitrary number and sources of\n 'avatars' and images for email senders, and migrated\n Face and X-Face headers.\n\n - Avatars are now included when printing mails.\n\n - The GPG keyring can now be used as the source for\n address auto-completion.\n\n - The vCalendar and RSSyl plugins now have an option to\n disable SSL certificate verification (and check them by\n default).\n\n - The ClamAV plugin now pops up an error message only once\n instead of repeatedly\n\n - Updated the man page and the manual.\n\n - Updated Brazilian Portuguese, British English, Czech,\n Dutch, Finnish, French, Hebrew, Hungarian, Indonesian,\n Lithuanian, Slovak, Spanish, and Swedish translations.\n\n - Added Esperanto translation.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1010993\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1011098\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1035851\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1036346\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1063035\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1070480\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1071327\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1076387\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1078996\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1079509\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1079620\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1081224\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1085382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1090300\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1096041\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1096895\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1110255\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1153970\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=569478\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=601982\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=977924\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=982533\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=990650\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-January/147483.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0fd9d801\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-January/147484.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?007ff22b\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-January/147485.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e717c2f4\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.libravatar.org/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected claws-mail, claws-mail-plugins and / or libetpan\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:claws-mail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:claws-mail-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libetpan\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/06\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"claws-mail-3.11.1-2.fc19\")) flag++;\nif (rpm_check(release:\"FC19\", reference:\"claws-mail-plugins-3.11.1-1.fc19\")) flag++;\nif (rpm_check(release:\"FC19\", reference:\"libetpan-1.6-1.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"claws-mail / claws-mail-plugins / libetpan\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T16:38:52", "description": "From Red Hat Security Advisory 2014:1653 :\n\nUpdated openssl packages that contain a backported patch to mitigate the CVE-2014-3566 issue are now available for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having Moderate security impact.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL), Transport Layer Security (TLS), and Datagram Transport Layer Security (DTLS) protocols, as well as a full-strength, general purpose cryptography library.\n\nThis update adds support for the TLS Fallback Signaling Cipher Suite Value (TLS_FALLBACK_SCSV), which can be used to prevent protocol downgrade attacks against applications which re-connect using a lower SSL/TLS protocol version when the initial connection indicating the highest supported protocol version fails.\n\nThis can prevent a forceful downgrade of the communication to SSL 3.0.\nThe SSL 3.0 protocol was found to be vulnerable to the padding oracle attack when using block cipher suites in cipher block chaining (CBC) mode. This issue is identified as CVE-2014-3566, and also known under the alias POODLE. This SSL 3.0 protocol flaw will not be addressed in a future update; it is recommended that users configure their applications to require at least TLS protocol version 1.0 for secure communication.\n\nFor additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1232123\n\nAll OpenSSL users are advised to upgrade to these updated packages, which contain a backported patch to mitigate the CVE-2014-3566 issue.\nFor the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2014-10-17T00:00:00", "type": "nessus", "title": "Oracle Linux 5 : openssl (ELSA-2014-1653) (POODLE)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:openssl", "p-cpe:/a:oracle:linux:openssl-devel", "p-cpe:/a:oracle:linux:openssl-perl", "cpe:/o:oracle:linux:5"], "id": "ORACLELINUX_ELSA-2014-1653.NASL", "href": "https://www.tenable.com/plugins/nessus/78530", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2014:1653 and \n# Oracle Linux Security Advisory ELSA-2014-1653 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(78530);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-3566\");\n script_bugtraq_id(67899, 67901, 69075, 69076, 69081, 69082, 70574);\n script_xref(name:\"RHSA\", value:\"2014:1653\");\n\n script_name(english:\"Oracle Linux 5 : openssl (ELSA-2014-1653) (POODLE)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2014:1653 :\n\nUpdated openssl packages that contain a backported patch to mitigate\nthe CVE-2014-3566 issue are now available for Red Hat Enterprise Linux\n5.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose\ncryptography library.\n\nThis update adds support for the TLS Fallback Signaling Cipher Suite\nValue (TLS_FALLBACK_SCSV), which can be used to prevent protocol\ndowngrade attacks against applications which re-connect using a lower\nSSL/TLS protocol version when the initial connection indicating the\nhighest supported protocol version fails.\n\nThis can prevent a forceful downgrade of the communication to SSL 3.0.\nThe SSL 3.0 protocol was found to be vulnerable to the padding oracle\nattack when using block cipher suites in cipher block chaining (CBC)\nmode. This issue is identified as CVE-2014-3566, and also known under\nthe alias POODLE. This SSL 3.0 protocol flaw will not be addressed in\na future update; it is recommended that users configure their\napplications to require at least TLS protocol version 1.0 for secure\ncommunication.\n\nFor additional information about this flaw, see the Knowledgebase\narticle at https://access.redhat.com/articles/1232123\n\nAll OpenSSL users are advised to upgrade to these updated packages,\nwhich contain a backported patch to mitigate the CVE-2014-3566 issue.\nFor the update to take effect, all services linked to the OpenSSL\nlibrary (such as httpd and other SSL-enabled services) must be\nrestarted or the system rebooted.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2014-October/004532.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/17\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"openssl-0.9.8e-31.el5_11\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"openssl-devel-0.9.8e-31.el5_11\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"openssl-perl-0.9.8e-31.el5_11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-devel / openssl-perl\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T16:39:44", "description": "Update fixing three moderate security issues.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2014-10-20T00:00:00", "type": "nessus", "title": "Fedora 20 : openssl-1.0.1e-40.fc20 (2014-13069) (POODLE)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:openssl", "cpe:/o:fedoraproject:fedora:20"], "id": "FEDORA_2014-13069.NASL", "href": "https://www.tenable.com/plugins/nessus/78575", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-13069.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(78575);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-3566\");\n script_bugtraq_id(70574);\n script_xref(name:\"FEDORA\", value:\"2014-13069\");\n\n script_name(english:\"Fedora 20 : openssl-1.0.1e-40.fc20 (2014-13069) (POODLE)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update fixing three moderate security issues.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1152850\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-October/141114.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?89ddd0de\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/17\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"openssl-1.0.1e-40.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T16:40:06", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - xend: disable sslv3 due to (CVE-2014-3566)\n\n - Keep the maxmem and memory same in vm.cfg Singed-off-by:\n Annie Li", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2014-11-26T00:00:00", "type": "nessus", "title": "OracleVM 3.2 : xen (OVMSA-2014-0041) (POODLE)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:xen", "p-cpe:/a:oracle:vm:xen-devel", "p-cpe:/a:oracle:vm:xen-tools", "cpe:/o:oracle:vm_server:3.2"], "id": "ORACLEVM_OVMSA-2014-0041.NASL", "href": "https://www.tenable.com/plugins/nessus/79556", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2014-0041.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79556);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2014-3566\");\n script_bugtraq_id(70574);\n\n script_name(english:\"OracleVM 3.2 : xen (OVMSA-2014-0041) (POODLE)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - xend: disable sslv3 due to (CVE-2014-3566)\n\n - Keep the maxmem and memory same in vm.cfg Singed-off-by:\n Annie Li\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2014-November/000242.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6fc1675a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xen / xen-devel / xen-tools packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/26\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.2\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.2\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.2\", reference:\"xen-4.1.3-25.el5.94.6\")) flag++;\nif (rpm_check(release:\"OVS3.2\", reference:\"xen-devel-4.1.3-25.el5.94.6\")) flag++;\nif (rpm_check(release:\"OVS3.2\", reference:\"xen-tools-4.1.3-25.el5.94.6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen / xen-devel / xen-tools\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T16:42:17", "description": "This release handles the recent POODLE vulnerability by disabling SSLv2/SSLv3 by default for the most predominate uses of TLS in Node.js.\n\nIt took longer than expected to get this release accomplished in a way that would provide appropriate default security settings, while minimizing the surface area for the behavior change we were introducing. It was also important that we validated that our changes were being applied in the variety of configurations we support in our APIs.\n\nWith this release, we are confident that the only behavior change is that of the default allowed protocols do not include SSLv2 or SSLv3.\nThough you are still able to programatically consume those protocols if necessary.\n\nIncluded is the documentation that you can find at https://nodejs.org/api/tls.html#tls_protocol_support that describes how this works going forward for client and server implementations.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2014-12-15T00:00:00", "type": "nessus", "title": "Fedora 21 : libuv-0.10.29-1.fc21 / nodejs-0.10.33-1.fc21 (2014-15411) (POODLE)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:libuv", "p-cpe:/a:fedoraproject:fedora:nodejs", "cpe:/o:fedoraproject:fedora:21"], "id": "FEDORA_2014-15411.NASL", "href": "https://www.tenable.com/plugins/nessus/79898", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-15411.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79898);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-3566\");\n script_xref(name:\"FEDORA\", value:\"2014-15411\");\n\n script_name(english:\"Fedora 21 : libuv-0.10.29-1.fc21 / nodejs-0.10.33-1.fc21 (2014-15411) (POODLE)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This release handles the recent POODLE vulnerability by disabling\nSSLv2/SSLv3 by default for the most predominate uses of TLS in\nNode.js.\n\nIt took longer than expected to get this release accomplished in a way\nthat would provide appropriate default security settings, while\nminimizing the surface area for the behavior change we were\nintroducing. It was also important that we validated that our changes\nwere being applied in the variety of configurations we support in our\nAPIs.\n\nWith this release, we are confident that the only behavior change is\nthat of the default allowed protocols do not include SSLv2 or SSLv3.\nThough you are still able to programatically consume those protocols\nif necessary.\n\nIncluded is the documentation that you can find at\nhttps://nodejs.org/api/tls.html#tls_protocol_support that describes\nhow this works going forward for client and server implementations.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1152789\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-December/146220.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f4136e6f\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-December/146221.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d4079fa1\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://nodejs.org/api/tls.html#tls_protocol_support\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libuv and / or nodejs packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libuv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nodejs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/20\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"libuv-0.10.29-1.fc21\")) flag++;\nif (rpm_check(release:\"FC21\", reference:\"nodejs-0.10.33-1.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libuv / nodejs\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T16:39:26", "description": "Updated openssl packages that contain a backported patch to mitigate the CVE-2014-3566 issue are now available for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having Moderate security impact.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL), Transport Layer Security (TLS), and Datagram Transport Layer Security (DTLS) protocols, as well as a full-strength, general purpose cryptography library.\n\nThis update adds support for the TLS Fallback Signaling Cipher Suite Value (TLS_FALLBACK_SCSV), which can be used to prevent protocol downgrade attacks against applications which re-connect using a lower SSL/TLS protocol version when the initial connection indicating the highest supported protocol version fails.\n\nThis can prevent a forceful downgrade of the communication to SSL 3.0.\nThe SSL 3.0 protocol was found to be vulnerable to the padding oracle attack when using block cipher suites in cipher block chaining (CBC) mode. This issue is identified as CVE-2014-3566, and also known under the alias POODLE. This SSL 3.0 protocol flaw will not be addressed in a future update; it is recommended that users configure their applications to require at least TLS protocol version 1.0 for secure communication.\n\nFor additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1232123\n\nAll OpenSSL users are advised to upgrade to these updated packages, which contain a backported patch to mitigate the CVE-2014-3566 issue.\nFor the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2014-10-17T00:00:00", "type": "nessus", "title": "CentOS 5 : openssl (CESA-2014:1653) (POODLE)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:openssl", "p-cpe:/a:centos:centos:openssl-devel", "p-cpe:/a:centos:centos:openssl-perl", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2014-1653.NASL", "href": "https://www.tenable.com/plugins/nessus/78517", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:1653 and \n# CentOS Errata and Security Advisory 2014:1653 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(78517);\n script_version(\"1.25\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2014-3566\");\n script_bugtraq_id(70574);\n script_xref(name:\"RHSA\", value:\"2014:1653\");\n\n script_name(english:\"CentOS 5 : openssl (CESA-2014:1653) (POODLE)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated openssl packages that contain a backported patch to mitigate\nthe CVE-2014-3566 issue are now available for Red Hat Enterprise Linux\n5.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose\ncryptography library.\n\nThis update adds support for the TLS Fallback Signaling Cipher Suite\nValue (TLS_FALLBACK_SCSV), which can be used to prevent protocol\ndowngrade attacks against applications which re-connect using a lower\nSSL/TLS protocol version when the initial connection indicating the\nhighest supported protocol version fails.\n\nThis can prevent a forceful downgrade of the communication to SSL 3.0.\nThe SSL 3.0 protocol was found to be vulnerable to the padding oracle\nattack when using block cipher suites in cipher block chaining (CBC)\nmode. This issue is identified as CVE-2014-3566, and also known under\nthe alias POODLE. This SSL 3.0 protocol flaw will not be addressed in\na future update; it is recommended that users configure their\napplications to require at least TLS protocol version 1.0 for secure\ncommunication.\n\nFor additional information about this flaw, see the Knowledgebase\narticle at https://access.redhat.com/articles/1232123\n\nAll OpenSSL users are advised to upgrade to these updated packages,\nwhich contain a backported patch to mitigate the CVE-2014-3566 issue.\nFor the update to take effect, all services linked to the OpenSSL\nlibrary (such as httpd and other SSL-enabled services) must be\nrestarted or the system rebooted.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2014-October/020693.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a785d5aa\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2014-October/020696.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f0e102e8\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-3566\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/17\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"openssl-0.9.8e-31.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openssl-devel-0.9.8e-31.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openssl-perl-0.9.8e-31.el5_11\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-devel / openssl-perl\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T16:38:35", "description": "The remote host has a version of Cisco AnyConnect prior to 3.1(5187).\nIt is, therefore, affected by an information disclosure vulnerability known as POODLE. The vulnerability is due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. A MitM attacker can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2014-10-24T00:00:00", "type": "nessus", "title": "Cisco AnyConnect Secure Mobility Client < 3.1(5187) (POODLE)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2018-11-15T00:00:00", "cpe": ["cpe:/a:cisco:anyconnect_secure_mobility_client"], "id": "CISCO_ANYCONNECT_3_1_5187.NASL", "href": "https://www.tenable.com/plugins/nessus/78676", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78676);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/11/15 20:50:26\");\n\n script_cve_id(\"CVE-2014-3566\");\n script_bugtraq_id(70574);\n script_xref(name:\"CERT\", value:\"577193\");\n script_xref(name:\"CISCO-SA\", value:\"cisco-sa-20141015-poodle\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCur27617\");\n\n script_name(english:\"Cisco AnyConnect Secure Mobility Client < 3.1(5187) (POODLE)\");\n script_summary(english:\"Checks the version of the Cisco AnyConnect client.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by an information disclosure\nvulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host has a version of Cisco AnyConnect prior to 3.1(5187).\nIt is, therefore, affected by an information disclosure vulnerability\nknown as POODLE. The vulnerability is due to the way SSL 3.0 handles\npadding bytes when decrypting messages encrypted using block ciphers\nin cipher block chaining (CBC) mode. A MitM attacker can decrypt a\nselected byte of a cipher text in as few as 256 tries if they are able\nto force a victim application to repeatedly send the same data over\nnewly created SSL 3.0 connections.\");\n # http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7453d3be\");\n # MS workaround\n script_set_attribute(attribute:\"see_also\", value:\"https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2015/3009008\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20141015.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/vulnerabilities.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.imperialviolet.org/2014/10/14/poodle.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/~bodo/ssl-poodle.pdf\");\n script_set_attribute(attribute:\"see_also\", value:\"https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Cisco AnyConnect Secure Mobility Client 3.1(5187) or later.\n\nAlternatively, apply the workaround provided by Microsoft.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\nscript_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:cisco:anyconnect_secure_mobility_client\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"cisco_anyconnect_vpn_installed.nasl\", \"smb_kb3009008.nasl\");\n script_require_keys(\"installed_sw/Cisco AnyConnect Secure Mobility Client\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\n\n# If not paranoid, need to know if workaround is enabled.\n# smb_kb3009008.nasl checks for the suggested workaround.\nif (report_paranoia < 2)\n{\n workaround_enabled = get_kb_item(\"SMB/ssl_v3_poodle_workaround_enabled\");\n if (workaround_enabled) exit(0, \"SSLv3 has been disabled in Windows.\");\n}\n\nappname = \"Cisco AnyConnect Secure Mobility Client\";\n\ninstall = get_single_install(app_name:appname, exit_if_unknown_ver:TRUE);\npath = install['path'];\nver = install['version'];\n\nfix = '3.1.5187';\nfix_display = fix + ' (3.1(5187))';\n\nif (ver_compare(ver:ver, fix:fix, strict:FALSE) == -1)\n{\n port = get_kb_item('SMB/transport');\n if (!port) port = 445;\n\n if (report_verbosity > 0)\n {\n report +=\n '\\n Path : ' + path +\n '\\n Installed version : ' + ver +\n '\\n Fixed version : ' + fix_display +\n '\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n exit(0);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, appname, ver, path);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T16:39:44", "description": "This update adds support for the TLS Fallback Signaling Cipher Suite Value (TLS_FALLBACK_SCSV), which can be used to prevent protocol downgrade attacks against applications which re-connect using a lower SSL/TLS protocol version when the initial connection indicating the highest supported protocol version fails.\n\nThis can prevent a forceful downgrade of the communication to SSL 3.0.\nThe SSL 3.0 protocol was found to be vulnerable to the padding oracle attack when using block cipher suites in cipher block chaining (CBC) mode. This issue is identified as CVE-2014-3566, and also known under the alias POODLE. This SSL 3.0 protocol flaw will not be addressed in a future update; it is recommended that users configure their applications to require at least TLS protocol version 1.0 for secure communication.\n\nFor additional information about this flaw, see Upstream's Knowledgebase article at https://access.redhat.com/articles/1232123\n\nFor the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2014-10-17T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : openssl on SL5.x i386/x86_64 (20141016) (POODLE)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:openssl", "p-cpe:/a:fermilab:scientific_linux:openssl-debuginfo", "p-cpe:/a:fermilab:scientific_linux:openssl-devel", "p-cpe:/a:fermilab:scientific_linux:openssl-perl", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20141016_OPENSSL_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/78536", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(78536);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-3566\");\n\n script_name(english:\"Scientific Linux Security Update : openssl on SL5.x i386/x86_64 (20141016) (POODLE)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update adds support for the TLS Fallback Signaling Cipher Suite\nValue (TLS_FALLBACK_SCSV), which can be used to prevent protocol\ndowngrade attacks against applications which re-connect using a lower\nSSL/TLS protocol version when the initial connection indicating the\nhighest supported protocol version fails.\n\nThis can prevent a forceful downgrade of the communication to SSL 3.0.\nThe SSL 3.0 protocol was found to be vulnerable to the padding oracle\nattack when using block cipher suites in cipher block chaining (CBC)\nmode. This issue is identified as CVE-2014-3566, and also known under\nthe alias POODLE. This SSL 3.0 protocol flaw will not be addressed in\na future update; it is recommended that users configure their\napplications to require at least TLS protocol version 1.0 for secure\ncommunication.\n\nFor additional information about this flaw, see Upstream's\nKnowledgebase article at https://access.redhat.com/articles/1232123\n\nFor the update to take effect, all services linked to the OpenSSL\nlibrary (such as httpd and other SSL-enabled services) must be\nrestarted or the system rebooted.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1410&L=scientific-linux-errata&T=0&P=1065\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?84d59bc0\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/17\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 5.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"openssl-0.9.8e-31.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openssl-debuginfo-0.9.8e-31.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openssl-devel-0.9.8e-31.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openssl-perl-0.9.8e-31.el5_11\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-debuginfo / openssl-devel / openssl-perl\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T16:38:36", "description": "Bodo Moller, Thai Duong and Krzysztof Kotowicz of Google discovered a flaw in the design of SSL version 3.0 that would allow an attacker to calculate the plaintext of secure connections, allowing, for example, secure HTTP cookies to be stolen.\n\nhttp://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exp loiting-ssl-30.html\n\nhttps://www.openssl.org/~bodo/ssl-poodle.pdf\n\nSpecial notes :\n\nWe have backfilled our 2014.03, 2013.09, and 2013.03 Amazon Linux AMI repositories with updated openssl packages that fix CVE-2014-3566 .\n\nFor 2014.09 Amazon Linux AMIs, 'openssl-1.0.1i-1.79.amzn1' addresses this CVE. Running 'yum clean all' followed by 'yum update openssl' will install the fixed package.\n\nFor Amazon Linux AMIs 'locked' to the 2014.03 repositories, 'openssl-1.0.1i-1.79.amzn1' also addresses this CVE. Running 'yum clean all' followed by 'yum update openssl' will install the fixed package.\n\nFor Amazon Linux AMIs 'locked' to the 2013.09 or 2013.03 repositories, 'openssl-1.0.1e-4.60.amzn1' addresses this CVE. Running 'yum clean all' followed by 'yum update openssl' will install the fixed package.\n\nIf you are using a pre-2013.03 Amazon Linux AMI, we encourage you to move to a newer version of the Amazon Linux AMI as soon as possible.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2014-10-16T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : openssl (ALAS-2014-426) (POODLE)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2019-11-12T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:openssl", "p-cpe:/a:amazon:linux:openssl-debuginfo", "p-cpe:/a:amazon:linux:openssl-devel", "p-cpe:/a:amazon:linux:openssl-perl", "p-cpe:/a:amazon:linux:openssl-static", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2014-426.NASL", "href": "https://www.tenable.com/plugins/nessus/78484", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2014-426.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78484);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2019/11/12\");\n\n script_cve_id(\"CVE-2014-3566\");\n script_xref(name:\"ALAS\", value:\"2014-426\");\n\n script_name(english:\"Amazon Linux AMI : openssl (ALAS-2014-426) (POODLE)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Bodo Moller, Thai Duong and Krzysztof Kotowicz of Google discovered a\nflaw in the design of SSL version 3.0 that would allow an attacker to\ncalculate the plaintext of secure connections, allowing, for example,\nsecure HTTP cookies to be stolen.\n\nhttp://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exp\nloiting-ssl-30.html\n\nhttps://www.openssl.org/~bodo/ssl-poodle.pdf\n\nSpecial notes :\n\nWe have backfilled our 2014.03, 2013.09, and 2013.03 Amazon Linux AMI\nrepositories with updated openssl packages that fix CVE-2014-3566 .\n\nFor 2014.09 Amazon Linux AMIs, 'openssl-1.0.1i-1.79.amzn1' addresses\nthis CVE. Running 'yum clean all' followed by 'yum update openssl'\nwill install the fixed package.\n\nFor Amazon Linux AMIs 'locked' to the 2014.03 repositories,\n'openssl-1.0.1i-1.79.amzn1' also addresses this CVE. Running 'yum\nclean all' followed by 'yum update openssl' will install the fixed\npackage.\n\nFor Amazon Linux AMIs 'locked' to the 2013.09 or 2013.03 repositories,\n'openssl-1.0.1e-4.60.amzn1' addresses this CVE. Running 'yum clean\nall' followed by 'yum update openssl' will install the fixed package.\n\nIf you are using a pre-2013.03 Amazon Linux AMI, we encourage you to\nmove to a newer version of the Amazon Linux AMI as soon as possible.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://aws.amazon.com/amazon-linux-ami/faqs/#lock\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2014-426.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Run 'yum update openssl' to update your system. Note that you may need\nto run 'yum clean all' first.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/16\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"openssl-1.0.1i-1.79.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openssl-debuginfo-1.0.1i-1.79.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openssl-devel-1.0.1i-1.79.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openssl-perl-1.0.1i-1.79.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openssl-static-1.0.1i-1.79.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-debuginfo / openssl-devel / openssl-perl / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-03-04T14:48:21", "description": "A man-in-the-middle (MitM) information disclosure vulnerability, known as POODLE, exists due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. A MitM attacker can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2015-06-19T00:00:00", "type": "nessus", "title": "AIX 7.1 TL 2 : nettcp (IV73418) (POODLE)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2021-01-04T00:00:00", "cpe": ["cpe:/o:ibm:aix:7.1"], "id": "AIX_IV73418.NASL", "href": "https://www.tenable.com/plugins/nessus/84270", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84270);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2014-3566\");\n script_bugtraq_id(70574);\n script_xref(name:\"CERT\", value:\"577193\");\n\n script_name(english:\"AIX 7.1 TL 2 : nettcp (IV73418) (POODLE)\");\n script_summary(english:\"Check for APAR IV73418 or APAR IV75645.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AIX host is missing a security patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"A man-in-the-middle (MitM) information disclosure vulnerability,\nknown as POODLE, exists due to the way SSL 3.0 handles padding bytes\nwhen decrypting messages encrypted using block ciphers in cipher block\nchaining (CBC) mode. A MitM attacker can decrypt a selected byte of a\ncipher text in as few as 256 tries if they are able to force a victim\napplication to repeatedly send the same data over newly created SSL\n3.0 connections.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://aix.software.ibm.com/aix/efixes/security/nettcp_advisory.asc\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.imperialviolet.org/2014/10/14/poodle.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/~bodo/ssl-poodle.pdf\");\n script_set_attribute(attribute:\"see_also\", value:\"https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00\");\n script_set_attribute(attribute:\"solution\", value:\"Install the appropriate interim fix.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix:7.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/19\");\n\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"AIX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\", \"Host/AIX/oslevelsp\");\n\n exit(0);\n}\n\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"aix.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif ( ! get_kb_item(\"Host/AIX/version\") ) audit(AUDIT_OS_NOT, \"AIX\");\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit(0, \"This iFix check is disabled because : \"+get_kb_item(\"Host/AIX/emgr_failure\") );\n\noslevel = chomp(get_kb_item(\"Host/AIX/oslevelsp\"));\nif (isnull(oslevel)) audit(AUDIT_UNKNOWN_APP_VER, \"AIX\");\noslevelparts = split(oslevel, sep:'-', keep:0);\nif ( max_index(oslevelparts) != 4 ) audit(AUDIT_UNKNOWN_APP_VER, \"AIX\");\nif ( oslevelparts[0] != \"7100\" || oslevelparts[1] != \"02\" || oslevelparts[2] != \"06\" ) audit(AUDIT_OS_NOT, \"AIX 7100-02-06\", \"AIX \" + oslevel);\n\nflag = 0;\n\nif (aix_check_ifix(release:\"7.1\", ml:\"02\", sp:\"06\", patch:\"(IV73418s6a|IV75645m6a)\", package:\"bos.net.tcp.client\", minfilesetver:\"7.1.0.0\", maxfilesetver:\"7.1.2.19\") < 0) flag++;\nif (aix_check_ifix(release:\"7.1\", ml:\"02\", sp:\"06\", patch:\"(IV73418s6a|IV75645m6a)\", package:\"bos.net.tcp.server\", minfilesetver:\"7.1.0.0\", maxfilesetver:\"7.1.2.18\") < 0) flag++;\n\nif (flag)\n{\n aix_report_extra = ereg_replace(string:aix_report_get(), pattern:\"[()]\", replace:\"\");\n aix_report_extra = ereg_replace(string:aix_report_extra, pattern:\"[|]\", replace:\" or \");\n if (report_verbosity > 0) security_warning(port:0, extra:aix_report_extra);\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = aix_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bos.net.tcp.client / bos.net.tcp.server\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-03-04T14:48:30", "description": "A man-in-the-middle (MitM) information disclosure vulnerability, known as POODLE, exists due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. A MitM attacker can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2015-06-19T00:00:00", "type": "nessus", "title": "AIX 6.1 TL 9 : nettcp (IV73976) (POODLE)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2021-01-04T00:00:00", "cpe": ["cpe:/o:ibm:aix:6.1"], "id": "AIX_IV73976.NASL", "href": "https://www.tenable.com/plugins/nessus/84275", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84275);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2014-3566\");\n script_bugtraq_id(70574);\n script_xref(name:\"CERT\", value:\"577193\");\n\n script_name(english:\"AIX 6.1 TL 9 : nettcp (IV73976) (POODLE)\");\n script_summary(english:\"Check for APAR IV73976 or APAR IV75643.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AIX host is missing a security patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"A man-in-the-middle (MitM) information disclosure vulnerability,\nknown as POODLE, exists due to the way SSL 3.0 handles padding bytes\nwhen decrypting messages encrypted using block ciphers in cipher block\nchaining (CBC) mode. A MitM attacker can decrypt a selected byte of a\ncipher text in as few as 256 tries if they are able to force a victim\napplication to repeatedly send the same data over newly created SSL\n3.0 connections.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://aix.software.ibm.com/aix/efixes/security/nettcp_advisory.asc\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.imperialviolet.org/2014/10/14/poodle.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/~bodo/ssl-poodle.pdf\");\n script_set_attribute(attribute:\"see_also\", value:\"https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00\");\n script_set_attribute(attribute:\"solution\", value:\"Install the appropriate interim fix.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix:6.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/19\");\n\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"AIX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\", \"Host/AIX/oslevelsp\");\n\n exit(0);\n}\n\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"aix.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif ( ! get_kb_item(\"Host/AIX/version\") ) audit(AUDIT_OS_NOT, \"AIX\");\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit(0, \"This iFix check is disabled because : \"+get_kb_item(\"Host/AIX/emgr_failure\") );\n\noslevel = chomp(get_kb_item(\"Host/AIX/oslevelsp\"));\nif (isnull(oslevel)) audit(AUDIT_UNKNOWN_APP_VER, \"AIX\");\noslevelparts = split(oslevel, sep:'-', keep:0);\nif ( max_index(oslevelparts) != 4 ) audit(AUDIT_UNKNOWN_APP_VER, \"AIX\");\nif ( oslevelparts[0] != \"6100\" || oslevelparts[1] != \"09\" || oslevelparts[2] != \"05\" ) audit(AUDIT_OS_NOT, \"AIX 6100-09-05\", \"AIX \" + oslevel);\n\nflag = 0;\n\nif (aix_check_ifix(release:\"6.1\", ml:\"09\", sp:\"05\", patch:\"(IV73976s5a|IV75643m5a)\", package:\"bos.net.tcp.client\", minfilesetver:\"6.1.0.0\", maxfilesetver:\"6.1.9.48\") < 0) flag++;\nif (aix_check_ifix(release:\"6.1\", ml:\"09\", sp:\"05\", patch:\"(IV73976s5a|IV75643m5a)\", package:\"bos.net.tcp.server\", minfilesetver:\"6.1.0.0\", maxfilesetver:\"6.1.9.45\") < 0) flag++;\n\nif (flag)\n{\n aix_report_extra = ereg_replace(string:aix_report_get(), pattern:\"[()]\", replace:\"\");\n aix_report_extra = ereg_replace(string:aix_report_extra, pattern:\"[|]\", replace:\" or \");\n if (report_verbosity > 0) security_warning(port:0, extra:aix_report_extra);\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = aix_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bos.net.tcp.client / bos.net.tcp.server\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-03-04T15:45:36", "description": "This update for slrn contains one security improvement :\n\n - CVE-2014-3566: Disable SSLv3 to prevent POODLE attack (boo#1031023)\n\nThe version 1.0.3 also contains a number of display and message processing improvements.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2017-04-12T00:00:00", "type": "nessus", "title": "openSUSE Security Update : slrn (openSUSE-2017-459) (POODLE)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:slrn", "p-cpe:/a:novell:opensuse:slrn-debuginfo", "p-cpe:/a:novell:opensuse:slrn-debugsource", "p-cpe:/a:novell:opensuse:slrn-lang", "cpe:/o:novell:opensuse:42.1", "cpe:/o:novell:opensuse:42.2"], "id": "OPENSUSE-2017-459.NASL", "href": "https://www.tenable.com/plugins/nessus/99297", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-459.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99297);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-3566\");\n\n script_name(english:\"openSUSE Security Update : slrn (openSUSE-2017-459) (POODLE)\");\n script_summary(english:\"Check for the openSUSE-2017-459 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for slrn contains one security improvement :\n\n - CVE-2014-3566: Disable SSLv3 to prevent POODLE attack\n (boo#1031023)\n\nThe version 1.0.3 also contains a number of display and message\nprocessing improvements.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1031023\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected slrn packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:slrn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:slrn-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:slrn-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:slrn-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/12\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1|SUSE42\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1 / 42.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"slrn-1.0.3-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"slrn-debuginfo-1.0.3-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"slrn-debugsource-1.0.3-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"slrn-lang-1.0.3-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"slrn-lang-1.0.3-4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"slrn-1.0.3-4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"slrn-debuginfo-1.0.3-4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"slrn-debugsource-1.0.3-4.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"slrn / slrn-debuginfo / slrn-debugsource / slrn-lang\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-03-04T16:18:52", "description": "Indexing and Search Service 1u5-24.12700: core patch.\nDate this patch was last updated by Sun : Mar/24/15", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2018-03-12T00:00:00", "type": "nessus", "title": "Solaris 10 (sparc) : 142824-24 (POODLE)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:solaris:10:142824", "cpe:/o:oracle:solaris:10"], "id": "SOLARIS10_142824-24.NASL", "href": "https://www.tenable.com/plugins/nessus/107537", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(107537);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-3566\");\n\n script_name(english:\"Solaris 10 (sparc) : 142824-24 (POODLE)\");\n script_summary(english:\"Check for patch 142824-24\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote host is missing Sun Security Patch number 142824-24\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Indexing and Search Service 1u5-24.12700: core patch.\nDate this patch was last updated by Sun : Mar/24/15\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/142824-24\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Install patch 142824-24 or higher\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-3566\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:142824\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/12\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nshowrev = get_kb_item(\"Host/Solaris/showrev\");\nif (empty_or_null(showrev)) audit(AUDIT_OS_NOT, \"Solaris\");\nos_ver = pregmatch(pattern:\"Release: (\\d+.(\\d+))\", string:showrev);\nif (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Solaris\");\nfull_ver = os_ver[1];\nos_level = os_ver[2];\nif (full_ver != \"5.10\") audit(AUDIT_OS_NOT, \"Solaris 10\", \"Solaris \" + os_level);\npackage_arch = pregmatch(pattern:\"Application architecture: (\\w+)\", string:showrev);\nif (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH);\npackage_arch = package_arch[1];\nif (package_arch != \"sparc\") audit(AUDIT_ARCH_NOT, \"sparc\", package_arch);\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"142824-24\", obsoleted_by:\"\", package:\"SUNWjiss\", version:\"1.0,REV=2009.09.09\") < 0) flag++;\n\nif (flag) {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : solaris_get_report()\n );\n} else {\n patch_fix = solaris_patch_fix_get();\n if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, \"Solaris 10\");\n tested = solaris_pkg_tests_get();\n if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n audit(AUDIT_PACKAGE_NOT_INSTALLED, \"SUNWjiss\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-03-04T14:53:28", "description": "The version of IBM Domino (formerly Lotus Domino) installed on the remote host is affected by a man-in-the-middle (MitM) information disclosure vulnerability, known as POODLE, due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. A MitM attacker can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2016-04-14T00:00:00", "type": "nessus", "title": "IBM Domino SSLv3 Padding Oracle On Downgraded Legacy Encryption Vulnerability (POODLE)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2018-07-12T00:00:00", "cpe": ["cpe:/a:ibm:domino"], "id": "IBM_DOMINO_SWG21693142.NASL", "href": "https://www.tenable.com/plugins/nessus/90512", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90512);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/07/12 19:01:17\");\n\n script_cve_id(\"CVE-2014-3566\");\n script_bugtraq_id(70574);\n script_xref(name:\"CERT\", value:\"577193\");\n\n script_name(english:\"IBM Domino SSLv3 Padding Oracle On Downgraded Legacy Encryption Vulnerability (POODLE)\");\n script_summary(english:\"Checks the version of IBM Domino.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The application installed on the remote host is affected by an\ninformation disclosure vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of IBM Domino (formerly Lotus Domino) installed on the\nremote host is affected by a man-in-the-middle (MitM) information\ndisclosure vulnerability, known as POODLE, due to the way SSL 3.0\nhandles padding bytes when decrypting messages encrypted using block\nciphers in cipher block chaining (CBC) mode. A MitM attacker can\ndecrypt a selected byte of a cipher text in as few as 256 tries if\nthey are able to force a victim application to repeatedly send the\nsame data over newly created SSL 3.0 connections.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21693142\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.imperialviolet.org/2014/10/14/poodle.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/~bodo/ssl-poodle.pdf\");\n script_set_attribute(attribute:\"see_also\", value:\"https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade IBM Domino according to the advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:domino\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"lotus_domino_installed.nasl\");\n script_require_keys(\"installed_sw/IBM Domino\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nappname = 'IBM Domino';\nget_install_count(app_name:appname, exit_if_zero:TRUE);\n\nport = get_kb_item('SMB/transport');\nif (isnull(port)) port = 445;\n\ninstall = get_single_install(app_name:appname, exit_if_unknown_ver:TRUE);\npath = install['path'];\n\nif (!empty_or_null(install['version']))\n domino_ver = install['version'];\nelse\n audit(AUDIT_UNKNOWN_APP_VER, appname);\n\nif (!empty_or_null(install['Java Version']))\n java_ver = install['Java Version'];\nelse\n audit(AUDIT_VER_FAIL, \"jvm.dll\");\n\nvuln = FALSE ;\n# Fixed versions\nif(domino_ver =~ \"^8\\.5\\.3\"){\n domino_fix_raw = \"8.5.36.14345\";\n domino_fix = '8.5.3 FP6 IF6';\n java_fix = '2.4.2.24084';\n}\nif(domino_ver =~ \"^9\\.0\\.0\"){\n domino_fix_raw = \"9.0.0.14349\";\n domino_fix = '9.0 IF7';\n java_fix = '2.4.1.60531';\n}\nif(domino_ver =~ \"^9\\.0\\.1\"){\n domino_fix_raw = \"9.0.10.13287\";\n domino_fix = '9.0.1 FP2 IF3';\n java_fix = '2.4.2.65501';\n}\n\nif (ver_compare(ver:domino_ver, fix:domino_fix_raw, strict:FALSE) < 0 ||\n ver_compare(ver:java_ver, fix:java_fix, strict:FALSE) < 0){\n vuln = TRUE;\n}else{\n audit(AUDIT_INST_VER_NOT_VULN, \"IBM Domino \", domino_ver);\n}\n\n\nif(vuln){\n report =\n 'The version of IBM Domino is vulnerable to TLS Padding attacks:' + \n '\\n Path : ' + path +\n '\\n Domino installed version : ' + domino_ver +\n '\\n Domino installed java : ' + java_ver +\n '\\n Domino fixed version : ' + domino_fix +\n '\\n Java fixed version : ' + java_fix +\n '\\n' ;\n security_report_v4(port:port, extra:report, severity:SECURITY_WARNING);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"IBM Domino \", domino_ver, path);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T16:38:35", "description": "The remote Mac OS X 10.9 host has a version of OS X Server installed that is prior to version 3.2.2. It is, therefore, affected by an information disclosure vulnerability.\n\nAn error exists related to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. A man-in-the-middle attacker can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. This is also known as the 'POODLE' issue.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2014-10-21T00:00:00", "type": "nessus", "title": "Mac OS X : OS X Server < 3.2.2 SSLv3 Information Disclosure (POODLE)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2018-07-14T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x_server"], "id": "MACOSX_SERVER_3_2_2.NASL", "href": "https://www.tenable.com/plugins/nessus/78600", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78600);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/07/14 1:59:36\");\n\n script_cve_id(\"CVE-2014-3566\");\n script_bugtraq_id(70574);\n script_xref(name:\"CERT\", value:\"577193\");\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2014-10-16-4\");\n\n script_name(english:\"Mac OS X : OS X Server < 3.2.2 SSLv3 Information Disclosure (POODLE)\");\n script_summary(english:\"Checks the OS X Server version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\"The remote host is missing a security update for OS X Server.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Mac OS X 10.9 host has a version of OS X Server installed\nthat is prior to version 3.2.2. It is, therefore, affected by an\ninformation disclosure vulnerability.\n\nAn error exists related to the way SSL 3.0 handles padding bytes when\ndecrypting messages encrypted using block ciphers in cipher block\nchaining (CBC) mode. A man-in-the-middle attacker can decrypt a\nselected byte of a cipher text in as few as 256 tries if they are able\nto force a victim application to repeatedly send the same data over\nnewly created SSL 3.0 connections. This is also known as the 'POODLE'\nissue.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.apple.com/kb/HT6527\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/archive/1/533724/30/0/threaded\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.imperialviolet.org/2014/10/14/poodle.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/~bodo/ssl-poodle.pdf\");\n script_set_attribute(attribute:\"see_also\", value:\"https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Mac OS X Server version 3.2.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x_server\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"macosx_server_services.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"MacOSX/Server/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\nif (!ereg(pattern:\"Mac OS X 10\\.9([^0-9]|$)\", string:os)) audit(AUDIT_OS_NOT, \"Mac OS X 10.9\");\n\nversion = get_kb_item_or_exit(\"MacOSX/Server/Version\");\n\nfixed_version = \"3.2.2\";\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version + \n '\\n';\n security_warning(port:0, extra:report);\n }\n else security_warning(0);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, \"OS X Server\", version);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-18T14:40:49", "description": "New features :\n\n - Send list of compliance reasons on dbus\n\n - Added client-side support for --matches on the list command.\n\nSecurity :\n\n - 1153375: Support TLSv1.2 and v1.1 by default.\n (CVE-2014-3566)\n\nBug fixes :\n\n - 1120772: Don't traceback on missing /ostree/repo\n\n - 1094747: add appdata metdata file\n\n - 1122107: Clarify registration --consumerid option in manpage.\n\n - 1151925: Improved filtered listing output when results are empty.\n\n - 990183: Add a manpage for rhsm.conf\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2014-11-07T00:00:00", "type": "nessus", "title": "Fedora 20 : python-rhsm-1.13.6-1.fc20 / subscription-manager-1.13.6-1.fc20 (2014-13781)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-3566"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:python-rhsm", "p-cpe:/a:fedoraproject:fedora:subscription-manager", "cpe:/o:fedoraproject:fedora:20"], "id": "FEDORA_2014-13781.NASL", "href": "https://www.tenable.com/plugins/nessus/78904", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-13781.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(78904);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_bugtraq_id(70574);\n script_xref(name:\"FEDORA\", value:\"2014-13781\");\n\n script_name(english:\"Fedora 20 : python-rhsm-1.13.6-1.fc20 / subscription-manager-1.13.6-1.fc20 (2014-13781)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New features :\n\n - Send list of compliance reasons on dbus\n\n - Added client-side support for --matches on the list\n command.\n\nSecurity :\n\n - 1153375: Support TLSv1.2 and v1.1 by default.\n (CVE-2014-3566)\n\nBug fixes :\n\n - 1120772: Don't traceback on missing /ostree/repo\n\n - 1094747: add appdata metdata file\n\n - 1122107: Clarify registration --consumerid option in\n manpage.\n\n - 1151925: Improved filtered listing output when results\n are empty.\n\n - 990183: Add a manpage for rhsm.conf\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-November/142781.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c73bbfad\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-November/142782.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cc163277\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected python-rhsm and / or subscription-manager\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:python-rhsm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:subscription-manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"python-rhsm-1.13.6-1.fc20\")) flag++;\nif (rpm_check(release:\"FC20\", reference:\"subscription-manager-1.13.6-1.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python-rhsm / subscription-manager\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "ibm": [{"lastseen": "2023-02-21T05:49:22", "description": "## Summary\n\nSSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack. SSL_TLS is enabled by default in embedded Build Forge in some pages. \n\n## Vulnerability Details\n\n| **Subscribe to My Notifications to be notified of important product support alerts like this.**\n\n * Follow [this link](<https://www.ibm.com/systems/support/myview/subscription/css.wss/subscriptions?methodName=startSearchToSubscribe&uctug_rational_dcfsbblurb_2013-11-05_myn_adoption_promo>) for more information (requires login with your IBM ID) \n---|--- \n \n**CVE ID:** [_CVE-2014-3566_](<https://vulners.com/cve/CVE-2014-3566>)** \n** \n**Description: **IBM WebSphere Application could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections. \n \n**CVSS Base Score:** 4.3 \n**CVSS Temporal Score:** See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/97013>_ for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n\n## Affected Products and Versions\n\nRational Automation Framework 3.0.1, 3.0.1.1, 3.0.1.2, and 3.0.1.3 on all supported platforms.\n\n## Remediation/Fixes\n\nNone\n\n## Workarounds and Mitigations\n\nYou can change the configuration file by the following steps to disable the SSLv3. \n \n**Note:** **rafinstall** is used below to represent the installation directory you have chosen to place Rational Automation Framework. \n \n**Procedure:** \n \n1\\. Open embedded Build Forge console in browser at http://<rafconsole>/bfui \n \n2\\. Go to **Administration > Security-SSL** \n \n3\\. Change all the SSL_TLS/SSLv3/SSL to **TLSv1** and save \n \n4\\. Backup the `bfclient.conf` file \n\n * By default the `bfclient.conf` is under **\\rafinstall** on Windows\n * By default the `bfclient.conf` is under **/rafinstall/<platform>** on Linux and UNIX \n\n5\\. Go to **Administration > Security** \n \n6\\. Click **Update Master BFClient.conf \n \n**7\\. Stop Rational Automation Framework \n \n8\\. Change the Apache `ssl.conf` config file \n\n * By default the `ssl.conf` is under **\\rafinstall\\Apache\\Conf\\ssl\\** on Windows\n * By default the `ssl.conf` is under **/rafinstall/server/apache/conf/ssl/** on Linux and UNIX \n\n9\\. Update the following line \n * From: `SSLProtocol -ALL +SSLv3 +TLSv1 \n`To: `SSLProtocol -ALL +TLSv1 \n`\n10\\. Change the Tomcat `server.conf` config \n\n * By default the `server.conf` is under **\\rafinstall\\Apache\\tomcat\\conf\\** on Windows\n * By default the `server.conf` is under **/rafinstall/server/tomcat/conf/** on Linux and UNIX \n\n11\\. Find the `sslProtocol=\"SSL_TLS\"` line and change the `SSL_TLS` to **TLS** and save \n \n**Note:** If Rational Automation Framework is installed with WebSphere Application Server, this step is _not_ required \n \n12\\. Start Rational Automation Framework \n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2018-06-17T04:58:17", "type": "ibm", "title": "Security Bulletin: Rational Automation Framework Security Advisory (CVE-2014-3566)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2018-06-17T04:58:17", "id": "E0C9BAECEFA76A39F668375CCE1FEF586F0BFB09CFFC885A638463548385207C", "href": "https://www.ibm.com/support/pages/node/518331", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T05:36:59", "description": "## Summary\n\nSSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack. SSLv3 is enabled in IBM Security Network Intrusion Prevention System.\n\n## Vulnerability Details\n\n \n**CVE-ID**: [_CVE-2014-3566_](<https://vulners.com/cve/CVE-2014-3566>) \n \n**DESCRIPTION**: Product could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections. \n \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/97013_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/97013>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n\n\n## Affected Products and Versions\n\n**Products: **GX3002, GX4002, GX4004, GX4004-v2, GX5008, GX5008-v2, GX5108, GX5108-v2, GX5208, GX5208-v2, GX6116, GX7412, GX7412-10, GX7412-05, GX7800, GV200, GV1000 \n**Firmware versions: **4.6.2, 4.6.1, 4.6, 4.5, 4.4, and 4.3\n\n## Remediation/Fixes\n\nThe following IBM Threat Fixpacks have the fixes for these vulnerabilities: \n\n * [__4.6.2.0-ISS-ProvG-AllModels-System-FP0003__](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security+Systems&product=ibm/Tivoli/Proventia+Network+Intrusion+Prevention+System&release=All&platform=All&function=all>)__ \n___for all IBM Security Network Intrusion Prevention System products at Firmware version 4.6.2_\n * [__4.6.1.0-ISS-ProvG-AllModels-System-FP0007__](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security+Systems&product=ibm/Tivoli/Proventia+Network+Intrusion+Prevention+System&release=All&platform=All&function=all>)_ \nfor all IBM Security Network Intrusion Prevention System products at Firmware version 4.6.1_\n * [__4.6.0.0-ISS-ProvG-AllModels-System-FP0005__](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security+Systems&product=ibm/Tivoli/Proventia+Network+Intrusion+Prevention+System&release=All&platform=All&function=all>)_ \nfor all IBM Security Network Intrusion Prevention System products at Firmware version 4.6_\n * [__4.5.0.0-ISS-ProvG-AllModels-System-FP0007__](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security+Systems&product=ibm/Tivoli/Proventia+Network+Intrusion+Prevention+System&release=All&platform=All&function=all>)_ \nfor all IBM Security Network Intrusion Prevention System products at Firmware version 4.5_\n * [__4.4.0.0-ISS-ProvG-AllModels-System-FP0007__](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security+Systems&product=ibm/Tivoli/Proventia+Network+Intrusion+Prevention+System&release=All&platform=All&function=all>)_ \nfor all IBM Security Network Intrusion Prevention System products at Firmware version 4.4_\n * [__4.3.0.0-ISS-ProvG-AllModels-System-FP0005__](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security+Systems&product=ibm/Tivoli/Proventia+Network+Intrusion+Prevention+System&release=All&platform=All&function=all>) \n_for all IBM Security Network Intrusion Prevention System products at Firmware version 4.3_\n * \nIBM recommends that you review your entire environment to identify areas that enable the SSLv3 protocol and take appropriate mitigation and remediation actions. The most immediate mitigation action that can be taken is disabling SSLv3. \n\n## Workarounds and Mitigations\n\nNone \n \n**\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2022-02-23T19:48:26", "type": "ibm", "title": "Security Bulletin: Vulnerability in SSLv3 affects IBM Security Network Intrusion Prevention System (CVE-2014-3566)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2022-02-23T19:48:26", "id": "EC3E23A99CFAAD88B2FA49B712651D754EE84446F6DFEB6CC3571A65A744E234", "href": "https://www.ibm.com/support/pages/node/518251", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-13T05:38:23", "description": "## Summary\n\nSSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack. SSLv3 is enabled in TS2900.\n\n## Vulnerability Details\n\n**CVE-ID**: [_CVE-2014-3566_](<https://vulners.com/cve/CVE-2014-3566>) \n \n**DESCRIPTION**: Product could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections. \n \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/97013_](<http://xforce.iss.net/xforce/xfdb/97013>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\n## Affected Products and Versions\n\nFirmware versions below 0036.\n\n## Remediation/Fixes\n\nApply firmware version 0036 or later, available from IBM Fix Central \n[_http://www-933.ibm.com/support/fixcentral/_](<http://www-933.ibm.com/support/fixcentral/>). This fix removes SSL 3.0 support.\n\n## Workarounds and Mitigations\n\nDisable SSL 3.0 on any web browsers that are used to access the web user interface of the tape library. \n \nIBM recommends that you review your entire environment to identify areas that enable the SSLv3 protocol and take appropriate mitigation and remediation actions. The most immediate mitigation action that can be taken is disabling SSLv3. You should verify disabling SSLv3 does not cause any compatibility issues.\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2018-06-18T00:08:53", "type": "ibm", "title": "Security Bulletin: Vulnerability in SSLv3 affects TS2900 (CVE-2014-3566)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2018-06-18T00:08:53", "id": "814968E8DA38BD4EDC807F81466A9CB916F361B3980B9334A6F6CBDE0DD07FFC", "href": "https://www.ibm.com/support/pages/node/690085", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T05:52:18", "description": "## Summary\n\nSSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack. This affects IBM Tivoli Access Manager for e-business components that use SSLv3 including WebSEAL and pdadmin.\n\n## Vulnerability Details\n\n \nThe following vulnerability affects IBM Tivoli Access Manager for e-business: \n \n**CVE-ID**: [_CVE-2014-3566_](<https://vulners.com/cve/CVE-2014-3566>) \n \n**DESCRIPTION**: IBM Tivoli Access Manager for e-business could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections. \n \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/97013_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/97013>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\n## Affected Products and Versions\n\nIBM Tivoli Access Manager for e-business versions 5.1, 6.0, 6.1 and 6.1.1.\n\n## Remediation/Fixes\n\nThe table below provides links to patches for all affected versions. Follow the installation instructions in the README file included with the patch. \n \nIf you are using any Access Manager components on WebSphere, apply the WebSphere interim fix at [_http://www-01.ibm.com/support/docview.wss?uid=swg21687173_](<http://www-01.ibm.com/support/docview.wss?uid=swg21687173>) before applying the appropriate Tivoli Access Manager for e-business interim fix from the table below. \n\n\n_Product_| _VRMF_| _APAR_| _Remediation_ \n---|---|---|--- \n_IBM Tivoli Access Manager for e-business _ | _5.1_| _IV67364_| [_5.1.0-TIV-TAM-IF0043_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Tivoli+Access+Manager+for+e-business&release=5.1.0&platform=All&function=all>) \n_IBM Tivoli Access Manager for e-business_ | _6.0_| _IV67364_| [_6.0.0-ISS-TAM-IF0035_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Tivoli+Access+Manager+for+e-business&release=6.0.0&platform=All&function=all>)_ _ \n \n_IBM Tivoli Access Manager for e-business __ _| _6.1_| _IV67368_| [_6.1.0-ISS-TAM-IF0016_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Tivoli+Access+Manager+for+e-business&release=6.1.0&platform=All&function=all>) \n_IBM Tivoli Access Manager for e-business __ _| _6.1.1_| _IV67364_| [_6.1.1-ISS-TAM-IF0013_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Tivoli+Access+Manager+for+e-business&release=6.1.1&platform=All&function=all>) \n \nCustomers using Tivoli Access Manager for e-business version 5.1 should upgrade to a supported version of the product. \n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2018-06-16T21:21:08", "type": "ibm", "title": "Security Bulletin: Vulnerability in SSLv3 affects IBM Tivoli Access Manager for e-business (CVE-2014-3566)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2018-06-16T21:21:08", "id": "301B538BBFC46479C631567610002A3C90A71686F341C9C711106324BEB1487D", "href": "https://www.ibm.com/support/pages/node/520707", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-03-13T09:41:22", "description": "## Summary\n\nSSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack. SSLv3 is enabled in IBM HTTP Server and IBM WebSphere Application Server, used by the IBM products listed below.\n\n## Vulnerability Details\n\n**CVE ID**:** **[](<https://vulners.com/cve/CVE-2014-3566>)[CVE-2014-3566](<https://vulners.com/cve/CVE-2014-3566>) \n \nDescription: Product could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections. \nDetailed description at [us-cert.gov](<https://www.us-cert.gov/ncas/alerts/TA14-290A>). \n \nIBM HTTP Server and IBM WebSphere Application Server may both be vulnerable, because SSLv3 is enabled by default both in IBM HTTP Server and in IBM WebSphere Application Server. \n \n**CVSS**: \n[](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3566>)[CVSS Base Score: 4.3](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3566>) (medium) \n[CVSS Impact Score: 2.9](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3566>) (low) \n[CVSS Exploitability Score: 8.6](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3566>) (high) \n[CVSS Temporal Score: Undefined](<http://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2014-3566>); See also <https://exchange.xforce.ibmcloud.com/vulnerabilities/97013> \n[CVSS Environmental Score*: Undefined](<http://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2014-3566>) \n[CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N](<http://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2014-3566>)\n\n## Affected Products and Versions\n\nThis vulnerability affects all versions and releases of the IBM HTTP Server component in all editions of WebSphere Application Server and bundling products; and all versions and releases of IBM WebSphere Application Server in: \n \n \n\n\nVersions 1.5 and 1.6, all sub-versions, of\n\n * IBM Intelligent Operations Center\n * IBM Intelligent Operations for Water\n * IBM Intelligent Operations for Transportation\n * IBM Intelligent City Planning and Operations\n \nand \n\n * IBM Chemical and Petroleum Integrated Information Frameworks v1.4\n * IBM Integrated Information Core v 1.5\n\n## Remediation/Fixes\n\nNone\n\n## Workarounds and Mitigations\n\n**Assumptions ** \n \n_IBM Intelligent Operations Center Product Family_ \nThese procedures assume some familiarity with Linux usage. \n \nAll the steps should be run as the root user unless otherwise noted. \n\nFor IBM Intelligent Operations Center product family systems the Administrator might want to temporarily enable remote root log on, which is disabled by cyber hygiene. See [Re-enabling remote root log on](<http://pic.dhe.ibm.com/infocenter/cities/v1r5m0/index.jsp?topic=%2Fcom.ibm.ioc.doc%2Fba_install_root_logon.html&resultof%3D%2522%2572%256f%256f%2574%2522%2520%2522%256c%256f%2567%2569%256e%2522%2520>) in the Intelligent Operations Center product documentation.\n\n \n \n_IBM Chemical and Petroleum Integrated Information Frameworks v1.4 and IBM Integrated Information Core v 1.5._ \nThese procedures assume some familiarity with Windows usage. \n \n**Reconfigure the IBM HTTP Server**** ** \nFollow instructions in [IBM Security Bulletin: Vulnerability in SSLv3 affects IBM HTTP Server (CVE-2014-3566)](<http://www-01.ibm.com/support/docview.wss?uid=swg21687172>). \n\nInstructions include adding a directive to a configuration file and then stopping and restarting IHS for the changes to take affect.\n\n \n_IBM Intelligent Operations Center Product Family_ \nIBM HTTP Server is on the Web server (v.1.6) or on the Application server (v.1.5). \n\nIn v.1.5 IBM HTTP Server is [on the Application server](<http://pic.dhe.ibm.com/infocenter/cities/v1r5m0/index.jsp?topic=%2Fcom.ibm.ioc.doc%2Fcct_http_test.html&resultof%3D%2522%2548%2554%2554%2550%2522%2520%2522%2568%2574%2574%2570%2522%2520%2522%2573%2565%2572%2576%2565%2572%2522%2520>), although not listed as one of the components in [Products and components included with the IBM Intelligent Operations Center v.1.5](<http://pic.dhe.ibm.com/infocenter/cities/v1r5m0/index.jsp?topic=%2Fcom.ibm.ioc.doc%2Fref_intro.html>). \n\nThere is no need to restart all services in IBM Intelligent Operations Center, IBM Intelligent Operations for Water, IBM Intelligent Operations for Transportation, or IBM Intelligent City Planning and Operations.\n\n \n_IBM Chemical and Petroleum Integrated Information Frameworks v1.4 and IBM Integrated Information Core v 1.5._ \nLocate the IBM HTTP Server and follow the instructions referenced above. \n\n**Optionally reconfigure the IBM WebSphere Application Server** \n \nIt should not be necessary to remove this vulnerability in IBM WebSphere Application Server as it is used in these applications, because the WebSphere Application Server port is not used to communicate outside of this machine cluster. All communications to the outside go through the HTTP server. One may nevertheless proceed out of an abundance of caution, if desired.\n\n \n \nFollow instructions in [IBM Security Bulletin: Vulnerability in SSLv3 affects WebSphere Application Server (CVE-2014-3566)](<http://www-01.ibm.com/support/docview.wss?uid=swg21687173>). \n\nInstructions include, from the Administrator console, changing the SSL protocol, running a command-line task, modifying a properties file, applying and saving, and in some cases restarting nodes and node agents.\n\n \n \n_IBM Intelligent Operations Product Family_\n\nWebSphere Application Server runs in several versions on several servers. To determine which servers have instances of WebSphere Application Server, see in all cases documentation on IBM Intelligent Operations Center, which is the foundation on top of which IBM Intelligent Operations for Water, IBM Intelligent Operations for Transportation, and IBM Intelligent City Planning and Operations are run.\n\nFor v.1.5 versions of IBM Intelligent Operations Center, IBM Intelligent Operations for Water, or IBM Intelligent Operations for Transportation see [Products and components included with the IBM Intelligent Operations Center v.1.5](<http://pic.dhe.ibm.com/infocenter/cities/v1r5m0/index.jsp?topic=%2Fcom.ibm.ioc.doc%2Fref_intro.html>). \n\nFor v.1.6 versions of IBM Intelligent Operations Center, IBM Intelligent Operations for Water, IBM Intelligent Operations for Transportation, or IBM Intelligent City Planning and Operations Transportation see [Products and components included with the IBM Intelligent Operations Center v.1.6](<http://pic.dhe.ibm.com/infocenter/cities/v1r6m0/index.jsp?topic=%2Fcom.ibm.ioc.doc%2Fref_intro.html>) in a standard or high-availability topology.\n\nThere is no need to restart all services in IBM Intelligent Operations Center, IBM Intelligent Operations for Water, IBM Intelligent Operations for Transportation, or IBM Intelligent City Planning and Operations.\n\n \n \n_IBM Chemical and Petroleum Integrated Information Frameworks v1.4 and IBM Integrated Information Core v 1.5._\n\nLocate the IBM WebSphere Application Servers and follow the instructions referenced above.\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2022-08-19T18:23:31", "type": "ibm", "title": "Security Bulletin: Vulnerability in SSLv3 affects IBM Intelligent Operations Center and related products, and Integrated Information Core (CVE-2014-3566)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2022-08-19T18:23:31", "id": "3646DAD163BA0A8E0A9E8DF2F16916F37F637C31CF558A434D42601D980745CD", "href": "https://www.ibm.com/support/pages/node/254315", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-02-24T00:34:03", "description": "## Question\n\nHow do you locate CVE-related bulletins for your IBM Infrastructure Security product?\n\n## Answer\n\n**_Finding all CVEs covered in firmware releases for appliances_**\n\n 1. Access the [IBM Support Portal](<http://www.ibm.com/support/entry/portal/support>).\n 2. Under **Product finder**, enter the name for the product you want to search for. For a list of all the product aliases under Infrastructure Security, see [Technote 1643250: IBM Security Systems Infrastructure product aliases](<http://www.ibm.com/support/docview.wss?uid=swg21643250>). Once it is found, click the product to select it. \nIn this example, we will search for the Network Protection (XGS) appliance. \n![](/support/pages/system/files/support/swg/sectech.nsf/0/7a57c456708aa6f385257e62007120df/Content/0.492.gif)\n 3. Under the product page, click the **Flashes, alerts and bulletins** link under **Product support content**.\n 4. Here you find all the flashes, alerts, and bulletins for all firmware versions. To see a specific firmware version, go to the **Filters by version** and select the appropriate version. In our example, we only want to see flashes, alerts, and bulletins for firmware 5.3. \n![](/support/pages/system/files/support/swg/sectech.nsf/0/7a57c456708aa6f385257e62007120df/Content/0.2818.gif)\nYou will see a list of all the flashes, alerts, and bulletins for the particular firmware. This list shows the CVEs covered in that firmware versions. \n \n \n**_Finding one specific CVE in firmware of appliance_**\n\n 1. Repeat steps 1-3 in the first section.\n 2. Find the **Search within results** search box near the top. \n![](/support/pages/system/files/support/swg/sectech.nsf/0/7a57c456708aa6f385257e62007120df/Content/0.445E.gif)\n 3. Search for the specific CVE that you want to find. In this example, we are searching for CVE-2014-3566. \n![](/support/pages/system/files/support/swg/sectech.nsf/0/7a57c456708aa6f385257e62007120df/Content/0.5D58.gif)\nAlternatively, you can go to the [IBM Product Security Incident Response](<https://www.ibm.com/blogs/psirt/>) page and search for the CVE. As this is not filtered by product, you can enter the desired product in your search term. For example, if you wanted to see CVE-2014-3566 coverage for the XGS, you can search for \"CVE-2014-3566 IBM Security Network Protection.\" Otherwise, you get results for all products this applies to. You might find the option above to be easier to find the specific CVE you are looking for. \n \n \n**_Finding all CVE fixes included in a patch_**\n\n 1. Repeat steps 1-4 in the first section to filter by appropriate firmware.\n 2. Find the **Search within results** search box.\n 3. Search for the latest bulletin that uses the same naming convention as the patch. For example, search for **_4.6.2.0-ISS-ProvG-AllModels-System-FP0004_** to find bulletins for this particular patch for the Network IPS (GX). \n**Note: **System patches are normally cumulative. So all bulletins found whose remediation fix match the naming convention of this patch and whose FP level is at that level or lower (004 or lower in the example), they are covered by the patch.\n\n[{\"Product\":{\"code\":\"SSHLHV\",\"label\":\"IBM Security Network Protection\"},\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Component\":\"General Information\",\"Platform\":[{\"code\":\"PF009\",\"label\":\"Firmware\"}],\"Version\":\"Version Independent\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB24\",\"label\":\"Security Software\"}},{\"Product\":{\"code\":\"SS9SBT\",\"label\":\"Proventia Network Intrusion Prevention System\"},\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Component\":\"General Information\",\"Platform\":[{\"code\":\"PF009\",\"label\":\"Firmware\"}],\"Version\":\"Version Independent\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB24\",\"label\":\"Security Software\"}},{\"Product\":{\"code\":\"SSETBF\",\"label\":\"IBM Security SiteProtector System\"},\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Component\":\"Vulnerability (CVE)\",\"Platform\":[{\"code\":\"PF033\",\"label\":\"Windows\"}],\"Version\":\"Version Independent\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB24\",\"label\":\"Security Software\"}}]", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 3.4, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 1.4}, "published": "2021-01-23T22:22:35", "type": "ibm", "title": "Locating CVE-related bulletins for your Infrastructure Security product", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2021-01-23T22:22:35", "id": "35CEED27807DC1F06172146BBF8FEE7FFB0F2AF8AE15F30DAC2EB519801637DC", "href": "https://www.ibm.com/support/pages/node/529371", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T05:52:15", "description": "## Summary\n\nA security vulnerability has been discovered in Network Security Services (NSS) used with IBM Security Network Protection. This update adds support for the TLS Fallback Signaling Cipher Suite Value (TLS_FALLBACK_SCSV), which can be used to prevent protocol downgrade attacks against applications which re-connect using a lower SSL/TLS protocol version when the initial connection indicating the highest supported protocol version fails.\n\n## Vulnerability Details\n\n \n**CVEID:**[_CVE-2014-3566_](<https://vulners.com/cve/CVE-2014-3566>) \n \n**DESCRIPTION: **Multiple products could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via the POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and calculate the plaintext of secure connections. \n \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/97013_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/97013>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N\n\n## Affected Products and Versions\n\nProducts: IBM Security Network Protection (XGS) models 3100, 4100, 5100, 7100 \nFirmware versions: 5.2 and 5.3\n\n## Remediation/Fixes\n\nIBM has provided fixes for all supported versions. Follow the installation instructions in the README files included with the fix. \n\n\n * Firmware 5.2: [_5.2.0.0-ISS-XGS-All-Models-Hotfix-FP0008_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security+Systems&product=ibm/Tivoli/IBM+Security+Network+Protection&release=5.2&platform=All&function=all>)\n * Firmware 5.3: Firmware Update 5.3.0.5 for IBM Security Network Protection products at version 5.3** **[_https://ibmss.flexnetoperations.com/_](<https://ibmss.flexnetoperations.com/>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2018-06-16T21:22:25", "type": "ibm", "title": "Security Bulletin: IBM Security Network Protection is affected by a NSS vulnerability (CVE-2014-3566)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2018-06-16T21:22:25", "id": "AF1A2AFC7CB48695F42467DC6626570D2A7797795C71348461D189D6DA28509A", "href": "https://www.ibm.com/support/pages/node/526795", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-06-28T22:05:53", "description": "## Summary\n\nSSLv3 POODLE Attack (CVE-2014-3566) impacts IBM Service Deliver Manager.\n\n## Vulnerability Details\n\nReview the following security bulletins for vulnerability details and information about fixes: \n\n\n * [Security Bulletin: Vulnerability in SSLv3 affects IBM WebSphere Application Server (CVE-2014-3566)](<http://www.ibm.com/support/docview.wss?uid=swg21687173>) \n \n\n * [Security Bulletin: Vulnerability in SSLv3 affects IBM HTTP Server (CVE-2014-3566)](<http://www.ibm.com/support/docview.wss?uid=swg21687172>) \n \n\n * [Security Bulletin: Vulnerability in SSLv3 affects IBM Tivoli Monitoring (CVE-2014-3566)](<http://www.ibm.com/support/docview.wss?uid=swg21691775>) \n \n**Note:** Only apply the patch on the IBM Tivoli Monitoring server and endpoints. Do not make the workaround changes for endpoints as mentioned in this ITM bulletin. \n \n\n * [Security Bulletin: Vulnerability in SSLv3 affects SmartCloud Cost Management / Tivoli Usage and Accounting Manager (CVE-2014-3566)](<http://www.ibm.com/support/docview.wss?uid=swg21691886>) \n \n\n * [Security Bulletin: Vulnerability in SSLv3 affects Directory Server (CVE-2014-3566)](<http://www.ibm.com/support/docview.wss?uid=swg21687611>) \n \n**Note: ** If using AIX or Red Hat Enterprise Linux, upgrade from OpenSSL 0.9.8 to OpenSSL 0.9.8zd. \n\n## Affected Products and Versions\n\n**Principal Product and Version(s)**\n\n| **Affected Supporting Product and Version** \n---|--- \nIBM Service Delivery Manager 7.x| WebSphere Application Server 6.1.0.0 through 6.1.0.47 \n \nIBM HTTP Server (All versions) \n \nIBM Tivoli Monitoring \n\n * Tivoli Enterprise Management Servers (TEMS) - 6.20 through 6.30 FP4 (all releases)\n * Agents \u2013 IBM Tivoli Monitoring Shared Libraries (ax component on UNIX/Linux) or Tivoli Enterprise Monitoring Agent Framework (GL component on Windows) - 6.20 through 6.30 FP4\n * Tivoli Enterprise Portal Server (TEPS)\n * embedded WebSphere Application Server \u2013 6.20 through 6.30 FP4\n * IBM HTTP Server (IHS) - 6.23 through 6.30 FP1\n * Portal server communication with portal clients\n * HTTP \u2013 6.23 through 6.30 FP1\n * IIOP - Not affected\n * SSL/IIOP \u2013 6.20 through 6.30 FP4\n * Situation Update Forwarder (SUF) \u2013 6.20 through 6.30 FP3\n \nSmartCloud Cost Management 2.1, 2.1.0.1, 2.1.0.2 \n \nTivoli Usage and Accounting Manager 7.3 (including all related fix packs) \n \nIBM Tivoli Directory Server 6.0, 6.1, 6.2, 6.3 \n \nIBM Security Directory Server 6.3.1 \n \nOpenSSL 0.9.8 \n \n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n* 18 January 2016: Updated links to bulletins \n* 06 January 2015: Original copy published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Product\":{\"code\":\"SSBH2C\",\"label\":\"IBM Service Delivery Manager\"},\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud & Data Platform\"},\"Component\":\"Security\",\"Platform\":[{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF033\",\"label\":\"Windows\"}],\"Version\":\"7.2.1;7.2.2;7.2.3;7.2.4\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}},{\"Product\":{\"code\":\"SSFG5E\",\"label\":\"Tivoli Service Automation Manager\"},\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud & Data Platform\"},\"Component\":\"Security\",\"Platform\":[{\"code\":\"PF033\",\"label\":\"Windows\"},{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"7.2.1;7.2.2;7.2.3;7.2.4\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}}]", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2018-06-17T22:32:17", "type": "ibm", "title": "Security Bulletin: SSLv3 POODLE Attack (CVE-2014-3566)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2018-06-17T22:32:17", "id": "4600571F6CE1CC296F684423035AFED51CBAFA3DBC1C24C76426526C65C05901", "href": "https://www.ibm.com/support/pages/node/523361", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T21:41:11", "description": "## Summary\n\nSSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack. SSLv3 is enabled in IBM SmartCloud Entry.\n\n## Vulnerability Details\n\nCVE-ID: CVE-2014-3566 \n \nDESCRIPTION: Product could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections. \n \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/97013> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\n## Affected Products and Versions\n\nIBM SmartCloud Entry 3.2 and earlier\n\n## Remediation/Fixes\n\nNone\n\n## Workarounds and Mitigations\n\nTo prevent the affected product from using SSLv3 protocol: \n \nEdit <configuration_directory>/server.property to change the value of property \"**org.eclipse.equinox.http.jetty.ssl.protocol**\" from \"**SSL_TLS**\"** **to \"**TLS**\", and use the sceappmgr tool to restart the IBM SmartCloud Entry(SCE) service. \nNote: the default <configuration_directory> for SCE 3._x_ is \"/var/opt/ibm/.SCE3_x_\". \n \nSSLv3 support will be completely removed by default in future releases. \n \nIBM recommends that you review your entire environment to identify areas that enable the SSLv3 protocol and take appropriate mitigation and remediation actions. The most immediate mitigation action that can be taken is disabling SSLv3. You should verify disabling SSLv3 does not cause any compatibility issues.\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2020-07-19T00:49:12", "type": "ibm", "title": "Security Bulletin: Vulnerability in SSLv3 affects IBM SmartCloud Entry (CVE-2014-3566)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2020-07-19T00:49:12", "id": "527B5E90CAB7DAC1C518A59BF77CDE34841C309262297FB18D36716B2A007A6D", "href": "https://www.ibm.com/support/pages/node/679777", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T01:52:57", "description": "## Summary\n\nSSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack. SSLv3 is enabled in Algo Credit Administrator\n\n## Vulnerability Details\n\n**CVE-ID**: [_CVE-2014-3566_](<https://vulners.com/cve/CVE-2014-3566>) \n \n**DESCRIPTION**: Product could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections. \n \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/97013_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/97013>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n\n\n## Affected Products and Versions\n\nIBM Algo Credit Administrator 2.2.0\n\n## Remediation/Fixes\n\nA fix has been created for version 2.2.0 of the named product. Download and install the fix as soon as practicable. Fix and installation instructions are provided at the URL listed below. \n \nFor versions prior to 2.2.0 IBM recommends upgrading to a fixed, supported version/release/platform of the product. \n \n \n\n\nPatch Number| Download URL \n---|--- \nACA 2.2.0_114| [_ACA 2.2.0_114 Windows Framework_](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&product=ibm/Information+Management/Algo+Credit+Manager&release=All&platform=All&function=fixId&fixids=2.2.0.0-Algo-ACAFramework-Win-if0114:0&includeSupersedes=0&source=fc&login=true>) \n[_ACA 2.2.0_114 AIX Framework_](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&product=ibm/Information+Management/Algo+Credit+Manager&release=All&platform=All&function=fixId&fixids=2.2.0.0-Algo-ACAFramework-AIX-if0114:0&includeSupersedes=0&source=fc&login=true>) \n[_ACA 2.2.0_114 RedHat Framework_](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&product=ibm/Information+Management/Algo+Credit+Manager&release=All&platform=All&function=fixId&fixids=2.2.0.0-Algo-ACAFramework-RHEL-if0114:0&includeSupersedes=0&source=fc&login=true>) \n[_ACA 2.2.0_114 Solaris Framework_](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&product=ibm/Information+Management/Algo+Credit+Manager&release=All&platform=All&function=fixId&fixids=2.2.0.0-Algo-ACAFramework-SOL-if0114:0&includeSupersedes=0&source=fc&login=true>) \n[_ACA 2.2.0_114 Applications_](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&product=ibm/Information+Management/Algo+Credit+Manager&release=All&platform=All&function=fixId&fixids=2.2.0.0-Algo-ACAapplications-if0114:0&includeSupersedes=0&source=fc&login=true>) \n[_ACA 2.2.0_114 Rendition_](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&product=ibm/Information+Management/Algo+Credit+Manager&release=All&platform=All&function=fixId&fixids=2.2.0.0-Algo-ACARendition-if0114:0&includeSupersedes=0&source=fc&login=true>) \n[_ACA 2.2.0_114 Documentation_](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&product=ibm/Information+Management/Algo+Credit+Manager&release=All&platform=All&function=fixId&fixids=2.2.0.0-Algo-ACAdocumentation-if0114:0&includeSupersedes=0&source=fc&login=true>) \n \n## Workarounds and Mitigations\n\nIBM recommends that you review your entire environment to identify areas that enable the SSLv3 protocol and take appropriate mitigation and remediation actions. The most immediate mitigation action that can be taken is disabling SSLv3. You should verify disabling SSLv3 does not cause any compatibility issues. \n \nTo disable the SSLv3 protocol in the Tomcat shipped as part of Algo Credit Administrator, edit $JLIB_CONFIG_DIR/apps/tomcat/cfg/conf/server.xml. Find the SSL connector and add the following two lines after the SSLEnabled=\"true\" line: \n \nsslProtocol=\"TLS\" \nsslEnabledProtocols=\"TLSv1.2,TLSv1.1,TLSv1\" \n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2018-06-15T22:33:45", "type": "ibm", "title": "Security Bulletin: Vulnerability in SSLv3 affects Algo Credit Administrator (CVE-2014-3566)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2018-06-15T22:33:45", "id": "7AD451AFF17F2B4F6EB9CD3090185A0E80620336B204FFA21179DB7F339B9F8F", "href": "https://www.ibm.com/support/pages/node/255083", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T01:52:52", "description": "## Summary\n\nSSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack. SSLv3 is enabled in Algo Credit Limits\n\n## Vulnerability Details\n\n**CVE-ID**: [_CVE-2014-3566_](<https://vulners.com/cve/CVE-2014-3566>) \n \n**DESCRIPTION**: Product could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections. \n \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/97013_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/97013>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n\n\n## Affected Products and Versions\n\nAlgo Credit Limits 4.7 and earlier\n\n## Remediation/Fixes\n\nA fix has been created for version 4.5.0.05 and 4.7.0.03 of the named product. Download and install the fix as soon as practicable. Fix and installation instructions are provided at the URL listed below. \n \nFor versions prior to 4.7.0 IBM recommends upgrading to a fixed, supported version/release/platform of the product. \n \n \n\n\nPatch Number| Download URL \n---|--- \nACLM 4.7.0.03 FP6| [_ACL 4.7.0.03 FP6 Solaris Oracle_](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&product=ibm/Information+Management/Algo+Credit+Manager&release=All&platform=All&function=fixId&fixids=4.7.0.03-Algo-CreditLimits-SolOra-fp0006:0&includeSupersedes=0&source=fc&login=true>) \n[_ACL 4.7.0.03 FP6 Solaris DB2_](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&product=ibm/Information+Management/Algo+Credit+Manager&release=All&platform=All&function=fixId&fixids=4.7.0.03-Algo-CreditLimits-SolDB2-fp0006:0&includeSupersedes=0&source=fc&login=true>) \n[_ACL 4.7.0.03 FP6 RedHat Oracle_](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&product=ibm/Information+Management/Algo+Credit+Manager&release=All&platform=All&function=fixId&fixids=4.7.0.03-Algo-CreditLimits-RHES-fp0006:0&includeSupersedes=0&source=fc&login=true>) \n[_ACL 4.7.0.03 FP6 AIX Oracle_](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&product=ibm/Information+Management/Algo+Credit+Manager&release=All&platform=All&function=fixId&fixids=4.7.0.03-Algo-CreditLimits-AIX-fp0006:0&includeSupersedes=0&source=fc&login=true>) \n[_ACL 4.7.0.03 FP6 Window GUI Oracle_](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&product=ibm/Information+Management/Algo+Credit+Manager&release=All&platform=All&function=fixId&fixids=4.7.0.03-Algo-CreditLimits-WinOra-fp0006:0&includeSupersedes=0&source=fc&login=true>) \n[_ACL 4.7.0.03 FP6 Window GUI DB2_](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&product=ibm/Information+Management/Algo+Credit+Manager&release=All&platform=All&function=fixId&fixids=4.7.0.03-Algo-CreditLimits-WinDB2-fp0006:0&includeSupersedes=0&source=fc&login=true>) \nACLM-TFOLC 4.5.0.05 IF9| [_ACL-TFOLC 4.5.0.05 IF9_](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&product=ibm/Information+Management/Algo+Credit+Manager&release=All&platform=All&function=fixId&fixids=4.5.0.5-Algo-CreditLimits-if0009-cs:0&includeSupersedes=0&source=fc&login=true>) \n \n## Workarounds and Mitigations\n\nIBM recommends that you review your entire environment to identify areas that enable the SSLv3 protocol and take appropriate mitigation and remediation actions. The most immediate mitigation action that can be taken is disabling SSLv3. You should verify disabling SSLv3 does not cause any compatibility issues. \n \nTo disable the SSLv3 protocol in the Tomcat shipped as part of Algo Credit Limits, edit $JLIB_CONFIG_DIR/apps/tomcat/cfg/conf/server.xml. Find the SSL connector and add the following two lines after the SSLEnabled=\"true\" line: \n \nsslProtocol=\"TLS\" \nsslEnabledProtocols=\"TLSv1.2,TLSv1.1,TLSv1\"\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2018-06-15T22:33:45", "type": "ibm", "title": "Security Bulletin: Vulnerability in SSLv3 affects Algo Credit Limits (CVE-2014-3566)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2018-06-15T22:33:45", "id": "9ACD7329FC1F831F1AB2B7D915AB63D8F111A7045260F93F9D9FAD2B89A76E99", "href": "https://www.ibm.com/support/pages/node/255081", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T01:39:58", "description": "## Summary\n\nSSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack. SSLv3 may be enabled in the Tivoli Netcool OMNIbus server components, including the Object Server, Process Agent, and Gateways. \n\n## Vulnerability Details\n\n**CVE-ID**: [_CVE-2014-3566_](<https://vulners.com/cve/CVE-2014-3566>) \n \n**DESCRIPTION**: Tivoli Netcool OMNIbus could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections. \n \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97013> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\n## Affected Products and Versions\n\nTivoli Netcool/OMNIbus 7.3.0 \nTivoli Netcool/OMNIbus 7.3.1 \nTivoli Netcool/OMNIbus 7.4.0 \nTivoli Netcool/OMNIbus 8.1.0\n\n## Remediation/Fixes\n\nNone\n\n## Workarounds and Mitigations\n\nTwo options (depending on versions):-\n\n1) Configure the OMNIbus server components to use FIPS mode that will disable SSLv3 by default in favour of the more recent and secure protocols such as TLSv1.0/v1.1/v1.2. FIPS mode configuration is described here: \n<http://www-01.ibm.com/support/knowledgecenter/SSSHTQ_7.4.0/com.ibm.netcool_OMNIbus.doc_7.4.0/omnibus/wip/install/concept/omn_con_fips_configuringsupport.html?lang=en> \n \nIBM recommends that you review your entire environment to identify areas that enable the SSLv3 protocol and take appropriate mitigation and remediation actions. The most immediate mitigation action that can be taken is disabling SSLv3.\n\n2) Or, with OMNIbus 7.4.0 FP 16 or OMNIbus 8.1.0 FP 15, it is possible to disable individual ciphers per protocol, and so all ciphers for the SSLv3 protocol can be disabled effectively disabling SSLv3 without having to enable FIPS mode. This work was completed under APAR IV97315. The documentation describing this can be found here:\n\n<https://www.ibm.com/support/knowledgecenter/en/SSSHTQ_8.1.0/com.ibm.netcool_OMNIbus.doc_8.1.0/omnibus/wip/admin/task/omn_adm_disableSSLTLScipers.html>\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2018-11-08T02:40:01", "type": "ibm", "title": "Security Bulletin: Vulnerability in SSLv3 affects Tivoli Netcool OMNIbus (CVE-2014-3566)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2018-11-08T02:40:01", "id": "124BC5B239FE67EC0AE43A8E0F0918B0BA544E977E72754946EBD146C916D64C", "href": "https://www.ibm.com/support/pages/node/254275", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T05:39:52", "description": "## Summary\n\nSSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack. SSLv3 is enabled in Sterling Control Center\n\n## Vulnerability Details\n\n \n**CVE-ID**: [_CVE-2014-3566_](<https://vulners.com/cve/CVE-2014-3566>) \n \n**DESCRIPTION**: Product could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plain text of encrypted connections. \n \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/97013_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/97013>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n\n\n## Affected Products and Versions\n\nIBM Sterling Control Center 5.4.2 through 5.4.2.1 iFix01 \nIBM Sterling Control Center 5.4.1 through 5.4.1.0 iFix02 \nIBM Sterling Control Center 5.4.0 through 5.4.0.1 iFix03 \nIBM Sterling Control Center 5.3 through 5.3.0.4 iFix02 \nIBM Sterling Control Center 5.2 through 5.2.12\n\n## Remediation/Fixes\n\n**Product**\n\n| **VRMF**| **APAR**| **How to Acquire Fix** \n---|---|---|--- \nSterling Control Center| 5.4.2.1 \niFix03| N/A| [](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other+software&product=ibm/Other+software/Sterling+Control+Center&release=5.4.2.1&platform=All&function=all>)[5.4.2.1 Fixes](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other+software&product=ibm/Other+software/Sterling+Control+Center&release=5.4.2.1&platform=All&function=all>) \nSterling Control Center| 5.4.1.0| N/A| Contact Support and request the latest 5.4.1.0 build fix package to be published for you on the ECuRep server. \nSterling Control Center| 5.4.0.1| N/A| Contact Support and request the latest 5.4.0.1 build fix package to be published for you on the ECuRep server. \nSterling Control Center| 5.3.04| N/A| Contact Support and request the latest 5.3 build fix package to be published for you on the ECuRep server. \nSterling Control Center| 5.2.12| N/A| Contact Support and request the latest 5.2 build fix package to be published for you on the ECuRep server. \n \n \n**Procedures to Disable SSLv3 for Sterling Control Center Secure Connections** \n \n**Engine <\\---> Classic GUI Console:** \n5.4.2.1 - Uncomment this line in the install-dir/conf/engine.properties file: com.ibm.jsse2.overrideDefaultProtocol=TLS \n5.4.0 and 5.4.1 - Add this line in the install-dir/conf/engine.properties file, com.ibm.jsse2.overrideDefaultProtocol=TLS \n5.2 and 5.3 - Add this property in the runEngine.bat|sh startup script -Dcom.ibm.jsse2.overrideDefaultProtocol=TLS \n \n**Web Server <\\---> browser (web UI):** \n5.4.2.1 - Uncomment this line in the install-dir/conf/engine.properties file: WEBSERVER_SECURE_PROTOCOL=TLS \n5.4.0 and 5.4.1 - Add this line in the install-dir/conf/engine.properties file: WEBSERVER_SECURE_PROTOCOL=TLS \n5.2 and 5.3 - Add this property In the runEngine.bat|sh startup script -DWEBSERVER_SECURE_PROTOCOL=TLS \n \n**Connect:Direct Browser Node Properties:** \nSet the Protocol radio button to TLS or other non-SSL value \n \n**Monitored Connect:Direct Servers:** \nDisable SSLv3 in the SCC GUI (select TLS in the Server Connections tab) \n \n**Monitored Sterling Integrator Servers:** \nDisable SSLv3 on the SI Server SCC InterOp adapter connection. \n \n**Database Connections:** \nDisable SSLv3 on the database server. \n \n \nIBM recommends that you review your entire environment to identify areas that enable the SSLv3 protocol and take appropriate mitigation and remediation actions. The most immediate mitigation action that can be taken is disabling SSLv3. You should verify disabling SSLv3 does not cause any compatibility issues. \n\n## Workarounds and Mitigations\n\nNone. \n\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2019-12-17T22:47:42", "type": "ibm", "title": "Security Bulletin: Vulnerability in SSLv3 affects Sterling Control Center (CVE-2014-3566)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2019-12-17T22:47:42", "id": "6266ACC74295FF2D138A1AAB20D50CCD4E8EC9EE7F50E0E59B801F06DD3FB722", "href": "https://www.ibm.com/support/pages/node/519081", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-06-28T22:15:56", "description": "## Summary\n\nSSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack. SSLv3 is enabled in Worklight Quality Assurance (WQA)\n\n## Vulnerability Details\n\n| **Subscribe to My Notifications to be notified of important product support alerts like this.**\n\n * Follow [this link](<https://www.ibm.com/systems/support/myview/subscription/css.wss/subscriptions?methodName=startSearchToSubscribe&uctug_rational_dcfsbblurb_2013-11-05_myn_adoption_promo>) for more information (requires login with your IBM ID) \n---|--- \n \n**CVE-ID**: [CVE-2014-3566](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566>) \n \n**Description**: Product could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections. \n \n**CVSS Base Score: **4.3 \n**CVSS Temporal Score:** See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/97013>_ for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n\n## Affected Products and Versions\n\nWorklight Quality Assurance: 6.0.0 \u2013 6.0.0.1\n\n## Remediation/Fixes\n\nNone\n\n## Workarounds and Mitigations\n\n**Disable SSLv3 in NGINX** \n \nSSLv3 is enabled by default, and is potentially used by HTTP and Mail services in NGINX. \n \n**Procedure:** \n\n\n 1. Locate any use of the directive ssl_protocols in your configuration that specifies the use of SSLv3, for example: \n \n`ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; \n \n`\n 2. Remove these directives, or change them to this: \n \n`ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # don\u2019t use SSLv3 ref: POODLE \n \n`\n 3. Change the default protocol support. \n \nLocate the http { } block in your nginx.conf configuration file and add the following line to the top of the block: \n \n`ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # don\u2019t use SSLv3 ref: POODLE \n \n`\n 4. Locate the mail { } block in your nginx.conf configuration file (if you have one) and add the same line to the top of the block. \n \n\n 5. Restart nginx using the command line: \n \n`# nginx \u2013s reload`\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Acknowledgement\n\nNone\n\n## Change History\n\n* 27 November 2014: Original copy published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Product\":{\"code\":\"SSFRDS\",\"label\":\"IBM MobileFirst Quality Assurance\"},\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud & Data Platform\"},\"Component\":\"General Information\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"6.0;6.0.0.1\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}}]", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2018-06-17T22:32:47", "type": "ibm", "title": "Security Bulletin: Vulnerability in SSLv3 affects WorkLight Quality Assurance (CVE-2014-3566)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2018-06-17T22:32:47", "id": "2DF4487CB3C4D7660AFDC280F9C0E84F0C2D6C5F4A2207259A023074EA35AD70", "href": "https://www.ibm.com/support/pages/node/520127", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T01:52:08", "description": "## Summary\n\nSSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack. SSLv3 is enabled in IBM SPSS Analytic Server.\n\n## Vulnerability Details\n\n**CVE-ID**: [CVE-2014-3566](<https://vulners.com/cve/CVE-2014-3566>) \n \n**DESCRIPTION**: Product could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections. \n \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97013> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n \n\n\n## Affected Products and Versions\n\nIBM SPSS Analytic Server 1.0.1 \n \n\n\n## Remediation/Fixes\n\nNone\n\n## Workarounds and Mitigations\n\nIBM recommends that you review your entire environment to identify areas that enable the SSLv3 protocol and take appropriate mitigation and remediation actions. The most immediate mitigation action that can be taken is disabling SSLv3. \n \nFollow the steps under \u201cFor WebSphere Application Server Liberty Profile\u201d in the link below: \n<http://www.ibm.com/support/docview.wss?uid=swg21687173> \n \nThe server.xml file for your Analytic Server installation can be found in the <install-dir>/ae_wlpserver/usr/servers/aeserver directory. \n\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2018-06-16T13:14:14", "type": "ibm", "title": "Security Bulletin: Vulnerability in SSLv3 affects IBM SPSS Analytic Server (CVE-2014-3566)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2018-06-16T13:14:14", "id": "E7A61D23F37BFE71387F349B7ABC627B2069E0DD06334950ECFFA79FDC6D4BE8", "href": "https://www.ibm.com/support/pages/node/254623", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T01:47:21", "description": "## Summary\n\nSSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack. SSLv3 is enabled in Tivoli Netcool Performance Manager (TNPM Wireless) through Tivoli Directory Server, IBM WebSphere Application Server and Apache Tomcat\n\n## Vulnerability Details\n\nCVE-ID: [_CVE-2014-3566_](<https://vulners.com/cve/CVE-2014-3566>) \n \nDESCRIPTION: Product could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections. \n \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97013> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n\n## Affected Products and Versions\n\nTNPM (Wireless) Version\n\n| Tivoli Directory Server| IBM WebSphere Application Server Version| Apache Tomcat Version (Ship with JBoss Application Server 4.0.3SP1) \n---|---|---|--- \n1.4| 6.3.0.0| 8.5.0.1 | 5.5.9 \n1.3.2| 6.3.0.0| 7.0 (embedded version)| 5.5.9 \n1.3.1| 6.2.0.7| 7.0 (embedded version)| 5.5.9 \nJBoss Application Server is a prerequisite software for TNPM (Wireless). Apache Tomcat is shipped with JBoss Application Server. \n\n## Remediation/Fixes\n\nNone\n\n## Workarounds and Mitigations\n\nSSLV3 users will want to disable SSLV3 on Tivoli Directory Server, IBM WebSphere Application Servers and Apache Tomcat. \n \nSee the following links for information on how to disable SSLv3 in Tivoli Directory Server, IBM WebSphere Application Servers and Apache Tomcat. \n\n * Tivoli Directory Server: [_http://www-01.ibm.com/support/docview.wss?uid=swg21687611_](<http://www-01.ibm.com/support/docview.wss?uid=swg21687611>)\n * IBM WebSphere Application Server: [_http://www.ibm.com/support/docview.wss?uid=swg21687173_](<http://www-01.ibm.com/support/docview.wss?uid=swg21687173>)\n * Apache Tomcat: [_https://access.redhat.com/solutions/1232233_](<https://access.redhat.com/solutions/1232233>)\n \nIBM recommends that you review your entire environment to identify other areas that enable the SSLv3 protocol and take appropriate mitigation such as disabling SSLv3 and remediation actions. \n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2018-06-17T14:51:52", "type": "ibm", "title": "Security Bulletin: Vulnerability in SSLv3 affects Tivoli Netcool Performance Manager(TNPM Wireless)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2018-06-17T14:51:52", "id": "42CD8D3219EBB2F9262228248E591AEF8A347AA1D644C8C78B1E5CF0F08F3525", "href": "https://www.ibm.com/support/pages/node/254777", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T01:40:43", "description": "## Summary\n\nSSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack. SSLv3 is enabled in IBM Rational Host On-Demand.\n\n## Vulnerability Details\n\n**CVE-ID**: [_CVE-2014-3566_](<https://vulners.com/cve/CVE-2014-3566>) \n \n**Description**: Product could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections. \n \n**CVSS Base Score:** 4.3 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97013> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\n## Affected Products and Versions\n\nIBM Rational Host On-Demand 11.0.10 and earlier.\n\n## Remediation/Fixes\n\nFix is available starting in version [Rational Host On-Demand 11.0.11](<http://www.ibm.com/support/docview.wss?uid=swg24038596>) \n \nClients who are on older unsupported versions of IBM Rational Host On-Demand are also advised to upgrade to IBM Rational Host On-Demand 11.0.11 or above.\n\n## Workarounds and Mitigations\n\nIBM recommends that you review your entire environment to identify areas that enable the SSLv3 protocol and take appropriate mitigation and remediation actions. The most immediate mitigation action that can be taken is disabling SSLv3. \n \nIf you have selected **_Telnet \u2013 SSL only _**protocol in HOD for secure connection to Host, please follow the below instructions to disable it. \n \n1\\. Open html file with deployment wizard on HOD sever \n \n \n2\\. Navigate to session properties \n \n \n3\\. Under connection, select **Telnet \u2013 TLS** protocol for secure connection \n \n \n4\\. Save the file by clicking **Next > Next** and access the file from client machine. \n \n \nAt the same time, ensure that the host (IBM System z, IBM System i, or any other VT hosts) have SSLv3 disabled at the Telnet server. \n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2018-08-03T04:23:43", "type": "ibm", "title": "Security Bulletin: Vulnerability in SSLv3 affects Host On-Demand (CVE-2014-3566)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2018-08-03T04:23:43", "id": "5B8DB5501CBFC5531660077D652EC3653D10336551B5D40917AE357AD7F4FB93", "href": "https://www.ibm.com/support/pages/node/254363", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T21:36:42", "description": "## Summary\n\nSSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack. SSLv3 is enabled in IBM/Cisco switches and directors. \n\n## Vulnerability Details\n\n**CVE-ID**: [_CVE-2014-3566_](<https://vulners.com/cve/CVE-2014-3566>) \n\n\n**DESCRIPTION**: Product could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections. \n\n\nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/97013_](<http://xforce.iss.net/xforce/xfdb/97013>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\n## Affected Products and Versions\n\n**Cisco switches running the 6.2.x and 5.2.x releases \nIBM MTM:**\n\n**9710-E06 **MDS 9706 Director \n\n**9711-S48 **MDS 9148S Switch \n\n**9710-E01 **MDS 9250i Multilayer Fabric Switch \n\n**9710-E08 **MDS 9710 Director \n\n**2054-E01 **MDS 9222i Multilayer Fabric Switch \n\n**2054-E04 **(2062-D04) MDS 9506 Multilayer Director \n\n**2054-E11 (**2062-E11) MDS 9513 Multilayer Director \n\n**2054-E07 **(2062-D07) MDS 9509 Multilayer Director \n\n**2053-424 **(2417-C24) MDS 9124 Fabric Switch \n\n**2053-434 **(2053-S34) MDS 9134 Fabric Switch \n\n**2417-C48 **MDS 9148 Fabric Switch \n\n**3722-S51 **5010 Switch \n\n**3722-S52 **5020 Switch\n\n## Remediation/Fixes\n\n**Release 5.2.8f:**_ \n_[_http://www.cisco.com/c/en/us/td/docs/switches/datacenter/mds9000/sw/5_2/release/notes/nx-os/mds_nxos_rn_528f.html_](<http://www.cisco.com/c/en/us/td/docs/switches/datacenter/mds9000/sw/5_2/release/notes/nx-os/mds_nxos_rn_528f.html>) \n** \nRelease 6.2.11b**:_ \n_[_http://www.cisco.com/c/en/us/td/docs/switches/datacenter/mds9000/sw/6_2/release/notes/nx-os/mds_nxos_rn_6_2_11b.html_](<http://www.cisco.com/c/en/us/td/docs/switches/datacenter/mds9000/sw/6_2/release/notes/nx-os/mds_nxos_rn_6_2_11b.html>)\n\n## Workarounds and Mitigations\n\nNA\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2022-08-20T00:54:31", "type": "ibm", "title": "Security Bulletin: Vulnerability in SSLv3 affects IBM/Cisco switches and directors (CVE-2014-3566)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2022-08-20T00:54:31", "id": "E94DE2A00A2C1D8282756AE6867DE9CFD231A5D1A7411CA8146CFF2E3FD9CE7D", "href": "https://www.ibm.com/support/pages/node/690315", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T01:49:04", "description": "## Summary\n\nSSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack. SSL_TLS is enabled by default in Build Forge in some pages. \n\n## Vulnerability Details\n\n \n**CVE ID:** [_CVE-2014-3566_](<https://vulners.com/cve/CVE-2014-3566>)** \n** \n**Description: **IBM WebSphere Application could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections. \n \n**CVSS Base Score:** 4.3 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97013> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n\n## Affected Products and Versions\n\nIBM Rational Build Forge versions 7.1.1, 7.1.2, 7.1.3 and 8.0\n\n## Workarounds and Mitigations\n\nYou can change the configuration file by the following steps to disable the SSLv3. \n \n**Note:** **bfinstall** is used below to represent the installation directory you have chosen to place Build Forge. \n \n**Procedure:** \n\n\n 1. Open Build Forge console in browser \n \n\n 2. Go to **Administration > Security-SSL** \n \n\n 3. Change all the SSL_TLS/SSLv3/SSL to **TLSv1** and save \n \n\n 4. Backup the `bfclient.conf` file\n * By default the `bfclient.conf` is under **\\bfinstall** on Windows\n * By default the `bfclient.conf` is under **/bfinstall/<platform>** on Linux and UNIX \n \n\n* Go to **Administration > Security** \n \n\n* Click **Update Master BFClient.conf \n \nNote: ** The bfclient.conf is used for Communication between Build Forge Service Layer and UI&Engine. It is also used by Build Forge API when you use the secure connection to Build Forge. \n \n\n* Stop Build Forge \n \n\n* Change the Apache `ssl.conf` config file\n\n * By default the `ssl.conf` is under **\\bfinstall\\Apache\\Conf\\ssl\\** on Windows\n * By default the `ssl.conf` is under **/bfinstall/server/apache/conf/ssl/** on Linux and UNIX \n \n\n* Update the following line for you version of Build Forge\n\n * For Build Forge 7.1.x: \nFrom: `SSLProtocol -ALL +SSLv3 +TLSv1 \n`To: `SSLProtocol -ALL +TLSv1 \n \n`\n * For Build Forge 8.0.0.x: \nFrom: `SSLProtocol -ALL +SSLv3 +TLSv1 +TLSv1.1 +TLSv1.2` \nTo: `SSLProtocol -ALL +TLSv1 +TLSv1.1 +TLSv1.2` \n \n\n* Change the Tomcat `server.conf` config\n\n * By default the `server.conf` is under **\\bfinstall\\Apache\\tomcat\\conf\\** on Windows\n * By default the `server.conf` is under **/bfinstall/server/tomcat/conf/** on Linux and UNIX \n \n\n* Find the `sslProtocol=\"SSL_TLS\"` line and change the `SSL_TLS` to **TLS** and save \n \n**Note:** If Build Forge is installed with WebSphere Application Server, this step is _not_ required \n \n\n* Start Build Forge\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2018-06-17T04:57:44", "type": "ibm", "title": "Security Bulletin: Vulnerability in SSLv3 affects Rational BuildForge (CVE-2014-3566)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2018-06-17T04:57:44", "id": "7C32536CCC3AE2FC652286763B1CD20B210BA17E5CCD8D853CF310C392518CB3", "href": "https://www.ibm.com/support/pages/node/254907", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T01:48:17", "description": "## Summary\n\nSSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack. SSLv3 is enabled in the Knowledge Center for IBM Content Navigator V2.0.3.\n\n## Vulnerability Details\n\n**CVE-ID**: [_CVE-2014-3566_](<https://vulners.com/cve/CVE-2014-3566>) \n \n**DESCRIPTION**: Product could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections. \n \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/97013_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/97013>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n\n\n## Affected Products and Versions\n\nIBM Content Navigator 2.0.0, 2.0.1, 2.0.2, and 2.0.3 \n \nIBM Content Navigator is a component that is available to customers in these products (and the products that contain them): \n \n\u00b7 IBM Content Manager \n\u00b7 IBM FileNet Content Manager \n\u00b7 IBM Content Foundation \n\u00b7 IBM Content Manager OnDemand\n\n## Remediation/Fixes\n\nFor all versions of Content Navigator, we recommend that customers not enable SSLv3 in their environments. This technote describes how to ensure it is disabled in WebSphere Application Server: [**_Security Bulletin: Vulnerability in SSLv3 affects IBM WebSphere Application Server (CVE-2014-3566)_**](<http://www-01.ibm.com/support/docview.wss?uid=swg21687173>). \n \n\n\nFor ICN 2.0.3, if you have enabled SSL on your IBM Content Navigator end user help system as per the Planning, installing and configuring IBM Content Navigator > Completing post configuration tasks documentation, [**_http://www.ibm.com/support/knowledgecenter/SSEUEX_2.0.3/com.ibm.installingeuc.doc/eucde090.htm_**](<http://www.ibm.com/support/knowledgecenter/SSEUEX_2.0.3/com.ibm.installingeuc.doc/eucde090.htm>), you will need to disable SSLv3. \n \nThe end user help system will be using SSL_TLS by default if SSL is enabled, which is both TLS and SSLv3 enabled.**_ \n_**[**_http://www.ibm.com/support/knowledgecenter/was_beta_liberty/com.ibm.websphere.wlp.nd.multiplatform.doc/ae/rwlp_ssl.html_**](<http://www.ibm.com/support/knowledgecenter/was_beta_liberty/com.ibm.websphere.wlp.nd.multiplatform.doc/ae/rwlp_ssl.html>) \n \nDisable SSLv3 by specifying sslProtocol=\"TLS\" \n \n<ssl id=\"defaultSSLConfig\" keyStoreRef=\"defaultKeyStore\" sslProtocol=\"TLS\" /> \n \nSee [**_http://www.ibm.com/support/docview.wss?uid=swg21687173_**](<http://www.ibm.com/support/docview.wss?uid=swg21687173>) for more information. \n--- \n \n## Workarounds and Mitigations\n\nIBM recommends that you review your entire environment to identify areas that enable the SSLv3 protocol and take appropriate mitigation and remediation actions. The most immediate mitigation action that can be taken is disabling SSLv3. You should verify disabling SSLv3 does not cause any compatibility issues.\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2018-06-17T12:09:09", "type": "ibm", "title": "Security Bulletin: Vulnerability in SSLv3 affects IBM Content Navigator (CVE-2014-3566)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2018-06-17T12:09:09", "id": "01762D3D37BB3ABAD72EAC79AB7F0CA81B4020CA550D2307B9B7977B86D63326", "href": "https://www.ibm.com/support/pages/node/255301", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T01:49:10", "description": "## Summary\n\nSSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack. SSLv3 is enabled in Rational Tau\n\n## Vulnerability Details\n\n**CVE-ID**: [_CVE-2014-3566_](<https://vulners.com/cve/CVE-2014-3566>) \n \n**DESCRIPTION**: Product could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections. \n \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97013> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n\n\n## Affected Products and Versions\n\n4.3, 4.3.0.1, 4.3.0.2, 4.3.0.3, 4.3.0.4, 4.3.0.5, 4.3.0.6, 4.3.0.6 Interim Fix 1\n\n## Remediation/Fixes\n\nUpgrade to [Rational Tau Interim Fix 2 for 4.3.0.6](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%2FRational&product=ibm/Rational/IBM+Rational+Tau&release=4.3.0.6&platform=All>).\n\n## Workarounds and Mitigations\n\nIBM recommends that you review your entire environment to identify areas that enable the SSLv3 protocol and take appropriate mitigation and remediation actions. The most immediate mitigation action that can be taken is disabling SSLv3. You should verify disabling SSLv3 does not cause any compatibility issues.\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2018-06-17T04:57:44", "type": "ibm", "title": "Security Bulletin: Vulnerability in SSLv3 affects Rational Tau (CVE-2014-3566)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2018-06-17T04:57:44", "id": "BFE9D544106C1541B7344450CDC8AF62BBFF45143A15E7B97523F39086B55E9A", "href": "https://www.ibm.com/support/pages/node/254917", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T01:49:04", "description": "## Summary\n\nSSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack. SSLv3 is enabled in Rational Insight.\n\n## Vulnerability Details\n\n**CVE-ID**: [_CVE-2014-3566_](<https://vulners.com/cve/CVE-2014-3566>) \n \n**Description**: Product could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections. \n \n**CVSS Base Score:** 4.3 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97013> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\n## Affected Products and Versions\n\nRational Insight 1.1, 1.1.1, 1.1.1.1, 1.1.1.2, 1.1.1.4, 1.1.1.5 and 1.1.1.6\n\n## Remediation/Fixes\n\nApply the recommended fixes to all affected versions of Rational Insight. \n \n \n \n**Rational Insight 1.1 ** \n \n\n\n * Download the [IBM Cognos Business Intelligence 10.1.1 Interim Fix 9](<http://www-01.ibm.com/support/docview.wss?uid=swg24038862>). \nReview technote [1679272: Install a Cognos Business Intelligence 10.1.1 fix package in Rational Insight 1.1](<http://www-01.ibm.com/support/docview.wss?uid=swg21679272>) for detailed instructions.\n \n[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035869>)**Rational Insight 1.1.1, 1.1.1.1 and 1.1.1.2 ** \n \n\n\n * Download the [IBM Cognos Business Intelligence 10.1.1 Interim Fix 9](<http://www-01.ibm.com/support/docview.wss?uid=swg24038862>). \nRead technote [1679281: Install a Cognos Business Intelligence 10.1.1 fix package in Rational Reporting for Development Intelligence 2.0.x and Rational Insight 1.1.1.x](<http://www-01.ibm.com/support/docview.wss?uid=swg21679281>) for the detailed instructions for patch application.\n \n**Rational Insight 1.1.1.4, 1.1.1.5 and 1.1.1.6 ** \n \n\n\n * If the Data Collection Component (DCC) or Jazz Reporting Serivce (JRS) are used, review technote [http://www.ibm.com/support/docview.wss?uid=swg21687762](<http://www-01.ibm.com/support/docview.wss?uid=swg21687762>) for additional information specific to the Jazz Team Server that may be used by DCC and/or JRS.\n\n## Workarounds and Mitigations\n\nSSL secured communication occurs between client and server, for example between a Web browser and a Web server on which the Rational Insight is installed and configured. To mitigate this issue and protect against POODLE attack, it is enough to secure either the Web browser or the server (or both). One suggestion is to secure the Web server into which DCC and/or JRS are installed and configured. \n \nSee the following links for general information on how to disable SSLv3 in Apache Tomcat and IBM WebSphere: \n\n\n * IBM WebSphere: <http://www.ibm.com/support/docview.wss?uid=swg21687173>\n * Apache Tomcat: <https://access.redhat.com/solutions/1232233>\n \nAlso reference [http://www.ibm.com/support/docview.wss?uid=swg21687762](<http://www-01.ibm.com/support/docview.wss?uid=swg21687762>) for additional information specific to the Jazz Team Server that may be used by DCC and/or JRS. \n \nIBM recommends that you review your entire environment to identify other areas that enable the SSLv3 protocol and take appropriate mitigation such as disabling SSLv3 and remediation actions. \n\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2018-06-17T04:57:41", "type": "ibm", "title": "Security Bulletin: Vulnerability in SSLv3 affects Rational Insight (CVE-2014-3566)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2018-06-17T04:57:41", "id": "94848C16029BFBFBE812A2B6CFCEE6411F037DEBD2A6C55A94A29047D7DE9759", "href": "https://www.ibm.com/support/pages/node/254269", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T01:41:47", "description": "## Summary\n\nSSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack. SSLv3 is enabled in IBM Rational ClearCase.\n\n## Vulnerability Details\n\n**CVE-ID**: [CVE-2014-3566](<https://vulners.com/cve/CVE-2014-3566>) \n \n**Description**: ClearCase could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections. \n \n**CVSS Base Score: **4.3 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97013> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\n## Affected Products and Versions\n\nThe vulnerable components are the CCRC WAN Server / CM Server, ClearCase remote client, and the integrations with OSLC providers and with ClearQuest. \n \n\n\n**ClearCase version**\n\n| \n\n**Status** \n \n---|--- \n \n8.0.1 through 8.0.1.6\n\n| \n\nAffected \n \n8.0 through 8.0.0.13\n\n| \n\nAffected \n \n7.1.2 through 7.1.2.16\n\n| \n\nAffected \n \n7.1.0.x, 7.1.1.x (all versions and fix packs)\n\n| \n\nAffected \n \n## Remediation/Fixes\n\n**CCRC WAN Server/CM Server:** \nOn your server host, apply fixes to IBM HTTP Server to disable SSLv3. \nFollow the instructions in the following bulletin: \n[Security Bulletin: Vulnerability in SSLv3 affects IBM HTTP Server (CVE-2014-3566)](<http://www.ibm.com/support/docview.wss?uid=swg21687172>). \nIf your clients connect directly to SSL-enabled ports used by the CCRC profile of WebSphere Application Server, apply WAS fixes as described in \n[Security Bulletin: Vulnerability in SSLv3 affects IBM WebSphere Application Server (CVE-2014-3566)](<http://www.ibm.com/support/docview.wss?uid=swg21687173>). \n \nDepending on your version of ClearCase, you may need extra steps to apply these fixes: \n \n\n\n7.1.0.x, 7.1.1.x, and 7.1.2.x| [Document 1390803](<http://www.ibm.com/support/docview.wss?uid=swg21390803>) explains how to update IBM HTTP Server and WebSphere Application Server for ClearCase CM Servers at release 7.1.x. Consult those instructions when applying the fix. \n---|--- \n8.0.0.x, 8.0.1.x| Apply the IBM HTTP Server and WebSphere Application Server fixes directly to your CCRC WAN server host. No ClearCase-specific steps are necessary. \n \n**Clients (CCRC and integration clients):**\n\nApply a fix pack for your appropriate release of ClearCase. These fixes disable SSLv3 in the client. \n\n \n \n\n\n**Affected Versions**\n\n| \n\n** Applying the fix** \n \n---|--- \n \n8.0.1.x\n\n| Install [Rational ClearCase Fix Pack 7 (8.0.1.7) for 8.0.1](<http://www.ibm.com/support/docview.wss?uid=swg24039409>) \n \n8.0.0.x\n\n| Install [Rational ClearCase Fix Pack 14 (8.0.0.14) for 8.0](<http://www.ibm.com/support/docview.wss?uid=swg24039407>) \n \n7.1.2.x \n7.1.1.x \n7.1.0.x\n\n| Customers on extended support contracts should install [Rational ClearCase Fix Pack 17 (7.1.2.17) for 7.1.2](<http://www.ibm.com/support/docview.wss?uid=swg24039405>) \n \nIBM recommends that you review your entire environment to identify areas that enable the SSLv3 protocol and take appropriate mitigation and remediation actions. The most immediate mitigation action that can be taken is disabling SSLv3. You should verify disabling SSLv3 does not cause any compatibility issues. \n\n## Workarounds and Mitigations\n\n**Enabling ClearCase clients to use SSLv3:** \nIf you must use SSLv3 (not recommended due to its weaknesses), you can configure your clients to permit its use. \n\n**Client**| **How to enable SSLv3** \n---|--- \nClearCase remote client (CTE, rcleartool, CMAPI) for 8.0.0.x, 8.0.1.x releases \n**Note: **7.1.x releases of CCRC have never supported SSLv3, and cannot be configured to support SSLv3.| Set Java system properties in the runtime environment. For example, to enable it in the CTE stand-alone client, add these lines to <ccase-home>/RemoteClient/ctexplorer.ini: \n-vmargs \n-Dcom.ibm.jsse2.disableSSLv3=false \n-Dcom.ibm.rational.clearcase.transport.client.protocol=SSL \nBase ClearCase/ClearQuest integration v2| Edit <ccase-home>/lib/CCCQ/config.pl to set the new configuration setting CQCC_SERVER_SSLV3 to TRUE \nOther integration clients| Set a user environment variable CCASE_ENABLE_SSLV3=1 \n \n**Enabling CCRC WAN Server/CM Server to use SSLv3:** \nTo configure your servers to allow SSLv3, follow the instructions in the WAS or IHS bulletins referenced above. \nIn addition, if your servers are configured to use a ClearCase integration such as CMI or UCM/CQ, you must set the environment variable in the WAS profile used to run the WAN server. Set the variable CCASE_ENABLE_SSLV3 to 1, following the instructions in [tech note 1254153](<http://www.ibm.com/support/docview.wss?uid=swg21254153>). \n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2018-07-10T08:34:12", "type": "ibm", "title": "Security Bulletin: Vulnerability in SSLv3 affects IBM Rational ClearCase (CVE-2014-3566)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2018-07-10T08:34:12", "id": "8566BD5ED9DDE4A30397E9B8DB1B50B3904BFF15F087A9F1B8F47F9C8E60E4FA", "href": "https://www.ibm.com/support/pages/node/253989", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T01:49:03", "description": "## Summary\n\nSSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack. SSLv3 is enabled in Rational Change.\n\n## Vulnerability Details\n\n| **Subscribe to My Notifications to be notified of important product support alerts like this.**\n\n * Follow [this link](<https://www.ibm.com/systems/support/myview/subscription/css.wss/subscriptions?methodName=startSearchToSubscribe&uctug_rational_dcfsbblurb_2013-11-05_myn_adoption_promo>) for more information (requires login with your IBM ID) \n---|--- \n \n**CVE-ID**: [_CVE-2014-3566_](<https://vulners.com/cve/CVE-2014-3566>) \n \n**Description**: Product could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections. \n \n**CVSS Base Score:** 4.3 \n**CVSS Temporal Score: **See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97013>_ _for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector: **(AV:N/AC:M/Au:N/C:P/I:N/A:N) \n\n## Affected Products and Versions\n\nRational Change: 5.2, 5.3, 5.3.1\n\n## Remediation/Fixes\n\n**Product**\n\n| **VRMF**| **APAR**| **Remediation/First Fix** \n---|---|---|--- \nRational Change| 5.2| None| Upgrade to [Rational Change Interim Fix 6 for 5.2.0.8](<http://www.ibm.com/support/docview.wss?uid=swg24038559>) and see workaround for mitigation steps. \nRational Change| 5.3| None| See workaround \nRational Change| 5.3.1| None| See workaround \n \n## Workarounds and Mitigations\n\nMitigation is to disable SSLv3 protocol following steps below. \n \n**Change 5.2:** \nOnce https is configured, add additional argument `<Set name=\"SSLProtocol\">TLS</Set>` just after the line `<Set name=\"KeyPassword\"></Set>` in `jetty\\etc\\change.xml` file. \n \n \n**Change 5.3:** \nOnce https is configured, add additional argument `<Set name=\"SSLProtocol\">TLS</Set>` just after the line `<Set name=\"KeyPassword\"></Set>` in `jetty\\etc\\jetty.xml` file. \n \n \n**Change 5.3.1:** \nOnce https is configured, add additional argument `<Set name=\"protocol\">TLS</Set>` just after the line `<Set name=\"TrustStorePassword\"></Set>` in `jetty\\etc\\jetty.xml` file. \n \nIBM recommends that you review your entire environment to identify areas that enable the SSLv3 protocol and take appropriate mitigation and remediation actions. The most immediate mitigation action that can be taken is disabling SSLv3.\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2018-06-17T04:57:40", "type": "ibm", "title": "Security Bulletin: Vulnerability in SSLv3 affects Rational Change (CVE-2014-3566)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2018-06-17T04:57:40", "id": "6EE1809EEC7F8E899D29A5D629693347DEF4BE3A98140451F3CFB1F6F3D44734", "href": "https://www.ibm.com/support/pages/node/254221", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T21:38:50", "description": "## Summary\n\nIBM Tivoli Directory Server is shipped as a component of AIX/VIOS. Information about a security vulnerability affecting IBM Tivoli Directory Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nPlease consult the security bulletin [Security Bulletin: Vulnerability in SSLv3 affects Directory Server (CVE-2014-3566)](<http://www.ibm.com/support/docview.wss?uid=swg21687611>) for vulnerability details and information about fixes.\n\n## Affected Products and Versions\n\n \n \nIBM Tivoli Directory Server 6.0, 6.1, 6.2, 6.3 \n \nIBM Security Directory Server 6.3.1\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2021-09-15T12:14:52", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM Tivoli Directory Server shipped with AIX/VIOS (CVE-2014-3566)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2021-09-15T12:14:52", "id": "CBAE0492C38AA01FC003E13DF32DD0C20AADD9BC2874AEBB77AEE27AB42027B1", "href": "https://www.ibm.com/support/pages/node/679715", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-06-28T22:12:33", "description": "## Summary\n\nSSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack. SSLv3 is enabled in the IBM Security Network Protection Local Management Interface (LMI).\n\n## Vulnerability Details\n\n \n**CVE-ID**: [_CVE-2014-3566_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566>) \n \n**DESCRIPTION**: Product could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections. \n \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/97013_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/97013>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n\n\n## Affected Products and Versions\n\n**Products: **IBM Security _Network Protection_**_ _**_(_XGS**) **models 3100, 4100, 5100, 7100 \n \n**Firmware versions**: 5.1, 5.1.1, 5.1.2, 5.1.2.1, 5.2, 5.3\n\n## Remediation/Fixes\n\nIBM has provided patches for all affected versions. Follow the installation instructions in the README files included with the patch. \n\n\n * [5.1.0.0-ISS-XGS-All-Models-Hotfix-FP0013](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/IBM+Security+Network+Protection&release=All&platform=All&function=all>) for IBM Security Network Protection products at version 5.1\n * * [5.1.1.0-ISS-XGS-All-Models-Hotfix-FP0008](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/IBM+Security+Network+Protection&release=All&platform=All&function=all>) for IBM Security Network Protection products at version 5.1.1\n * * [5.1.2.0-ISS-XGS-All-Models-Hotfix-FP0009](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/IBM+Security+Network+Protection&release=All&platform=All&function=all>) for IBM Security Network Protection products at version 5.1.2\n * * [5.1.2.1-ISS-XGS-All-Models-Hotfix-FP0005](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/IBM+Security+Network+Protection&release=All&platform=All&function=all>) for IBM Security Network Protection products at version 5.1.2.1\n * * [5.2.0.0-ISS-XGS-All-Models-Hotfix-FP0005](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/IBM+Security+Network+Protection&release=All&platform=All&function=all>) for IBM Security Network Protection products at version 5.2\n * * [5.3.0.0-ISS-XGS-All-Models-Hotfix-FP0001](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/IBM+Security+Network+Protection&release=All&platform=All&function=all>) for IBM Security Network Protection products at version 5.3\n \n \nIBM recommends that you review your entire environment to identify areas that enable the SSLv3 protocol and take appropriate mitigation and remediation actions. The most immediate mitigation action that can be taken is disabling SSLv3. You should verify disabling SSLv3 does not cause any compatibility issues. \n\n## Workarounds and Mitigations\n\nFIPS mode is not vulnerable to this exploit. FIPS mode can be enabled on the appliance only during the initial setup; it can not be enabled after the appliance has been initially configured. \n \n \n**\n\n## Get Notified about Future Security Bulletins\n\n**\n\nSubscribe to [My Notifications](<http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this. \n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Product\":{\"code\":\"SSHLHV\",\"label\":\"IBM Security Network Protection\"},\"Business Unit\":{\"code\":\"BU008\",\"label\":\"Security\"},\"Component\":\"Not Applicable\",\"Platform\":[{\"code\":\"PF009\",\"label\":\"Firmware\"}],\"Version\":\"5.1;5.1.1;5.1.2;5.2.0;5.1.2.1;5.3\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB24\",\"label\":\"Security Software\"}}]", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2018-06-16T21:20:50", "type": "ibm", "title": "Security Bulletin: Vulnerability in SSLv3 affects Network Protection (CVE-2014-3566)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2018-06-16T21:20:50", "id": "691A7F683AC2496D21C51C44AD02D677C2E591E44FCEE5B5CB44D3527127C663", "href": "https://www.ibm.com/support/pages/node/519821", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T05:49:21", "description": "## Summary\n\nSSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack. SSLv3 is enabled in IBM Rational RequisitePro.\n\n## Vulnerability Details\n\n| **Subscribe to My Notifications to be notified of important product support alerts like this.**\n\n * Follow [this link](<https://www.ibm.com/systems/support/myview/subscription/css.wss/subscriptions?methodName=startSearchToSubscribe&uctug_rational_dcfsbblurb_2013-11-05_myn_adoption_promo>) for more information (requires login with your IBM ID) \n---|--- \n \n**CVE-ID**: [CVE-2014-3566](<https://vulners.com/cve/CVE-2014-3566>) \n \n**Description**: ReqPro could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections. \n \n**CVSS Base Score:** 4.3 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97013> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n\n## Affected Products and Versions\n\nThe RequisiteWeb Server of all versions of IBM Rational RequisitePro are affected. \n \nThe LDAP authentication may be affected if it is using SSLv3 to connect to the LDAP Server\n\n## Remediation/Fixes\n\nOn your RequisiteWeb Server host, configure the IBM HTTP Server to disable SSLv3. \n \nFollow the instructions in the following bulletin: \n[Security Bulletin: Vulnerability in SSLv3 affects IBM HTTP Server (CVE-2014-3566)](<http://www.ibm.com/support/docview.wss?uid=swg21687172>) \n \nIf you connect directly to SSL-enabled ports served by a WebSphere Server, follow the instructions in the following bulletin to mitigate the problem on your WebSphere server: \n[Security Bulletin: Vulnerability in SSLv3 affects IBM WebSphere Application Server (CVE-2014-3566)](<http://www.ibm.com/support/docview.wss?uid=swg21687173>) \n \nIf you use integrations with IBM Rational ClearQuest, follow the instructions in the following bulletin for your ClearQuest servers and clients: \n[Security Bulletin: Vulnerability in SSLv3 affects IBM Rational ClearQuest (CVE-2014-3566)](<http://www-01.ibm.com/support/docview.wss?uid=swg21687405>) \n \nFor LDAP authentication, ReqPro uses the RPSetup LDAP client library and GSKit to make the secure connection with LDAP server. We have enabled the FIPS mode (which disables SSLv3) by default in the fix packs mentioned below. \n\nThis may require some configuration changes on the LDAP server to disable SSLv3 and use other security protocols. \n\nSecure LDAP authentication for your users will fail after you apply the fix pack if your LDAP server is configured to use SSLv3 only, \n\nReqPro can be reverted to the original behavior, allowing LDAP SSLv3 connections, by setting a diagnostic behavior flag. Contact IBM Rational Customer Support for assistance setting this behavior flag, and reference this bulletin.\n\n**Affected Versions**\n\n| \n\n** Workaround/Mitigation** \n \n---|--- \n \n7.1.4.x\n\n| Install [Rational RequisitePro Fix Pack 6 (7.1.4.6) for 7.1.4](<http://www.ibm.com/support/docview.wss?uid=swg24038941>) \nAn alternative mitigation is to configure LDAP server to disable SSLv3. \nContact your LDAP administrator for assistance. \n \n7.1.3.x\n\n| Install [Rational RequisitePro Fix Pack 13 (7.1.3.13) for 7.1.3](<http://www.ibm.com/support/docview.wss?uid=swg24038940>) \nAn alternative mitigation is to configure LDAP server to disable SSLv3. \nContact your LDAP administrator for assistance. \n \n7.1.2.x\n\n| Install [Rational RequisitePro Fix Pack 16 (7.1.2.16) for 7.1.2](<http://www.ibm.com/support/docview.wss?uid=swg24038939>) \nAn alternative mitigation is to configure LDAP server to disable SSLv3. \nContact your LDAP administrator for assistance. \n \n7.1.1.x\n\n| Install [Rational RequisitePro Fix Pack 16 (7.1.2.16) for 7.1.2](<http://www.ibm.com/support/docview.wss?uid=swg24038939>) \nAn alternative mitigation is to configure LDAP server to disable SSLv3. \nContact your LDAP administrator for assistance. \n \nIBM recommends that you review your entire environment to identify areas that enable the SSLv3 protocol and take appropriate mitigation and remediation actions. The most immediate mitigation action that can be taken is disabling SSLv3. You should verify disabling SSLv3 does not cause any compatibility issues. \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2018-06-17T04:59:01", "type": "ibm", "title": "Security Bulletin: Vulnerability in SSLv3 affects IBM Rational RequisitePro (CVE-2014-3566)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2018-06-17T04:59:01", "id": "47EA320BD697B3B3A010CEFFA26D721AAEFB370CE3B13E7AFAD938F617DCA5F0", "href": "https://www.ibm.com/support/pages/node/521505", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T21:42:53", "description": "## Summary\n\nSSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack. SSLv3 is enabled in IBM i.\n\n## Vulnerability Details\n\n**CVE-ID**: [_CVE-2014-3566_](<https://vulners.com/cve/CVE-2014-3566>) \n \n**DESCRIPTION**: Product could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections. \n \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/97013_](<http://xforce.iss.net/xforce/xfdb/97013>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\n## Affected Products and Versions\n\nReleases V4R1, V4R2, V4R3, V4R4, V5R1, V5R2, V5R3, V5R4, 6.1, 7.1 and 7.2 of IBM i are affected. \n\n## Remediation/Fixes\n\nThe issue can be fixed by applying PTF\u2019s to IBM i and following the remediation plan below. \nNote: Please read this entire section for the list PTF numbers for IBM i: \nNote: 07/22/15 There has been an update this document to include PTF's to disable SSLv3 from the default list \n \nReleases 6.1, 7.1 and 7.2 of IBM i are supported and will be fixed. Releases V4R1, V4R2, V4R3, V4R4, V5R1, V5R2, V5R3 and V5R4 are unsupported and will not be fixed. \n \nThe IBM i PTF numbers are: \n \n**_IBM i OS and options:_**\n\n**Release 6.1 \u2013 **MF59350, MF59361, SI55239, SI55387, SI57357, MF60331** ****Release 6.1.1** **\u2013** MF59349, MF59362, SI55239, SI55387, SI57357, MF60338\n\n \n**Release 7.1 \u2013 ** SI55204, SI55389, SI57332, MF60335 \n**Release 7.2 \u2013 **SI55392, SI57320, MF60333, MF60334 \n \n**_IBM i V5R4 options:_** \n \n**R540 \u2013 **MF59387 \n**R545 \u2013 **MF59378 \n \nTo change the System SSL settings with the Start System Service Tools (STRSST) command, follow these steps: \n1\\. Open a character-based interface. \n2\\. On the command line, type STRSST. \n3\\. Type your service tools user name and password. \n4\\. Select option 1 (Start a service tool). \n5\\. Select option 4 (Display/Alter/Dump). \n6\\. Select option 1 (Display/Alter storage). \n7\\. Select option 2 (Licensed Internal Code (LIC) data). \n8\\. Select option 14 (Advanced analysis). \n9\\. Select option 1 (SSLCONFIG). \n10\\. Enter -h \nThis will show the help screen that describes the input strings. To disable SSLv3 enter -disableSSLv3 \n \n \n**_IBM i Java:_** \n \nJava for IBM i: 5760-JV1 & 5770-JV1 \nIn order to mitigate this vulnerability, the SSL V3.0 protocol must not be enabled. The IBM SDK has been updated to disable SSL V3.0 automatically. These fixes implement a significant change in default behavior that will cause failures in any applications that rely exclusively on SSL V3.0. \n \nFor details on Java for IBM i, see the details on the Java for IBM i page on developerWorks: \n[_http://www.ibm.com/developerworks/ibmi/techupdates/java_](<http://www.ibm.com/developerworks/ibmi/techupdates/java>) \n \nFor the general Java considerations and details, please see this documentation: \n[_http://www-01.ibm.com/support/docview.wss?uid=swg21688165_](<http://www-01.ibm.com/support/docview.wss?uid=swg21688165>) \n \nThe IBM i Group PTF numbers for Java are: \n**Release 6.1 \u2013 SF99562 level 30** \n**Release 7.1 \u2013 SF99572 level 19** \n**Release 7.2 \u2013 SF99716 level 4** \n \n \n**_IBM HTTP server for i:_** \n \n5770DG1 \n \n**Release 7.1 \u2013 SI55156** \n \nOn IBM i 7.1, HTTP Server PTF **SI55156 **has been created and approved. SSLProtocolDisable and SSLProxyProtocolDisable directives are now supported on i 7.1. \n \nPlease refer to the following technote for detailed information: [_http://www-01.ibm.com/support/docview.wss?uid=nas8N1020384_](<http://www-01.ibm.com/support/docview.wss?uid=nas8N1020384>) \n \n \n**_Lotus Products:_** \n \nDomino: \nPlease refer to the following technote for detailed information: [_http://www-01.ibm.com/support/docview.wss?uid=swg21687167_](<http://www-01.ibm.com/support/docview.wss?uid=swg21687167>) \n \nTraveler: \nPlease refer to the following technote for detailed information: [_http://www-01.ibm.com/support/docview.wss?uid=swg21688179_](<http://www-01.ibm.com/support/docview.wss?uid=swg21688179>) \n \nSametime: \nPlease refer to the following security bulletin for detailed information: [_http://www-01.ibm.com/support/docview.wss?uid=swg21687845_](<http://www-01.ibm.com/support/docview.wss?uid=swg21687845>) \n \n \n**_IBM i Access Client Solutions_**** \u2013 5733XJ1** \n**_IBM i Access for Windows_**** \u2013 5770XE1** \n \nIBM i Access Client Solutions 5733XJ1 \n\uf0b7 Fixes are provided by client side Service Packs via ESS \n\uf0b7 The base Java package is not vulnerable. \n\uf0b7 The \"Windows Application Package\" can be mitigated via command-line. See step 4 below. \n\uf0b7 The \"Linux Application Package\" does not support SSL and therefore is not impacted. \n \nIBM i Access for Windows 5770XE1 \n\uf0b7 **SI53809** will provide mitigation for the 5250 emulator. \n\uf0b7 Follow step 4 below using the command-line to mitigate the the non-emulator parts of the product. \n \nSystem i Navigator is enabled for TLS 1.0, but will still allow fallback to SSLv3. \nNote: It should be noted that these are client based products that run on the PC. As such, if the appropriate updates & changes are followed on the server to disable SSLv3, any portion of the client product which supports falling back to SSLv3 will be disabled by the server side change. \n \nFor 5770XE1 7.1 IBM i Access for Windows, apply **SI53809** and follow the steps below to set **GSK_PROTOCOL_SSLV3=OFF** \n \nFor 5733XJ1 IBM i Access Client Solutions - Windows Application Package, no additional Service Pack required. Follow the steps below to set **GSK_PROTOCOL_SSLV3=OFF** \n \nDescription: \n**set GSK_PROTOCOL_SSLV3=OFF** \nSteps: \nStart -> Run ... -> C:\\Windows\\System32\\systempropertiesadvanced.exe [enter] \nAdvanced tab -> Environment Variables... \nUnder \"System variables\" click to New... \nVariable name: **GSK_PROTOCOL_SSLV3** \nVariable value: **OFF** \nOK -> OK -> OK \nLog out and log back in for the setting to take effect. \n \n \n \n**Remediation for IBM i:** \n \nThere are at least four different SSL implementations used on IBM i. \n \n\\- IBM i System SSL \n\\- OpenSSL in PASE \n\\- IBMJSSE2 \u2013 The default Java JSSE implementation \n\\- Domino \u2013 contains an embedded SSL implementation. Also uses System SSL in some configurations. \n\\- Other \u2013 Any 3rd party application could include an internal SSL implementation \n \n**_IBM i System SSL_**\n\nIBM i System SSL is a set of generic services provided in the IBM i Licensed Internal Code (LIC) to protect TCP/IP communications using the SSL/TLS protocol. \n\nSystem SSL is accessible to application developers from the following programming interfaces and JSSE implementation:\n\n\uf0b7 Global Security Kit (GSKit) APIs \n\n \n\uf0b7 Integrated IBM i SSL_ APIs \n\uf0b7 Integrated IBM i JSSE implementation (IBMi5OSJSSEProvider) \n \n \n\n\nSSL applications created by IBM, IBM business partners, independent software vendors (ISV), or customers that use one of the three System SSL interfaces listed above will use System SSL. For example, FTP and Telnet are IBM applications that use System SSL. Not all SSL enabled applications running on IBM i use System SSL.\n\nThe application developer determines which SSL/TLS protocol versions are supported by the application when it is designed. \n\n \n\uf0b7 Some applications expose the protocol configuration to the end user. For those applications SSLv3 can be disabled through that application specific configuration. \n\uf0b7 Many applications do not provide a configuration option for controlling the protocol. It is difficult to determine if these applications support SSLv3. \n\uf0b7 Many applications use the System SSL default protocols such as FTP and Telnet. \n \nAfter loading the System SSL fixes listed in this bulletin, applications coded to use the default values will no longer negotiate the use of RC4 cipher suites with peers. \nIf RC4 support is required by peers of such an application after this PTF is applied, the values can be added back to the System SSL eligible default cipher suite list using System Service Tools (SST) Advanced Analysis Command SSLCONFIG. To change the System SSL settings with the Start System Service Tools (STRSST) \ncommand, follow these steps: \n \n1\\. Open a character based interface. \n2\\. On the command line, type STRSST. \n3\\. Type your service tools user name and password. \n4\\. Select option 1 (Start a service tool). \n5\\. Select option 4 (Display/Alter/Dump). \n6\\. Select option 1 (Display/Alter storage). \n7\\. Select option 2 (Licensed Internal Code (LIC) data). \n8\\. Select option 14 (Advanced analysis). \n9\\. Select option 1 (SSLCONFIG). \n10\\. Enter -h \n \nThis will show the help screen that describes the input strings to change the new System SSL setting for \u2013eligibleDefaultCipherSuites. \n \nSystem SSL\u2019s support of SSLv3 can be completely disabled at the system level using the system value QSSLPCL. In this case, SSLv3 is disabled for all applications including those with user configuration available for protocols. \n \n**How to determine the SSL protocol and cipher suite used for each System SSL connection to the IBM i: ** \n<http://www-01.ibm.com/support/docview.wss?uid=nas8N1020594> \n \n \n**How to change the QSSLPCL system value:**\n\nFrom a 5250 command line: \n\n**WRKSYSVAL SYSVAL(QSSLPCL)**\n\n\uf0b7 Enter 5 to display **QSSLPCL:** This will display one of two things: \n\n \n\uf0b7 *OPSYS: Which indicates the default protocols for the OS release are supported. \n\uf0b7 A manually defined list of the SSL protocols currently supported by the system \n\uf0b7 Enter 2 to edit **QSSLPCL:** *OPSYS is the default value. To add or remove an SSL protocol, the *OPSYS value must be removed and replaced with a complete list of all the SSL protocols you want to support. The protocols available vary by release. \n\n**Note: **If an error is reported when attempting to modify the protocol list indicating that the QSSLCSL system value must be updated first, it means that one or more cipher specifications are present that can not be supported by new value for QSSLPCL. They either need to be removed manually or QSSLCSLCTL set to *OPSYS, so the system can remove them for you. After QSSLPCL is changed you can set QSSLCSLCTL back to *USRDFN and then change QSSLCSL as needed for your security policies. \n\n \n \nShort cut commands to disable SSLv3 equivalent to the above steps: \n**CHGSYSVAL SYSVAL(QSSLCSLCTL) VALUE(*OPSYS) \nCHGSYSVAL SYSVAL(QSSLPCL) VALUE('*TLSV1')** \n \n \n**QSSLPCL Considerations by release:**\n\n_R720_\n\nQSSLPCL value of *OPSYS means *TLSV1.2 *TLSV1.1 *TLSV1. *SSLV3 is disabled for System SSL by default. \n\n \n\n\n_R710_\n\nQSSLPCL value of *OPSYS means *TLSV1 *SSLV3. *SSLV3 is enabled for System SSL by default.\n\nIf 7.1 TR6 or later is installed there are two additional protocol versions available to optionally add in addition to *TLSV1, they are *TLSV1.2 *TLSV1.1. \n\n_R611 / R610 _\n\nQSSLPCL value of *OPSYS means *TLSV1 *SSLV3. *SSLV3 is enabled for System SSL by default. \n\nThe only protocol available other than *SSLV3 is *TLSV1.\n\n**Application configuration through Digital Certificate Manager (DCM) **\n\n7.1 TR6 and 7.2 have DCM options for controlling the protocol used for specific applications such as Telnet and FTP. Applications with a DCM application definition can use the DCM Update Application Definition panel to configure which protocols are supported by the application. If the DCM value includes a protocol disabled by QSSLPCL, that protocol value will silently be discarded by System SSL.\n\nFor HTTP Apache, the protocol version cannot be controlled by the DCM application ID. HTTP Apache is limited to what QSSLPCL allows. Refer to the HTTP Apache instructions for additional configuration options. \n\n \n**Potential Issues** \n \nSome customers find that one or more peer systems they communicate with only support or otherwise require SSLv3. Connections with those peer systems will no longer work after disabling SSLv3. For business critical connections that must continue to happen, SSLv3 will have to remain enabled until that peer can upgrade to support TLSv1.0. In those cases the administrator can disable SSLv3 on an application by application basis where protocol configuration exists. \n \n**How to determine in advance if SSLv3 is being negotiated by System SSL ** \n \nThe System Service Tools advanced analysis SSLCONFIG command can be used to turn on System SSL protocol version counters. The counters will indicate if SSLv3 is actively being negotiated by System SSL. This information does not provide guidance as to which application(s) is the one using SSLv3. \n\nTo use the SSL configuration IBM-supplied macro support, follow these steps:\n\n \n \n \n\n\n1\\. Access System Service Tools by using SST by typing **STRSST**.\n\n \n2\\. Take an opt. 1 - Start a service tool. \n3\\. Take an opt. 4 - Display/Alter/Dump. \n4\\. Take an opt. 1 - Display/Alter storage. \n5\\. Take an opt. 2 - Licensed Internal Code (LIC) data. \n6\\. Take an opt. 14 - Advanced analysis. (You must page down to see this option.) \n7\\. Page down until you find the SSLCONFIG option. Then, place a 1 (Select) next to the option and press Enter. You are now on the Specify Advanced Analysis Options window. The command shows as SSLCONFIG. \n8\\. Enter '-h' without the quotation marks and press Enter to display the available options. \n9\\. To start tracking the connections issue the following option: \n\n \n-sslConnectionCounts:enable \n10\\. The system will now count which protocol is used for active connections. We can use the following option to display the results: \n\n \n-sslConnectionCounts:display \n11\\. To disable the counting issue the following option: \n\n \n-sslConnectionCounts:disable \n12\\. To reset the count issue the following option: \n\n \n-sslConnectionCounts:reset \n\n\n \n**IBMJSSE2** \n \nThis is the default JSSE implementation used in all supported JDK versions. \n \nSee the IBM SDK documentation: \n \n[_http://www-01.ibm.com/support/docview.wss?uid=swg21688165_](<http://www-01.ibm.com/support/docview.wss?uid=swg21688165>) \n \nNote: The System SSL based JSSE implantation IBMi5OSJSSEProvider does not provide or support the SSLv3 mitigations described for IBM SDK. Use QSSLPCL and/or Application ID configuration if using IBMi5OSJSSEProvider. However, you can use the TLSv1 Protocol Label directly in the Java code to not use SSLv3. \n \n \nIBM recommends that you review your entire environment to identify areas that enable the SSLv3 protocol and take appropriate mitigation and remediation actions. The most immediate mitigation action that can be taken is disabling SSLv3. You should verify disabling SSLv3 does not cause any compatibility issues. \n \n**_Important note: _**_IBM recommends that all users running unsupported versions of affected products upgrade to supported and fixed version of affected products._\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2019-12-18T14:26:38", "type": "ibm", "title": "Security Bulletin: Vulnerability in SSLv3 affects IBM i (CVE-2014-3566)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2019-12-18T14:26:38", "id": "07A7B6460487838EA6D909CF7053D5F8655D2911E06DDDDB16F801ECCC972111", "href": "https://www.ibm.com/support/pages/node/645901", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T05:43:31", "description": "## Summary\n\nSSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack. SSLv3 is enabled in IBM uBuild.\n\n## Vulnerability Details\n\n| **Subscribe to My Notifications to be notified of important product support alerts like this.**\n\n * Follow [this link](<https://www.ibm.com/systems/support/myview/subscription/css.wss/subscriptions?methodName=startSearchToSubscribe&uctug_rational_dcfsbblurb_2013-11-05_myn_adoption_promo>) for more information (requires login with your IBM ID) \n---|--- \n \n \n**CVE-ID:** [CVE-2014-3566](<https://vulners.com/cve/CVE-2014-3566>) \n \n**Description:** Product could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections. \n \n**CVSS Base Score: **4.3 \n**CVSS Temporal Score**: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97013> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector: **(AV:N/AC:M/Au:N/C:P/I:N/A:N) \n\n## Affected Products and Versions\n\nIBM uBuild 5.0, 5.0.1, 5.0.1.1, 5.0.1.2, and 5.0.1.3 on all supported platforms.\n\n## Remediation/Fixes\n\nUpgrade to [IBM uBuild Fix Pack 4 (5.0.1.4) for 5.0.1](<http://www.ibm.com/support/docview.wss?uid=swg24038891>) as SSLv3 is automatically disabled: \n \n**Note**: Old agents may not be able to connect to IBM uBuild when SSLv3 has not been disabled on the agent. To disable SSLv3, upgrade all old agents to the latest version. There are also known issues with older plugins that connect back to the server to upload source changes, issues, reports, etc. when using the IBM JDK/JRE. To avoid any potential issues, upgrade all plugins in your server to the latest version available on our [plugins page](<https://developer.ibm.com/urbancode/plugins/ibm-urbancode-build/>).\n\n## Workarounds and Mitigations\n\n**Note**: This mitigation is intended for the servers in \"Affected Products and Versions\" only. It should not be applied on later releases. Additionally, IBM uBuild Agents with a version earlier than 5.0.0-584477 may be unable to connect after applying this change. It is highly recommended to address this issue by upgrading the IBM uBuild server to 5.0.1.4 and then upgrading all agents. \n \nMitigating POODLE attacks on HTTP communication (by default, communication on port 8443) \n\n 1. Open the file `<server_install_dir>/opt/tomcat/conf/server.xml` in a text editor \n \n\n 2. Find the XML element that begins with `<Connector port=\"${install.server.web.https.port}\" \n \n`\n 3. Update the following attributes within this XML element. \n \nDo not add any extra characters or whitespace. If the attribute does not exist, then create it. \n \n`sslProtocol=\"TLS\" \nsslEnabledProtocols=\"TLSv1,TLSv1.1,TLSv1.2\"`\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2018-06-17T22:31:56", "type": "ibm", "title": "Security Bulletin: Vulnerability in SSLv3 affects IBM uBuild (CVE-2014-3566)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2018-06-17T22:31:56", "id": "159D15015A041EA5EFA6FE85663F44A48D3FD8F7BFC0631512B9DEB34EB3436A", "href": "https://www.ibm.com/support/pages/node/519841", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-13T05:38:25", "description": "## Summary\n\nSSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack. SSLv3 is enabled in TS3310.\n\n## Vulnerability Details\n\n**CVE-ID**: [_CVE-2014-3566_](<https://vulners.com/cve/CVE-2014-3566>) \n \n**DESCRIPTION**: Product could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections. \n \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/97013_](<http://xforce.iss.net/xforce/xfdb/97013>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\n## Affected Products and Versions\n\nFirmware versions below 644G.\n\n## Remediation/Fixes\n\nApply firmware version 644G or later, available from IBM Fix Central \n[_http://www-933.ibm.com/support/fixcentral/_](<http://www-933.ibm.com/support/fixcentral/>). This fix removes SSL 3.0 support.\n\n## Workarounds and Mitigations\n\nDisable SSL 3.0 on any web browsers that are used to access the web user interface of the tape library. \n \nIBM recommends that you review your entire environment to identify areas that enable the SSLv3 protocol and take appropriate mitigation and remediation actions. The most immediate mitigation action that can be taken is disabling SSLv3. You should verify disabling SSLv3 does not cause any compatibility issues.\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2018-06-18T00:08:53", "type": "ibm", "title": "Security Bulletin: Vulnerability in SSLv3 affects TS3310 (CVE-2014-3566)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2018-06-18T00:08:53", "id": "A7D9F0241BE2D9397AAE8F1DD88653C257DBC2B8DC7B78A8F90BC6A60F559255", "href": "https://www.ibm.com/support/pages/node/690089", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T01:55:06", "description": "## Summary\n\nSSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack. SSLv3 is enabled in IBM Workload Deployer.\n\n## Vulnerability Details\n\n \n**CVEID: **[CVE-2014-3566](<https://vulners.com/cve/CVE-2014-3566>) \n \n**DESCRIPTION: ** \nProduct could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections. \n \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [](<https://exchange.xforce.ibmcloud.com/vulnerabilities/97013>) <https://exchange.xforce.ibmcloud.com/vulnerabilities/97013> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\n## Affected Products and Versions\n\nIBM Workload Deployer version 3.1 and later\n\n## Remediation/Fixes\n\nThe solution is to apply the IBM Workload Deployer Interim Fix 8. \n \nUpgrade the IBM Workload Deployer to the following fix level: \n \n\n\n_Product_\n\n| \n\n_VRMF_\n\n| \n\n_Remediation/First Fix_ \n \n---|---|--- \nIBM Workload Deployer System| Release V3.1.0.7| IWD 3.1.0.7 Interim Fix 8 \n \n_[http://www-933.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/WebSphere/IBM+Workload+Deployer&release=3.1.0.7&platform=All&function=fixId&fixids=3.1.0.7-ifix8-IBM_Workload_Deployer&includeSupersedes=0](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/WebSphere/IBM+Workload+Deployer&release=3.1.0.7&platform=All&function=fixId&fixids=3.1.0.7-ifix8-IBM_Workload_Deployer&includeSupersedes=0>)_ \nIBM recommends that you review your entire environment to identify areas that enable the SSLv3 protocol and take appropriate mitigation and remediation actions. The most immediate mitigation action that can be taken is disabling SSLv3. You should verify disabling SSLv3 does not cause any compatibility issues. \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2018-06-15T07:02:45", "type": "ibm", "title": "Security Bulletin: Vulnerability in SSLv3 affects IBM Workload Deployer (CVE-2014-3566)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2018-06-15T07:02:45", "id": "286F906018056591F4A9027FC1AD845C489369D42499BEA30D89978EDA680EBE", "href": "https://www.ibm.com/support/pages/node/259263", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T01:40:21", "description": "## Summary\n\nSSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack. SSLv3 is enabled in IBM Rational ClearQuest.\n\n## Vulnerability Details\n\n| **Subscribe to My Notifications to be notified of important product support alerts like this.**\n\n * Follow [this link](<https://www.ibm.com/systems/support/myview/subscription/css.wss/subscriptions?methodName=startSearchToSubscribe&uctug_rational_dcfsbblurb_2013-11-05_myn_adoption_promo>) for more information (requires login with your IBM ID) \n---|--- \n \n**CVE-ID**: [CVE-2014-3566](<https://vulners.com/cve/CVE-2014-3566>) \n \n**Description**: ClearQuest could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections. \n \n**CVSS Base Score:** 4.3 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97013>_ _for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n\n## Affected Products and Versions\n\nThe ClearQuest Web Server / CM Server of all versions of IBM Rational ClearQuest are affected. \n \nThe LDAP authentication may be affected if it is using SSLv3 to connect to the LDAP Server.\n\n## Remediation/Fixes\n\nNone\n\n## Workarounds and Mitigations\n\nOn your CQ Web Server/CM Server host, configure the IBM HTTP Server to disable SSLv3. \nFollow the instructions in the following bulletin: \n[Security Bulletin: Vulnerability in SSLv3 affects IBM HTTP Server (CVE-2014-3566)](<http://www.ibm.com/support/docview.wss?uid=swg21687172>) \n \nIf you connect directly to SSL-enabled ports served by a WebSphere Server, follow the instructions in the following bulletin to mitigate the problem on your WebSphere server: \n[Security Bulletin: Vulnerability in SSLv3 affects IBM WebSphere Application Server (CVE-2014-3566)](<http://www.ibm.com/support/docview.wss?uid=swg21687173>) \n \nIf you use OSLC integrations with Rational Team Concert, follow the instructions in the following bulletin to mitigate your RTC server: \n[Security Bulletin: Vulnerability in SSLv3 affects multiple IBM Rational products based on IBM Jazz technology (CVE-2014-3566)](<http://www.ibm.com/support/docview.wss?uid=swg21687762>) \n \nIf you use integrations with IBM Rational ClearCase, follow the instructions in the following bulletin for your ClearCase servers and clients: \n[Security Bulletin: Vulnerability in SSLv3 affects IBM Rational ClearCase (CVE-2014-3566)](<http://www.ibm.com/support/docview.wss?uid=swg21687347>) \n \n \nFor LDAP authentication, CQ uses Tivoli LDAP client library and GSKit to make the secure connection with LDAP Server. We have enabled the FIPS mode (which disables SSLv3) by default in the fix packs mentioned below. \n\nThis may require some configuration changes on the LDAP server to disable SSLv3 and use other security protocols. \n\nSecure LDAP authentication for your users will fail after you apply the fix pack if your LDAP server is configured to use SSLv3 only, \n\nCQ can be reverted to the original behavior, allowing LDAP SSLv3 connections, by setting a diagnostic behavior flag. Contact IBM Rational Customer Support for assistance setting this behavior flag, and reference this bulletin.\n\n**Affected Versions**\n\n| \n\n** Workaround/Mitigation** \n \n---|--- \n \n8.0.1.x\n\n| Install [Rational ClearQuest Fix Pack 6 (8.0.1.6)](<http://www.ibm.com/support/docview.wss?uid=swg24038912>) \n \n**Note**: ClearQuest has supported TLS1.2 since version 8.0.1.1. Review technote [1646724: Configuring IBM Rational ClearQuest with LDAP user authentication for TLS 1.2 or TLS 1.1 to support NIST SP 800-131A guideline](<http://www.ibm.com/support/docview.wss?uid=swg21646724>)s for configuration details. \n \n8.0.0.x\n\n| Install [Rational ClearQuest Fix Pack 13 (8.0.0.13)](<http://www.ibm.com/support/docview.wss?uid=swg24038915>) \n \nAn alternative mitigation is to configure LDAP server to disable SSLv3. \nContact your LDAP administrator for assistance. \n \n7.1.2.x\n\n| Customers with extended support contracts should install [Rational ClearCase Fix Pack 16 (7.1.2.16)](<http://www.ibm.com/support/docview.wss?uid=swg24038914>)\n\nAn alternative mitigation is to configure LDAP server to disable SSLv3. \nContact your LDAP administrator for assistance. \n \n \nIBM recommends that you review your entire environment to identify areas that enable the SSLv3 protocol and take appropriate mitigation and remediation actions. The most immediate mitigation action that can be taken is disabling SSLv3. You should verify disabling SSLv3 does not cause any compatibility issues. \n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2018-09-29T18:04:03", "type": "ibm", "title": "Security Bulletin: Vulnerability in SSLv3 affects IBM Rational ClearQuest (CVE-2014-3566)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2018-09-29T18:04:03", "id": "E6339192F4D5A34C5450757F6F89CD12C85BA22B7375FD57D5B1C48F67C117CC", "href": "https://www.ibm.com/support/pages/node/254035", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T05:48:03", "description": "## Summary\n\nSSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack. SSLv3 is enabled in IBM CommonStore for Lotus Domino and IBM Content Collector.\n\n## Vulnerability Details\n\n**CVE-ID**: [_CVE-2014-3566_](<https://vulners.com/cve/CVE-2014-3566>) \n \n**DESCRIPTION**: Product could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections. \n \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/97013_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/97013>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\n## Affected Products and Versions\n\nIBM CommonStore for Lotus Domino 8.4 \nIBM Content Collector 2.1 - 4.0\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _Remediation/First Fix_ \n---|---|--- \nIBM CommonStore for Lotus Domino| 8.4.0.0| Contact IBM Software Support for further assistance \nIBM Content Collector | 2.1.0.0 - 2.1.1.4| Contact IBM Software Support for further assistance \nIBM Content Collector| 2.2.0.0 - 2.2.0.5| Apply Fix Pack 2.2.0.6-ICC-FP006 and Interim Fix 2.2.0.5-IBM-ICC-NotesClient-IF001, available from Fix Central \nIBM Content Collector| 3.0.0.0 - 3.0.0.5| Apply Fix Pack 3.0.0.6-ICC-FP006 and Interim Fix 3.0.0.5-IBM-ICC-NotesClient-IF001, available from Fix Central \nIBM Content Collector | 4.0.0.0 - 4.0.0.2| Apply Fix Pack 4.0.0.3-ICC-FP003, available from Fix Central \n \nIBM recommends that you review your entire environment to identify areas that enable the SSLv3 protocol and take appropriate mitigation and remediation actions. The most immediate mitigation action that can be taken is disabling SSLv3. You should verify disabling SSLv3 does not cause any compatibility issues. \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2018-06-17T12:09:39", "type": "ibm", "title": "Security Bulletin: Vulnerability in SSLv3 affects IBM CommonStore and IBM Content Collector (CVE-2014-3566)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2018-06-17T12:09:39", "id": "EC7DD37D5F4B9A5D139BAD89ACB67C9048FD7B2CAF35F5F63861CE6E55EADBAB", "href": "https://www.ibm.com/support/pages/node/521683", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T21:48:50", "description": "## Summary\n\nSSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack. SSLv3 is enabled in IBM SmartCloud Entry.\n\n## Vulnerability Details\n\nCVE-ID: CVE-2014-3566 \n \nDESCRIPTION: Product could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections. \n \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/97013> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\n## Affected Products and Versions\n\nIBM Cloud Manager with OpenStack 4.1 through 4.1.0.3 \nIBM Cloud Manager with OpenStack 4.2.0 through 4.2.0.2\n\n## Remediation/Fixes\n\nThe below interim fix contains security updates to IBM Cloud Manager with OpenStack to address the present security advisory. These fixes affect the self service portal and the OpenStack dashboard. \n \n\n\nProduct| VRMF| APAR| Remediation/First Fix \n---|---|---|--- \nIBM Cloud Manager with OpenStack| 4.1.0| None| IBM Cloud Manager with OpenStack 4.1 Fix Pack 3 Interim Fix 1: \n[http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware&product=ibm/Other+software/Cloud+Manager+with+Openstack&release=4.1.0.3&platform=All&function=fixId&fixids=+4.1.0.3-IBM-CMWO-IF001+&includeSupersedes=0](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware&product=ibm/Other+software/Cloud+Manager+with+Openstack&release=4.1.0.3&platform=All&function=fixId&fixids=+4.1.0.3-IBM-CMWO-IF001+&includeSupersedes=0>) \nIBM Cloud Manager with OpenStack| 4.2.0| None| IBM Cloud Manager with OpenStack 4.2 Fix Pack 3: \n[http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware&product=ibm/Other+software/Cloud+Manager+with+Openstack&release=4.2.0&platform=All&function=fixId&fixids=+4.2.0.3-IBM-CMWO-FP03+&includeSupersedes=0](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware&product=ibm/Other+software/Cloud+Manager+with+Openstack&release=4.2.0&platform=All&function=fixId&fixids=+4.2.0.3-IBM-CMWO-FP03+&includeSupersedes=0>) \n \nFor remediation of Chef server (nginx), please refer to <https://www.getchef.com/blog/2014/10/14/security-response-ssl-poodle-attack-and-mitigation/> \n \nIBM recommends that you review your entire environment to identify areas that enable the SSLv3 protocol and take appropriate mitigation and remediation actions. The most immediate mitigation action that can be taken is disabling SSLv3. You should verify disabling SSLv3 does not cause any compatibility issues. \n\n## Workarounds and Mitigations\n\nOnly Chef server (nginx) has workarounds, please check the Chef blog mentioned above.\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2018-08-08T04:13:55", "type": "ibm", "title": "Security Bulletin: Vulnerability in SSLv3 affects IBM Cloud Manager with OpenStack (CVE-2014-3566)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2018-08-08T04:13:55", "id": "7DB6C62E3DC8D14093067BD5875A863A8CE74E7D3D322F6342A9C74138ECF9B1", "href": "https://www.ibm.com/support/pages/node/679895", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T01:44:43", "description": "## Summary\n\nSSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack. SSLv3 is enabled in IBM UrbanCode Release.\n\n## Vulnerability Details\n\n| **Subscribe to My Notifications to be notified of important product support alerts like this.**\n\n * Follow [this link](<https://www.ibm.com/systems/support/myview/subscription/css.wss/subscriptions?methodName=startSearchToSubscribe&uctug_rational_dcfsbblurb_2013-11-05_myn_adoption_promo>) for more information (requires login with your IBM ID) \n---|--- \n \n \n**CVE-ID:** [CVE-2014-3566](<https://vulners.com/cve/CVE-2014-3566>) \n \n**Description:** Product could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections. \n \n**CVSS Base Score: **4.3 \n**CVSS Temporal Score**: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97013> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector: **(AV:N/AC:M/Au:N/C:P/I:N/A:N) \n\n## Affected Products and Versions\n\nIBM UrbanCode Release 6.0, 6.0.0.1, 6.0.1, 6.0.1.1, 6.0.1.2, 6.0.1.3, 6.0.1.4, 6.1, 6.1.0.1, 6.1.0.2, 6.1.0.3, and 6.1.0.4 on all supported platforms.\n\n## Remediation/Fixes\n\nNone\n\n## Workarounds and Mitigations\n\nMitigating POODLE attacks as follows: \n\n\n 1. Open `<tomcat_dir>/conf/server.xml` in a text editor. \nBy default, `<tomcat_dir>` is located at:\n * (Linux): `/opt/IBM/UCRelease/server/tomcat`\n * (Windows): `C:\\Program Files\\IBM\\UCRelease\\server\\tomcat \n \n`\n* Find an XML element named `<Connector>` with the attribute `SSLEnabled=\"true\"`. \n \n\n* Within this element, find the attribute:` \n \nsslProtocol=${urbancode.connector.sslProtocol}`. \n \nReplace with the attribute: \n \n`sslEnabledProtocols=\"TLSv1,TLSv1.1,TLSv1.2\"`. \n \n\n* Apply these changes by restarting the server.\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2018-06-17T22:31:55", "type": "ibm", "title": "Security Bulletin: Vulnerability in SSLv3 affects IBM UrbanCode Release (CVE-2014-3566)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2018-06-17T22:31:55", "id": "774447A42E7584CA310C1D881A1B9F22575B31868A10B3206AEFDCC52F166509", "href": "https://www.ibm.com/support/pages/node/254483", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-12-30T21:48:22", "description": "## Summary\n\nIBM Websphere Application Server is shipped as a component of IBM Security Identity Manager. Information about a security vulnerability affecting IBM Websphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nPlease consult the security bulletin [](<http://www-01.ibm.com/support/docview.wss?uid=swg21687173>)[_Vulnerability in SSLv3 affects IBM WebSphere Application Server (CVE-2014-3566)_](<http://www-01.ibm.com/support/docview.wss?uid=swg21687173>) for vulnerability details.\n\n## Affected Products and Versions\n\n * * IBM Tivoli Identity Manager 5.1\n * IBM Security Identity Manager 6.0 \n\n## Remediation/Fixes\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product and Version \n---|--- \nIBM Tivoli Identity Manager 5.1| IBM Websphere Application Server Network Deployment 6.1 \nIBM Security Identity Manager 6.0| IBM Websphere Application Server Network Deployment 7.0 \n \n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n[{\"Product\":{\"code\":\"SSRMWJ\",\"label\":\"IBM Security Identity Manager\"},\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Component\":\"--\",\"Platform\":[{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF027\",\"label\":\"Solaris\"},{\"code\":\"PF033\",\"label\":\"Windows\"},{\"code\":\"PF035\",\"label\":\"z\\/OS\"}],\"Version\":\"6.0;5.1\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB24\",\"label\":\"Security Software\"}}]", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 3.4, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 1.4}, "published": "2018-06-16T21:20:10", "type": "ibm", "title": "Security Bulletin: Vulnerability in SSLv3 affects WebSphere Application Server shipped with Security Identity Manager (CVE-2014-3566)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2018-06-16T21:20:10", "id": "3B9F6F5E9D79A8020104EEF5D0CC94C720D4533CBD170B94B66F7CFE87D9D97F", "href": "https://www.ibm.com/support/pages/node/254479", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T01:53:05", "description": "## Summary\n\nMicrosoft SQL Server Express 2014 is shipped with IBM Robotic Process Automation with Automation Anywhere. Information about a security vulnerability affecting Microsoft SQL Server Express 2014 has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section \n\n\nThe affected part is the database communication between the Control Room and the Microsoft SQL Server database.\n\n \n \n \nDESCRIPTION: IBM Robotic Process Automation with Automation Anywhere could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plain text of encrypted connections. \n \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/97013_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/97013>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n\n## Affected Products and Versions\n\nIBM Robotic Process Automation with Automation Anywhere v10.0 and v10.0 CF2017.12\n\n## Remediation/Fixes\n\nRefer to the following security bulletins for vulnerability details and information about fixes addressed by Microsoft SQL Server Expresss 2014 which is shipped with IBM Robotic Process Automation with Automation Anywhere. \n \n \n\n\nPrincipal Product and Versions| Affected Supporting Product and Versions| Affected Supporting Product Security Bulletin \n---|---|--- \nIBM Robotic Process Automation with Automation Anywhere| Microsoft SQL Server Express 2014| [Microsoft security advisory: Vulnerability in SSL 3.0 could allow information disclosure: October 15, 2014](<https://support.microsoft.com/en-us/help/3009008/microsoft-security-advisory-vulnerability-in-ssl-3-0-could-allow-infor>) \nThe provided Microsoft SQL Server Express installation image in the IBM Robotic Process Automation with Automation Anywhere Control Room installation package is at level 2014 SP1 Cumulative Update 4 which defaults database communication to SSLv3 to clients. IBM recommends upgrading to the latest Cumulative Update of Microsoft SQL Server Express 2014. Upgrading to Cumulative Update 5 and later changes communication to TLS 1.2. See the [Microsoft SQL Server article on enabling TLS 1.2 protocols](<https://support.microsoft.com/en-us/help/3052404/fix-you-cannot-use-the-transport-layer-security-protocol-version-1-2-t>). \n\n## Workarounds and Mitigations\n\nUpgrading to Microsoft SQL Server Express SP1 Cumulative Update 5 and later resolves CVE-2014-3566 with the provided express install. No configuration change is needed for IBM Robotic Process Automation with Automation Anywhere.\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2018-06-15T07:08:45", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in Micosoft SQL Server Express shipped with IBM Robotic Process Automation with Automation Anywhere CVE-2014-3566", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2018-06-15T07:08:45", "id": "F08BFDC36857BBE15067A0715EC82D384F74D0BB5D6D364E364213D123C8F27A", "href": "https://www.ibm.com/support/pages/node/302019", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T01:51:03", "description": "## Summary\n\nSSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack. SSLv3 is enabled in the IBM WebSphere product bundled with IBM Tivoli Access Manager for e-business and IBM Security Access Manager for Web.\n\n## Vulnerability Details\n\n \n**CVE-ID**: [_CVE-2014-3566_](<https://vulners.com/cve/CVE-2014-3566>) \n \n**DESCRIPTION**: The IBM WebSphere product bundled with IBM Tivoli Access Manager for e-business and IBM Security Access Manager for Web could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections. \n\n\nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/97013_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/97013>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n\n\n## Affected Products and Versions\n\nIBM Tivoli Access Manager for e-business versions: 5.1, 6.0, 6.1, 6.1.1 \nIBM Security Access Manager for Web software version: 7.0 \n \nNOTE: The appliance versions of IBM Security Access Manager for Web do not bundle IBM WebSphere.\n\n## Remediation/Fixes\n\nNone\n\n## Workarounds and Mitigations\n\nIBM recommends that you review your entire environment to identify areas that enable the SSLv3 protocol and take appropriate mitigation and remediation actions. The most immediate mitigation action that can be taken is disabling SSLv3. You should verify disabling SSLv3 does not cause any compatibility issues. \n \nThis vulnerability affects all versions and releases of IBM WebSphere Application Server and IBM HTTP Server component in all editions of WebSphere Application Server. \n \nFor all releases of IBM WebSphere Application Server, update the SSL configuration to disable SSLv3. Please refer to the [_Security Bulletin for IBM WebSphere Application Server_](<http://www-01.ibm.com/support/docview.wss?uid=swg21687173>) to remediate your application server. \n \nFor all releases and versions of IBM HTTP Server, update httpd.conf file to disable SSLv3. Please refer to the [_Security Bulletin for IBM HTTP Server_](<http://www-01.ibm.com/support/docview.wss?uid=swg21687172>) to remediate your webserver.\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2018-06-16T21:20:14", "type": "ibm", "title": "Security Bulletin: Vulnerability in SSLv3 affects WebSphere included with Tivoli Access Manager for e-business and Security Access Manager for Web (CVE-2014-3566)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2018-06-16T21:20:14", "id": "EE7CE47E45F000B20D959427D19E89321C1C0E7DA85CD2ADF5A37945584874DC", "href": "https://www.ibm.com/support/pages/node/254713", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T01:50:57", "description": "## Summary\n\nIBM SDK for Java shipped by IBM Webshere Application Server is shipped as a component of IBM Tivoli/Security Key Lifecycle Manager. Information about a security vulnerability affecting IBM SDK for Java shipped by IBM Webshere Application Server has been published in a security bulletin. \n\n## Vulnerability Details\n\n \nCVEID: [_CVE-2014-3566_](<https://vulners.com/cve/CVE-2014-3566>) \n \nDESCRIPTION: \nProduct could allow a remote attacker to obtain sensitive information, casued by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections. \nPlease consult the security bulletin <http://www-01.ibm.com/support/docview.wss?uid=swg21687740> for vulnerability details and information about fixes. \n \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/97013_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/97013>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n\n## Affected Products and Versions\n\nPrincipal Product and Version\n\n| Affected Supporting Product and Version \n---|--- \nIBM Tivoli Key Lifecycle Manager 1.0 | IBM Websphere Application Server 6.1.0.0 through 6.1.0.47 - Java SDK 5 SR16 \nIBM Tivoli Key Lifecycle Manager 2.0| IBM Websphere Application Server 6.1.0.0 through 6.1.0.47 - Java SDK 5 SR16 \nIBM Tivoli Key Lifecycle Manager 2.0.1| IBM Websphere Application Server 6.1.0.0 through 6.1.0.47 - Java SDK 5 SR16 \nIBM Security Key Lifecycle Manager 2.5 | IBM Websphere Application Server 8.5.5.0 through 8.5.5.2 - Java SDK 6R1 SR8 \n \n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _Remediation/First Fix_ \n---|---|--- \nIBM Tivoli Key Lifecycle Manager | 1.0| [1.0.0-TIV-TKLM-FP0006](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/IBM+Tivoli+Key+Lifecycle+Manager&release=1.0.0&platform=All&function=all>) \nIBM Tivoli Key Lifecycle Manager | 2.0| [2.0.0-ISS-TKLM-FP0008](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/IBM+Tivoli+Key+Lifecycle+Manager&release=2.0.0&platform=All&function=all>) \nIBM Tivoli Key Lifecycle Manager | 2.0.1| [2.0.1-ISS-TKLM-FP0006](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/IBM+Tivoli+Key+Lifecycle+Manager&release=2.0.1.0&platform=All&function=all>) \nIBM Security Key Lifecycle Manager | 2.5| [2.5.0-ISS-SKLM-FP0004](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/IBM+Tivoli+Key+Lifecycle+Manager&release=2.5.0&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nDownload and apply Websphere Application Server ifix manually. See security bulletin \n[Multiple vulnerabilities in IBM Java SDK affect WebSphere Application Server January 2015 CPU](<http://www-01.ibm.com/support/docview.wss?uid=swg21695362>)\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2018-06-16T21:23:44", "type": "ibm", "title": "Security Bulletin: A SSLv3 POODLE Attack vulnerabilities in IBM SDK for Java shipped by IBM Webshere Application Server shipped with IBM Tivoli/Security Key Lifecycle Manager (CVE-2014-3566)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2018-06-16T21:23:44", "id": "72EF00C4B35D9599E1A58E00685282A8A55FD82A122F9FA814B19FB08B691740", "href": "https://www.ibm.com/support/pages/node/262247", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T01:37:48", "description": "## Summary\n\nSSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack. SSLv3 is enabled in BigInsights.\n\n## Vulnerability Details\n\n**CVE-ID**: [_CVE-2014-3566_](<https://vulners.com/cve/CVE-2014-3566>) \n \n**DESCRIPTION**: InfoSphere BigInsights could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plain text of encrypted connections. \n \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/97013_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/97013>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n\n\n## Affected Products and Versions\n\nIBM InfoSphere BigInsights: 2.0-3.0.0.1\n\n## Remediation/Fixes\n\nFor version 3.0, and 3.0.0.1: Upgrade to the fix pack version [_InfoSphere BigInsights 3.0.0.2_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EInformation%2BManagement&product=ibm/Information+Management/InfoSphere+BigInsights&release=3.0.0.0&platform=All&function=all>). \n\n## Workarounds and Mitigations\n\nFor all affected versions of InfoSphere BigInsights, IBM recommends disabling SSLv3. The server SSL configuration should be modified to use SSL protocol **TLS** as shown below to disable SSLv3. \n \nThe following steps should be performed to disable SSLv3 and enable TLS: \n\n\n 1. Login as a BigInsights admin user.\n 2. Stop the console: $BIGINSIGHTS_HOME/bin/stop.sh console\n 3. Update the console configuration file: \n 1. Find **_ssl_** configuration element in $BIGINSIGHTS_HOME/console/wlp/usr/servers/waslp-server/server.xml.\n 2. Add attribute** sslProtocol=\"TLS\"**. \nFor example: <ssl clientAuthenticationSupported=\"true\" id=\"defaultSSLSettings\" keyStoreRef=\"defaultKeyStore\" sslProtocol=\"TLS\"/>\n 4. Restart the console: $BIGINSIGHTS_HOME/bin/start.sh console\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2021-04-08T20:59:42", "type": "ibm", "title": "Security Bulletin: Vulnerability in SSLv3 affects InfoSphere BigInsights\n (CVE-2014-3566)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2021-04-08T20:59:42", "id": "EB67E51171F7C34A22B244E03166CB1F7D74162E476DCFA216B46A44310996E5", "href": "https://www.ibm.com/support/pages/node/254351", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T01:51:04", "description": "## Summary\n\nSSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack. SSLv3 is enabled in Tivoli Directory Server (TDS) and IBM Security Directory Server (SDS).\n\n## Vulnerability Details\n\n**CVE-ID**: [CVE-2014-3566](<https://vulners.com/cve/CVE-2014-3566>) \n** \nDESCRIPTION**: Product could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections. \n \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97013> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\n## Affected Products and Versions\n\nIBM Tivoli Directory Server 6.0, 6.1, 6.2, 6.3 \n\nIBM Security Directory Server 6.3.1, 6.4\n\nIBM Security Directory Suite 8.0.1\n\n## Remediation/Fixes\n\nInsure that the version listed below is installed on the system. \n\n**Product Version**\n\n| **Fix level** \n---|--- \nIBM Security Directory Suite 8.0.1| 8.0.1.0 (GA level) \nIBM Security Directory Server 6.4| 6.4.0.0 (GA level) \nIBM Security Directory Server 6.3.1| 6.3.1.8-ISS-ISDS-IF0008 \nTivoli Directory Server 6.3| 6.3.0.34-ISS-ITDS-IF0034 \nTivoli Directory Server 6.2| 6.2.0.41-ISS-ITDS-IF0041 \nTivoli Directory Server 6.1| 6.1.0.65-ISS-ITDS-IF0065 \nTivoli Directory Server 6.0| 6.0.0.73-ISS-ITDS-IF0073 \n \n \nNotes: \n 1. Though the above Fix levels provide necessary functionality to disable SSLv3, its important to use the latest recommended fix level of [SDS/TDS 6.x](<http://www.ibm.com/support/docview.wss?uid=swg27009778>) or [SDS 8.0.1](<http://www.ibm.com/support/docview.wss?uid=swg27049508>). So based on your SDS / TDS version download the latest recommended fix level and install the same along with the latest related products. \n\nIBM recommends that you review your entire environment to identify areas that enable the SSLv3 protocol and take appropriate mitigation and remediation actions. The most immediate mitigation action that can be taken is disabling SSLv3. \n \nThere are 4 components of Tivoli Directory Server (TDS) and IBM Security Directory Server (SDS) where SSLv3 should be disabled: LDAP servers, LDAP clients, Web Administration Tool and HTTP clients (web browsers) \n \n**For TDS or SDS LDAP Servers:** \n \nTDS versions 6.2.0.41, 6.1.0.65 and 6.0.0.73: SSLV3 can be directly disabled in the server by adding the following line to the \"cn=Front End, cn=Configuration\" entry of the ibmslapd.conf file: \n \n`ibm-slapdSetenv: IBMSLAPD_SECURITY_PROTOCOL=TLS10` \n \nTDS version 6.3.0.34: SSLV3 can be directly disabled in the server by adding the following line to the \"cn=Front End, cn=Configuration\" entry of the ibmslapd.conf file: \n \n`ibm-slapdSetenv: IBMSLAPD_SECURITY_PROTOCOL=TLS10,TLS11,TLS12` \n \nSDS version 8.0.1.*, 6.4.0.* and 6.3.1.8 (and later fix levels): SSLV3 can be directly disabled in the server by adding the following lines to the \"cn=SSL, cn=Configuration\" entry of the ibmslapd.conf file. Make sure that \"`ibm-slapdSecurityProtocol: SSLV3`\" is NOT present. \n \n`ibm-slapdSecurityProtocol: TLS10` \n`ibm-slapdSecurityProtocol: TLS11` \n`ibm-slapdSecurityProtocol: TLS12` \n \n**For TDS or SDS LDAP clients:** \n \nTDS versions 6.2.0.41, 6.1.0.65 and 6.0.0.73: SSLV3 can be directly disabled in the client by setting the following environment variable. Note that this will also work for 3rd party applications which link the TDS client libraries. \n \n`export LDAP_OPT_SECURITY_PROTOCOL=TLS10` \n \nTDS version 6.3.0.34: SSLV3 can be directly disabled in the in the client by setting the following environment variable. Note that this will also work for 3rd party applications which link the TDS client libraries. \n \n`export LDAP_OPT_SECURITY_PROTOCOL=TLS10,TLS11,TLS12` \n \nSDS version 8.0.1.*, 6.4.0.* and 6.3.1.8 (and later fix levels) : SSLV3 can be directly disabled in the in the client by setting the following environment variable. Note that this will also work for 3rd party applications which link the TDS client libraries. \n \n`export LDAP_OPT_SECURITY_PROTOCOL=TLS10,TLS11,TLS12`\n\n## Workarounds and Mitigations\n\nIBM recommends that you review your entire environment to identify areas that enable the SSLv3 protocol and take appropriate mitigation and remediation actions. The most immediate mitigation action that can be taken is disabling SSLv3. \n \nThere are 4 components of Tivoli Directory Server (TDS) and IBM Security Directory Server (SDS) where SSLv3 should be disabled: LDAP servers, LDAP clients, Web Administration Tool and HTTP clients (web browsers) \n \n**NOTE**: It is strongly recommended that you maintain the latest fix level of both the directory server and GSKit to be sure that you have fixes for all known vulnerabilities and defects as part of your overall security strategy. The latest available fix levels are documented in the technote [Fixes by version for IBM Security Directory Server - v.r.m.f levels and build dates](<http://www.ibm.com/support/docview.wss?uid=swg21496581>) \n \n**For TDS or SDS LDAP Servers 8.0.1, 6.4 and 6.3.1.8 (and later fix levels):** \n \n_A) Disable SSLv3 protocol_\n\n \nEnabling FIPS mode will disable SSLv3 on all versions of TDS/SDS. This can be done by setting the following options in the dn: cn=SSL, cn=Configuration entry of ibmslapd.conf and restarting the server: \n`ibm-slapdSslFIPSModeEnabled: true` \n`ibm-slapdSslFIPSProcessingMode: true` \n**Note**: FIPS mode restricts the allowable ciphers for TLS 1.0 to AES (35), AES-128 (2F), and TripleDES-168 (0A). These should be enabled by default, but if you've disabled them, then TLS 1.0 connections will be rejected: \n`ibm-slapdSslCipherSpec: AES` \n`ibm-slapdSslCipherSpec: AES-128` \n`ibm-slapdSslCipherSpec: TripleDES-168` \n_B) Enable TLS 1.2 and 1.1_\n\n \nTLS 1.0 is enabled by default. TLS 1.2 and 1.1 are only supported on TDS 6.3.0.17 or later, or SDS 6.3.1.0 or later _(see note section at bottom)_, SDS 6.4.0.0 or later and SDS 8.0.1.0 or later. You can enable or disable specific protocols using the ibm-slapdSecurityProtocol attribute of the cn=SSL, cn=Configuration entry in ibmslapd.conf: \n`# ibm-slapdSecurityProtocol: SSLV3 <- `(disable this, enable the rest) \n`ibm-slapdSecurityProtocol: TLS10` \n`ibm-slapdSecurityProtocol: TLS11` \n`ibm-slapdSecurityProtocol: TLS12` \nFor TLS 1.2 to work, you may add one or more of the following TLS 1.2 ciphers to the cn=SSL, cn=Configuration entry of ibmslapd.conf and restart the server, If none of the TLS 1.2 ciphers are present, then SDS/TDS will initialize a default set of TLS 1.2 ciphers: \n`# ciphers supported in FIPS mode and used by TDS client` \n`ibm-slapdSslCipherSpec: TLS_RSA_WITH_3DES_EDE_CBC_SHA` \n`ibm-slapdSslCipherSpec: TLS_RSA_WITH_AES_128_CBC_SHA` \n`ibm-slapdSslCipherSpec: TLS_RSA_WITH_AES_256_CBC_SHA` \n`ibm-slapdSslCipherSpec: TLS_RSA_WITH_AES_128_GCM_SHA256` \n`ibm-slapdSslCipherSpec: TLS_RSA_WITH_AES_256_GCM_SHA384` \n`ibm-slapdSslCipherSpec: TLS_RSA_WITH_AES_128_CBC_SHA256` \n`ibm-slapdSslCipherSpec: TLS_RSA_WITH_AES_256_CBC_SHA256` \n`ibm-slapdSslCipherSpec: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256` \n`ibm-slapdSslCipherSpec: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384` \n`ibm-slapdSslCipherSpec: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256` \n`ibm-slapdSslCipherSpec: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384` \n`ibm-slapdSslCipherSpec: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA` \n`ibm-slapdSslCipherSpec: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA` \n`ibm-slapdSslCipherSpec: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256` \n`ibm-slapdSslCipherSpec: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384` \n`ibm-slapdSslCipherSpec: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256` \n`ibm-slapdSslCipherSpec: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384` \n`# ciphers supported in FIPS mode but NOT used by TDS client` \n`ibm-slapdSslCipherSpec: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA` \n`ibm-slapdSslCipherSpec: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA` \n`ibm-slapdSslCipherSpec: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA` \n`ibm-slapdSslCipherSpec: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA` \n**For TDS or SDS LDAP clients:**\n\n \nEnabling FIPS mode in client applications will also disable SSLv3 the same as on the server. The command line clients which ship with TDS and SDS use the '-x' command line option to enable FIPS mode. However, there is no environment variable to directly control this in the ldap client libraries. FIPS mode can only be enabled by calling the C client API `ldap_ssl_set_fips_mode_np()`. Third party applications will have different ways to expose this feature (if at all). \n \nIf you're using TDS 6.3.0.17 or later clients _(see note section at bottom)_, you can set the environment variable `LDAP_OPT_SECURITY_PROTOCOL=TLS10,TLS11,TLS12` to disable SSLV3. But this option is not supported on TDS 6.2 or earlier. And like FIPS mode, it is only recognized by TDS or SDS client applications, not directly by the ldap client libraries. Third party applications will have different ways to expose this feature (if at all). \n**Web Administration Tool:**\n\n \nTo disable SSLV3 in the web administratio tool and the embedded Websphere Application Server (eWAS) included with TDS, please see technote #1694300: Disabling SSLv3 for Directory Server Web Admin Tool. at <http://www.ibm.com/support/docview.wss?uid=swg21694300> \n \nIinformation on disabling SSLV3 in the full Websphere Application Server (WAS) can be found at [http://www.ibm.com/support/docview.wss?uid=swg21687173](<http://www-01.ibm.com/support/docview.wss?uid=swg21687173>) \n \nSupport for TLS 1.0 was added to webadmin version 6.2.0.22 with APAR IO15734, and 6.3.0.11 with APAR IO16024. The webadmin tool for TDS 6.1 and earlier does not support TLS. \n**HTTP clients (web browsers):**\n\n \nPlease refer to the documentation from your browser vendor: \n \nInternet Explorer: <https://technet.microsoft.com/en-us/library/security/3009008.aspx> \nFireFox: <http://kb.mozillazine.org/Security.tls.version.*> \nChrome: <http://googleonlinesecurity.blogspot.com.au/2014/10/this-poodle-bites-exploiting-ssl-30.html> \n**NOTE:**\n\n \nMore detailed documentation of TLS 1.2 support and configuration refer \"Support for NIST SP 800-131A\" section in the following documentation links. \n * TDS 6.3.0.17 and later: [Tivoli Directory Server support for NIST SP 800-131A](<http://www.ibm.com/support/docview.wss?uid=swg21610440>)\n * SDS 6.3.1: [http://www.ibm.com/support/knowledgecenter/SSVJJU_6.3.1.5/com.ibm.IBMDS.doc_6.3.1.5/ds_ag_srv_adm_secure_dir_comm.html](<http://www-01.ibm.com/support/knowledgecenter/SSVJJU_6.3.1.5/com.ibm.IBMDS.doc_6.3.1.5/ds_ag_srv_adm_secure_dir_comm.html>)\n * SDS 6.4: <https://www.ibm.com/support/knowledgecenter/SSVJJU_6.4.0/com.ibm.IBMDS.doc_6.4/ds_ag_srv_adm_secure_dir_comm.html>\n * SDS 8.0.1: <https://www.ibm.com/support/knowledgecenter/SS3Q78_8.0.1/com.ibm.IBMDS.doc_8.0.1/ds_ag_srv_adm_secure_dir_comm.html>\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2018-06-16T21:20:10", "type": "ibm", "title": "Security Bulletin: Vulnerability in SSLv3 affects Directory Server (CVE-2014-3566)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2018-06-16T21:20:10", "id": "EB5B1F8ABFF3A7B214FBC4418A883224B5D8C2FEDD066A997E53E0DC10D67F18", "href": "https://www.ibm.com/support/pages/node/254277", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-13T05:38:01", "description": "## Summary\n\nNetwork Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. NSS is used by the IBM FlashSystem V840. FlashSystem V840 has addressed the applicable CVE.\n\n## Vulnerability Details\n\n**CVE-ID:** [_CVE-2014-3566_](<https://vulners.com/cve/CVE-2014-3566>) \n**Description:** Multiple products could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via the POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and calculate the plaintext of secure connections. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/97013_](<https://exchange.xforce.ibmcloud.com/>) for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV/N:AC/M:Au/N:C/P:I/N/A:N)\n\n## Affected Products and Versions\n\n_FlashSystem V840 including machine type and models (MTMs) for all available code levels._ MTMs affected include 9846-AC0, 9848-AC0, 9846-AC1, and 9848-AC1. The Service Assist GUI is the only component in these products that uses the Apache Struts library. \n\n## Remediation/Fixes\n\nYou should verify that applying this fix does not cause any compatibility issues.\n\n_Product_| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \n**V840 MTMs:** 9846-AC0, \n9846-AC1, \n9848-AC0, \n9848-AC1| _A code fix is now available, the VRMF of this code level is 1.1.3.8 (or later) for the storage enclosure nodes and 7.4.0.4 for the control nodes._| _ __N/A_| _No workarounds or mitigations, other than applying this code fix, are known for this vulnerability_ \n \n \n**Note:** \nV840 customers must upgrade the code of both the -AE1 and -ACx (whether -AC0 or -AC1) nodes to address this vulnerability. A customer reading this to fix one model type (e.g. \u2013AC1) should look for the corresponding security bulletin which describes how to fix the other model type (e.g. perhaps \u2013AE1) in the customer's V840. \n\n\n[_Link to FlashSystem 840 fixes_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Flash+high+availability+systems&product=ibm/StorageSoftware/IBM+FlashSystem+840&release=All&platform=All&function=all>)\n\n \n[_Link to FlashSystem V840 fixes_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Flash+high+availability+systems&product=ibm/StorageSoftware/IBM+FlashSystem+V840&release=All&platform=All&function=all>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2018-06-18T00:09:27", "type": "ibm", "title": "Security Bulletin:Vulnerabilities in Network Security Services (NSS) affect the IBM FlashSystem V840,(CVE-2014-3566)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2018-06-18T00:09:27", "id": "9F7403E8AEF30FAFBBEDCAA947D855EF987E8FD49503FA56BAF29681570597A0", "href": "https://www.ibm.com/support/pages/node/690423", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T05:58:19", "description": "## Summary\n\nIBM WebSphere MQ is shipped as a component of IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM WebSphere MQ has been published in a security bulletin. \n\n## Vulnerability Details\n\nPlease consult the security bulletin [**Vulnerability in SSLv3 affects IBM WebSphere MQ, IBM WebSphere MQ Internet Pass-Thru and IBM Mobile Messaging and M2M Client Pack (CVE-2014-3566)**](<http://www-01.ibm.com/support/docview.wss?uid=swg21687433>) for vulnerability details and information about fixes.\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product and Version \n---|--- \nAll releases of IBM WebSphere Remote Server.| All releases of IBM WebSphere MQ \n \n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2018-06-15T07:02:02", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere MQ shipped with IBM WebSphere Remote Server (CVE-2014-3566)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2018-06-15T07:02:02", "id": "E47CC3D807E088442F7028350C85D08162FCCBC6A1643D768407619ABA4B9399", "href": "https://www.ibm.com/support/pages/node/518765", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-23T21:52:31", "description": "## Summary\n\nTivoli Provisioning Manager for OS Deployment, IBM Tivoli Monitoring, IBM System Director and Tivoli Common Reporting are shipped as components of IBM System Director Editions. Information about the security vulnerability affecting these components has been published in the security bulletin.\n\n## Vulnerability Details\n\n## Abstract\n\nTivoli Provisioning Manager for OS Deployment, IBM Tivoli Monitoring, IBM System Director and Tivoli Common Reporting are shipped as components of IBM System Director Editions. Information about the security vulnerability affecting these components has been published in the security bulletin.\n\n**Vulnerability Details:**\n\nPlease consult the security bulletins listed below for the vulnerability details of the affected products.\n\n## Affected products and versions\n\nAffected Product and Version(s) | Product and Version shipped as a component | Security Bulletin \n---|---|--- \nIBM System Director Editions 6.2.0.0 | IBM Tivoli Monitoring 6.2.2.02. base FP2 (TEPS, TDW, TCR) | <http://www-01.ibm.com/support/docview.wss?uid=swg21691775> \nIBM System Director Editions 6.2.0.0 | Tivoli Common Reporting 1.3 | <http://www.ibm.com/support/docview.wss?uid=swg21695800> \nIBM System Director Editions 6.2.0.0 | IBM System Director 6.2.0.0 | [ http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5097316](<http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5097316>) \nIBM System Director Editions 6.2.1.0 | IBM Tivoli Monitoring 6.2.2 (TEPS, TDW, TCR) | <http://www-01.ibm.com/support/docview.wss?uid=swg21691775> \nIBM System Director Editions 6.2.1.0 | Tivoli Provisioning Manager for OS Deployment v 7.1.1 | <http://www.ibm.com/support/docview.wss?uid=swg21689862> \nIBM System Director Editions 6.2.1.0 | Tivoli Common Reporting 1.3 | <http://www.ibm.com/support/docview.wss?uid=swg21695800> \nIBM System Director Editions 6.2.1.0 | IBM System Director 6.2.1.0 | [ http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5097316](<http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5097316>) \nIBM System Director Editions 6.3.0.0 | IBM Tivoli Monitoring 6.2.3 (TEPS, TDW, TCR) | <http://www-01.ibm.com/support/docview.wss?uid=swg21691775> \nIBM System Director Editions 6.3.0.0 | Tivoli Provisioning Manager for OS Deployment v 7.1.1 FP4 | <http://www.ibm.com/support/docview.wss?uid=swg21689862> \nIBM System Director Editions 6.3.0.0 | Tivoli Common Reporting 2.1.1 | <http://www.ibm.com/support/docview.wss?uid=swg21695800> \nIBM System Director Editions 6.3.0.0 | IBM System Director 6.3.0.0 | [ http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5097316](<http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5097316>) \nIBM System Director Editions 6.3.2.0 | IBM Tivoli Monitoring 6.3 (TEPS, TDW, TCR) | <http://www-01.ibm.com/support/docview.wss?uid=swg21691775> \nIBM System Director Editions 6.3.2.0 | Tivoli Common Reporting 3.1 | <http://www.ibm.com/support/docview.wss?uid=swg21695800> \nIBM System Director Editions 6.3.2.0 | Tivoli Provisioning Manager for OS Deployment v 7.1.1 FP11 | <http://www.ibm.com/support/docview.wss?uid=swg21689862> \nIBM System Director Editions 6.3.2.0 | IBM System Director 6.3.2.0 | [ http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5097316](<http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5097316>) \n \n## Reference:\n\n * [Complete CVSS Guide](<http://www.first.org/cvss/cvss-guide.html>)\n * [On-line Calculator V2](<http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2>)\n\n**Related Information:** \n[IBM Secure Engineering Web Portal](<http://www-01.ibm.com/software/test/wenses/security/>) \n[IBM Product Security Incident Response Blog](<https://www.ibm.com/blogs/PSIRT>) \n\n\n**Acknowledgement**\n\nNone.\n\n**Change History** \n16 March 2015: Original Copy Published\n\n* The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Flash.\n\n**Disclaimer**\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"AS IS\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n## ", "cvss3": {}, "published": "2019-01-31T01:45:01", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in Tivoli Provisioning Manager for OS Deployment, IBM Tivoli Monitoring, IBM System Director and Tivoli Common Reporting shipped with IBM System Director Editions. (CVE-2014-3566)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2014-3566"], "modified": "2019-01-31T01:45:01", "id": "FE67874D43BC98A053A0BF58006D9985B49884BE885879B16D23006930E8AE3F", "href": "https://www.ibm.com/support/pages/node/866316", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-21T01:51:03", "description": "## Summary\n\nSSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack. SSLv3 is enabled in IBM Tivoli Federated Identity Manager.\n\n## Vulnerability Details\n\n**CVE-ID**: [_CVE-2014-3566_](<https://vulners.com/cve/CVE-2014-3566>) \n \n**DESCRIPTION**: The IBM WebSphere product bundled with IBM Tivoli Federated Identity Manager could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections. \n\n\nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/97013_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/97013>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\n## Affected Products and Versions\n\nIBM Tivoli Federated Identity Manager versions: \n6.1, 6.1.1, 6.2, 6.2.1, 6.2.2 \n \nIBM Tivoli Federated Identity Manager Business Gateway versions: \n6.1.1, 6.2, 6.2.1, 6.2.2\n\n## Remediation/Fixes\n\nNone.\n\n## Workarounds and Mitigations\n\nIBM recommends that you review your entire environment to identify areas that enable the SSLv3 protocol and take appropriate mitigation and remediation actions. The most immediate mitigation action that can be taken is disabling SSLv3. You should verify disabling SSLv3 does not cause any compatibility issues. \n \nThis vulnerability affects all versions and releases of IBM WebSphere Application Server and IBM HTTP Server component in all editions of WebSphere Application Server. \n \nFor all releases of IBM WebSphere Application Server, update the SSL configuration to disable SSLv3. Please refer to the [_Security Bulletin for IBM WebSphere Application Server_](<http://www-01.ibm.com/support/docview.wss?uid=swg21687173>) to remediate your application server. \n \nFor all releases and versions of IBM HTTP Server, update httpd.conf file to disable SSLv3. Please refer to the [_Security Bulletin for IBM HTTP Server_](<http://www-01.ibm.com/support/docview.wss?uid=swg21687172>) to remediate your webserver. \n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2018-06-16T21:20:14", "type": "ibm", "title": "Security Bulletin: Vulnerability in SSLv3 affects Tivoli Federated Identity Manager (CVE-2014-3566)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2018-06-16T21:20:14", "id": "06C07D32B3694B9428DF66A58E914A3888518AA422ACA9C0FBE65C7D07FCACCA", "href": "https://www.ibm.com/support/pages/node/254719", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T01:38:28", "description": "## Summary\n\nSSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack. SSLv3 can be configured for the IBM SPSS Data Access Pack.\n\n## Vulnerability Details\n\n**CVE-ID**: [CVE-2014-3566](<https://vulners.com/cve/CVE-2014-3566>) \n \n \n**DESCRIPTION**: Product could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections. \n \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97013> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n\n\n## Affected Products and Versions\n\nSPSS Data Access Pack 7.1, consisting of SPSS Modeler 16.0, SPSS Statistics 22.0 and SPSS Collaboration and Deployment Services 5.0, also includes the Progress Software Corporation DataDirect ODBC and JDBC drivers.\n\n## Remediation/Fixes\n\nNone\n\n## Workarounds and Mitigations\n\nFor information regarding workarounds and mitigations please refer to the Progress Software Corporation website: \n<https://community.progress.com/community_groups/datadirect_connect/f/16/t/13781.aspx> \n \nIBM recommends that you review your entire environment to identify areas that enable the SSLv3 protocol and take appropriate mitigation and remediation actions. The most immediate mitigation action that can be taken is disabling SSLv3. You should verify disabling SSLv3 does not cause any compatibility issues. \n\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2020-04-16T07:59:29", "type": "ibm", "title": "Security Bulletin: Vulnerability in SSLv3 affects IBM SPSS Data Access Pack (CVE-2014-3566)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2020-04-16T07:59:29", "id": "34AB6D6D15816E142F80D91517900A17DDA91DDBA48EE54CE98D3BB991F889F6", "href": "https://www.ibm.com/support/pages/node/254919", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T21:38:22", "description": "## Summary\n\nSSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack. SSLv3 is enabled in N series products.\n\n## Vulnerability Details\n\n**CVE-ID**: [_CVE-2014-3566_](<https://vulners.com/cve/CVE-2014-3566>) \n**DESCRIPTION**: Product could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/97013_](<http://xforce.iss.net/xforce/xfdb/97013>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\n## Affected Products and Versions\n\nClustered Data ONTAP: 8.2.1, 8.2.2, 8.2.3, 8.2.4; \nClustered Data ONTAP Antivirus Connector: 1.0, 1.0.1, 1.0.2; \nData ONTAP operating in 7-Mode: 7.3.7, 8.1.4, 8.2.1, 8.2.2, 8.2.3; \nData ONTAP SMI-S Agent: 5.1.2, 5.2; \nDisaster Recovery Adapter for VMware Site Recovery Manager: 2.0.1P2, 2.1; \nNS OnCommand Core Package: 5.2, 5.2R1, 5.2.1P1, 5.2.1P2; \nNS OnCommand Unified Manager for DataONTAP: 6.1R1; \nOpen Systems SnapVault: 3.0.1; \nN series VASA Provider: 1.0, 1.0.1; \nVirtual Storage Console for VMware vSphere: 4.2.1, 5.0; \nSnap Creator Framework: 3.6.0, 4.1.0, 4.1.2; \nSnapDrive for Unix: 5.2.2, 5.1; \nSnapDrive for Windows: 7.0.3, 7.1.1; \nSnapManager for SharePoint: 6.1.3, 8.0, 8.0.1; \nSnapManager for Oracle: 3.2, 3.3, 3.3.1; \nSnapManager for SAP: 3.2, 3.3, 3.3.1; \nSystem Setup: 1.2, 2.3;\n\n## Remediation/Fixes\n\nFor_ _Data ONTAP SMI-S Agent: the fix exists from microcode version 5.2.1; \nFor_ _Open Systems SnapVault: the fix exists from microcode version 3.0.1P6; \nFor_ _SnapDrive for Unix: the fix exists from microcode version 5.3; \nFor_ _SnapDrive for Windows: the fix exists from microcode version 7.1.2; \nFor_ _SnapManager for Oracle: the fix exists from microcode version 3.4; \nFor_ _SnapManager for SAP: the fix exists from microcode version 3.4; \nFor N series Snap Creator Framework: the fix exists from microcode version 4.3 \nFor Virtual Storage Console for VMware vSphere: the fix exists from microcode version: 6.0; \n \nPlease contact IBM support or go to this [_link_](<https://www-945.ibm.com/support/fixcentral/>) to download a supported release. For customers who are using Clustered Data ONTAP Antivirus Connector, NS OnCommand Unified Manager for DataONTAP or N series VASA Provider, please contact IBM support to find a solution. \n \nIBM recommends that you review your entire environment to identify areas that enable the SSLv3 protocol and take appropriate mitigation and remediation actions. The most immediate mitigation action that can be taken is disabling SSLv3. You should verify disabling SSLv3 does not cause any compatibility issues.\n\n## Workarounds and Mitigations\n\n\u00b7 Disable SSLv3 for System Setup: [_http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009318_](<http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009318>)[](<%20http:/www-01.ibm.com/support/docview.wss?uid=ssg1S1009318>)\n\n\u00b7 Disable SSLv2 and SSLv3 in OnCommand Unified Manager on versions after 5.2.1GA: [_http://www.ibm.com/support/docview.wss?uid=ssg1S1009319_](<http://www.ibm.com/support/docview.wss?uid=ssg1S1009319>)\n\n\u00b7 Disable SSLv2 and SSLv3 in SnapManager for SharePoint: [_http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009320_](<http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009320>)\n\n\u00b7 Disable SSLv2 and SSLv3 in Data ONTAP: [_http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009321_](<http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009321>)\n\n\u00b7 For Virtual Storage Console for VMware vSphere versions 5.0P1, 4.2.2 and earlier follow the steps in technotes: [_Virtual Storage Console 4.x stops working after vCenter 5.5U3b update_](<http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009341>)\n\n\u00b7 Disaster Recovery Adapter for VMware Site Recovery Manager - to use exclusively TLS, an upgrade to SRM 6.0 is required along with enabling SSL communication using the steps in technotes: [_How to enable SSL communication between VMware vCenter Site Recovery Manager 5 and IBM N Series storage arrays__._](<http://www.ibm.com/support/docview.wss?uid=ssg1S1009322>)\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2021-12-15T18:05:07", "type": "ibm", "title": "Security Bulletin: Vulnerability in SSLv3 affects Multiple N series products (CVE-2014-3566)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2021-12-15T18:05:07", "id": "3E23DDB4C3380B39D8666C5A0FD0663030F353603F83DC0E19F7843AA57B7A26", "href": "https://www.ibm.com/support/pages/node/696225", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T01:37:12", "description": "## Summary\n\nSSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack. SSLv3 is enabled in IBM InfoSphere Optim Performance Manager (OPM).\n\n## Vulnerability Details\n\n**CVE-ID**: [_CVE-2014-3566_](<https://vulners.com/cve/CVE-2014-3566>) \n \n**DESCRIPTION**: IBM InfoSphere Optim Performance Manager could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections. \n \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/97013_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/97013>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\n## Affected Products and Versions\n\nIBM Optim Performance Manager for DB2 on Linux, UNIX, and Windows version 4.1 through 4.1.1 \n \nIBM InfoSphere Optim Performance Manager for DB2 on Linux, UNIX, and Windows version 5.1 through 5.3.1\n\n## Remediation/Fixes\n\n**_OPM Version_**\n\n| **_Download URL_** \n---|--- \n4.1 \u2013 5.1.1.1| [_Replace JRE_](<http://www.ibm.com/support/docview.wss?uid=swg21640535>) (V6 SR16 Fix Pack 2) \n5.2 | [_Fix Central_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/InfoSphere+Optim+Performance+Manager&release=5.2.0.0&platform=All&function=all>) (Interim Fix 6269) \n5.3| [_Fix Central_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/InfoSphere+Optim+Performance+Manager&release=5.3.0.0&platform=All&function=all>) (Interim Fix 7386) \n5.3.1| [_Fix Central_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/InfoSphere+Optim+Performance+Manager&release=5.3.1.0&platform=All&function=all>) (Interim Fix 8377) \n \nFor OPM versions 4.1 through 5.1.1.1, you must replace the IBM Runtime Environment, Java\u2122 Technology Edition (JRE) that is installed with OPM, with the latest IBM Runtime Environment, Java\u2122 Technology Edition (Version 6 Service Refresh 16 Fix Pack 2 and subsequent releases). Detailed instructions are available here: [__\u201cUpdating the __](<http://www.ibm.com/support/docview.wss?uid=swg21640535>)[__IBM Runtime Environment, Java\u2122 Technology Edition__](<http://www.ibm.com/support/docview.wss?uid=swg21640535>)[__ for InfoSphere Optim Performance Manager__](<http://www.ibm.com/support/docview.wss?uid=swg21640535>)_\u201d_. \n\n \nFor OPM versions 5.2 through 5.3.1, installing the Interim Fix changes the web console server configuration so that it disables the SSLv3 protocol and permits only TLS 1.0 or higher for HTTPS connections. \n \nAfter installing the Interim Fix, if you need to re-enable the SSLv3 protocol, edit the server.xml file that is located in the InfoSphere Optim Performance Manager installation directory: \n\n\nwlp/usr/servers/dsweb/server.xml \nRemove the following line and then save the file: \n\n\n<include optional=\"true\" location=\"./TLSOnlyConfig.xml\"/> \nA restart is not required for this change to take effect. \n\n \nIBM recommends that you review your entire environment to identify areas that enable the SSLv3 protocol and take appropriate mitigation and remediation actions. The most immediate mitigation action that can be taken is disabling SSLv3. \n\n## Workarounds and Mitigations\n\nIBM InfoSphere Optim Performance Manager (OPM) relies on IBM WebSphere Application Server (WAS) to manage the SSL protocol used for secure network connections. Older OPM versions (4.1 through 5.1.1.1) use WAS Smash, newer OPM versions (since 5.2) use WAS Liberty Profile. \n \nFor more details, see the _Workarounds and Mitigations _section in this document [_Security Bulletin: Vulnerability in SSLv3 affects IBM WebSphere Application Server (CVE-2014-3566)_](<http://www-01.ibm.com/support/docview.wss?uid=swg21687173>). \n \nThe following steps outline how to apply these mitigations to OPM 5.2 through 5.3.1. \n \nEdit the SSLConfig.xml file to specify the default SSL configuration to be used by IBM InfoSphere Optim Performance Manager. The SSLConfig.xml file is located in the InfoSphere Optim Performance Manager installation directory: \n\n \n`wlp/usr/servers/dsweb/SSLConfig.xml` \nBefore making any changes the contents of the SSLConfig.xml file should look like this: \n`<server>` \n` <keyStore id=\"defaultKeyStore\" password=\"password\"/>` \n`</server>` \nA 'ssl' element can be added to specify the minimal level of security for the SSL protocol. Setting the 'sslProtocol' attribute to \u201dTLS\u201d ensures that SSLv3 will no longer be used. \n \nAfter making these changes, the contents of the SSLConfig.xml file may look like this: \n\n \n`<server>` \n`** <ssl id=\"defaultSSLConfig\" **` \n`** keyStoreRef=\"defaultKeyStore\"**` \n`** sslProtocol=\"TLS\" />**` \n` <keyStore id=\"defaultKeyStore\" password=\"password\"/>` \n`</server>` \nIf an 'ssl' element already exists, ensure that it includes the attribute **_sslProtocol=\"TLS\"_**_._ There is no need to modify the 'keyStore' entry, if you have customized it, for example to point to your own key store location, you can retain the entry as is. It is not required to restart the web console server after this update. \n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2021-07-08T21:30:52", "type": "ibm", "title": "Security Bulletin: Vulnerability in SSLv3 affects IBM InfoSphere Optim Performance Manager (CVE-2014-3566)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2021-07-08T21:30:52", "id": "D06CD755DD4308E07BA22E8E6BEB92F9E30EE716DE6494CE9CFFE8486337E1E3", "href": "https://www.ibm.com/support/pages/node/254701", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T05:52:18", "description": "## Summary\n\nA security vulnerability exists in the IBM SDK for Java that is shipped with IBM Tivoli/Security Directory Integrator. The Java version will be updated to IBM(R) Runtime Environment, Java(TM) Technology Edition\n\n## Vulnerability Details\n\n \n**CVEID:** [_CVE-2014-3566_](<https://vulners.com/cve/CVE-2014-3566>) \n \n**Description: **Product could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections. \n \nThe attack does not require local network access nor does it require authentication, but some degree of specialized knowledge and techniques are required. An exploit may impact the confidentiality of information but the integrity of data, or the availability of the system would not be compromised. \n \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97013> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\n## Affected Products and Versions\n\nIBM Tivoli Directory Integrator (ITDI) - 7.0, 7.1, 7.1.1 \n\nIBM Security Directory Integrator (ISDI) - 7.2\n\n## Remediation/Fixes\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product and Version| Fixes \n---|---|--- \nITDI 7.0| IBM Java SDK 5.0| [7.0.0-TIV-TDI-LA0020-POODLE](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=Security%2BSystems&product=ibm/Tivoli/Tivoli+Directory+Integrator&release=7.0.0&platform=All&function=fixId&fixids=7.0.0-TIV-TDI-LA0020-POODLE&includeRequisites=1&includeSupersedes=0&downloadMethod=http>) \nITDI 7.1| IBM Java SDK 6.0| [7.1.0-TIV-TDI-LA0016-POODLE](<http://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=Security%2BSystems&product=ibm/Tivoli/Tivoli+Directory+Integrator&release=7.1.0&platform=All&function=fixId&fixids=7.1.0-TIV-TDI-LA0016-POODLE&includeRequisites=1&includeSupersedes=0&downloadMethod=http>) \nITDI 7.1.1| IBM Java SDK 6.0| [7.1.1-TIV-TDI-LA0023-POODLE](<http://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=Security%2BSystems&product=ibm/Tivoli/Tivoli+Directory+Integrator&release=7.1.1&platform=All&function=fixId&fixids=7.1.1-TIV-TDI-LA0023-POODLE&includeRequisites=1&includeSupersedes=0&downloadMethod=http>) \nISDI 7.2| IBM Java SDK 7.0| [7.2.0-ISS-SDI-LA0003-POODLE](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=Security%2BSystems&product=ibm/Tivoli/Security+Directory+Integrator&release=7.2.0&platform=All&function=fixId&fixids=7.2.0-ISS-SDI-LA0003-POODLE&includeRequisites=1&includeSupersedes=0&downloadMethod=http>) \n \n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2018-06-16T21:20:43", "type": "ibm", "title": "Security Bulletin:IBM Tivoli/Security Directory Integrator can be affected by a vulnerability in the current IBM SDK for Java (CVE-2014-3566)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2018-06-16T21:20:43", "id": "9C5F005EDD59DDF4AA35915A18110FC11CB940EB2C453CB3DC3843CD28254682", "href": "https://www.ibm.com/support/pages/node/519621", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T05:58:20", "description": "## Summary\n\nSSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack. SSLv3 is enabled in WebSphere Business Services Fabric.\n\n## Vulnerability Details\n\n**CVE-ID**: [_CVE-2014-3566_](<https://vulners.com/cve/CVE-2014-3566>) \n \n**DESCRIPTION**: WebSphere Business Services Fabric could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections. \n \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/97013_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/97013>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n\n\n## Affected Products and Versions\n\nThis vulnerability affects all versions and releases of WebSphere Business Services Fabric.\n\n## Remediation/Fixes\n\nWebSphere Business Services Fabric completely relies on WebSphere Application Server to provide HTTPS capabilities. \n \nWe recommend that customers install an interim fix for the IBM JDK to disable SSLv3, for information on the required fix please refer to the the Remediation/Fixes section in the following bulletin: [Security Bulletin: Vulnerability in SSLv3 affects IBM WebSphere Application Server (CVE-2014-3566)](<http://www.ibm.com/support/docview.wss?uid=swg21687173>) \n \nIBM recommends that you review your entire environment to identify areas that enable the SSLv3 protocol and take appropriate mitigation and remediation actions. The most immediate mitigation action that can be taken is disabling SSLv3. You should verify disabling SSLv3 does not cause any compatibility issues.\n\n## Workarounds and Mitigations\n\nCustomers who cannot or do not want to install the fix recommended in the \"Remediation/Fixes\" section of this security bulletin can disable the use of SSLv3 using manual configuration as described in the \"Workarounds and Mitigations\" section in the following bulletin: [Security Bulletin: Vulnerability in SSLv3 affects IBM WebSphere Application Server (CVE-2014-3566) ](<http://www-01.ibm.com/support/docview.wss?uid=swg21687173>)\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2018-06-15T07:02:02", "type": "ibm", "title": "Security Bulletin: Vulnerability in SSLv3 affects WebSphere Business Services Fabric (CVE-2014-3566)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2018-06-15T07:02:02", "id": "45A3D9451D9A042B4B823F72CB8D2728FECCB3D99F3D358EB95D984F7675F955", "href": "https://www.ibm.com/support/pages/node/518009", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T01:39:51", "description": "## Summary\n\nSSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack. SSLv3 is enabled in IBM Personal Communications v6.0.x\n\n## Vulnerability Details\n\n**CVE-ID:** [CVE-2014-3566](<https://vulners.com/cve/CVE-2014-3566>)\n\n**Description:** Product could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections.\n\n**CVSS Base Score:** 4.3 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97013> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\n## Affected Products and Versions\n\nIBM Personal Communications 6.0.11 and earlier.\n\n## Remediation/Fixes\n\nFix is available starting in [Personal Communications 6.0.12](<http://www.ibm.com/support/docview.wss?uid=swg24038597>) \n \nClients who are on older unsupported versions of IBM Personal Communications are also advised to upgrade to IBM Personal Communications V6.0.12 or above.\n\n## Workarounds and Mitigations\n\nIBM recommends that you review your entire environment to identify areas that enable the SSLv3 protocol and take appropriate mitigation and remediation actions. The most immediate mitigation action that can be taken is disabling SSLv3. \n \nPlease follow the instructions to ensure that IBM Personal Communications session is not configured to initiate use SSLv3 connection: \n\n\n 1. Go to **Communications > Configure...** menu item \n \n\n 2. Click **Link Parameters...** \n \n\n 3. Click the **Security Setup** tab \n \n\n 4. If the **Security Protocol** drop-down list has **SSL only** selected, change it to one of the following:\n * TLS1.0\n * TLS1.1\n * TLS1.2 \n \n\n* Click **Apply > OK**\n \nAt the same time, ensure that the host (IBM System z, IBM System i, or any other VT hosts) have SSLv3 disabled. \n \n**Important note: **IBM strongly suggests that all System z customers subscribe to the System z Security Portal to receive the latest critical System z security and integrity service. If you are not subscribed, see the instructions on the _System z Security web site_. Security and integrity APARs and associated fixes will be posted to this portal. IBM suggests reviewing the CVSS scores and applying all security or integrity fixes as soon as possible to minimize any potential risk. \n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2019-03-05T12:59:26", "type": "ibm", "title": "Security Bulletin: Vulnerability in SSLv3 affects IBM Personal Communications v6.0.x (CVE-2014-3566)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2019-03-05T12:59:26", "id": "5B41DEBCF5F49169640E9C46254A5581FA9E8066E153CFC073F7BCB78C863D65", "href": "https://www.ibm.com/support/pages/node/254229", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T05:52:20", "description": "## Summary\n\nSSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack. SSLv3 is enabled in IBM QRadar Incident Forensics.\n\n## Vulnerability Details\n\n \n**CVE-ID**: [_CVE-2014-3566_](<https://vulners.com/cve/CVE-2014-3566>) \n \n**DESCRIPTION**: Product could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections. \n \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/97013_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/97013>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\n## Affected Products and Versions\n\nIBM QRadar Incident Forensics 7.2.3 and below.\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _Remediation/First Fix_ \n---|---|--- \nIBM QRadar Incident Forensics| _7.2.3_| [IBM QRadar Incident Forensics 7.2.4 GA](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=Security%2BSystems&product=ibm/Other+software/IBM+Security+QRadar+Incident+Forensics&release=7.2.0&platform=Linux&function=fixId&fixids=7.2.4-QRADAR-QRIF-1416594332&includeRequisites=0&includeSupersedes=0&downloadMethod=http>) \n \n \nIBM recommends that you review your entire environment to identify areas that enable the SSLv3 protocol and take appropriate mitigation and remediation actions. The most immediate mitigation action that can be taken is disabling SSLv3. You should verify disabling SSLv3 does not cause any compatibility issues. \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2018-06-16T21:21:22", "type": "ibm", "title": "Security Bulletin: Vulnerability in SSLv3 affects IBM QRadar Incident Forensics. (CVE-2014-3566)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2018-06-16T21:21:22", "id": "EF1E86E8C1821B2FE6F241A7F8B0060DAE69EB57B79276256A296E2116C4F120", "href": "https://www.ibm.com/support/pages/node/521423", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-12-02T21:36:56", "description": "## Summary\n\nSSLv3 protocol used to secure a number of connection paths in IBM License Metric Tool and IBM Endpoint Manager for Software Use Analysis is vulnerable to POODLE attack. This attack enables a man-in-the-middle attacker to decrypt and intercept communications, including user-server and agent-server messages. You are not vulnerable, if your environment is already FIPS or SP800-131 compliant.\n\n## Vulnerability Details\n\nIBM License Metric Tool and IBM Endpoint Manager for Software Use Analysis use SSLv3 protocol to secure connections between user interfaces (WebUI, API) and server, and to secure connections to associated IBM Endpoint Manager server(s). By manipulating SSL handshake, an attacker placing himself between server and one of the given elements can cause the connection to use a cipher suite which is easily to break, and in the result decrypt communications into plain text. \n \nFor the attack to be performed, the attacker needs to be able to read network requests exchanged between environment components and send to them his own requests (man-in-the-middle). An exploit would impact the confidentiality of data. \n \n**C****VE-ID**: [CVE-2014-3566](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566>) \n**DESCRIPTION**: Product could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97013> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\n## Affected Products and Versions\n\nIBM License Metric Tool v9, IBM Endpoint Manager for Software Use Analysis v2.2, IBM Endpoint Manager for Software Use Analysis v9\n\n## Remediation/Fixes\n\nCode fixes will be available with the following releases (note that even with the fixed releases you still have to apply fixes for IBM Endpoint Manager Server, as described in Workaround and Mitigations) \n2.2 patch 8 \n9.0.2\n\n## Workarounds and Mitigations\n\nThere is no mitigation for Software Use Analytics v2.2. You have to install patch 8 as soon as it is available. \nIn order to mitigate the vulnerability in IBM License Metric Tool v9 and Software Use Analysis v9, you need to enable enhanced security for the product's application server and apply relevant fixes to IBM Endpoint Manager server, as outlined below. \n\u25e6 Enable FIPS or SP800-131 standard on the application server (WebSphere) cell used by the product: \n\n\u25aa FIPS: [_http://www-01.ibm.com/support/knowledgecenter/SSKLLW_9.1.0/com.ibm.tivoli.tem.doc_9.1/SUA_9.1/com.ibm.license.mgmt.doc/security/t_configure_fips_compliance.html?lang=en-us_](<http://www-01.ibm.com/support/knowledgecenter/SSKLLW_9.1.0/com.ibm.tivoli.tem.doc_9.1/SUA_9.1/com.ibm.license.mgmt.doc/security/t_configure_fips_compliance.html?lang=en-us>) \n\u25aa SP800-131: [_http://www-01.ibm.com/support/knowledgecenter/SSKLLW_9.1.0/com.ibm.tivoli.tem.doc_9.1/SUA_9.1/com.ibm.license.mgmt.doc/security/c_sp800-131_compliance.html?lang=en_](<http://www-01.ibm.com/support/knowledgecenter/SSKLLW_9.1.0/com.ibm.tivoli.tem.doc_9.1/SUA_9.1/com.ibm.license.mgmt.doc/security/c_sp800-131_compliance.html?lang=en>) \u25e6 Apply fixes for IBM Endpoint Manager Server(s): [\u25aa _https://www.ibm.com/developerworks/community/blogs/a1a33778-88b7-452a-9133-c955812f8910/entry/fixlet_messages_available_for_ssl_version_3_0_vulnerability_cve_2014_3566_aka_poodle?lang=en_](<https://www.ibm.com/developerworks/community/blogs/a1a33778-88b7-452a-9133-c955812f8910/entry/fixlet_messages_available_for_ssl_version_3_0_vulnerability_cve_2014_3566_aka_poodle?lang=en>)\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n[{\"Product\":{\"code\":\"SS8JFY\",\"label\":\"IBM License Metric Tool\"},\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Component\":\"--\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF033\",\"label\":\"Windows\"}],\"Version\":\"9.0;9.0.1;9.1\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}}]", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2022-08-19T23:26:06", "type": "ibm", "title": "Security Bulletin: IBM License Metric Tool v9 and IBM Endpoint Manager for Software Use Analysis v2.2 and v9 are vulnerable to Padding Oracle On Downgraded Legacy Encryption (POODLE) attack on SSLv3 connections (CVE-2014-3566)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2022-08-19T23:26:06", "id": "C0E0D2198BF99C1965DFAEC1C11F4784E7D189F41F262015ECEE9E5333D57537", "href": "https://www.ibm.com/support/pages/node/519585", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-10-01T01:54:49", "description": "## Summary\n\nSSLv3 protocol used to secure a number of connection paths in IBM License Metric Tool and IBM Tivoli Asset Discovery for Distributed is vulnerable to POODLE attack. This attack enables a man-in-the-middle attacker to decrypt and intercept communications, including user-server and agent-server messages. You are not vulnerable, if your environment is already FIPS-compliant.\n\n## Vulnerability Details\n\nIBM License Metric Tool and IBM Tivoli Asset Discovery for Distributed use SSLv3 protocol to secure connections between user browser and product WebUI (server), and optionally to secure connections among server and agents. By manipulating SSL handshake, an attacker placing himself between server and one of the given elements can cause the connection to use a cipher suite which is easily to break, and in the result decrypt communications into plain text. \n \nFor the attack to be performed, the attacked needs to be able to read network requests exchanged between environment components and send to them his own requests (man-in-the-middle). An exploit would impact the confidentiality of data. \n \n**CVEID**: [CVE-2014-3566](<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566>) \n**DESCRIPTION**: Product could allow a remote attacker to obtain sensitive information, caused \nby a design error when using the SSLv3 protocol. A remote user with the ability to conduct a \nman-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On \nDowngraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of \nencrypted connections. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97013> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\n## Affected Products and Versions\n\nIBM License Metric Tool 7.2.2 and 7.5, IBM Tivoli Asset Discovery for Distributed 7.2.2 and 7.5\n\n## Remediation/Fixes\n\nCode fixes will be available with the following releases (Note 1: Both server and agents upgrade is required. Note 2: Code fixes also require applying the following WebSphere tech note: [_http://www-01.ibm.com/support/docview.wss?uid=swg21687173_](<http://www-01.ibm.com/support/docview.wss?uid=swg21687173>)) \n7.2.2 IF15 \n7.5 IF23\n\n## Workarounds and Mitigations\n\nIn order to workaround the vulnerability, you need to enable FIPS (Federal Information Processing Standards) for ILMT or TAD4D infrastructure, according to your configuration (links are applicable to both ILMT and TAD4D). \n\u25e6 Enable FIPS on the Websphere cell used by the server: \n\n\u25aa Version 7.5: <http://www-01.ibm.com/support/knowledgecenter/SSHT5T_7.5.0/com.ibm.tad4d75.doc/com.ibm.license.mgmt.security.doc/t_enabling_fips_was.html> \n\u25aa Version 7.2.2: [_http://www-01.ibm.com/support/knowledgecenter/SS8JFY_7.2.2/com.ibm.license.mgmt.security.doc/t_enabling_fips_was.html_](<http://www-01.ibm.com/support/knowledgecenter/SS8JFY_7.2.2/com.ibm.license.mgmt.security.doc/t_enabling_fips_was.html>) \u25e6 Enable FIPS-compliant communications among the server and the agents \u2013 applies only if you already use secure connections level 1 or 2: \u25aa Version 7.5:<http://www-01.ibm.com/support/knowledgecenter/SSHT5T_7.5.0/com.ibm.tad4d75.doc/com.ibm.license.mgmt.security.doc/t_enabling_fips_compliance_lmt.html> \n\u25aa Version 7.2.2: [_http://www-01.ibm.com/support/knowledgecenter/SS8JFY_7.2.2/com.ibm.license.mgmt.security.doc/t_enabling_fips_compliance_lmt.html_](<http://www-01.ibm.com/support/knowledgecenter/SS8JFY_7.2.2/com.ibm.license.mgmt.security.doc/t_enabling_fips_compliance_lmt.html>)\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n[{\"Product\":{\"code\":\"SS8JFY\",\"label\":\"IBM License Metric Tool\"},\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud & Data Platform\"},\"Component\":\"--\",\"Platform\":[{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF010\",\"label\":\"HP-UX\"},{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF027\",\"label\":\"Solaris\"},{\"code\":\"PF033\",\"label\":\"Windows\"}],\"Version\":\"7.2.2;7.5\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}},{\"Product\":{\"code\":\"SSHT5T\",\"label\":\"Tivoli Asset Discovery for Distributed\"},\"Business Unit\":{\"code\":\"BU058\",\"label\":\"IBM Infrastructure w\\/TPS\"},\"Component\":\" \",\"Platform\":[{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF033\",\"label\":\"Windows\"},{\"code\":\"PF010\",\"label\":\"HP-UX\"},{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF027\",\"label\":\"Solaris\"}],\"Version\":\"7.2\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB26\",\"label\":\"Storage\"}}]", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2021-04-26T21:17:25", "type": "ibm", "title": "Security Bulletin: IBM License Metric Tool v7.2.2 and v7.5 and IBM Tivoli Asset Discovery for Distributed v7.2.2 and v7.5 are vulnerable to Padding Oracle On Downgraded Legacy Encryption (POODLE) attack on SSLv3 connections (CVE-2014-3566)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2021-04-26T21:17:25", "id": "3996F61A39895C8BF5DB89481CC4F649E2B90762965374C8A32E5395AE4CF526", "href": "https://www.ibm.com/support/pages/node/519589", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T05:37:25", "description": "## Summary\n\nSSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack. SSLv3 is a configurable option in FileNet Content Manager and FileNet BPM products. If using SSLv3 with these products, please refer to the sections below to remediate the POODLE security vulnerability.\n\n## Vulnerability Details\n\n**CVE-ID**: [_CVE-2014-3566_](<https://vulners.com/cve/CVE-2014-3566>) \n \n**DESCRIPTION**: A remote attacker could obtain sensitive information, caused by a design error with the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plain text of encrypted connections. \n \n**CVSS Base Score: 4.3 \nCVSS Temporal Score: See **[**_https://exchange.xforce.ibmcloud.com/vulnerabilities/97013_**](<https://exchange.xforce.ibmcloud.com/vulnerabilities/97013>)** for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)** \n\n\n## Affected Products and Versions\n\nIBM FileNet Content Manager 5.0.0, 5.1.0, 5.2.0, 5.2.1 (includes CE, CSS and CFS) \nIBM Content Foundation 5.2.0, 5.2.1 (includes CPE and CSS) \nIBM FileNet Business Process Manager 4.5.1, 5.0.0\n\n## Remediation/Fixes\n\nUpgrade to Java Runtime Environment (JRE) 1.6.0 SR16 FP2 or higher where SSLv3 is disabled by default to avoid the POODLE security vulnerability. By installing the applicable fixes in the table below, the private IBM JRE used by Process Engine (PE), Content Engine (CE/CPE) and Content Search Services (CSS) will be updated to 1.6.0 SR16 FP2. \n \n\n\n**Product**| **VRMF**| **Remediation/First Fix Available** \n---|---|--- \nFileNet Content Manager| 5.0.0 \n5.1.0 \n \n5.2.0 \n \n5.2.1| 5.0.0.3-P8CE-FP003 - May 19, 2015 \n5.1.0.5-P8CE-FP005 - Jan 29, 2015 \n5.1.0.0-P8CSS-IF010 - Jan 29, 2015 \n5.2.0.3-P8CPE-IF005 - Mar 10, 2015 \n5.2.0.2-P8CSS-IF002 - Mar 10, 2015 \n5.2.1.0-P8CPE-IF002 - April 8, 2015 \n5.2.1.0-P8CSS-IF001 - April 8, 2015 \nIBM Content Foundation| 5.2.0 \n \n5.2.1| 5.2.0.3-P8CPE-IF005 - Mar 10, 2015 \n5.2.0.2-P8CSS-IF002 - Mar 10, 2015 \n5.2.1.0-P8CPE-IF002 - April 8, 2015 \n5.2.1.0-P8CSS-IF001 - April 8, 2015 \nFileNet Business Process Manager| 4.5.1 \n5.0.0| 4.5.1.4-P8PE-IF007 - April 8, 2015 \n5.0.0.7-P8PE-IF001 - Dec 10, 2014 \n5.0.0.8-P8PE-FP008 - Jan 29, 2015 \n \n \nIBM recommends that you review your entire environment to identify products and components that enable the SSLv3 protocol. The only way to truly mitigate the SSLv3 security vulnerability is to disable the SSLv3 protocol. To establish secure connections between components, there are other protocols such as the Transport Layer Security (TLS) protocol that can be used. \n \nThe SSLv3 vulnerability must be addressed at 2 different levels, the **FileNet P8**** level** and the **application server**** level**. \n \nAt the **FileNet P8 level** (which includes Content Engine (CE/CPE), Process Engine (PE) and Content Search Services (CSS)), upgrade to the appropriate releases listed in the table above. \n \nAt the **application server level** (where Content Engine (CE/CPE) and Content Federated Services (CFS) reside) \n**\\- WebSphere:** \n1) Apply the appropriate Interim Fix listed in this Security Bulletin: \n[http://www.ibm.com/support/docview.wss?uid=swg21687173](<http://www-01.ibm.com/support/docview.wss?uid=swg21687173>) \n2) Configure one of the following SSL protocol options on the CE/CPE and CFS WebSphere Application Servers: TLS, TLSv1, TLSv1.1, TLSv1.2, SSL_TLS, SSL_TLSv2 \n \n**\\- WebLogic, JBoss:** \nEither upgrade the application server Java Runtime Environment (JRE) to SR16 FP2 or higher or disable SSLv3 using the links in the Workarounds and Mitigations section below. \n \nThe CE/CPE Client Downloader now supports the Transport Layer Security (TLS) protocol as an alternative to the SSLv3 protocol in the releases listed in the table above. CE/CPE clients that use the Content Engine (CE/CPE) Client Download API, such as ICN Configuration Manager and Content Federation Services setup, should also be upgraded to JRE SR16 FP2 or higher. \n\n## Workarounds and Mitigations\n\n**Content Federation Services (CFS)** \nContent Federation Services (CFS) uses SSLv3 with the CE/CPE Client Downloader. For 5.2.0.2-CFS-FP002 and prior, launch the CFS installer program specifying JRE SR16 FP2 or higher to use the TLS protocol instead of SSLv3. \nThe command syntax is: \n\n\n<Executable file name for CFS installer> LAX_VM <SR16FP2 Java executable> \nFor example: \n(Windows) \n`5.1.0-CFS-WIN.EXE LAX_VM ` \n`C:\\Program Files (x86)\\Java\\JRE6_SR16FP2\\bin\\java.exe` \n \n(UNIX) \n`./5.1.0-CFS-<PLATFORM>.BIN LAX_VM /opt/ibm-java-jre-6.0-16.2-i386/jre/bin/java` \n \n \n**Content Search Services (CSS)** \nIf unable to upgrade to the appropriate CSS release (5.1.0.0-P8CSS-IF010, 5.2.0.2-P8CSS-IF002 or 5.2.1.0-P8CSS-IF001), that automatically disables SSLv3, the procedure to disable SSLv3 can be performed manually, following the steps below. \n \n1) Add the following to the last line in the Content Search Services (CSS) startup script. (It can be added after the shutdown on OOM parameter) -Dcom.ibm.jsse2.usefipsprovider=true \n \n2) In the file [ECMTS_HOME]\\Java60\\jre\\lib\\security\\java.security change the lines: \n#ssl.SocketFactory.provider= \n#ssl.ServerSocketFactory.provider= \nto \nssl.SocketFactory.provider=com.ibm.jsse2.SSLSocketFactoryImpl \nssl.ServerSocketFactory.provider=com.ibm.jsse2.SSLServerSocketFactoryImpl \n \n3) Also in the file [ECMTS]\\Java60\\jre\\lib\\security\\java.security change the lines: \nsecurity.provider.1=com.ibm.jsse2.IBMJSSEProvider2 \nsecurity.provider.2=com.ibm.crypto.provider.IBMJCE \nsecurity.provider.3=com.ibm.security.jgss.IBMJGSSProvider \nsecurity.provider.4=com.ibm.security.cert.IBMCertPath \nsecurity.provider.5=com.ibm.security.sasl.IBMSASL \nsecurity.provider.6=com.ibm.xml.crypto.IBMXMLCryptoProvider \nsecurity.provider.7=com.ibm.xml.enc.IBMXMLEncProvider \nsecurity.provider.8=org.apache.harmony.security.provider.PolicyProvider \nsecurity.provider.9=com.ibm.security.jgss.mech.spnego.IBMSPNEGO \nto \nsecurity.provider.1=com.ibm.jsse2.IBMJSSEProvider2 \nsecurity.provider.2=com.ibm.crypto.fips.provider.IBMJCEFIPS \nsecurity.provider.3=com.ibm.crypto.provider.IBMJCE \nsecurity.provider.4=com.ibm.security.jgss.IBMJGSSProvider \nsecurity.provider.5=com.ibm.security.cert.IBMCertPath \nsecurity.provider.6=com.ibm.security.sasl.IBMSASL \nsecurity.provider.7=com.ibm.xml.crypto.IBMXMLCryptoProvider \nsecurity.provider.8=com.ibm.xml.enc.IBMXMLEncProvider \nsecurity.provider.9=org.apache.harmony.security.provider.PolicyProvider \nsecurity.provider.10=com.ibm.security.jgss.mech.spnego.IBMSPNEGO \n(The second row was added and then all the numbers were increased by 1) \n\n \nIf unable to install JRE SR16 FP2 or higher on the Content Engine (CE/CPE) server, Content Federated Services (CFS) server, and ECM clients (as is the case for WebLogic or JBoss configurations), the following links describe how to disable SSLv3 at the application server level. \n \nHow to disable SSLv3 for WebSphere: \n[http://www.ibm.com/support/docview.wss?uid=swg21687173](<http://www-01.ibm.com/support/docview.wss?uid=swg21687173>) \n \nHow to disable SSLv3 for JBoss: \n<https://access.redhat.com/solutions/1232233> \n \nHow to disable SSLv3 for WebLogic: \n[https://support.oracle.com/rs?type=doc&id=1936300.1](<https://support.oracle.com/rs?type=doc&id=1936300.1>)\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2021-07-14T21:30:53", "type": "ibm", "title": "Security Bulletin: Vulnerability in SSLv3 affects FileNet Content Manager, FileNet BPM and IBM Content Foundation (CVE-2014-3566)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2021-07-14T21:30:53", "id": "A41DD61CB741B6A4172AD3E7F0BE5B692C5DC2F9AAF2A501BDAED1C866852504", "href": "https://www.ibm.com/support/pages/node/517471", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T21:39:11", "description": "## Summary\n\nSSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack. SSLv3 is enabled in GPFS V3.5 for Windows\n\n## Vulnerability Details\n\nCVE-ID: CVE-2014-3566 \n \nDESCRIPTION: Product could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections. \n \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/97013> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\n## Affected Products and Versions\n\nOpenSSH for GPFS V3.5 for Windows\n\n## Remediation/Fixes\n\nIn GPFS V3.5.0.21 dated November 2014, IBM upgraded OpenSSH for GPFS on Windows to use OpenSSL 1.0.1j to address this vulnerability. System administrators should update their systems to GPFS V3.5.0.21 by following the steps below. \n \n1\\. Download the GPFS 3.5.0.21 update package dated November 2014 into any directory on your system. From IBM at [http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Cluster%2Bsoftware&product=ibm/power/IBM+General+Parallel+File+System&release=3.5.0&platform=Windows&function=all](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Cluster%2Bsoftware&product=ibm/power/IBM+General+Parallel+File+System&release=3.5.0&platform=Windows&function=all>) \n \n2\\. Extract the contents of the ZIP archive so that the .msi file it includes is directly accessible to your system. \n \n3\\. Follow the instructions in the README included in the update package in order to install the OpenSSH msi package. This updated OpenSSH msi package is built using OpenSSL 1.0.1j. \n \nIf GPFS multiclustering is configured on Windows nodes, upgrade all OpenSSL packages that may have been installed. The following can be done on a small group of nodes at each time (ensuring that quorum is maintained) to maintain file system availability: \n \na. Stop GPFS on the node \nb. Install the version of OpenSSL \nc. Restart GPFS on the node \n \nIBM recommends that you review your entire environment to identify areas that enable the SSLv3 protocol and take appropriate mitigation and remediation actions. The most immediate mitigation action that can be taken is disabling SSLv3.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2021-06-25T16:46:35", "type": "ibm", "title": "Security Bulletin: Vulnerability in SSLv3 affects GPFS V3.5 for Windows (CVE-2014-3566)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2021-06-25T16:46:35", "id": "3C86E9E9B80CE61FF34A70463FC2C9E86F96058B677B896D64601306CA1E6DE0", "href": "https://www.ibm.com/support/pages/node/679867", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T01:37:32", "description": "## Summary\n\nSSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack. SSLv3 is enabled in Jazz technology (JAF) based products such as Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Requirements Composer/Rational DOORS Next Generation (RRC/RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Software Architect Design Manager (RSA DM), Rhapsody Design Manager (Rhapsody DM) and also in Web servers that these products run on, namely Apache Tomcat, IBM WebSphere, and IBM HTTP Server.\n\n## Vulnerability Details\n\n \n**CVE-ID**: [_CVE-2014-3566_](<https://vulners.com/cve/CVE-2014-3566>) \n \n**Description**: Product could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections. \n \n**CVSS Base Score:** 4.3 \n**CVSS Temporal Score: **See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97013> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector**: (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\n## Affected Products and Versions\n\nRational Collaborative Lifecycle Management 3.0.1 - 5.0.2 \n \nRational Quality Manager 2.0 - 2.0.1 \nRational Quality Manager 3.0 - 3.0.1.6 \nRational Quality Manager 4.0 - 4.0.7 \nRational Quality Manager 5.0 - 5.0.2 \n \nRational Team Concert 2.0 - 2.0.0.2 \nRational Team Concert 3.0 - 3.0.6 \nRational Team Concert 4.0 - 4.0.7 \nRational Team Concert 5.0 - 5.0.2 \n \nRational Requirements Composer 2.0 - 2.0.0.4 \nRational Requirements Composer 3.0 - 3.0.1.6 \nRational Requirements Composer 4.0 - 4.0.7 \n \nRational DOORS Next Generation 4.0 - 4.0.7 \nRational DOORS Next Generation 5.0 - 5.0.2 \n \nRational Engineering Lifecycle Manager 1.0- 1.0.0.1 \nRational Engineering Lifecycle Manager 4.0.3 - 4.0.7 \nRational Engineering Lifecycle Manager 5.0 - 5.0.2 \n \nRational Rhapsody Design Manager 3.0 - 3.0.1 \nRational Rhapsody Design Manager 4.0 - 4.0.7 \nRational Rhapsody Design Manager 5.0 - 5.0.2 \n \nRational Software Architect Design Manager 3.0 - 3.0.1 \nRational Software Architect Design Manager 4.0 - 4.0.7 \nRational Software Architect Design Manager 5.0 - 5.0.2\n\n## Remediation/Fixes\n\nFor the 5.x releases, upgrade to version 5.0.2 iFix2 or later \n\n * [_Rational Collaborative Lifecycle Management 5.0.2 iFix2_](<http://www.ibm.com/support/docview.wss?uid=swg24039306>)\n * [_Rational Quality Manager 5.0.2 iFix2_](<http://www.ibm.com/support/docview.wss?uid=swg24039309>)\n * [_Rational Team Concert 5.0.2 iFix2_](<http://www.ibm.com/support/docview.wss?uid=swg24039308>)\n * [_Rational DOORS Next Generation 5.0.2 iFix2_](<http://www.ibm.com/support/docview.wss?uid=swg24039307>)[](<https://jazz.net/downloads/design-management/releases/5.0>)[](<https://jazz.net/downloads/design-management/releases/5.0>)\n * [_Rational Software Architect Design Manager 5.0.2 iFix2_](<http://www.ibm.com/support/docview.wss?uid=swg24039427>)\n * [_Rational Rhapsody Design Manager 5.0. iFix2_](<http://www.ibm.com/support/docview.wss?uid=swg24039427>)\n * Rational Engineering Lifecycle Manger:_ _Install the server portion of [_CLM 5.0.2 iFix002_](<http://www.ibm.com/support/docview.wss?uid=swg24039306>)\n_ \n_For the 4.x releases, upgrade to version 4.0.7 iFix4 or later \n\n * [_Rational Collaborative Lifecycle Management 4.0.7 iFix4_](<http://www.ibm.com/support/docview.wss?uid=swg24039420>)\n * [_Rational Quality Manager 4.0.7 iFix4_](<http://www.ibm.com/support/docview.wss?uid=swg24039418>)\n * [_Rational Team Concert 4.0.7 iFix4_](<http://www.ibm.com/support/docview.wss?uid=swg24039421>)\n * [_Rational DOORS Next Generation 4.0.7 iFix4_](<http://www.ibm.com/support/docview.wss?uid=swg24039419>)[](<https://jazz.net/downloads/design-management/releases/5.0>)[](<https://jazz.net/downloads/design-management/releases/5.0>)\n * Rational Software Architect Design Manager: Install the server portion of [_CLM 4.0.7 iFix004_](<http://www.ibm.com/support/docview.wss?uid=swg24039420>)\n * Rational Rhapsody Design Manager: Install the server portion of [_CLM 4.0.7 iFix004_](<http://www.ibm.com/support/docview.wss?uid=swg24039420>)\n * Rational Engineering Lifecycle Manager: Install the server portion of [_CLM 4.0.7 iFix004_](<http://www.ibm.com/support/docview.wss?uid=swg24039420>)\n \nFor the 3.x releases upgrade to version 3.0.1.6 iFix 5 or later \n\n * [_Rational Quality Manager 3.0.1.6 iFix5_](<http://www.ibm.com/support/docview.wss?uid=swg24039361>)\n * [_Rational Team Concert 3.0.1.6 iFix5_](<http://www.ibm.com/support/docview.wss?uid=swg24039360>)\n * [_Rational Requirements Composer 3.0.1.6 iFix5_](<http://www.ibm.com/support/docview.wss?uid=swg24039353>)\n \n \nFor the 3.x releases of Rational Software Architect Design Manager and Rhapsody Design Manager, if you cannot upgrade to 4.0.7 or 5.0, contact IBM support for guidance. \n \nFor the 2.x releases, contact IBM support for additional details on the fix. \n \nFor the 1.x releases of Rational Engineering Lifecycle Manager, contact IBM support for additional details on the fix. \n\n## Workarounds and Mitigations\n\nIBM recommends that you review your entire environment to identify areas that enable the SSLv3 protocol and take appropriate mitigation and remediation actions. The most immediate mitigation action that can be taken is disabling SSLv3. \n \nSSL secured communication occurs between client and server, for example between a Web browser or RTC client and a Web server on which the CLM is installed. To mitigate this issue and protect against POODLE attack, it is enough to secure either the client or the server (or both). One suggestion is to secure the Web server into which CLM is installed. This will allow you some flexibility in terms of addressing this issue as applicable in your environments while at the same time maintaining the ability of software client applications/components to access servers configured with different levels of security. \n \nSee the following links for information on how to disable SSLv3 in Apache Tomcat, IBM WebSphere and IBM HTTP Server. \n\n\n * IBM WebSphere: [_http://www.ibm.com/support/docview.wss?uid=swg21687173_](<http://www-01.ibm.com/support/docview.wss?uid=swg21687173>)\n * IBM HTTP Server: [_http://www.ibm.com/support/docview.wss?uid=swg21687172_](<http://www-01.ibm.com/support/docview.wss?uid=swg21687172>)\n * Apache Tomcat: [_https://access.redhat.com/solutions/1232233_](<https://access.redhat.com/solutions/1232233>)\n \n \nIn addition, the following change must be made in **server.startup** file (.bat or .sh, as appropriate). \nThis file is located in `<CLM_INSTALL_LOCATION>/server` folder: \n \nFind and replace the following text in the follow files: \n\n * server.startup.bat \n \nFind: `set JAVA_OPTS=%JAVA_OPTS% -Djazz.connector.sslProtocol=SSL_TLS` \n \nReplace with: `set JAVA_OPTS=%JAVA_OPTS% -Djazz.connector.sslEnabledProtocols=TLSv1,TLSv1.1,TLSv1.2 \n \n`\n * server.startup.sh: \n \nFind: `JAVA_OPTS=\"$JAVA_OPTS -Djazz.connector.sslProtocol=SSL_TLS\"` \n \nReplace with: `JAVA_OPTS=\"$JAVA_OPTS -Djazz.connector.sslEnabledProtocols=TLSv1,TLSv1.1,TLSv1.2\"`\n \n \nAnd the following change must be made in `<CLM_INSTALL_LOCATION>\\server\\tomcat\\conf\\server.xml` \n\n\n * Find: `sslProtocol=\"${jazz.connector.sslProtocol}``\"` \n \nTomcat 6 (6.0.38 and later) and 7 replace with: `sslEnabledProtocols=\"${jazz.connector.sslEnabledProtocols}\"` \n \nTomcat 5 and 6 (prior to 6.0.38) replace with: `sslProtocols=\"${jazz.connector.sslEnabledProtocols}\"`\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2021-04-28T18:35:50", "type": "ibm", "title": "Security Bulletin: Vulnerability in SSLv3 affects multiple IBM Rational products based on IBM Jazz technology (CVE-2014-3566)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2021-04-28T18:35:50", "id": "0751573D2E98D41D9FD5C53D769B2CC3007CDAB9443F2AB513D613437AF611AC", "href": "https://www.ibm.com/support/pages/node/254469", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T05:37:10", "description": "## Summary\n\nSSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack. SSLv3 is enabled in IBM QRadar SIEM.\n\n## Vulnerability Details\n\n \n**CVE-ID**: [_CVE-2014-3566_](<https://vulners.com/cve/CVE-2014-3566>) \n \n**DESCRIPTION**: Product could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections. \n \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/97013_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/97013>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n\n\n## Affected Products and Versions\n\n * IBM QRadar SIEM 7.2.3 Patch 4 and below.\n * IBM QRadar SIEM 7.1 MR2 Patch 8 and below.\n * IBM QRadar Vulnerability Manager 7.2.3 Patch 4 and below.\n * IBM QRadar Risk Manager 7.2.3 Patch 4 and below.\n * IBM QRadar Risk Manager 7.1 MR2 Patch 8 and below.\n\n## Remediation/Fixes\n\n_Product_\n\n| _Remediation/First Fix_ \n---|--- \n \n * IBM QRadar SIEM 7.2.3\n * IBM QRadar Vulnerability Manager 7.2.3\n * IBM QRadar Risk Manager 7.2.3\n| [IBM QRadar SIEM 7.2.4 Patch 1](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=7.2.0&platform=All&function=fixId&fixids=7.2.4-QRADAR-QRSIEM-988458&includeSupersedes=0>) \n \n * IBM QRadar SIEM 7.1 MR2\n * IBM QRadar Risk Manager 7.1 MR2\n| [IBM QRadar SIEM 7.1 MR2 Patch 9](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=7.1.0&platform=Linux&function=fixId&fixids=7.1.0-QRADAR-QRSIEM-989724&includeSupersedes=0>) \n \n \nIBM recommends that you review your entire environment to identify areas that enable the SSLv3 protocol and take appropriate mitigation and remediation actions. The most immediate mitigation action that can be taken is disabling SSLv3. You should verify disabling SSLv3 does not cause any compatibility issues. \n\n## Workarounds and Mitigations\n\nNone \n\n \n**\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2022-02-23T17:02:11", "type": "ibm", "title": "Security Bulletin: Vulnerability in SSLv3 affects IBM QRadar SIEM. (CVE-2014-3566)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566"], "modified": "2022-02-23T17:02:11", "id": "4532C7DA73DC2406AD4939A367B9E0C64E210793FA8F9E24679585A36617A133", "href": "https://www.ibm.com/support/pages/node/520233", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T05:36:48", "description": "## Summary\n\nSSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack. SSLv3 is enabled in IBM InfoSphere Master Data Management.\n\n## Vulnerability Details\n\n**CVE-ID**: [_CVE-2014-3566_](<https://vulners.com/cve/CVE-2014-3566>) \n \n**DESCRIPTION**: Product could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections. \n \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/97013_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/97013>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\n## Affected Products and Versions\n\nThe vulnerability is known to affect the following offerings: \n \n\u00b7IBM Initiate Master Data Service versions 8.5, 9.0, 9.2, 9.5, 9.7, 10.0, 10.1 (impacts [_Master Data Engine_](<http://pic.dhe.ibm.com/infocenter/mdm/v10r1/topic/com.ibm.mdshs.hubover.doc/topics/c_hubover_master_data_engine.html>) component, [_Message Brokers_](<http://pic.dhe.ibm.com/infocenter/mdm/v11r0/topic/com.ibm.mdshs.hubover.doc/topics/c_hubover_message_broker_suite.html>) component and [_Enterprise Integrator Toolkit_](<http://pic.dhe.ibm.com/infocenter/initiate/v9r5/topic/com.ibm.release_notes.doc/topics/r_release_notes_GAenterprise_integrator_toolkit.html>)component) \n \n\u00b7IBM Initiate Master Data Service Patient Hub versions 9.5, 9.7 (impacts [_Master Data Engine_](<http://pic.dhe.ibm.com/infocenter/mdm/v10r1/topic/com.ibm.mdshs.hubover.doc/topics/c_hubover_master_data_engine.html>) component, [_Message Brokers_](<http://pic.dhe.ibm.com/infocenter/mdm/v11r0/topic/com.ibm.mdshs.hubover.doc/topics/c_hubover_message_broker_suite.html>) component and [_Enterprise Integrator Toolkit_](<http://pic.dhe.ibm.com/infocenter/initiate/v9r5/topic/com.ibm.release_notes.doc/topics/r_release_notes_GAenterprise_integrator_toolkit.html>)component) \n \n\u00b7IBM Initiate Master Data Service Provider Hub versions 9.5, 9.7 (impacts [_Master Data Engine_](<http://pic.dhe.ibm.com/infocenter/mdm/v10r1/topic/com.ibm.mdshs.hubover.doc/topics/c_hubover_master_data_engine.html>) component, [_Message Brokers_](<http://pic.dhe.ibm.com/infocenter/mdm/v11r0/topic/com.ibm.mdshs.hubover.doc/topics/c_hubover_message_broker_suite.html>) component and [_Enterprise Integrator Toolkit_](<http://pic.dhe.ibm.com/infocenter/initiate/v9r5/topic/com.ibm.release_notes.doc/topi