{"id": "CISCO-SN-CVE-2014-3407-ASA.NASL", "bulletinFamily": "scanner", "title": "Cisco ASA SSL VPN Memory Blocks Exhaustion DoS (CSCuq68888)", "description": "According to its banner, the version of the Cisco ASA software on the\nremote device is affected by a vulnerability in the SSL VPN feature\ndue to improper implementation of memory blocks allocation when\nprocessing crafted HTTP packets. A remote, unauthenticated attacker\ncan exploit this issue by sending specially crafted HTTP requests\ndesigned to exhaust memory to cause a denial of service.", "published": "2014-12-08T00:00:00", "modified": "2014-12-08T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "href": "https://www.tenable.com/plugins/nessus/79803", "reporter": "This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.", "references": ["http://www.nessus.org/u?c8e2a24c", "https://tools.cisco.com/security/center/viewAlert.x?alertId=36542"], "cvelist": ["CVE-2014-3407"], "type": "nessus", "lastseen": "2019-10-28T20:03:09", "edition": 10, "viewCount": 6, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2014-3407"]}, {"type": "cisco", "idList": ["CISCO-SA-20141126-CVE-2014-3407"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310868440"]}, {"type": "nessus", "idList": ["FEDORA_2014-13030.NASL"]}, {"type": "fedora", "idList": ["FEDORA:6AD3E60E5BD4"]}], "modified": "2019-10-28T20:03:09", "rev": 2}, "score": {"value": 6.0, "vector": "NONE", "modified": "2019-10-28T20:03:09", "rev": 2}, "vulnersScore": 6.0}, "sourceData": "#TRUSTED a1d45399152b389433d9118cef9b199d7c78eb110f027ef508a42382518ee7e30e8ac9d5e507e8d551c255cf651cb6ae8df037a3aabcc30ba5282c6dc623be345f7e0c5fd8b099857a05df85b643863fe54406cac422a9e6e8379799036be80b65a9ed8194448e37a73057aa62af634663cc49494326e273098d79c3c356e312bff93927475ba75a906a3162aef49c3ad950d7826cd764af06cd339adfcc476e560fcfea40151a52c6ecadaba1119260e2c975658f6e27c6339ac93cf310f9a3f8a0ca9c596bd332416e5b7e3817022753b744ccbafcd3ed6ab7ef3bbe74d44ccc50e51a23e95391ec4906a60c1ea4a96b4716e18d449c2ba722449ab6802c7206a9837d383f1ee62c8d17e629f535840369f53d811262a14c639ab828976e68434b8332abfd56e260316ded5f6042744a1657c3ecccbfa3f224b5ff2f6d6920f5ab87ae91a9c8930f0047cc8b820b4344931f147a82162f9e6b690a889b6267420f1a2f20d130549affa11875cd8e7ad250c41acd34eeac4409bf61cae15b9150429e7d73456caa34d1002501212446ad4dcdc519c7f39e1fac4f5c7d5892fcd2601e61ab5dd885b0a3dac5c56c418c4ae48a365270a93ae8924d9ecc9784dc3ba7fb3273fdfd846de9cf1e754bde2815995ae411c58504d78a51bcded153d66b4eb533725e91b4977d5d377274f7dd6003dbf0ac3fb1b49dd6e097fd1b0517\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79803);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2018/11/15\");\n\n script_cve_id(\"CVE-2014-3407\");\n script_bugtraq_id(71317);\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCuq68888\");\n\n script_name(english:\"Cisco ASA SSL VPN Memory Blocks Exhaustion DoS (CSCuq68888)\");\n script_summary(english:\"Checks the ASA version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\"The remote device is missing a vendor-supplied security patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of the Cisco ASA software on the\nremote device is affected by a vulnerability in the SSL VPN feature\ndue to improper implementation of memory blocks allocation when\nprocessing crafted HTTP packets. A remote, unauthenticated attacker\ncan exploit this issue by sending specially crafted HTTP requests\ndesigned to exhaust memory to cause a denial of service.\");\n # https://tools.cisco.com/security/center/viewAlert.x?alertId=36542\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c8e2a24c\");\n script_set_attribute(attribute:\"see_also\", value:\"https://tools.cisco.com/security/center/viewAlert.x?alertId=36542\");\n script_set_attribute(attribute:\"solution\", value:\"Apply the relevant patch referenced in the vendor advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:cisco:adaptive_security_appliance_software\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/08\");\n\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"CISCO\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/Cisco/ASA\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"cisco_func.inc\");\ninclude(\"cisco_kb_cmd_func.inc\");\n\nasa = get_kb_item_or_exit('Host/Cisco/ASA');\nver = extract_asa_version(asa);\nif (isnull(ver)) audit(AUDIT_FN_FAIL, 'extract_asa_version');\n\nfixed_ver = NULL;\n\n# Affected version list from advisory\nversions = make_list(\n \"8.4.1\",\n \"8.4.1.3\",\n \"8.4.1.11\",\n \"8.4.2\",\n \"8.4.2.1\",\n \"8.4.2.8\",\n \"8.4.3\",\n \"8.4.3.8\",\n \"8.4.3.9\",\n \"8.4.4\",\n \"8.4.4.1\",\n \"8.4.4.3\",\n \"8.4.4.5\",\n \"8.4.4.9\",\n \"8.4.5\",\n \"8.4.5.6\",\n \"8.4.6\",\n \"8.4.7\",\n \"8.4.7.3\",\n \"8.4.7.15\",\n \"8.4.7.22\",\n \"8.4.7.23\",\n \"8.6.1\",\n \"8.6.1.1\",\n \"8.6.1.2\",\n \"8.6.1.5\",\n \"8.6.1.10\",\n \"8.6.1.12\",\n \"8.6.1.13\",\n \"8.6.1.14\",\n \"9.0.1\",\n \"9.0.2\",\n \"9.0.2.10\",\n \"9.0.3\",\n \"9.0.3.6\",\n \"9.0.3.8\",\n \"9.0.4\",\n \"9.0.4.1\",\n \"9.0.4.5\",\n \"9.0.4.7\",\n \"9.0.4.17\",\n \"9.0.4.20\",\n \"9.0.4.24\",\n \"9.1.1\",\n \"9.1.1.4\",\n \"9.1.2\",\n \"9.1.2.8\",\n \"9.1.3\",\n \"9.1.3.2\",\n \"9.1.4\",\n \"9.1.4.5\",\n \"9.1.5\",\n \"9.1.5.10\",\n \"9.1.5.12\",\n \"9.2.1\",\n \"9.2.2\",\n \"9.2.2.4\",\n \"9.2.2.7\",\n \"9.2.3\",\n \"9.3.1\",\n \"9.3.1.1\",\n \"9.3.2\"\n);\n\nforeach version (versions)\n{\n if (cisco_gen_ver_compare(a:ver, b:version) == 0)\n {\n if (ver =~ \"^8\\.\") fixed_ver = \"Refer to the vendor.\";\n else if (ver =~ \"^9\\.0[^0-9]\" && check_asa_release(version:ver, patched:\"9.0(4.25)\"))\n fixed_ver = \"9.0(4.25)\";\n else if (ver =~ \"^9\\.1[^0-9]\" && check_asa_release(version:ver, patched:\"9.1(5.15)\"))\n fixed_ver = \"9.1(5.15)\";\n else if (ver =~ \"^9\\.2[^0-9]\" && check_asa_release(version:ver, patched:\"9.2(2.100)\"))\n fixed_ver = \"9.2(2.100)\";\n else if (ver =~ \"^9\\.3[^0-9]\" && check_asa_release(version:ver, patched:\"9.3(1.99)\"))\n fixed_ver = \"9.3(1.99)\";\n break;\n }\n}\n\nif (isnull(fixed_ver))\n audit(AUDIT_INST_VER_NOT_VULN, \"Cisco ASA software\", ver);\n\nflag = FALSE;\noverride = FALSE;\n\n# Check if SSL VPN is configured\nif (get_kb_item(\"Host/local_checks_enabled\"))\n{\n buf = cisco_command_kb_item(\"Host/Cisco/Config/show_running-config_webvpn\", \"show running-config webvpn\");\n if (check_cisco_result(buf))\n {\n if (preg(multiline:TRUE, pattern:\"enable\", string:buf)) flag = TRUE;\n }\n else if (cisco_needs_enable(buf)) override = TRUE;\n}\n\nif (!flag && !override) audit(AUDIT_HOST_NOT, \"affected\");\n\nif (report_verbosity > 0)\n{\n report =\n '\\n Installed version : ' + ver +\n '\\n Fixed version : ' + fixed_ver +\n '\\n';\n security_warning(port:0, extra:report+cisco_caveat(override));\n}\nelse security_warning(port:0, extra:cisco_caveat(override));\n", "naslFamily": "CISCO", "pluginID": "79803", "cpe": ["cpe:/a:cisco:adaptive_security_appliance_software"], "scheme": null}

{"cve": [{"lastseen": "2020-12-09T19:58:23", "description": "The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 9.3(.2) and earlier does not properly allocate memory blocks during HTTP packet handling, which allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCuq68888.", "edition": 5, "cvss3": {}, "published": "2014-11-28T02:59:00", "title": "CVE-2014-3407", "type": "cve", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3407"], "modified": "2014-11-28T15:41:00", "cpe": ["cpe:/a:cisco:adaptive_security_appliance_software:9.3\\(.2\\)"], "id": "CVE-2014-3407", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3407", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:cisco:adaptive_security_appliance_software:9.3\\(.2\\):*:*:*:*:*:*:*"]}], "cisco": [{"lastseen": "2020-12-24T11:41:41", "bulletinFamily": "software", "cvelist": ["CVE-2014-3407"], "description": "A vulnerability in the SSL VPN feature of Cisco ASA Software could\nallow an unauthenticated, remote attacker to cause the exhaustion of\navailable memory, which could lead to system instability and availability\nissues on the SSL VPN services.\n\nThe vulnerability is due to improper implementation of memory block\nallocation when processing crafted HTTP packets. An attacker could\nexploit this vulnerability by sending a crafted HTTP packet to the\naffected system. The vulnerability can be exploited if SSL VPN is enabled.\n\nCisco has confirmed the vulnerability in a security notice and released software updates.\n\nTo exploit this vulnerability, an attacker may need to acquire additional information about the targeted device, such as whether SSL VPN is enabled on the device. This feature must be enabled for an attacker to achieve a successful exploit.\n\nCisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.", "modified": "2014-11-26T18:44:21", "published": "2014-11-26T18:44:32", "id": "CISCO-SA-20141126-CVE-2014-3407", "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20141126-CVE-2014-3407", "type": "cisco", "title": "Cisco ASA Software SSL VPN Memory Blocks Exhaustion Vulnerability", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:37:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3704", "CVE-2014-3407"], "description": "Check the version of drupal7", "modified": "2019-03-15T00:00:00", "published": "2014-10-29T00:00:00", "id": "OPENVAS:1361412562310868440", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868440", "type": "openvas", "title": "Fedora Update for drupal7 FEDORA-2014-13030", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for drupal7 FEDORA-2014-13030\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868440\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-10-29 05:53:01 +0100 (Wed, 29 Oct 2014)\");\n script_cve_id(\"CVE-2014-3407\", \"CVE-2014-3704\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for drupal7 FEDORA-2014-13030\");\n script_tag(name:\"summary\", value:\"Check the version of drupal7\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"drupal7 on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-13030\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-October/141512.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"drupal7\", rpm:\"drupal7~7.32~1.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-12T10:12:08", "description": "Update to upstream 7.32 security release for SA-CORE-2014-005,\nCVE-2014-3407\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 17, "published": "2014-10-29T00:00:00", "title": "Fedora 20 : drupal7-7.32-1.fc20 (2014-13030)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3704", "CVE-2014-3407"], "modified": "2014-10-29T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:20", "p-cpe:/a:fedoraproject:fedora:drupal7"], "id": "FEDORA_2014-13030.NASL", "href": "https://www.tenable.com/plugins/nessus/78707", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-13030.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(78707);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-3704\");\n script_bugtraq_id(70595);\n script_xref(name:\"FEDORA\", value:\"2014-13030\");\n\n script_name(english:\"Fedora 20 : drupal7-7.32-1.fc20 (2014-13030)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to upstream 7.32 security release for SA-CORE-2014-005,\nCVE-2014-3407\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1153402\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-October/141512.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?222d2be4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected drupal7 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Drupal core 7.x SQL Injection\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Drupal HTTP Parameter Key/Value SQL Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:drupal7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"drupal7-7.32-1.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"drupal7\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-3407", "CVE-2014-3704"], "description": "Equipped with a powerful blend of features, Drupal is a Content Management System written in PHP that can support a variety of websites ranging from personal weblogs to large community-driven websites. Drupal is highly configurable, skinnable, and secure. ", "modified": "2014-10-28T06:48:09", "published": "2014-10-28T06:48:09", "id": "FEDORA:6AD3E60E5BD4", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: drupal7-7.32-1.fc20", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}