IBM Tivoli Endpoint Manager Server 9.1.x < 9.1.1117.0 OpenSSL Security Bypass
2014-11-19T00:00:00
ID IBM_TEM_9_1_1117_0.NASL Type nessus Reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. Modified 2019-11-25T00:00:00
Description
According to its self-reported version, the IBM Tivoli Endpoint Manager Server installed on the remote host uses a vulnerable OpenSSL library that contains a flaw in the processing of ChangeCipherSpec messages. The flaw allows an attacker to cause usage of weak keying material leading to simplified man-in-the-middle attacks.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(79335);
script_version("1.6");
script_cvs_date("Date: 2019/11/25");
script_cve_id("CVE-2014-0224");
script_bugtraq_id(67899);
script_xref(name:"CERT", value:"978508");
script_name(english:"IBM Tivoli Endpoint Manager Server 9.1.x < 9.1.1117.0 OpenSSL Security Bypass");
script_summary(english:"Checks the version of the Tivoli Endpoint Manager Server.");
script_set_attribute(attribute:"synopsis", value:
"The remote host is affected by a security bypass vulnerability.");
script_set_attribute(attribute:"description", value:
"According to its self-reported version, the IBM Tivoli Endpoint
Manager Server installed on the remote host uses a vulnerable OpenSSL
library that contains a flaw in the processing of ChangeCipherSpec
messages. The flaw allows an attacker to cause usage of weak keying
material leading to simplified man-in-the-middle attacks.");
script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21677842");
script_set_attribute(attribute:"see_also", value:"https://www.openssl.org/news/secadv/20140605.txt");
script_set_attribute(attribute:"solution", value:
"Upgrade to Tivoli Endpoint Manager Server 9.1.1117.0 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-0224");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2014/06/05");
script_set_attribute(attribute:"patch_publication_date", value:"2014/06/30");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/19");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:tivoli_endpoint_manager");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Web Servers");
script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ibm_tem_detect.nasl");
script_require_keys("www/BigFixHTTPServer");
script_require_ports("Services/www", 52311);
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
include("install_func.inc");
app_name = "IBM Tivoli Endpoint Manager";
port = get_http_port(default:52311, embedded:FALSE);
version = get_kb_item_or_exit("www/BigFixHTTPServer/"+port+"/version");
if (version == UNKNOWN_VER) audit(AUDIT_UNKNOWN_WEB_SERVER_VER, app_name, port);
if (version !~ "^(\d+\.){2,}\d+$") audit(AUDIT_VER_NOT_GRANULAR, app_name, port, version);
fix = "9.1.1117.0";
if (
version =~ "^9\.1\.1065($|[^0-9])" ||
version =~ "^9\.1\.1082($|[^0-9])" ||
version =~ "^9\.1\.1088($|[^0-9])"
)
{
if (report_verbosity > 0)
{
report = "";
source = get_kb_item("www/BigFixHTTPServer/"+port+"/source");
if (!isnull(source))
report += '\n Source : ' + source;
report +=
'\n Installed version : ' + version +
'\n Fixed version : ' + fix +
'\n';
security_warning(port:port, extra:report);
}
else security_warning(port);
}
else audit(AUDIT_LISTEN_NOT_VULN, app_name, port, version);
{"ibm": [{"lastseen": "2021-12-30T21:49:59", "description": "## Summary\n\nSecurity vulnerabilities have been discovered in OpenSSL that were reported on June 5, 2014 by the OpenSSL Project.\n\n## Vulnerability Details\n\n| **Subscribe to My Notifications to be notified of important product support alerts like this.**\n\n * Follow [this link](<https://www.ibm.com/systems/support/myview/subscription/css.wss/subscriptions?methodName=startSearchToSubscribe&uctug_rational_dcfsbblurb_2013-11-05_myn_adoption_promo>) for more information (requires login with your IBM ID) \n---|--- \n \n**CVE-ID:** [_CVE-2014-0224_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224>) \n \n**Description:** OpenSSL is vulnerable to a man-in-the-middle attack, caused by the use of weak keying material in SSL/TLS clients and servers. A remote attacker could exploit this vulnerability using a specially-crafted handshake to conduct man-in-the-middle attacks to decrypt and modify traffic. \n \n**CVSS Base Score:** 5.8 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/93586> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:M/Au:N/C:P/I:P/A:N) \n\n## Affected Products and Versions\n\n4.3, 4.3.0.1, 4.3.0.2, 4.3.0.3, 4.3.0.4, 4.3.0.5, 4.3.0.6\n\n## Remediation/Fixes\n\nUpgrade to [Rational Tau Interim Fix 1 for 4.3.0.6](<http://www.ibm.com/support/docview.wss?uid=swg24037888>)\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\nOff \n\n \n[_OpenSSL Project vulnerability website_](<http://www.openssl.org/news/vulnerabilities.html>)\n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Acknowledgement\n\nNone\n\n## Change History\n\n* 20 June 2014 : Original copy published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n## Internal Use Only\n\nPSIRT advisory 1790, record 39215 \n\\----- Forwarded by Andrey Karaulov/Russia/IBM on 20.06.2014 16:17 ----- \n \n**Link Message**\n\n| | To: | Andrey Karaulov/Russia/IBM@IBMRU \n---|--- \ncc: | \n \nSubject: | DCF ACTION : Review is complete for: Security Bulletin: Rational Tau is affected by the following OpenSSL vulnerabilities: CVE-2014-0224 \nFrom: | Ron Craig/Raleigh/IBM@IBMUS on 20.06.2014 02:37 \n \n**Document Link Information:**\n\nDatabase: DCF Technotes (Rational)\n\n \nDocument: Security Bulletin: Rational Tau is affected by the following OpenSSL vulnerabilities: CVE-2014-0224 \nWorkflow status: All reviewers have completed their work on this document. \n \n \nI approve. As a code blue fixing all required releases, and using the prescribed bulletin template, you do not require any further reviews for this bulletin. \n \nDO SEND a link to the bulletin to your support contacts and to Michael Huber. \n \nWhen your other platforms are ready, revise the bulletin in DCF, and then submit for publishing -- no need to review it again as you're just adding the new links. \n \nYou can send to William Penny, now, for publishing. \n\n[{\"Product\":{\"code\":\"SSYQGX\",\"label\":\"Rational Tau\"},\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud & Data Platform\"},\"Component\":\"Documentation\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF027\",\"label\":\"Solaris\"},{\"code\":\"PF033\",\"label\":\"Windows\"}],\"Version\":\"4.3;4.3.0.1;4.3.0.2;4.3.0.3;4.3.0.4;4.3.0.5;4.3.0.6\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}}]", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.4, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.2}, "published": "2018-06-17T04:55:15", "type": "ibm", "title": "Security Bulletin: Rational Tau is affected by OpenSSL vulnerabilities (CVE-2014-0224)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0224"], "modified": "2018-06-17T04:55:15", "id": "3FECBC639ADFEB79371F9900171834D9C0E821EFFB9AE772387931314E921F6F", "href": "https://www.ibm.com/support/pages/node/514339", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-05-03T21:26:56", "description": "## Summary\n\nSecurity vulnerabilities have been discovered in OpenSSL that were reported on June 5, 2014 by the OpenSSL Project.\n\n## Vulnerability Details\n\n**CVE-ID: **[_CVE-2014-0224_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224>) \n \n**DESCRIPTION: **OpenSSL is vulnerable to a man-in-the-middle attack, caused by the use of weak keying material in SSL/TLS clients and servers. A remote attacker could exploit this vulnerability using a specially-crafted handshake to conduct man-in-the-middle attacks to decrypt and modify traffic. \n \nCVSS Base Score: 5.8 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/93586_](<http://xforce.iss.net/xforce/xfdb/93586>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N)\n\n## Affected Products and Versions\n\n**Versions (350)** \n350.00: 01Ex350_039_038 \n350.10: 01Ex350_049_038, 01Ex350_053_038, 01Ex350_054_038 \n350.20: 01Ex350_063_038 \n350.30: 01EA350_071_071, 01Ex350_071_038 \n350.40: 01EA350_074_074 \n350.50: 01EA350_085_074, 01Ex350_085_038 \n350.60: 01EA350_103_074, 01Ex350_103_038 \n350.70: 01EA350_107_074, 01Ex350_107_038 \n350.80: 01EA350_108_074, 01Ex350_108_038 \n350.90: 01EA350_118_074, 01Ex350_118_038, 01Ex350_120_038 \n350.A0: 01EA350_126_074, 01Ex350_126_038 \n350.B0: 01EA350_132_074, 01Ex350_132_038 \n350.B1: 01EA350_136_074 \n350.C0: 01Ex350_143_038, \n350.D0: 01EA350_149_074, 01Ex350_149_038 \n \n**350 Platforms Impacted:** \nIBM BladeCenter JS12 Express (7998-60X) \nIBM BladeCenter JS22 (7998-61X) \nIBM BladeCenter JS23 (7778-23X) \nIBM BladeCenter JS43 (7778-23X with feature code 8446) \nIBM Power 520 Express (9407-M15) \nIBM Power 520 Express (9408-M25) \nIBM Power 520 Express (8203-E4A) F/C 5633 \nIBM Power 520 Express (8203-E4A) F/C 5634 \nIBM Power 520 Express (8203-E4A) F/C 5635 \nIBM Power 520 Express (8203-E4A) F/C 5577 \nIBM Power 520 Express (8203-E4A) F/C 5587 \nIBM Power 550 Express (9409-M50) \nIBM Power 550 Express (8204-E8A) F/C 4965 \nIBM Power 550 Express (8204-E8A) F/C 4667 \nIBM Power 560 Express (8234-EMA) \nIBM Power 570 (9406-MMA) \nIBM Power 570 (9117-MMA) \nIBM Power 575 (9125-F2A) \nIBM Power 595 (9119-FHA) \n \n**Versions (730)** \n730.00: 01Ax730_031_031, 01Ax730_039_035, 01AA730_039_035 \n730.20: 01Ax730_045_035 \n730.30: 01Ax730_049_035, 01Ax730_051_035, 01Ax730_052_035 \n730.40: 01Ax730_058_035, 01AA730_059_035, 01AL730_060_035 \n730.45: 01Ax730_065_035 \n730.46: 01Ax730_066_035 \n730.50: 01Ax730_078_035 \n730.51: 01Ax730_087_035 \n730.60: 01AA730_094_035, 01Ax730_095_035 \n730.61: 01Ax730_099_035 \n730.70: 01Ax730_114_035, \n730.71: 01Ax730_115_035 \n730.72: 01Ax730_116_035 \n730.80: 01Ax730_122_035 \n730.90: 01Ax730_127_035 \n \n**730 Platforms Impacted:** \nIBM Power PS700 (8406-70Y) \nIBM Power PS701 (8406-71Y) \nIBM Power PS702 (8406-71Y) \nIBM Power PS703 (7891-73X) \nIBM Power PS704 (7891-74X) \nIBM Power 750 (8233-E8B) \nIBM Power 755(8236-E8C) \nIBM Power 710 Express (8231-E2B) \nIBM Power 730 Express (8231-E2B) \nIBM Power 720 Express (8202-E4B) \nIBM Power 740 Express (8205-E6B) \nIBM Power 770 (9117-MMB) \nIBM Power 780 (9179-MHB) \n \n**Versions (740)** \n740.00: 01Ax740_042_042 \n740.10: 01Ax740_043_042 \n740.15: 01Ax740_045_042 \n740.16: 01Ax740_046_042 \n740.20: 01Ax740_075_042 \n740.21: 01Ax740_077_042 \n740.40: 01Ax740_088_042 \n740.50: 01Ax740_095_042 \n740.51: 01Ax740_098_042 \n740.52: 01Ax740_100_042 \n740.60: 01Ax740_110_042 \n740.61: 01Ax740_112_042 \n740.70: 01Ax740_121_042 \n740.80: 01Ax740_126_042 \n \n**740 Platforms Impacted:** \nIBM Power 710 (8231-E1C) \nIBM Power 720 (8202-E4C) \nIBM Power 730 (8231-E2C) \nIBM Power 740 (8205-E6C) \nIBM Power 770 (9117-MMC) \nIBM Power 780 (9179-MHC) \n \n**Versions (760)** \n760.00: Ax760_034_034 \n760.10: Ax760_043_043, Ax760_043_034, AM760_044_034 \n760.11: Ax760_051_034 \n760.20: AM760_062_034, AH760_062_043 \n760.30: AM760_068_034, AH760_068_043 \n760.31: AM760_069_034, AH760_069_043 \n760.40: AM760_078_034, AH760_078_043 \n \n**760 Platforms Impacted:** \nIBM Power 770 (9117-MMD) \nIBM Power 780(9179-MHD) \nIBM Power ESE(8412-EAD) \nIBM Power 795(9119-FHB) \n \n**Versions (770)** \n770.00: 01AL770_032_032 \n770.10: 01Ax770_038_032 \n770.20: 01Ax770_048_032 \n770.21: 01Ax770_052_032 \n770.22: 01Ax770_055_032 \n770.31: 01Ax770_063_032 \n770.32: 01Ax770_076_032 \n \n770 **Platforms Impacted:** \nIBM Power 780 (9179-MHC) \nIBM Power 770 (9117-MMC) \nIBM Power 760 (9109-RMD) \nIBM Power 750 (8408-E8D) \nIBM PowerLinux 7R4 (8248-L4T) \nIBM PowerLinux 7R2 (8246-L2D) \nIBM PowerLinux 7R2 (8246-L2T) \nIBM PowerLinux 7R1 (8246-L1D) \nIBM PowerLinux 7R1 (8246-L1T) \nIBM Power 740 (8205-E6D) \nIBM Power 730 (8231-E2D) \nIBM Power 720 (8202-E4D) \nIBM Power 720 (8202-40A) \nIBM Power 710 (8231-E1D) \nIBM Power 710 (8268-E1D) \n \n**Versions (773)** \n773.00: 01AF773_033_033 \n773.01: 01AF773_035_033 \n773.10: 01AF773_051_033 \n773.11: 01AF773_054_033 \n773.12: 01AF773_056_033 \n \n**773 Impacted Versions:** \nIBM Flex System p270 (7954-24X) \nIBM Flex System p260 (7895-23X) \nIBM Flex System p260 (7895-23A) \nIBM Flex System p460 (7895-43X) \nIBM Flex System p260 (7895-22X) \nIBM Flex System p460 (7895-42X) \nIBM Flex System p24L (1457-7FL) \n \n**Versions (780):** \n780.00: 01Ax780_040_040 \n780.01: 01Ax780_050_040 \n780.02: 01Ax780_054_040 \n780.10: 01Ax780_056_040 \n \n**780**** P****latforms Impacted:** \nIBM Power 770 (9117-MMB) \nIBM Power 780 (9179-MHB) \nIBM Power 770 (9117-MMD) \nIBM Power 780 (9179-MHD) \nIBM Power ESE (8412-EAD) \nIBM Power 795 (9119-FHB) \n \n**Versions (783)** \n783.00: AF783_021_021 \n \n**783 Platforms Impacted:** \nIBM Flex System p260 Compute Node (7895-22X) \nIBM Flex System p460 Compute Node (7895-42X) \nIBM Flex System p24L Compute Node (1457-7FL) \nIBM Flex System p260 Compute Node (7895-23X) \nIBM Flex System p260 Compute Node (7895-23A)/FC EFD9 \nIBM Flex System p460 Compute Node (7895-43X) \nIBM Flex System p270 Compute Node (7954-24X) \n \n**Versions (810)** \n810.00: 01SV810_054_054 \n \n**810 Platforms Impacted:** \nIBM Power System S822 (8284-22A) \nIBM Power System S814 (8286-41A) \nIBM Power System S824 (8286-42A) \nIBM Power System S822L (8247-22L)\n\n## Remediation/Fixes\n\nCustomers on Version 350, upgrade to 350.E0: 01Ex350_159 or higher. \nCustomers on Version 730, upgrade to 730.91: 01Ax730_142 or higher. \nCustomers on Version 740, upgrade to 740.81: 01Ax740_152 or higher. \nCustomers on Version 760, upgrade to 760.41: Ax760_079 or higher. \nCustomers on Version 770, upgrade to 770.40: 01Ax770_090 or higher. \nCustomers on Version 773, upgrade to 773.13: 01AF773_058 or higher. \nCustomers on Version 780, upgrade to 780.11: 01Ax780_059 or higher. \nCustomers on Version 783.00, upgrade to 783.01: 01AF783_022 or higher. \nCustomers on Version 810.00, upgrade to 810.01: 01SV810_052 or higher. \n \nThe fix can be obtained from [_FixCentral_](<http://www-933.ibm.com/support/fixcentral/>) by providing the MTM and current fix level.\n\n## Workarounds and Mitigations\n\nNone known\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\nOff \n\n * [__On-line Calculator V2__](<http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2>)\n * [__OpenSSL Project vulnerability website__](<http://www.openssl.org/news/vulnerabilities.html>)\n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n[_IBM Secure Engineering Web Portal _](<https://www-304.ibm.com/jct03001c/security/secure-engineering/>) \n[_IBM Product Security Incident Response Blog_](<https://www.ibm.com/blogs/PSIRT>)\n\n## Acknowledgement\n\nNone\n\n## Change History\n\n06/24/14: Information for Versions 780, 783 and 810 published. \n06/25/14: Information for Versions 350, 730, 740 and 760 added. \n06/27/14: Information for Version 770 added. \n07/03/14: Information for Version 773 added. \n \n \n \n \n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. \n \nDisclaimer \n \nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"AS IS\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n[{\"Type\":\"MASTER\",\"Line of Business\":{\"code\":\"LOB57\",\"label\":\"Power\"},\"Business Unit\":{\"code\":\"BU058\",\"label\":\"IBM Infrastructure w\\/TPS\"},\"Product\":{\"code\":\"SWG60\",\"label\":\"IBM i\"},\"Platform\":[{\"code\":\"PF012\",\"label\":\"IBM i\"}],\"Version\":\"7.1.0\"}]", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2019-12-18T14:26:38", "type": "ibm", "title": "Security Bulletin: Power Systems Firmware is affected by the following OpenSSL vulnerabilities: (CVE-2014-0224)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0224"], "modified": "2019-12-18T14:26:38", "id": "FB3709EBFC8A5FAB2E4236B7D00B54901E29184F499A4CDC2801BEC9E4905342", "href": "https://www.ibm.com/support/pages/node/645503", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-12-30T21:42:28", "description": "## Summary\n\nSecurity vulnerabilities have been discovered in OpenSSL that were reported on June 5, 2014 by the OpenSSL Project. \n\n## Vulnerability Details\n\n**CVE-ID: **[_CVE-2014-0224_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224>) \n \n**DESCRIPTION: **OpenSSL is vulnerable to a man-in-the-middle attack, caused by the use of weak keying material in SSL/TLS clients and servers. A remote attacker could exploit this vulnerability using a specially-crafted handshake to conduct man-in-the-middle attacks to decrypt and modify traffic. \n \nCVSS Base Score: 5.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/93586_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/93586>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N)\n\n## Affected Products and Versions\n\nIBM Sterling Connect:Direct for UNIX 4.0.00 \n\u00b7 All versions prior to 4.0.00 iFix 112 \nIBM Sterling Connect:Direct for UNIX 4.1.0 \n\u00b7 All versions prior to 4.1.0.4 iFix 27\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the fix as soon as practical. Please see below for information about the available fixes. \n \n_Fixes for users who are not running Connect:Direct in FIPS mode on HP-UX_ VRMF | APAR | Remediation/First Fix \n---|---|--- \n4.0.00 | IT02558 | Apply 4.0.00 iFix 112, available on IWM \n4.1.0 | IT02558 | Apply 4.1.0.4 iFix 27, available on Fix Central \nAlternatively, upgrade to 4.2.0, which is not affected by the vulnerability. \n \n_Remediation for users who are running Connect:Direct in FIPS mode on HP-UX_ \nApplying the iFixes listed in the table above on HP-UX (PA-RISC and Itanium) invalidates the FIPS mode of operation. Customers who run Connect:Direct on HP-UX in FIPS mode must upgrade to 4.2.0.\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\nOff \n\n[_OpenSSL Project vulnerability website_](<http://www.openssl.org/news/vulnerabilities.html>)\n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Acknowledgement\n\nNone\n\n## Change History\n\n3 July 2014: Original Version Published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n[{\"Product\":{\"code\":\"SSKTYY\",\"label\":\"IBM Sterling Connect:Direct for UNIX\"},\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Component\":\"Not Applicable\",\"Platform\":[{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF010\",\"label\":\"HP-UX\"},{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF027\",\"label\":\"Solaris\"}],\"Version\":\"4.1;4.0\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB02\",\"label\":\"AI Applications\"}}]", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.4, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.2}, "published": "2020-07-24T22:19:08", "type": "ibm", "title": "Security Bulletin: IBM Sterling Connect:Direct for UNIX is affected by the following OpenSSL vulnerabilities: CVE-2014-0224", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0224"], "modified": "2020-07-24T22:19:08", "id": "D05CCE78047F8DFA45B21DFE0E7EB2FF33240CC3C29D657E0AFDDBDB1AD579FB", "href": "https://www.ibm.com/support/pages/node/714141", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-12-30T21:49:41", "description": "## Summary\n\nSecurity vulnerabilities have been discovered in OpenSSL that were reported on June 5, 2014 by the OpenSSL Project. \n\n## Vulnerability Details\n\n[_CVE-2014-0224_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224>) \n \n**DESCRIPTION: **OpenSSL is vulnerable to a man-in-the-middle attack, caused by the use of weak keying material in SSL/TLS clients and servers. A remote attacker could exploit this vulnerability using a specially-crafted handshake to conduct man-in-the-middle attacks to decrypt and modify traffic. \n \nCVSS Base Score: 5.8 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/93586_](<http://xforce.iss.net/xforce/xfdb/93586>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N)\n\n## Affected Products and Versions\n\nAll TS2900 tape libraries with firmware version lower than 0033.\n\n## Remediation/Fixes\n\nApply firmware version 0033 or later, available from IBM Fix Central \n<http://www-933.ibm.com/support/fixcentral/>\n\n## Workarounds and Mitigations\n\nNone known.\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\nOff \n\n[__OpenSSL Project vulnerability website__](<http://www.openssl.org/news/vulnerabilities.html>)\n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Acknowledgement\n\nNone.\n\n## Change History\n\n18 June 2014: Original Version Published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n[{\"Product\":{\"code\":\"STCAPQJ\",\"label\":\"TS2900 Tape Autoloader (3572)\"},\"Business Unit\":{\"code\":\"BU054\",\"label\":\"Systems w\\/TPS\"},\"Component\":\"Not Applicable\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"Version Independent\",\"Edition\":\"N\\/A\",\"Line of Business\":{\"code\":\"\",\"label\":\"\"}}]", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.4, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.2}, "published": "2018-06-18T00:08:04", "type": "ibm", "title": "Security Bulletin: TS2900 is affected by the following OpenSSL vulnerabilities: CVE-2014-0224", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0224"], "modified": "2018-06-18T00:08:04", "id": "C62E2592B0FCAE9D52C20B9C7B33E6431777A77035FEB591505DA1F783B680C2", "href": "https://www.ibm.com/support/pages/node/689637", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-12-30T21:40:43", "description": "## Summary\n\nA fix is available for IBM SONAS, for the OpenSSL security vulnerability\n\n## Vulnerability Details\n\n**CVEID: ** \nCVE-2014-0224 \n \n**DESCRIPTION:** \nSSL/TLS MITM vulnerability \n \nAn attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. This can be exploited by a Man-in-the-middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server. \n \nThe attack can only be performed between a vulnerable client *and* server. OpenSSL clients are vulnerable in all versions of OpenSSL. IBM SONAS systems use OpenSSL server functionality and some versions are vulnerable (see below). \n \n[_CVE-2014-0224_](<http://xforce.iss.net/xforce/xfdb/93586>) \nCVSS Base Score: 5.8 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/93586_](<http://xforce.iss.net/xforce/xfdb/93586>) for the current score\n\n## Affected Products and Versions\n\nIBM SONAS \nThe product is affected when running a code releases 1.3.0.0 to 1.4.3.2\n\n## Remediation/Fixes\n\nA fix for these issues is in version 1.4.3.3 of IBM SONAS. Customers running an affected version of IBM SONAS should upgrade to 1.4.3.3 or a later version, so that the fix gets applied. \n \n**_Workaround(s) & Mitigation(s):_** \n \nEnsure that all users who have access to the system are authenticated by another security system such as a firewall.\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n[{\"Product\":{\"code\":\"STAV45\",\"label\":\"Network Attached Storage (NAS)->Scale Out Network Attached Storage\"},\"Business Unit\":{\"code\":\"BU054\",\"label\":\"Systems w\\/TPS\"},\"Component\":\"1.4.3.3\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"1.4.3.3\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"\",\"label\":\"\"}}]", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.4, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.2}, "published": "2018-06-18T00:08:27", "type": "ibm", "title": "Security Bulletin: OpenSSL security vulnerability on IBM SONAS (CVE-2014-0224)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0224"], "modified": "2018-06-18T00:08:27", "id": "8600D4FE1C84EFD70C8C1A94E48F4DDFC42B18B82D5F8C7EE6D12E22048B63B3", "href": "https://www.ibm.com/support/pages/node/689895", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-04-12T19:30:54", "description": "## Summary\n\nSecurity vulnerabilities have been discovered in OpenSSL which impact the management port on DS8870 R7.x\n\n## Vulnerability Details\n\n**CVE-ID:** _CVE-2014-0224_ \n \n**DESCRIPTION: **\n\nAn attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. This can be exploited by a Man-in-the-middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server. The attack can only be performed between a vulnerable client *and* server.\n\nCVSS Base Score: 5.8\n\nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/93586> for the current score\n\nCVSS Environmental Score*: Undefined\n\nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N)\n\n## Affected Products and Versions\n\nDS8870 Release 7.x\n\n## Remediation/Fixes\n\nIBM strongly suggests that you install the vulnerability fix identified immediately below \n\n**Product**| **VRMF**| **APAR**| **Remediation/First Fix** \n---|---|---|--- \nDS8870 R7.2| 87.21.30.0| N/A| 06/30/2014 \nDS8870 R7.3| 87.30.105.0| N/A| 07/27/2014 \n \nPlease contact your IBM representative to order and install the service release \n\n## Workarounds and Mitigations\n\nThe following steps can help mitigate, but not eliminate the risks of this vulnerability: \n\n * Ensure that the DS8000 HMC is installed behind a firewall that limits access to the ports. \n * Ensure that clients used for management are not exposed to this issue since both the server and the client need to have the issue to be exploited.\n * Customers that do not require the CIM interface and do not install the fix, should stop the CIM Agent. \n \n\n\nTo stop the CIM Agent using the Web User Interface on the Hardware Master Console (HMC). \n\n\\- login as \"customer\" \n\n\n\n \n \n\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n[{\"Product\":{\"code\":\"ST8NCA\",\"label\":\"Disk systems->DS8870\"},\"Business Unit\":{\"code\":\"BU054\",\"label\":\"Systems w\\/TPS\"},\"Component\":\"Not Applicable\",\"Platform\":[{\"code\":\"\",\"label\":\"MCP\"}],\"Version\":\"7.2;7.3\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB26\",\"label\":\"Storage\"}}]", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2018-06-18T00:08:25", "type": "ibm", "title": "Security Bulletin: DS8870 Release 7.x affected by a vulnerability in OpenSSL (CVE-2014-0224)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0224"], "modified": "2018-06-18T00:08:25", "id": "FE7B997F67C37DFC6E3439F0BA52314A66B42B21A8011BE962695F0F97CCBF03", "href": "https://www.ibm.com/support/pages/node/689861", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-02-24T00:43:19", "description": "## Summary\n\nSecurity vulnerabilities have been discovered in OpenSSL. \n\n## Vulnerability Details\n\n**CVE-ID: **[CVE-2014-0224](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224>)\n\n**DESCRIPTION: **OpenSSL is vulnerable to a man-in-the-middle attack, caused by the use of weak keying material in SSL/TLS clients and servers. A remote attacker could exploit this vulnerability using a specially-crafted handshake to conduct man-in-the-middle attacks to decrypt and modify traffic.\n\n \n \nCVSS Base Score: 5.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/93586> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N) \n\n## Affected Products and Versions\n\n**Products: **ABYP-0T-0S-4L-P, ABYP-0T-0S-4L-P-M, ABYP-0T-2S-2L-P, ABYP-0T-2S-2L-P-M, ABYP-0T-4S-0L-P, ABYP-0T-4S-0L-P-M, ABYP-10G-2SR-2LR-1-P, ABYP-10G-2SR-2LR-1-P-M, ABYP-10G-4LR-1-P, ABYP-10G-4LR-1-P-M, ABYP-10G-4SR-1-P, ABYP-10G-4SR-1-P-M, ABYP-2T-0S-2L-P, ABYP-2T-0S-2L-P-M, ABYP-2T-1S-1L-P, ABYP-2T-1S-1L-P-M, ABYP-2T-2S-0L-P, ABYP-2T-2S-0L-P-M, ABYP-4T-0S-0L-P, ABYP-4T-0S-0L-P-M, ABYP-4TL-P, ABYP-4TL-P-M, ABYP-4TS-P, ABYP-4TS-P-M \n**Firmware versions**: \n1G NAB \u2013 1.0.849, 1.0.1901, 1.0.2564, 1.0.3097, 2.7-26, 2.10-30, 2.13-33, 2.14-35, 2.15-36, 2.16-37, 2.18-43, 3.4-23, 3.9-34 \n10G NAB - 1.0.1876, 1.0.2919, 0343c3c, 2.11-28, 2.13-34, 2.15-36, 2.18-42, 3.4-23, 3.9-34\n\n## Remediation/Fixes\n\nThe following IBM Threat Updates have the fixes for these vulnerabilities: \n\n_Product_| _Version_| _Remediation/First Fix _ \n---|---|--- \n_IBM Security Proventia Network Active Bypass _| _1G NAB \u2013 1.0.849, 1.0.1901, 1.0.2564, 1.0.3097, 2.7-26, 2.10-30, 2.13-33, 2.14-35, 2.15-36, 2.16-37, 2.18-43, 3.4-23, 3.9-34_| [_Proventia 1G NAB Update 12 (fw3.13-41)_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/IBM+Security+Network+Active+Bypass&release=All&platform=All&function=all>) \n_IBM Security Proventia Network Active Bypass _| _10G NAB - 1.0.1876, 1.0.2919, 0343c3c, 2.11-28, 2.13-34, 2.15-36, 2.18-42, 3.4-23, 3.9-34_| [_Proventia 10G NAB Update 9 (fw3.13-41)_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/IBM+Security+Network+Active+Bypass&release=All&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\nOff \n\n[CVE-2014-0224](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224>) \n[http://xforce.iss.net/xforce/xfdb/93586 ](<http://xforce.iss.net/xforce/xfdb/93586>)\n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n[{\"Product\":{\"code\":\"SSB2MD\",\"label\":\"IBM Security Network Active Bypass\"},\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Component\":\"Not Applicable\",\"Platform\":[{\"code\":\"PF009\",\"label\":\"Firmware\"}],\"Version\":\"1.0;3.0\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB24\",\"label\":\"Security Software\"}}]", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.4, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.2}, "published": "2018-06-16T21:18:20", "type": "ibm", "title": "Security Bulletin: IBM Security Proventia Network Active Bypass is affected by vulnerabilities in OpenSSL (CVE-2014-0224)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0224"], "modified": "2018-06-16T21:18:20", "id": "E7C680A93C62F0B55F2401C00071445427D43012DF7D06E7DC5A5AB3EC669708", "href": "https://www.ibm.com/support/pages/node/515201", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-12-30T21:52:09", "description": "## Summary\n\nA security vulnerability in ChangeCipherSpec processing allows intermediate nodes to intercept encrypted data and decrypt them and can force the use of weak keying material in SSL/TLS clients and servers.\n\n## Vulnerability Details\n\n**CVE ID:** [CVE-2014-0224](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224>) \n \n**DESCRIPTION:** \nAn attacker using a carefully crafted handshake can force the use of weak keying material in SSL/TLS clients and servers. This can be exploited by a Man-in-the-middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server. The attack can only be performed between a vulnerable client and a vulnerable server. \n \nCVSS Base Score: 5.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/93586> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N)\n\n## Affected Products and Versions\n\nWebSphere DataPower SOA Appliances all versions through 4.0.2.15, 5.0.0.14, 6.0.0.6, and 6.0.1.2. Note that version 7.0.0.0 is not affected.\n\n## Remediation/Fixes\n\nFix is available in versions 5.0.0.15, 6.0.0.7, and 6.0.1.3. Refer to [APAR IT02314](<http://www-01.ibm.com/support/docview.wss?uid=swg1IT02314>) for URLs to download the fix. Customers on DataPower firmware version 4.0.2 and later fix packs, contact customer support.\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\nJune 19 2014: Original version published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n[{\"Product\":{\"code\":\"SS9H2Y\",\"label\":\"IBM DataPower Gateway\"},\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud & Data Platform\"},\"Component\":\"General\",\"Platform\":[{\"code\":\"PF009\",\"label\":\"Firmware\"}],\"Version\":\"4.0.2;5.0.0;6.0.0;6.0.1\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}}]", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.4, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.2}, "published": "2018-06-15T07:00:52", "type": "ibm", "title": "Security Bulletin: Websphere DataPower vulnerability in SSL ChangeCipherSpec processing (CVE-2014-0224)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0224"], "modified": "2018-06-15T07:00:52", "id": "FE3BD282967A6B7E515961E80162D820AFB7A6484790830E840CF40337EF3235", "href": "https://www.ibm.com/support/pages/node/514271", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-02-10T00:00:00", "description": "## Summary\n\nSecurity vulnerability in OpenSSL\n\n## Vulnerability Details\n\n**CVEID: **CVE-2014-0224 \n \n**DESCRIPTION**: SSL/TLS MITM vulnerability \n \nAn attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. This can be exploited by a Man-in-the-middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server. \n \nThe attack can only be performed between a vulnerable client *and* server. OpenSSL clients are vulnerable in all versions of OpenSSL. SVC and Storwize systems use OpenSSL server functionality and some versions are vulnerable (see below). \n \n[_CVE-2014-0224_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224>) \nCVSS Base Score: 5.8 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/93586_](<http://xforce.iss.net/xforce/xfdb/93586>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N)\n\n## Affected Products and Versions\n\nIBM SAN Volume Controller \nIBM Storwize V7000 \nIBM Storwize V5000 \nIBM Storwize V3700 \nIBM Storwize V3500 \n \nAll products are affected when running code releases 6.4, 7.1, 7.2 and 7.3 except for versions 6.4.1.10, 7.1.0.10, 7.2.0.7 or 7.3.0.3 and above.\n\n## Remediation/Fixes\n\nFor IBM SAN Volume Controller, IBM Storwize V7000, V5000, V3700 and V3500, install the following code levels or higher: \n \n7.1.0.10 \n7.2.0.7 \n7.3.0.3 \n \n[_Latest SAN Volume Controller Code_](<http://www-01.ibm.com/support/docview.wss?rs=591&uid=ssg1S1001707>) \n[_Latest Storwize V7000 Code_](<http://www-01.ibm.com/support/docview.wss?uid=ssg1S1003705>) \n[_Latest Storwize V5000 Code_](<http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004336>) \n[_Latest Storwize V3700 Code_](<http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004172>) \n[_Latest Storwize V3500 Code_](<http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004171>)\n\n## Workarounds and Mitigations\n\nEnsure that all users who have access to the system are authenticated by another security system such as a firewall.\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Acknowledgement\n\nNone\n\n## Change History\n\n24 Jun 2014: First draft\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n[{\"Product\":{\"code\":\"ST3FR7\",\"label\":\"IBM Storwize V7000 (2076)\"},\"Business Unit\":{\"code\":\"BU054\",\"label\":\"Systems w\\/TPS\"},\"Component\":\"6.4\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"6.4;7.1;7.2;7.3\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"\",\"label\":\"\"}},{\"Product\":{\"code\":\"STHGUJ\",\"label\":\"IBM Storwize V5000 and V5100\"},\"Business Unit\":{\"code\":\"BU054\",\"label\":\"Systems w\\/TPS\"},\"Component\":\"Not Applicable\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"7.1;7.2;7.3\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"\",\"label\":\"\"}},{\"Product\":{\"code\":\"STLM5A\",\"label\":\"IBM Storwize V3700 (2072)\"},\"Business Unit\":{\"code\":\"BU054\",\"label\":\"Systems w\\/TPS\"},\"Component\":\"Not Applicable\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"6.4;7.1;7.2;7.3\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"\",\"label\":\"\"}},{\"Product\":{\"code\":\"STLM6B\",\"label\":\"IBM Storwize V3500 (2071)\"},\"Business Unit\":{\"code\":\"BU054\",\"label\":\"Systems w\\/TPS\"},\"Component\":\"Not Applicable\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"6.4;7.1;7.2;7.3\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"\",\"label\":\"\"}},{\"Product\":{\"code\":\"STPVGU\",\"label\":\"SAN Volume Controller\"},\"Business Unit\":{\"code\":\"BU054\",\"label\":\"Systems w\\/TPS\"},\"Component\":\"Not Applicable\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"6.4;7.1;7.2;7.3\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB26\",\"label\":\"Storage\"}}]", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.4, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.2}, "published": "2018-06-18T00:09:44", "type": "ibm", "title": "Security Bulletin: OpenSSL vulnerability in IBM SAN Volume Controller and Storwize Family (CVE-2014-0224)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0224"], "modified": "2018-06-18T00:09:44", "id": "D4D42F15E592E98F112EFA53B5158D86EA79E4A7294251AB7991615DF7CA6494", "href": "https://www.ibm.com/support/pages/node/689665", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-02-10T00:00:00", "description": "## Summary\n\nSecurity vulnerability in OpenSSL.\n\n## Vulnerability Details\n\n**CVEID: **CVE-2014-0224 \n \n**DESCRIPTION**: SSL/TLS MITM vulnerability \n \nAn attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. This can be exploited by a Man-in-the-middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server. \n \nThe attack can only be performed between a vulnerable client *and* server. OpenSSL clients are vulnerable in all versions of OpenSSL. Storwize V7000 Unified systems use OpenSSL server functionality and some versions are vulnerable (see below). \n \n[_CVE-2014-0224_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224>) \nCVSS Base Score: 5.8 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/93586_](<http://xforce.iss.net/xforce/xfdb/93586>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N)\n\n## Affected Products and Versions\n\nIBM Storwize V7000 Unified \n \nAll versions are affected when running code releases 1.3 and 1.4 except for versions 1.4.3.3 and above.\n\n## Remediation/Fixes\n\nFor IBM Storwize V7000 Unified install the following code levels or higher: \n1.5.0.0 \n1.4.3.3 \n \n[_Latest Storwize V7000 Unified Software_](<http://www-01.ibm.com/support/docview.wss?uid=ssg1S1003918&myns=s028&mynp=OCST5Q4U&mync=E>)\n\n## Workarounds and Mitigations\n\nEnsure that all users who have access to the system are authenticated by another security system such as a firewall\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Acknowledgement\n\nNone\n\n## Change History\n\n11 July 2014 : First Draft\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n## Internal Use Only\n\nPSIRT 1790\n\n[{\"Product\":{\"code\":\"ST5Q4U\",\"label\":\"IBM Storwize V7000 Unified (2073)\"},\"Business Unit\":{\"code\":\"BU058\",\"label\":\"IBM Infrastructure w\\/TPS\"},\"Component\":\"1.4\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"1.3;1.4\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"\",\"label\":\"\"}}]", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.4, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.2}, "published": "2018-06-18T00:08:14", "type": "ibm", "title": "Security Bulletin: OpenSSL vulnerability in IBM Storwize V7000 Unified (CVE-2014-0224)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0224"], "modified": "2018-06-18T00:08:14", "id": "C99D1694993A63B13B3DCDE59C9A05AD82DBBD904140AE1DFD691BB96CB5D0D2", "href": "https://www.ibm.com/support/pages/node/689765", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-12-30T21:49:58", "description": "## Summary\n\nSecurity vulnerabilities have been discovered in OpenSSL that were reported on June 5, 2014 by the OpenSSL Project.\n\n## Vulnerability Details\n\n[_CVE-2014-0224_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224>) \n \n**DESCRIPTION: **OpenSSL is vulnerable to a man-in-the-middle attack, caused by the use of weak keying material in SSL/TLS clients and servers. A remote attacker could exploit this vulnerability using a specially-crafted handshake to conduct man-in-the-middle attacks to decrypt and modify traffic. \n \nCVSS Base Score: 5.8 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/93586_](<http://xforce.iss.net/xforce/xfdb/93586>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N)\n\n## Affected Products and Versions\n\nAll TS3400 tape libraries with firmware version lower than 0042.\n\n## Remediation/Fixes\n\nApply firmware version 0042 or later, available from IBM Fix Central \n<http://www-933.ibm.com/support/fixcentral/>\n\n## Workarounds and Mitigations\n\nNone known.\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\nOff \n\n[__OpenSSL Project vulnerability website__](<http://www.openssl.org/news/vulnerabilities.html>)\n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Acknowledgement\n\nNone\n\n## Change History\n\n18 June 2014: Original Version Published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n[{\"Product\":{\"code\":\"STCDUHL\",\"label\":\"Tape systems->TS3400 Tape Library (3577)\"},\"Business Unit\":{\"code\":\"BU054\",\"label\":\"Systems w\\/TPS\"},\"Component\":\"Not Applicable\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"Version Independent\",\"Edition\":\"N\\/A\",\"Line of Business\":{\"code\":\"\",\"label\":\"\"}}]", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.4, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.2}, "published": "2018-06-18T00:08:04", "type": "ibm", "title": "Security Bulletin: TS3400 is affected by the following OpenSSL vulnerabilities: CVE-2014-0224", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0224"], "modified": "2018-06-18T00:08:04", "id": "2244436F502BD4ED1C081FDC68E7A71143D7F9B0E35067F1C1C77FB61470EC9B", "href": "https://www.ibm.com/support/pages/node/689639", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-01-16T19:28:00", "description": "## Summary\n\nSecurity vulnerabilities have been discovered in OpenSSL that were reported on June 5, 2014 by the OpenSSL Project. \n\n## Vulnerability Details\n\n**CVE-ID: **[_CVE-2014-0224_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224>) \n \n**DESCRIPTION: **OpenSSL is vulnerable to a man-in-the-middle attack, caused by the use of weak keying material in SSL/TLS clients and servers. A remote attacker could exploit this vulnerability using a specially-crafted handshake to conduct man-in-the-middle attacks to decrypt and modify traffic. \n \nCVSS Base Score: 5.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/93586_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/93586>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N)\n\n## Affected Products and Versions\n\nIBM Netezza Platform Software 6.0.8.17 and earlier \nIBM Netezza Platform Software 7.0.2.13 and earlier \nIBM Netezza Platform Software 7.0.4.5 and earlier \nIBM Netezza Platform Software 7.1.0.2 and earlier\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _Remediation/First Fix_ \n---|---|--- \n_IBM Netezza Platform Software_| _6.0.8.17-P1_| ([_Link to fix pack_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/Netezza+NPS+Software+and+Clients&release=NPS_6.0.8&platform=All&function=all>)) \n_IBM Netezza Platform Software_| _7.0.2.13-P1_| ([_Link to fix pack_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/Netezza+NPS+Software+and+Clients&release=NPS_7.0.2&platform=All&function=all>)) \n_IBM Netezza Platform Software_| _7.0.4.5-P1_| ([_Link to fix pack_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/Netezza+NPS+Software+and+Clients&release=NPS_7.0.4&platform=All&function=all>)) \n_IBM Netezza Platform Software_| _7.1.0.2-P1_| ([_Link to fix pack_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/Netezza+NPS+Software+and+Clients&release=NPS_7.1.0&platform=All&function=all>)) \n \n## Workarounds and Mitigations\n\nNone known\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\nOff \n\n[_OpenSSL Project vulnerability website_](<http://www.openssl.org/news/vulnerabilities.html>)\n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Acknowledgement\n\nNone\n\n## Change History\n\n31 July 2014: Original Version Published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n[{\"Product\":{\"code\":\"SSULQD\",\"label\":\"IBM PureData System\"},\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud & Data Platform\"},\"Component\":\"Not Applicable\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"1.0.0\",\"Edition\":\"All Editions\",\"Line of Business\":{\"code\":\"LOB10\",\"label\":\"Data and AI\"}}]", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.4, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.2}, "published": "2019-10-17T23:43:20", "type": "ibm", "title": "Security Bulletin: IBM Netezza Platform Software is affected by the following OpenSSL vulnerabilities: CVE-2014-0224", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0224"], "modified": "2019-10-17T23:43:20", "id": "DB1D092F7A9003CE3422469DC672EF5AA2F47316275AF699D295717C3F15DF23", "href": "https://www.ibm.com/support/pages/node/246537", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-01-01T21:52:43", "description": "## Summary\n\nSecurity vulnerabilities have been discovered in OpenSSL that were reported on June 5, 2014 by the OpenSSL Project.\n\n## Vulnerability Details\n\n**CVE-ID:** [CVE-2014-0224](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224>)\n\n**DESCRIPTION:** OpenSSL is vulnerable to a man-in-the-middle attack, caused by the use of weak keying material in SSL/TLS clients and servers. A remote attacker could exploit this vulnerability by using a specially-crafted handshake to conduct man-in-the-middle attacks to decrypt and modify traffic.\n\nCVSS Base Score: 5.8\n\n \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/93586_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/93586>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N) \n\n## Affected Products and Versions\n\nz/TPF 1.1.10 and earlier\n\n## Remediation/Fixes\n\n**Product**\n\n| **VRMF**| **APAR**| **Remediation/First Fix** \n---|---|---|--- \nz/TPF| 1.1.10 and earlier| PJ42340| Apply APAR \n \n## Workarounds and Mitigations\n\nNone known\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\nOff \n\n[OpenSSL Project vulnerability website](<https://www.openssl.org/news/vulnerabilities.html>) \n[TPF product maintenance web page](<http://www.ibm.com/software/htp/tpf/maint/maintztpf.html>)\n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Acknowledgement\n\nNone\n\n## Change History\n\n19 June 2014: Original Version \n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n[{\"Product\":{\"code\":\"SSZL53\",\"label\":\"TPF\"},\"Business Unit\":{\"code\":\"BU058\",\"label\":\"IBM Infrastructure w\\/TPS\"},\"Component\":\"z\\/TPF\",\"Platform\":[{\"code\":\"PF036\",\"label\":\"z\\/TPF\"}],\"Version\":\"1.1\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB35\",\"label\":\"Mainframe SW\"}}]", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.4, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.2}, "published": "2018-08-03T04:23:43", "type": "ibm", "title": "Security Bulletin: z/TPF is affected by the following OpenSSL vulnerability: CVE-2014-0224", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0224"], "modified": "2018-08-03T04:23:43", "id": "F6AFA8ACEF585CD43E06DE7164EBB8240A1255197762E88CB2BA50823C840FA9", "href": "https://www.ibm.com/support/pages/node/514031", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-01-16T19:28:00", "description": "## Summary\n\nSecurity vulnerabilities have been discovered in OpenSSL that were reported on June 5, 2014 by the OpenSSL Project. \n\n## Vulnerability Details\n\n**CVE ID**: [_CVE-2014-0224_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224>) \n \n**DESCRIPTION: ** \nOpenSSL is vulnerable to a man-in-the-middle attack, caused by the use of weak keying material in SSL/TLS clients and servers. A remote attacker could exploit this vulnerability using a specially crafted handshake to conduct man-in-the-middle attacks to decrypt and modify traffic. \n \nCVSS Base Score: 5.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/93586_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/93586>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N)\n\n## Affected Products and Versions\n\nIBM Sterling Connect:Enterprise for UNIX 2.5.00 through 2.5.0.3 iFix03 \nIBM Sterling Connect:Enterprise for UNIX 2.4.0 through 2.4.0.4\n\n## Remediation/Fixes\n\nApply the applicable maintenance packages listed in the table below: \n \n\n\n**_Fix*_**| **_VRMF_**| **_APAR_**| **_How to acquire fix_** \n---|---|---|--- \n_iFix04_| _2.5.0.3_| _N/A_| [_http://www-933.ibm.com/support/fixcentral/swg/identifyFixes?query.parent=ibm~Other%20software&query.product=ibm~Other%20software~Sterling%20Connect:Enterprise%20for%20UNIX&query.release=2.5.0&query.platform=All_](<http://www-933.ibm.com/support/fixcentral/swg/identifyFixes?query.parent=ibm~Other%20software&query.product=ibm~Other%20software~Sterling%20Connect:Enterprise%20for%20UNIX&query.release=2.5.0&query.platform=All>) \n_iFix 1_| _2.4.0.4_| _N/A_| [_https://www14.software.ibm.com/webapp/iwm/web/reg/signup.do?source=swg-SterlngLegacyreq&lang=en_US_](<https://www14.software.ibm.com/webapp/iwm/web/reg/signup.do?source=swg-SterlngLegacyreq&lang=en_US>) \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\nOff \n\n[_OpenSSL Project vulnerability website_](<http://www.openssl.org/news/vulnerabilities.html>)\n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Acknowledgement\n\nNone\n\n## Change History\n\n18 June 2014 : Original Copy Published \n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n[{\"Product\":{\"code\":\"SSFVK3\",\"label\":\"IBM Sterling Connect:Enterprise for UNIX\"},\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Component\":\"--\",\"Platform\":[{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF010\",\"label\":\"HP-UX\"},{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF027\",\"label\":\"Solaris\"}],\"Version\":\"2.5;2.4\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB02\",\"label\":\"AI Applications\"}}]", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.4, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.2}, "published": "2019-12-18T01:14:08", "type": "ibm", "title": "Security Bulletin: IBM Sterling Connect:Enterprise for UNIX affected by the following OpenSSL vulnerability (CVE-2014-0224).", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0224"], "modified": "2019-12-18T01:14:08", "id": "065C6267E33F60E263D9B7F689F432B3413883F6EF7A0BE4EDF4BB598847FCFA", "href": "https://www.ibm.com/support/pages/node/514427", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-12-30T21:49:24", "description": "## Summary\n\nA security vulnerability has been discovered in OpenSSL (shipped with IBM Rational Insight) that was reported on June 5, 2014 by the OpenSSL Project. A newer version of this library in made available for resolving this vulnerability.\n\n## Vulnerability Details\n\n| **Subscribe to My Notifications to be notified of important product support alerts like this.**\n\n * Follow [this link](<https://www.ibm.com/systems/support/myview/subscription/css.wss/subscriptions?methodName=startSearchToSubscribe&uctug_rational_dcfsbblurb_2013-11-05_myn_adoption_promo>) for more information (requires login with your IBM ID) \n---|--- \n \n**CVE ID:** [CVE-2014-0224](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0224>) \n \n**Description: **OpenSSL is vulnerable to a man-in-the-middle attack, caused by the use of weak keying material in SSL/TLS clients and servers. A remote attacker could exploit this vulnerability using a specially-crafted handshake to conduct man-in-the-middle attacks to decrypt and modify traffic. \n \n**CVSS Base Score:** 5.8 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/93586> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:M/Au:N/C:P/I:P/A:N) \n\n## Affected Products and Versions\n\nRational Insight 1.0.1, 1.0.1 iFix1, 1.0.1.1, 1.1, 1.1.1, 1.1.1.1, 1.1.1.2, 1.1.1.3 and 1.1.1.4\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the recommended fixes to all affected versions of Rational Insight as soon as practical.[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035869>) \n \n**Rational Insight 1.0.1, 1.0.1 iFix1 and 1.0.1.1 ** \n \n\n\n * Download and install the Cognos Business Intelligence 8.4.1 Interim Fix 6. Review document [4037867: Cognos Business Intelligence 8.4.1 interim fixes address a security vulnerability](<http://www.ibm.com/support/docview.wss?uid=swg24037867>) for the detailed instructions.\n \n \n**Rational Insight 1.1, 1.1.1, 1.1.1.1 and 1.1.1.2 ** \n \n\n\n * Download and install the Cognos Business Intelligence 10.1.1 Interim Fix 7. Review document [4037974: Cognos Business Intelligence 10.1.x interim fixes address a security vulnerability](<http://www.ibm.com/support/docview.wss?uid=swg24037974>) for the detailed instructions. \n \n**Note:** The Cognos fix package is installed into the **cognos** subdirectory of the Insight installation.\n \n \n[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035869>)**Rational Insight 1.1.1.3**** ****and 1.1.1.4** \n \n\n\n * Download and install the Cognos Business Intelligence 10.2.1 Interim Fix 6. Review document [4037870: Cognos Business Intelligence 10.2.x interim fixes address a security vulnerability](<http://www.ibm.com/support/docview.wss?uid=swg24037870>) for the detailed instructions. \n \n**Note:** The Cognos fix package is installed into the **cognos** subdirectory of the Insight installation.\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Acknowledgement\n\nNone\n\n## Change History\n\n* 21 July 2014: Revised with new patch information for some releases. \n* 14 July 2014: Original copy published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n## Internal Use Only\n\nAdvisory # 1790 Record # 39369\n\n[{\"Product\":{\"code\":\"SSRL5J\",\"label\":\"Rational Insight\"},\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud & Data Platform\"},\"Component\":\"General Information\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF033\",\"label\":\"Windows\"}],\"Version\":\"1.0.1;1.0.1.1;1.1;1.1.1;1.1.1.1;1.1.1.2;1.1.1.3;1.1.1.4\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}}]", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.4, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.2}, "published": "2018-06-17T04:55:09", "type": "ibm", "title": "Security Bulletin: Rational Insight is affected by OpenSSL vulnerability (CVE-2014-0224)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0224"], "modified": "2018-06-17T04:55:09", "id": "DBE2C597A340BB7900131FBD56B9725ABD555479F4A26F00BC0341CBA4E926B2", "href": "https://www.ibm.com/support/pages/node/514077", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-05-22T07:36:52", "description": "## Summary\n\nIBM Cognos Business Intelligence is shipped as a component of IBM Cognos Controller. Information about a security vulnerability affecting IBM Cognos Business Intelligence has been published in a security bulletin.\n\n## Vulnerability Details\n\nPlease consult the [Security Bulletin: IBM Cognos BI Server is affected by the following OpenSSL vulnerability: CVE-2014-0224](<http://www.ibm.com/support/docview.wss?uid=swg21680511>) for vulnerability details.\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product and Version \n---|--- \nIBM Cognos Controller 10.2.0.x \nIBM Cognos Controller 10.1.1.x \nIBM Cognos Controller 10.1.x \nIBM Cognos Controller 8.5.1.x| IBM Cognos Business Intelligence 10.2.1.2 \nIBM Cognos Business Intelligence 10.1.1 \nIBM Cognos Business Intelligence 10.1 \nIBM Cognos Business Intelligence 8.4.1 \n \n## Remediation/Fixes\n\nDownload the fix for the corresponding version of IBM Cognos Business intelligence and apply the fix on top of your IBM Cognos Controller installation. The fix will update the necessary files without affecting IBM Cognos Controller. \n \n**Note:** The installation of the fix for IBM Cognos Controller 10.2.0.x has a prerequisite. When you apply the fix to IBM Cognos Controller 10.2.0.x you must first download and install the IBM Cognos Business Intelligence 10.2.1.2 Fix Pack.\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n[{\"Product\":{\"code\":\"SS9S6B\",\"label\":\"IBM Cognos Controller\"},\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Component\":\"Controller\",\"Platform\":[{\"code\":\"PF033\",\"label\":\"Windows\"}],\"Version\":\"10.2.0;10.1.1;10.1;8.5.1\",\"Edition\":\"All Editions\",\"Line of Business\":{\"code\":\"LOB10\",\"label\":\"Data and AI\"}}]", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2018-06-15T22:32:20", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM Cognos Business Intelligence shipped with IBM Cognos Controller 8.5.1.x, 10.1.x. 10.1.1.x, and 10.2.0.x (CVE-2014-0224).", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0224"], "modified": "2018-06-15T22:32:20", "id": "777F0F4D068445CD2731DBBEDCB91CDA67C414E34826465D084D57BB6B054DF3", "href": "https://www.ibm.com/support/pages/node/245855", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-03-18T23:42:56", "description": "## Summary\n\nIBM WebSphere MQ, IBM Websphere Message Broker and IBM Integration Bus are shipped as components of IBM Predictive Maintenance and Quality. Information about security vulnerabilities affecting IBM WebSphere MQ, IBM Websphere Message Broker and IBM Integration Bus has been published in security bulletins. \n\n\n## Vulnerability Details\n\nPlease consult the security bulletin in [WebSphere MQ is affected by the following OpenSSL vulnerabilities](<http://www.ibm.com/support/docview.wss?uid=swg21676496>) for vulnerability details. \n \n \nPlease consult the security bulletin [IBM Websphere Message Broker and IBM Integration Bus are affected by SSL Vulnerability in DataDirect ODBC drivers](<http://www.ibm.com/support/docview.wss?uid=swg21677891>) for vulnerability details. \n \n\n\n## Affected Products and Versions\n\nAffected Product and Version(s)\n\n| Product and Version shipped as a component \n---|--- \nIBM Predictive Maintenance and Quality 1.0| IBM WebSphere MQ V 7.5 \nIBM Websphere Message Broker V8.0 \nIBM Predictive Maintenance and Quality 2.0| IBM WebSphere MQ V 7.5.0.3 \nIBM Integration Bus V9.0 \n \n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n25 September 2014: Original Version Published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n[{\"Product\":{\"code\":\"SSTNNL\",\"label\":\"Predictive Maintenance and Quality\"},\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Component\":\"--\",\"Platform\":[{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF010\",\"label\":\"HP-UX\"},{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF027\",\"label\":\"Solaris\"},{\"code\":\"PF033\",\"label\":\"Windows\"}],\"Version\":\"2.0;1.0\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB02\",\"label\":\"AI Applications\"}}]", "cvss3": {}, "published": "2018-06-15T22:33:16", "type": "ibm", "title": "Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere MQ (CVE-2014-0224, CVE-2014-3470), Websphere Message Broker and IBM Integration Bus (CVE-2014-0224) shipped with Predictive Maintenance and Quality", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2014-0224", "CVE-2014-3470"], "modified": "2018-06-15T22:33:16", "id": "0D459600B092B85E783E0A6371C3E1BFEDCD18BC648ACAA512F5FB9EF050A910", "href": "https://www.ibm.com/support/pages/node/251861", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-12-30T21:51:48", "description": "## Summary\n\nA security vulnerability has been discovered in OpenSSL.\n\n## Vulnerability Details\n\n**CVE-ID: **[_CVE-2014-0_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160>)[](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160>)[](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160>)[](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160>)_224_ \n \n \n\n\n**DESCRIPTION: **An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. This can be exploited by a Man-in-the-middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server. The attack can only be performed between a vulnerable client *and* server. OpenSSL clients are vulnerable in all versions of OpenSSL. Servers are only known to be vulnerable in OpenSSL 1.0.1 and 1.0.2-beta1. Users of OpenSSL servers earlier than 1.0.1 are advised to upgrade as a precaution.\n\nCVSS Base Score: 5.8\n\n \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/93586> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N)[](<http://xforce.iss.net/xforce/xfdb/92322>)\n\n## Affected Products and Versions\n\nIBM SDN VE, Unified Controller, VMware Edition: 1.0.0 \nIBM SDN VE, Unified Controller, KVM Edition: 1.0.0 \nIBM SDN VE, Unified Controller, OpenFlow Edition: 1.0.0 \nIBM SDN VE, Dove Management Console, VMware Edition: 1.0.0 \nIBM SDN VE, Unified Controller, VMware Edition: 1.0.1 \nIBM SDN VE, Unified Controller, KVM Edition: 1.0.1 \nIBM SDN VE, Unified Controller, OpenFlow Edition: 1.0.1 \nIBM SDN VE, Dove Management Console, VMware Edition: 1.0.1\n\n## Remediation/Fixes\n\nIBM recommends updating affected IBM SDN VE, Unified Controllers to the latest versions of IBM SDN VE for which IBM is providing a fix, which are identified below: \n \nIBM SDN VE, Unified Controller, VMware Edition: version 1.0.2 or later \nIBM SDN VE, Unified Controller, KVM Edition: version 1.0.2 or later \nIBM SDN VE, Unified Controller, OpenFlow Edition: version 1.0.2 or later \n**These versions are available via Passport Advantage.**\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\nSecurityBulletin_IBM-SDN-VE_CVE-2014-0224.pdf\n\n[{\"Product\":{\"code\":\"SGFUE4\",\"label\":\"IBM Software Defined Network for Virtual Environments\"},\"Business Unit\":{\"code\":\"BU054\",\"label\":\"Systems w\\/TPS\"},\"Component\":\"--\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"1.0\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"\",\"label\":\"\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2018-06-18T01:25:51", "type": "ibm", "title": "Security Bulletin: IBM SDN for Virtual Environments is affected by a vulnerability\nin OpenSSL (CVE-2014-0224)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0160", "CVE-2014-0224"], "modified": "2018-06-18T01:25:51", "id": "DD6D1ADB4E0823703EC8B875E430BC4DA6EC03FE4D9BEBF09A0A0BA75C5488A1", "href": "https://www.ibm.com/support/pages/node/679283", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}], "openvas": [{"lastseen": "2019-10-02T15:18:44", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-06-09T00:00:00", "type": "openvas", "title": "CentOS Update for openssl CESA-2014:0624 centos5", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0224"], "modified": "2019-10-02T00:00:00", "id": "OPENVAS:1361412562310881943", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881943", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for openssl CESA-2014:0624 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.881943\");\n script_version(\"2019-10-02T07:08:50+0000\");\n script_tag(name:\"last_modification\", value:\"2019-10-02 07:08:50 +0000 (Wed, 02 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2014-06-09 12:27:31 +0530 (Mon, 09 Jun 2014)\");\n script_cve_id(\"CVE-2014-0224\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_name(\"CentOS Update for openssl CESA-2014:0624 centos5\");\n\n script_tag(name:\"affected\", value:\"openssl on CentOS 5\");\n script_tag(name:\"insight\", value:\"OpenSSL is a toolkit that implements the Secure Sockets Layer\n(SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nIt was found that OpenSSL clients and servers could be forced, via a\nspecially crafted handshake packet, to use weak keying material for\ncommunication. A man-in-the-middle attacker could use this flaw to decrypt\nand modify traffic between a client and a server. (CVE-2014-0224)\n\nNote: In order to exploit this flaw, both the server and the client must be\nusing a vulnerable version of OpenSSL the server must be using OpenSSL\nversion 1.0.1 and above, and the client must be using any version of\nOpenSSL. Please see the references for more information about this flaw.\n\nRed Hat would like to thank the OpenSSL project for reporting this issue.\nUpstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter\nof this issue.\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at the linked references.\n\n5. Bugs fixed:\n\n1103586 - CVE-2014-0224 openssl: SSL/TLS MITM vulnerability\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 5 client):\n\nSource:\nopenssl-0.9.8e-27.el5_10.3.src.rpm\n\ni386:\nopenssl-0.9.8e-27.el5_10.3.i386.rpm\nopenssl-0.9.8e-27.el5_10.3.i686.rpm\nopenssl-debuginfo-0.9.8e-27.el5_10.3.i386.rpm\nopenssl-debuginfo-0.9.8e-27.el5_10.3.i686.rpm\nopenssl-perl-0.9.8e-27.el5_10.3.i386.rpm\n\nx86_64:\nopenssl-0.9.8e-27.el5_10.3.i686.rpm\nopenssl-0.9.8e-27.el5_10.3.x86_64.rpm\nopenssl-debuginfo-0.9.8e-27.el5_10.3.i686.rpm\nopenssl-debuginfo-0.9.8e-27.el5_10.3.x86_64.rpm\nopenssl-perl-0.9.8e-27.el5_10.3.x86_64.rpm\n\nRHEL Desktop Workstation (v. 5 client):\n\nSource:\nopenssl-0.9.8e-27.el5_10.3.src.rpm\n\ni386:\nopenssl-debuginfo-0.9.8e-27.el5_10.3.i386.rpm\nopenssl-devel-0.9.8e-27.el5_10.3.i386.rpm\n\nx86_64:\nopenssl-debuginfo-0.9.8e-27.el5_10.3.i386.rp ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"CESA\", value:\"2014:0624\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2014-June/020347.html\");\n script_xref(name:\"URL\", value:\"https://access.redhat.com/site/articles/11258\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_xref(name:\"URL\", value:\"https://access.redhat.com/site/articles/904433\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~0.9.8e~27.el5_10.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~0.9.8e~27.el5_10.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~0.9.8e~27.el5_10.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-04-07T16:39:04", "description": "OpenSSL is prone to security-bypass vulnerability.\n\n This NVT has been merged into the NVT ", "cvss3": {}, "published": "2014-06-10T00:00:00", "type": "openvas", "title": "OpenSSL CCS Man in the Middle Security Bypass Vulnerability (STARTTLS Check)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0224"], "modified": "2020-04-02T00:00:00", "id": "OPENVAS:1361412562310105043", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310105043", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# OpenSSL CCS Man in the Middle Security Bypass Vulnerability (STARTTLS Check)\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.105043\");\n script_version(\"2020-04-02T11:36:28+0000\");\n script_bugtraq_id(67899);\n script_cve_id(\"CVE-2014-0224\");\n script_name(\"OpenSSL CCS Man in the Middle Security Bypass Vulnerability (STARTTLS Check)\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-04-02 11:36:28 +0000 (Thu, 02 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2014-06-10 17:18:54 +0200 (Tue, 10 Jun 2014)\");\n script_category(ACT_ATTACK);\n script_family(\"General\");\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/67899\");\n\n script_tag(name:\"impact\", value:\"Successfully exploiting this issue may allow attackers to obtain\n sensitive information by conducting a man-in-the-middle attack. This\n may lead to other attacks.\");\n\n script_tag(name:\"vuldetect\", value:\"Send two SSL ChangeCipherSpec request and check the response.\");\n\n script_tag(name:\"insight\", value:\"OpenSSL does not properly restrict processing of ChangeCipherSpec\n messages, which allows man-in-the-middle attackers to trigger use of a\n zero-length master key in certain OpenSSL-to-OpenSSL communications, and\n consequently hijack sessions or obtain sensitive information, via a crafted\n TLS handshake, aka the 'CCS Injection' vulnerability.\");\n\n script_tag(name:\"solution\", value:\"Updates are available.\");\n\n script_tag(name:\"summary\", value:\"OpenSSL is prone to security-bypass vulnerability.\n\n This NVT has been merged into the NVT 'OpenSSL CCS Man in the Middle Security Bypass Vulnerability' (OID: 1.3.6.1.4.1.25623.1.0.105042).\");\n\n script_tag(name:\"affected\", value:\"OpenSSL before 0.9.8za,\n 1.0.0 before 1.0.0m and\n 1.0.1 before 1.0.1h\");\n\n script_tag(name:\"qod_type\", value:\"remote_analysis\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"deprecated\", value:TRUE);\n\n exit(0);\n}\n\nexit( 66 );\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-03-17T23:01:03", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "cvss3": {}, "published": "2015-09-08T00:00:00", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2014-351)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0224"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310120310", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120310", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120310\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:23:18 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2014-351)\");\n script_tag(name:\"insight\", value:\"It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. (CVE-2014-0224 )\");\n script_tag(name:\"solution\", value:\"Run yum update openssl097a to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2014-351.html\");\n script_cve_id(\"CVE-2014-0224\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"openssl097a\", rpm:\"openssl097a~0.9.7a~12.1.9.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl097a-debuginfo\", rpm:\"openssl097a-debuginfo~0.9.7a~12.1.9.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2019-10-02T15:18:27", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-06-09T00:00:00", "type": "openvas", "title": "CentOS Update for openssl097a CESA-2014:0626 centos5", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0224"], "modified": "2019-10-02T00:00:00", "id": "OPENVAS:1361412562310881939", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881939", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for openssl097a CESA-2014:0626 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.881939\");\n script_version(\"2019-10-02T07:08:50+0000\");\n script_tag(name:\"last_modification\", value:\"2019-10-02 07:08:50 +0000 (Wed, 02 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2014-06-09 12:07:23 +0530 (Mon, 09 Jun 2014)\");\n script_cve_id(\"CVE-2014-0224\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_name(\"CentOS Update for openssl097a CESA-2014:0626 centos5\");\n\n script_tag(name:\"affected\", value:\"openssl097a on CentOS 5\");\n script_tag(name:\"insight\", value:\"OpenSSL is a toolkit that implements the Secure Sockets Layer\n(SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nIt was found that OpenSSL clients and servers could be forced, via a\nspecially crafted handshake packet, to use weak keying material for\ncommunication. A man-in-the-middle attacker could use this flaw to decrypt\nand modify traffic between a client and a server. (CVE-2014-0224)\n\nNote: In order to exploit this flaw, both the server and the client must be\nusing a vulnerable version of OpenSSL the server must be using OpenSSL\nversion 1.0.1 and above, and the client must be using any version of\nOpenSSL. Please see the references for more information about this flaw.\n\nRed Hat would like to thank the OpenSSL project for reporting this issue.\nUpstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter\nof this issue.\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at the\nlinked references.\n\n5. Bugs fixed:\n\n1103586 - CVE-2014-0224 openssl: SSL/TLS MITM vulnerability\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 5 client):\n\nSource:\nopenssl097a-0.9.7a-12.el5_10.1.src.rpm\n\ni386:\nopenssl097a-0.9.7a-12.el5_10.1.i386.rpm\nopenssl097a-debuginfo-0.9.7a-12.el5_10.1.i386.rpm\n\nx86_64:\nopenssl097a-0.9.7a-12.el5_10.1.i386.rpm\nopenssl097a-0.9.7a-12.el5_10.1.x86_64.rpm\nopenssl097a-debuginfo-0.9.7a-12.el5_10.1.i386.rpm\nopenssl097a-debuginfo-0.9.7a-12.el5_10.1.x86_64.rpm\n\nRed Hat Enterprise Linux (v. 5 server):\n\nSource:\nopenssl097a-0.9.7a-12.el5_10.1.src.rpm\n\ni386:\nopenssl097a-0.9.7a-12.el5_10.1.i386.rpm\nopenssl097a-debuginfo-0.9.7a-12.el5_10.1.i386.rpm\n\nia64:\nopenssl097a-0.9.7a-12.el5_10.1.i386.rpm\nopenssl097a-0.9.7a-12.el5_10.1.ia64.rpm\nopenssl097a-debuginfo-0.9.7a-12.el5_10.1.i386.rpm\nopenssl097a-debuginfo-0.9.7a-12.el5_10.1.ia6 ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"CESA\", value:\"2014:0626\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2014-June/020346.html\");\n script_xref(name:\"URL\", value:\"https://access.redhat.com/site/articles/11258\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl097a'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_xref(name:\"URL\", value:\"https://access.redhat.com/site/articles/904433\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl097a\", rpm:\"openssl097a~0.9.7a~12.el5_10.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2019-10-02T15:18:58", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-06-09T00:00:00", "type": "openvas", "title": "RedHat Update for openssl RHSA-2014:0624-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0224"], "modified": "2019-10-02T00:00:00", "id": "OPENVAS:1361412562310871174", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871174", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for openssl RHSA-2014:0624-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871174\");\n script_version(\"2019-10-02T07:08:50+0000\");\n script_tag(name:\"last_modification\", value:\"2019-10-02 07:08:50 +0000 (Wed, 02 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2014-06-09 16:06:14 +0530 (Mon, 09 Jun 2014)\");\n script_cve_id(\"CVE-2014-0224\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_name(\"RedHat Update for openssl RHSA-2014:0624-01\");\n\n\n script_tag(name:\"affected\", value:\"openssl on Red Hat Enterprise Linux (v. 5 server)\");\n script_tag(name:\"insight\", value:\"OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nIt was found that OpenSSL clients and servers could be forced, via a\nspecially crafted handshake packet, to use weak keying material for\ncommunication. A man-in-the-middle attacker could use this flaw to decrypt\nand modify traffic between a client and a server. (CVE-2014-0224)\n\nNote: In order to exploit this flaw, both the server and the client must be\nusing a vulnerable version of OpenSSL the server must be using OpenSSL\nversion 1.0.1 and above, and the client must be using any version of\nOpenSSL. For more information about this flaw, Hat would like to thank the OpenSSL project for reporting this issue.\nUpstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter\nof this issue.\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at the references.\n\n5. Bugs fixed:\n\n1103586 - CVE-2014-0224 openssl: SSL/TLS MITM vulnerability\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 5 client):\n\nSource:\nopenssl-0.9.8e-27.el5_10.3.src.rpm\n\ni386:\nopenssl-0.9.8e-27.el5_10.3.i386.rpm\nopenssl-0.9.8e-27.el5_10.3.i686.rpm\nopenssl-debuginfo-0.9.8e-27.el5_10.3.i386.rpm\nopenssl-debuginfo-0.9.8e-27.el5_10.3.i686.rpm\nopenssl-perl-0.9.8e-27.el5_10.3.i386.rpm\n\nx86_64:\nopenssl-0.9.8e-27.el5_10.3.i686.rpm\nopenssl-0.9.8e-27.el5_10.3.x86_64.rpm\nopenssl-debuginfo-0.9.8e-27.el5_10.3.i686.rpm\nopenssl-debuginfo-0.9.8e-27.el5_10.3.x86_64.rpm\nopenssl-perl-0.9.8e-27.el5_10.3.x86_64.rpm\n\nRHEL Desktop Workstation (v. 5 client):\n\nSource:\nopenssl-0.9.8e-27.el5_10.3.src.rpm\n\ni386:\nopenssl-debuginfo-0.9.8e-27.el5_10.3.i386.rpm\nopenssl-devel-0.9.8e-27.el5_10.3.i386.rpm\n\nx86_64:\nopenssl-debugi ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"RHSA\", value:\"2014:0624-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2014-June/msg00008.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_5\");\n\n script_xref(name:\"URL\", value:\"https://access.redhat.com/site/articles/904433\");\n script_xref(name:\"URL\", value:\"https://access.redhat.com/site/articles/11258\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~0.9.8e~27.el5_10.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-debuginfo\", rpm:\"openssl-debuginfo~0.9.8e~27.el5_10.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~0.9.8e~27.el5_10.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~0.9.8e~27.el5_10.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2019-10-02T15:17:22", "description": "Junos OS is prone to a OpenSSL man in the middle security\nbypass vulnerability.", "cvss3": {}, "published": "2015-01-23T00:00:00", "type": "openvas", "title": "Junos SSL/TLS MITM Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0224"], "modified": "2019-10-02T00:00:00", "id": "OPENVAS:1361412562310105946", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310105946", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Junos SSL/TLS MITM Vulnerability\n#\n# Authors:\n# Christian Kuersteiner <christian.kuersteiner@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = 'cpe:/o:juniper:junos';\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.105946\");\n script_cve_id(\"CVE-2014-0224\");\n script_bugtraq_id(67899);\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_version(\"2019-10-02T07:08:50+0000\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Junos SSL/TLS MITM Vulnerability\");\n\n script_xref(name:\"URL\", value:\"http://kb.juniper.net/JSA10629\");\n\n script_tag(name:\"summary\", value:\"Junos OS is prone to a OpenSSL man in the middle security\nbypass vulnerability.\");\n\n script_tag(name:\"impact\", value:\"An attacker may leverage a MITM attack and decrypt and modify\ntraffic from attacked client and server. The attack can only be performed between a vulnerable client\nand server.\");\n\n script_tag(name:\"insight\", value:\"An attacker using a carefully crafted handshake can force the\nuse of weak keying material in OpenSSL SSL/TLS clients and servers which can be exploited to perform\na man in the middle attack.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable OS build is present on the target host.\");\n script_tag(name:\"solution\", value:\"New builds of Junos OS software are available from Juniper.\");\n script_tag(name:\"affected\", value:\"Junos OS 11.4, 12.1, 12.2, 12.3, 13.1, 13.2 and 13.3\");\n\n script_tag(name:\"last_modification\", value:\"2019-10-02 07:08:50 +0000 (Wed, 02 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2015-01-23 10:23:01 +0700 (Fri, 23 Jan 2015)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"JunOS Local Security Checks\");\n script_copyright(\"This script is Copyright (C) 2015 Greenbone Networks GmbH\");\n script_dependencies(\"gb_ssh_junos_get_version.nasl\", \"gb_junos_snmp_version.nasl\");\n script_mandatory_keys(\"Junos/Version\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"revisions-lib.inc\");\n\nif (!version = get_app_version(cpe: CPE, nofork: TRUE))\n exit(0);\n\nif (revcomp(a:version, b:\"11.4R12-S1\") < 0) {\n security_message(port:0, data:version);\n exit(0);\n}\n\nif (version =~ \"^12\") {\n if (revcomp(a:version, b:\"12.1X44-D40\") < 0) {\n security_message(port:0, data:version);\n exit(0);\n }\n else if ((revcomp(a:version, b:\"12.1X46-D20\") < 0) &&\n (revcomp(a:version, b:\"12.1X46\") >= 0)) {\n security_message(port:0, data:version);\n exit(0);\n }\n else if ((revcomp(a:version, b:\"12.1X47-D15\") < 0) &&\n (revcomp(a:version, b:\"12.1X47\") >= 0)) {\n security_message(port:0, data:version);\n exit(0);\n }\n else if ((revcomp(a:version, b:\"12.2R9\") < 0) &&\n (revcomp(a:version, b:\"12.2\") >= 0)) {\n security_message(port:0, data:version);\n exit(0);\n }\n else if ((revcomp(a:version, b:\"12.3R8\") < 0) &&\n (revcomp(a:version, b:\"12.3\") >= 0)) {\n security_message(port:0, data:version);\n exit(0);\n }\n}\n\nif (version =~ \"^13\") {\n if (revcomp(a:version, b:\"13.1R4-S2\") < 0) {\n security_message(port:0, data:version);\n exit(0);\n }\n else if ((revcomp(a:version, b:\"13.2R5\") < 0) &&\n (revcomp(a:version, b:\"13.2\") >= 0)) {\n security_message(port:0, data:version);\n exit(0);\n }\n else if ((revcomp(a:version, b:\"13.3R2-S3\") < 0) &&\n (revcomp(a:version, b:\"13.3\") >= 0)) {\n security_message(port:0, data:version);\n exit(0);\n }\n}\n\nexit(99);\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-04-30T18:48:38", "description": "A potential security vulnerability has been identified with HP BladeSystem\n c-Class Onboard Administrator (OA) running OpenSSL. This vulnerability could be exploited\n remotely to allow the disclosure of information.", "cvss3": {}, "published": "2014-07-04T00:00:00", "type": "openvas", "title": "HP Onboard Administrator < 4.22 Information Disclosure Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0224"], "modified": "2020-04-28T00:00:00", "id": "OPENVAS:1361412562310105056", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310105056", "sourceData": "# Copyright (C) 2014 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from the referenced\n# advisories, and are Copyright (C) by the respective right holder(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = \"cpe:/a:hp:onboard_administrator\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.105056\");\n script_version(\"2020-04-28T08:39:12+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-28 08:39:12 +0000 (Tue, 28 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2014-07-04 10:53:22 +0200 (Fri, 04 Jul 2014)\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n\n script_cve_id(\"CVE-2014-0224\");\n script_bugtraq_id(67899);\n\n script_name(\"HP Onboard Administrator < 4.22 Information Disclosure Vulnerability\");\n\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/67899\");\n script_xref(name:\"URL\", value:\"http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04351097-1%257CdocLocale%253D%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken\");\n\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_family(\"Web application abuses\");\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_dependencies(\"gb_hp_onboard_administrator_detect.nasl\");\n script_mandatory_keys(\"hp/onboard_administrator/detected\");\n\n script_tag(name:\"impact\", value:\"Successfully exploiting this issue may allow attackers to obtain\n sensitive information by conducting a man-in-the-middle attack. This may lead to other attacks.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"solution\", value:\"Update to version 4.22 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"summary\", value:\"A potential security vulnerability has been identified with HP BladeSystem\n c-Class Onboard Administrator (OA) running OpenSSL. This vulnerability could be exploited\n remotely to allow the disclosure of information.\");\n\n script_tag(name:\"affected\", value:\"Onboard Administrator versions prior to 4.22.\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( ! port = get_app_port( cpe:CPE ) )\n exit( 0 );\n\nif( ! vers = get_app_version( cpe:CPE, port:port ) )\n exit( 0 );\n\nif( version_is_less( version:vers, test_version:\"4.22\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"4.22\" );\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2019-10-02T15:18:01", "description": "Oracle Linux Local Security Checks ELSA-2014-0626", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2014-0626", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0224"], "modified": "2019-10-02T00:00:00", "id": "OPENVAS:1361412562310123402", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123402", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123402\");\n script_version(\"2019-10-02T07:08:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:03:20 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"2019-10-02 07:08:50 +0000 (Wed, 02 Oct 2019)\");\n script_name(\"Oracle Linux Local Check: ELSA-2014-0626\");\n script_tag(name:\"insight\", value:\"ELSA-2014-0626 - openssl097a and openssl098e security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2014-0626\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2014-0626.html\");\n script_cve_id(\"CVE-2014-0224\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(5|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"openssl097a\", rpm:\"openssl097a~0.9.7a~12.el5_10.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"openssl098e\", rpm:\"openssl098e~0.9.8e~18.0.1.el6_5.2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-03-17T23:01:04", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "cvss3": {}, "published": "2015-09-08T00:00:00", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2014-350)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0224"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310120311", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120311", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120311\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:23:19 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2014-350)\");\n script_tag(name:\"insight\", value:\"It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. (CVE-2014-0224 )\");\n script_tag(name:\"solution\", value:\"Run yum update openssl098e to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2014-350.html\");\n script_cve_id(\"CVE-2014-0224\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"openssl098e-debuginfo\", rpm:\"openssl098e-debuginfo~0.9.8e~18.2.13.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl098e\", rpm:\"openssl098e~0.9.8e~18.2.13.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2019-10-02T15:16:53", "description": "Oracle Linux Local Security Checks ELSA-2014-0624", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2014-0624", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0224"], "modified": "2019-10-02T00:00:00", "id": "OPENVAS:1361412562310123401", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123401", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123401\");\n script_version(\"2019-10-02T07:08:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:03:19 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"2019-10-02 07:08:50 +0000 (Wed, 02 Oct 2019)\");\n script_name(\"Oracle Linux Local Check: ELSA-2014-0624\");\n script_tag(name:\"insight\", value:\"ELSA-2014-0624 - openssl security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2014-0624\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2014-0624.html\");\n script_cve_id(\"CVE-2014-0224\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~0.9.8e~27.el5_10.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~0.9.8e~27.el5_10.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~0.9.8e~27.el5_10.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2019-12-06T16:43:05", "description": "There is an OpenSSL vulnerability that could allow an attacker to decrypt\nand modify traffic from a vulnerable client and server.", "cvss3": {}, "published": "2014-12-03T00:00:00", "type": "openvas", "title": "IBM Endpoint Manager 9.1 OpenSSL Man in the Middle Security Bypass Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0224"], "modified": "2019-12-05T00:00:00", "id": "OPENVAS:1361412562310105129", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310105129", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# IBM Endpoint Manager 9.1 OpenSSL Man in the Middle Security Bypass Vulnerability\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:ibm:tivoli_endpoint_manager\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.105129\");\n script_bugtraq_id(67899);\n script_cve_id(\"CVE-2014-0224\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_version(\"2019-12-05T15:10:00+0000\");\n\n script_name(\"IBM Endpoint Manager 9.1 OpenSSL Man in the Middle Security Bypass Vulnerability\");\n\n script_xref(name:\"URL\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21677842\");\n\n script_tag(name:\"impact\", value:\"Successfully exploiting this issue may allow attackers to obtain\nsensitive information by conducting a man-in-the-middle attack. This may lead to other attacks.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"An OpenSSL advisory was announced on June 5, 2014 in several versions\nof OpenSSL. Several vulnerabilities were detailed in this advisory. One affects IBM Endpoint Manager 9.1 --\nthe ChangeCipherSpec (CCS) Injection Vulnerability. This vulnerability can be exploited by a Man-in-the-middle\n(MITM) attack allowing an attacker to eavesdrop and make falsifications between Root Server, Web Reports, Relay,\nand Proxy Agent communications. An eavesdropping attacker can obtain console login credentials.\");\n\n script_tag(name:\"solution\", value:\"Upgrade all components to version 9.1.1117.\");\n\n script_tag(name:\"summary\", value:\"There is an OpenSSL vulnerability that could allow an attacker to decrypt\nand modify traffic from a vulnerable client and server.\");\n\n script_tag(name:\"affected\", value:\"IBM Endpoint Manager 9.1 (9.1.1065, 9.1.1082, and 9.1.1088) are the only\naffected versions. Previous versions are not affected.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"last_modification\", value:\"2019-12-05 15:10:00 +0000 (Thu, 05 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2014-12-03 13:45:19 +0100 (Wed, 03 Dec 2014)\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_family(\"Web application abuses\");\n script_copyright(\"This script is Copyright (C) 2014 Greenbone Networks GmbH\");\n script_dependencies(\"gb_ibm_endpoint_manager_web_detect.nasl\");\n script_require_ports(\"Services/www\", 52311);\n script_mandatory_keys(\"ibm_endpoint_manager/installed\");\n\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"host_details.inc\");\n\nif( ! port = get_app_port( cpe:CPE ) ) exit( 0 );\nif( ! version = get_app_version( cpe:CPE, port:port ) ) exit( 0 );\n\nif( version !~ \"^9\\.1\\.[0-9]+\" ) exit( 0 );\n\nfixed_version = '9.1.1117';\n\ncv = split( version, sep:'.', keep:FALSE );\n\nck_version = cv[2];\n\nif( int( ck_version ) < int( 1117 ) )\n{\n report = 'Installed version: ' + version + '\\nFixed version: ' + fixed_version + '\\n';\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2019-10-02T15:17:32", "description": "Oracle Linux Local Security Checks ELSA-2014-0680", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2014-0680", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0224"], "modified": "2019-10-02T00:00:00", "id": "OPENVAS:1361412562310123368", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123368", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123368\");\n script_version(\"2019-10-02T07:08:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:02:52 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"2019-10-02 07:08:50 +0000 (Wed, 02 Oct 2019)\");\n script_name(\"Oracle Linux Local Check: ELSA-2014-0680\");\n script_tag(name:\"insight\", value:\"ELSA-2014-0680 - openssl098e security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2014-0680\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2014-0680.html\");\n script_cve_id(\"CVE-2014-0224\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux7\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"openssl098e\", rpm:\"openssl098e~0.9.8e~29.el7_0.2\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2019-10-02T15:18:43", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-06-09T00:00:00", "type": "openvas", "title": "CentOS Update for openssl098e CESA-2014:0626 centos6", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0224"], "modified": "2019-10-02T00:00:00", "id": "OPENVAS:1361412562310881944", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881944", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for openssl098e CESA-2014:0626 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.881944\");\n script_version(\"2019-10-02T07:08:50+0000\");\n script_tag(name:\"last_modification\", value:\"2019-10-02 07:08:50 +0000 (Wed, 02 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2014-06-09 12:29:43 +0530 (Mon, 09 Jun 2014)\");\n script_cve_id(\"CVE-2014-0224\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_name(\"CentOS Update for openssl098e CESA-2014:0626 centos6\");\n\n script_tag(name:\"affected\", value:\"openssl098e on CentOS 6\");\n script_tag(name:\"insight\", value:\"OpenSSL is a toolkit that implements the Secure Sockets Layer\n(SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nIt was found that OpenSSL clients and servers could be forced, via a\nspecially crafted handshake packet, to use weak keying material for\ncommunication. A man-in-the-middle attacker could use this flaw to decrypt\nand modify traffic between a client and a server. (CVE-2014-0224)\n\nNote: In order to exploit this flaw, both the server and the client must be\nusing a vulnerable version of OpenSSL the server must be using OpenSSL\nversion 1.0.1 and above, and the client must be using any version of\nOpenSSL. Please see the references for more information about this flaw.\n\nRed Hat would like to thank the OpenSSL project for reporting this issue.\nUpstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter\nof this issue.\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at the\nlinked references.\n\n5. Bugs fixed:\n\n1103586 - CVE-2014-0224 openssl: SSL/TLS MITM vulnerability\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 5 client):\n\nSource:\nopenssl097a-0.9.7a-12.el5_10.1.src.rpm\n\ni386:\nopenssl097a-0.9.7a-12.el5_10.1.i386.rpm\nopenssl097a-debuginfo-0.9.7a-12.el5_10.1.i386.rpm\n\nx86_64:\nopenssl097a-0.9.7a-12.el5_10.1.i386.rpm\nopenssl097a-0.9.7a-12.el5_10.1.x86_64.rpm\nopenssl097a-debuginfo-0.9.7a-12.el5_10.1.i386.rpm\nopenssl097a-debuginfo-0.9.7a-12.el5_10.1.x86_64.rpm\n\nRed Hat Enterprise Linux (v. 5 server):\n\nSource:\nopenssl097a-0.9.7a-12.el5_10.1.src.rpm\n\ni386:\nopenssl097a-0.9.7a-12.el5_10.1.i386.rpm\nopenssl097a-debuginfo-0.9.7a-12.el5_10.1.i386.rpm\n\nia64:\nopenssl097a-0.9.7a-12.el5_10.1.i386.rpm\nopenssl097a-0.9.7a-12.el5_10.1.ia64.rpm\nopenssl097a-debuginfo-0.9.7a-12.el5_10.1.i386.rpm\nopenssl097a-debuginfo-0.9.7a-12.el5_10.1.ia6 ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"CESA\", value:\"2014:0626\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2014-June/020345.html\");\n script_xref(name:\"URL\", value:\"https://access.redhat.com/site/articles/11258\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl098e'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n script_xref(name:\"URL\", value:\"https://access.redhat.com/site/articles/904433\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl098e\", rpm:\"openssl098e~0.9.8e~18.el6_5.2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2019-12-06T16:42:57", "description": "IBM Endpoint Manager is prone to a XML External Entity Injection", "cvss3": {}, "published": "2014-12-03T00:00:00", "type": "openvas", "title": "IBM Endpoint Manager XML External Entity Injection", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0224"], "modified": "2019-12-05T00:00:00", "id": "OPENVAS:1361412562310105130", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310105130", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# IBM Endpoint Manager XML External Entity Injection\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:ibm:tivoli_endpoint_manager\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.105130\");\n script_cve_id(\"CVE-2014-0224\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_version(\"2019-12-05T15:10:00+0000\");\n\n script_name(\"IBM Endpoint Manager XML External Entity Injection\");\n\n script_xref(name:\"URL\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21673961\");\n script_xref(name:\"URL\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21673964\");\n script_xref(name:\"URL\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21673967\");\n\n script_tag(name:\"impact\", value:\"This vulnerability could allow an attacker to access files\n on an affected server or cause an affected server to make an arbitrary HTTP GET request.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"IBM Endpoint Manager could allow a remote attacker to obtain\n sensitive information, caused by an XML External Entity Injection (XXE) error when processing XML\n data. By sending specially-crafted XML data, an attacker could exploit this vulnerability to access\n files and obtain sensitive information on the server.\");\n\n script_tag(name:\"affected\", value:\"All 9.1 releases of the Console, Root Server, Web Reports and Server API\n earlier than 9.1.1088.0\n\n All 9.0 releases of the Console, Root Server, Web Reports and Server API earlier than 9.0.853.0\n\n All 8.2 releases of Web Reports and Server API earlier than 8.2.1445.0\");\n\n script_tag(name:\"summary\", value:\"IBM Endpoint Manager is prone to a XML External Entity Injection\");\n\n script_tag(name:\"solution\", value:\"Update to the latest version.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"last_modification\", value:\"2019-12-05 15:10:00 +0000 (Thu, 05 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2014-12-03 14:44:19 +0100 (Wed, 03 Dec 2014)\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_family(\"Web application abuses\");\n script_copyright(\"This script is Copyright (C) 2014 Greenbone Networks GmbH\");\n script_dependencies(\"gb_ibm_endpoint_manager_web_detect.nasl\");\n script_require_ports(\"Services/www\", 52311);\n script_mandatory_keys(\"ibm_endpoint_manager/installed\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\n\nif( ! port = get_app_port( cpe:CPE ) ) exit( 0 );\nif( ! version = get_app_version( cpe:CPE, port:port ) ) exit( 0 );\n\nif( version =~ \"^9\\.1\\.[0-9]+\" )\n{\n cv = split( version, sep:'.', keep:FALSE );\n ck_version = cv[2];\n\n if( int( ck_version ) < int( 1088 ) )\n {\n VULN = TRUE;\n fixed_version = '9.1.1088.0';\n }\n}\n\nelse if( version =~ \"^9\\.0\\.[0-9]+\" )\n{\n cv = split( version, sep:'.', keep:FALSE );\n ck_version = cv[2];\n\n if( int( ck_version ) < int( 853 ) )\n {\n VULN = TRUE;\n fixed_version = '9.0.853.0';\n }\n}\n\nelse if( version =~ \"^8\\.2\\.[0-9]+\" )\n{\n cv = split( version, sep:'.', keep:FALSE );\n ck_version = cv[2];\n\n if( int( ck_version ) < int( 1445 ) )\n {\n VULN = TRUE;\n fixed_version = '8.2.1445.0';\n }\n}\n\n\nif( VULN )\n{\n report = 'Installed version: ' + version + '\\nFixed version: ' + fixed_version + '\\n';\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2019-10-02T15:18:55", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-06-09T00:00:00", "type": "openvas", "title": "RedHat Update for openssl097a and openssl098e RHSA-2014:0626-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0224"], "modified": "2019-10-02T00:00:00", "id": "OPENVAS:1361412562310871176", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871176", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for openssl097a and openssl098e RHSA-2014:0626-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871176\");\n script_version(\"2019-10-02T07:08:50+0000\");\n script_tag(name:\"last_modification\", value:\"2019-10-02 07:08:50 +0000 (Wed, 02 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2014-06-09 16:10:36 +0530 (Mon, 09 Jun 2014)\");\n script_cve_id(\"CVE-2014-0224\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_name(\"RedHat Update for openssl097a and openssl098e RHSA-2014:0626-01\");\n\n\n script_tag(name:\"affected\", value:\"openssl097a and openssl098e on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"insight\", value:\"OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nIt was found that OpenSSL clients and servers could be forced, via a\nspecially crafted handshake packet, to use weak keying material for\ncommunication. A man-in-the-middle attacker could use this flaw to decrypt\nand modify traffic between a client and a server. (CVE-2014-0224)\n\nNote: In order to exploit this flaw, both the server and the client must be\nusing a vulnerable version of OpenSSL the server must be using OpenSSL\nversion 1.0.1 and above, and the client must be using any version of\nOpenSSL. For more information about this flaw, Hat would like to thank the OpenSSL project for reporting this issue.\nUpstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter\nof this issue.\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at the references.\n\n5. Bugs fixed:\n\n1103586 - CVE-2014-0224 openssl: SSL/TLS MITM vulnerability\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 5 client):\n\nSource:\nopenssl097a-0.9.7a-12.el5_10.1.src.rpm\n\ni386:\nopenssl097a-0.9.7a-12.el5_10.1.i386.rpm\nopenssl097a-debuginfo-0.9.7a-12.el5_10.1.i386.rpm\n\nx86_64:\nopenssl097a-0.9.7a-12.el5_10.1.i386.rpm\nopenssl097a-0.9.7a-12.el5_10.1.x86_64.rpm\nopenssl097a-debuginfo-0.9.7a-12.el5_10.1.i386.rpm\nopenssl097a-debuginfo-0.9.7a-12.el5_10.1.x86_64.rpm\n\nRed Hat Enterprise Linux (v. 5 server):\n\nSource:\nopenssl097a-0.9.7a-12.el5_10.1.src.rpm\n\ni386:\nopenssl097a-0.9.7a-12.el5_10.1.i386.rpm\nopenssl097a-debuginfo-0.9.7a-12.el5_10.1.i386.rpm\n\nia ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"RHSA\", value:\"2014:0626-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2014-June/msg00010.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl097a and openssl098e'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_(6|5)\");\n\n script_xref(name:\"URL\", value:\"https://access.redhat.com/site/articles/904433\");\n script_xref(name:\"URL\", value:\"https://access.redhat.com/site/articles/11258\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl098e\", rpm:\"openssl098e~0.9.8e~18.el6_5.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl098e-debuginfo\", rpm:\"openssl098e-debuginfo~0.9.8e~18.el6_5.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl097a\", rpm:\"openssl097a~0.9.7a~12.el5_10.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl097a-debuginfo\", rpm:\"openssl097a-debuginfo~0.9.7a~12.el5_10.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2019-10-02T15:18:55", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-07-04T00:00:00", "type": "openvas", "title": "RedHat Update for openssl098e RHSA-2014:0680-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0224"], "modified": "2019-10-02T00:00:00", "id": "OPENVAS:1361412562310871188", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871188", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for openssl098e RHSA-2014:0680-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871188\");\n script_version(\"2019-10-02T07:08:50+0000\");\n script_tag(name:\"last_modification\", value:\"2019-10-02 07:08:50 +0000 (Wed, 02 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2014-07-04 16:48:46 +0530 (Fri, 04 Jul 2014)\");\n script_cve_id(\"CVE-2014-0224\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_name(\"RedHat Update for openssl098e RHSA-2014:0680-01\");\n\n\n script_tag(name:\"affected\", value:\"openssl098e on Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"insight\", value:\"OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nIt was found that OpenSSL clients and servers could be forced, via a\nspecially crafted handshake packet, to use weak keying material for\ncommunication. A man-in-the-middle attacker could use this flaw to decrypt\nand modify traffic between a client and a server. (CVE-2014-0224)\n\nNote: In order to exploit this flaw, both the server and the client must be\nusing a vulnerable version of OpenSSL the server must be using OpenSSL\nversion 1.0.1 and above, and the client must be using any version of\nOpenSSL. For more information about this flaw, Hat would like to thank the OpenSSL project for reporting this issue.\nUpstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter\nof this issue.\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available in the references.\n\n5. Bugs fixed:\n\n1103586 - CVE-2014-0224 openssl: SSL/TLS MITM vulnerability\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nopenssl098e-0.9.8e-29.el7_0.2.src.rpm\n\nx86_64:\nopenssl098e-0.9.8e-29.el7_0.2.i686.rpm\nopenssl098e-0.9.8e-29.el7_0.2.x86_64.rpm\nopenssl098e-debuginfo-0.9.8e-29.el7_0.2.i686.rpm\nopenssl098e-debuginfo-0.9.8e-29.el7_0.2.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nopenssl098e-0.9.8e-29.el7_0.2.src.rpm\n\nx86_64:\nopenssl098e-0.9.8e-29.el7_0.2.i686.rpm\nopenssl098e-0.9.8e-29.el7_0.2.x86_64.rpm\nopenssl098e-debuginfo-0.9.8e-29.el7_0.2.i686.rpm\nopenssl098e-debuginfo-0.9.8e-29.el7_0.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenssl098e-0.9.8e-29.el7_0.2.src.rpm\n\nppc64:\nopenssl098e-0.9.8e-29.el7_0.2.ppc.rpm\nopenssl098e-0.9.8e-29.el7_0.2.p ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"RHSA\", value:\"2014:0680-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2014-June/msg00021.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl098e'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n script_xref(name:\"URL\", value:\"https://access.redhat.com/site/articles/904433\");\n script_xref(name:\"URL\", value:\"https://access.redhat.com/site/articles/11258\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl098e\", rpm:\"openssl098e~0.9.8e~29.el7_0.2\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl098e-debuginfo\", rpm:\"openssl098e-debuginfo~0.9.8e~29.el7_0.2\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-04-02T18:47:27", "description": "OpenSSL is prone to security-bypass vulnerability.", "cvss3": {}, "published": "2014-06-10T00:00:00", "type": "openvas", "title": "SSL/TLS: OpenSSL CCS Man in the Middle Security Bypass Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0224"], "modified": "2020-03-31T00:00:00", "id": "OPENVAS:1361412562310105042", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310105042", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# SSL/TLS: OpenSSL CCS Man in the Middle Security Bypass Vulnerability\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.105042\");\n script_version(\"2020-03-31T06:57:15+0000\");\n script_bugtraq_id(67899);\n script_cve_id(\"CVE-2014-0224\");\n script_name(\"SSL/TLS: OpenSSL CCS Man in the Middle Security Bypass Vulnerability\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-03-31 06:57:15 +0000 (Tue, 31 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2014-06-10 17:18:54 +0200 (Tue, 10 Jun 2014)\");\n script_category(ACT_ATTACK);\n script_family(\"SSL and TLS\");\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_dependencies(\"gb_tls_version_get.nasl\");\n script_mandatory_keys(\"ssl_tls/port\");\n\n script_xref(name:\"URL\", value:\"https://www.openssl.org/news/secadv/20140605.txt\");\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/67899\");\n\n script_tag(name:\"impact\", value:\"Successfully exploiting this issue may allow attackers to obtain\n sensitive information by conducting a man-in-the-middle attack. This may lead to other attacks.\");\n\n script_tag(name:\"vuldetect\", value:\"Send two SSL ChangeCipherSpec request and check the response.\");\n\n script_tag(name:\"insight\", value:\"OpenSSL does not properly restrict processing of ChangeCipherSpec\n messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in\n certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive\n information, via a crafted TLS handshake, aka the 'CCS Injection' vulnerability.\");\n\n script_tag(name:\"solution\", value:\"Updates are available. Please see the references for more information.\");\n\n script_tag(name:\"summary\", value:\"OpenSSL is prone to security-bypass vulnerability.\");\n\n script_tag(name:\"affected\", value:\"OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m and 1.0.1 before 1.0.1h.\");\n\n script_tag(name:\"qod_type\", value:\"remote_analysis\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"mysql.inc\"); # For recv_mysql_server_handshake() in open_ssl_socket()\ninclude(\"byte_func.inc\");\ninclude(\"ssl_funcs.inc\");\ninclude(\"misc_func.inc\");\n\nfunction _test( v, port ) {\n\n local_var v, port, soc, hello, data, record, hello_done, req;\n\n if( ! v ) return FALSE;\n\n soc = open_ssl_socket( port:port );\n if( ! soc ) return FALSE;\n\n hello = ssl_hello( version:v );\n if( ! hello ) {\n close( soc );\n return FALSE;\n }\n\n send( socket:soc, data:hello );\n\n while( ! hello_done ) {\n data = ssl_recv( socket:soc );\n if( ! data ) {\n close( soc );\n return FALSE;\n }\n\n record = search_ssl_record( data:data, search:make_array( \"content_typ\", SSLv3_ALERT ) );\n if( record ) {\n close( soc );\n return FALSE;\n }\n\n record = search_ssl_record( data:data, search:make_array( \"handshake_typ\", SSLv3_SERVER_HELLO_DONE ) );\n if( record ) {\n hello_done = TRUE;\n v = record[\"version\"];\n break;\n }\n }\n\n if( ! hello_done ) {\n close( soc );\n return FALSE;\n }\n\n req = raw_string( 0x14 ) + v + raw_string( 0x00, 0x01, 0x01 );\n send( socket:soc, data:req );\n\n data = ssl_recv( socket:soc );\n\n if( ! data && socket_get_error( soc ) == ECONNRESET ) {\n close( soc );\n return FALSE;\n }\n\n if( data ) {\n record = search_ssl_record( data:data, search:make_array( \"content_typ\", SSLv3_ALERT ) );\n if( record ) {\n close( soc );\n return FALSE;\n }\n }\n\n send( socket:soc, data:req );\n data = ssl_recv( socket:soc );\n\n close( soc );\n\n if( ! data ) return FALSE;\n\n record = search_ssl_record( data:data, search:make_array( \"content_typ\", SSLv3_ALERT ) );\n if( record ) {\n if( record['level'] == SSLv3_ALERT_FATAL && ( record['description'] == SSLv3_ALERT_BAD_RECORD_MAC || record['description'] == SSLv3_ALERT_DECRYPTION_FAILED ) ) {\n security_message( port:port );\n exit( 0 );\n }\n }\n}\n\nif( ! port = tls_ssl_get_port() )\n exit( 0 );\n\nif( ! versions = get_supported_tls_versions( port:port, min:SSL_v3, max:TLS_12 ) )\n exit( 0 );\n\nforeach version( versions ) {\n _test( v:version, port:port );\n}\n\nexit( 99 );\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-01-31T18:38:17", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-10-13T00:00:00", "type": "openvas", "title": "SUSE: Security Advisory for OpenSSL (SUSE-SU-2014:0759-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2014-0221"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310850751", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850751", "sourceData": "# Copyright (C) 2015 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850751\");\n script_version(\"2020-01-31T07:58:03+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 07:58:03 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-10-13 18:35:00 +0530 (Tue, 13 Oct 2015)\");\n script_cve_id(\"CVE-2014-0221\", \"CVE-2014-0224\", \"CVE-2014-3470\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SUSE: Security Advisory for OpenSSL (SUSE-SU-2014:0759-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'OpenSSL'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"OpenSSL was updated to fix several vulnerabilities:\n\n * SSL/TLS MITM vulnerability. (CVE-2014-0224)\n\n * DTLS recursion flaw. (CVE-2014-0221)\n\n * Anonymous ECDH denial of service. (CVE-2014-3470)\");\n\n script_xref(name:\"URL\", value:\"http://www.openssl.org/news/secadv_20140605.txt\");\n\n script_tag(name:\"affected\", value:\"OpenSSL on SUSE Linux Enterprise Server 11 SP3\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"SUSE-SU\", value:\"2014:0759-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=SLES11\\.0SP3\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"SLES11.0SP3\") {\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl0_9_8\", rpm:\"libopenssl0_9_8~0.9.8j~0.58.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl0_9_8-hmac\", rpm:\"libopenssl0_9_8-hmac~0.9.8j~0.58.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~0.9.8j~0.58.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-doc\", rpm:\"openssl-doc~0.9.8j~0.58.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl0_9_8-32bit\", rpm:\"libopenssl0_9_8-32bit~0.9.8j~0.58.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl0_9_8-hmac-32bit\", rpm:\"libopenssl0_9_8-hmac-32bit~0.9.8j~0.58.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl0_9_8-x86\", rpm:\"libopenssl0_9_8-x86~0.9.8j~0.58.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2019-05-29T18:37:34", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-06-17T00:00:00", "type": "openvas", "title": "Ubuntu Update for openssl USN-2232-2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2014-0195", "CVE-2014-0221"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310841854", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841854", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2232_2.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for openssl USN-2232-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.841854\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-06-17 10:05:28 +0530 (Tue, 17 Jun 2014)\");\n script_cve_id(\"CVE-2014-0224\", \"CVE-2014-0195\", \"CVE-2014-0221\", \"CVE-2014-3470\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Ubuntu Update for openssl USN-2232-2\");\n\n script_tag(name:\"affected\", value:\"openssl on Ubuntu 14.04 LTS,\n Ubuntu 13.10,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"insight\", value:\"USN-2232-1 fixed vulnerabilities in OpenSSL. The upstream fix\nfor CVE-2014-0224 caused a regression for certain applications that use\ntls_session_secret_cb, such as wpa_supplicant. This update fixes the\nproblem.\n\nOriginal advisory details:\n\nJü ri Aedla discovered that OpenSSL incorrectly handled invalid DTLS\nfragments. A remote attacker could use this issue to cause OpenSSL to\ncrash, resulting in a denial of service, or possibly execute arbitrary\ncode. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and\nUbuntu 14.04 LTS. (CVE-2014-0195)\nImre Rad discovered that OpenSSL incorrectly handled DTLS recursions. A\nremote attacker could use this issue to cause OpenSSL to crash, resulting\nin a denial of service. (CVE-2014-0221)\nKIKUCHI Masashi discovered that OpenSSL incorrectly handled certain\nhandshakes. A remote attacker could use this flaw to perform a\nman-in-the-middle attack and possibly decrypt and modify traffic.\n(CVE-2014-0224)\nFelix Grö bert and Ivan Fratrić discovered that OpenSSL incorrectly\nhandled anonymous ECDH ciphersuites. A remote attacker could use this issue to\ncause OpenSSL to crash, resulting in a denial of service. This issue only\naffected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS.\n(CVE-2014-3470)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"USN\", value:\"2232-2\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2232-2/\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|12\\.04 LTS|13\\.10)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl1.0.0:i386\", ver:\"1.0.1f-1ubuntu2.3\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.1-4ubuntu5.15\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU13.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl1.0.0:i386\", ver:\"1.0.1e-3ubuntu1.5\", rls:\"UBUNTU13.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T18:38:41", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-10-16T00:00:00", "type": "openvas", "title": "SUSE: Security Advisory for OpenSSL (SUSE-SU-2014:0761-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0076", "CVE-2014-0224", "CVE-2014-3470", "CVE-2014-0221"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310850981", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850981", "sourceData": "# Copyright (C) 2015 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850981\");\n script_version(\"2020-01-31T07:58:03+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 07:58:03 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-10-16 16:03:30 +0200 (Fri, 16 Oct 2015)\");\n script_cve_id(\"CVE-2014-0076\", \"CVE-2014-0221\", \"CVE-2014-0224\", \"CVE-2014-3470\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SUSE: Security Advisory for OpenSSL (SUSE-SU-2014:0761-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'OpenSSL'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"OpenSSL was updated to fix several vulnerabilities:\n\n * SSL/TLS MITM vulnerability. (CVE-2014-0224)\n\n * DTLS recursion flaw. (CVE-2014-0221)\n\n * Anonymous ECDH denial of service. (CVE-2014-3470)\n\n * Using the FLUSH+RELOAD Cache Side-channel Attack the nonces could\n have been recovered. (CVE-2014-0076)\n\n Additionally, the following non-security fixes and enhancements have been\n included in this release:\n\n * Ensure that the stack is marked non-executable on x86 32bit. On\n other processor platforms it was already marked as non-executable\n before. (bnc#870192)\n\n * IPv6 support was added to the openssl s_client and s_server command\n line tool. (bnc#859228)\n\n * The openssl command line tool now checks certificates by default\n against /etc/ssl/certs (this can be changed via the -CApath option).\n (bnc#860332)\n\n * The Elliptic Curve Diffie-Hellman key exchange selector was enabled\n and can be selected by kECDHE, kECDH, ECDH tags in the SSL cipher\n string. (bnc#859924)\n\n * If an optional openssl1 command line tool is installed in parallel,\n c_rehash uses it to generate certificate hashes in both OpenSSL 0\n and OpenSSL 1 style. This allows parallel usage of OpenSSL 0.9.8j\n and OpenSSL 1.x client libraries with a shared certificate store.\n (bnc#862181)\");\n\n script_tag(name:\"affected\", value:\"OpenSSL on SUSE Linux Enterprise Server 11 SP2 LTSS, SUSE Linux Enterprise Server 11 SP1 LTSS\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"SUSE-SU\", value:\"2014:0761-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(SLES11\\.0SP2|SLES11\\.0SP1)\");\n\n script_xref(name:\"URL\", value:\"http://www.openssl.org/news/secadv_20140605.txt\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"SLES11.0SP2\") {\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl0_9_8\", rpm:\"libopenssl0_9_8~0.9.8j~0.58.1\", rls:\"SLES11.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl0_9_8-hmac\", rpm:\"libopenssl0_9_8-hmac~0.9.8j~0.58.1\", rls:\"SLES11.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~0.9.8j~0.58.1\", rls:\"SLES11.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-doc\", rpm:\"openssl-doc~0.9.8j~0.58.1\", rls:\"SLES11.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl0_9_8-32bit\", rpm:\"libopenssl0_9_8-32bit~0.9.8j~0.58.1\", rls:\"SLES11.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl0_9_8-hmac-32bit\", rpm:\"libopenssl0_9_8-hmac-32bit~0.9.8j~0.58.1\", rls:\"SLES11.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"SLES11.0SP1\") {\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl0_9_8\", rpm:\"libopenssl0_9_8~0.9.8j~0.58.1\", rls:\"SLES11.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl0_9_8-hmac\", rpm:\"libopenssl0_9_8-hmac~0.9.8j~0.58.1\", rls:\"SLES11.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~0.9.8j~0.58.1\", rls:\"SLES11.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-doc\", rpm:\"openssl-doc~0.9.8j~0.58.1\", rls:\"SLES11.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl0_9_8-32bit\", rpm:\"libopenssl0_9_8-32bit~0.9.8j~0.58.1\", rls:\"SLES11.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl0_9_8-hmac-32bit\", rpm:\"libopenssl0_9_8-hmac-32bit~0.9.8j~0.58.1\", rls:\"SLES11.0SP1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2019-05-29T18:37:11", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-08-19T00:00:00", "type": "openvas", "title": "Ubuntu Update for openssl USN-2232-4", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2014-0195", "CVE-2014-0221"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310841933", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841933", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2232_4.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for openssl USN-2232-4\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.841933\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-08-19 05:58:49 +0200 (Tue, 19 Aug 2014)\");\n script_cve_id(\"CVE-2014-0195\", \"CVE-2014-0221\", \"CVE-2014-0224\", \"CVE-2014-3470\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Ubuntu Update for openssl USN-2232-4\");\n\n script_tag(name:\"affected\", value:\"openssl on Ubuntu 10.04 LTS\");\n script_tag(name:\"insight\", value:\"USN-2232-1 fixed vulnerabilities in OpenSSL. One of the patch\nbackports for Ubuntu 10.04 LTS caused a regression for certain applications.\nThis update fixes the problem.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nJü ri Aedla discovered that OpenSSL incorrectly handled invalid DTLS\nfragments. A remote attacker could use this issue to cause OpenSSL to\ncrash, resulting in a denial of service, or possibly execute arbitrary\ncode. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and\nUbuntu 14.04 LTS. (CVE-2014-0195)\nImre Rad discovered that OpenSSL incorrectly handled DTLS recursions. A\nremote attacker could use this issue to cause OpenSSL to crash, resulting\nin a denial of service. (CVE-2014-0221)\nKIKUCHI Masashi discovered that OpenSSL incorrectly handled certain\nhandshakes. A remote attacker could use this flaw to perform a\nman-in-the-middle attack and possibly decrypt and modify traffic.\n(CVE-2014-0224)\nFelix Grö bert and Ivan Fratrić discovered that OpenSSL incorrectly\nhandled anonymous ECDH ciphersuites. A remote attacker could use this issue to\ncause OpenSSL to crash, resulting in a denial of service. This issue only\naffected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS.\n(CVE-2014-3470)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"USN\", value:\"2232-4\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2232-4/\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU10\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl0.9.8\", ver:\"0.9.8k-7ubuntu8.21\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:09", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-07-01T00:00:00", "type": "openvas", "title": "Ubuntu Update for openssl USN-2232-3", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2014-0195", "CVE-2014-0221"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310841867", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841867", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2232_3.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for openssl USN-2232-3\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.841867\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-07-01 21:24:39 +0530 (Tue, 01 Jul 2014)\");\n script_cve_id(\"CVE-2014-0224\", \"CVE-2014-0195\", \"CVE-2014-0221\", \"CVE-2014-3470\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Ubuntu Update for openssl USN-2232-3\");\n\n script_tag(name:\"affected\", value:\"openssl on Ubuntu 14.04 LTS,\n Ubuntu 13.10,\n Ubuntu 12.04 LTS,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"insight\", value:\"USN-2232-1 fixed vulnerabilities in OpenSSL. The upstream fix\nfor CVE-2014-0224 caused a regression for certain applications that use\nrenegotiation, such as PostgreSQL. This update fixes the problem.\n\nOriginal advisory details:\n\nJü ri Aedla discovered that OpenSSL incorrectly handled invalid DTLS\nfragments. A remote attacker could use this issue to cause OpenSSL to\ncrash, resulting in a denial of service, or possibly execute arbitrary\ncode. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and\nUbuntu 14.04 LTS. (CVE-2014-0195)\nImre Rad discovered that OpenSSL incorrectly handled DTLS recursions. A\nremote attacker could use this issue to cause OpenSSL to crash, resulting\nin a denial of service. (CVE-2014-0221)\nKIKUCHI Masashi discovered that OpenSSL incorrectly handled certain\nhandshakes. A remote attacker could use this flaw to perform a\nman-in-the-middle attack and possibly decrypt and modify traffic.\n(CVE-2014-0224)\nFelix Grö bert and Ivan Fratrić discovered that OpenSSL incorrectly handled\nanonymous ECDH ciphersuites. A remote attacker could use this issue to\ncause OpenSSL to crash, resulting in a denial of service. This issue only\naffected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS.\n(CVE-2014-3470)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"USN\", value:\"2232-3\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2232-3/\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|12\\.04 LTS|10\\.04 LTS|13\\.10)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl1.0.0:i386\", ver:\"1.0.1f-1ubuntu2.4\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.1-4ubuntu5.16\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl0.9.8\", ver:\"0.9.8k-7ubuntu8.19\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU13.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl1.0.0:i386\", ver:\"1.0.1e-3ubuntu1.6\", rls:\"UBUNTU13.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-10-02T15:18:38", "description": "VMware product updates address OpenSSL security vulnerabilities.", "cvss3": {}, "published": "2014-06-13T00:00:00", "type": "openvas", "title": "VMSA-2014-0006: VMware product updates address OpenSSL security vulnerabilities (remote check)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2010-5298", "CVE-2014-0198"], "modified": "2019-10-02T00:00:00", "id": "OPENVAS:1361412562310105045", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310105045", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# VMSA-2014-0006: VMware product updates address OpenSSL security vulnerabilities (remote check)\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.105045\");\n script_cve_id(\"CVE-2014-0224\", \"CVE-2014-0198\", \"CVE-2010-5298\", \"CVE-2014-3470\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_version(\"2019-10-02T07:08:50+0000\");\n script_name(\"VMSA-2014-0006: VMware product updates address OpenSSL security vulnerabilities (remote check)\");\n\n\n script_xref(name:\"URL\", value:\"http://www.vmware.com/security/advisories/VMSA-2014-0006.html\");\n\n script_tag(name:\"last_modification\", value:\"2019-10-02 07:08:50 +0000 (Wed, 02 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2014-06-13 11:04:01 +0100 (Fri, 13 Jun 2014)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_copyright(\"This script is Copyright (C) 2014 Greenbone Networks GmbH\");\n script_dependencies(\"gb_vmware_esx_web_detect.nasl\");\n script_mandatory_keys(\"VMware/ESX/build\", \"VMware/ESX/version\");\n\n script_tag(name:\"vuldetect\", value:\"Check the build number\");\n script_tag(name:\"insight\", value:\"a. OpenSSL update for multiple products.\n\nOpenSSL libraries have been updated in multiple products to versions 0.9.8za and 1.0.1h\nin order to resolve multiple security issues.\");\n script_tag(name:\"solution\", value:\"Apply the missing patch(es).\");\n script_tag(name:\"summary\", value:\"VMware product updates address OpenSSL security vulnerabilities.\");\n script_tag(name:\"affected\", value:\"ESXi 5.5 prior to ESXi550-201406401-SGi,\nESXi 5.1 without patch ESXi510-201406401-SG,\nESXi 5.0 without patch ESXi500-201407401-SG\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n\n}\n\ninclude(\"vmware_esx.inc\");\n\nif( ! esxVersion = get_kb_item( \"VMware/ESX/version\" ) ) exit( 0 );\nif( ! esxBuild = get_kb_item( \"VMware/ESX/build\" ) ) exit( 0 );\n\nfixed_builds = make_array( \"5.5.0\",\"1881737\",\n \"5.1.0\",\"1900470\",\n \"5.0.0\",\"1918656\");\n\nif( ! fixed_builds[esxVersion] ) exit( 0 );\n\nif( int( esxBuild ) < int( fixed_builds[esxVersion] ) )\n{\n security_message(port:0, data: esxi_remote_report( ver:esxVersion, build: esxBuild, fixed_build: fixed_builds[esxVersion] ) );\n exit(0);\n}\n\nexit( 99 );\n\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-01-31T18:39:02", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-06-09T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for update (openSUSE-SU-2014:0765-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2014-0195", "CVE-2014-0221"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310850590", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850590", "sourceData": "# Copyright (C) 2014 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850590\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2014-06-09 13:53:36 +0530 (Mon, 09 Jun 2014)\");\n script_cve_id(\"CVE-2014-0195\", \"CVE-2014-0221\", \"CVE-2014-0224\", \"CVE-2014-3470\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"openSUSE: Security Advisory for update (openSUSE-SU-2014:0765-1)\");\n\n script_tag(name:\"affected\", value:\"update on openSUSE 11.4\");\n\n script_tag(name:\"insight\", value:\"The openssl library was updated to version 1.0.0m fixing various security\n issues and bugs:\n\n Security issues fixed:\n\n - CVE-2014-0224: Fix for SSL/TLS MITM flaw. An attacker using a carefully\n crafted handshake can force the use of weak keying material in OpenSSL\n SSL/TLS clients and servers.\n\n - CVE-2014-0221: Fix DTLS recursion flaw. By sending an invalid DTLS\n handshake to an OpenSSL DTLS client the code can be made to recurse\n eventually crashing in a DoS attack.\n\n - CVE-2014-0195: Fix DTLS invalid fragment vulnerability. A buffer\n overrun attack can be triggered by sending invalid DTLS fragments to an\n OpenSSL DTLS client or server. This is potentially exploitable to run\n arbitrary code on a vulnerable client or server.\n\n - CVE-2014-3470: Fix bug in TLS code where clients enable anonymous ECDH\n ciphersuites are subject to a denial of service attack.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"openSUSE-SU\", value:\"2014:0765-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'update'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE11\\.4\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE11.4\") {\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl-devel\", rpm:\"libopenssl-devel~1.0.0m~18.53.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0\", rpm:\"libopenssl1_0_0~1.0.0m~18.53.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-debuginfo\", rpm:\"libopenssl1_0_0-debuginfo~1.0.0m~18.53.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.0m~18.53.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-debuginfo\", rpm:\"openssl-debuginfo~1.0.0m~18.53.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-debugsource\", rpm:\"openssl-debugsource~1.0.0m~18.53.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-32bit\", rpm:\"libopenssl1_0_0-32bit~1.0.0m~18.53.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-debuginfo-32bit\", rpm:\"libopenssl1_0_0-debuginfo-32bit~1.0.0m~18.53.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-doc\", rpm:\"openssl-doc~1.0.0m~18.53.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-debuginfo-x86\", rpm:\"libopenssl1_0_0-debuginfo-x86~1.0.0m~18.53.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-x86\", rpm:\"libopenssl1_0_0-x86~1.0.0m~18.53.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-19T16:06:24", "description": "VMware product updates address OpenSSL security vulnerabilities.", "cvss3": {}, "published": "2014-06-13T00:00:00", "type": "openvas", "title": "VMware ESXi updates address OpenSSL security vulnerabilities (VMSA-2014-0006)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2010-5298", "CVE-2014-0198"], "modified": "2019-12-18T00:00:00", "id": "OPENVAS:1361412562310105044", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310105044", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# VMSA-2014-0006: VMware product updates address OpenSSL security vulnerabilities.\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.105044\");\n script_cve_id(\"CVE-2014-0224\", \"CVE-2014-0198\", \"CVE-2010-5298\", \"CVE-2014-3470\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_version(\"2019-12-18T11:13:08+0000\");\n script_name(\"VMware ESXi updates address OpenSSL security vulnerabilities (VMSA-2014-0006)\");\n\n script_xref(name:\"URL\", value:\"http://www.vmware.com/security/advisories/VMSA-2014-0006.html\");\n\n script_tag(name:\"last_modification\", value:\"2019-12-18 11:13:08 +0000 (Wed, 18 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2014-06-13 11:04:01 +0100 (Fri, 13 Jun 2014)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"VMware Local Security Checks\");\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_dependencies(\"gb_vmware_esxi_init.nasl\");\n script_mandatory_keys(\"VMware/ESXi/LSC\", \"VMware/ESX/version\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if the target host is missing one or more patch(es).\");\n\n script_tag(name:\"insight\", value:\"a. OpenSSL update for multiple products.\n\n OpenSSL libraries have been updated in multiple products to versions 0.9.8za and 1.0.1h\n in order to resolve multiple security issues.\");\n\n script_tag(name:\"solution\", value:\"Apply the missing patch(es).\");\n\n script_tag(name:\"summary\", value:\"VMware product updates address OpenSSL security vulnerabilities.\");\n\n script_tag(name:\"affected\", value:\"ESXi 5.5 prior to ESXi550-201406401-SG\n\n ESXi 5.1 without patch ESXi510-201406401-SG\n\n ESXi 5.0 without patch ESXi500-201407401-SG\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"vmware_esx.inc\");\ninclude(\"version_func.inc\");\n\nif(!get_kb_item(\"VMware/ESXi/LSC\"))\n exit(0);\n\nif(!esxVersion = get_kb_item(\"VMware/ESX/version\"))\n exit(0);\n\npatches = make_array(\"5.5.0\", \"VIB:esx-base:5.5.0-1.18.1881737\",\n \"5.1.0\", \"VIB:esx-base:5.1.0-2.29.1900470\",\n \"5.0.0\", \"VIB:esx-base:5.0.0-3.50.1918656\");\n\nif(!patches[esxVersion])\n exit(99);\n\nif(report = esxi_patch_missing(esxi_version:esxVersion, patch:patches[esxVersion])) {\n security_message(port:0, data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2019-10-02T15:18:32", "description": "VMware product updates address OpenSSL security vulnerabilities.", "cvss3": {}, "published": "2014-07-04T00:00:00", "type": "openvas", "title": "VMware Security Updates for vCenter Server (VMSA-2014-0006)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2010-5298", "CVE-2014-0198"], "modified": "2019-10-02T00:00:00", "id": "OPENVAS:1361412562310105057", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310105057", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# VMware Security Updates for vCenter Server (VMSA-2014-0006)\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.105057\");\n script_cve_id(\"CVE-2014-0224\", \"CVE-2014-0198\", \"CVE-2010-5298\", \"CVE-2014-3470\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_version(\"2019-10-02T07:08:50+0000\");\n script_name(\"VMware Security Updates for vCenter Server (VMSA-2014-0006)\");\n\n\n script_xref(name:\"URL\", value:\"http://www.vmware.com/security/advisories/VMSA-2014-0006.html\");\n\n script_tag(name:\"last_modification\", value:\"2019-10-02 07:08:50 +0000 (Wed, 02 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2014-07-04 11:04:01 +0100 (Fri, 04 Jul 2014)\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_family(\"General\");\n script_copyright(\"This script is Copyright (C) 2014 Greenbone Networks GmbH\");\n script_dependencies(\"gb_vmware_vcenter_detect.nasl\");\n script_mandatory_keys(\"VMware_vCenter/version\", \"VMware_vCenter/build\");\n\n script_tag(name:\"vuldetect\", value:\"Check the build number\");\n script_tag(name:\"insight\", value:\"a. OpenSSL update for multiple products.\n\nOpenSSL libraries have been updated in multiple products to versions 0.9.8za and 1.0.1h\nin order to resolve multiple security issues.\");\n script_tag(name:\"solution\", value:\"Apply the missing patch(es).\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"VMware product updates address OpenSSL security vulnerabilities.\");\n script_tag(name:\"affected\", value:\"vCenter prior to 5.5u1b\nvCenter prior to 5.1U2a\nvCenter prior to 5.0U3a\");\n\n exit(0);\n\n}\n\ninclude(\"vmware_esx.inc\");\n\nif ( ! vcenter_version = get_kb_item(\"VMware_vCenter/version\") ) exit( 0 );\nif ( ! vcenter_build = get_kb_item(\"VMware_vCenter/build\") ) exit( 0 );\n\nfixed_builds = make_array( \"5.5.0\",\"1891310\",\n \"5.1.0\",\"1917403\",\n \"5.0.0\",\"1923446\" );\n\nif ( ! fixed_builds[ vcenter_version] ) exit( 0 );\n\nif ( int( vcenter_build ) < int( fixed_builds[ vcenter_version ] ) )\n{\n security_message( port:0, data: esxi_remote_report( ver:vcenter_version, build: vcenter_build, fixed_build: fixed_builds[vcenter_version], typ:'vCenter' ) );\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2019-05-29T18:37:09", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-06-09T00:00:00", "type": "openvas", "title": "Ubuntu Update for openssl USN-2232-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2014-0195", "CVE-2014-0221"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310841843", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841843", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2232_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for openssl USN-2232-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.841843\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-06-09 14:20:03 +0530 (Mon, 09 Jun 2014)\");\n script_cve_id(\"CVE-2014-0195\", \"CVE-2014-0221\", \"CVE-2014-0224\", \"CVE-2014-3470\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Ubuntu Update for openssl USN-2232-1\");\n\n script_tag(name:\"affected\", value:\"openssl on Ubuntu 14.04 LTS,\n Ubuntu 13.10,\n Ubuntu 12.04 LTS,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"insight\", value:\"Jü ri Aedla discovered that OpenSSL incorrectly handled\ninvalid DTLS fragments. A remote attacker could use this issue to cause OpenSSL\nto crash, resulting in a denial of service, or possibly execute arbitrary\ncode. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and\nUbuntu 14.04 LTS. (CVE-2014-0195)\n\nImre Rad discovered that OpenSSL incorrectly handled DTLS recursions. A\nremote attacker could use this issue to cause OpenSSL to crash, resulting\nin a denial of service. (CVE-2014-0221)\n\nKIKUCHI Masashi discovered that OpenSSL incorrectly handled certain\nhandshakes. A remote attacker could use this flaw to perform a\nman-in-the-middle attack and possibly decrypt and modify traffic.\n(CVE-2014-0224)\n\nFelix Grö bert and Ivan Fratrić discovered that OpenSSL incorrectly handled\nanonymous ECDH ciphersuites. A remote attacker could use this issue to\ncause OpenSSL to crash, resulting in a denial of service. This issue only\naffected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS.\n(CVE-2014-3470)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"USN\", value:\"2232-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2232-1/\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|12\\.04 LTS|10\\.04 LTS|13\\.10)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl1.0.0:i386\", ver:\"1.0.1f-1ubuntu2.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.1-4ubuntu5.14\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl0.9.8\", ver:\"0.9.8k-7ubuntu8.18\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU13.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl1.0.0:i386\", ver:\"1.0.1e-3ubuntu1.4\", rls:\"UBUNTU13.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T18:39:09", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-06-09T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for openssl (openSUSE-SU-2014:0764-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2014-0195", "CVE-2014-0221"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310850591", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850591", "sourceData": "# Copyright (C) 2014 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850591\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2014-06-09 14:02:21 +0530 (Mon, 09 Jun 2014)\");\n script_cve_id(\"CVE-2014-0195\", \"CVE-2014-0221\", \"CVE-2014-0224\", \"CVE-2014-3470\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"openSUSE: Security Advisory for openssl (openSUSE-SU-2014:0764-1)\");\n\n script_tag(name:\"affected\", value:\"openssl on openSUSE 13.1, openSUSE 12.3\");\n\n script_tag(name:\"insight\", value:\"The openssl library was updated to version 1.0.1h fixing various security\n issues and bugs:\n\n Security issues fixed:\n\n - CVE-2014-0224: Fix for SSL/TLS MITM flaw. An attacker using a carefully\n crafted handshake can force the use of weak keying material in OpenSSL\n SSL/TLS clients and servers.\n\n - CVE-2014-0221: Fix DTLS recursion flaw. By sending an invalid DTLS\n handshake to an OpenSSL DTLS client the code can be made to recurse\n eventually crashing in a DoS attack.\n\n - CVE-2014-0195: Fix DTLS invalid fragment vulnerability. A buffer\n overrun attack can be triggered by sending invalid DTLS fragments to an\n OpenSSL DTLS client or server. This is potentially exploitable to run\n arbitrary code on a vulnerable client or server.\n\n - CVE-2014-3470: Fix bug in TLS code where clients enable anonymous ECDH\n ciphersuites are subject to a denial of service attack.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"openSUSE-SU\", value:\"2014:0764-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(openSUSE12\\.3|openSUSE13\\.1)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE12.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl-devel\", rpm:\"libopenssl-devel~1.0.1h~1.60.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0\", rpm:\"libopenssl1_0_0~1.0.1h~1.60.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-debuginfo\", rpm:\"libopenssl1_0_0-debuginfo~1.0.1h~1.60.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1h~1.60.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-debuginfo\", rpm:\"openssl-debuginfo~1.0.1h~1.60.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-debugsource\", rpm:\"openssl-debugsource~1.0.1h~1.60.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl-devel-32bit\", rpm:\"libopenssl-devel-32bit~1.0.1h~1.60.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-32bit\", rpm:\"libopenssl1_0_0-32bit~1.0.1h~1.60.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-debuginfo-32bit\", rpm:\"libopenssl1_0_0-debuginfo-32bit~1.0.1h~1.60.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-doc\", rpm:\"openssl-doc~1.0.1h~1.60.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"openSUSE13.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl-devel\", rpm:\"libopenssl-devel~1.0.1h~11.48.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0\", rpm:\"libopenssl1_0_0~1.0.1h~11.48.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-debuginfo\", rpm:\"libopenssl1_0_0-debuginfo~1.0.1h~11.48.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1h~11.48.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-debuginfo\", rpm:\"openssl-debuginfo~1.0.1h~11.48.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-debugsource\", rpm:\"openssl-debugsource~1.0.1h~11.48.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl-devel-32bit\", rpm:\"libopenssl-devel-32bit~1.0.1h~11.48.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-32bit\", rpm:\"libopenssl1_0_0-32bit~1.0.1h~11.48.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-debuginfo-32bit\", rpm:\"libopenssl1_0_0-debuginfo-32bit~1.0.1h~11.48.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-doc\", rpm:\"openssl-doc~1.0.1h~11.48.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-08-01T10:48:55", "description": "Multiple vulnerabilities have been discovered in OpenSSL:\n\nCVE-2014-0195 \nJueri Aedla discovered that a buffer overflow in processing DTLS\nfragments could lead to the execution of arbitrary code or denial\nof service.\n\nCVE-2014-0221 \nImre Rad discovered the processing of DTLS hello packets is\nsusceptible to denial of service.\n\nCVE-2014-0224 \nKIKUCHI Masashi discovered that carefully crafted handshakes can\nforce the use of weak keys, resulting in potential man-in-the-middle\nattacks.\n\nCVE-2014-3470 \nFelix Groebert and Ivan Fratric discovered that the implementation of\nanonymous ECDH ciphersuites is suspectible to denial of service.\n\nAdditional information can be found at\nhttp://www.openssl.org/news/secadv_20140605.txt", "cvss3": {}, "published": "2014-06-05T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2950-1 (openssl - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2014-0195", "CVE-2014-3153", "CVE-2014-0221"], "modified": "2017-07-17T00:00:00", "id": "OPENVAS:702950", "href": "http://plugins.openvas.org/nasl.php?oid=702950", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2950.nasl 6735 2017-07-17 09:56:49Z teissa $\n# Auto-generated from advisory DSA 2950-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_affected = \"openssl on Debian Linux\";\ntag_insight = \"This package contains the openssl binary and related tools.\";\ntag_solution = \"For the stable distribution (wheezy), these problems have been fixed in\nversion 1.0.1e-2+deb7u10. All applications linked to openssl need to\nbe restarted. You can use the tool checkrestart from the package\ndebian-goodies to detect affected programs or reboot your system. There's\nalso a forthcoming security update for the Linux kernel later the day\n(CVE-2014-3153 \n), so you need to reboot anyway. Perfect timing, isn't it?\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your openssl packages.\";\ntag_summary = \"Multiple vulnerabilities have been discovered in OpenSSL:\n\nCVE-2014-0195 \nJueri Aedla discovered that a buffer overflow in processing DTLS\nfragments could lead to the execution of arbitrary code or denial\nof service.\n\nCVE-2014-0221 \nImre Rad discovered the processing of DTLS hello packets is\nsusceptible to denial of service.\n\nCVE-2014-0224 \nKIKUCHI Masashi discovered that carefully crafted handshakes can\nforce the use of weak keys, resulting in potential man-in-the-middle\nattacks.\n\nCVE-2014-3470 \nFelix Groebert and Ivan Fratric discovered that the implementation of\nanonymous ECDH ciphersuites is suspectible to denial of service.\n\nAdditional information can be found at\nhttp://www.openssl.org/news/secadv_20140605.txt\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_id(702950);\n script_version(\"$Revision: 6735 $\");\n script_cve_id(\"CVE-2014-0195\", \"CVE-2014-0221\", \"CVE-2014-0224\", \"CVE-2014-3153\", \"CVE-2014-3470\");\n script_name(\"Debian Security Advisory DSA 2950-1 (openssl - security update)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-07-17 11:56:49 +0200 (Mon, 17 Jul 2017) $\");\n script_tag(name: \"creation_date\", value:\"2014-06-05 00:00:00 +0200 (Thu, 05 Jun 2014)\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-2950.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"1.0.1e-2+deb7u10\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-doc\", ver:\"1.0.1e-2+deb7u10\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.1e-2+deb7u10\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0-dbg\", ver:\"1.0.1e-2+deb7u10\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openssl\", ver:\"1.0.1e-2+deb7u10\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"1.0.1e-2+deb7u10\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-doc\", ver:\"1.0.1e-2+deb7u10\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.1e-2+deb7u10\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0-dbg\", ver:\"1.0.1e-2+deb7u10\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openssl\", ver:\"1.0.1e-2+deb7u10\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"1.0.1e-2+deb7u10\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-doc\", ver:\"1.0.1e-2+deb7u10\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.1e-2+deb7u10\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0-dbg\", ver:\"1.0.1e-2+deb7u10\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openssl\", ver:\"1.0.1e-2+deb7u10\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"1.0.1e-2+deb7u10\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-doc\", ver:\"1.0.1e-2+deb7u10\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.1e-2+deb7u10\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0-dbg\", ver:\"1.0.1e-2+deb7u10\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openssl\", ver:\"1.0.1e-2+deb7u10\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:37:28", "description": "Multiple vulnerabilities have been discovered in OpenSSL:\n\nCVE-2014-0195\nJueri Aedla discovered that a buffer overflow in processing DTLS\nfragments could lead to the execution of arbitrary code or denial\nof service.\n\nCVE-2014-0221\nImre Rad discovered the processing of DTLS hello packets is\nsusceptible to denial of service.\n\nCVE-2014-0224\nKIKUCHI Masashi discovered that carefully crafted handshakes can\nforce the use of weak keys, resulting in potential man-in-the-middle\nattacks.\n\nCVE-2014-3470\nFelix Groebert and Ivan Fratric discovered that the implementation of\nanonymous ECDH ciphersuites is suspectible to denial of service.", "cvss3": {}, "published": "2014-06-05T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2950-1 (openssl - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2014-0195", "CVE-2014-3153", "CVE-2014-0221"], "modified": "2019-03-19T00:00:00", "id": "OPENVAS:1361412562310702950", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310702950", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2950.nasl 14302 2019-03-19 08:28:48Z cfischer $\n# Auto-generated from advisory DSA 2950-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.702950\");\n script_version(\"$Revision: 14302 $\");\n script_cve_id(\"CVE-2014-0195\", \"CVE-2014-0221\", \"CVE-2014-0224\", \"CVE-2014-3153\", \"CVE-2014-3470\");\n script_name(\"Debian Security Advisory DSA 2950-1 (openssl - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-19 09:28:48 +0100 (Tue, 19 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-06-05 00:00:00 +0200 (Thu, 05 Jun 2014)\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2014/dsa-2950.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n script_tag(name:\"affected\", value:\"openssl on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (wheezy), these problems have been fixed in\nversion 1.0.1e-2+deb7u10. All applications linked to openssl need to\nbe restarted. You can use the tool checkrestart from the package\ndebian-goodies to detect affected programs or reboot your system. There's\nalso a forthcoming security update for the Linux kernel later the day\n(CVE-2014-3153\n), so you need to reboot anyway. Perfect timing, isn't it?\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your openssl packages.\");\n script_tag(name:\"summary\", value:\"Multiple vulnerabilities have been discovered in OpenSSL:\n\nCVE-2014-0195\nJueri Aedla discovered that a buffer overflow in processing DTLS\nfragments could lead to the execution of arbitrary code or denial\nof service.\n\nCVE-2014-0221\nImre Rad discovered the processing of DTLS hello packets is\nsusceptible to denial of service.\n\nCVE-2014-0224\nKIKUCHI Masashi discovered that carefully crafted handshakes can\nforce the use of weak keys, resulting in potential man-in-the-middle\nattacks.\n\nCVE-2014-3470\nFelix Groebert and Ivan Fratric discovered that the implementation of\nanonymous ECDH ciphersuites is suspectible to denial of service.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"1.0.1e-2+deb7u10\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl-doc\", ver:\"1.0.1e-2+deb7u10\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.1e-2+deb7u10\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl1.0.0-dbg\", ver:\"1.0.1e-2+deb7u10\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openssl\", ver:\"1.0.1e-2+deb7u10\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "f5": [{"lastseen": "2021-06-08T18:48:59", "description": "**Client-side components**Product| Versions known to be vulnerable| Versions known to be not vulnerable| Vulnerable component or feature \n---|---|---|--- \nBIG-IP LTM| 11.0.0 - 11.5.1 \n10.0.0 - 10.2.4| 12.0.0 \n11.6.0 \n11.5.1 HF3 \n11.5.0 HF4 \n11.2.1 HF15| Host-initiated SSL connections \nCOMPAT SSL ciphers \nBIG-IP AAM| 11.4.0 - 11.5.1| 12.0.0 \n11.6.0 \n11.5.1 HF3 \n11.5.0 HF4| Host-initiated SSL connections \nCOMPAT SSL ciphers \nBIG-IP AFM| 11.3.0 - 11.5.1| 12.0.0 \n11.6.0 \n11.5.1 HF3 \n11.5.0 HF4| Host-initiated SSL connections \nCOMPAT SSL ciphers \nBIG-IP Analytics| 11.0.0 - 11.5.1| 12.0.0 \n11.6.0 \n11.5.1 HF3 \n11.5.0 HF4 \n11.2.1 HF15| Host-initiated SSL connections \nCOMPAT SSL ciphers \nBIG-IP APM| 11.0.0 - 11.5.1 \n10.1.0 - 10.2.4| 12.0.0 \n11.6.0 \n11.5.1 HF3 \n11.5.0 HF4 \n11.2.1 HF15| Host-initiated SSL connections \nCOMPAT SSL ciphers \nBIG-IP ASM| 11.0.0 - 11.5.1 \n10.0.0 - 10.2.4| 12.0.0 \n11.6.0 \n11.5.1 HF3 \n11.5.0 HF4 \n11.2.1 HF15| Host-initiated SSL connections \nCOMPAT SSL ciphers \nBIG-IP DNS| None| 12.0.0| None \nBIG-IP Edge Gateway| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| 11.2.1 HF15| Host-initiated SSL connections \nCOMPAT SSL ciphers \nBIG-IP GTM| 11.0.0 - 11.5.1 \n10.0.0 - 10.2.4| 11.6.0 \n11.5.1 HF3 \n11.5.0 HF4 \n11.2.1 HF15| Host-initiated SSL connections \nBIG-IP Link Controller| 11.0.0 - 11.5.1 \n10.0.0 - 10.2.4| 12.0.0 \n11.6.0 \n11.5.1 HF3 \n11.5.0 HF4 \n11.2.1 HF15| Host-initiated SSL connections \nCOMPAT SSL ciphers \nBIG-IP PEM| 11.3.0 - 11.5.1| 11.5.1 HF3 \n11.5.0 HF4| Host-initiated SSL connections \nCOMPAT SSL ciphers \nBIG-IP PSM| 11.0.0 - 11.4.1 \n10.0.0 - 10.2.4| 11.2.1 HF15| Host-initiated SSL connections \nCOMPAT SSL ciphers \nBIG-IP WebAccelerator| 11.0.0 - 11.3.0 \n10.0.0 - 10.2.4| 11.2.1 HF15| Host-initiated SSL connections \nCOMPAT SSL ciphers \nBIG-IP WOM| 11.0.0 - 11.3.0 \n10.0.0 - 10.2.4| 11.2.1 HF15| Host-initiated SSL connections \nCOMPAT SSL ciphers \nARX| None| 6.0.0 - 6.4.0| None \nEnterprise Manager| 2.0.0 - 2.3.0| None| Host-initiated SSL connections \nFirePass| 7.0.0 \n6.0.0 - 6.1.0| None| Host-initiated SSL connections \nBIG-IQ Cloud| 4.0.0 - 4.3.0| None| Host-initiated SSL connections \nBIG-IQ Device| 4.2.0 - 4.3.0| None| Host-initiated SSL connections \nBIG-IQ Security| 4.0.0 - 4.3.0| None| Host-initiated SSL connections \nLineRate| 2.3.0 - 2.3.1 \n2.2.0 - 2.2.4 \n1.6.0 - 1.6.3| None| Host-initiated SSL connections \nBIG-IP Edge Clients for Linux| 6035 - 7071| 7101.2014.0612.* \n7100.2014.0612.* \n7091.2014.0612.* \n7090.2014.0612.* \n7080.2014.0624.*| VPN \nBIG-IP Edge Client for MAC OS X| 6035 - 7071| 7101.2014.0612.* \n7100.2014.0612.* \n7091.2014.0612.* \n7090.2014.0612.* \n7080.2014.0624.*| VPN \nBIG-IP Edge Client for Windows| 7101.* - 7101.2014.0611.* \n7100.* - 7100.2014.0611.* \n7091.* - 7091.2014.0611.* \n7090.* - 7090.2014.0611.* \n7080.* - 7080.2014.0623.* \n6035 - 7071| 7101.2014.0612.1847 \n7100.2014.0612.1847 \n7091.2014.0612.1950 \n7090.2014.0612.1853 \n7080.2014.0624.2054| VPN (DTLS Only) \nBIG-IP Edge Client for iOS| 2.0.0 - 2.0.2 \n1.0.5 - 1.0.6| 2.0.3| VPN \nBIG-IP Edge Client for Android| 2.0.1 - 2.0.4| 2.0.5| VPN \n \nVulnerability Recommended Actions\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists. \n \n**Important**: F5 has created an engineering hotfix to address this issue for FirePass 7.0. You can obtain the engineering hotfix by contacting [F5 Technical Support](<http://www.f5.com/training-support/customer-support/contact/>) and referencing this article number. For more information, refer to SOL8986: F5 software life cycle policy. \n \nF5 is responding to this vulnerability as determined by the parameters defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\n**Mitigating this vulnerability**\n\nTo mitigate this vulnerability, you should consider the following recommendations:\n\n * Consider denying access to the Configuration utility and using only the command line and** **Traffic Management Shell (**tmsh**) until the BIG-IP system is updated. If that is not possible, F5 recommends that you access the Configuration utility over only a secure network.\n * If SSL profiles are configured to use COMPAT ciphers, consider reconfiguring the profiles to use ciphers from the NATIVE SSL stack. For information about the NATIVE and COMPAT ciphers, refer to the following articles: \n \n\n * SOL13163: SSL ciphers supported on BIG-IP platforms (11.x - 12.x)\n * SOL13171: Configuring the cipher strength for SSL profiles (11.x)\n * SOL13187: COMPAT SSL ciphers are no longer included in standard cipher strings\n * Limit traffic between the BIG-IP system and pool members to trusted traffic.\n * Verify that servers with which the F5 device communicates (such as pool members) are not using vulnerable OpenSSL versions.\n\nSupplemental Information\n\n * For more information about SSL profiles, refer to the following articles: \n \n\n * SOL14783: Overview of the Client SSL profile (11.x - 12.x)\n * SOL14806: Overview of the Server SSL profile (11.x - 12.x)\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated document\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL17329: BIG-IP GTM name has changed to BIG-IP DNS\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.4, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.2}, "published": "2014-06-05T00:00:00", "type": "f5", "title": "SOL15325 - OpenSSL vulnerability CVE-2014-0224", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0224"], "modified": "2016-07-25T00:00:00", "id": "SOL15325", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15325.html", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2020-04-06T22:39:45", "description": "\nF5 Product Development has assigned IDs 465799 and 466486 (BIG-IP), ID 466469 (FirePass), ID 466956 (Enterprise Manager), ID 466954 (BIG-IQ), and ID 466317 (BIG-IP Edge Client) to this vulnerability. Additionally, BIG-IP [iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H465802 on the** Diagnostics** > **Identified** > **Medium | High** screen.\n\nTo determine if your release contains vulnerable server-side components, vulnerable client-side components, or both, and to obtain information about releases or hotfixes that resolve the vulnerability, refer to the following tables:\n\n**Server-side components**\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Vulnerable component or feature \n---|---|---|--- \nBIG-IP LTM| 11.5.0, 11.5.1| 12.0.0 \n11.6.0 \n11.5.3 \n11.5.2 \n11.5.1 HF3 \n11.5.0 HF4 \n11.0.0 - 11.4.1 \n10.0.0 - 10.2.4| Configuration utility \nbig3d \nCOMPAT SSL ciphers \nBIG-IP AAM| 11.5.0, 11.5.1| 12.0.0 \n11.6.0 \n11.5.3 \n11.5.2 \n11.5.1 HF3 \n11.5.0 HF4 \n11.4.0 - 11.4.1| Configuration utility \nbig3d \nCOMPAT SSL ciphers \nBIG-IP AFM| 11.5.0, 11.5.1| 12.0.0 \n11.6.0 \n11.5.3 \n11.5.2 \n11.5.1 HF3 \n11.5.0 HF4 \n11.3.0 - 11.4.1| Configuration utility \nbig3d \nCOMPAT SSL ciphers \nBIG-IP Analytics| 11.5.0, 11.5.1| 12.0.0 \n11.6.0 \n11.5.3 \n11.5.2 \n11.5.1 HF3 \n11.5.0 HF4 \n11.0.0 - 11.4.1| Configuration utility \nbig3d \nCOMPAT SSL ciphers \nBIG-IP APM| 11.5.0, 11.5.1| 12.0.0 \n11.6.0 \n11.5.3 \n11.5.2 \n11.5.1 HF3 \n11.5.0 HF4 \n11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| Configuration utility \nbig3d \nCOMPAT SSL ciphers \nBIG-IP ASM| 11.5.0, 11.5.1| 12.0.0 \n11.6.0 \n11.5.3 \n11.5.2 \n11.5.1 HF3 \n11.5.0 HF4 \n11.0.0 - 11.4.1 \n10.0.0 - 10.2.4| Configuration utility \nbig3d \nCOMPAT SSL ciphers \nBIG-IP DNS| None| 12.0.0| None \nBIG-IP Edge Gateway| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None \nBIG-IP GTM| 11.5.0, 11.5.1| 11.6.0 \n11.5.3 \n11.5.2 \n11.5.1 HF3 \n11.5.0 HF4 \n11.0.0 - 11.4.1 \n10.0.0 - 10.2.4| Configuration utility \nbig3d \nCOMPAT SSL ciphers \nBIG-IP Link Controller| 11.5.0, 11.5.1| 12.0.0 \n11.6.0 \n11.5.3 \n11.5.2 \n11.5.1 HF3 \n11.5.0 HF4 \n11.0.0 - 11.4.1 \n10.0.0 - 10.2.4| Configuration utility \nbig3d \nCOMPAT SSL ciphers \nBIG-IP PEM| 11.5.0, 11.5.1| 12.0.0 \n11.6.0 \n11.5.3 \n11.5.2 \n11.5.1 HF3 \n11.5.0 HF4 \n11.3.0 - 11.4.1| Configuration utility \nbig3d \nCOMPAT SSL ciphers \nBIG-IP PSM| None| 11.0.0 - 11.4.1 \n10.0.0 - 10.2.4| None \nBIG-IP WebAccelerator| None| 11.0.0 - 11.3.0 \n10.0.0 - 10.2.4| None \nBIG-IP WOM| None| 11.0.0 - 11.3.0 \n10.0.0 - 10.2.4| None \nARX| None| 6.0.0 - 6.4.0| None \nEnterprise Manager| None| 3.0.0 - 3.1.1 \n2.1.0 - 2.3.0| None \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| None \nBIG-IQ Cloud| None| 4.0.0 - 4.5.0| None \nBIG-IQ Device| None| 4.2.0 - 4.5.0| None \nBIG-IQ Security| None| 4.0.0 - 4.5.0| None \nLineRate| 2.3.0 - 2.3.1 \n2.2.0 - 2.2.4 \n1.6.0 - 1.6.3| None| OpenSSL \n \n**Client-side components**\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Vulnerable component or feature \n---|---|---|--- \nBIG-IP LTM| 11.0.0 - 11.5.1 \n10.0.0 - 10.2.4| 12.0.0 \n11.6.0 \n11.5.1 HF3 \n11.5.0 HF4 \n11.2.1 HF15| Host-initiated SSL connections \nCOMPAT SSL ciphers \nBIG-IP AAM| 11.4.0 - 11.5.1| 12.0.0 \n11.6.0 \n11.5.1 HF3 \n11.5.0 HF4| Host-initiated SSL connections \nCOMPAT SSL ciphers \nBIG-IP AFM| 11.3.0 - 11.5.1| 12.0.0 \n11.6.0 \n11.5.1 HF3 \n11.5.0 HF4| Host-initiated SSL connections \nCOMPAT SSL ciphers \nBIG-IP Analytics| 11.0.0 - 11.5.1| 12.0.0 \n11.6.0 \n11.5.1 HF3 \n11.5.0 HF4 \n11.2.1 HF15| Host-initiated SSL connections \nCOMPAT SSL ciphers \nBIG-IP APM| 11.0.0 - 11.5.1 \n10.1.0 - 10.2.4| 12.0.0 \n11.6.0 \n11.5.1 HF3 \n11.5.0 HF4 \n11.2.1 HF15| Host-initiated SSL connections \nCOMPAT SSL ciphers \nBIG-IP ASM| 11.0.0 - 11.5.1 \n10.0.0 - 10.2.4| 12.0.0 \n11.6.0 \n11.5.1 HF3 \n11.5.0 HF4 \n11.2.1 HF15| Host-initiated SSL connections \nCOMPAT SSL ciphers \nBIG-IP DNS| None| 12.0.0| None \nBIG-IP Edge Gateway| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| 11.2.1 HF15| Host-initiated SSL connections \nCOMPAT SSL ciphers \nBIG-IP GTM| 11.0.0 - 11.5.1 \n10.0.0 - 10.2.4| 11.6.0 \n11.5.1 HF3 \n11.5.0 HF4 \n11.2.1 HF15| Host-initiated SSL connections \nBIG-IP Link Controller| 11.0.0 - 11.5.1 \n10.0.0 - 10.2.4| 12.0.0 \n11.6.0 \n11.5.1 HF3 \n11.5.0 HF4 \n11.2.1 HF15| Host-initiated SSL connections \nCOMPAT SSL ciphers \nBIG-IP PEM| 11.3.0 - 11.5.1| 11.5.1 HF3 \n11.5.0 HF4| Host-initiated SSL connections \nCOMPAT SSL ciphers \nBIG-IP PSM| 11.0.0 - 11.4.1 \n10.0.0 - 10.2.4| 11.2.1 HF15| Host-initiated SSL connections \nCOMPAT SSL ciphers \nBIG-IP WebAccelerator| 11.0.0 - 11.3.0 \n10.0.0 - 10.2.4| 11.2.1 HF15| Host-initiated SSL connections \nCOMPAT SSL ciphers \nBIG-IP WOM| 11.0.0 - 11.3.0 \n10.0.0 - 10.2.4| 11.2.1 HF15| Host-initiated SSL connections \nCOMPAT SSL ciphers \nARX| None| 6.0.0 - 6.4.0| None \nEnterprise Manager| 2.0.0 - 2.3.0| None| Host-initiated SSL connections \nFirePass| 7.0.0 \n6.0.0 - 6.1.0| None| Host-initiated SSL connections \nBIG-IQ Cloud| 4.0.0 - 4.3.0| None| Host-initiated SSL connections \nBIG-IQ Device| 4.2.0 - 4.3.0| None| Host-initiated SSL connections \nBIG-IQ Security| 4.0.0 - 4.3.0| None| Host-initiated SSL connections \nLineRate| 2.3.0 - 2.3.1 \n2.2.0 - 2.2.4 \n1.6.0 - 1.6.3| None| Host-initiated SSL connections \nBIG-IP Edge Clients for Linux| 6035 - 7071| 7101.2014.0612.* \n7100.2014.0612.* \n7091.2014.0612.* \n7090.2014.0612.* \n7080.2014.0624.*| VPN \nBIG-IP Edge Client for MAC OS X| 6035 - 7071| 7101.2014.0612.* \n7100.2014.0612.* \n7091.2014.0612.* \n7090.2014.0612.* \n7080.2014.0624.*| VPN \nBIG-IP Edge Client for Windows| 7101.* - 7101.2014.0611.* \n7100.* - 7100.2014.0611.* \n7091.* - 7091.2014.0611.* \n7090.* - 7090.2014.0611.* \n7080.* - 7080.2014.0623.* \n6035 - 7071| 7101.2014.0612.1847 \n7100.2014.0612.1847 \n7091.2014.0612.1950 \n7090.2014.0612.1853 \n7080.2014.0624.2054| VPN (DTLS Only) \nBIG-IP Edge Client for iOS| 2.0.0 - 2.0.2 \n1.0.5 - 1.0.6| 2.0.3| VPN \nBIG-IP Edge Client for Android| 2.0.1 - 2.0.4| 2.0.5| VPN\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable column**. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\n**Mitigating this vulnerability**\n\nTo mitigate this vulnerability, you should consider the following recommendations:\n\n * Consider denying access to the Configuration utility and using only the command line and** **Traffic Management Shell (**tmsh**) until the BIG-IP system is updated. If that is not possible, F5 recommends that you access the Configuration utility over only a secure network.\n * If SSL profiles are configured to use COMPAT ciphers, consider reconfiguring the profiles to use ciphers from the NATIVE SSL stack. For information about the NATIVE and COMPAT ciphers, refer to the following articles: \n\n * [K13163: SSL ciphers supported on BIG-IP platforms (11.x - 12.x)](<https://support.f5.com/csp/article/K13163>)\n * [K13171: Configuring the cipher strength for SSL profiles (11.x)](<https://support.f5.com/csp/article/K13171>)\n * [K13187: COMPAT SSL ciphers are no longer included in standard cipher strings](<https://support.f5.com/csp/article/K13187>)\n * Limit traffic between the BIG-IP system and pool members to trusted traffic.\n * Verify that servers with which the F5 device communicates (such as pool members) are not using vulnerable OpenSSL versions.\n\n * For more information about SSL profiles, refer to the following articles: \n * [K14783: Overview of the Client SSL profile (11.x - 12.x)](<https://support.f5.com/csp/article/K14783>)\n * [K14806: Overview of the Server SSL profile (11.x - 12.x)](<https://support.f5.com/csp/article/K14806>)\n * The [Nmap ssl-ccs-injection](<https://nmap.org/nsedoc/scripts/ssl-ccs-injection.html>) page \n**Note:** This link takes you to a resource outside of AskF5. The third party could remove the document without our knowledge.\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated document](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K17329: BIG-IP GTM name has changed to BIG-IP DNS](<https://support.f5.com/csp/article/K17329>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.4, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.2}, "published": "2015-10-15T21:04:00", "type": "f5", "title": "OpenSSL vulnerability CVE-2014-0224", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0224"], "modified": "2019-11-12T22:53:00", "id": "F5:K15325", "href": "https://support.f5.com/csp/article/K15325", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}], "nessus": [{"lastseen": "2021-08-26T00:43:11", "description": "The remote host is running a version of Palo Alto Networks PAN-OS prior to 5.0.14 / 5.1.9 / 6.0.4. It is, therefore, affected by a flaw in the included OpenSSL library that can cause the client or server to use weak keying material, which a remote attacker can exploit to conduct a man-in-the-middle attack.", "cvss3": {"score": null, "vector": null}, "published": "2014-10-20T00:00:00", "type": "nessus", "title": "Palo Alto Networks PAN-OS < 5.0.14 / 5.1.x < 5.1.9 / 6.0.x < 6.0.4 OpenSSL MitM", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0224"], "modified": "2018-07-24T00:00:00", "cpe": ["cpe:/o:paloaltonetworks:pan-os"], "id": "PALO_ALTO_PAN-SA-2014-0003.NASL", "href": "https://www.tenable.com/plugins/nessus/78586", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78586);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/07/24 18:56:13\");\n\n script_cve_id(\"CVE-2014-0224\");\n script_bugtraq_id(67899);\n script_xref(name:\"CERT\", value:\"978508\");\n\n script_name(english:\"Palo Alto Networks PAN-OS < 5.0.14 / 5.1.x < 5.1.9 / 6.0.x < 6.0.4 OpenSSL MitM\");\n script_summary(english:\"Checks the PAN-OS version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\"The remote host is affected by a man-in-the-middle vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Palo Alto Networks PAN-OS\nprior to 5.0.14 / 5.1.9 / 6.0.4. It is, therefore, affected by a flaw\nin the included OpenSSL library that can cause the client or server to\nuse weak keying material, which a remote attacker can exploit to\nconduct a man-in-the-middle attack.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://securityadvisories.paloaltonetworks.com/Home/Detail/23\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to PAN-OS version 5.0.14 / 5.1.9 / 6.0.4 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\nscript_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:paloaltonetworks:pan-os\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Palo Alto Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"palo_alto_version.nbin\");\n script_require_keys(\"Host/Palo_Alto/Firewall/Version\", \"Host/Palo_Alto/Firewall/Full_Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\napp_name = \"Palo Alto Networks PAN-OS\";\nversion = get_kb_item_or_exit(\"Host/Palo_Alto/Firewall/Version\");\nfull_version = get_kb_item_or_exit(\"Host/Palo_Alto/Firewall/Full_Version\");\nfix = NULL;\n\n# Ensure sufficient granularity.\nif (version !~ \"^\\d+\\.\\d+\") audit(AUDIT_VER_NOT_GRANULAR, app_name, full_version);\n\nif (version =~ \"^5\\.1($|[^0-9])\")\n fix = \"5.1.9\";\nelse if (version =~ \"^6\\.0($|[^0-9])\")\n fix = \"6.0.4\";\nelse\n fix = \"5.0.14\";\n\n# Compare version to fix and report as needed.\nif (ver_compare(ver:version, fix:fix, strict:FALSE) == -1)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Installed version : ' + full_version +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_warning(extra:report, port:0);\n }\n else security_warning(0);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, app_name, full_version);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-26T00:44:30", "description": "From Red Hat Security Advisory 2014:0680 :\n\nUpdated openssl098e packages that fix one security issue are now available for Red Hat Enterprise Linux 7.\n\nThe Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.\n\nIt was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server.\n(CVE-2014-0224)\n\nNote: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL. For more information about this flaw, refer to: https://access.redhat.com/site/articles/904433\n\nRed Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter of this issue.\n\nAll OpenSSL users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.", "cvss3": {"score": 7.4, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}, "published": "2014-07-24T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : openssl098e (ELSA-2014-0680)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0224"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:openssl098e", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2014-0680.NASL", "href": "https://www.tenable.com/plugins/nessus/76730", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2014:0680 and \n# Oracle Linux Security Advisory ELSA-2014-0680 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76730);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-0224\");\n script_bugtraq_id(67899);\n script_xref(name:\"RHSA\", value:\"2014:0680\");\n\n script_name(english:\"Oracle Linux 7 : openssl098e (ELSA-2014-0680)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2014:0680 :\n\nUpdated openssl098e packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 7.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL\nv2/v3) and Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nIt was found that OpenSSL clients and servers could be forced, via a\nspecially crafted handshake packet, to use weak keying material for\ncommunication. A man-in-the-middle attacker could use this flaw to\ndecrypt and modify traffic between a client and a server.\n(CVE-2014-0224)\n\nNote: In order to exploit this flaw, both the server and the client\nmust be using a vulnerable version of OpenSSL; the server must be\nusing OpenSSL version 1.0.1 and above, and the client must be using\nany version of OpenSSL. For more information about this flaw, refer\nto: https://access.redhat.com/site/articles/904433\n\nRed Hat would like to thank the OpenSSL project for reporting this\nissue. Upstream acknowledges KIKUCHI Masashi of Lepidum as the\noriginal reporter of this issue.\n\nAll OpenSSL users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. For the update\nto take effect, all services linked to the OpenSSL library (such as\nhttpd and other SSL-enabled services) must be restarted or the system\nrebooted.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2014-July/004273.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl098e package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:X/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl098e\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"openssl098e-0.9.8e-29.el7_0.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl098e\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-08-26T00:35:01", "description": "The remote Cisco device is running a version of IOS XR software that is affected by security bypass vulnerability in the bundled OpenSSL library due to an unspecified error that can allow an attacker to cause the usage of weak keying material, leading to simplified man-in-the-middle attacks.", "cvss3": {"score": null, "vector": null}, "published": "2016-02-26T00:00:00", "type": "nessus", "title": "Cisco IOS XR OpenSSL Security Bypass (CSCup22654)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0224"], "modified": "2021-04-08T00:00:00", "cpe": ["cpe:/o:cisco:ios_xr"], "id": "CISCO-SA-20140605-OPENSSL-IOSXR.NASL", "href": "https://www.tenable.com/plugins/nessus/88990", "sourceData": "#TRUSTED 0518004f472da6c594707f8202e799c6049bdcec6425ab0dda3b5d97322354008ad484f827f2a4b8ddd1cf7456d5aea0057b2350b681178dda44c97da334814b18576748efdec6a27d1ff6044f76c5bbf5677c35ebc41dbeafb878bc426b635c9e5f4170c4ff9bc0a7d0507fd5cc5796617c932ec3ffcef96f2a3d21060feaef9307bea58656015814b271012419f15f0675e5100bfabdcf46ccb23265f33bee5ea10fa69b47e2772ef88b28542989b2bebcb2d7c61cce4c193199e69aaa4808fb6ee6fda94001d0f1268135c05918704eb3625e5da991bbb5d996c1425b55924a2e43714283d1fd460d4c9beb50868872a0e530f1eec625a9ab8a58409d3ea9a1bc1a12568d1a28f48e4c2a66cb6c43787ca48a125da702d79b70f6f7903a40d09dca69958f6ee20b8c516a8f288e58140a7d0b8ec131e9dc58271aaf5ca486f44c0f69193e00c4dd7434dbfa1797b08db06c6f595ead8687201e209085110bb2a046ef5e6155df03f194155c39f730caae51e2a94cd37bc8ca260b60ec3494e151889bdffd4edb0200837d75be1b65cfca75ba9a2b330ca528e056928c5d010e5ed77a903455206aae2f9253dfcbf0fae2daf9fae9c8684d7caebd9ecd0d70c6aeffd5b77bc56d2b2e43a2d9e034609691c883f69ecfd912d64b9aae7ed054f66f5dcb39772eccd9cd9bb1659498de82ebcd7be5502587e0f41c0a84abc687\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(88990);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/08\");\n\n script_cve_id(\"CVE-2014-0224\");\n script_bugtraq_id(67899);\n script_xref(name:\"CERT\", value:\"978508\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCup22654\");\n script_xref(name:\"CISCO-SA\", value:\"cisco-sa-20140605-openssl\");\n\n script_name(english:\"Cisco IOS XR OpenSSL Security Bypass (CSCup22654)\");\n script_summary(english:\"Checks the IOS XR version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is missing a vendor-supplied security patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Cisco device is running a version of IOS XR software that\nis affected by security bypass vulnerability in the bundled OpenSSL\nlibrary due to an unspecified error that can allow an attacker to\ncause the usage of weak keying material, leading to simplified\nman-in-the-middle attacks.\");\n # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl#@ID\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0aa6a7e6\");\n script_set_attribute(attribute:\"see_also\", value:\"https://tools.cisco.com/bugsearch/bug/CSCup22654\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20140605.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/vulnerabilities.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.imperialviolet.org/2014/06/05/earlyccs.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to the relevant fixed version referenced in Cisco bug ID\nCSCup22654.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0224\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:cisco:ios_xr\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CISCO\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"cisco_ios_xr_version.nasl\");\n script_require_keys(\"Host/Cisco/IOS-XR/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"cisco_func.inc\");\ninclude(\"cisco_kb_cmd_func.inc\");\n\nversion = get_kb_item_or_exit(\"Host/Cisco/IOS-XR/Version\");\noverride = FALSE;\n\n# all releases from 4.3.1 through 5.2.0 are affected\nif (\n !(\n version =~ \"^4\\.3\\.[1-9]\" ||\n version =~ \"^5\\.[01]\\.\" ||\n version =~ \"^5\\.2\\.0($|[^0-9])\"\n )\n) audit(AUDIT_INST_VER_NOT_VULN, 'Cisco IOS XR', version);\n\nport = get_kb_item(\"Host/Cisco/IOS-XR/Port\");\nif(empty_or_null(port))\n port = 0;\n\nif (!isnull(get_kb_item(\"Host/local_checks_enabled\")))\n{\n flag = FALSE;\n buf = cisco_command_kb_item(\n \"Host/Cisco/Config/show_running-config_all\", \"show running-config all\");\n\n # Check for services utilizing SSL/TLS\n if (check_cisco_result(buf))\n {\n override = FALSE;\n\n if (\n # Web UI HTTPS\n preg(string:buf, pattern:\"^http server ssl\", multiline:TRUE) ||\n # XML Agent\n cisco_check_sections(\n config:buf,\n section_regex:\"^xml agent ssl\",\n config_regex:'^\\\\s*no shutdown'\n )\n ) flag++;\n }\n else if (cisco_needs_enable(buf))\n {\n flag = TRUE;\n override = TRUE;\n }\n\n if (!flag)\n audit(AUDIT_HOST_NOT, \"affected because it does not appear as though any service utilizing the OpenSSL library is enabled\");\n\n}\n\nif (report_verbosity > 0)\n{\n report =\n '\\n Cisco bug IDs : CSCup22654' +\n '\\n Installed release : ' + version +\n '\\n Fixed release : 5.3.0' +\n '\\n';\n security_warning(port:port, extra:report+cisco_caveat(override));\n}\nelse security_warning(port:port, extra:cisco_caveat(override));\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-08-26T00:52:13", "description": "SunOS 5.10: openssl patch.\nDate this patch was last updated by Sun : Dec/17/15\n\nThis plugin has been deprecated and either replaced with individual 148071 patch-revision plugins, or deemed non-security related.", "cvss3": {"score": null, "vector": null}, "published": "2013-06-02T00:00:00", "type": "nessus", "title": "Solaris 10 (sparc) : 148071-19 (deprecated)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0224"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:sun:solaris"], "id": "SOLARIS10_148071.NASL", "href": "https://www.tenable.com/plugins/nessus/66739", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# @DEPRECATED@\n#\n# Disabled on 2018/03/12. Deprecated and either replaced by\n# individual patch-revision plugins, or has been deemed a\n# non-security advisory.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(66739);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-0224\");\n script_bugtraq_id(67899);\n\n script_name(english:\"Solaris 10 (sparc) : 148071-19 (deprecated)\");\n script_summary(english:\"Check for patch 148071-19\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"This plugin has been deprecated.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"SunOS 5.10: openssl patch.\nDate this patch was last updated by Sun : Dec/17/15\n\nThis plugin has been deprecated and either replaced with individual\n148071 patch-revision plugins, or deemed non-security related.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/148071-19\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"n/a\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:sun:solaris\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/06/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\nexit(0, \"This plugin has been deprecated. Consult specific patch-revision plugins for patch 148071 instead.\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-26T00:45:39", "description": "The remote device is running a software version known to be affected by an OpenSSL related vulnerability. The flaw could allow a MiTM attacker to decrypt or forge SSL messages by telling the service to begin encrypted communications before key material has been exchanged, which causes predictable keys to be used to secure future traffic.", "cvss3": {"score": null, "vector": null}, "published": "2014-06-18T00:00:00", "type": "nessus", "title": "Cisco ACE30 and ACE4710 OpenSSL 'ChangeCipherSpec' MiTM Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0224"], "modified": "2019-11-26T00:00:00", "cpe": ["cpe:/a:cisco:application_control_engine_software"], "id": "CISCO-CSCUP22544-ACE.NASL", "href": "https://www.tenable.com/plugins/nessus/76127", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76127);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/11/26\");\n\n script_cve_id(\"CVE-2014-0224\");\n script_bugtraq_id(67899);\n script_xref(name:\"CERT\", value:\"978508\");\n\n script_name(english:\"Cisco ACE30 and ACE4710 OpenSSL 'ChangeCipherSpec' MiTM Vulnerability\");\n script_summary(english:\"Checks device version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by a man-in-the-middle vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote device is running a software version known to be affected\nby an OpenSSL related vulnerability. The flaw could allow a MiTM\nattacker to decrypt or forge SSL messages by telling the service to\nbegin encrypted communications before key material has been exchanged,\nwhich causes predictable keys to be used to secure future traffic.\");\n # http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5539aa9d\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20140605.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"There is currently no known solution.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:U/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0224\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:cisco:application_control_engine_software\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CISCO\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"cisco_ace_version.nasl\");\n script_require_keys(\"Host/Cisco/ACE/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\n\nversion = get_kb_item(\"Host/Cisco/ACE/Version\");\nif (isnull(version)) audit(AUDIT_NOT_INST, 'Cisco ACE');\n\nif (\n version =~ \"^A4\\(([01]\\..+|2\\.[0-3][^\\d]*)\\)\" ||\n version =~ \"^A5\\(([012]\\..+|3\\.0[^\\d]*)\\)\"\n)\n{\n if (report_verbosity > 0)\n {\n report = '\\n Installed version : ' + version +\n '\\n';\n security_warning(port:0, extra:report);\n }\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, \"Cisco ACE\", version);\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-08-26T00:41:03", "description": "The remote Solaris system is missing necessary patches to address security updates :\n\n - OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the 'CCS Injection' vulnerability.\n (CVE-2014-0224)", "cvss3": {"score": null, "vector": null}, "published": "2015-01-19T00:00:00", "type": "nessus", "title": "Oracle Solaris Third-Party Patch Update : openssl (cve_2014_0224_cryptographic_issues1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0224"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:oracle:solaris:11.1", "p-cpe:/a:oracle:solaris:openssl"], "id": "SOLARIS11_OPENSSL_20141014.NASL", "href": "https://www.tenable.com/plugins/nessus/80723", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Oracle Third Party software advisories.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80723);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-0224\");\n\n script_name(english:\"Oracle Solaris Third-Party Patch Update : openssl (cve_2014_0224_cryptographic_issues1)\");\n script_summary(english:\"Check for the 'entire' version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Solaris system is missing a security patch for third-party\nsoftware.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1\n before 1.0.1h does not properly restrict processing of\n ChangeCipherSpec messages, which allows\n man-in-the-middle attackers to trigger use of a\n zero-length master key in certain OpenSSL-to-OpenSSL\n communications, and consequently hijack sessions or\n obtain sensitive information, via a crafted TLS\n handshake, aka the 'CCS Injection' vulnerability.\n (CVE-2014-0224)\"\n );\n # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4a913f44\"\n );\n # https://blogs.oracle.com/sunsecurity/cve-2014-0224-cryptographic-issues-vulnerability-in-openssl\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4c44d184\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Solaris 11.1.20.5.0.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:11.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:openssl\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris11/release\", \"Host/Solaris11/pkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Solaris11/release\");\nif (isnull(release)) audit(AUDIT_OS_NOT, \"Solaris11\");\npkg_list = solaris_pkg_list_leaves();\nif (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, \"Solaris pkg-list packages\");\n\nif (empty_or_null(egrep(string:pkg_list, pattern:\"^openssl$\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n\nflag = 0;\n\nif (solaris_check_release(release:\"0.5.11-0.175.1.20.0.5.0\", sru:\"SRU 11.1.20.5.0\") > 0) flag++;\n\nif (flag)\n{\n error_extra = 'Affected package : openssl\\n' + solaris_get_report2();\n error_extra = ereg_replace(pattern:\"version\", replace:\"OS version\", string:error_extra);\n if (report_verbosity > 0) security_warning(port:0, extra:error_extra);\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_PACKAGE_NOT_AFFECTED, \"openssl\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-26T00:45:57", "description": "The remote Blue Coat ProxySG device's SGOS self-reported version is 6.4 prior to 6.4.6.4. It, therefore, contains a bundled version of OpenSSL that has multiple flaws, including an unspecified error that could allow an attacker to cause usage of weak keying material leading to simplified man-in-the-middle attacks.", "cvss3": {"score": null, "vector": null}, "published": "2014-06-26T00:00:00", "type": "nessus", "title": "Blue Coat ProxySG 6.4.x OpenSSL Security Bypass", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0224"], "modified": "2019-11-26T00:00:00", "cpe": ["cpe:/o:bluecoat:sgos"], "id": "BLUECOAT_PROXY_SG_6_4_6_4.NASL", "href": "https://www.tenable.com/plugins/nessus/76256", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76256);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/11/26\");\n\n script_cve_id(\"CVE-2014-0224\");\n script_bugtraq_id(67899);\n script_xref(name:\"CERT\", value:\"978508\");\n\n script_name(english:\"Blue Coat ProxySG 6.4.x OpenSSL Security Bypass\");\n script_summary(english:\"Checks the Blue Coat ProxySG SGOS version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is affected by a security bypass vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Blue Coat ProxySG device's SGOS self-reported version is\n6.4 prior to 6.4.6.4. It, therefore, contains a bundled version of\nOpenSSL that has multiple flaws, including an unspecified error that\ncould allow an attacker to cause usage of weak keying material leading\nto simplified man-in-the-middle attacks.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bto.bluecoat.com/security-advisory/sa80\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to version 6.4.6.4 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0224\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:bluecoat:sgos\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Firewalls\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"bluecoat_proxy_sg_version.nasl\");\n script_require_keys(\"Host/BlueCoat/ProxySG/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit(\"Host/BlueCoat/ProxySG/Version\");\nui_version = get_kb_item(\"Host/BlueCoat/ProxySG/UI_Version\");\n\nif (version !~ \"^6\\.4\\.\") audit(AUDIT_HOST_NOT, \"Blue Coat ProxySG 6.4.x\");\n\nreport_fix = NULL;\n\n# Select version for report\nif (isnull(ui_version)) report_ver = version;\nelse report_ver = ui_version;\n\nif (version =~ \"^6\\.4\\.\" && ver_compare(ver:version, fix:\"6.4.6.4\", strict:FALSE) == -1)\n{\n fix = '6.4.6.4';\n ui_fix = '6.4.6.4 Build 0';\n\n # Select fixed version for report\n if (isnull(ui_version)) report_fix = fix;\n else report_fix = ui_fix;\n}\n\nif (!isnull(report_fix))\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Installed version : ' + report_ver +\n '\\n Fixed version : ' + report_fix +\n '\\n';\n security_warning(port:0, extra:report);\n }\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, 'Blue Coat ProxySG', version);\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-08-26T00:43:26", "description": "The remote HP OfficeJet printer is affected by a security bypass vulnerability. The included OpenSSL library has a security bypass flaw in the handshake process. By using a specially crafted handshake, a remote attacker can force the use of weak keying material. This could be leveraged for a man-in-the-middle attack.", "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "published": "2014-10-09T00:00:00", "type": "nessus", "title": "HP OfficeJet Printer Security Bypass (HPSBPI03107)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0224"], "modified": "2019-11-25T00:00:00", "cpe": ["cpe:/h:hp:officejet"], "id": "HP_OFFICEJET_HPSBPI03107.NASL", "href": "https://www.tenable.com/plugins/nessus/78111", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78111);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/11/25\");\n\n script_cve_id(\"CVE-2014-0224\");\n script_bugtraq_id(67899);\n script_xref(name:\"CERT\", value:\"978508\");\n script_xref(name:\"HP\", value:\"emr_na-c04451722\");\n script_xref(name:\"HP\", value:\"HPSBPI03107\");\n\n script_name(english:\"HP OfficeJet Printer Security Bypass (HPSBPI03107)\");\n script_summary(english:\"Checks the model/firmware of HP OfficeJet printer.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote HP OfficeJet printer is affected by a security bypass\nvulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote HP OfficeJet printer is affected by a security bypass\nvulnerability. The included OpenSSL library has a security bypass flaw\nin the handshake process. By using a specially crafted handshake, a\nremote attacker can force the use of weak keying material. This could\nbe leveraged for a man-in-the-middle attack.\");\n # https://h20566.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04451722\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5ec99199\");\n script_set_attribute(attribute:\"solution\", value:\n\"HP has released firmware updates for the affected products.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0224\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:hp:officejet\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"hp_officejet_web_detect.nbin\");\n script_require_keys(\"hp/officejet/detected\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n##\n# Strictly checks the firmware versions.\n#\n# @param string Host firmware version\n# @param string Fixed firmware version\n#\n# @return -1 if host firmware < fixed firmware\n# 0 if host firmware = fixed firmware\n# 1 if host firmware > fixed firmware\n##\nfunction check_firmware(ver, fix)\n{\n local_var vlen, flen, vfield, ffield, i;\n\n ver = split(ver, sep:'_', keep:FALSE);\n fix = split(fix, sep:'_', keep:FALSE);\n\n vlen = max_index(ver);\n flen = max_index(fix);\n if (vlen != flen)\n return 0;\n\n for (i = 0; i < vlen || i < flen; i++)\n {\n vfield = int(ver[i]);\n ffield = int(fix[i]);\n\n if (vfield < ffield)\n return -1;\n\n if (vfield > ffield)\n return 1;\n }\n\n return 0;\n}\n\n##\n#\n# Script starts here.\n#\n##\nget_kb_item_or_exit(\"hp/officejet/detected\");\n\nprinter_kbs = get_kb_list_or_exit(\"hp/officejet/*/model\");\nports = make_list();\n\nforeach printer_kb (keys(printer_kbs))\n{\n matches = eregmatch(string:printer_kb, pattern:\"hp/officejet/([0-9]+)/model\");\n if (isnull(matches) || isnull(matches[1]))\n continue;\n port = int(matches[1]);\n ports = make_list(ports, port);\n}\n\n# empty list of ports\nif (isnull(keys(ports)))\n audit(AUDIT_HOST_NOT, \"HP OfficeJet Printer\");\n\nports = list_uniq(ports);\n\nport = branch(ports);\n\nkb_base = \"hp/officejet/\" + port + \"/\";\n\nproduct = get_kb_item_or_exit(kb_base + \"product\");\nmodel = get_kb_item_or_exit(kb_base + \"model\");\nfirmware = get_kb_item_or_exit(kb_base + \"firmware\");\n\n# from the HP advisory\nif (model == \"B5L04A\" ||\n model == \"B5L05A\" ||\n model == \"B5L07A\")\n fixed_firmware = \"2302963_436066\";\nelse if (model == \"C2S11A\" ||\n model == \"C2S12A\")\n fixed_firmware = \"2302963_436074\";\nelse\n exit(0, \"The \" + product + \" \" + model + \" listening on port \" + port + \" is not affected.\");\n\nif(!egrep(pattern:\"^[0-9]+_[0-9]+\", string:firmware))\n exit(0, \"The \" + product + \" \" + model + \" running firmware \" + firmware + \" listening on port \" + port + \" does not have the expected firmware format.\");\n\nif (check_firmware(ver:firmware, fix:fixed_firmware) >= 0)\n exit(0, \"The \" + product + \" \" + model + \" running firmware \" + firmware + \" listening on port \" + port + \" is not affected.\");\n\nif (report_verbosity > 0)\n{\n report =\n '\\n Printer : ' + product +\n '\\n Model : ' + model +\n '\\n Installed firmware : ' + firmware +\n '\\n Fixed firmware : ' + fixed_firmware +\n '\\n';\n security_warning(extra:report, port:port);\n}\nelse security_warning(port);\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-08-26T00:52:22", "description": "SunOS 5.10_x86: openssl patch.\nDate this patch was last updated by Sun : Dec/17/15\n\nThis plugin has been deprecated and either replaced with individual 148072 patch-revision plugins, or deemed non-security related.", "cvss3": {"score": null, "vector": null}, "published": "2013-06-02T00:00:00", "type": "nessus", "title": "Solaris 10 (x86) : 148072-19 (deprecated)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0224"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:sun:solaris"], "id": "SOLARIS10_X86_148072.NASL", "href": "https://www.tenable.com/plugins/nessus/66740", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# @DEPRECATED@\n#\n# Disabled on 2018/03/12. Deprecated and either replaced by\n# individual patch-revision plugins, or has been deemed a\n# non-security advisory.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(66740);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-0224\");\n script_bugtraq_id(67899);\n\n script_name(english:\"Solaris 10 (x86) : 148072-19 (deprecated)\");\n script_summary(english:\"Check for patch 148072-19\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"This plugin has been deprecated.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"SunOS 5.10_x86: openssl patch.\nDate this patch was last updated by Sun : Dec/17/15\n\nThis plugin has been deprecated and either replaced with individual\n148072 patch-revision plugins, or deemed non-security related.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/148072-19\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"n/a\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:sun:solaris\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/06/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\nexit(0, \"This plugin has been deprecated. Consult specific patch-revision plugins for patch 148072 instead.\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-26T00:46:00", "description": "Updated openssl packages that fix one security issue are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.\n\nIt was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server.\n(CVE-2014-0224)\n\nNote: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL. For more information about this flaw, refer to: https://access.redhat.com/site/articles/904433\n\nRed Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter of this issue.\n\nAll OpenSSL users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.", "cvss3": {"score": 7.4, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}, "published": "2014-06-06T00:00:00", "type": "nessus", "title": "CentOS 5 : openssl (CESA-2014:0624)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0224"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:openssl", "p-cpe:/a:centos:centos:openssl-devel", "p-cpe:/a:centos:centos:openssl-perl", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2014-0624.NASL", "href": "https://www.tenable.com/plugins/nessus/74333", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:0624 and \n# CentOS Errata and Security Advisory 2014:0624 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74333);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2014-0224\");\n script_bugtraq_id(67899);\n script_xref(name:\"RHSA\", value:\"2014:0624\");\n\n script_name(english:\"CentOS 5 : openssl (CESA-2014:0624)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated openssl packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL\nv2/v3) and Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nIt was found that OpenSSL clients and servers could be forced, via a\nspecially crafted handshake packet, to use weak keying material for\ncommunication. A man-in-the-middle attacker could use this flaw to\ndecrypt and modify traffic between a client and a server.\n(CVE-2014-0224)\n\nNote: In order to exploit this flaw, both the server and the client\nmust be using a vulnerable version of OpenSSL; the server must be\nusing OpenSSL version 1.0.1 and above, and the client must be using\nany version of OpenSSL. For more information about this flaw, refer\nto: https://access.redhat.com/site/articles/904433\n\nRed Hat would like to thank the OpenSSL project for reporting this\nissue. Upstream acknowledges KIKUCHI Masashi of Lepidum as the\noriginal reporter of this issue.\n\nAll OpenSSL users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. For the update\nto take effect, all services linked to the OpenSSL library (such as\nhttpd and other SSL-enabled services) must be restarted or the system\nrebooted.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2014-June/020347.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4762fc5d\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2014-June/020349.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a15140df\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:X/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0224\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"openssl-0.9.8e-27.el5_10.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openssl-devel-0.9.8e-27.el5_10.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openssl-perl-0.9.8e-27.el5_10.3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-devel / openssl-perl\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-08-26T00:45:38", "description": "The remote Blue Coat ProxySG device's SGOS self-reported version is 4.x and reportedly contains a bundled version of OpenSSL that has multiple flaws. It is, therefore, potentially affected by an unspecified error that could allow an attacker to cause usage of weak keying material, leading to simplified man-in-the-middle attacks.", "cvss3": {"score": null, "vector": null}, "published": "2014-06-20T00:00:00", "type": "nessus", "title": "Blue Coat ProxySG 4.x OpenSSL Security Bypass", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0224"], "modified": "2019-11-26T00:00:00", "cpe": ["cpe:/o:bluecoat:sgos"], "id": "BLUECOAT_PROXY_SG_4_X_OPENSSL.NASL", "href": "https://www.tenable.com/plugins/nessus/76163", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76163);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/11/26\");\n\n script_cve_id(\"CVE-2014-0224\");\n script_bugtraq_id(67899);\n script_xref(name:\"CERT\", value:\"978508\");\n\n script_name(english:\"Blue Coat ProxySG 4.x OpenSSL Security Bypass\");\n script_summary(english:\"Checks the Blue Coat ProxySG SGOS version\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is potentially affected by a security bypass\nvulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Blue Coat ProxySG device's SGOS self-reported version is\n4.x and reportedly contains a bundled version of OpenSSL that has\nmultiple flaws. It is, therefore, potentially affected by an\nunspecified error that could allow an attacker to cause usage of weak\nkeying material, leading to simplified man-in-the-middle attacks.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bto.bluecoat.com/security-advisory/sa80\");\n script_set_attribute(attribute:\"solution\", value:\n\"Note that ProxySG 4.0.x, 4.1.x, 4.2.x and 4.3.x will not receive a\npatch for this issue.\n\nPlease contact the vendor for upgrade options.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0224\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:bluecoat:sgos\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Firewalls\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"bluecoat_proxy_sg_version.nasl\");\n script_require_keys(\"Host/BlueCoat/ProxySG/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit(\"Host/BlueCoat/ProxySG/Version\");\nui_version = get_kb_item(\"Host/BlueCoat/ProxySG/UI_Version\");\n\nif (version !~ \"^4\\.[0-3]\\.\") audit(AUDIT_HOST_NOT, \"Blue Coat ProxySG 4.0.x / 4.1.x / 4.2.x / 4.3.x\");\n\nreport_fix = NULL;\n\n# Select version for report\nif (isnull(ui_version)) report_ver = version;\nelse report_ver = ui_version;\n\nif (version =~ \"^4\\.[0-3]\\.\")\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Installed version : ' + report_ver +\n '\\n Fixed version : Please contact the vendor for upgrade options.' +\n '\\n';\n security_warning(port:0, extra:report);\n }\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, 'Blue Coat ProxySG', version);\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-08-26T00:46:05", "description": "Updated openssl097a and openssl098e packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6 respectively.\n\nThe Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.\n\nIt was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server.\n(CVE-2014-0224)\n\nNote: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL. For more information about this flaw, refer to: https://access.redhat.com/site/articles/904433\n\nRed Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter of this issue.\n\nAll OpenSSL users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.", "cvss3": {"score": 7.4, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}, "published": "2014-06-06T00:00:00", "type": "nessus", "title": "RHEL 5 / 6 : openssl097a and openssl098e (RHSA-2014:0626)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0224"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:openssl097a", "p-cpe:/a:redhat:enterprise_linux:openssl097a-debuginfo", "p-cpe:/a:redhat:enterprise_linux:openssl098e", "p-cpe:/a:redhat:enterprise_linux:openssl098e-debuginfo", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.5"], "id": "REDHAT-RHSA-2014-0626.NASL", "href": "https://www.tenable.com/plugins/nessus/74348", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:0626. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74348);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-0224\");\n script_xref(name:\"RHSA\", value:\"2014:0626\");\n\n script_name(english:\"RHEL 5 / 6 : openssl097a and openssl098e (RHSA-2014:0626)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated openssl097a and openssl098e packages that fix one security\nissue are now available for Red Hat Enterprise Linux 5 and 6\nrespectively.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL\nv2/v3) and Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nIt was found that OpenSSL clients and servers could be forced, via a\nspecially crafted handshake packet, to use weak keying material for\ncommunication. A man-in-the-middle attacker could use this flaw to\ndecrypt and modify traffic between a client and a server.\n(CVE-2014-0224)\n\nNote: In order to exploit this flaw, both the server and the client\nmust be using a vulnerable version of OpenSSL; the server must be\nusing OpenSSL version 1.0.1 and above, and the client must be using\nany version of OpenSSL. For more information about this flaw, refer\nto: https://access.redhat.com/site/articles/904433\n\nRed Hat would like to thank the OpenSSL project for reporting this\nissue. Upstream acknowledges KIKUCHI Masashi of Lepidum as the\noriginal reporter of this issue.\n\nAll OpenSSL users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. For the update\nto take effect, all services linked to the OpenSSL library (such as\nhttpd and other SSL-enabled services) must be restarted or the system\nrebooted.\"\n );\n # https://access.redhat.com/site/articles/904433\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/articles/904433\"\n );\n # https://access.redhat.com/site/solutions/905793\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/solutions/905793\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:0626\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0224\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl097a\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl097a-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl098e\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl098e-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:0626\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"openssl097a-0.9.7a-12.el5_10.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"openssl097a-debuginfo-0.9.7a-12.el5_10.1\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", reference:\"openssl098e-0.9.8e-18.el6_5.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"openssl098e-debuginfo-0.9.8e-18.el6_5.2\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl097a / openssl097a-debuginfo / openssl098e / etc\");\n }\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-08-26T00:43:10", "description": "Updated openssl packages that fix one security issue are now available for Red Hat Enterprise Linux 4 Extended Life Cycle Support, Red Hat Enterprise Linux 5.6 Long Life, Red Hat Enterprise Linux 5.9 Extended Update Support, Red Hat Enterprise Linux 6.2 Advanced Update Support, and Red Hat Enterprise Linux 6.3 and 6.4 Extended Update Support.\n\nThe Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.\n\nIt was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server.\n(CVE-2014-0224)\n\nNote: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL. For more information about this flaw, refer to: https://access.redhat.com/site/articles/904433\n\nRed Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter of this issue.\n\nAll OpenSSL users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.", "cvss3": {"score": 7.4, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}, "published": "2014-11-08T00:00:00", "type": "nessus", "title": "RHEL 4 / 5 / 6 : openssl (RHSA-2014:0627)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0224"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:openssl", "p-cpe:/a:redhat:enterprise_linux:openssl-debuginfo", "p-cpe:/a:redhat:enterprise_linux:openssl-devel", "p-cpe:/a:redhat:enterprise_linux:openssl-perl", "p-cpe:/a:redhat:enterprise_linux:openssl-static", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:5.6", "cpe:/o:redhat:enterprise_linux:5.9", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.2", "cpe:/o:redhat:enterprise_linux:6.3", "cpe:/o:redhat:enterprise_linux:6.4"], "id": "REDHAT-RHSA-2014-0627.NASL", "href": "https://www.tenable.com/plugins/nessus/79025", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:0627. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79025);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-0224\");\n script_bugtraq_id(67899);\n script_xref(name:\"RHSA\", value:\"2014:0627\");\n\n script_name(english:\"RHEL 4 / 5 / 6 : openssl (RHSA-2014:0627)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated openssl packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 4 Extended Life Cycle Support, Red Hat\nEnterprise Linux 5.6 Long Life, Red Hat Enterprise Linux 5.9 Extended\nUpdate Support, Red Hat Enterprise Linux 6.2 Advanced Update Support,\nand Red Hat Enterprise Linux 6.3 and 6.4 Extended Update Support.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL\nv2/v3) and Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nIt was found that OpenSSL clients and servers could be forced, via a\nspecially crafted handshake packet, to use weak keying material for\ncommunication. A man-in-the-middle attacker could use this flaw to\ndecrypt and modify traffic between a client and a server.\n(CVE-2014-0224)\n\nNote: In order to exploit this flaw, both the server and the client\nmust be using a vulnerable version of OpenSSL; the server must be\nusing OpenSSL version 1.0.1 and above, and the client must be using\nany version of OpenSSL. For more information about this flaw, refer\nto: https://access.redhat.com/site/articles/904433\n\nRed Hat would like to thank the OpenSSL project for reporting this\nissue. Upstream acknowledges KIKUCHI Masashi of Lepidum as the\noriginal reporter of this issue.\n\nAll OpenSSL users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. For the update\nto take effect, all services linked to the OpenSSL library (such as\nhttpd and other SSL-enabled services) must be restarted or the system\nrebooted.\"\n );\n # https://access.redhat.com/site/articles/904433\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/articles/904433\"\n );\n # https://access.redhat.com/site/solutions/905793\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/solutions/905793\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:0627\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0224\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:X/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.9\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5\\.6|5\\.9|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.6 / 5.9 / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:0627\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{ sp = get_kb_item(\"Host/RedHat/minor_release\");\n if (isnull(sp)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\n\n flag = 0;\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"openssl-0.9.7a-43.22.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i686\", reference:\"openssl-0.9.7a-43.22.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"openssl-0.9.7a-43.22.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"openssl-devel-0.9.7a-43.22.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"openssl-devel-0.9.7a-43.22.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"openssl-perl-0.9.7a-43.22.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"openssl-perl-0.9.7a-43.22.el4\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", reference:\"openssl-0.9.8e-26.el5_9.4\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i386\", reference:\"openssl-0.9.8e-12.el5_6.12\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i686\", reference:\"openssl-0.9.8e-12.el5_6.12\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"openssl-0.9.8e-12.el5_6.12\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", reference:\"openssl-debuginfo-0.9.8e-26.el5_9.4\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i386\", reference:\"openssl-debuginfo-0.9.8e-12.el5_6.12\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i686\", reference:\"openssl-debuginfo-0.9.8e-12.el5_6.12\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"openssl-debuginfo-0.9.8e-12.el5_6.12\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", reference:\"openssl-devel-0.9.8e-26.el5_9.4\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i386\", reference:\"openssl-devel-0.9.8e-12.el5_6.12\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"openssl-devel-0.9.8e-12.el5_6.12\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i386\", reference:\"openssl-perl-0.9.8e-12.el5_6.12\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"openssl-perl-0.9.8e-26.el5_9.4\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"s390x\", reference:\"openssl-perl-0.9.8e-26.el5_9.4\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"openssl-perl-0.9.8e-12.el5_6.12\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"openssl-perl-0.9.8e-26.el5_9.4\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", sp:\"4\", reference:\"openssl-1.0.0-27.el6_4.4\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"3\", reference:\"openssl-1.0.0-25.el6_3.3\")) flag++;\n\nif (sp == \"2\") { if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"i686\", reference:\"openssl-1.0.0-20.el6_2.7\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"openssl-1.0.0-27.el6_4.4\")) flag++; }\n\nif (sp == \"2\") { if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"openssl-1.0.0-20.el6_2.7\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"openssl-1.0.0-27.el6_4.4\")) flag++; }\n\n if (rpm_check(release:\"RHEL6\", sp:\"4\", reference:\"openssl-debuginfo-1.0.0-27.el6_4.4\")) flag++;\n\nif (sp == \"2\") { if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"i686\", reference:\"openssl-debuginfo-1.0.0-20.el6_2.7\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"openssl-debuginfo-1.0.0-27.el6_4.4\")) flag++; }\n\n if (rpm_check(release:\"RHEL6\", sp:\"3\", cpu:\"s390\", reference:\"openssl-debuginfo-1.0.0-25.el6_3.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", sp:\"3\", cpu:\"s390x\", reference:\"openssl-debuginfo-1.0.0-25.el6_3.3\")) flag++;\n\nif (sp == \"2\") { if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"openssl-debuginfo-1.0.0-20.el6_2.7\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"openssl-debuginfo-1.0.0-27.el6_4.4\")) flag++; }\n\n if (rpm_check(release:\"RHEL6\", sp:\"4\", reference:\"openssl-devel-1.0.0-27.el6_4.4\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"3\", reference:\"openssl-devel-1.0.0-25.el6_3.3\")) flag++;\n\nif (sp == \"2\") { if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"i686\", reference:\"openssl-devel-1.0.0-20.el6_2.7\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"openssl-devel-1.0.0-27.el6_4.4\")) flag++; }\n\nif (sp == \"2\") { if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"openssl-devel-1.0.0-20.el6_2.7\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"openssl-devel-1.0.0-27.el6_4.4\")) flag++; }\n\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"i686\", reference:\"openssl-perl-1.0.0-27.el6_4.4\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"3\", cpu:\"i686\", reference:\"openssl-perl-1.0.0-25.el6_3.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"s390x\", reference:\"openssl-perl-1.0.0-27.el6_4.4\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"3\", cpu:\"s390x\", reference:\"openssl-perl-1.0.0-25.el6_3.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"openssl-perl-1.0.0-27.el6_4.4\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"3\", cpu:\"x86_64\", reference:\"openssl-perl-1.0.0-25.el6_3.3\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"openssl-perl-1.0.0-20.el6_2.7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"i686\", reference:\"openssl-static-1.0.0-27.el6_4.4\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"3\", cpu:\"i686\", reference:\"openssl-static-1.0.0-25.el6_3.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"s390x\", reference:\"openssl-static-1.0.0-27.el6_4.4\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"3\", cpu:\"s390x\", reference:\"openssl-static-1.0.0-25.el6_3.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"openssl-static-1.0.0-27.el6_4.4\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"3\", cpu:\"x86_64\", reference:\"openssl-static-1.0.0-25.el6_3.3\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"openssl-static-1.0.0-20.el6_2.7\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-debuginfo / openssl-devel / openssl-perl / etc\");\n }\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-08-26T00:43:42", "description": "OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the 'CCS Injection' vulnerability.\n(CVE-2014-0224)\n\nImpact\n\nAn attacker may be able to decrypt and modify traffic between a client and a server. OpenSSL clients may be vulnerable to a man-in-the-middle (MITM) attack when connecting to a server running OpenSSL 1.0.1 or 1.0.2. For information about vulnerable components or features, refer to the following section.\n\nServer-side impact for F5 products\n\nThe server-side components are vulnerable in the event that an attacker is able to launch an MITM attack between a client and an affected server component.\n\nBIG-IP 11.5.0 through 11.5.1 contains the following vulnerable server-side code :\n\nCOMPAT SSL ciphers are vulnerable. Virtual servers using a Client SSL profile configured to use ciphers from the COMPAT SSL stack are vulnerable to this attack (the BIG-IP Client SSL profile enables the BIG-IP system to accept and terminate client requests that are sent using the SSL protocol; in this context, the BIG-IP functions as an SSL server, handling incoming SSL traffic). Note : NATIVE SSL ciphers on affected versions are not vulnerable. However, some vulnerability scanners may generate false positive reports when run against BIG-IP virtual servers that are configured to use ciphers supported by the NATIVE SSL stack. This includes all ciphers enabled by the default cipher string.\n\nNote: On non-vulnerable versions, the third-party nmap script, ssl-ccs-injection.nse , may return a false positive vulnerable report if the Generic Alert option of the Client SSL profile is enabled (enabled by default). You can safely ignore this result and it does not indicate that the BIG-IP virtual server is vulnerable, but is an artifact of the basic check performed by the nmap script. F5 does not recommend disabling generic alerts because they provide a significant security advantage compared tothe potential small disadvantage of this false positive report.\n\nThe Configuration utility and other services, such as iControl, are vulnerable.\n\nThe big3d process included with BIG-IP GTM 11.5.0 and 11.5.1 is vulnerable. In addition, monitored BIG-IP systems whose big3d process was updated by an affected BIG-IP GTM system are also vulnerable.\n\nClient-side impact for F5 products\n\nConnections that a vulnerable F5 device initiates (as a client) are at risk in the event that an attacker gains access to the traffic between the F5 device and the server (for example, BIG-IP system and pool members), and the server with which the F5 device is communicating is running a vulnerable version of OpenSSL.", "cvss3": {"score": 7.4, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}, "published": "2014-10-10T00:00:00", "type": "nessus", "title": "F5 Networks BIG-IP : OpenSSL vulnerability (K15325)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0224"], "modified": "2021-03-10T00:00:00", "cpe": ["cpe:/a:f5:big-ip_access_policy_manager", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_application_acceleration_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/h:f5:big-ip"], "id": "F5_BIGIP_SOL15325.NASL", "href": "https://www.tenable.com/plugins/nessus/78174", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K15325.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78174);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/10\");\n\n script_cve_id(\"CVE-2014-0224\");\n script_bugtraq_id(67899);\n\n script_name(english:\"F5 Networks BIG-IP : OpenSSL vulnerability (K15325)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h\ndoes not properly restrict processing of ChangeCipherSpec messages,\nwhich allows man-in-the-middle attackers to trigger use of a\nzero-length master key in certain OpenSSL-to-OpenSSL communications,\nand consequently hijack sessions or obtain sensitive information, via\na crafted TLS handshake, aka the 'CCS Injection' vulnerability.\n(CVE-2014-0224)\n\nImpact\n\nAn attacker may be able to decrypt and modify traffic between a client\nand a server. OpenSSL clients may be vulnerable to a man-in-the-middle\n(MITM) attack when connecting to a server running OpenSSL 1.0.1 or\n1.0.2. For information about vulnerable components or features, refer\nto the following section.\n\nServer-side impact for F5 products\n\nThe server-side components are vulnerable in the event that an\nattacker is able to launch an MITM attack between a client and an\naffected server component.\n\nBIG-IP 11.5.0 through 11.5.1 contains the following vulnerable\nserver-side code :\n\nCOMPAT SSL ciphers are vulnerable. Virtual servers using a Client SSL\nprofile configured to use ciphers from the COMPAT SSL stack are\nvulnerable to this attack (the BIG-IP Client SSL profile enables the\nBIG-IP system to accept and terminate client requests that are sent\nusing the SSL protocol; in this context, the BIG-IP functions as an\nSSL server, handling incoming SSL traffic). Note : NATIVE SSL ciphers\non affected versions are not vulnerable. However, some vulnerability\nscanners may generate false positive reports when run against BIG-IP\nvirtual servers that are configured to use ciphers supported by the\nNATIVE SSL stack. This includes all ciphers enabled by the default\ncipher string.\n\nNote: On non-vulnerable versions, the third-party nmap script,\nssl-ccs-injection.nse , may return a false positive vulnerable report\nif the Generic Alert option of the Client SSL profile is enabled\n(enabled by default). You can safely ignore this result and it does\nnot indicate that the BIG-IP virtual server is vulnerable, but is an\nartifact of the basic check performed by the nmap script. F5 does not\nrecommend disabling generic alerts because they provide a significant\nsecurity advantage compared tothe potential small disadvantage of this\nfalse positive report.\n\nThe Configuration utility and other services, such as iControl, are\nvulnerable.\n\nThe big3d process included with BIG-IP GTM 11.5.0 and 11.5.1 is\nvulnerable. In addition, monitored BIG-IP systems whose big3d process\nwas updated by an affected BIG-IP GTM system are also vulnerable.\n\nClient-side impact for F5 products\n\nConnections that a vulnerable F5 device initiates (as a client) are at\nrisk in the event that an attacker gains access to the traffic between\nthe F5 device and the server (for example, BIG-IP system and pool\nmembers), and the server with which the F5 device is communicating is\nrunning a vulnerable version of OpenSSL.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K15325\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution K15325.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:X/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/10/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"K15325\";\nvmatrix = make_array();\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"11.5.0\",\"11.5.1\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.0\",\"11.5.3\",\"11.5.2\",\"11.5.1HF3\",\"11.5.0HF4\",\"11.3.0-11.4.1\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"11.5.0\",\"11.5.1\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.0\",\"11.5.3\",\"11.5.2\",\"11.5.1HF3\",\"11.5.0HF4\",\"11.4.0-11.4.1\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"11.5.0\",\"11.5.1\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.0\",\"11.5.3\",\"11.5.2\",\"11.5.1HF3\",\"11.5.0HF4\",\"11.0.0-11.4.1\",\"10.1.0-10.2.4\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"11.5.0\",\"11.5.1\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.0\",\"11.5.3\",\"11.5.2\",\"11.5.1HF3\",\"11.5.0HF4\",\"11.0.0-11.4.1\",\"10.0.0-10.2.4\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"11.5.0\",\"11.5.1\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.0\",\"11.5.3\",\"11.5.2\",\"11.5.1HF3\",\"11.5.0HF4\",\"11.0.0-11.4.1\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"11.5.0\",\"11.5.1\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"11.6.0\",\"11.5.3\",\"11.5.2\",\"11.5.1HF3\",\"11.5.0HF4\",\"11.0.0-11.4.1\",\"10.0.0-10.2.4\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"11.5.0\",\"11.5.1\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.0\",\"11.5.3\",\"11.5.2\",\"11.5.1HF3\",\"11.5.0HF4\",\"11.0.0-11.4.1\",\"10.0.0-10.2.4\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"11.5.0\",\"11.5.1\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.0\",\"11.5.3\",\"11.5.2\",\"11.5.1HF3\",\"11.5.0HF4\",\"11.0.0-11.4.1\",\"10.0.0-10.2.4\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"11.5.0\",\"11.5.1\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.0\",\"11.5.3\",\"11.5.2\",\"11.5.1HF3\",\"11.5.0HF4\",\"11.3.0-11.4.1\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-08-26T00:45:05", "description": "A version of IBM General Parallel File System (GPFS) 3.5.0.11 or later but prior to 3.5.0.18 is installed on the remote host. It is, therefore, affected by an unspecified error that could allow an attacker to cause usage of weak keying material, leading to simplified man-in-the-middle attacks.", "cvss3": {"score": null, "vector": null}, "published": "2014-07-09T00:00:00", "type": "nessus", "title": "IBM General Parallel File System OpenSSL Security Bypass (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0224"], "modified": "2019-11-26T00:00:00", "cpe": ["cpe:/a:ibm:general_parallel_file_system"], "id": "IBM_GPFS_ISG3T1020948_WINDOWS.NASL", "href": "https://www.tenable.com/plugins/nessus/76428", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76428);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/11/26\");\n\n script_cve_id(\"CVE-2014-0224\");\n script_bugtraq_id(67899);\n script_xref(name:\"CERT\", value:\"978508\");\n\n script_name(english:\"IBM General Parallel File System OpenSSL Security Bypass (Windows)\");\n script_summary(english:\"Checks the local version of GPFS.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A clustered file system on the remote host is affected by a security\nvulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"A version of IBM General Parallel File System (GPFS) 3.5.0.11 or later\nbut prior to 3.5.0.18 is installed on the remote host. It is,\ntherefore, affected by an unspecified error that could allow an\nattacker to cause usage of weak keying material, leading to simplified\nman-in-the-middle attacks.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=isg3T1020948\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.openssl.org/news/vulnerabilities.html#CVE-2014-0224\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20140605.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to GPFS 3.5.0.18 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0224\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:general_parallel_file_system\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ibm_gpfs_installed.nbin\");\n script_require_keys(\"SMB/ibm_gpfs/path\", \"SMB/ibm_gpfs/version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\napp_name = \"IBM General Parallel File System\";\nversion = get_kb_item_or_exit(\"SMB/ibm_gpfs/version\");\npath = get_kb_item_or_exit(\"SMB/ibm_gpfs/path\");\n\nif (version !~ \"^(\\d+\\.){3,}\\d+$\") audit(AUDIT_VER_NOT_GRANULAR, app_name, version);\nif (version !~ \"^3\\.5\\.\") audit(AUDIT_NOT_INST, app_name + \" 3.5.x\");\n\nfix = \"3.5.0.18\";\n\n# Affected :\n# 3.5.0.11 >= version < 3.5.0.18\nif (\n ver_compare(ver:version, fix:'3.5.0.11', strict:FALSE) >= 0\n &&\n ver_compare(ver:version, fix:fix, strict:FALSE) == -1\n)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix + '\\n';\n security_warning(extra:report, port:port);\n }\n else security_warning(port:port);\n exit(0);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, app_name, version, path);\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-08-26T00:46:13", "description": "From Red Hat Security Advisory 2014:0626 :\n\nUpdated openssl097a and openssl098e packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6 respectively.\n\nThe Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.\n\nIt was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server.\n(CVE-2014-0224)\n\nNote: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL. For more information about this flaw, refer to: https://access.redhat.com/site/articles/904433\n\nRed Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter of this issue.\n\nAll OpenSSL users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.", "cvss3": {"score": 7.4, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}, "published": "2014-06-06T00:00:00", "type": "nessus", "title": "Oracle Linux 5 / 6 : openssl097a / openssl098e (ELSA-2014-0626)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0224"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:openssl097a", "p-cpe:/a:oracle:linux:openssl098e", "cpe:/o:oracle:linux:5", "cpe:/o:oracle:linux:6"], "id": "ORACLELINUX_ELSA-2014-0626.NASL", "href": "https://www.tenable.com/plugins/nessus/74345", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2014:0626 and \n# Oracle Linux Security Advisory ELSA-2014-0626 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74345);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-0224\");\n script_xref(name:\"RHSA\", value:\"2014:0626\");\n\n script_name(english:\"Oracle Linux 5 / 6 : openssl097a / openssl098e (ELSA-2014-0626)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2014:0626 :\n\nUpdated openssl097a and openssl098e packages that fix one security\nissue are now available for Red Hat Enterprise Linux 5 and 6\nrespectively.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL\nv2/v3) and Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nIt was found that OpenSSL clients and servers could be forced, via a\nspecially crafted handshake packet, to use weak keying material for\ncommunication. A man-in-the-middle attacker could use this flaw to\ndecrypt and modify traffic between a client and a server.\n(CVE-2014-0224)\n\nNote: In order to exploit this flaw, both the server and the client\nmust be using a vulnerable version of OpenSSL; the server must be\nusing OpenSSL version 1.0.1 and above, and the client must be using\nany version of OpenSSL. For more information about this flaw, refer\nto: https://access.redhat.com/site/articles/904433\n\nRed Hat would like to thank the OpenSSL project for reporting this\nissue. Upstream acknowledges KIKUCHI Masashi of Lepidum as the\noriginal reporter of this issue.\n\nAll OpenSSL users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. For the update\nto take effect, all services linked to the OpenSSL library (such as\nhttpd and other SSL-enabled services) must be restarted or the system\nrebooted.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2014-June/004171.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2014-June/004172.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl097a and / or openssl098e packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl097a\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl098e\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5 / 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"openssl097a-0.9.7a-12.el5_10.1\")) flag++;\n\nif (rpm_check(release:\"EL6\", reference:\"openssl098e-0.9.8e-18.0.1.el6_5.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl097a / openssl098e\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-08-26T00:44:26", "description": "FortiClient, a client-based software solution intended to provide security features for enterprise computers and mobile devices, is installed on the remote Windows host.\n\nThe installed FortiClient version uses a vulnerable OpenSSL library that contains a flaw with the handshake process. The flaw could allow an attacker to cause usage of weak keying material leading to simplified man-in-the-middle attacks.", "cvss3": {"score": null, "vector": null}, "published": "2014-07-16T00:00:00", "type": "nessus", "title": "Fortinet FortiClient OpenSSL Security Bypass", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0224"], "modified": "2019-11-26T00:00:00", "cpe": ["cpe:/a:fortinet:forticlient"], "id": "FORTICLIENT_5_0_10.NASL", "href": "https://www.tenable.com/plugins/nessus/76535", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76535);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/11/26\");\n\n script_cve_id(\"CVE-2014-0224\");\n script_bugtraq_id(67899);\n script_xref(name:\"CERT\", value:\"978508\");\n\n script_name(english:\"Fortinet FortiClient OpenSSL Security Bypass\");\n script_summary(english:\"Checks the version of FortiClient.exe.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by a security bypass\nvulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"FortiClient, a client-based software solution intended to provide\nsecurity features for enterprise computers and mobile devices, is\ninstalled on the remote Windows host.\n\nThe installed FortiClient version uses a vulnerable OpenSSL library\nthat contains a flaw with the handshake process. The flaw could allow\nan attacker to cause usage of weak keying material leading to\nsimplified man-in-the-middle attacks.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://fortiguard.com/psirt/FG-IR-14-018\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Fortinet FortiClient 5.0.10 / 5.2.0 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0224\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:fortinet:forticlient\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"forticlient_detect.nbin\");\n script_require_keys(\"installed_sw/FortiClient\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nget_kb_item_or_exit(\"installed_sw/FortiClient\");\n\napp = \"FortiClient\";\n\ninstalls = get_installs(app_name:app);\nif (installs[0] == IF_NOT_FOUND) audit(AUDIT_NOT_INST, app);\n\ninstall = installs[1][0];\npath = install['path'];\nversion = install['version'];\n\n\nfixed_version = \"5.0.10\";\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version + '\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, app, version, path);\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-08-26T00:45:20", "description": "Description of changes:\n\n[0.9.7a-43.18.0.2]\n- fix for CVE-2014-0224 - SSL/TLS MITM vulnerability", "cvss3": {"score": 7.4, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}, "published": "2014-06-12T00:00:00", "type": "nessus", "title": "Oracle Linux 4 : openssl (ELSA-2014-3040)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0224"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:openssl", "p-cpe:/a:oracle:linux:openssl-devel", "p-cpe:/a:oracle:linux:openssl-perl", "cpe:/o:oracle:linux:4"], "id": "ORACLELINUX_ELSA-2014-3040.NASL", "href": "https://www.tenable.com/plugins/nessus/74484", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2014-3040.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74484);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-0224\");\n script_bugtraq_id(67899);\n\n script_name(english:\"Oracle Linux 4 : openssl (ELSA-2014-3040)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Description of changes:\n\n[0.9.7a-43.18.0.2]\n- fix for CVE-2014-0224 - SSL/TLS MITM vulnerability\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2014-June/004193.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:X/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"openssl-0.9.7a-43.18.0.2.el4\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"ia64\", reference:\"openssl-0.9.7a-43.18.0.2.el4\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"openssl-0.9.7a-43.18.0.1.el4\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"openssl-devel-0.9.7a-43.18.0.2.el4\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"ia64\", reference:\"openssl-devel-0.9.7a-43.18.0.2.el4\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"openssl-devel-0.9.7a-43.18.0.1.el4\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"openssl-perl-0.9.7a-43.18.0.2.el4\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"ia64\", reference:\"openssl-perl-0.9.7a-43.18.0.2.el4\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"openssl-perl-0.9.7a-43.18.0.1.el4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-devel / openssl-perl\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-08-26T00:41:32", "description": "The remote Solaris system is missing necessary patches to address security updates :\n\n - OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the 'CCS Injection' vulnerability.\n (CVE-2014-0224)", "cvss3": {"score": null, "vector": null}, "published": "2015-01-19T00:00:00", "type": "nessus", "title": "Oracle Solaris Third-Party Patch Update : wanboot (cve_2014_0224_cryptographic_issues)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0224"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:oracle:solaris:11.1", "p-cpe:/a:oracle:solaris:wanboot"], "id": "SOLARIS11_WANBOOT_20141014.NASL", "href": "https://www.tenable.com/plugins/nessus/80799", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Oracle Third Party software advisories.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80799);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-0224\");\n\n script_name(english:\"Oracle Solaris Third-Party Patch Update : wanboot (cve_2014_0224_cryptographic_issues)\");\n script_summary(english:\"Check for the 'entire' version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Solaris system is missing a security patch for third-party\nsoftware.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1\n before 1.0.1h does not properly restrict processing of\n ChangeCipherSpec messages, which allows\n man-in-the-middle attackers to trigger use of a\n zero-length master key in certain OpenSSL-to-OpenSSL\n communications, and consequently hijack sessions or\n obtain sensitive information, via a crafted TLS\n handshake, aka the 'CCS Injection' vulnerability.\n (CVE-2014-0224)\"\n );\n # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4a913f44\"\n );\n # https://blogs.oracle.com/sunsecurity/cve-2014-0224-cryptographic-issues-vulnerability-in-wan-boot\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3f8285cb\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Solaris 11.1.20.5.0.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:11.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:wanboot\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris11/release\", \"Host/Solaris11/pkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Solaris11/release\");\nif (isnull(release)) audit(AUDIT_OS_NOT, \"Solaris11\");\npkg_list = solaris_pkg_list_leaves();\nif (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, \"Solaris pkg-list packages\");\n\nif (empty_or_null(egrep(string:pkg_list, pattern:\"^wanboot$\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wanboot\");\n\nflag = 0;\n\nif (solaris_check_release(release:\"0.5.11-0.175.1.20.0.5.0\", sru:\"SRU 11.1.20.5.0\") > 0) flag++;\n\nif (flag)\n{\n error_extra = 'Affected package : wanboot\\n' + solaris_get_report2();\n error_extra = ereg_replace(pattern:\"version\", replace:\"OS version\", string:error_extra);\n if (report_verbosity > 0) security_warning(port:0, extra:error_extra);\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_PACKAGE_NOT_AFFECTED, \"wanboot\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-26T00:45:21", "description": "The version of HP Onboard Administrator installed on the remote host is prior to 4.22. It is, therefore, affected by the following OpenSSL related vulnerability :\n\n - An unspecified error exists that could allow an attacker to cause usage of weak keying material leading to simplified man-in-the-middle attacks.\n (CVE-2014-0224)", "cvss3": {"score": null, "vector": null}, "published": "2014-07-03T00:00:00", "type": "nessus", "title": "HP Onboard Administrator < 4.22 Remote Information Disclosure", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0224"], "modified": "2019-11-26T00:00:00", "cpe": ["cpe:/a:hp:onboard_administrator"], "id": "HP_ONBOARD_ADMIN_4_22.NASL", "href": "https://www.tenable.com/plugins/nessus/76357", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76357);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/11/26\");\n\n script_cve_id(\"CVE-2014-0224\");\n script_bugtraq_id(67899);\n script_xref(name:\"CERT\", value:\"978508\");\n script_xref(name:\"HP\", value:\"HPSBMU03058\");\n script_xref(name:\"IAVB\", value:\"2014-B-0084\");\n\n script_name(english:\"HP Onboard Administrator < 4.22 Remote Information Disclosure\");\n script_summary(english:\"Checks the version of HP Onboard Administrator.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote server is affected by a remote information disclosure\nvulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of HP Onboard Administrator installed on the remote host\nis prior to 4.22. It is, therefore, affected by the following OpenSSL\nrelated vulnerability :\n\n - An unspecified error exists that could allow an\n attacker to cause usage of weak keying material\n leading to simplified man-in-the-middle attacks.\n (CVE-2014-0224)\");\n # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c04351097\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7496652c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to version 4.22 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0224\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:hp:onboard_administrator\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"hp_onboard_admin_detect.nasl\");\n script_require_keys(\"Host/HP/Onboard_Administrator\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nport = get_kb_item_or_exit(\n \"Host/HP/Onboard_Administrator/Port\",\n exit_code : 1,\n msg : \"Unable to get the HP Onboard Administrator Port.\"\n);\n\nversion = get_kb_item_or_exit(\n \"Host/HP/Onboard_Administrator/Version\",\n exit_code : 1,\n msg : \"Unable to get the HP Onboard Administrator Version.\"\n);\n\nfix = \"4.22\";\n\nif (ver_compare(ver:version, fix:fix, strict:FALSE) >= 0) audit(AUDIT_HOST_NOT, \"affected\");\n\nreport = NULL;\nif (report_verbosity > 0)\n{\n report =\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix + '\\n';\n}\nsecurity_warning(port:port, extra:report);\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-02-10T00:00:00", "description": "OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the CCS Injection vulnerability. \n\nThis plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.", "cvss3": {"score": 7.4, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}, "published": "2022-02-07T00:00:00", "type": "nessus", "title": "Siemens (CVE-2014-0224)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0224"], "modified": "2022-02-07T00:00:00", "cpe": ["cpe:/o:siemens:s7-1500_firmware"], "id": "TENABLE_OT_SIEMENS_CVE-2014-0224.NASL", "href": "https://www.tenable.com/plugins/ot/500473", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(500473);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/07\");\n\n script_cve_id(\"CVE-2014-0224\");\n script_xref(name:\"SECUNIA\", value:\"59191\");\n script_xref(name:\"SECUNIA\", value:\"58579\");\n script_xref(name:\"SECUNIA\", value:\"59438\");\n script_xref(name:\"SECUNIA\", value:\"59301\");\n script_xref(name:\"SECUNIA\", value:\"59721\");\n script_xref(name:\"SECUNIA\", value:\"59491\");\n script_xref(name:\"SECUNIA\", value:\"59450\");\n script_xref(name:\"SECUNIA\", value:\"59655\");\n script_xref(name:\"SECUNIA\", value:\"59659\");\n script_xref(name:\"SECUNIA\", value:\"58639\");\n script_xref(name:\"SECUNIA\", value:\"58759\");\n script_xref(name:\"SECUNIA\", value:\"59043\");\n script_xref(name:\"SECUNIA\", value:\"59666\");\n script_xref(name:\"SECUNIA\", value:\"59126\");\n script_xref(name:\"HP\", value:\"HPSBMU03070\");\n script_xref(name:\"SECUNIA\", value:\"59055\");\n script_xref(name:\"SECUNIA\", value:\"59490\");\n script_xref(name:\"SECUNIA\", value:\"59514\");\n script_xref(name:\"SECUNIA\", value:\"59602\");\n script_xref(name:\"SECUNIA\", value:\"59495\");\n script_xref(name:\"SECUNIA\", value:\"58930\");\n script_xref(name:\"SECUNIA\", value:\"59370\");\n script_xref(name:\"SECUNIA\", value:\"59012\");\n script_xref(name:\"SECUNIA\", value:\"58385\");\n script_xref(name:\"SECUNIA\", value:\"59120\");\n script_xref(name:\"SECUNIA\", value:\"59162\");\n script_xref(name:\"SECUNIA\", value:\"58939\");\n script_xref(name:\"SECUNIA\", value:\"59528\");\n script_xref(name:\"SECUNIA\", value:\"59063\");\n script_xref(name:\"SECUNIA\", value:\"58128\");\n script_xref(name:\"SECUNIA\", value:\"59442\");\n script_xref(name:\"SECUNIA\", value:\"59824\");\n script_xref(name:\"SECUNIA\", value:\"59827\");\n script_xref(name:\"SECUNIA\", value:\"59669\");\n script_xref(name:\"SECUNIA\", value:\"59413\");\n script_xref(name:\"SECUNIA\", value:\"59300\");\n script_xref(name:\"SECUNIA\", value:\"59383\");\n script_xref(name:\"SECUNIA\", value:\"59885\");\n script_xref(name:\"SECUNIA\", value:\"59459\");\n script_xref(name:\"SECUNIA\", value:\"58745\");\n script_xref(name:\"SECUNIA\", value:\"59530\");\n script_xref(name:\"SECUNIA\", value:\"59589\");\n script_xref(name:\"SECUNIA\", value:\"59451\");\n script_xref(name:\"SECUNIA\", value:\"59506\");\n script_xref(name:\"SECUNIA\", value:\"59894\");\n script_xref(name:\"SECUNIA\", value:\"60049\");\n script_xref(name:\"SECUNIA\", value:\"58743\");\n script_xref(name:\"SECUNIA\", value:\"59342\");\n script_xref(name:\"SECUNIA\", value:\"59325\");\n script_xref(name:\"SECUNIA\", value:\"59354\");\n script_xref(name:\"SECUNIA\", value:\"59916\");\n script_xref(name:\"RHSA\", value:\"RHSA-2014:0624\");\n script_xref(name:\"HP\", value:\"HPSBMU03058\");\n script_xref(name:\"RHSA\", value:\"RHSA-2014:0631\");\n script_xref(name:\"RHSA\", value:\"RHSA-2014:0632\");\n script_xref(name:\"RHSA\", value:\"RHSA-2014:0630\");\n script_xref(name:\"RHSA\", value:\"RHSA-2014:0627\");\n script_xref(name:\"HP\", value:\"HPSBMU03053\");\n script_xref(name:\"RHSA\", value:\"RHSA-2014:0680\");\n script_xref(name:\"RHSA\", value:\"RHSA-2014:0633\");\n script_xref(name:\"RHSA\", value:\"RHSA-2014:0626\");\n script_xref(name:\"SECUNIA\", value:\"60066\");\n script_xref(name:\"SECUNIA\", value:\"59990\");\n script_xref(name:\"SECUNIA\", value:\"60522\");\n script_xref(name:\"SECUNIA\", value:\"60577\");\n script_xref(name:\"SECUNIA\", value:\"59784\");\n script_xref(name:\"SECUNIA\", value:\"59878\");\n script_xref(name:\"SECUNIA\", value:\"60176\");\n script_xref(name:\"SECUNIA\", value:\"60567\");\n script_xref(name:\"SECUNIA\", value:\"60571\");\n script_xref(name:\"SECUNIA\", value:\"60819\");\n script_xref(name:\"HP\", value:\"HPSBST03103\");\n script_xref(name:\"HP\", value:\"HPSBHF03145\");\n script_xref(name:\"HP\", value:\"HPSBST03106\");\n script_xref(name:\"HP\", value:\"HPSBST03097\");\n script_xref(name:\"HP\", value:\"HPSBPI03107\");\n script_xref(name:\"HP\", value:\"HPSBMU03083\");\n script_xref(name:\"SECUNIA\", value:\"61815\");\n script_xref(name:\"HP\", value:\"HPSBST03265\");\n script_xref(name:\"HP\", value:\"SSRT101818\");\n script_xref(name:\"SuSE\", value:\"openSUSE-SU-2015:0229\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2015:0578\");\n script_xref(name:\"HP\", value:\"HPSBST03195\");\n script_xref(name:\"HP\", value:\"HPSBHF03052\");\n script_xref(name:\"HP\", value:\"HPSBMU03051\");\n script_xref(name:\"HP\", value:\"HPSBMU03065\");\n script_xref(name:\"HP\", value:\"HPSBMU03074\");\n script_xref(name:\"HP\", value:\"HPSBGN03050\");\n script_xref(name:\"HP\", value:\"HPSBST03098\");\n script_xref(name:\"HP\", value:\"HPSBMU03089\");\n script_xref(name:\"HP\", value:\"HPSBMU03101\");\n script_xref(name:\"HP\", value:\"HPSBMU03071\");\n script_xref(name:\"HP\", value:\"HPSBMU03055\");\n script_xref(name:\"HP\", value:\"HPSBUX03046\");\n script_xref(name:\"HP\", value:\"HPSBMU03094\");\n script_xref(name:\"HP\", value:\"HPSBGN03068\");\n script_xref(name:\"HP\", value:\"HPSBMU03057\");\n script_xref(name:\"HP\", value:\"HPSBMU03078\");\n script_xref(name:\"HP\", value:\"HPSBOV03047\");\n script_xref(name:\"HP\", value:\"HPSBMU03076\");\n script_xref(name:\"HP\", value:\"HPSBMU03056\");\n script_xref(name:\"HP\", value:\"HPSBMU03062\");\n script_xref(name:\"HP\", value:\"HPSBHF03088\");\n script_xref(name:\"SuSE\", value:\"openSUSE-SU-2016:0640\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2015:0743\");\n script_xref(name:\"GLSA\", value:\"GLSA-201407-05\");\n script_xref(name:\"SECUNIA\", value:\"61254\");\n script_xref(name:\"SECUNIA\", value:\"59677\");\n script_xref(name:\"SECUNIA\", value:\"59661\");\n script_xref(name:\"SECUNIA\", value:\"59529\");\n script_xref(name:\"SECUNIA\", value:\"59525\");\n script_xref(name:\"SECUNIA\", value:\"59518\");\n script_xref(name:\"SECUNIA\", value:\"59502\");\n script_xref(name:\"SECUNIA\", value:\"59483\");\n script_xref(name:\"SECUNIA\", value:\"59460\");\n script_xref(name:\"SECUNIA\", value:\"59454\");\n script_xref(name:\"SECUNIA\", value:\"59449\");\n script_xref(name:\"SECUNIA\", value:\"59448\");\n script_xref(name:\"SECUNIA\", value:\"59447\");\n script_xref(name:\"SECUNIA\", value:\"59446\");\n script_xref(name:\"SECUNIA\", value:\"59445\");\n script_xref(name:\"SECUNIA\", value:\"59444\");\n script_xref(name:\"SECUNIA\", value:\"59441\");\n script_xref(name:\"SECUNIA\", value:\"59440\");\n script_xref(name:\"SECUNIA\", value:\"59437\");\n script_xref(name:\"SECUNIA\", value:\"59435\");\n script_xref(name:\"SECUNIA\", value:\"59429\");\n script_xref(name:\"SECUNIA\", value:\"59389\");\n script_xref(name:\"SECUNIA\", value:\"59380\");\n script_xref(name:\"SECUNIA\", value:\"59375\");\n script_xref(name:\"SECUNIA\", value:\"59374\");\n script_xref(name:\"SECUNIA\", value:\"59368\");\n script_xref(name:\"SECUNIA\", value:\"59365\");\n script_xref(name:\"SECUNIA\", value:\"59364\");\n script_xref(name:\"SECUNIA\", value:\"59362\");\n script_xref(name:\"SECUNIA\", value:\"59347\");\n script_xref(name:\"SECUNIA\", value:\"59338\");\n script_xref(name:\"SECUNIA\", value:\"59310\");\n script_xref(name:\"SECUNIA\", value:\"59306\");\n script_xref(name:\"SECUNIA\", value:\"59305\");\n script_xref(name:\"SECUNIA\", value:\"59287\");\n script_xref(name:\"SECUNIA\", value:\"59284\");\n script_xref(name:\"SECUNIA\", value:\"59282\");\n script_xref(name:\"SECUNIA\", value:\"59264\");\n script_xref(name:\"SECUNIA\", value:\"59231\");\n script_xref(name:\"SECUNIA\", value:\"59223\");\n script_xref(name:\"SECUNIA\", value:\"59215\");\n script_xref(name:\"SECUNIA\", value:\"59214\");\n script_xref(name:\"SECUNIA\", value:\"59211\");\n script_xref(name:\"SECUNIA\", value:\"59202\");\n script_xref(name:\"SECUNIA\", value:\"59192\");\n script_xref(name:\"SECUNIA\", value:\"59190\");\n script_xref(name:\"SECUNIA\", value:\"59189\");\n script_xref(name:\"SECUNIA\", value:\"59188\");\n script_xref(name:\"SECUNIA\", value:\"59186\");\n script_xref(name:\"SECUNIA\", value:\"59175\");\n script_xref(name:\"SECUNIA\", value:\"59167\");\n script_xref(name:\"SECUNIA\", value:\"59163\");\n script_xref(name:\"SECUNIA\", value:\"59142\");\n script_xref(name:\"SECUNIA\", value:\"59135\");\n script_xref(name:\"SECUNIA\", value:\"59132\");\n script_xref(name:\"SECUNIA\", value:\"59101\");\n script_xref(name:\"SECUNIA\", value:\"59093\");\n script_xref(name:\"SECUNIA\", value:\"59040\");\n script_xref(name:\"SECUNIA\", value:\"59004\");\n script_xref(name:\"SECUNIA\", value:\"58977\");\n script_xref(name:\"SECUNIA\", value:\"58945\");\n script_xref(name:\"SECUNIA\", value:\"58742\");\n script_xref(name:\"SECUNIA\", value:\"58719\");\n script_xref(name:\"SECUNIA\", value:\"58716\");\n script_xref(name:\"SECUNIA\", value:\"58714\");\n script_xref(name:\"SECUNIA\", value:\"58713\");\n script_xref(name:\"SECUNIA\", value:\"58667\");\n script_xref(name:\"SECUNIA\", value:\"58660\");\n script_xref(name:\"SECUNIA\", value:\"58615\");\n script_xref(name:\"SECUNIA\", value:\"58492\");\n script_xref(name:\"SECUNIA\", value:\"58433\");\n script_xref(name:\"SECUNIA\", value:\"58337\");\n script_xref(name:\"FEDORA\", value:\"FEDORA-2014-9308\");\n script_xref(name:\"FEDORA\", value:\"FEDORA-2014-9301\");\n\n script_name(english:\"Siemens (CVE-2014-0224)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote OT asset is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of\nChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in\ncertain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a\ncrafted TLS handshake, aka the CCS Injection vulnerability. \n\nThis plugin only works with Tenable.ot. Please visit\nhttps://www.tenable.com/products/tenable-ot for more information.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.openssl.org/news/secadv_20140605.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"http://ccsinjection.lepidum.co.jp\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.kb.cert.org/vuls/id/978508\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1103586\");\n # https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=bc8923b1ec9c467755cd86f7848c50ee8812e441\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c19c03e5\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.imperialviolet.org/2014/06/05/earlyccs.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/site/blogs/766093/posts/908133\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59191\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/58579\");\n script_set_attribute(attribute:\"see_also\", value:\"https://kb.bluecoat.com/index?page=content&id=SA80\");\n # http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5539aa9d\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.kerio.com/support/kerio-control/release-history\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59438\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21676035\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59301\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59721\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59491\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59450\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21676845\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59655\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21677695\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59659\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/58639\");\n # http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095737\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d68c75da\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/58759\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21678289\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59043\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59666\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59126\");\n # http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095740\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?25e3d768\");\n script_set_attribute(attribute:\"see_also\", value:\"http://marc.info/?l=bugtraq&m=140499864129699&w=2\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21677567\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59055\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59490\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21676419\");\n # https://www.intersectalliance.com/wp-content/uploads/release_notes/ReleaseNotes_for_SNARE_for_MSSQL.pdf\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?23273edc\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.novell.com/support/kb/doc.php?id=7015300\");\n # http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2115f75f\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21673137\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59514\");\n script_set_attribute(attribute:\"see_also\", value:\"http://dev.mysql.com/doc/relnotes/workbench/en/wb-news-6-1-7.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59602\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59495\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.novell.com/support/kb/doc.php?id=7015264\");\n script_set_attribute(attribute:\"see_also\", value:\"http://esupport.trendmicro.com/solution/en-US/1103813.aspx\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/58930\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59370\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59012\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.blackberry.com/btsc/KB36051\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/58385\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21676655\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59120\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59162\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/58939\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59528\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59063\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21677828\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=nas8N1020172\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/58128\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21676062\");\n script_set_attribute(attribute:\"see_also\", value:\"https://kc.mcafee.com/corporate/index?page=content&id=SB10075\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21676496\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21678167\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59442\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59824\");\n # http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=6060&myns=phmc&mync=E\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2a8d3d74\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21677527\");\n # https://www.intersectalliance.com/wp-content/uploads/release_notes/ReleaseNotes_for_Snare_for_Windows.pdf\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d8f6abfb\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59827\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59669\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59413\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg24037761\");\n # http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=6061&myns=phmc&mync=E\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6b98b564\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21677390\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59300\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004690\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59383\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.splunk.com/view/SP-CAAAM2D\");\n script_set_attribute(attribute:\"see_also\", value:\"https://discussions.nessus.org/thread/7517\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59885\");\n # http://www.tenable.com/blog/nessus-527-and-pvs-403-are-available-for-download\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?46b88aa1\");\n # http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7de2f8eb\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59459\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/58745\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59530\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59589\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59451\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=isg400001843\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.fortiguard.com/advisory/FG-IR-14-018/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59506\");\n script_set_attribute(attribute:\"see_also\", value:\"https://filezilla-project.org/versions.php?type=server\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=isg400001841\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59894\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/60049\");\n # https://blogs.oracle.com/sunsecurity/entry/cve_2014_0224_cryptographic_issues\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3014ab34\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/58743\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59342\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59325\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59354\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59916\");\n script_set_attribute(attribute:\"see_also\", value:\"http://rhn.redhat.com/errata/RHSA-2014-0624.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://marc.info/?l=bugtraq&m=140386311427810&w=2\");\n script_set_attribute(attribute:\"see_also\", value:\"http://rhn.redhat.com/errata/RHSA-2014-0631.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://rhn.redhat.com/errata/RHSA-2014-0632.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://rhn.redhat.com/errata/RHSA-2014-0630.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://rhn.redhat.com/errata/RHSA-2014-0627.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://marc.info/?l=bugtraq&m=140369637402535&w=2\");\n script_set_attribute(attribute:\"see_also\", value:\"http://rhn.redhat.com/errata/RHSA-2014-0680.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://rhn.redhat.com/errata/RHSA-2014-0633.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://rhn.redhat.com/errata/RHSA-2014-0626.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/60066\");\n script_set_attribute(attribute:\"see_also\", value:\"http://puppetlabs.com/security/cve/cve-2014-0224\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59990\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/60522\");\n script_set_attribute(attribute:\"see_also\", value:\"http://linux.oracle.com/errata/ELSA-2014-1053.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/60577\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59784\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59878\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/60176\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/60567\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/60571\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/60819\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.apple.com/kb/HT6443\");\n # http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6dcc7b47\");\n script_set_attribute(attribute:\"see_also\", value:\"http://marc.info/?l=bugtraq&m=141164638606214&w=2\");\n script_set_attribute(attribute:\"see_also\", value:\"http://marc.info/?l=bugtraq&m=141383465822787&w=2\");\n script_set_attribute(attribute:\"see_also\", value:\"http://marc.info/?l=bugtraq&m=141025641601169&w=2\");\n script_set_attribute(attribute:\"see_also\", value:\"http://marc.info/?l=bugtraq&m=141383410222440&w=2\");\n script_set_attribute(attribute:\"see_also\", value:\"http://marc.info/?l=bugtraq&m=141147110427269&w=2\");\n script_set_attribute(attribute:\"see_also\", value:\"http://marc.info/?l=bugtraq&m=140983229106599&w=2\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/61815\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securitytracker.com/id/1031032\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.vmware.com/security/advisories/VMSA-2014-0012.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://seclists.org/fulldisclosure/2014/Dec/23\");\n # http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c02f1515\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securitytracker.com/id/1031594\");\n script_set_attribute(attribute:\"see_also\", value:\"http://marc.info/?l=bugtraq&m=142546741516006&w=2\");\n script_set_attribute(attribute:\"see_also\", value:\"http://marc.info/?l=bugtraq&m=142350350616251&w=2\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.opensuse.org/opensuse-updates/2015-02/msg00030.html\");\n # http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?acb4a410\");\n # http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c46d757d\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.mandriva.com/security/advisories?name=MDVSA-2015:062\");\n script_set_attribute(attribute:\"see_also\", value:\"http://marc.info/?l=bugtraq&m=142805027510172&w=2\");\n # http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?453b5f8c\");\n script_set_attribute(attribute:\"see_also\", value:\"http://marc.info/?l=bugtraq&m=141658880509699&w=2\");\n script_set_attribute(attribute:\"see_also\", value:\"http://marc.info/?l=bugtraq&m=140448122410568&w=2\");\n script_set_attribute(attribute:\"see_also\", value:\"http://marc.info/?l=bugtraq&m=140491231331543&w=2\");\n script_set_attribute(attribute:\"see_also\", value:\"http://marc.info/?l=bugtraq&m=140621259019789&w=2\");\n script_set_attribute(attribute:\"see_also\", value:\"http://marc.info/?l=bugtraq&m=140482916501310&w=2\");\n script_set_attribute(attribute:\"see_also\", value:\"http://marc.info/?l=bugtraq&m=140870499402361&w=2\");\n script_set_attribute(attribute:\"see_also\", value:\"http://marc.info/?l=bugtraq&m=140784085708882&w=2\");\n script_set_attribute(attribute:\"see_also\", value:\"http://marc.info/?l=bugtraq&m=140852826008699&w=2\");\n script_set_attribute(attribute:\"see_also\", value:\"http://marc.info/?l=bugtraq&m=140604261522465&w=2\");\n script_set_attribute(attribute:\"see_also\", value:\"http://marc.info/?l=bugtraq&m=140431828824371&w=2\");\n script_set_attribute(attribute:\"see_also\", value:\"http://marc.info/?l=bugtraq&m=140266410314613&w=2\");\n script_set_attribute(attribute:\"see_also\", value:\"http://marc.info/?l=bugtraq&m=140852757108392&w=2\");\n script_set_attribute(attribute:\"see_also\", value:\"http://marc.info/?l=bugtraq&m=140544599631400&w=2\");\n script_set_attribute(attribute:\"see_also\", value:\"http://marc.info/?l=bugtraq&m=140389274407904&w=2\");\n script_set_attribute(attribute:\"see_also\", value:\"http://marc.info/?l=bugtraq&m=140672208601650&w=2\");\n script_set_attribute(attribute:\"see_also\", value:\"http://marc.info/?l=bugtraq&m=140317760000786&w=2\");\n script_set_attribute(attribute:\"see_also\", value:\"http://marc.info/?l=bugtraq&m=140904544427729&w=2\");\n script_set_attribute(attribute:\"see_also\", value:\"http://marc.info/?l=bugtraq&m=140389355508263&w=2\");\n script_set_attribute(attribute:\"see_also\", value:\"http://marc.info/?l=bugtraq&m=140752315422991&w=2\");\n script_set_attribute(attribute:\"see_also\", value:\"http://marc.info/?l=bugtraq&m=140794476212181&w=2\");\n # https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3818101e\");\n # http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bac902d5\");\n # http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e6ea11ce\");\n # http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e062d049\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.novell.com/support/kb/doc.php?id=7015271\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.ibm.com/support/docview.wss?uid=ssg1S1004671\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.ibm.com/support/docview.wss?uid=ssg1S1004670\");\n # https://blogs.oracle.com/sunsecurity/entry/cve_2014_0224_cryptographic_issues1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f997f6c0\");\n # http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?957ff7ff\");\n # http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?87b3d108\");\n # http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?eb9f4c47\");\n # http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c603c39c\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg24037870\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg24037732\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg24037731\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg24037730\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg24037729\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg24037727\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21683332\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21678233\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21677836\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21677131\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21677080\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21676889\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21676879\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21676833\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21676786\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21676644\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21676615\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21676536\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21676529\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21676501\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21676478\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21676334\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21676333\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21676071\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21675821\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21675626\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg1IV61506\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=nas8N1020163\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.vmware.com/security/advisories/VMSA-2014-0006.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.mandriva.com/security/advisories?name=MDVSA-2014:106\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.mandriva.com/security/advisories?name=MDVSA-2014:105\");\n # http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_Release_Notes.pdf\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bc543587\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.ibm.com/support/docview.wss?uid=swg24037783\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.ibm.com/support/docview.wss?uid=swg21676877\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.ibm.com/support/docview.wss?uid=swg21676793\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.ibm.com/support/docview.wss?uid=swg21676356\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.ibm.com/support/docview.wss?uid=swg1IT02314\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.ibm.com/support/docview.wss?uid=ssg1S1004678\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.ibm.com/support/docview.wss?uid=isg3T1020948\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.f-secure.com/en/web/labs_global/fsc-2014-6\");\n # http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15325.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?91a242c9\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.citrix.com/article/CTX140876\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gentoo.org/glsa/glsa-201407-05.xml\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/61254\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59677\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59661\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59529\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59525\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59518\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59502\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59483\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59460\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59454\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59449\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59448\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59447\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59446\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59445\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59444\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59441\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59440\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59437\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59435\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59429\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59389\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59380\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59375\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59374\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59368\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59365\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59364\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59362\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59347\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59338\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59310\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59306\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59305\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59287\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59284\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59282\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59264\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59231\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59223\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59215\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59214\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59211\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59202\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59192\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59190\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59189\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59188\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59186\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59175\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59167\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59163\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59142\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59135\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59132\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59101\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59093\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59040\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/59004\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/58977\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/58945\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/58742\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/58719\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/58716\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/58714\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/58713\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/58667\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/58660\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/58615\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/58492\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/58433\");\n script_set_attribute(attribute:\"see_also\", value:\"http://secunia.com/advisories/58337\");\n script_set_attribute(attribute:\"see_also\", value:\"http://seclists.org/fulldisclosure/2014/Jun/38\");\n # http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f68d352b\");\n # http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c49877be\");\n script_set_attribute(attribute:\"see_also\", value:\"http://kb.juniper.net/InfoCenter/index?page=content&id=KB29217\");\n script_set_attribute(attribute:\"see_also\", value:\"http://kb.juniper.net/InfoCenter/index?page=content&id=KB29195\");\n script_set_attribute(attribute:\"see_also\", value:\"http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629\");\n script_set_attribute(attribute:\"see_also\", value:\"http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc\");\n # http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?76f5def7\");\n # http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1e07fa0e\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/archive/1/534161/100/0/threaded\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cert-portal.siemens.com/productcert/pdf/ssa-234763.pdf\");\n # https://www.arista.com/en/support/advisories-notices/security-advisories/941-security-advisory-0005\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?245b0556\");\n script_set_attribute(attribute:\"solution\", value:\n\"Refer to the vendor advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0224\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(326);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:siemens:s7-1500_firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Tenable.ot\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"tenable_ot_api_integration.nasl\");\n script_require_keys(\"Tenable.ot/Siemens\");\n\n exit(0);\n}\n\n\ninclude('tenable_ot_cve_funcs.inc');\n\nget_kb_item_or_exit('Tenable.ot/Siemens');\n\nvar asset = tenable_ot::assets::get(vendor:'Siemens');\n\nvar vuln_cpes = {\n \"cpe:/o:siemens:s7-1500_firmware\" :\n {\"versionEndExcluding\" : \"1.6\"}\n};\n\ntenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-08-26T00:44:23", "description": "Updated openssl098e packages that fix one security issue are now available for Red Hat Enterprise Linux 7.\n\nThe Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.\n\nIt was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server.\n(CVE-2014-0224)\n\nNote: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL. For more information about this flaw, refer to: https://access.redhat.com/site/articles/904433\n\nRed Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter of this issue.\n\nAll OpenSSL users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.", "cvss3": {"score": 7.4, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}, "published": "2014-07-30T00:00:00", "type": "nessus", "title": "RHEL 7 : openssl098e (RHSA-2014:0680)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0224"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:openssl098e", "p-cpe:/a:redhat:enterprise_linux:openssl098e-debuginfo", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.3", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2014-0680.NASL", "href": "https://www.tenable.com/plugins/nessus/76892", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:0680. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76892);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-0224\");\n script_bugtraq_id(67899);\n script_xref(name:\"RHSA\", value:\"2014:0680\");\n\n script_name(english:\"RHEL 7 : openssl098e (RHSA-2014:0680)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated openssl098e packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 7.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL\nv2/v3) and Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nIt was found that OpenSSL clients and servers could be forced, via a\nspecially crafted handshake packet, to use weak keying material for\ncommunication. A man-in-the-middle attacker could use this flaw to\ndecrypt and modify traffic between a client and a server.\n(CVE-2014-0224)\n\nNote: In order to exploit this flaw, both the server and the client\nmust be using a vulnerable version of OpenSSL; the server must be\nusing OpenSSL version 1.0.1 and above, and the client must be using\nany version of OpenSSL. For more information about this flaw, refer\nto: https://access.redhat.com/site/articles/904433\n\nRed Hat would like to thank the OpenSSL project for reporting this\nissue. Upstream acknowledges KIKUCHI Masashi of Lepidum as the\noriginal reporter of this issue.\n\nAll OpenSSL users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. For the update\nto take effect, all services linked to the OpenSSL library (such as\nhttpd and other SSL-enabled services) must be restarted or the system\nrebooted.\"\n );\n # https://access.redhat.com/site/articles/904433\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/articles/904433\"\n );\n # https://access.redhat.com/site/solutions/905793\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/solutions/905793\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:0680\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0224\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected openssl098e and / or openssl098e-debuginfo\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:X/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl098e\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl098e-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:0680\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", reference:\"openssl098e-0.9.8e-29.el7_0.2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"openssl098e-debuginfo-0.9.8e-29.el7_0.2\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl098e / openssl098e-debuginfo\");\n }\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-09-07T23:35:29", "description": "OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the \"CCS Injection\" vulnerability.", "cvss3": {"score": 7.4, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}, "published": "2021-08-10T00:00:00", "type": "nessus", "title": "Redhat Enterprise Unspecified Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0224"], "modified": "2021-08-10T00:00:00", "cpe": ["cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:*:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:jboss_enterprise_web_platform:5.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:storage:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:jboss_enterprise_web_server:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:filezilla-project:filezilla_server:*:*:*:*:*:*:*:*", "cpe:2.3:o:siemens:application_processing_engine_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:siemens:cp1543-1_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:siemens:rox_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:siemens:s7-1500_firmware:*:*:*:*:*:*:*:*"], "id": "OT_500473.NASL", "href": "https://www.tenable.com/plugins/ot/500473", "sourceData": "File data ot_500473.nasl", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-08-26T00:46:12", "description": "Updated openssl097a and openssl098e packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6 respectively.\n\nThe Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.\n\nIt was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server.\n(CVE-2014-0224)\n\nNote: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL. For more information about this flaw, refer to: https://access.redhat.com/site/articles/904433\n\nRed Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter of this issue.\n\nAll OpenSSL users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.", "cvss3": {"score": 7.4, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}, "published": "2014-06-06T00:00:00", "type": "nessus", "title": "CentOS 5 / 6 : openssl097a / openssl098e (CESA-2014:0626)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0224"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:openssl097a", "p-cpe:/a:centos:centos:openssl098e", "cpe:/o:centos:centos:5", "cpe:/o:centos:centos:6"], "id": "CENTOS_RHSA-2014-0626.NASL", "href": "https://www.tenable.com/plugins/nessus/74335", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:0626 and \n# CentOS Errata and Security Advisory 2014:0626 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74335);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2014-0224\");\n script_xref(name:\"RHSA\", value:\"2014:0626\");\n\n script_name(english:\"CentOS 5 / 6 : openssl097a / openssl098e (CESA-2014:0626)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated openssl097a and openssl098e packages that fix one security\nissue are now available for Red Hat Enterprise Linux 5 and 6\nrespectively.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL\nv2/v3) and Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nIt was found that OpenSSL clients and servers could be forced, via a\nspecially crafted handshake packet, to use weak keying material for\ncommunication. A man-in-the-middle attacker could use this flaw to\ndecrypt and modify traffic between a client and a server.\n(CVE-2014-0224)\n\nNote: In order to exploit this flaw, both the server and the client\nmust be using a vulnerable version of OpenSSL; the server must be\nusing OpenSSL version 1.0.1 and above, and the client must be using\nany version of OpenSSL. For more information about this flaw, refer\nto: https://access.redhat.com/site/articles/904433\n\nRed Hat would like to thank the OpenSSL project for reporting this\nissue. Upstream acknowledges KIKUCHI Masashi of Lepidum as the\noriginal reporter of this issue.\n\nAll OpenSSL users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. For the update\nto take effect, all services linked to the OpenSSL library (such as\nhttpd and other SSL-enabled services) must be restarted or the system\nrebooted.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2014-June/020345.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fd30e81d\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2014-June/020346.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?05f3ced1\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl097a and / or openssl098e packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0224\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl097a\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl098e\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x / 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"openssl097a-0.9.7a-12.el5_10.1\")) flag++;\n\nif (rpm_check(release:\"CentOS-6\", reference:\"openssl098e-0.9.8e-18.el6_5.2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl097a / openssl098e\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-08-26T00:42:55", "description": "It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server.\n(CVE-2014-0224)", "cvss3": {"score": 7.4, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}, "published": "2014-10-12T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : openssl098e (ALAS-2014-350)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0224"], "modified": "2019-11-12T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:openssl098e", "p-cpe:/a:amazon:linux:openssl098e-debuginfo", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2014-350.NASL", "href": "https://www.tenable.com/plugins/nessus/78293", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2014-350.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78293);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/11/12\");\n\n script_cve_id(\"CVE-2014-0224\");\n script_xref(name:\"ALAS\", value:\"2014-350\");\n script_xref(name:\"RHSA\", value:\"2014:0626\");\n\n script_name(english:\"Amazon Linux AMI : openssl098e (ALAS-2014-350)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was found that OpenSSL clients and servers could be forced, via a\nspecially crafted handshake packet, to use weak keying material for\ncommunication. A man-in-the-middle attacker could use this flaw to\ndecrypt and modify traffic between a client and a server.\n(CVE-2014-0224)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2014-350.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update openssl098e' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl098e\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl098e-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"openssl098e-0.9.8e-18.2.13.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openssl098e-debuginfo-0.9.8e-18.2.13.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl098e / openssl098e-debuginfo\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-08-26T00:46:16", "description": "Updated openssl packages that fix one security issue are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.\n\nIt was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server.\n(CVE-2014-0224)\n\nNote: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL. For more information about this flaw, refer to: https://access.redhat.com/site/articles/904433\n\nRed Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter of this issue.\n\nAll OpenSSL users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.", "cvss3": {"score": null, "vector": null}, "published": "2014-06-06T00:00:00", "type": "nessus", "title": "RHEL 5 : openssl (RHSA-2014:0624)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0224"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:openssl", "p-cpe:/a:redhat:enterprise_linux:openssl-debuginfo", "p-cpe:/a:redhat:enterprise_linux:openssl-devel", "p-cpe:/a:redhat:enterprise_linux:openssl-perl", "cpe:/o:redhat:enterprise_linux:5"], "id": "REDHAT-RHSA-2014-0624.NASL", "href": "https://www.tenable.com/plugins/nessus/74346", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:0624. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74346);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-0224\");\n script_bugtraq_id(67899);\n script_xref(name:\"RHSA\", value:\"2014:0624\");\n\n script_name(english:\"RHEL 5 : openssl (RHSA-2014:0624)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated openssl packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL\nv2/v3) and Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nIt was found that OpenSSL clients and servers could be forced, via a\nspecially crafted handshake packet, to use weak keying material for\ncommunication. A man-in-the-middle attacker could use this flaw to\ndecrypt and modify traffic between a client and a server.\n(CVE-2014-0224)\n\nNote: In order to exploit this flaw, both the server and the client\nmust be using a vulnerable version of OpenSSL; the server must be\nusing OpenSSL version 1.0.1 and above, and the client must be using\nany version of OpenSSL. For more information about this flaw, refer\nto: https://access.redhat.com/site/articles/904433\n\nRed Hat would like to thank the OpenSSL project for reporting this\nissue. Upstream acknowledges KIKUCHI Masashi of Lepidum as the\noriginal reporter of this issue.\n\nAll OpenSSL users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. For the update\nto take effect, all services linked to the OpenSSL library (such as\nhttpd and other SSL-enabled services) must be restarted or the system\nrebooted.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/site/articles/904433\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/site/solutions/905793\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:0624\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0224\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:0624\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"openssl-0.9.8e-27.el5_10.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"openssl-debuginfo-0.9.8e-27.el5_10.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"openssl-devel-0.9.8e-27.el5_10.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"openssl-perl-0.9.8e-27.el5_10.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"openssl-perl-0.9.8e-27.el5_10.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"openssl-perl-0.9.8e-27.el5_10.3\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-debuginfo / openssl-devel / openssl-perl\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-26T00:46:12", "description": "It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server.\n(CVE-2014-0224)\n\nNote: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL. For more information about this flaw, refer to :\n\nFor the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.", "cvss3": {"score": 7.4, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}, "published": "2014-06-06T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : openssl097a and openssl098e on SL5.x, SL6.x i386/x86_64 (20140605)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0224"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:openssl097a", "p-cpe:/a:fermilab:scientific_linux:openssl097a-debuginfo", "p-cpe:/a:fermilab:scientific_linux:openssl098e", "p-cpe:/a:fermilab:scientific_linux:openssl098e-debuginfo", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20140605_OPENSSL097A_AND_OPENSSL098E_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/74349", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74349);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-0224\");\n\n script_name(english:\"Scientific Linux Security Update : openssl097a and openssl098e on SL5.x, SL6.x i386/x86_64 (20140605)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was found that OpenSSL clients and servers could be forced, via a\nspecially crafted handshake packet, to use weak keying material for\ncommunication. A man-in-the-middle attacker could use this flaw to\ndecrypt and modify traffic between a client and a server.\n(CVE-2014-0224)\n\nNote: In order to exploit this flaw, both the server and the client\nmust be using a vulnerable version of OpenSSL; the server must be\nusing OpenSSL version 1.0.1 and above, and the client must be using\nany version of OpenSSL. For more information about this flaw, refer \nto :\n\nFor the update to take effect, all services linked to the OpenSSL\nlibrary (such as httpd and other SSL-enabled services) must be\nrestarted or the system rebooted.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1406&L=scientific-linux-errata&T=0&P=800\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5d4b1b6d\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl097a\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl097a-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl098e\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl098e-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"openssl097a-0.9.7a-12.el5_10.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openssl097a-debuginfo-0.9.7a-12.el5_10.1\")) flag++;\n\nif (rpm_check(release:\"SL6\", reference:\"openssl098e-0.9.8e-18.el6_5.2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"openssl098e-debuginfo-0.9.8e-18.el6_5.2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl097a / openssl097a-debuginfo / openssl098e / etc\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-08-26T00:42:41", "description": "It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server.\n(CVE-2014-0224)", "cvss3": {"score": 7.4, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}, "published": "2014-10-12T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : openssl097a (ALAS-2014-351)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0224"], "modified": "2019-11-12T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:openssl097a", "p-cpe:/a:amazon:linux:openssl097a-debuginfo", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2014-351.NASL", "href": "https://www.tenable.com/plugins/nessus/78294", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2014-351.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78294);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/11/12\");\n\n script_cve_id(\"CVE-2014-0224\");\n script_xref(name:\"ALAS\", value:\"2014-351\");\n script_xref(name:\"RHSA\", value:\"2014:0626\");\n\n script_name(english:\"Amazon Linux AMI : openssl097a (ALAS-2014-351)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was found that OpenSSL clients and servers could be forced, via a\nspecially crafted handshake packet, to use weak keying material for\ncommunication. A man-in-the-middle attacker could use this flaw to\ndecrypt and modify traffic between a client and a server.\n(CVE-2014-0224)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2014-351.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update openssl097a' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl097a\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl097a-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"openssl097a-0.9.7a-12.1.9.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openssl097a-debuginfo-0.9.7a-12.1.9.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl097a / openssl097a-debuginfo\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-08-26T00:45:56", "description": "It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server.\n(CVE-2014-0224)\n\nNote: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL. For more information about this flaw, refer to :\n\nFor the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.", "cvss3": {"score": 7.4, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}, "published": "2014-06-12T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : openssl on SL5.x i386/x86_64 (20140605)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0224"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:openssl", "p-cpe:/a:fermilab:scientific_linux:openssl-debuginfo", "p-cpe:/a:fermilab:scientific_linux:openssl-devel", "p-cpe:/a:fermilab:scientific_linux:openssl-perl", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20140605_OPENSSL_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/74487", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74487);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-0224\");\n\n script_name(english:\"Scientific Linux Security Update : openssl on SL5.x i386/x86_64 (20140605)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was found that OpenSSL clients and servers could be forced, via a\nspecially crafted handshake packet, to use weak keying material for\ncommunication. A man-in-the-middle attacker could use this flaw to\ndecrypt and modify traffic between a client and a server.\n(CVE-2014-0224)\n\nNote: In order to exploit this flaw, both the server and the client\nmust be using a vulnerable version of OpenSSL; the server must be\nusing OpenSSL version 1.0.1 and above, and the client must be using\nany version of OpenSSL. For more information about this flaw, refer \nto :\n\nFor the update to take effect, all services linked to the OpenSSL\nlibrary (such as httpd and other SSL-enabled services) must be\nrestarted or the system rebooted.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1406&L=scientific-linux-errata&T=0&P=1328\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?76c2afae\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 5.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"openssl-0.9.8e-27.el5_10.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openssl-debuginfo-0.9.8e-27.el5_10.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openssl-devel-0.9.8e-27.el5_10.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openssl-perl-0.9.8e-27.el5_10.3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-debuginfo / openssl-devel / openssl-perl\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-08-26T00:46:05", "description": "From Red Hat Security Advisory 2014:0624 :\n\nUpdated openssl packages that fix one security issue are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.\n\nIt was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server.\n(CVE-2014-0224)\n\nNote: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL. For more information about this flaw, refer to: https://access.redhat.com/site/articles/904433\n\nRed Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter of this issue.\n\nAll OpenSSL users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.", "cvss3": {"score": 7.4, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}, "published": "2014-06-06T00:00:00", "type": "nessus", "title": "Oracle Linux 5 : openssl (ELSA-2014-0624)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0224"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:openssl", "p-cpe:/a:oracle:linux:openssl-devel", "p-cpe:/a:oracle:linux:openssl-perl", "cpe:/o:oracle:linux:5"], "id": "ORACLELINUX_ELSA-2014-0624.NASL", "href": "https://www.tenable.com/plugins/nessus/74343", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2014:0624 and \n# Oracle Linux Security Advisory ELSA-2014-0624 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74343);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-0224\");\n script_bugtraq_id(67899);\n script_xref(name:\"RHSA\", value:\"2014:0624\");\n\n script_name(english:\"Oracle Linux 5 : openssl (ELSA-2014-0624)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2014:0624 :\n\nUpdated openssl packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL\nv2/v3) and Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nIt was found that OpenSSL clients and servers could be forced, via a\nspecially crafted handshake packet, to use weak keying material for\ncommunication. A man-in-the-middle attacker could use this flaw to\ndecrypt and modify traffic between a client and a server.\n(CVE-2014-0224)\n\nNote: In order to exploit this flaw, both the server and the client\nmust be using a vulnerable version of OpenSSL; the server must be\nusing OpenSSL version 1.0.1 and above, and the client must be using\nany version of OpenSSL. For more information about this flaw, refer\nto: https://access.redhat.com/site/articles/904433\n\nRed Hat would like to thank the OpenSSL project for reporting this\nissue. Upstream acknowledges KIKUCHI Masashi of Lepidum as the\noriginal reporter of this issue.\n\nAll OpenSSL users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. For the update\nto take effect, all services linked to the OpenSSL library (such as\nhttpd and other SSL-enabled services) must be restarted or the system\nrebooted.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2014-June/004173.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:X/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"openssl-0.9.8e-27.el5_10.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"openssl-devel-0.9.8e-27.el5_10.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"openssl-perl-0.9.8e-27.el5_10.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-devel / openssl-perl\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-08-26T00:45:56", "description": "The remote Blue Coat ProxySG device's SGOS self-reported version is 6.2 prior to 6.2.15.6. It, therefore, contains a bundled version of OpenSSL that has multiple flaws, meaning it is potentially affected by an unspecified error that could allow an attacker to cause usage of weak keying material leading to simplified man-in-the-middle attacks.", "cvss3": {"score": null, "vector": null}, "published": "2014-06-20T00:00:00", "type": "nessus", "title": "Blue Coat ProxySG 6.2.x OpenSSL Security Bypass", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0224"], "modified": "2019-11-26T00:00:00", "cpe": ["cpe:/o:bluecoat:sgos"], "id": "BLUECOAT_PROXY_SG_6_2_15_6.NASL", "href": "https://www.tenable.com/plugins/nessus/76164", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76164);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/11/26\");\n\n script_cve_id(\"CVE-2014-0224\");\n script_bugtraq_id(67899);\n script_xref(name:\"CERT\", value:\"978508\");\n\n script_name(english:\"Blue Coat ProxySG 6.2.x OpenSSL Security Bypass\");\n script_summary(english:\"Checks the Blue Coat ProxySG SGOS version\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is potentially affected by a security bypass\nvulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Blue Coat ProxySG device's SGOS self-reported version is\n6.2 prior to 6.2.15.6. It, therefore, contains a bundled version of\nOpenSSL that has multiple flaws, meaning it is potentially affected by\nan unspecified error that could allow an attacker to cause usage of\nweak keying material leading to simplified man-in-the-middle attacks.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bto.bluecoat.com/security-advisory/sa80\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to version 6.2.15.6 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0224\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:bluecoat:sgos\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Firewalls\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"bluecoat_proxy_sg_version.nasl\");\n script_require_keys(\"Host/BlueCoat/ProxySG/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit(\"Host/BlueCoat/ProxySG/Version\");\nui_version = get_kb_item(\"Host/BlueCoat/ProxySG/UI_Version\");\n\nif (version !~ \"^6\\.2\\.\") audit(AUDIT_HOST_NOT, \"Blue Coat ProxySG 6.2.x\");\n\nreport_fix = NULL;\n\n# Select version for report\nif (isnull(ui_version)) report_ver = version;\nelse report_ver = ui_version;\n\nif (version =~ \"^6\\.2\\.\" && ver_compare(ver:version, fix:\"6.2.15.6\", strict:FALSE) == -1)\n{\n fix = '6.2.15.6';\n ui_fix = '6.2.15.6 Build 0';\n\n # Select fixed version for report\n if (isnull(ui_version)) report_fix = fix;\n else report_fix = ui_fix;\n}\n\nif (!isnull(report_fix))\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Installed version : ' + report_ver +\n '\\n Fixed version : ' + report_fix +\n '\\n';\n security_warning(port:0, extra:report);\n }\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, 'Blue Coat ProxySG', version);\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-08-26T00:43:26", "description": "The remote HP printer is affected by a security bypass vulnerability.\nThe included OpenSSL library has a security bypass flaw in the handshake process. By using a specially crafted handshake, a remote attacker can force the use of weak keying material. This could be leveraged for a man-in-the-middle attack.", "cvss3": {"score": null, "vector": null}, "published": "2014-10-09T00:00:00", "type": "nessus", "title": "HP Printers Security Bypass (HPSBPI03107)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0224"], "modified": "2019-11-25T00:00:00", "cpe": ["cpe:/h:hp:laserjet"], "id": "HP_LASERJET_HPSBPI03107.NASL", "href": "https://www.tenable.com/plugins/nessus/78110", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78110);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/11/25\");\n\n script_cve_id(\"CVE-2014-0224\");\n script_bugtraq_id(67899);\n script_xref(name:\"CERT\", value:\"978508\");\n script_xref(name:\"HP\", value:\"emr_na-c04451722\");\n script_xref(name:\"HP\", value:\"HPSBPI03107\");\n\n script_name(english:\"HP Printers Security Bypass (HPSBPI03107)\");\n script_summary(english:\"Checks the firmware datecode.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote printer is affected by a security bypass vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote HP printer is affected by a security bypass vulnerability.\nThe included OpenSSL library has a security bypass flaw in the\nhandshake process. By using a specially crafted handshake, a remote\nattacker can force the use of weak keying material. This could be\nleveraged for a man-in-the-middle attack.\");\n # https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c04451722\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f055628e\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the firmware in accordance with the vendor's advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0224\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:hp:laserjet\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"hp_pjl_version.nbin\", \"hp_laserjet_detect.nasl\");\n script_require_ports(\"www/hp_laserjet/pname\", \"pjl/model\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n# Remove and fix words in the printer's name that don't match the list\n# on the Web site (designed to reduce false negatives). Also convert the\n# name to uppercase and remove spaces to make it as unlikely as possible that\n# we miss anything.\nfunction normalize_model(model)\n{\n local_var series_to_remove, series, words_to_remove, word;\n\n model = toupper(model);\n\n #Remove any the generic series number from product name\n series_to_remove = make_list(' 100 ', ' 300 ', ' 400 ', ' 500 ', ' 600 ', ' 700 ');\n foreach series(series_to_remove)\n model = str_replace(string:model, find:series, replace:' ');\n\n words_to_remove = make_list( 'COLOR', 'EDGELINE', 'ENTERPRISE', 'FLOW', 'HP', 'HOTSPOT', 'LASERJET', 'MFP', 'MULTIFUNCTION', 'PRINTER', 'PROFESSIONAL', 'PRO', 'SERIES', 'SCANJET', 'TOPSHOT', 'WITH', 'ALL', 'IN', 'ONE', 'DIGITAL', 'SENDER', '-', 'FN1', 'DOCUMENT', 'CAPTURE', 'WORKSTATION' );\n foreach word(words_to_remove)\n model = str_replace(string:model, find:word, replace:'');\n\n model = str_replace(string:model, find:' ', replace:'');\n\n return model;\n}\n\nport = get_service(svc:\"jetdirect\", exit_on_fail:TRUE);\n\nmodel = get_kb_item('pjl/model');\nif (!model) model = get_kb_item('www/hp_laserjet/pname');\nif (!model) exit(1, \"Failed to get the HP model number.\");\n\nfirmware = int(get_kb_item('pjl/firmware'));\nif (!firmware) firmware = int(get_kb_item('www/hp_laserjet/fw'));\nif (!firmware) exit(1, \"Failed to get the HP firmware version.\");\n\nserial = get_kb_item('www/hp_laserjet/serial');\nif (!serial) serial = get_kb_item('pjl/serial');\nif (!serial) serial = \"unknown\";\n\n\n# From support.hp.com searches\nsigning_firmware = make_array(\n #\"HP LaserJet 400 MFP M425dn\", 20140731, # <---- uncomment for testing\n \"HP Color LaserJet CM4540 MFP\", 20140731,\n \"HP Color LaserJet CM4540f MFP\", 20140731,\n \"HP Color LaserJet CM4540fskm MFP\", 20140731,\n \"HP Color LaserJet CP5525n\", 20140731,\n \"HP Color LaserJet CP5525dn\", 20140731,\n \"HP Color LaserJet CP5525xh\", 20140731,\n \"HP Color LaserJet Enterprise M750n\", 20140731,\n \"HP Color LaserJet Enterprise M750dn\", 20140731,\n \"HP Color LaserJet Enterprise M750xh\", 20140731,\n \"HP Color LaserJet M651n\", 20140731,\n \"HP Color LaserJet M651dn\", 20140731,\n \"HP Color LaserJet M651xh\", 20140731,\n \"HP Color LaserJet M680f\", 20140731,\n \"HP Color LaserJet M680dn\", 20140731,\n \"HP Color LaserJet Flow M680z\", 20140731,\n \"HP LaserJet Enterprise 500 color MFP M575f\", 20140731,\n \"HP LaserJet Enterprise 500 color MFP M575dn\", 20140731,\n \"HP LaserJet Enterprise 500 MFP M525f\", 20140731,\n \"HP LaserJet Enterprise 500 MFP M525dn\", 20140731,\n \"HP LaserJet Enterprise 600 M601n\", 20140731,\n \"HP LaserJet Enterprise 600 M601dn\", 20140731,\n \"HP LaserJet Enterprise 600 M602n\", 20140731,\n \"HP LaserJet Enterprise 600 M602dn\", 20140731,\n \"HP LaserJet Enterprise 600 M602x\", 20140731,\n \"HP LaserJet Enterprise 600 M603n\", 20140731,\n \"HP LaserJet Enterprise 600 M603dn\", 20140731,\n \"HP LaserJet Enterprise 600 M603xh\", 20140731,\n \"HP LaserJet Enterprise MFP M630dn\", 20140731,\n \"HP LaserJet Enterprise MFP M630f\", 20140731,\n \"HP LaserJet Enterprise MFP M630h\", 20140731,\n \"HP LaserJet Enterprise Flow MFP M630z\", 20140731,\n \"HP LaserJet Enterprise 700 color M775dn\", 20140731,\n \"HP LaserJet Enterprise 700 color M775f\", 20140731,\n \"HP LaserJet Enterprise 700 color M775z\", 20140731,\n \"HP LaserJet Enterprise 700 color M775z+\", 20140731,\n \"HP LaserJet Enterprise 700 M712n\", 20140731,\n \"HP LaserJet Enterprise 700 M712dn\", 20140731,\n \"HP LaserJet Enterprise 700 M712xh\", 20140731,\n \"HP LaserJet Enterprise 800 color M855dn\", 20140731,\n \"HP LaserJet Enterprise 800 color M855xh\", 20140731,\n \"HP LaserJet Enterprise 800 color M855x+\", 20140731,\n \"HP LaserJet Enterprise 800 color MFP M880z\", 20140731,\n \"HP LaserJet Enterprise 800 color MFP M880z+\", 20140731,\n \"HP LaserJet Enterprise Color 500 M551n\", 20140731,\n \"HP LaserJet Enterprise Color 500 M551dn\", 20140731,\n \"HP LaserJet Enterprise Color 500 M551xh\", 20140731,\n \"HP LaserJet Enterprise color flow MFP M575c\", 20140731,\n \"HP LaserJet Enterprise flow M830z Multifunction Printer\", 20140731,\n \"HP LaserJet Enterprise flow MFP M525c\", 20140731,\n \"HP LaserJet Enterprise M4555 MFP\", 20140731,\n \"HP LaserJet Enterprise M4555f MFP\", 20140731,\n \"HP LaserJet Enterprise M4555fskm MFP\", 20140731,\n \"HP LaserJet Enterprise M4555h MFP\", 20140731,\n \"HP LaserJet Enterprise M806dn\", 20140731,\n \"HP LaserJet Enterprise M806x+\", 20140731,\n \"HP LaserJet Enterprise MFP M725dn\", 20140731,\n \"HP LaserJet Enterprise MFP M725z+\", 20140731,\n \"HP LaserJet Enterprise MFP M725z\", 20140731,\n \"HP LaserJet Enterprise MFP M725f\", 20140731,\n \"HP Scanjet Enterprise 8500 fn1 Document Capture Workstation\", 20140731,\n \"HP Color LaserJet CP3525\", 20140722,\n \"HP Color LaserJet CP3525n\", 20140722,\n \"HP Color LaserJet CP3525x\", 20140722,\n \"HP Color LaserJet CP3525dn\", 20140722,\n \"HP LaserJet M4345 Multifunction Printer\", 20140722,\n \"HP LaserJet M4345x Multifunction Printer\", 20140722,\n \"HP LaserJet M4345xm Multifunction Printer\", 20140722,\n \"HP LaserJet M4345xs Multifunction Printer\", 20140722,\n \"HP LaserJet M5025 Multifunction Printer\", 20140722,\n \"HP Color LaserJet CM6040 Multifunction Printer\", 20140723,\n \"HP Color LaserJet CM6040f Multifunction Printer\", 20140723,\n \"HP Color LaserJet Enterprise CP4525n\", 20140725,\n \"HP Color LaserJet Enterprise CP4525dn\", 20140725,\n \"HP Color LaserJet Enterprise CP4525xh\", 20140725,\n \"HP Color LaserJet Enterprise CP4025n Printer\", 20140725,\n \"HP Color LaserJet Enterprise CP4025dn Printer\", 20140725,\n \"HP LaserJet M5035 Multifunction Printer\", 20140722,\n \"HP LaserJet M5035x Multifunction Printer\", 20140722,\n \"HP LaserJet M5035xs Multifunction Printer\", 20140722,\n \"HP LaserJet M9050 Multifunction Printer\", 20140722,\n \"HP LaserJet M9040 Multifunction Printer\", 20140722,\n \"HP Color LaserJet CM4730 Multifunction Printer\", 20140723,\n \"HP Color LaserJet CM4730f Multifunction Printer\", 20140723,\n \"HP Color LaserJet CM4730fsk Multifunction Printer\", 20140723,\n \"HP Color LaserJet CM4730fm Multifunction Printer\", 20140723,\n \"HP LaserJet M3035 Multifunction Printer\", 20140722,\n \"HP LaserJet M3035xs Multifunction Printer\", 20140722,\n \"HP 9250c Digital Sender\", 20140723,\n \"HP LaserJet Enterprise P3015 Printer\", 20140723,\n \"HP LaserJet Enterprise P3015d Printer\", 20140723,\n \"HP LaserJet Enterprise P3015n Printer\", 20140723,\n \"HP LaserJet Enterprise P3015dn Printer\", 20140723,\n \"HP LaserJet Enterprise P3015x Printer\", 20140723,\n \"HP LaserJet M3027 Multifunction Printer\", 20140722,\n \"HP LaserJet M3027x Multifunction Printer\", 20140722,\n \"HP LaserJet CM3530 Multifunction Printer\", 20140722,\n \"HP LaserJet CM3530fs Multifunction Printer\", 20140722,\n \"HP Color LaserJet CP6015dn Printer\", 20140725,\n \"HP Color LaserJet CP6015n Printer\", 20140725,\n \"HP Color LaserJet CP6015x Printer\", 20140725,\n \"HP Color LaserJet CP6015xh Printer\", 20140725,\n \"HP Color LaserJet CP6015de Printer\", 20140725,\n \"HP LaserJet P4515n Printer\", 20140723,\n \"HP LaserJet P4515tn Printer\", 20140723,\n \"HP LaserJet P4515x Printer\", 20140723,\n \"HP LaserJet P4515xm Printer\", 20140723,\n \"HP Color LaserJet CM6030 Multifunction Printer\", 20140723,\n \"HP Color LaserJet CM6030f Multifunction Printer\", 20140723,\n \"HP LaserJet P4015n Printer\", 20140723,\n \"HP LaserJet P4015dn Printer\", 20140723,\n \"HP LaserJet P4015x Printer\", 20140723,\n \"HP LaserJet P4015tn Printer\", 20140723,\n \"HP LaserJet P4014 Printer\", 20140723,\n \"HP LaserJet P4014n Printer\", 20140723,\n \"HP LaserJet P4014dn Printer\", 20140723\n);\n\n# Normalize the names of the models (to make it possible to look them up)\nfixed_signing_firmware = make_array();\nforeach f(keys(signing_firmware))\n{\n fixed_signing_firmware[normalize_model(model:f)] = signing_firmware[f];\n}\nsigning_firmware = fixed_signing_firmware;\n\n# Figure out which firmware update the printer requires\nmodel_norm = normalize_model(model:model);\nupdate = signing_firmware[model_norm];\n\n# If we didn't find it in the list, this plugin doesn't apply\nif (isnull(update)) exit(0, \"This printer model (\" + model + \") does not appear to be affected.\");\n\n# Check if the firmware version is vulnerable\nif (firmware < update)\n{\n if (report_verbosity > 0)\n security_warning(\n port:port,\n extra:\n '\\n Model : ' + model +\n '\\n Serial number : ' + serial +\n '\\n Installed version : ' + firmware +\n '\\n Fixed version : ' + update +\n '\\n'\n );\n else security_warning(port);\n exit(0);\n}\naudit(AUDIT_HOST_NOT, 'affected since firmware version ' + firmware + ' is installed');\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-08-26T00:51:53", "description": "SunOS 5.10: wanboot patch.\nDate this patch was last updated by Sun : Aug/13/17\n\nThis plugin has been deprecated and either replaced with individual 150383 patch-revision plugins, or deemed non-security related.", "cvss3": {"score": null, "vector": null}, "published": "2013-06-05T00:00:00", "type": "nessus", "title": "Solaris 10 (sparc) : 150383-19 (deprecated)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0224"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:sun:solaris"], "id": "SOLARIS10_150383.NASL", "href": "https://www.tenable.com/plugins/nessus/66800", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# @DEPRECATED@\n#\n# Disabled on 2018/03/12. Deprecated and either replaced by\n# individual patch-revision plugins, or has been deemed a\n# non-security advisory.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(66800);\n script_version(\"1.30\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-0224\");\n script_bugtraq_id(67899);\n\n script_name(english:\"Solaris 10 (sparc) : 150383-19 (deprecated)\");\n script_summary(english:\"Check for patch 150383-19\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"This plugin has been deprecated.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"SunOS 5.10: wanboot patch.\nDate this patch was last updated by Sun : Aug/13/17\n\nThis plugin has been deprecated and either replaced with individual\n150383 patch-revision plugins, or deemed non-security related.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/150383-19\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"n/a\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:sun:solaris\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/06/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\nexit(0, \"This plugin has been deprecated. Consult specific patch-revision plugins for patch 150383 instead.\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-26T00:45:23", "description": "The remote Cisco TelePresence device is running a software version known to be affected by multiple OpenSSL related vulnerabilities :\n\n - An unspecified error exists that could allow an attacker to cause usage of weak keying material leading to simplified man-in-the-middle attacks.\n (CVE-2014-0224)\n\n - An unspecified error exists related to anonymous ECDH ciphersuites that could allow denial of service attacks. Note this issue only affects OpenSSL TLS clients. (CVE-2014-3470)", "cvss3": {"score": null, "vector": null}, "published": "2014-06-18T00:00:00", "type": "nessus", "title": "Cisco TelePresence Supervisor MSE 8050 Multiple Vulnerabilities in OpenSSL", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0224", "CVE-2014-3470"], "modified": "2019-11-26T00:00:00", "cpe": ["cpe:/h:cisco:telepresence_supervisor_mse_8050"], "id": "CISCO_TELEPRESENCE_SUPERVISOR_8050_MSE_CSCUP22635.NASL", "href": "https://www.tenable.com/plugins/nessus/76132", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76132);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/11/26\");\n\n script_cve_id(\"CVE-2014-0224\", \"CVE-2014-3470\");\n script_bugtraq_id(67898, 67899);\n script_xref(name:\"CERT\", value:\"978508\");\n\n script_name(english:\"Cisco TelePresence Supervisor MSE 8050 Multiple Vulnerabilities in OpenSSL\");\n script_summary(english:\"Checks TelePresence Supervisor version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Cisco TelePresence device is running a software version\nknown to be affected by multiple OpenSSL related vulnerabilities :\n\n - An unspecified error exists that could allow an\n attacker to cause usage of weak keying material\n leading to simplified man-in-the-middle attacks.\n (CVE-2014-0224)\n\n - An unspecified error exists related to anonymous ECDH\n ciphersuites that could allow denial of service\n attacks. Note this issue only affects OpenSSL TLS\n clients. (CVE-2014-3470)\");\n # http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5539aa9d\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20140605.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"There is currently no known solution.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:U/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0224\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:cisco:telepresence_supervisor_mse_8050\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CISCO\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"cisco_telepresence_supervisor_mse_detect.nbin\");\n script_require_keys(\"cisco/supervisor_mse/8050\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit(\"cisco/supervisor_mse/8050\");\n\nitem = eregmatch(pattern: \"^([0-9.]+)(\\(([0-9.]+)\\))?$\", string: version);\nif (isnull(item)) exit(1, \"Failed to parse version string.\");\n\nif (isnull(item[3])) audit(AUDIT_VER_NOT_GRANULAR, \"Cisco TelePresence Supervisor MSE 8050\", version);\n\nvuln = FALSE;\n\nif (item[1] == \"2.1\" && item[3] == \"1.18\")\n vuln = TRUE;\n\nif (item[1] == \"2.2\" && item[3] == \"1.17\")\n vuln = TRUE;\n\nif (item[1] == \"2.3\" && item[3] == \"1.31\")\n vuln = TRUE;\n\nif (item[1] == \"2.3\" && item[3] == \"1.32\")\n vuln = TRUE;\n\nif (vuln) security_warning(0);\nelse audit(AUDIT_INST_VER_NOT_VULN, \"Cisco TelePresence Supervisor MSE 8050 software\", version);\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-08-26T00:44:17", "description": "According to its version number, the Splunk Enterprise hosted on the remote web server is 4.3.x, 5.0.x prior to 5.0.9, 6.0.x prior to 6.0.5, or 6.1.x prior to 6.1.2. It is, therefore, affected by multiple OpenSSL-related vulnerabilities :\n\n - An unspecified error exists that allows an attacker to cause usage of weak keying material, resulting in simplified man-in-the-middle attacks. (CVE-2014-0224)\n\n - An unspecified error exists related to anonymous ECDH cipher suites that allow denial of service attacks. Note that this issue only affects OpenSSL TLS clients.\n (CVE-2014-3470)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": null, "vector": null}, "published": "2014-07-16T00:00:00", "type": "nessus", "title": "Splunk Enterprise 4.3.x / 5.0.x < 5.0.9 / 6.0.x < 6.0.5 / 6.1.x < 6.1.2 Multiple OpenSSL Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0224", "CVE-2014-3470"], "modified": "2019-11-26T00:00:00", "cpe": ["cpe:/a:splunk:splunk"], "id": "SPLUNK_605.NASL", "href": "https://www.tenable.com/plugins/nessus/76528", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76528);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/11/26\");\n\n script_cve_id(\"CVE-2014-0224\", \"CVE-2014-3470\");\n script_bugtraq_id(67898, 67899);\n script_xref(name:\"CERT\", value:\"978508\");\n\n script_name(english:\"Splunk Enterprise 4.3.x / 5.0.x < 5.0.9 / 6.0.x < 6.0.5 / 6.1.x < 6.1.2 Multiple OpenSSL Vulnerabilities\");\n script_summary(english:\"Checks the version of Splunk Enterprise.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server contains an application that is affected by\nmultiple OpenSSL-related vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its version number, the Splunk Enterprise hosted on the\nremote web server is 4.3.x, 5.0.x prior to 5.0.9, 6.0.x prior to\n6.0.5, or 6.1.x prior to 6.1.2. It is, therefore, affected by multiple\nOpenSSL-related vulnerabilities :\n\n - An unspecified error exists that allows an attacker to\n cause usage of weak keying material, resulting in\n simplified man-in-the-middle attacks. (CVE-2014-0224)\n\n - An unspecified error exists related to anonymous ECDH\n cipher suites that allow denial of service attacks. Note\n that this issue only affects OpenSSL TLS clients.\n (CVE-2014-3470)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.splunk.com/view/SP-CAAAM2D\");\n # https://www.splunk.com/blog/2014/06/09/splunk-and-the-latest-openssl-vulnerabilities.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e0aaf276\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20140605.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Splunk Enterprise 5.0.9 / 6.0.5 / 6.1.2 or later as\nappropriate.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0224\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:splunk:splunk\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"splunkd_detect.nasl\", \"splunk_web_detect.nasl\");\n script_require_keys(\"installed_sw/Splunk\");\n script_require_ports(\"Services/www\", 8089, 8000);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"install_func.inc\");\n\napp = \"Splunk\";\n\nget_install_count(app_name:app, exit_if_zero:TRUE);\n\nport = get_http_port(default:8000, embedded:TRUE);\n\ninstall = get_single_install(\n app_name : app,\n port : port,\n exit_if_unknown_ver : TRUE\n);\n\ndir = install['path'];\nver = install['version'];\n\ninstall_url = build_url(qs:dir, port:port);\n\nlicense = install['License'];\nif (isnull(license) || license != \"Enterprise\")\n exit(0, \"The Splunk install at \"+install_url+\" is not the Enterprise variant.\");\n\nfix = FALSE;\n\nif (ver =~ \"^4\\.3($|[^0-9])\") fix = 'Upgrade to 5.0.9 / 6.0.5 / 6.1.2';\nelse if (ver =~ \"^5\\.0($|[^0-9])\") fix = '5.0.9';\nelse if (ver =~ \"^6\\.0($|[^0-9])\") fix = '6.0.5';\nelse if (ver =~ \"^6\\.1($|[^0-9])\") fix = '6.1.2';\n\nif (fix && (\"Upgrade\" >< fix || ver_compare(ver:ver, fix:fix, strict:FALSE) < 0))\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n URL : ' + install_url +\n '\\n Installed version : ' + ver +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n exit(0);\n}\nelse audit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_url, ver);\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-08-26T00:43:10", "description": "The remote host is running a version of Oracle Endeca Information Discovery Studio that may be missing a vendor-supplied security patch that fixes multiple bugs and OpenSSL related security vulnerabilities.\n\nNote that depending on how the remote host is configured, Nessus may not be able to detect the correct version. You'll need to manually verify that the remote host has not been patched.", "cvss3": {"score": null, "vector": null}, "published": "2014-10-21T00:00:00", "type": "nessus", "title": "Oracle Endeca Information Discovery Studio Multiple Vulnerabilities (October 2014 CPU)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0050", "CVE-2014-0224"], "modified": "2021-01-19T00:00:00", "cpe": ["cpe:/a:oracle:fusion_middleware"], "id": "ORACLE_EIDS_CPU_OCT_2014.NASL", "href": "https://www.tenable.com/plugins/nessus/78603", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(78603);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-0050\", \"CVE-2014-0224\");\n script_bugtraq_id(65400, 67899);\n\n script_name(english:\"Oracle Endeca Information Discovery Studio Multiple Vulnerabilities (October 2014 CPU)\");\n script_summary(english:\"Checks the version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Oracle Endeca Information\nDiscovery Studio that may be missing a vendor-supplied security patch\nthat fixes multiple bugs and OpenSSL related security vulnerabilities.\n\nNote that depending on how the remote host is configured, Nessus may\nnot be able to detect the correct version. You'll need to manually\nverify that the remote host has not been patched.\");\n # https://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1ada40cc\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the October 2014 Oracle\nCritical Patch Update advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0050\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/21\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:fusion_middleware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"oracle_endeca_information_discovery_studio_detect.nbin\");\n script_require_keys(\"installed_sw/Oracle Endeca Information Discovery Studio\", \"Settings/ParanoidReport\");\n script_require_ports(\"Services/www\", 8080);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"install_func.inc\");\n\napp_name = \"Oracle Endeca Information Discovery Studio\";\n\nport = get_http_port(default:8080);\n\ninstall = get_single_install(app_name:app_name, port:port, exit_if_unknown_ver:TRUE);\n\nversion = install[\"version\"];\ndir = install[\"path\"];\n\ninstall_url = build_url(port:port, qs:dir);\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nif (\n (version =~ \"^3\\.0\\.\" && ver_compare(ver:version, fix:\"3.0.18092\", strict:FALSE) == -1) ||\n (version =~ \"^3\\.1\\.\" && ver_compare(ver:version, fix:\"3.1.18915\", strict:FALSE) == -1) ||\n (version =~ \"^2\\.4\\.0\\.\") ||\n (version =~ \"^2\\.3\\.\" && ver_compare(ver:version, fix:\"2.3.18835\", strict:FALSE) == -1) ||\n (version =~ \"^2\\.2\\.2\\.\" && ver_compare(ver:version, fix:\"2.2.2.17777\", strict:FALSE) == -1) ||\n (version =~ \"^2\\.2\\.[0-2]$\")\n)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n URL : ' + install_url +\n '\\n Installed version : ' + version +\n '\\n';\n security_hole(extra:report, port:port);\n }\n else security_hole(port);\n}\nelse audit(AUDIT_WEB_APP_NOT_AFFECTED, app_name, install_url, version);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-26T00:45:57", "description": "The remote Cisco ASA device is running a software version known to be affected by multiple OpenSSL related vulnerabilities :\n\n - A buffer overflow error exists related to invalid DTLS fragment handling that could lead to execution of arbitrary code. Note this issue only affects OpenSSL when used as a DTLS client or server. (CVE-2014-0195)\n\n - An unspecified error exists that could allow an attacker to cause usage of weak keying material leading to simplified man-in-the-middle attacks.\n (CVE-2014-0224)\n\nNote that Nessus has not checked for the presence of workarounds that may mitigate these vulnerabilities.", "cvss3": {"score": null, "vector": null}, "published": "2014-06-18T00:00:00", "type": "nessus", "title": "Cisco Adaptive Security Appliances Multiple Vulnerabilities in OpenSSL", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0195", "CVE-2014-0224"], "modified": "2018-07-06T00:00:00", "cpe": ["cpe:/a:cisco:adaptive_security_appliance_software"], "id": "CISCO_ASA_CSCUP22532.NASL", "href": "https://www.tenable.com/plugins/nessus/76128", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76128);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/07/06 11:26:05\");\n\n script_cve_id(\"CVE-2014-0195\", \"CVE-2014-0224\");\n script_bugtraq_id(67899, 67900);\n script_xref(name:\"CERT\", value:\"978508\");\n\n script_name(english:\"Cisco Adaptive Security Appliances Multiple Vulnerabilities in OpenSSL\");\n script_summary(english:\"Checks Cisco ASA device version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\"The remote host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Cisco ASA device is running a software version known to be\naffected by multiple OpenSSL related vulnerabilities :\n\n - A buffer overflow error exists related to invalid DTLS\n fragment handling that could lead to execution of\n arbitrary code. Note this issue only affects OpenSSL\n when used as a DTLS client or server. (CVE-2014-0195)\n\n - An unspecified error exists that could allow an\n attacker to cause usage of weak keying material\n leading to simplified man-in-the-middle attacks.\n (CVE-2014-0224)\n\nNote that Nessus has not checked for the presence of workarounds that\nmay mitigate these vulnerabilities.\");\n # http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5539aa9d\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20140605.txt\");\n script_set_attribute(attribute:\"solution\", value:\"Apply the recommended vendor supplied software update or workaround.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\nscript_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/18\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:cisco:adaptive_security_appliance_software\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CISCO\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/Cisco/ASA\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"cisco_func.inc\");\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nasa = get_kb_item_or_exit('Host/Cisco/ASA');\nversion = extract_asa_version(asa);\nif (isnull(version)) audit(AUDIT_FN_FAIL, 'extract_asa_version');\n\nvuln = FALSE;\n\nif (\n version =~ \"^8\\.0(\\.|\\()\" &&\n cisco_gen_ver_compare(a:version, b:\"8.0(5)39\") <= 0 &&\n cisco_gen_ver_compare(a:version, b:\"8.0(2)\") >= 0\n) vuln = TRUE;\n\nelse if (\n version =~ \"^8\\.1(\\.|\\()\" &&\n cisco_gen_ver_compare(a:version, b:\"8.1(2)56\") <= 0 &&\n cisco_gen_ver_compare(a:version, b:\"8.1(1)\") >= 0\n) vuln = TRUE;\n\nelse if (\n version =~ \"^8\\.2(\\.|\\()\" &&\n cisco_gen_ver_compare(a:version, b:\"8.2(5)49\") <= 0 &&\n cisco_gen_ver_compare(a:version, b:\"8.2(1)\") >= 0\n) vuln = TRUE;\n\nelse if (\n version =~ \"^8\\.3(\\.|\\()\" &&\n cisco_gen_ver_compare(a:version, b:\"8.3(2)40\") <= 0 &&\n cisco_gen_ver_compare(a:version, b:\"8.3(1)\") >= 0\n) vuln = TRUE;\n\nelse if (\n version =~ \"^8\\.4(\\.|\\()\" &&\n cisco_gen_ver_compare(a:version, b:\"8.4(7)20\") <= 0 &&\n cisco_gen_ver_compare(a:version, b:\"8.4(1)\") >= 0\n) vuln = TRUE;\n\nelse if (\n version =~ \"^8\\.5(\\.|\\()\" &&\n cisco_gen_ver_compare(a:version, b:\"8.5(1)20\") <= 0 &&\n cisco_gen_ver_compare(a:version, b:\"8.5(1)\") >= 0\n) vuln = TRUE;\n\nelse if (\n version =~ \"^8\\.6(\\.|\\()\" &&\n cisco_gen_ver_compare(a:version, b:\"8.6(1)13\") <= 0 &&\n cisco_gen_ver_compare(a:version, b:\"8.6(1)\") >= 0\n) vuln = TRUE;\n\nelse if (\n version =~ \"^8\\.7(\\.|\\()\" &&\n cisco_gen_ver_compare(a:version, b:\"8.7(1)11\") <= 0 &&\n cisco_gen_ver_compare(a:version, b:\"8.7(1)\") >= 0\n) vuln = TRUE;\n\nelse if (\n version =~ \"^9\\.0(\\.|\\()\" &&\n cisco_gen_ver_compare(a:version, b:\"9.0(4)12\") <= 0 &&\n cisco_gen_ver_compare(a:version, b:\"9.0(1)\") >= 0\n) vuln = TRUE;\n\nelse if (\n version =~ \"^9\\.1(\\.|\\()\" &&\n cisco_gen_ver_compare(a:version, b:\"9.1(5)7\") <= 0 &&\n cisco_gen_ver_compare(a:version, b:\"9.1(1)\") >= 0\n) vuln = TRUE;\n\nelse if (\n cisco_gen_ver_compare(a:version, b:\"9.2(1)\") == 0\n) vuln = TRUE;\n\nif (vuln) security_warning(0);\nelse audit(AUDIT_INST_VER_NOT_VULN, 'ASA', version);\n\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-26T00:44:26", "description": "The version of HP OneView installed on the remote host is 1.0, 1.01, or 1.05. It is, therefore, affected by the following vulnerabilities related to the included OpenSSL libraries :\n\n - An error exists in the function 'ssl3_read_bytes' that could allow data to be injected into other sessions or allow denial of service attacks. Note this issue is only exploitable if 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2010-5298)\n\n - An error exists in the function 'do_ssl3_write' that could allow a NULL pointer to be dereferenced leading to denial of service attacks. Note this issue is exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2014-0198)\n\n - An unspecified error exists that could allow an attacker to cause usage of weak keying material leading to simplified man-in-the-middle attacks.\n (CVE-2014-0224)", "cvss3": {"score": null, "vector": null}, "published": "2014-07-24T00:00:00", "type": "nessus", "title": "HP OneView < 1.10 OpenSSL Multiple Vulnerabilities (HPSBGN03068)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-5298", "CVE-2014-0198", "CVE-2014-0224"], "modified": "2021-01-19T00:00:00", "cpe": ["cpe:/a:hp:oneview"], "id": "HP_ONEVIEW_1_10.NASL", "href": "https://www.tenable.com/plugins/nessus/76776", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76776);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2010-5298\", \"CVE-2014-0198\", \"CVE-2014-0224\");\n script_bugtraq_id(66801, 67193, 67899);\n script_xref(name:\"CERT\", value:\"978508\");\n script_xref(name:\"HP\", value:\"emr_na-c04368264\");\n script_xref(name:\"HP\", value:\"HPSBGN03068\");\n script_xref(name:\"HP\", value:\"SSRT101004\");\n\n script_name(english:\"HP OneView < 1.10 OpenSSL Multiple Vulnerabilities (HPSBGN03068)\");\n script_summary(english:\"Checks the version of HP OneView.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an application installed that is affected by\nmultiple OpenSSL related vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of HP OneView installed on the remote host is 1.0, 1.01,\nor 1.05. It is, therefore, affected by the following vulnerabilities\nrelated to the included OpenSSL libraries :\n\n - An error exists in the function 'ssl3_read_bytes'\n that could allow data to be injected into other\n sessions or allow denial of service attacks. Note\n this issue is only exploitable if\n 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2010-5298)\n\n - An error exists in the function 'do_ssl3_write' that\n could allow a NULL pointer to be dereferenced leading\n to denial of service attacks. Note this issue is\n exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is\n enabled. (CVE-2014-0198)\n\n - An unspecified error exists that could allow an\n attacker to cause usage of weak keying material\n leading to simplified man-in-the-middle attacks.\n (CVE-2014-0224)\");\n # https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04368264\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4400eebb\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/532783/30/0/threaded\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to HP OneView 1.10 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0224\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/02/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:hp:oneview\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"hp_oneview_detect.nbin\");\n script_require_keys(\"www/hp_oneview\");\n script_require_ports(\"Services/www\", 80, 443);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:443);\n\ninstall = get_install_from_kb(appname:'hp_oneview', port:port, exit_on_fail:TRUE);\n\nappname = 'HP OneView';\ndir = install['dir'];\ninstall_loc = build_url(port:port, qs:dir + \"/\");\n\nversion = install[\"ver\"];\nif (version == UNKNOWN_VER) audit(AUDIT_UNKNOWN_WEB_APP_VER, appname, install_loc);\n\nif ('build' >< version)\n{\n ver = version - strstr(version, ' build');\n}\n\nif (\n ver =~ '^1\\\\.0(0)?$' ||\n ver =~ '^1\\\\.01$' ||\n ver =~ '^1\\\\.05$'\n)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n URL : ' + install_loc +\n '\\n Installed version : ' + ver +\n '\\n Fixed version : 1.10\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n exit(0);\n}\nelse audit(AUDIT_WEB_APP_NOT_AFFECTED, appname, install_loc, ver);\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-08-26T00:45:38", "description": "The remote Cisco TelePresence MCU device is running a software version known to be affected by multiple OpenSSL related vulnerabilities :\n\n- An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) that could allow nonce disclosure via the 'FLUSH+RELOAD' cache side-channel attack. (CVE-2014-0076)\n\n - An unspecified error exists that could allow an attacker to cause usage of weak keying material leading to simplified man-in-the-middle attacks.\n (CVE-2014-0224)\n\n - An unspecified error exists related to anonymous ECDH ciphersuites that could allow denial of service attacks. Note this issue only affects OpenSSL TLS clients. (CVE-2014-3470)", "cvss3": {"score": null, "vector": null}, "published": "2014-06-18T00:00:00", "type": "nessus", "title": "Cisco TelePresence MCU Series Devices Multiple Vulnerabilities in OpenSSL", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0076", "CVE-2014-0224", "CVE-2014-3470"], "modified": "2019-11-26T00:00:00", "cpe": ["cpe:/a:cisco:telepresence_mcu_mse_series_software"], "id": "CISCO_TELEPRESENCE_MCU_CSCUP23994.NASL", "href": "https://www.tenable.com/plugins/nessus/76131", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76131);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/11/26\");\n\n script_cve_id(\"CVE-2014-0076\", \"CVE-2014-0224\", \"CVE-2014-3470\");\n script_bugtraq_id(66363, 67898, 67899);\n script_xref(name:\"CERT\", value:\"978508\");\n\n script_name(english:\"Cisco TelePresence MCU Series Devices Multiple Vulnerabilities in OpenSSL\");\n script_summary(english:\"Checks TelePresence MCU device version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Cisco TelePresence MCU device is running a software version\nknown to be affected by multiple OpenSSL related vulnerabilities :\n\n- An error exists related to the implementation of the\n Elliptic Curve Digital Signature Algorithm (ECDSA) that\n could allow nonce disclosure via the 'FLUSH+RELOAD'\n cache side-channel attack. (CVE-2014-0076)\n\n - An unspecified error exists that could allow an\n attacker to cause usage of weak keying material\n leading to simplified man-in-the-middle attacks.\n (CVE-2014-0224)\n\n - An unspecified error exists related to anonymous ECDH\n ciphersuites that could allow denial of service\n attacks. Note this issue only affects OpenSSL TLS\n clients. (CVE-2014-3470)\");\n # http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5539aa9d\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20140605.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"No known fixed version have been released. There are partial\nworkarounds detailed in the vendor advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0224\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/18\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:cisco:telepresence_mcu_mse_series_software\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CISCO\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"cisco_telepresence_mcu_detect.nasl\");\n script_require_keys(\"Cisco/TelePresence_MCU/Version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"cisco_func.inc\");\n\ndevice = get_kb_item_or_exit(\"Cisco/TelePresence_MCU/Device\");\nversion = get_kb_item_or_exit(\"Cisco/TelePresence_MCU/Version\");\n\nif (version !~ \"^[0-9.()]+$\") exit(0, 'The version string is invalid or not applicable.');\n\n# only affected if HTTPS admin interface is enabled\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nfix = '';\nfound_affected_device = FALSE;\nvuln = FALSE;\n\nif (\n device =~ \" 42(0[35]|1[05]|20)($|[ \\n\\r])\" || # 4200 series\n device =~ \" 45(0[15]|1[05]|20)($|[ \\n\\r])\" || # 4500 series\n device =~ \" 53[12]0($|[ \\n\\r])\" || # 5300 series\n device =~ \" MSE 8420($|[ \\n\\r])\" ||\n device =~ \" MSE 8510($|[ \\n\\r])\"\n)\n{\n found_affected_device = TRUE;\n if (\n cisco_gen_ver_compare(a:version, b:'4.0(1.18)') == 0 ||\n cisco_gen_ver_compare(a:version, b:'4.0(1.44)') == 0 ||\n cisco_gen_ver_compare(a:version, b:'4.0(1.49)') == 0 ||\n cisco_gen_ver_compare(a:version, b:'4.0(1.54)') == 0 ||\n cisco_gen_ver_compare(a:version, b:'4.1(1.51)') == 0 ||\n cisco_gen_ver_compare(a:version, b:'4.1(1.59)') == 0 ||\n cisco_gen_ver_compare(a:version, b:'4.2(1.43)') == 0 ||\n cisco_gen_ver_compare(a:version, b:'4.2(1.46)') == 0 ||\n cisco_gen_ver_compare(a:version, b:'4.2(1.50)') == 0 ||\n cisco_gen_ver_compare(a:version, b:'4.3(1.68)') == 0 ||\n cisco_gen_ver_compare(a:version, b:'4.3(2.18)') == 0 ||\n cisco_gen_ver_compare(a:version, b:'4.3(2.30)') == 0 ||\n cisco_gen_ver_compare(a:version, b:'4.3(2.32)') == 0 ||\n cisco_gen_ver_compare(a:version, b:'4.4(3.42)') == 0 ||\n cisco_gen_ver_compare(a:version, b:'4.4(3.49)') == 0 ||\n cisco_gen_ver_compare(a:version, b:'4.4(3.54)') == 0 ||\n cisco_gen_ver_compare(a:version, b:'4.4(3.57)') == 0 ||\n cisco_gen_ver_compare(a:version, b:'4.4(3.67)') == 0 ||\n cisco_gen_ver_compare(a:version, b:'4.5(1.45)') == 0\n ) vuln = TRUE;\n}\n\nif (!found_affected_device) exit(0, \"The remote TelePresence device is not affected.\");\n\nif (vuln) security_warning(0);\nelse audit(AUDIT_INST_VER_NOT_VULN, \"Cisco TelePresence\", version);\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-08-26T00:45:20", "description": "The remote Windows host has a version of Cisco Jabber installed that is known to be affected by multiple OpenSSL related vulnerabilities :\n\n - An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) that could allow nonce disclosure via the 'FLUSH+RELOAD' cache side-channel attack. (CVE-2014-0076)\n\n - An unspecified error exists that could allow an attacker to cause usage of weak keying material leading to simplified man-in-the-middle attacks. (CVE-2014-0224)\n\n - An unspecified error exists related to anonymous ECDH ciphersuites that could allow denial of service attacks. Note this issue only affects OpenSSL TLS clients. (CVE-2014-3470)", "cvss3": {"score": 7.4, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}, "published": "2014-06-18T00:00:00", "type": "nessus", "title": "Cisco Windows Jabber Client Multiple Vulnerabilities in OpenSSL (cisco-sa-20140605-openssl)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0076", "CVE-2014-0224", "CVE-2014-3470"], "modified": "2020-02-10T00:00:00", "cpe": ["cpe:/a:cisco:jabber", "cpe:/a:openssl:openssl"], "id": "CISCO_JABBER_CLIENT_CSCUP23913.NASL", "href": "https://www.tenable.com/plugins/nessus/76129", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76129);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value: \"2020/02/10\");\n\n script_cve_id(\"CVE-2014-0076\", \"CVE-2014-0224\", \"CVE-2014-3470\");\n script_bugtraq_id(66363, 67898, 67899);\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCup22590\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCup23913\");\n script_xref(name:\"CISCO-SA\", value:\"cisco-sa-20140605-openssl\");\n script_xref(name:\"CERT\", value:\"978508\");\n\n script_name(english:\"Cisco Windows Jabber Client Multiple Vulnerabilities in OpenSSL (cisco-sa-20140605-openssl)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is missing a vendor-supplied security patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host has a version of Cisco Jabber installed that is known to be affected by multiple OpenSSL\nrelated vulnerabilities :\n\n - An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA)\n that could allow nonce disclosure via the 'FLUSH+RELOAD' cache side-channel attack. (CVE-2014-0076)\n\n - An unspecified error exists that could allow an attacker to cause usage of weak keying material leading to\n simplified man-in-the-middle attacks. (CVE-2014-0224)\n\n - An unspecified error exists related to anonymous ECDH ciphersuites that could allow denial of service\n attacks. Note this issue only affects OpenSSL TLS clients. (CVE-2014-3470)\");\n # https://bst.cloudapps.cisco.com/bugsearch/bug/CSCup23913 \n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5114adab\");\n # http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5539aa9d\");\n # https://www.openssl.org/news/secadv/20140605.txt\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f6039d37\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to the relevant fixed version referenced in Cisco bug IDs CSCup22590, CSCup23913\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0224\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:cisco:jabber\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"cisco_jabber_client_installed.nbin\");\n script_require_keys(\"SMB/Cisco Jabber for Windows/Installed\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('vcf.inc');\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\n\napp_info = vcf::get_app_info(app:'Cisco Jabber for Windows', win_local:TRUE);\n\nconstraints = [\n { 'min_version' : '9.0.0', 'max_version' : '9.0.6', 'fixed_display' : '9.7(3.18956), 9.7(4.18971), 10.5(0.36369) or later'},\n { 'min_version' : '9.1.0', 'max_version' : '9.1.5', 'fixed_display' : '9.7(3.18956), 9.7(4.18971), 10.5(0.36369) or later'},\n { 'min_version' : '9.2.0', 'max_version' : '9.2.6', 'fixed_display' : '9.7(3.18956), 9.7(4.18971), 10.5(0.36369) or later'},\n { 'min_version' : '9.6.0', 'max_version' : '9.6.1', 'fixed_display' : '9.7(3.18956), 9.7(4.18971), 10.5(0.36369) or later'},\n { 'min_version' : '9.7.0', 'max_version' : '9.7.2', 'fixed_display' : '9.7(3.18956), 9.7(4.18971), 10.5(0.36369) or later'}\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-08-26T00:43:57", "description": "According to its self-reported version number, the Puppet Enterprise application installed on the remote host is version 2.8.x or 3.2.x. It is, therefore, affected by multiple vulnerabilities :\n\n - An error exists in the 'do_ssl3_write' function that permits a NULL pointer to be dereferenced, which could allow denial of service attacks. Note that this issue is exploitable only if SSL_MODE_RELEASE_BUFFERS is enabled. (CVE-2014-0198)\n\n - An error exists in the processing of ChangeCipherSpec messages that allows the usage of weak keying material.\n This permits simplified man-in-the-middle attacks to be done. (CVE-2014-0224)\n\n - The MCollective 'aes_security' plugin does not properly validate new server certificates. This allows a local attacker to spoof a valid MCollective connection. Note that this plugin is not enabled by default.\n (CVE-2014-3251)", "cvss3": {"score": null, "vector": null}, "published": "2014-08-20T00:00:00", "type": "nessus", "title": "Puppet Enterprise 2.8.x / 3.2.x Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0198", "CVE-2014-0224", "CVE-2014-3251"], "modified": "2021-01-19T00:00:00", "cpe": ["cpe:/a:puppetlabs:puppet"], "id": "PUPPET_ENTERPRISE_330.NASL", "href": "https://www.tenable.com/plugins/nessus/77281", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77281);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-0198\", \"CVE-2014-0224\", \"CVE-2014-3251\");\n script_bugtraq_id(67193, 67899, 69235);\n\n script_name(english:\"Puppet Enterprise 2.8.x / 3.2.x Multiple Vulnerabilities\");\n script_summary(english:\"Checks the Puppet Enterprise version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web application on the remote host is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the Puppet Enterprise\napplication installed on the remote host is version 2.8.x or 3.2.x. It\nis, therefore, affected by multiple vulnerabilities :\n\n - An error exists in the 'do_ssl3_write' function that\n permits a NULL pointer to be dereferenced, which could\n allow denial of service attacks. Note that this issue\n is exploitable only if SSL_MODE_RELEASE_BUFFERS is\n enabled. (CVE-2014-0198)\n\n - An error exists in the processing of ChangeCipherSpec\n messages that allows the usage of weak keying material.\n This permits simplified man-in-the-middle attacks to be\n done. (CVE-2014-0224)\n\n - The MCollective 'aes_security' plugin does not properly\n validate new server certificates. This allows a local\n attacker to spoof a valid MCollective connection. Note\n that this plugin is not enabled by default.\n (CVE-2014-3251)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://puppet.com/security/cve/cve-2014-0198\");\n script_set_attribute(attribute:\"see_also\", value:\"https://puppet.com/security/cve/cve-2014-0224\");\n script_set_attribute(attribute:\"see_also\", value:\"https://puppet.com/security/cve/cve-2014-3251\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Puppet Enterprise 3.3.0 or later.\n\nIn the case of the 2.8.x branch, please contact the vendor for\nguidance.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0224\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/07/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:puppetlabs:puppet\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"puppet_rest_detect.nasl\");\n script_require_keys(\"puppet/rest_port\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\n##\n# checks if the given version falls between the given bounds, and\n# generates plugin output if it does\n#\n# @anonparam ver version to check\n# @anonparam fix first fixed version\n# @anonparam min_ver the lowest/earliest vulnerable version, relative to 'fix' (optional)\n#\n# @return plugin output if 'ver' is vulnerable relative to 'fix' and/or 'min_ver',\n# NULL otherwise\n##\nfunction _check_version(ver, fix, min_ver, enterprise)\n{\n local_var report;\n\n if (\n # no lower bound\n (isnull(min_ver) && ver_compare(ver:ver, fix:fix, strict:FALSE) < 0) ||\n\n # lower bound\n (\n !isnull(min_ver) &&\n ver_compare(ver:ver, fix:fix, strict:FALSE) < 0 &&\n ver_compare(ver:ver, fix:min_ver, strict:FALSE) >= 0\n )\n )\n {\n if (enterprise)\n {\n report =\n '\\n Installed version : Puppet Enterprise ' + ver +\n '\\n Fixed version : Puppet Enterprise 3.3.0\\n';\n }\n else report = NULL;\n }\n else report = NULL;\n\n return report;\n}\n\nport = get_kb_item_or_exit('puppet/rest_port');\nver = get_kb_item_or_exit('puppet/' + port + '/version');\nreport = NULL;\nvuln = FALSE;\n\nif ('Enterprise' >< ver)\n{\n # convert something like\n # 2.7.19 (Puppet Enterprise 2.7.0)\n # to\n # 2.7.0\n match = eregmatch(string:ver, pattern:\"Enterprise ([0-9.]+)\\)\");\n if (isnull(match)) audit(AUDIT_UNKNOWN_WEB_APP_VER, 'Puppet Enterprise', build_url(port:port));\n ver = match[1];\n\n if (ver =~ \"^2\\.8\\.\")\n {\n vuln = TRUE;\n report =\n '\\n Installed version : Puppet Enterprise ' + ver +\n '\\n Fixed version : See solution.\\n';\n }\n\n if (ver =~ \"^3\\.2\\.\")\n {\n report = _check_version(ver:ver, fix:'3.3.0', min_ver:'3.2.0', enterprise:TRUE);\n if (!isnull(report))\n vuln = TRUE;\n }\n}\n\nif (!vuln) audit(AUDIT_LISTEN_NOT_VULN, 'Puppet', port, ver);\n\nif (report_verbosity > 0) security_warning(port:port, extra:report);\nelse security_warning(port);\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-08-26T00:45:38", "description": "The remote Blue Coat ProxySG device's SGOS self-reported version is 6.5 prior to 6.5.4.4 and, therefore, contains a bundled version of OpenSSL that contains multiple flaws. It is, therefore, potentially affected by the following vulnerabilities :\n\n - An error exists in the function 'ssl3_read_bytes' that could allow data to be injected into other sessions or allow denial of service attacks. Note this issue is only exploitable if 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2010-5298)\n\n - An error exists in the function 'do_ssl3_write' that could allow a NULL pointer to be dereferenced leading to denial of service attacks. Note this issue is exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2014-0198)\n\n - An unspecified error exists that could allow an attacker to cause usage of weak keying material, leading to simplified man-in-the-middle attacks.\n (CVE-2014-0224)", "cvss3": {"score": null, "vector": null}, "published": "2014-06-20T00:00:00", "type": "nessus", "title": "Blue Coat ProxySG 6.5.x Multiple OpenSSL Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-5298", "CVE-2014-0198", "CVE-2014-0224"], "modified": "2019-11-26T00:00:00", "cpe": ["cpe:/o:bluecoat:sgos"], "id": "BLUECOAT_PROXY_SG_6_5_4_4.NASL", "href": "https://www.tenable.com/plugins/nessus/76165", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76165);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/11/26\");\n\n script_cve_id(\"CVE-2010-5298\", \"CVE-2014-0198\", \"CVE-2014-0224\");\n script_bugtraq_id(66801, 67193, 67899);\n script_xref(name:\"CERT\", value:\"978508\");\n\n script_name(english:\"Blue Coat ProxySG 6.5.x Multiple OpenSSL Vulnerabilities\");\n script_summary(english:\"Checks the Blue Coat ProxySG SGOS version\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is potentially affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Blue Coat ProxySG device's SGOS self-reported version is\n6.5 prior to 6.5.4.4 and, therefore, contains a bundled version of\nOpenSSL that contains multiple flaws. It is, therefore, potentially\naffected by the following vulnerabilities :\n\n - An error exists in the function 'ssl3_read_bytes'\n that could allow data to be injected into other\n sessions or allow denial of service attacks. Note\n this issue is only exploitable if\n 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2010-5298)\n\n - An error exists in the function 'do_ssl3_write' that\n could allow a NULL pointer to be dereferenced leading\n to denial of service attacks. Note this issue is\n exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is\n enabled. (CVE-2014-0198)\n\n - An unspecified error exists that could allow an\n attacker to cause usage of weak keying material,\n leading to simplified man-in-the-middle attacks.\n (CVE-2014-0224)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bto.bluecoat.com/security-advisory/sa80\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to version 6.5.4.4 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0224\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:bluecoat:sgos\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Firewalls\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"bluecoat_proxy_sg_version.nasl\");\n script_require_keys(\"Host/BlueCoat/ProxySG/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit(\"Host/BlueCoat/ProxySG/Version\");\nui_version = get_kb_item(\"Host/BlueCoat/ProxySG/UI_Version\");\n\nif (version !~ \"^6\\.5\\.\") audit(AUDIT_HOST_NOT, \"Blue Coat ProxySG 6.5.x\");\n\nreport_fix = NULL;\n\n# Select version for report\nif (isnull(ui_version)) report_ver = version;\nelse report_ver = ui_version;\n\nif (version =~ \"^6\\.5\\.\" && ver_compare(ver:version, fix:\"6.5.4.4\", strict:FALSE) == -1)\n{\n fix = '6.5.4.4';\n ui_fix = '6.5.4.4 Build 0';\n\n # Select fixed version for report\n if (isnull(ui_version)) report_fix = fix;\n else report_fix = ui_fix;\n}\n\nif (!isnull(report_fix))\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Installed version : ' + report_ver +\n '\\n Fixed version : ' + report_fix +\n '\\n';\n security_warning(port:0, extra:report);\n }\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, 'Blue Coat ProxySG', version);\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-08-26T00:46:16", "description": "OpenSSL was updated to fix several vulnerabilities :\n\n - SSL/TLS MITM vulnerability. (CVE-2014-0224)\n\n - DTLS recursion flaw. (CVE-2014-0221)\n\n - Anonymous ECDH denial of service. (CVE-2014-3470) Further information can be found at https://www.openssl.org/news/secadv/20140605.txt .", "cvss3": {"score": null, "vector": null}, "published": "2014-06-06T00:00:00", "type": "nessus", "title": "SuSE 11.3 Security Update : OpenSSL (SAT Patch Number 9326)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0221", "CVE-2014-0224", "CVE-2014-3470"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:libopenssl0_9_8", "p-cpe:/a:novell:suse_linux:11:libopenssl0_9_8-32bit", "p-cpe:/a:novell:suse_linux:11:libopenssl0_9_8-hmac", "p-cpe:/a:novell:suse_linux:11:libopenssl0_9_8-hmac-32bit", "p-cpe:/a:novell:suse_linux:11:openssl", "p-cpe:/a:novell:suse_linux:11:openssl-doc", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_LIBOPENSSL-DEVEL-140604.NASL", "href": "https://www.tenable.com/plugins/nessus/74352", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74352);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-0221\", \"CVE-2014-0224\", \"CVE-2014-3470\");\n\n script_name(english:\"SuSE 11.3 Security Update : OpenSSL (SAT Patch Number 9326)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"OpenSSL was updated to fix several vulnerabilities :\n\n - SSL/TLS MITM vulnerability. (CVE-2014-0224)\n\n - DTLS recursion flaw. (CVE-2014-0221)\n\n - Anonymous ECDH denial of service. (CVE-2014-3470)\n Further information can be found at\n https://www.openssl.org/news/secadv/20140605.txt .\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=880891\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0221.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0224.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-3470.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 9326.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libopenssl0_9_8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libopenssl0_9_8-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libopenssl0_9_8-hmac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libopenssl0_9_8-hmac-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:openssl-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, \"SuSE 11.3\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"libopenssl0_9_8-0.9.8j-0.58.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"openssl-0.9.8j-0.58.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"libopenssl0_9_8-0.9.8j-0.58.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"libopenssl0_9_8-32bit-0.9.8j-0.58.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"openssl-0.9.8j-0.58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"libopenssl0_9_8-0.9.8j-0.58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"libopenssl0_9_8-hmac-0.9.8j-0.58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"openssl-0.9.8j-0.58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"openssl-doc-0.9.8j-0.58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"libopenssl0_9_8-32bit-0.9.8j-0.58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"libopenssl0_9_8-hmac-32bit-0.9.8j-0.58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"libopenssl0_9_8-32bit-0.9.8j-0.58.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"libopenssl0_9_8-hmac-32bit-0.9.8j-0.58.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-26T00:35:30", "description": "The remote Cisco IOS device is missing a vendor-supplied security patch and has an IOS service configured to use TLS or SSL. It is, therefore, affected by the following vulnerabilities in the bundled OpenSSL library :\n\n - A buffer overflow error exists related to invalid DTLS fragment handling that can lead to execution of arbitrary code. Note this issue only affects OpenSSL when used as a DTLS client or server. (CVE-2014-0195)\n\n - An error exists related to DTLS handshake handling that could lead to denial of service attacks. Note that this issue only affects OpenSSL when used as a DTLS client.\n (CVE-2014-0221)\n\n - An unspecified error exists that allows an attacker to cause usage of weak keying material leading to simplified man-in-the-middle attacks. (CVE-2014-0224)", "cvss3": {"score": null, "vector": null}, "published": "2016-02-26T00:00:00", "type": "nessus", "title": "Cisco IOS Multiple OpenSSL Vulnerabilities (CSCup22590)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0195", "CVE-2014-0221", "CVE-2014-0224"], "modified": "2019-11-19T00:00:00", "cpe": ["cpe:/o:cisco:ios"], "id": "CISCO-SA-20140605-OPENSSL-IOS.NASL", "href": "https://www.tenable.com/plugins/nessus/88988", "sourceData": "#TRUSTED 8113acc38675928538bc58394cb60aa295cdbf0f0ec27b7c99c116e08877de161bfe74080fe1e79dbbbfd05807c586f1d0f1f7901e89687008fec96fd23324a41654002e997fab5f5c0f9efd9ffd6274906a479bb28873ffdd508f266b1a00c7d40b3efab4bb0383ef541cd36356395d0d8079efcc365dfa7c7dbb97ab06db60f28de02761c857c380c6ef0a409ee844b1e85bb948076d6af2a9cbf15e0eb5d2ff6cb69216bc3c8aeb16a4618a313309901f60fc9b0aaa4a79a23f05f8c3173b43eed5421a69ec6b5eb0f2a7b0f5f9102d023c476cf036dcaf95e9e3182f57c687a3f1b7c3b99bcb8b0ad575478340bd879e2680c0e5669ad3bd370203de231a3de9a9a9b6788afff9efa3248b9e0de3dde30c90e3ecc852c51ef47b2015b0982aef74dfe29b9076e77b31ff19545ec1d881493c170b61817513cfa4ed8361fa60787940024921e04412b99376ef033028a6d3af61c9f0d82622eb9a887c64ab475e1d57b941f50d11ef98ec2f5e3872fe35bb768cdd5fa5bd36940eb693651876ed70d9e249be4c4567854dcf2e14210fbefdd0538227a57871dd6f07cfe7fc355060203c5bb5905af4d6f05cb7e16ca9397d5b628ca9b3952492dbc2f51206a7d4c0fb887eb1c7df7b0351c8d81b7e405e527154c896857df9b5e4fde940e2985a9e9b755c36fdabb02d9eca6d42f641fc5c82ea25ef9733af26823b64236c\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(88988);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/11/19\");\n\n script_cve_id(\"CVE-2014-0195\", \"CVE-2014-0221\", \"CVE-2014-0224\");\n script_bugtraq_id(67899, 67900, 67901);\n script_xref(name:\"CERT\", value:\"978508\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCup22590\");\n script_xref(name:\"CISCO-SA\", value:\"cisco-sa-20140605-openssl\");\n\n script_name(english:\"Cisco IOS Multiple OpenSSL Vulnerabilities (CSCup22590)\");\n script_summary(english:\"Checks the IOS version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is missing a vendor-supplied security patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Cisco IOS device is missing a vendor-supplied security\npatch and has an IOS service configured to use TLS or SSL. It is,\ntherefore, affected by the following vulnerabilities in the bundled\nOpenSSL library :\n\n - A buffer overflow error exists related to invalid DTLS\n fragment handling that can lead to execution of\n arbitrary code. Note this issue only affects OpenSSL\n when used as a DTLS client or server. (CVE-2014-0195)\n\n - An error exists related to DTLS handshake handling that\n could lead to denial of service attacks. Note that this\n issue only affects OpenSSL when used as a DTLS client.\n (CVE-2014-0221)\n\n - An unspecified error exists that allows an attacker to\n cause usage of weak keying material leading to\n simplified man-in-the-middle attacks. (CVE-2014-0224)\");\n # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl#@ID\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0aa6a7e6\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCup22590\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20140605.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/vulnerabilities.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.imperialviolet.org/2014/06/05/earlyccs.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to the relevant fixed version referenced in Cisco bug ID\nCSCup22590.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:cisco:ios\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CISCO\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"cisco_ios_version.nasl\");\n script_require_keys(\"Host/Cisco/IOS/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"cisco_func.inc\");\ninclude(\"cisco_kb_cmd_func.inc\");\n\nver = get_kb_item_or_exit(\"Host/Cisco/IOS/Version\");\nflag = 0;\noverride = TRUE;\n\nif (ver == \"12.2(58)EX\") flag++;\nif (ver == \"12.2(58)EY\") flag++;\nif (ver == \"12.2(58)EY1\") flag++;\nif (ver == \"12.2(58)EY2\") flag++;\nif (ver == \"12.2(58)EZ\") flag++;\nif (ver == \"12.2(60)EZ\") flag++;\nif (ver == \"12.2(60)EZ1\") flag++;\nif (ver == \"12.2(60)EZ2\") flag++;\nif (ver == \"12.2(60)EZ3\") flag++;\nif (ver == \"12.2(60)EZ4\") flag++;\nif (ver == \"12.2(60)EZ5\") flag++;\nif (ver == \"12.2(58)SE\") flag++;\nif (ver == \"12.2(58)SE1\") flag++;\nif (ver == \"12.2(58)SE2\") flag++;\nif (ver == \"12.2(54)SG\") flag++;\nif (ver == \"12.2(54)SG1\") flag++;\nif (ver == \"12.2(54)WO\") flag++;\nif (ver == \"12.2(54)XO\") flag++;\nif (ver == \"12.4(22)GC1\") flag++;\nif (ver == \"12.4(24)GC1\") flag++;\nif (ver == \"12.4(24)GC3\") flag++;\nif (ver == \"12.4(24)GC3a\") flag++;\nif (ver == \"12.4(24)GC4\") flag++;\nif (ver == \"12.4(24)GC5\") flag++;\nif (ver == \"12.4(22)MD\") flag++;\nif (ver == \"12.4(22)MD1\") flag++;\nif (ver == \"12.4(22)MD2\") flag++;\nif (ver == \"12.4(24)MD\") flag++;\nif (ver == \"12.4(24)MD1\") flag++;\nif (ver == \"12.4(24)MD2\") flag++;\nif (ver == \"12.4(24)MD3\") flag++;\nif (ver == \"12.4(24)MD4\") flag++;\nif (ver == \"12.4(24)MD5\") flag++;\nif (ver == \"12.4(24)MD6\") flag++;\nif (ver == \"12.4(24)MD7\") flag++;\nif (ver == \"12.4(22)MDA\") flag++;\nif (ver == \"12.4(22)MDA1\") flag++;\nif (ver == \"12.4(22)MDA2\") flag++;\nif (ver == \"12.4(22)MDA3\") flag++;\nif (ver == \"12.4(22)MDA4\") flag++;\nif (ver == \"12.4(22)MDA5\") flag++;\nif (ver == \"12.4(22)MDA6\") flag++;\nif (ver == \"12.4(24)MDA1\") flag++;\nif (ver == \"12.4(24)MDA10\") flag++;\nif (ver == \"12.4(24)MDA11\") flag++;\nif (ver == \"12.4(24)MDA12\") flag++;\nif (ver == \"12.4(24)MDA13\") flag++;\nif (ver == \"12.4(24)MDA2\") flag++;\nif (ver == \"12.4(24)MDA3\") flag++;\nif (ver == \"12.4(24)MDA4\") flag++;\nif (ver == \"12.4(24)MDA5\") flag++;\nif (ver == \"12.4(24)MDA6\") flag++;\nif (ver == \"12.4(24)MDA7\") flag++;\nif (ver == \"12.4(24)MDA8\") flag++;\nif (ver == \"12.4(24)MDA9\") flag++;\nif (ver == \"12.4(24)MDB\") flag++;\nif (ver == \"12.4(24)MDB1\") flag++;\nif (ver == \"12.4(24)MDB10\") flag++;\nif (ver == \"12.4(24)MDB11\") flag++;\nif (ver == \"12.4(24)MDB12\") flag++;\nif (ver == \"12.4(24)MDB13\") flag++;\nif (ver == \"12.4(24)MDB14\") flag++;\nif (ver == \"12.4(24)MDB15\") flag++;\nif (ver == \"12.4(24)MDB16\") flag++;\nif (ver == \"12.4(24)MDB17\") flag++;\nif (ver == \"12.4(24)MDB18\") flag++;\nif (ver == \"12.4(24)MDB19\") flag++;\nif (ver == \"12.4(24)MDB3\") flag++;\nif (ver == \"12.4(24)MDB4\") flag++;\nif (ver == \"12.4(24)MDB5\") flag++;\nif (ver == \"12.4(24)MDB5a\") flag++;\nif (ver == \"12.4(24)MDB6\") flag++;\nif (ver == \"12.4(24)MDB7\") flag++;\nif (ver == \"12.4(24)MDB8\") flag++;\nif (ver == \"12.4(24)MDB9\") flag++;\nif (ver == \"12.4(22)T\") flag++;\nif (ver == \"12.4(22)T1\") flag++;\nif (ver == \"12.4(22)T2\") flag++;\nif (ver == \"12.4(22)T3\") flag++;\nif (ver == \"12.4(22)T4\") flag++;\nif (ver == \"12.4(22)T5\") flag++;\nif (ver == \"12.4(24)T\") flag++;\nif (ver == \"12.4(24)T1\") flag++;\nif (ver == \"12.4(24)T2\") flag++;\nif (ver == \"12.4(24)T3\") flag++;\nif (ver == \"12.4(24)T3e\") flag++;\nif (ver == \"12.4(24)T3f\") flag++;\nif (ver == \"12.4(24)T4\") flag++;\nif (ver == \"12.4(24)T4a\") flag++;\nif (ver == \"12.4(24)T4b\") flag++;\nif (ver == \"12.4(24)T4c\") flag++;\nif (ver == \"12.4(24)T4d\") flag++;\nif (ver == \"12.4(24)T4e\") flag++;\nif (ver == \"12.4(24)T4f\") flag++;\nif (ver == \"12.4(24)T4l\") flag++;\nif (ver == \"12.4(24)T5\") flag++;\nif (ver == \"12.4(24)T6\") flag++;\nif (ver == \"12.4(24)T7\") flag++;\nif (ver == \"12.4(24)T8\") flag++;\nif (ver == \"12.4(22)XR1\") flag++;\nif (ver == \"12.4(22)XR10\") flag++;\nif (ver == \"12.4(22)XR11\") flag++;\nif (ver == \"12.4(22)XR12\") flag++;\nif (ver == \"12.4(22)XR2\") flag++;\nif (ver == \"12.4(22)XR3\") flag++;\nif (ver == \"12.4(22)XR4\") flag++;\nif (ver == \"12.4(22)XR5\") flag++;\nif (ver == \"12.4(22)XR6\") flag++;\nif (ver == \"12.4(22)XR7\") flag++;\nif (ver == \"12.4(22)XR8\") flag++;\nif (ver == \"12.4(22)XR9\") flag++;\nif (ver == \"12.4(22)YD\") flag++;\nif (ver == \"12.4(22)YD1\") flag++;\nif (ver == \"12.4(22)YD2\") flag++;\nif (ver == \"12.4(22)YD3\") flag++;\nif (ver == \"12.4(22)YD4\") flag++;\nif (ver == \"12.4(22)YE2\") flag++;\nif (ver == \"12.4(22)YE3\") flag++;\nif (ver == \"12.4(22)YE4\") flag++;\nif (ver == \"12.4(22)YE5\") flag++;\nif (ver == \"12.4(22)YE6\") flag++;\nif (ver == \"12.4(24)YE\") flag++;\nif (ver == \"12.4(24)YE1\") flag++;\nif (ver == \"12.4(24)YE2\") flag++;\nif (ver == \"12.4(24)YE3\") flag++;\nif (ver == \"12.4(24)YE3a\") flag++;\nif (ver == \"12.4(24)YE3b\") flag++;\nif (ver == \"12.4(24)YE3c\") flag++;\nif (ver == \"12.4(24)YE3d\") flag++;\nif (ver == \"12.4(24)YE3e\") flag++;\nif (ver == \"12.4(24)YE4\") flag++;\nif (ver == \"12.4(24)YE5\") flag++;\nif (ver == \"12.4(24)YE6\") flag++;\nif (ver == \"12.4(24)YE7\") flag++;\nif (ver == \"12.4(24)YG1\") flag++;\nif (ver == \"12.4(24)YG2\") flag++;\nif (ver == \"12.4(24)YG3\") flag++;\nif (ver == \"12.4(24)YG4\") flag++;\nif (ver == \"15.0(2)EB\") flag++;\nif (ver == \"15.0(2)EC\") flag++;\nif (ver == \"15.0(2)ED\") flag++;\nif (ver == \"15.0(2)ED1\") flag++;\nif (ver == \"15.0(2)EH\") flag++;\nif (ver == \"15.0(2)EJ\") flag++;\nif (ver == \"15.0(2)EJ1\") flag++;\nif (ver == \"15.0(2)EK\") flag++;\nif (ver == \"15.0(2)EK1\") flag++;\nif (ver == \"15.0(1)EX\") flag++;\nif (ver == \"15.0(2)EX\") flag++;\nif (ver == \"15.0(2)EX1\") flag++;\nif (ver == \"15.0(2)EX2\") flag++;\nif (ver == \"15.0(2)EX3\") flag++;\nif (ver == \"15.0(2)EX4\") flag++;\nif (ver == \"15.0(2)EX5\") flag++;\nif (ver == \"15.0(1)EY\") flag++;\nif (ver == \"15.0(1)EY1\") flag++;\nif (ver == \"15.0(1)EY2\") flag++;\nif (ver == \"15.0(2)EY\") flag++;\nif (ver == \"15.0(2)EY1\") flag++;\nif (ver == \"15.0(2)EY2\") flag++;\nif (ver == \"15.0(2)EY3\") flag++;\nif (ver == \"15.0(2)EZ\") flag++;\nif (ver == \"15.0(1)M\") flag++;\nif (ver == \"15.0(1)M1\") flag++;\nif (ver == \"15.0(1)M10\") flag++;\nif (ver == \"15.0(1)M2\") flag++;\nif (ver == \"15.0(1)M3\") flag++;\nif (ver == \"15.0(1)M4\") flag++;\nif (ver == \"15.0(1)M5\") flag++;\nif (ver == \"15.0(1)M6\") flag++;\nif (ver == \"15.0(1)M7\") flag++;\nif (ver == \"15.0(1)M8\") flag++;\nif (ver == \"15.0(1)M9\") flag++;\nif (ver == \"15.0(1)MR\") flag++;\nif (ver == \"15.0(2)MR\") flag++;\nif (ver == \"15.0(1)S2\") flag++;\nif (ver == \"15.0(1)S5\") flag++;\nif (ver == \"15.0(1)S6\") flag++;\nif (ver == \"15.0(1)SE\") flag++;\nif (ver == \"15.0(1)SE1\") flag++;\nif (ver == \"15.0(1)SE2\") flag++;\nif (ver == \"15.0(1)SE3\") flag++;\nif (ver == \"15.0(2)SE\") flag++;\nif (ver == \"15.0(2)SE1\") flag++;\nif (ver == \"15.0(2)SE2\") flag++;\nif (ver == \"15.0(2)SE3\") flag++;\nif (ver == \"15.0(2)SE4\") flag++;\nif (ver == \"15.0(2)SE5\") flag++;\nif (ver == \"15.0(2)SE6\") flag++;\nif (ver == \"15.0(2)SG\") flag++;\nif (ver == \"15.0(2)SG1\") flag++;\nif (ver == \"15.0(2)SG2\") flag++;\nif (ver == \"15.0(2)SG3\") flag++;\nif (ver == \"15.0(2)SG4\") flag++;\nif (ver == \"15.0(2)SG5\") flag++;\nif (ver == \"15.0(2)SG6\") flag++;\nif (ver == \"15.0(2)SG7\") flag++;\nif (ver == \"15.0(2)SG8\") flag++;\nif (ver == \"15.0(1)XA\") flag++;\nif (ver == \"15.0(1)XA1\") flag++;\nif (ver == \"15.0(1)XA2\") flag++;\nif (ver == \"15.0(1)XA3\") flag++;\nif (ver == \"15.0(1)XA4\") flag++;\nif (ver == \"15.0(1)XA5\") flag++;\nif (ver == \"15.0(1)XO\") flag++;\nif (ver == \"15.0(1)XO1\") flag++;\nif (ver == \"15.0(2)XO\") flag++;\nif (ver == \"15.1(2)EY\") flag++;\nif (ver == \"15.1(2)EY1a\") flag++;\nif (ver == \"15.1(2)EY2\") flag++;\nif (ver == \"15.1(2)EY2a\") flag++;\nif (ver == \"15.1(2)EY3\") flag++;\nif (ver == \"15.1(2)EY4\") flag++;\nif (ver == \"15.1(2)GC\") flag++;\nif (ver == \"15.1(2)GC1\") flag++;\nif (ver == \"15.1(2)GC2\") flag++;\nif (ver == \"15.1(4)GC\") flag++;\nif (ver == \"15.1(4)GC1\") flag++;\nif (ver == \"15.1(4)GC2\") flag++;\nif (ver == \"15.1(4)M\") flag++;\nif (ver == \"15.1(4)M1\") flag++;\nif (ver == \"15.1(4)M2\") flag++;\nif (ver == \"15.1(4)M3\") flag++;\nif (ver == \"15.1(4)M3a\") flag++;\nif (ver == \"15.1(4)M4\") flag++;\nif (ver == \"15.1(4)M5\") flag++;\nif (ver == \"15.1(4)M6\") flag++;\nif (ver == \"15.1(4)M7\") flag++;\nif (ver == \"15.1(4)M8\") flag++;\nif (ver == \"15.1(1)MR\") flag++;\nif (ver == \"15.1(1)MR1\") flag++;\nif (ver == \"15.1(1)MR2\") flag++;\nif (ver == \"15.1(1)MR3\") flag++;\nif (ver == \"15.1(1)MR4\") flag++;\nif (ver == \"15.1(3)MR\") flag++;\nif (ver == \"15.1(3)MRA\") flag++;\nif (ver == \"15.1(3)MRA1\") flag++;\nif (ver == \"15.1(3)MRA2\") flag++;\nif (ver == \"15.1(3)MRA3\") flag++;\nif (ver == \"15.1(3)MRA4\") flag++;\nif (ver == \"15.1(1)S\") flag++;\nif (ver == \"15.1(1)S1\") flag++;\nif (ver == \"15.1(1)S2\") flag++;\nif (ver == \"15.1(2)S\") flag++;\nif (ver == \"15.1(2)S1\") flag++;\nif (ver == \"15.1(2)S2\") flag++;\nif (ver == \"15.1(3)S\") flag++;\nif (ver == \"15.1(3)S0a\") flag++;\nif (ver == \"15.1(3)S1\") flag++;\nif (ver == \"15.1(3)S2\") flag++;\nif (ver == \"15.1(3)S3\") flag++;\nif (ver == \"15.1(3)S4\") flag++;\nif (ver == \"15.1(3)S5\") flag++;\nif (ver == \"15.1(3)S5a\") flag++;\nif (ver == \"15.1(3)S6\") flag++;\nif (ver == \"15.1(1)SG\") flag++;\nif (ver == \"15.1(1)SG1\") flag++;\nif (ver == \"15.1(1)SG2\") flag++;\nif (ver == \"15.1(2)SG\") flag++;\nif (ver == \"15.1(2)SG1\") flag++;\nif (ver == \"15.1(2)SG2\") flag++;\nif (ver == \"15.1(2)SG3\") flag++;\nif (ver == \"15.1(2)SG4\") flag++;\nif (ver == \"15.1(2)SNG\") flag++;\nif (ver == \"15.1(2)SNH\") flag++;\nif (ver == \"15.1(2)SNI\") flag++;\nif (ver == \"15.1(2)SNI1\") flag++;\nif (ver == \"15.1(3)SVB1\") flag++;\nif (ver == \"15.1(3)SVD\") flag++;\nif (ver == \"15.1(3)SVD1\") flag++;\nif (ver == \"15.1(3)SVD2\") flag++;\nif (ver == \"15.1(3)SVE\") flag++;\nif (ver == \"15.1(3)SVF\") flag++;\nif (ver == \"15.1(3)SVF1\") flag++;\nif (ver == \"15.1(3)SVF4a\") flag++;\nif (ver == \"15.1(1)SY\") flag++;\nif (ver == \"15.1(1)SY1\") flag++;\nif (ver == \"15.1(1)SY2\") flag++;\nif (ver == \"15.1(1)SY3\") flag++;\nif (ver == \"15.1(2)SY\") flag++;\nif (ver == \"15.1(2)SY1\") flag++;\nif (ver == \"15.1(2)SY2\") flag++;\nif (ver == \"15.1(2)SY3\") flag++;\nif (ver == \"15.1(1)T\") flag++;\nif (ver == \"15.1(1)T1\") flag++;\nif (ver == \"15.1(1)T2\") flag++;\nif (ver == \"15.1(1)T3\") flag++;\nif (ver == \"15.1(1)T4\") flag++;\nif (ver == \"15.1(1)T5\") flag++;\nif (ver == \"15.1(2)T\") flag++;\nif (ver == \"15.1(2)T0a\") flag++;\nif (ver == \"15.1(2)T1\") flag++;\nif (ver == \"15.1(2)T2\") flag++;\nif (ver == \"15.1(2)T2a\") flag++;\nif (ver == \"15.1(2)T3\") flag++;\nif (ver == \"15.1(2)T4\") flag++;\nif (ver == \"15.1(2)T5\") flag++;\nif (ver == \"15.1(3)T\") flag++;\nif (ver == \"15.1(3)T1\") flag++;\nif (ver == \"15.1(3)T2\") flag++;\nif (ver == \"15.1(3)T3\") flag++;\nif (ver == \"15.1(3)T4\") flag++;\nif (ver == \"15.1(1)XB\") flag++;\nif (ver == \"15.2(1)E\") flag++;\nif (ver == \"15.2(1)E1\") flag++;\nif (ver == \"15.2(1)E2\") flag++;\nif (ver == \"15.2(1)E3\") flag++;\nif (ver == \"15.2(2)E\") flag++;\nif (ver == \"15.2(1)EY\") flag++;\nif (ver == \"15.2(1)GC\") flag++;\nif (ver == \"15.2(1)GC1\") flag++;\nif (ver == \"15.2(1)GC2\") flag++;\nif (ver == \"15.2(2)GC\") flag++;\nif (ver == \"15.2(3)GC\") flag++;\nif (ver == \"15.2(3)GC1\") flag++;\nif (ver == \"15.2(4)GC\") flag++;\nif (ver == \"15.2(4)GC1\") flag++;\nif (ver == \"15.2(4)GC2\") flag++;\nif (ver == \"15.2(2)JA\") flag++;\nif (ver == \"15.2(2)JA1\") flag++;\nif (ver == \"15.2(4)JA\") flag++;\nif (ver == \"15.2(4)JA1\") flag++;\nif (ver == \"15.2(2)JAX\") flag++;\nif (ver == \"15.2(2)JAX1\") flag++;\nif (ver == \"15.2(2)JB\") flag++;\nif (ver == \"15.2(2)JB1\") flag++;\nif (ver == \"15.2(2)JB2\") flag++;\nif (ver == \"15.2(2)JB3\") flag++;\nif (ver == \"15.2(4)JB\") flag++;\nif (ver == \"15.2(4)JB1\") flag++;\nif (ver == \"15.2(4)JB2\") flag++;\nif (ver == \"15.2(4)JB3\") flag++;\nif (ver == \"15.2(4)JB3a\") flag++;\nif (ver == \"15.2(4)JB3b\") flag++;\nif (ver == \"15.2(4)JB3h\") flag++;\nif (ver == \"15.2(4)JB3s\") flag++;\nif (ver == \"15.2(4)JB4\") flag++;\nif (ver == \"15.2(4)JB5\") flag++;\nif (ver == \"15.2(4)JB5h\") flag++;\nif (ver == \"15.2(4)JB5m\") flag++;\nif (ver == \"15.2(4)JB50\") flag++;\nif (ver == \"15.2(2)JN1\") flag++;\nif (ver == \"15.2(2)JN2\") flag++;\nif (ver == \"15.2(4)JN\") flag++;\nif (ver == \"15.2(4)M\") flag++;\nif (ver == \"15.2(4)M1\") flag++;\nif (ver == \"15.2(4)M2\") flag++;\nif (ver == \"15.2(4)M3\") flag++;\nif (ver == \"15.2(4)M4\") flag++;\nif (ver == \"15.2(4)M5\") flag++;\nif (ver == \"15.2(4)M6\") flag++;\nif (ver == \"15.2(4)M6a\") flag++;\nif (ver == \"15.2(1)S\") flag++;\nif (ver == \"15.2(1)S1\") flag++;\nif (ver == \"15.2(1)S2\") flag++;\nif (ver == \"15.2(2)S\") flag++;\nif (ver == \"15.2(2)S0a\") flag++;\nif (ver == \"15.2(2)S0c\") flag++;\nif (ver == \"15.2(2)S1\") flag++;\nif (ver == \"15.2(2)S2\") flag++;\nif (ver == \"15.2(4)S\") flag++;\nif (ver == \"15.2(4)S1\") flag++;\nif (ver == \"15.2(4)S2\") flag++;\nif (ver == \"15.2(4)S3\") flag++;\nif (ver == \"15.2(4)S3a\") flag++;\nif (ver == \"15.2(4)S4\") flag++;\nif (ver == \"15.2(4)S4a\") flag++;\nif (ver == \"15.2(4)S5\") flag++;\nif (ver == \"15.2(2)SNG\") flag++;\nif (ver == \"15.2(2)SNH1\") flag++;\nif (ver == \"15.2(2)SNI\") flag++;\nif (ver == \"15.2(1)T\") flag++;\nif (ver == \"15.2(1)T1\") flag++;\nif (ver == \"15.2(1)T2\") flag++;\nif (ver == \"15.2(1)T3\") flag++;\nif (ver == \"15.2(1)T3a\") flag++;\nif (ver == \"15.2(1)T4\") flag++;\nif (ver == \"15.2(2)T\") flag++;\nif (ver == \"15.2(2)T1\") flag++;\nif (ver == \"15.2(2)T2\") flag++;\nif (ver == \"15.2(2)T3\") flag++;\nif (ver == \"15.2(2)T4\") flag++;\nif (ver == \"15.2(3)T\") flag++;\nif (ver == \"15.2(3)T1\") flag++;\nif (ver == \"15.2(3)T2\") flag++;\nif (ver == \"15.2(3)T3\") flag++;\nif (ver == \"15.2(3)T4\") flag++;\nif (ver == \"15.3(3)JN\") flag++;\nif (ver == \"15.3(3)M\") flag++;\nif (ver == \"15.3(3)M1\") flag++;\nif (ver == \"15.3(3)M2\") flag++;\nif (ver == \"15.3(3)M3\") flag++;\nif (ver == \"15.3(1)S\") flag++;\nif (ver == \"15.3(1)S1\") flag++;\nif (ver == \"15.3(1)S2\") flag++;\nif (ver == \"15.3(2)S\") flag++;\nif (ver == \"15.3(2)S0a\") flag++;\nif (ver == \"15.3(2)S1\") flag++;\nif (ver == \"15.3(2)S2\") flag++;\nif (ver == \"15.3(3)S\") flag++;\nif (ver == \"15.3(3)S1\") flag++;\nif (ver == \"15.3(3)S1a\") flag++;\nif (ver == \"15.3(3)S2\") flag++;\nif (ver == \"15.3(3)S3\") flag++;\nif (ver == \"15.3(1)T\") flag++;\nif (ver == \"15.3(1)T1\") flag++;\nif (ver == \"15.3(1)T2\") flag++;\nif (ver == \"15.3(1)T3\") flag++;\nif (ver == \"15.3(1)T4\") flag++;\nif (ver == \"15.3(2)T\") flag++;\nif (ver == \"15.3(2)T1\") flag++;\nif (ver == \"15.3(2)T2\") flag++;\nif (ver == \"15.3(2)T3\") flag++;\nif (ver == \"15.4(1)CG\") flag++;\nif (ver == \"15.4(1)CG1\") flag++;\nif (ver == \"15.4(2)CG\") flag++;\nif (ver == \"15.4(1)S\") flag++;\nif (ver == \"15.4(1)S1\") flag++;\nif (ver == \"15.4(1)S2\") flag++;\nif (ver == \"15.4(2)S\") flag++;\nif (ver == \"15.4(1)T\") flag++;\nif (ver == \"15.4(1)T1\") flag++;\nif (ver == \"15.4(2)T\") flag++;\nif (ver == \"15.4(2)T1\") flag++;\n\nif (!flag)\n audit(AUDIT_INST_VER_NOT_VULN, \"Cisco IOS\", ver);\n\nif (get_kb_item(\"Host/local_checks_enabled\"))\n{\n flag = 0;\n buf = cisco_command_kb_item(\n \"Host/Cisco/Config/show_running-config_all\", \"show running-config all\");\n\n if (check_cisco_result(buf))\n {\n override = FALSE;\n\n if (\n # Web UI HTTPS\n preg(string:buf, pattern:\"^ip http secure-server\", multiline:TRUE) ||\n # SSL VPN\n cisco_check_sections(\n config:buf,\n section_regex:\"^webvpn gateway \",\n config_regex:'^\\\\s*inservice'\n ) ||\n # HTTPS client feature / Voice-XML HTTPS client\n preg(string:buf, pattern:\"^(ip )?http client secure-\", multiline:TRUE) ||\n # CNS feature\n preg(string:buf, pattern:\"^cns (config|exec|event) .* encrypt\", multiline:TRUE) ||\n # Settlement for Packet Telephony feature\n cisco_check_sections(\n config:buf,\n section_regex:\"^settlement \",\n config_regex:make_list('^\\\\s*url https:', '^\\\\s*no shutdown')\n ) ||\n # CMTS billing feature\n preg(string:buf, pattern:\"^cable metering .* secure\", multiline:TRUE)\n ) flag++;\n }\n else if (cisco_needs_enable(buf))\n {\n flag++;\n override = TRUE;\n }\n\n if (!flag) audit(AUDIT_HOST_NOT, \"affected because it does not appear as though any service utilizing the OpenSSL library is enabled\");\n}\n\nif (report_verbosity > 0)\n{\n report =\n '\\n Cisco bug ID : CSCup22590' +\n '\\n Installed release : ' + ver +\n '\\n';\n security_warning(port:0, extra:report + cisco_caveat(override));\n}\nelse security_warning(port:0, extra:cisco_caveat(override));\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-26T00:37:16", "description": "According to its model number and software version, the remote host is a Xerox ColorQube device that is affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists in the bundled version of OpenSSL due to a flaw in the implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) that allows nonce disclosure via the 'FLUSH+RELOAD' cache side-channel attack.\n (CVE-2014-0076)\n\n - A denial of service vulnerability exists in the bundled version of OpenSSL due to a recursion flaw in the DTLS functionality. A remote attacker can exploit this, via a specially crafted request, to crash the DTLS client application. (CVE-2014-0221)\n\n - An unspecified error exists in the bundled version of OpenSSL due to a flaw in the handshake process. A remote attacker can exploit this, via a crafted handshake, to force the client or server to use weak keying material, allowing simplified man-in-the-middle attacks.\n (CVE-2014-0224)\n\n - A denial of service vulnerability exists in the bundled version of OpenSSL due to an unspecified flaw related to the ECDH ciphersuite. Note this issue only affects OpenSSL TLS clients. (CVE-2014-3470)\n\n - A cross-site scripting vulnerability exists due to improper validation of user-supplied input. A remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session.", "cvss3": {"score": null, "vector": null}, "published": "2015-11-03T00:00:00", "type": "nessus", "title": "Xerox ColorQube 8570 / 8870 Multiple Vulnerabilities (XRX15OA)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0076", "CVE-2014-0221", "CVE-2014-0224", "CVE-2014-3470"], "modified": "2019-11-20T00:00:00", "cpe": ["cpe:/h:xerox:colorqube"], "id": "XEROX_XRX15AO_COLORQUBE.NASL", "href": "https://www.tenable.com/plugins/nessus/86710", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86710);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/11/20\");\n\n script_cve_id(\n \"CVE-2014-0076\",\n \"CVE-2014-0221\",\n \"CVE-2014-0224\",\n \"CVE-2014-3470\"\n );\n script_bugtraq_id(\n 66363,\n 67898,\n 67899,\n 67901\n );\n script_xref(name:\"CERT\", value:\"978508\");\n\n script_name(english:\"Xerox ColorQube 8570 / 8870 Multiple Vulnerabilities (XRX15OA)\");\n script_summary(english:\"Checks system software version of Xerox ColorQube devices.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote multi-function device is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its model number and software version, the remote host is\na Xerox ColorQube device that is affected by multiple\nvulnerabilities :\n\n - An information disclosure vulnerability exists in the\n bundled version of OpenSSL due to a flaw in the\n implementation of the Elliptic Curve Digital Signature\n Algorithm (ECDSA) that allows nonce disclosure via the\n 'FLUSH+RELOAD' cache side-channel attack.\n (CVE-2014-0076)\n\n - A denial of service vulnerability exists in the bundled\n version of OpenSSL due to a recursion flaw in the DTLS\n functionality. A remote attacker can exploit this, via a\n specially crafted request, to crash the DTLS client\n application. (CVE-2014-0221)\n\n - An unspecified error exists in the bundled version of\n OpenSSL due to a flaw in the handshake process. A remote\n attacker can exploit this, via a crafted handshake, to\n force the client or server to use weak keying material,\n allowing simplified man-in-the-middle attacks.\n (CVE-2014-0224)\n\n - A denial of service vulnerability exists in the bundled\n version of OpenSSL due to an unspecified flaw related to\n the ECDH ciphersuite. Note this issue only affects\n OpenSSL TLS clients. (CVE-2014-3470)\n\n - A cross-site scripting vulnerability exists due to\n improper validation of user-supplied input. A remote\n attacker can exploit this, via a specially crafted\n request, to execute arbitrary script code in a user's\n browser session.\");\n # https://www.xerox.com/download/security/security-bulletin/33a01-5228bdf5d027e/cert_Security_Mini-_Bulletin_XRX15AO_for_CQ8570-CQ8870_v1-0.pdf\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?15fd6bad\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20140605.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"http://ccsinjection.lepidum.co.jp/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.imperialviolet.org/2014/06/05/earlyccs.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to firmware version PS 4.76.0 and net controller version\n43.90.10.14.2015.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0224\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/10/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/11/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:xerox:colorqube\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"xerox_colorqube_detect.nbin\");\n script_require_keys(\"www/xerox_colorqube\", \"www/xerox_colorqube/model\", \"www/xerox_colorqube/ess\", \"www/xerox_colorqube/ps\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n# Get model and system software version\nmodel = get_kb_item_or_exit(\"www/xerox_colorqube/model\");\ness = get_kb_item(\"www/xerox_colorqube/ess\");\nps = get_kb_item(\"www/xerox_colorqube/ps\");\n\n# ColorQube 8570/8870\nif ( model !~ \"^8[58]70([^0-9]|$)\")\n audit(AUDIT_HOST_NOT, \"an affected Xerox ColorQube model\");\n\ness_fix = \"43.90.10.14.2015\";\nps_fix = \"4.76.0\";\n\nvuln = FALSE;\n\nif (ess)\n{\n if (ver_compare(ver:ess, fix:ess_fix, strict:FALSE) < 0)\n vuln = TRUE;\n}\nelse\n ess = \"unknown\"; # not including install_func just to get UNKNOWN_VER\n\nif (ps)\n{\n if (ver_compare(ver:ps, fix:ps_fix, strict:FALSE) < 0)\n vuln = TRUE;\n}\nelse\n ps = \"unknown\"; # not including install_func just to get UNKNOWN_VER\n\nif (vuln)\n{\n set_kb_item(name:'www/0/XSS', value: TRUE);\n if (report_verbosity > 0)\n {\n report =\n '\\n Xerox ColorQube model : ' + model +\n '\\n Installed net controller version : ' + ess +\n '\\n Fixed net controller version : ' + ess_fix +\n '\\n Installed firmware version : ' + ps +\n '\\n Fixed firmware version : ' + ps_fix;\n\n security_warning(port:0, extra:report);\n }\n else\n security_warning(0);\n}\nelse\n audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-08-26T00:46:02", "description": "The remote VMware ESXi host is version 5.0 prior to build 1918656. It is, therefore, affected by the following vulnerabilities in the OpenSSL library :\n\n - An error exists in the function 'ssl3_read_bytes' that could allow data to be injected into other sessions or allow denial of service attacks. Note this issue is only exploitable if 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2010-5298)\n\n - An error exists in the function 'do_ssl3_write' that could allow a NULL pointer to be dereferenced leading to denial of service attacks. Note this issue is exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2014-0198)\n\n - An unspecified error exists that could allow an attacker to cause usage of weak keying material leading to simplified man-in-the-middle attacks.\n (CVE-2014-0224)\n\n - An unspecified error exists related to anonymous ECDH ciphersuites that could allow denial of service attacks. Note this issue only affects OpenSSL TLS clients. (CVE-2014-3470)", "cvss3": {"score": null, "vector": null}, "published": "2014-07-04T00:00:00", "type": "nessus", "title": "ESXi 5.0 < Build 1918656 OpenSSL Library Multiple Vulnerabilities (remote check)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-5298", "CVE-2014-0198", "CVE-2014-0224", "CVE-2014-3470"], "modified": "2019-11-26T00:00:00", "cpe": ["cpe:/o:vmware:esxi:5.0"], "id": "VMWARE_ESXI_5_0_BUILD_1918656_REMOTE.NASL", "href": "https://www.tenable.com/plugins/nessus/76368", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76368);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2019/11/26\");\n\n script_cve_id(\n \"CVE-2010-5298\",\n \"CVE-2014-0198\",\n \"CVE-2014-0224\",\n \"CVE-2014-3470\"\n );\n script_bugtraq_id(\n 66801,\n 67193,\n 67898,\n 67899\n );\n script_xref(name:\"CERT\", value:\"978508\");\n script_xref(name:\"VMSA\", value:\"2014-0006\");\n\n script_name(english:\"ESXi 5.0 < Build 1918656 OpenSSL Library Multiple Vulnerabilities (remote check)\");\n script_summary(english:\"Checks the ESXi version and build number.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote VMware ESXi 5.0 host is affected by multiple security\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote VMware ESXi host is version 5.0 prior to build 1918656. It\nis, therefore, affected by the following vulnerabilities in the\nOpenSSL library :\n\n - An error exists in the function 'ssl3_read_bytes'\n that could allow data to be injected into other\n sessions or allow denial of service attacks. Note\n this issue is only exploitable if\n 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2010-5298)\n\n - An error exists in the function 'do_ssl3_write' that\n could allow a NULL pointer to be dereferenced leading\n to denial of service attacks. Note this issue is\n exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is\n enabled. (CVE-2014-0198)\n\n - An unspecified error exists that could allow an\n attacker to cause usage of weak keying material\n leading to simplified man-in-the-middle attacks.\n (CVE-2014-0224)\n\n - An unspecified error exists related to anonymous ECDH\n ciphersuites that could allow denial of service\n attacks. Note this issue only affects OpenSSL TLS\n clients. (CVE-2014-3470)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.vmware.com/security/advisories/VMSA-2014-0006.html\");\n # https://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&externalId=2078807\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c7cdd0f9\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20140605.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply patch ESXi500-201407001 for ESXi 5.0.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0224\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi:5.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"vmware_vsphere_detect.nbin\");\n script_require_keys(\"Host/VMware/version\", \"Host/VMware/release\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nver = get_kb_item_or_exit(\"Host/VMware/version\");\nrel = get_kb_item_or_exit(\"Host/VMware/release\");\n\nif (\"ESXi\" >!< rel) audit(AUDIT_OS_NOT, \"ESXi\");\nif (\"VMware ESXi 5.0\" >!< rel) audit(AUDIT_OS_NOT, \"ESXi 5.0\");\n\nmatch = eregmatch(pattern:'^VMware ESXi.*build-([0-9]+)$', string:rel);\nif (isnull(match)) exit(1, 'Failed to extract the ESXi build number.');\n\nbuild = int(match[1]);\nfixed_build = 1918656;\n\nif (build < fixed_build)\n{\n if (report_verbosity > 0)\n {\n report = '\\n ESXi version : ' + ver +\n '\\n Installed build : ' + build +\n '\\n Fixed build : ' + fixed_build +\n '\\n';\n security_warning(port:0, extra:report);\n }\n else security_warning(0);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, \"VMware ESXi\", ver - \"ESXi \" + \" build \" + build);\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-08-26T00:36:21", "description": "The remote VMware ESXi host is affected by multiple vulnerabilities in the OpenSSL third-party library :\n\n - A use-after-free error exists in the ssl3_read_bytes() function in file ssl/s3_pkt.c that is triggered when a second read is done to the function by multiple threads when SSL_MODE_RELEASE_BUFFERS is enabled. A man-in-the-middle attacker can exploit this to dereference already freed memory and inject arbitrary data into the SSL stream. (CVE-2010-5298)\n\n - A NULL pointer dereference flaw exists in the do_ssl3_write() function in file ssl/s3_pkt.c due to a failure to properly manage a buffer pointer during certain recursive calls when SSL_MODE_RELEASE_BUFFERS is enabled. A remote attacker can exploit this, by triggering an alert condition, to cause a denial of service. (CVE-2014-0198)\n\n - A flaw exists due to a failure to properly restrict processing of ChangeCipherSpec messages. A man-in-the-middle attacker can exploit this, via a crafted TLS handshake, to force the use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, resulting in the session being hijacked and sensitive information being disclosed. (CVE-2014-0224)\n\n - A NULL pointer dereference flaw exists in the ssl3_send_client_key_exchange() function in file s3_clnt.c, when an anonymous ECDH cipher suite is used, that allows a remote attacker to cause a denial of service. (CVE-2014-3470)", "cvss3": {"score": null, "vector": null}, "published": "2015-12-30T00:00:00", "type": "nessus", "title": "VMware ESXi Multiple OpenSSL Vulnerabilities (VMSA-2014-0006)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-5298", "CVE-2014-0198", "CVE-2014-0224", "CVE-2014-3470"], "modified": "2021-01-06T00:00:00", "cpe": ["cpe:/o:vmware:esxi:5.0", "cpe:/o:vmware:esxi:5.1", "cpe:/o:vmware:esxi:5.5"], "id": "VMWARE_VMSA-2014-0006_REMOTE.NASL", "href": "https://www.tenable.com/plugins/nessus/87678", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87678);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2010-5298\",\n \"CVE-2014-0198\",\n \"CVE-2014-0224\",\n \"CVE-2014-3470\"\n );\n script_bugtraq_id(\n 66801,\n 67193,\n 67898,\n 67899\n );\n script_xref(name:\"VMSA\", value:\"2014-0006\");\n script_xref(name:\"CERT\", value:\"978508\");\n\n script_name(english:\"VMware ESXi Multiple OpenSSL Vulnerabilities (VMSA-2014-0006)\");\n script_summary(english:\"Checks the version and build numbers of the remote host.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote VMware ESXi host is missing a security-related patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote VMware ESXi host is affected by multiple vulnerabilities \nin the OpenSSL third-party library :\n\n - A use-after-free error exists in the ssl3_read_bytes()\n function in file ssl/s3_pkt.c that is triggered when a\n second read is done to the function by multiple threads\n when SSL_MODE_RELEASE_BUFFERS is enabled. A\n man-in-the-middle attacker can exploit this to\n dereference already freed memory and inject arbitrary\n data into the SSL stream. (CVE-2010-5298)\n\n - A NULL pointer dereference flaw exists in the\n do_ssl3_write() function in file ssl/s3_pkt.c due to a\n failure to properly manage a buffer pointer during\n certain recursive calls when SSL_MODE_RELEASE_BUFFERS is\n enabled. A remote attacker can exploit this, by\n triggering an alert condition, to cause a denial of\n service. (CVE-2014-0198)\n\n - A flaw exists due to a failure to properly restrict\n processing of ChangeCipherSpec messages. A\n man-in-the-middle attacker can exploit this, via a\n crafted TLS handshake, to force the use of a zero-length\n master key in certain OpenSSL-to-OpenSSL communications,\n resulting in the session being hijacked and sensitive\n information being disclosed. (CVE-2014-0224)\n\n - A NULL pointer dereference flaw exists in the\n ssl3_send_client_key_exchange() function in file\n s3_clnt.c, when an anonymous ECDH cipher suite is used,\n that allows a remote attacker to cause a denial of\n service. (CVE-2014-3470)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.vmware.com/security/advisories/VMSA-2014-0006\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.vmware.com/pipermail/security-announce/2014/000276.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the vendor advisory that\npertains to ESXi version 5.0 / 5.1 / 5.5.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0224\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/04/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi:5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi:5.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi:5.5\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"vmware_vsphere_detect.nbin\");\n script_require_keys(\"Host/VMware/version\", \"Host/VMware/release\");\n script_require_ports(\"Host/VMware/vsphere\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nver = get_kb_item_or_exit(\"Host/VMware/version\");\nrel = get_kb_item_or_exit(\"Host/VMware/release\");\nport = get_kb_item_or_exit(\"Host/VMware/vsphere\");\n\nif (\"ESXi\" >!< rel)\n audit(AUDIT_OS_NOT, \"VMware ESXi\");\n\nesx = \"ESXi\";\n\nextract = eregmatch(pattern:\"^ESXi (\\d\\.\\d).*$\", string:ver);\nif (isnull(extract))\n audit(AUDIT_UNKNOWN_APP_VER, \"VMware ESXi\");\nelse\n ver = extract[1];\n\nfixes = make_array(\n \"5.0\", \"1918656\",\n \"5.1\", \"1900470\",\n \"5.5\", \"1881737\"\n );\n\nfix = FALSE;\nfix = fixes[ver];\n\n# get the build before checking the fix for the most complete audit trail\nextract = eregmatch(pattern:'^VMware ESXi.* build-([0-9]+)$', string:rel);\nif (isnull(extract))\n audit(AUDIT_UNKNOWN_BUILD, \"VMware ESXi\", ver);\n\nbuild = int(extract[1]);\n\n# if there is no fix in the array, fix is FALSE\nif(!fix)\n audit(AUDIT_INST_VER_NOT_VULN, \"VMware ESXi\", ver, build);\n\nif (build < fix)\n{\n if (report_verbosity > 0)\n {\n report = '\\n Version : ESXi ' + ver +\n '\\n Installed build : ' + build +\n '\\n Fixed build : ' + fix +\n '\\n';\n security_warning(port:port, extra:report);\n }\n else\n security_warning(port:port);\n\n exit(0);\n}\nelse\n audit(AUDIT_INST_VER_NOT_VULN, \"VMware ESXi\", ver, build);\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-08-26T00:21:57", "description": "According to its self-reported version number, the remote pfSense install is a version prior to 2.1.4 It is, therefore, affected by multiple vulnerabilities.", "cvss3": {"score": 7.4, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"}, "published": "2018-03-21T00:00:00", "type": "nessus", "title": "pfSense < 2.1.4 Multiple Vulnerabilities ( SA-14_07 )", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0195", "CVE-2014-0221", "CVE-2014-0224", "CVE-2014-3470"], "modified": "2019-11-08T00:00:00", "cpe": ["cpe:/a:pfsense:pfsense", "cpe:/a:bsdperimeter:pfsense"], "id": "PFSENSE_SA-14_07.NASL", "href": "https://www.tenable.com/plugins/nessus/108515", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108515);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/11/08\");\n\n script_cve_id(\n \"CVE-2014-0195\",\n \"CVE-2014-0221\",\n \"CVE-2014-0224\",\n \"CVE-2014-3470\"\n );\n script_bugtraq_id(\n 67898,\n 67899,\n 67900,\n 67901\n );\n\n script_name(english:\"pfSense < 2.1.4 Multiple Vulnerabilities ( SA-14_07 )\");\n script_summary(english:\"Checks the version of pfSense.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote firewall host is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the remote pfSense\ninstall is a version prior to 2.1.4 It is, therefore, affected by \nmultiple vulnerabilities.\");\n # https://www.pfsense.org/security/advisories/pfSense-SA-14_07.openssl.asc\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4e8caca6\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to pfSense version 2.1.4 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:pfsense:pfsense\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:bsdperimeter:pfsense\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Firewalls\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"pfsense_detect.nbin\");\n script_require_keys(\"Host/pfSense\");\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\ninclude(\"vcf_extras.inc\");\n\nif (!get_kb_item(\"Host/pfSense\")) audit(AUDIT_HOST_NOT, \"pfSense\");\n\napp_info = vcf::pfsense::get_app_info();\nconstraints = [\n { \"fixed_version\" : \"2.1.4\" }\n];\n\nvcf::pfsense::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_WARNING\n);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-26T00:45:40", "description": "The version of VMware Player installed on the remote host is version 5.x prior to 5.0.4 or 6.x prior to 6.0.3. It is, therefore, affected by the following vulnerabilities in the OpenSSL library :\n\n - An error exists in the function 'ssl3_read_bytes' that could allow data to be injected into other sessions or allow denial of service attacks. Note this issue is only exploitable if 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2010-5298)\n\n - An error exists in the function 'do_ssl3_write' that could allow a NULL pointer to be dereferenced leading to denial of service attacks. Note this issue is exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2014-0198)\n\n - An unspecified error exists that could allow an attacker to cause usage of weak keying material leading to simplified man-in-the-middle attacks.\n (CVE-2014-0224)\n\n - An unspecified error exists related to anonymous ECDH ciphersuites that could allow denial of service attacks. Note this issue only affects OpenSSL TLS clients. (CVE-2014-3470)", "cvss3": {"score": null, "vector": null}, "published": "2014-07-10T00:00:00", "type": "nessus", "title": "VMware Player < 5.0.4 / 6.0.3 OpenSSL Library Multiple Vulnerabilities (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-5298", "CVE-2014-0198", "CVE-2014-0224", "CVE-2014-3470"], "modified": "2019-11-26T00:00:00", "cpe": ["cpe:/a:vmware:player"], "id": "VMWARE_PLAYER_LINUX_6_0_3.NASL", "href": "https://www.tenable.com/plugins/nessus/76453", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76453);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/11/26\");\n\n script_cve_id(\n \"CVE-2010-5298\",\n \"CVE-2014-0198\",\n \"CVE-2014-0224\",\n \"CVE-2014-3470\"\n );\n script_bugtraq_id(\n 66801,\n 67193,\n 67898,\n 67899\n );\n script_xref(name:\"CERT\", value:\"978508\");\n script_xref(name:\"VMSA\", value:\"2014-0006\");\n\n script_name(english:\"VMware Player < 5.0.4 / 6.0.3 OpenSSL Library Multiple Vulnerabilities (Linux)\");\n script_summary(english:\"Checks the VMware Player version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host contains software that is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of VMware Player installed on the remote host is version\n5.x prior to 5.0.4 or 6.x prior to 6.0.3. It is, therefore, affected\nby the following vulnerabilities in the OpenSSL library :\n\n - An error exists in the function 'ssl3_read_bytes'\n that could allow data to be injected into other\n sessions or allow denial of service attacks. Note\n this issue is only exploitable if\n 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2010-5298)\n\n - An error exists in the function 'do_ssl3_write' that\n could allow a NULL pointer to be dereferenced leading\n to denial of service attacks. Note this issue is\n exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is\n enabled. (CVE-2014-0198)\n\n - An unspecified error exists that could allow an\n attacker to cause usage of weak keying material\n leading to simplified man-in-the-middle attacks.\n (CVE-2014-0224)\n\n - An unspecified error exists related to anonymous ECDH\n ciphersuites that could allow denial of service\n attacks. Note this issue only affects OpenSSL TLS\n clients. (CVE-2014-3470)\");\n # http://lists.vmware.com/pipermail/security-announce/2014/000253.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4357b8a5\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.vmware.com/security/advisories/VMSA-2014-0006.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.openssl.org/news/vulnerabilities.html#CVE-2010-5298\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.openssl.org/news/vulnerabilities.html#CVE-2014-0198\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.openssl.org/news/vulnerabilities.html#CVE-2014-0224\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.openssl.org/news/vulnerabilities.html#CVE-2014-3470\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to VMware Player 5.0.4 / 6.0.3 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0224\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/04/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:vmware:player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"General\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"vmware_player_linux_installed.nbin\");\n script_require_keys(\"Host/VMware Player/Version\");\n script_exclude_keys(\"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nif (get_kb_item(\"SMB/Registry/Enumerated\")) audit(AUDIT_OS_NOT, \"Linux\", \"Windows\");\n\nversion = get_kb_item_or_exit(\"Host/VMware Player/Version\");\n\nfixed = \"5.0.4 / 6.0.3\";\nif (\n version =~ \"^6\\.\" && ver_compare(ver:version, fix:\"6.0.3\", strict:FALSE) == -1 ||\n version =~ \"^5\\.\" && ver_compare(ver:version, fix:\"5.0.4\", strict:FALSE) == -1\n)\n{\n if (report_verbosity > 0)\n {\n report +=\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed +\n '\\n';\n security_warning(port:0, extra:report);\n }\n else security_warning(0);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, \"VMware Player\", version);\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-08-26T00:45:56", "description": "The version of VMware vCenter installed on the remote host is prior to 5.0 Update 3a, 5.1 Update 2a, or 5.5 Update 1b. It is, therefore, affected by multiple OpenSSL vulnerabilities :\n\n - An error exists in the function 'ssl3_read_bytes' that could allow data to be injected into other sessions or allow denial of service attacks. Note this issue is only exploitable if 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2010-5298)\n\n - An error exists in the function 'do_ssl3_write' that could allow a NULL pointer to be dereferenced leading to denial of service attacks. Note this issue is exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2014-0198)\n\n - An unspecified error exists that could allow an attacker to cause usage of weak keying material leading to simplified man-in-the-middle attacks.\n (CVE-2014-0224)\n\n - An unspecified error exists related to anonymous ECDH cipher suites that could allow denial of service attacks. Note this issue only affects OpenSSL TLS clients. (CVE-2014-3470)", "cvss3": {"score": null, "vector": null}, "published": "2014-07-10T00:00:00", "type": "nessus", "title": "VMware Security Updates for vCenter Server (VMSA-2014-0006)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-5298", "CVE-2014-0198", "CVE-2014-0224", "CVE-2014-3470"], "modified": "2019-11-26T00:00:00", "cpe": ["cpe:/a:vmware:vcenter_server"], "id": "VMWARE_VCENTER_VMSA-2014-0006.NASL", "href": "https://www.tenable.com/plugins/nessus/76457", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76457);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/11/26\");\n\n script_cve_id(\n \"CVE-2010-5298\",\n \"CVE-2014-0198\",\n \"CVE-2014-0224\",\n \"CVE-2014-3470\"\n );\n script_bugtraq_id(\n 66801,\n 67193,\n 67898,\n 67899\n );\n script_xref(name:\"CERT\", value:\"978508\");\n script_xref(name:\"VMSA\", value:\"2014-0006\");\n\n script_name(english:\"VMware Security Updates for vCenter Server (VMSA-2014-0006)\");\n script_summary(english:\"Checks the version of VMware vCenter.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has a virtualization management application installed\nthat is affected by multiple OpenSSL security vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of VMware vCenter installed on the remote host is prior to\n5.0 Update 3a, 5.1 Update 2a, or 5.5 Update 1b. It is, therefore,\naffected by multiple OpenSSL vulnerabilities :\n\n - An error exists in the function 'ssl3_read_bytes'\n that could allow data to be injected into other\n sessions or allow denial of service attacks. Note\n this issue is only exploitable if\n 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2010-5298)\n\n - An error exists in the function 'do_ssl3_write' that\n could allow a NULL pointer to be dereferenced leading to\n denial of service attacks. Note this issue is\n exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is\n enabled. (CVE-2014-0198)\n\n - An unspecified error exists that could allow an\n attacker to cause usage of weak keying material\n leading to simplified man-in-the-middle attacks.\n (CVE-2014-0224)\n\n - An unspecified error exists related to anonymous ECDH\n cipher suites that could allow denial of service\n attacks. Note this issue only affects OpenSSL TLS\n clients. (CVE-2014-3470)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.vmware.com/security/advisories/VMSA-2014-0006.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20140605.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to VMware vCenter Server 5.0U3a, 5.1U2a, or 5.5U1b.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0224\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:vmware:vcenter_server\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"vmware_vcenter_detect.nbin\");\n script_require_keys(\"Host/VMware/vCenter\", \"Host/VMware/version\", \"Host/VMware/release\");\n script_require_ports(\"Services/www\", 80, 443);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nport = get_kb_item_or_exit(\"Host/VMware/vCenter\");\nversion = get_kb_item_or_exit(\"Host/VMware/version\");\nrelease = get_kb_item_or_exit(\"Host/VMware/release\");\n\n# Extract and verify the build number\nbuild = ereg_replace(pattern:'^VMware vCenter Server [0-9\\\\.]+ build-([0-9]+)$', string:release, replace:\"\\1\");\nif (build !~ '^[0-9]+$') exit(1, 'Failed to extract the build number from the release string.');\n\nrelease = release - 'VMware vCenter Server';\n\n# Check version and build numbers\nif (version =~ '^VMware vCenter 5\\\\.0$' && int(build) < 1917469) fixversion = '5.0.0 build-1917469';\nelse if (version =~ '^VMware vCenter 5\\\\.1$' && int(build) < 1882349) fixversion = '5.1.0 build-1882349';\nelse if (version =~ '^VMware vCenter 5\\\\.5$' && int(build) < 1891313) fixversion = '5.5.0 build-1891313';\nelse audit(AUDIT_LISTEN_NOT_VULN, 'VMware vCenter', port, release);\n\nif (report_verbosity > 0)\n{\n report =\n '\\n Installed version : ' + release +\n '\\n Fixed version : ' + fixversion + \n '\\n';\n security_warning(port:port, extra:report);\n}\nelse security_warning(port);\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-08-26T00:45:21", "description": "Multiple vulnerabilities has been discovered and corrected in openssl :\n\nThe dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment (CVE-2014-0195).\n\nThe dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake (CVE-2014-0221).\n\nOpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the CCS Injection vulnerability (CVE-2014-0224).\n\nThe ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value (CVE-2014-3470).\n\nThe updated packages have been upgraded to the 1.0.0m version where these security flaws has been fixed.", "cvss3": {"score": null, "vector": null}, "published": "2014-06-10T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : openssl (MDVSA-2014:106)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0195", "CVE-2014-0221", "CVE-2014-0224", "CVE-2014-3470"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:lib64openssl-devel", "p-cpe:/a:mandriva:linux:lib64openssl-engines1.0.0", "p-cpe:/a:mandriva:linux:lib64openssl-static-devel", "p-cpe:/a:mandriva:linux:lib64openssl1.0.0", "p-cpe:/a:mandriva:linux:openssl", "cpe:/o:mandriva:business_server:1"], "id": "MANDRIVA_MDVSA-2014-106.NASL", "href": "https://www.tenable.com/plugins/nessus/74415", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2014:106. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74415);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-0195\", \"CVE-2014-0221\", \"CVE-2014-0224\", \"CVE-2014-3470\");\n script_bugtraq_id(67898, 67899, 67900, 67901);\n script_xref(name:\"MDVSA\", value:\"2014:106\");\n\n script_name(english:\"Mandriva Linux Security Advisory : openssl (MDVSA-2014:106)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been discovered and corrected in \nopenssl :\n\nThe dtls1_reassemble_fragment function in d1_both.c in OpenSSL before\n0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not\nproperly validate fragment lengths in DTLS ClientHello messages, which\nallows remote attackers to execute arbitrary code or cause a denial of\nservice (buffer overflow and application crash) via a long non-initial\nfragment (CVE-2014-0195).\n\nThe dtls1_get_message_fragment function in d1_both.c in OpenSSL before\n0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote\nattackers to cause a denial of service (recursion and client crash)\nvia a DTLS hello message in an invalid DTLS handshake (CVE-2014-0221).\n\nOpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h\ndoes not properly restrict processing of ChangeCipherSpec messages,\nwhich allows man-in-the-middle attackers to trigger use of a\nzero-length master key in certain OpenSSL-to-OpenSSL communications,\nand consequently hijack sessions or obtain sensitive information, via\na crafted TLS handshake, aka the CCS Injection vulnerability\n(CVE-2014-0224).\n\nThe ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL\nbefore 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an\nanonymous ECDH cipher suite is used, allows remote attackers to cause\na denial of service (NULL pointer dereference and client crash) by\ntriggering a NULL certificate value (CVE-2014-3470).\n\nThe updated packages have been upgraded to the 1.0.0m version where\nthese security flaws has been fixed.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openssl.org/news/secadv/20140605.txt\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64openssl-engines1.0.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64openssl-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64openssl1.0.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64openssl-devel-1.0.0m-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64openssl-engines1.0.0-1.0.0m-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64openssl-static-devel-1.0.0m-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64openssl1.0.0-1.0.0m-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"openssl-1.0.0m-1.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-26T00:43:52", "description": "The remote host contains VMware OVF (Open Virtualization Format) Tool version 3.x prior to 3.5.2. It is, therefore, affected by multiple vulnerabilities in the bundled version of OpenSSL :\n\n - An error exists in the 'ssl3_read_bytes' function that permits data to be injected into other sessions or allows denial of service attacks. Note that this issue is exploitable only if SSL_MODE_RELEASE_BUFFERS is enabled. (CVE-2010-5298)\n\n - An error exists in the 'do_ssl3_write' function that permits a NULL pointer to be dereferenced, which could allow denial of service attacks. Note that this issue is exploitable only if SSL_MODE_RELEASE_BUFFERS is enabled. (CVE-2014-0198)\n\n - An error exists in the processing of ChangeCipherSpec messages that allows the usage of weak keying material.\n This permits simplified man-in-the-middle attacks to be done. (CVE-2014-0224)\n\n - An error exists in the 'dtls1_get_message_fragment' function related to anonymous ECDH cipher suites. This could allow denial of service attacks. Note that this issue only affects OpenSSL TLS clients. (CVE-2014-3470)", "cvss3": {"score": null, "vector": null}, "published": "2014-08-20T00:00:00", "type": "nessus", "title": "VMware OVF Tool 3.x < 3.5.2 Multiple OpenSSL Vulnerabilities (VMSA-2014-0006)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-5298", "CVE-2014-0198", "CVE-2014-0224", "CVE-2014-3470"], "modified": "2019-11-25T00:00:00", "cpe": ["cpe:/a:vmware:ovf_tool"], "id": "VMWARE_OVFTOOL_VMSA_2014-0006.NASL", "href": "https://www.tenable.com/plugins/nessus/77332", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(77332);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/11/25\");\n\n script_cve_id(\n \"CVE-2010-5298\",\n \"CVE-2014-0198\",\n \"CVE-2014-0224\",\n \"CVE-2014-3470\"\n );\n script_bugtraq_id(\n 66801,\n 67193,\n 67898,\n 67899\n );\n script_xref(name:\"CERT\", value:\"978508\");\n script_xref(name:\"VMSA\", value:\"2014-0006\");\n\n script_name(english:\"VMware OVF Tool 3.x < 3.5.2 Multiple OpenSSL Vulnerabilities (VMSA-2014-0006)\");\n script_summary(english:\"Checks the version of OVF Tool.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has an application installed that is affected\nby multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host contains VMware OVF (Open Virtualization Format) Tool\nversion 3.x prior to 3.5.2. It is, therefore, affected by multiple\nvulnerabilities in the bundled version of OpenSSL :\n\n - An error exists in the 'ssl3_read_bytes' function\n that permits data to be injected into other sessions\n or allows denial of service attacks. Note that this\n issue is exploitable only if SSL_MODE_RELEASE_BUFFERS\n is enabled. (CVE-2010-5298)\n\n - An error exists in the 'do_ssl3_write' function that\n permits a NULL pointer to be dereferenced, which could\n allow denial of service attacks. Note that this issue\n is exploitable only if SSL_MODE_RELEASE_BUFFERS is\n enabled. (CVE-2014-0198)\n\n - An error exists in the processing of ChangeCipherSpec\n messages that allows the usage of weak keying material.\n This permits simplified man-in-the-middle attacks to be\n done. (CVE-2014-0224)\n\n - An error exists in the 'dtls1_get_message_fragment'\n function related to anonymous ECDH cipher suites. This\n could allow denial of service attacks. Note that this\n issue only affects OpenSSL TLS clients. (CVE-2014-3470)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.vmware.com/security/advisories/VMSA-2014-0006.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20140605.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to VMware OVF Tool 3.5.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0224\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:vmware:ovf_tool\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"vmware_ovftool_installed.nasl\");\n script_require_keys(\"installed_sw/VMware OVF Tool\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nappname = \"VMware OVF Tool\";\n\nget_install_count(app_name:appname, exit_if_zero:TRUE);\ninstall = get_single_install(app_name:appname);\n\nversion = install['version'];\npath = install['path'];\n\nif (version !~ \"^3\\.[0-5]($|[^0-9])\") audit(AUDIT_NOT_INST, appname + \" 3.0.x - 3.5.x\");\n\nfixed_version = '3.5.2';\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) < 0)\n{\n port = get_kb_item('SMB/transport');\n if (!port) port = 445;\n\n if (report_verbosity > 0)\n {\n report +=\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version +\n '\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, appname, version, path);\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-08-26T00:44:46", "description": "The version of vSphere Client installed on the remote Windows host is is affected by the following vulnerabilities in the OpenSSL library :\n\n - An error exists in the function 'ssl3_read_bytes' that could allow data to be injected into other sessions or allow denial of service attacks. Note this issue is only exploitable if 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2010-5298)\n\n - An error exists in the function 'do_ssl3_write' that could allow a NULL pointer to be dereferenced leading to denial of service attacks. Note this issue is exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2014-0198)\n\n - An unspecified error exists that could allow an attacker to cause usage of weak keying material leading to simplified man-in-the-middle attacks.\n (CVE-2014-0224)\n\n - An unspecified error exists related to anonymous ECDH ciphersuites that could allow denial of service attacks. Note this issue only affects OpenSSL TLS clients. (CVE-2014-3470)", "cvss3": {"score": null, "vector": null}, "published": "2014-07-03T00:00:00", "type": "nessus", "title": "VMware vSphere Client Multiple Vulnerabilities (VMSA-2014-0006)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-5298", "CVE-2014-0198", "CVE-2014-0224", "CVE-2014-3470"], "modified": "2019-11-26T00:00:00", "cpe": ["cpe:/a:vmware:vsphere_client"], "id": "VSPHERE_CLIENT_VMSA_2014-0006.NASL", "href": "https://www.tenable.com/plugins/nessus/76355", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76355);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/11/26\");\n\n script_cve_id(\n \"CVE-2010-5298\",\n \"CVE-2014-0198\",\n \"CVE-2014-0224\",\n \"CVE-2014-3470\"\n );\n script_bugtraq_id(\n 66801,\n 67193,\n 67898,\n 67899\n );\n script_xref(name:\"CERT\", value:\"978508\");\n script_xref(name:\"VMSA\", value:\"2014-0006\");\n\n script_name(english:\"VMware vSphere Client Multiple Vulnerabilities (VMSA-2014-0006)\");\n script_summary(english:\"Checks the version of vSphere Client.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has a virtualization client application installed that\nis affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of vSphere Client installed on the remote Windows host is\nis affected by the following vulnerabilities in the OpenSSL library :\n\n - An error exists in the function 'ssl3_read_bytes'\n that could allow data to be injected into other\n sessions or allow denial of service attacks. Note\n this issue is only exploitable if\n 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2010-5298)\n\n - An error exists in the function 'do_ssl3_write' that\n could allow a NULL pointer to be dereferenced leading to\n denial of service attacks. Note this issue is\n exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is\n enabled. (CVE-2014-0198)\n\n - An unspecified error exists that could allow an\n attacker to cause usage of weak keying material\n leading to simplified man-in-the-middle attacks.\n (CVE-2014-0224)\n\n - An unspecified error exists related to anonymous ECDH\n ciphersuites that could allow denial of service\n attacks. Note this issue only affects OpenSSL TLS\n clients. (CVE-2014-3470)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.vmware.com/security/advisories/VMSA-2014-0006.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20140605.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to vSphere Client 5.0 Update 3a / 5.1 Update 2a / 5.5 Update\n1b or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0224\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:vmware:vsphere_client\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"vsphere_client_installed.nasl\");\n script_require_keys(\"SMB/VMware vSphere Client/Installed\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\ninstalls = get_kb_list_or_exit(\"SMB/VMware vSphere Client/*/Path\");\n\ninfo = '';\nunaffected = make_list();\nvuln = 0;\n\nforeach version (keys(installs))\n{\n path = installs[version];\n version = version - 'SMB/VMware vSphere Client/' - '/Path';\n matches = eregmatch(pattern:'^([0-9\\\\.]+) build ([0-9]+)$', string:version);\n if (matches)\n {\n ver = matches[1];\n build = matches[2];\n }\n if (ver =~ '^5\\\\.5\\\\.0$' && int(build) < 1880841)\n {\n vuln++;\n info +=\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 5.5.0 build 1880841\\n';\n }\n else if (ver =~ '^5\\\\.1\\\\.0$' && int(build) < 1880906)\n {\n vuln++;\n info +=\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 5.1.0 build 1880906\\n';\n }\n else if (ver =~ '^5\\\\.0\\\\.0$' && int(build) < 1917469)\n {\n vuln++;\n info +=\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 5.0.0 build 1917469\\n';\n }\n else\n unaffected = make_list(unaffected, version);\n}\n\nif (vuln)\n{\n port = get_kb_item('SMB/transport');\n if (!port) port = 445;\n\n if (report_verbosity > 0) security_warning(port:port, extra:info);\n else security_warning(port);\n exit(0);\n}\n\nif (max_index(unaffected) > 0) audit(AUDIT_INST_VER_NOT_VULN, \"VMware vSphere Client\", unaffected);\nelse exit(1, 'Unexpected error - \\'unaffected\\' is empty.');\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-08-26T00:45:38", "description": "The version of vCenter Operations Manager installed on the remote host is 5.7.x or later and prior to 5.8.2. It is, therefore, affected by the following OpenSSL related vulnerabilities :\n\n - An error exists in the function 'ssl3_read_bytes' that could allow data to be injected into other sessions or allow denial of service attacks. Note this issue is only exploitable if 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2010-5298)\n\n - An error exists in the function 'do_ssl3_write' that could allow a NULL pointer to be dereferenced leading to denial of service attacks. Note this issue is exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2014-0198)\n\n - An unspecified error exists that could allow an attacker to cause usage of weak keying material leading to simplified man-in-the-middle attacks.\n (CVE-2014-0224)\n\n - An unspecified error exists related to anonymous ECDH ciphersuites that could allow denial of service attacks. Note this issue only affects OpenSSL TLS clients. (CVE-2014-3470)\n\nNote that the patch for 5.7.x is still pending at this time.", "cvss3": {"score": null, "vector": null}, "published": "2014-07-03T00:00:00", "type": "nessus", "title": "VMware vCenter Operations Manager Multiple OpenSSL Vulnerabilities (VMSA-2014-0006)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-5298", "CVE-2014-0198", "CVE-2014-0224", "CVE-2014-3470"], "modified": "2019-11-26T00:00:00", "cpe": ["cpe:/a:vmware:vcenter_operations"], "id": "VMWARE_VCENTER_OPERATIONS_MANAGER_VMSA_2014-0006.NASL", "href": "https://www.tenable.com/plugins/nessus/76360", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76360);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/11/26\");\n\n script_cve_id(\n \"CVE-2010-5298\",\n \"CVE-2014-0198\",\n \"CVE-2014-0224\",\n \"CVE-2014-3470\"\n );\n script_bugtraq_id(\n 66801,\n 67193,\n 67898,\n 67899\n );\n script_xref(name:\"CERT\", value:\"978508\");\n script_xref(name:\"VMSA\", value:\"2014-0006\");\n\n script_name(english:\"VMware vCenter Operations Manager Multiple OpenSSL Vulnerabilities (VMSA-2014-0006)\");\n script_summary(english:\"Checks the version of vCenter Operations Manager.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has a virtualization appliance installed that is\naffected by multiple OpenSSL vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of vCenter Operations Manager installed on the remote host\nis 5.7.x or later and prior to 5.8.2. It is, therefore, affected by\nthe following OpenSSL related vulnerabilities :\n\n - An error exists in the function 'ssl3_read_bytes'\n that could allow data to be injected into other\n sessions or allow denial of service attacks. Note\n this issue is only exploitable if\n 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2010-5298)\n\n - An error exists in the function 'do_ssl3_write' that\n could allow a NULL pointer to be dereferenced leading to\n denial of service attacks. Note this issue is\n exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is\n enabled. (CVE-2014-0198)\n\n - An unspecified error exists that could allow an\n attacker to cause usage of weak keying material\n leading to simplified man-in-the-middle attacks.\n (CVE-2014-0224)\n\n - An unspecified error exists related to anonymous ECDH\n ciphersuites that could allow denial of service\n attacks. Note this issue only affects OpenSSL TLS\n clients. (CVE-2014-3470)\n\nNote that the patch for 5.7.x is still pending at this time.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.vmware.com/security/advisories/VMSA-2014-0006.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to vCenter Operations Manager 5.8.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0224\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:vmware:vcenter_operations\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/VMware vCenter Operations Manager/Version\");\n script_require_ports(\"Services/ssh\", 22);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit(\"Host/VMware vCenter Operations Manager/Version\");\n\nif (\n version =~ '^5\\\\.7\\\\.' ||\n (version =~ '^5\\\\.8\\\\.' && ver_compare(ver:version, fix:'5.8.2', strict:FALSE) < 0)\n)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Installed version : ' + version +\n '\\n Fixed version : 5.8.2\\n';\n security_warning(port:0, extra:report);\n }\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, 'VMware vCenter Operations Manager', version);\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-08-26T00:46:12", "description": "Juri Aedla discovered that OpenSSL incorrectly handled invalid DTLS fragments. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. (CVE-2014-0195)\n\nImre Rad discovered that OpenSSL incorrectly handled DTLS recursions.\nA remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2014-0221)\n\nKIKUCHI Masashi discovered that OpenSSL incorrectly handled certain handshakes. A remote attacker could use this flaw to perform a man-in-the-middle attack and possibly decrypt and modify traffic.\n(CVE-2014-0224)\n\nFelix Grobert and Ivan Fratric discovered that OpenSSL incorrectly handled anonymous ECDH ciphersuites. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service.\nThis issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. (CVE-2014-3470).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.4, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}, "published": "2014-06-06T00:00:00", "type": "nessus", "title": "Ubuntu 10.04 LTS / 12.04 LTS / 13.10 / 14.04 LTS : openssl vulnerabilities (USN-2232-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0195", "CVE-2014-0221", "CVE-2014-0224", "CVE-2014-3470"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libssl0.9.8", "p-cpe:/a:canonical:ubuntu_linux:libssl1.0.0", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:13.10", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2232-1.NASL", "href": "https://www.tenable.com/plugins/nessus/74353", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2232-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74353);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-0195\", \"CVE-2014-0221\", \"CVE-2014-0224\", \"CVE-2014-3470\");\n script_xref(name:\"USN\", value:\"2232-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 12.04 LTS / 13.10 / 14.04 LTS : openssl vulnerabilities (USN-2232-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Juri Aedla discovered that OpenSSL incorrectly handled invalid DTLS\nfragments. A remote attacker could use this issue to cause OpenSSL to\ncrash, resulting in a denial of service, or possibly execute arbitrary\ncode. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and\nUbuntu 14.04 LTS. (CVE-2014-0195)\n\nImre Rad discovered that OpenSSL incorrectly handled DTLS recursions.\nA remote attacker could use this issue to cause OpenSSL to crash,\nresulting in a denial of service. (CVE-2014-0221)\n\nKIKUCHI Masashi discovered that OpenSSL incorrectly handled certain\nhandshakes. A remote attacker could use this flaw to perform a\nman-in-the-middle attack and possibly decrypt and modify traffic.\n(CVE-2014-0224)\n\nFelix Grobert and Ivan Fratric discovered that OpenSSL incorrectly\nhandled anonymous ECDH ciphersuites. A remote attacker could use this\nissue to cause OpenSSL to crash, resulting in a denial of service.\nThis issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu\n14.04 LTS. (CVE-2014-3470).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2232-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libssl0.9.8 and / or libssl1.0.0 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libssl0.9.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libssl1.0.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:13.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04|12\\.04|13\\.10|14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 12.04 / 13.10 / 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libssl0.9.8\", pkgver:\"0.9.8k-7ubuntu8.18\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libssl1.0.0\", pkgver:\"1.0.1-4ubuntu5.14\")) flag++;\nif (ubuntu_check(osver:\"13.10\", pkgname:\"libssl1.0.0\", pkgver:\"1.0.1e-3ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libssl1.0.0\", pkgver:\"1.0.1f-1ubuntu2.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libssl0.9.8 / libssl1.0.0\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-26T00:46:08", "description": "The OpenSSL Project reports :\n\nAn attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. This can be exploited by a Man-in-the-middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server.\n[CVE-2014-0224]\n\nBy sending an invalid DTLS handshake to an OpenSSL DTLS client the code can be made to recurse eventually crashing in a DoS attack.\n[CVE-2014-0221]\n\nA buffer overrun attack can be triggered by sending invalid DTLS fragments to an OpenSSL DTLS client or server. This is potentially exploitable to run arbitrary code on a vulnerable client or server.\n[CVE-2014-0195]\n\nOpenSSL TLS clients enabling anonymous ECDH ciphersuites are subject to a denial of service attack. [CVE-2014-3470]", "cvss3": {"score": 7.4, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}, "published": "2014-06-06T00:00:00", "type": "nessus", "title": "FreeBSD : OpenSSL -- multiple vulnerabilities (5ac53801-ec2e-11e3-9cf3-3c970e169bc2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0195", "CVE-2014-0221", "CVE-2014-0224", "CVE-2014-3470"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:mingw32-openssl", "p-cpe:/a:freebsd:freebsd:openssl", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_5AC53801EC2E11E39CF33C970E169BC2.NASL", "href": "https://www.tenable.com/plugins/nessus/74342", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2019 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74342);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-0195\", \"CVE-2014-0221\", \"CVE-2014-0224\", \"CVE-2014-3470\");\n script_bugtraq_id(67898, 67899, 67900, 67901);\n script_xref(name:\"FreeBSD\", value:\"SA-14:14.openssl\");\n\n script_name(english:\"FreeBSD : OpenSSL -- multiple vulnerabilities (5ac53801-ec2e-11e3-9cf3-3c970e169bc2)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The OpenSSL Project reports :\n\nAn attacker using a carefully crafted handshake can force the use of\nweak keying material in OpenSSL SSL/TLS clients and servers. This can\nbe exploited by a Man-in-the-middle (MITM) attack where the attacker\ncan decrypt and modify traffic from the attacked client and server.\n[CVE-2014-0224]\n\nBy sending an invalid DTLS handshake to an OpenSSL DTLS client the\ncode can be made to recurse eventually crashing in a DoS attack.\n[CVE-2014-0221]\n\nA buffer overrun attack can be triggered by sending invalid DTLS\nfragments to an OpenSSL DTLS client or server. This is potentially\nexploitable to run arbitrary code on a vulnerable client or server.\n[CVE-2014-0195]\n\nOpenSSL TLS clients enabling anonymous ECDH ciphersuites are subject\nto a denial of service attack. [CVE-2014-3470]\"\n );\n # http://www.openssl.org/news/secadv/20140605.txt\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openssl.org/news/secadv/20140605.txt\"\n );\n # https://vuxml.freebsd.org/freebsd/5ac53801-ec2e-11e3-9cf3-3c970e169bc2.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a25558e8\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mingw32-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"openssl>=1.0.1<1.0.1_13\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mingw32-openssl>=1.0.1<1.0.1h\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-26T00:45:38", "description": "USN-2232-1 fixed vulnerabilities in OpenSSL. The upstream fix for CVE-2014-0224 caused a regression for certain applications that use tls_session_secret_cb, such as wpa_supplicant. This update fixes the problem.\n\nJuri Aedla discovered that OpenSSL incorrectly handled invalid DTLS fragments. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. (CVE-2014-0195)\n\nImre Rad discovered that OpenSSL incorrectly handled DTLS recursions. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service.\n(CVE-2014-0221)\n\nKIKUCHI Masashi discovered that OpenSSL incorrectly handled certain handshakes. A remote attacker could use this flaw to perform a man-in-the-middle attack and possibly decrypt and modify traffic. (CVE-2014-0224)\n\nFelix Grobert and Ivan Fratric discovered that OpenSSL incorrectly handled anonymous ECDH ciphersuites. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS.\n(CVE-2014-3470).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.4, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "Ubuntu 12.04 LTS / 13.10 / 14.04 LTS : openssl regression (USN-2232-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0195", "CVE-2014-0221", "CVE-2014-0224", "CVE-2014-3470"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libssl1.0.0", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:13.10", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2232-2.NASL", "href": "https://www.tenable.com/plugins/nessus/74508", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2232-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74508);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-0195\", \"CVE-2014-0221\", \"CVE-2014-0224\", \"CVE-2014-3470\");\n script_bugtraq_id(67898, 67899, 67900, 67901);\n script_xref(name:\"USN\", value:\"2232-2\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 13.10 / 14.04 LTS : openssl regression (USN-2232-2)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"USN-2232-1 fixed vulnerabilities in OpenSSL. The upstream fix for\nCVE-2014-0224 caused a regression for certain applications that use\ntls_session_secret_cb, such as wpa_supplicant. This update fixes the\nproblem.\n\nJuri Aedla discovered that OpenSSL incorrectly handled invalid DTLS\nfragments. A remote attacker could use this issue to cause OpenSSL to\ncrash, resulting in a denial of service, or possibly execute arbitrary\ncode. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and\nUbuntu 14.04 LTS. (CVE-2014-0195)\n\nImre Rad discovered that OpenSSL incorrectly handled DTLS\nrecursions. A remote attacker could use this issue to cause\nOpenSSL to crash, resulting in a denial of service.\n(CVE-2014-0221)\n\nKIKUCHI Masashi discovered that OpenSSL incorrectly handled\ncertain handshakes. A remote attacker could use this flaw to\nperform a man-in-the-middle attack and possibly decrypt and\nmodify traffic. (CVE-2014-0224)\n\nFelix Grobert and Ivan Fratric discovered that OpenSSL\nincorrectly handled anonymous ECDH ciphersuites. A remote\nattacker could use this issue to cause OpenSSL to crash,\nresulting in a denial of service. This issue only affected\nUbuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS.\n(CVE-2014-3470).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2232-2/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libssl1.0.0 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libssl1.0.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:13.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|13\\.10|14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 13.10 / 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libssl1.0.0\", pkgver:\"1.0.1-4ubuntu5.15\")) flag++;\nif (ubuntu_check(osver:\"13.10\", pkgname:\"libssl1.0.0\", pkgver:\"1.0.1e-3ubuntu1.5\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libssl1.0.0\", pkgver:\"1.0.1f-1ubuntu2.3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libssl1.0.0\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-26T00:45:05", "description": "The version of VMware Player installed on the remote host is version 5.x prior to 5.0.4 or 6.x prior to 6.0.3. It is, therefore, affected by the following vulnerabilities in the OpenSSL library :\n\n - An error exists in the function 'ssl3_read_bytes' that could allow data to be injected into other sessions or allow denial of service attacks. Note this issue is only exploitable if 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2010-5298)\n\n - An error exists in the function 'do_ssl3_write' that could allow a NULL pointer to be dereferenced leading to denial of service attacks. Note this issue is exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2014-0198)\n\n - An unspecified error exists that could allow an attacker to cause usage of weak keying material leading to simplified man-in-the-middle attacks.\n (CVE-2014-0224)\n\n - An unspecified error exists related to anonymous ECDH ciphersuites that could allow denial of service attacks. Note this issue only affects OpenSSL TLS clients. (CVE-2014-3470)", "cvss3": {"score": null, "vector": null}, "published": "2014-07-10T00:00:00", "type": "nessus", "title": "VMware Player < 5.0.4 / 6.0.3 OpenSSL Library Multiple Vulnerabilities (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-5298", "CVE-2014-0198", "CVE-2014-0224", "CVE-2014-3470"], "modified": "2019-11-26T00:00:00", "cpe": ["cpe:/a:vmware:player"], "id": "VMWARE_PLAYER_MULTIPLE_VMSA_2014-0006.NASL", "href": "https://www.tenable.com/plugins/nessus/76454", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76454);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/11/26\");\n\n script_cve_id(\n \"CVE-2010-5298\",\n \"CVE-2014-0198\",\n \"CVE-2014-0224\",\n \"CVE-2014-3470\"\n );\n script_bugtraq_id(\n 66801,\n 67193,\n 67898,\n 67899\n );\n script_xref(name:\"CERT\", value:\"978508\");\n script_xref(name:\"VMSA\", value:\"2014-0006\");\n\n script_name(english:\"VMware Player < 5.0.4 / 6.0.3 OpenSSL Library Multiple Vulnerabilities (Windows)\");\n script_summary(english:\"Checks the VMware Player version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host contains software that is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of VMware Player installed on the remote host is version\n5.x prior to 5.0.4 or 6.x prior to 6.0.3. It is, therefore, affected\nby the following vulnerabilities in the OpenSSL library :\n\n - An error exists in the function 'ssl3_read_bytes'\n that could allow data to be injected into other\n sessions or allow denial of service attacks. Note\n this issue is only exploitable if\n 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2010-5298)\n\n - An error exists in the function 'do_ssl3_write' that\n could allow a NULL pointer to be dereferenced leading\n to denial of service attacks. Note this issue is\n exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is\n enabled. (CVE-2014-0198)\n\n - An unspecified error exists that could allow an\n attacker to cause usage of weak keying material\n leading to simplified man-in-the-middle attacks.\n (CVE-2014-0224)\n\n - An unspecified error exists related to anonymous ECDH\n ciphersuites that could allow denial of service\n attacks. Note this issue only affects OpenSSL TLS\n clients. (CVE-2014-3470)\");\n # http://lists.vmware.com/pipermail/security-announce/2014/000253.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4357b8a5\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.vmware.com/security/advisories/VMSA-2014-0006.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.openssl.org/news/vulnerabilities.html#CVE-2010-5298\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.openssl.org/news/vulnerabilities.html#CVE-2014-0198\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.openssl.org/news/vulnerabilities.html#CVE-2014-0224\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.openssl.org/news/vulnerabilities.html#CVE-2014-3470\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to VMware Player 5.0.4 / 6.0.3 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0224\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/04/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:vmware:player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"vmware_player_detect.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\", \"VMware/Player/Path\", \"VMware/Player/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\n\nversion = get_kb_item_or_exit(\"VMware/Player/Version\");\npath = get_kb_item_or_exit(\"VMware/Player/Path\");\n\nfixed = \"5.0.4 / 6.0.3\";\nif (\n version =~ \"^6\\.\" && ver_compare(ver:version, fix:\"6.0.3\", strict:FALSE) == -1 ||\n version =~ \"^5\\.\" && ver_compare(ver:version, fix:\"5.0.4\", strict:FALSE) == -1\n)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n if (report_verbosity > 0)\n {\n report +=\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed +\n '\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"VMware Player\", version, path);\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-08-26T00:44:45", "description": "The openssl library was updated to version 1.0.1h fixing various security issues and bugs :\n\nSecurity issues fixed :\n\n - CVE-2014-0224: Fix for SSL/TLS MITM flaw. An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers.\n\n - CVE-2014-0221: Fix DTLS recursion flaw. By sending an invalid DTLS handshake to an OpenSSL DTLS client the code can be made to recurse eventually crashing in a DoS attack.\n\n - CVE-2014-0195: Fix DTLS invalid fragment vulnerability.\n A buffer overrun attack can be triggered by sending invalid DTLS fragments to an OpenSSL DTLS client or server. This is potentially exploitable to run arbitrary code on a vulnerable client or server.\n\n - CVE-2014-3470: Fix bug in TLS code where clients enable anonymous ECDH ciphersuites are subject to a denial of service attack.", "cvss3": {"score": 7.4, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : openssl (openSUSE-SU-2014:0764-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0195", "CVE-2014-0221", "CVE-2014-0224", "CVE-2014-3470"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libopenssl-devel", "p-cpe:/a:novell:opensuse:libopenssl-devel-32bit", "p-cpe:/a:novell:opensuse:libopenssl1_0_0", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-32bit", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:openssl", "p-cpe:/a:novell:opensuse:openssl-debuginfo", "p-cpe:/a:novell:opensuse:openssl-debugsource", "cpe:/o:novell:opensuse:12.3", "cpe:/o:novell:opensuse:13.1"], "id": "OPENSUSE-2014-410.NASL", "href": "https://www.tenable.com/plugins/nessus/75383", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-410.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75383);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-0195\", \"CVE-2014-0221\", \"CVE-2014-0224\", \"CVE-2014-3470\");\n\n script_name(english:\"openSUSE Security Update : openssl (openSUSE-SU-2014:0764-1)\");\n script_summary(english:\"Check for the openSUSE-2014-410 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The openssl library was updated to version 1.0.1h fixing various\nsecurity issues and bugs :\n\nSecurity issues fixed :\n\n - CVE-2014-0224: Fix for SSL/TLS MITM flaw. An attacker\n using a carefully crafted handshake can force the use of\n weak keying material in OpenSSL SSL/TLS clients and\n servers.\n\n - CVE-2014-0221: Fix DTLS recursion flaw. By sending an\n invalid DTLS handshake to an OpenSSL DTLS client the\n code can be made to recurse eventually crashing in a DoS\n attack.\n\n - CVE-2014-0195: Fix DTLS invalid fragment vulnerability.\n A buffer overrun attack can be triggered by sending\n invalid DTLS fragments to an OpenSSL DTLS client or\n server. This is potentially exploitable to run arbitrary\n code on a vulnerable client or server.\n\n - CVE-2014-3470: Fix bug in TLS code where clients enable\n anonymous ECDH ciphersuites are subject to a denial of\n service attack.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=880891\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-06/msg00011.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.3|SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.3 / 13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libopenssl-devel-1.0.1h-1.60.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libopenssl1_0_0-1.0.1h-1.60.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libopenssl1_0_0-debuginfo-1.0.1h-1.60.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"openssl-1.0.1h-1.60.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"openssl-debuginfo-1.0.1h-1.60.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"openssl-debugsource-1.0.1h-1.60.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"libopenssl-devel-32bit-1.0.1h-1.60.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-32bit-1.0.1h-1.60.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.1h-1.60.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libopenssl-devel-1.0.1h-11.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libopenssl1_0_0-1.0.1h-11.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libopenssl1_0_0-debuginfo-1.0.1h-11.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openssl-1.0.1h-11.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openssl-debuginfo-1.0.1h-11.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openssl-debugsource-1.0.1h-11.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libopenssl-devel-32bit-1.0.1h-11.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-32bit-1.0.1h-11.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.1h-11.48.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-26T00:45:56", "description": "The version of VMware Workstation installed on the remote host is version 9.x prior to 9.0.4 or 10.x prior to 10.0.3. It is, therefore, affected by the following vulnerabilities in the OpenSSL library :\n\n - An error exists in the function 'ssl3_read_bytes' that could allow data to be injected into other sessions or allow denial of service attacks. Note this issue is only exploitable if 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2010-5298)\n\n - An error exists in the function 'do_ssl3_write' that could allow a NULL pointer to be dereferenced leading to denial of service attacks. Note this issue is exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2014-0198)\n\n - An unspecified error exists that could allow an attacker to cause usage of weak keying material leading to simplified man-in-the-middle attacks.\n (CVE-2014-0224)\n\n - An unspecified error exists related to anonymous ECDH ciphersuites that could allow denial of service attacks. Note this issue only affects OpenSSL TLS clients. (CVE-2014-3470)", "cvss3": {"score": null, "vector": null}, "published": "2014-07-10T00:00:00", "type": "nessus", "title": "VMware Workstation < 9.0.4 / 10.0.3 OpenSSL Library Multiple Vulnerabilities (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-5298", "CVE-2014-0198", "CVE-2014-0224", "CVE-2014-3470"], "modified": "2019-11-26T00:00:00", "cpe": ["cpe:/a:vmware:workstation"], "id": "VMWARE_WORKSTATION_MULTIPLE_VMSA_2014_0006.NASL", "href": "https://www.tenable.com/plugins/nessus/76456", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76456);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/11/26\");\n\n script_cve_id(\n \"CVE-2010-5298\",\n \"CVE-2014-0198\",\n \"CVE-2014-0224\",\n \"CVE-2014-3470\"\n );\n script_bugtraq_id(\n 66801,\n 67193,\n 67898,\n 67899\n );\n script_xref(name:\"CERT\", value:\"978508\");\n script_xref(name:\"VMSA\", value:\"2014-0006\");\n\n script_name(english:\"VMware Workstation < 9.0.4 / 10.0.3 OpenSSL Library Multiple Vulnerabilities (Windows)\");\n script_summary(english:\"Checks the VMware Workstation version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has a virtualization application that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of VMware Workstation installed on the remote host is\nversion 9.x prior to 9.0.4 or 10.x prior to 10.0.3. It is, therefore,\naffected by the following vulnerabilities in the OpenSSL library :\n\n - An error exists in the function 'ssl3_read_bytes'\n that could allow data to be injected into other\n sessions or allow denial of service attacks. Note\n this issue is only exploitable if\n 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2010-5298)\n\n - An error exists in the function 'do_ssl3_write' that\n could allow a NULL pointer to be dereferenced leading\n to denial of service attacks. Note this issue is\n exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is\n enabled. (CVE-2014-0198)\n\n - An unspecified error exists that could allow an\n attacker to cause usage of weak keying material\n leading to simplified man-in-the-middle attacks.\n (CVE-2014-0224)\n\n - An unspecified error exists related to anonymous ECDH\n ciphersuites that could allow denial of service\n attacks. Note this issue only affects OpenSSL TLS\n clients. (CVE-2014-3470)\");\n # http://lists.vmware.com/pipermail/security-announce/2014/000253.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4357b8a5\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.vmware.com/security/advisories/VMSA-2014-0006.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.openssl.org/news/vulnerabilities.html#CVE-2010-5298\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.openssl.org/news/vulnerabilities.html#CVE-2014-0198\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.openssl.org/news/vulnerabilities.html#CVE-2014-0224\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.openssl.org/news/vulnerabilities.html#CVE-2014-3470\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to VMware Workstation 9.0.4 / 10.0.3 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0224\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/04/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:vmware:workstation\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"vmware_workstation_detect.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\", \"VMware/Workstation/Version\", \"VMware/Workstation/Path\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\n\nappname = 'VMware Workstation';\n\nversion = get_kb_item(\"VMware/Workstation/Version\");\nif (isnull(version)) audit(AUDIT_NOT_INST, appname);\n\npath = get_kb_item_or_exit(\"VMware/Workstation/Path\");\n\nfix = \"9.0.4 / 10.0.3\";\nif (\n version =~ \"^10\\.\" && ver_compare(ver:version, fix:\"10.0.3\", strict:FALSE) == -1 ||\n version =~ \"^9\\.\" && ver_compare(ver:version, fix:\"9.0.4\", strict:FALSE) == -1\n)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n if (report_verbosity >0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix + '\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n exit(0);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, appname, version, path);\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-08-26T00:43:35", "description": "The VMware vSphere Replication installed on the remote host is version 5.5.x prior to 5.5.1.1, or else it is version 5.6.x. It is, therefore, affected by the following OpenSSL related vulnerabilities :\n\n - An error exists in the function 'ssl3_read_bytes' that could allow data to be injected into other sessions or allow denial of service attacks. Note that this issue is exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2010-5298)\n\n - An error exists in the function 'do_ssl3_write' that could allow a NULL pointer to be dereferenced leading to denial of service attacks. Note that this issue is exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2014-0198)\n\n - An unspecified error exists that could allow an attacker to cause usage of weak keying material leading to simplified man-in-the-middle attacks. (CVE-2014-0224)\n\n - An unspecified error exists related to anonymous ECDH cipher suites that could allow denial of service attacks. Note that this issue only affects OpenSSL TLS clients. (CVE-2014-3470)", "cvss3": {"score": null, "vector": null}, "published": "2014-10-02T00:00:00", "type": "nessus", "title": "VMware vSphere Replication Multiple OpenSSL Vulnerabilities (VMSA-2014-0006)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-5298", "CVE-2014-0198", "CVE-2014-0224", "CVE-2014-3470"], "modified": "2019-11-25T00:00:00", "cpe": ["x-cpe:/a:vmware:vsphere_replication"], "id": "VMWARE_VSPHERE_REPLICATION_VMSA_2014_0006.NASL", "href": "https://www.tenable.com/plugins/nessus/78024", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78024);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/11/25\");\n\n script_cve_id(\n \"CVE-2010-5298\",\n \"CVE-2014-0198\",\n \"CVE-2014-0224\",\n \"CVE-2014-3470\"\n );\n script_bugtraq_id(\n 66801,\n 67193,\n 67898,\n 67899\n );\n script_xref(name:\"CERT\", value:\"978508\");\n script_xref(name:\"VMSA\", value:\"2014-0006\");\n\n script_name(english:\"VMware vSphere Replication Multiple OpenSSL Vulnerabilities (VMSA-2014-0006)\");\n script_summary(english:\"Checks the version of vSphere Replication.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has a virtualization appliance installed that is\naffected by multiple OpenSSL vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The VMware vSphere Replication installed on the remote host is version\n5.5.x prior to 5.5.1.1, or else it is version 5.6.x. It is, therefore,\naffected by the following OpenSSL related vulnerabilities :\n\n - An error exists in the function 'ssl3_read_bytes' that\n could allow data to be injected into other sessions or\n allow denial of service attacks. Note that this issue\n is exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is\n enabled. (CVE-2010-5298)\n\n - An error exists in the function 'do_ssl3_write' that\n could allow a NULL pointer to be dereferenced leading to\n denial of service attacks. Note that this issue is\n exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is\n enabled. (CVE-2014-0198)\n\n - An unspecified error exists that could allow an attacker\n to cause usage of weak keying material leading to\n simplified man-in-the-middle attacks. (CVE-2014-0224)\n\n - An unspecified error exists related to anonymous ECDH\n cipher suites that could allow denial of service\n attacks. Note that this issue only affects OpenSSL TLS\n clients. (CVE-2014-3470)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.vmware.com/security/advisories/VMSA-2014-0006.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to vSphere Replication 5.5.1.1 / 5.8 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0224\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/a:vmware:vsphere_replication\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/VMware vSphere Replication/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit(\"Host/VMware vSphere Replication/Version\");\nverui = get_kb_item_or_exit(\"Host/VMware vSphere Replication/VerUI\");\n\nif (version =~ '^5\\\\.[56]\\\\.')\n{\n build = get_kb_item_or_exit(\"Host/VMware vSphere Replication/Build\");\n if (version =~ '^5\\\\.5\\\\.' && int(build) < 1879843) fix = '5.5.1 Build 1879843';\n else if (version =~ '^5\\\\.6\\\\.') fix = '5.8.0 Build 2055179';\n}\n\nif (fix)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Installed version : ' + verui +\n '\\n Fixed version : ' + fix + '\\n';\n security_warning(port:0, extra:report);\n }\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, 'VMware vSphere Replication', verui);\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-08-26T00:44:16", "description": "The remote host has a version of Cisco AnyConnect prior to 3.1(5170).\nIt is, therefore, potentially affected by the following vulnerabilities :\n\n - An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) that could allow nonce disclosure via the 'FLUSH+RELOAD' cache side-channel attack. (CVE-2014-0076)\n\n - A buffer overflow error exists related to invalid DTLS fragment handling that could lead to execution of arbitrary code. Note this issue only affects OpenSSL when used as a DTLS client or server. (CVE-2014-0195)\n\n - An error exists related to DTLS handshake handling that could lead to denial of service attacks. Note this issue only affects OpenSSL when used as a DTLS client.\n (CVE-2014-0221)\n\n - An unspecified error exists that could allow an attacker to cause usage of weak keying material leading to simplified man-in-the-middle attacks.\n (CVE-2014-0224)", "cvss3": {"score": null, "vector": null}, "published": "2014-07-14T00:00:00", "type": "nessus", "title": "Mac OS X : Cisco AnyConnect Secure Mobility Client 2.x / 3.x < 3.1(5170) Multiple OpenSSL Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0076", "CVE-2014-0195", "CVE-2014-0221", "CVE-2014-0224"], "modified": "2019-11-26T00:00:00", "cpe": ["cpe:/a:cisco:anyconnect_secure_mobility_client"], "id": "MACOSX_CISCO_ANYCONNECT_3_1_5170.NASL", "href": "https://www.tenable.com/plugins/nessus/76492", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76492);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/11/26\");\n\n script_cve_id(\n \"CVE-2014-0076\",\n \"CVE-2014-0195\",\n \"CVE-2014-0221\",\n \"CVE-2014-0224\"\n );\n script_bugtraq_id(\n 66363,\n 67899,\n 67900,\n 67901\n );\n script_xref(name:\"CERT\", value:\"978508\");\n\n script_name(english:\"Mac OS X : Cisco AnyConnect Secure Mobility Client 2.x / 3.x < 3.1(5170) Multiple OpenSSL Vulnerabilities\");\n script_summary(english:\"Checks version of Cisco AnyConnect Client.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host has a version of Cisco AnyConnect prior to 3.1(5170).\nIt is, therefore, potentially affected by the following\nvulnerabilities :\n\n - An error exists related to the implementation of the\n Elliptic Curve Digital Signature Algorithm (ECDSA) that\n could allow nonce disclosure via the 'FLUSH+RELOAD'\n cache side-channel attack. (CVE-2014-0076)\n\n - A buffer overflow error exists related to invalid DTLS\n fragment handling that could lead to execution of\n arbitrary code. Note this issue only affects OpenSSL\n when used as a DTLS client or server. (CVE-2014-0195)\n\n - An error exists related to DTLS handshake handling that\n could lead to denial of service attacks. Note this\n issue only affects OpenSSL when used as a DTLS client.\n (CVE-2014-0221)\n\n - An unspecified error exists that could allow an\n attacker to cause usage of weak keying material\n leading to simplified man-in-the-middle attacks.\n (CVE-2014-0224)\");\n # http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5539aa9d\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20140605.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Cisco AnyConnect Secure Mobility Client 3.1(5170) or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0195\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:cisco:anyconnect_secure_mobility_client\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_cisco_anyconnect_installed.nasl\");\n script_require_keys(\"MacOSX/Cisco_AnyConnect/Installed\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nappname = 'Cisco AnyConnect Mobility VPN Client';\n\nkb_base = \"MacOSX/Cisco_AnyConnect\";\nget_kb_item_or_exit(kb_base+\"/Installed\");\npath = get_kb_item_or_exit(kb_base+\"/Path\", exit_code:1);\nversion = get_kb_item_or_exit(kb_base+\"/Version\", exit_code:1);\n\nfix = '3.1.5170.0';\nfix_display = fix + ' (3.1(5170))';\n\nif (ver_compare(ver:version, fix:fix, strict:FALSE) == -1)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix_display + '\\n';\n security_warning(port:0, extra:report);\n }\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, appname, version, path);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-26T00:45:56", "description": "The remote VMware ESXi host is version 5.1 prior to build 1900470. It is, therefore, affected by the following vulnerabilities in the OpenSSL library :\n\n - An error exists in the function 'ssl3_read_bytes' that could allow data to be injected into other sessions or allow denial of service attacks. Note this issue is only exploitable if 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2010-5298)\n\n - An error exists in the function 'do_ssl3_write' that could allow a NULL pointer to be dereferenced leading to denial of service attacks. Note this issue is exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2014-0198)\n\n - An unspecified error exists that could allow an attacker to cause usage of weak keying material leading to simplified man-in-the-middle attacks.\n (CVE-2014-0224)\n\n - An unspecified error exists related to anonymous ECDH ciphersuites that could allow denial of service attacks. Note this issue only affects OpenSSL TLS clients. (CVE-2014-3470)", "cvss3": {"score": null, "vector": null}, "published": "2014-06-24T00:00:00", "type": "nessus", "title": "ESXi 5.1 < Build 1900470 OpenSSL Library Multiple Vulnerabilities (remote check)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-5298", "CVE-2014-0198", "CVE-2014-0224", "CVE-2014-3470"], "modified": "2019-11-26T00:00:00", "cpe": ["cpe:/o:vmware:esxi:5.1"], "id": "VMWARE_ESXI_5_1_BUILD_1900470_REMOTE.NASL", "href": "https://www.tenable.com/plugins/nessus/76203", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76203);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2019/11/26\");\n\n script_cve_id(\n \"CVE-2010-5298\",\n \"CVE-2014-0198\",\n \"CVE-2014-0224\",\n \"CVE-2014-3470\"\n );\n script_bugtraq_id(\n 66801,\n 67193,\n 67898,\n 67899\n );\n script_xref(name:\"CERT\", value:\"978508\");\n script_xref(name:\"VMSA\", value:\"2014-0006\");\n\n script_name(english:\"ESXi 5.1 < Build 1900470 OpenSSL Library Multiple Vulnerabilities (remote check)\");\n script_summary(english:\"Checks ESXi version and build number.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote VMware ESXi 5.1 host is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote VMware ESXi host is version 5.1 prior to build 1900470. It\nis, therefore, affected by the following vulnerabilities in the\nOpenSSL library :\n\n - An error exists in the function 'ssl3_read_bytes'\n that could allow data to be injected into other\n sessions or allow denial of service attacks. Note\n this issue is only exploitable if\n 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2010-5298)\n\n - An error exists in the function 'do_ssl3_write' that\n could allow a NULL pointer to be dereferenced leading\n to denial of service attacks. Note this issue is\n exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is\n enabled. (CVE-2014-0198)\n\n - An unspecified error exists that could allow an\n attacker to cause usage of weak keying material\n leading to simplified man-in-the-middle attacks.\n (CVE-2014-0224)\n\n - An unspecified error exists related to anonymous ECDH\n ciphersuites that could allow denial of service\n attacks. Note this issue only affects OpenSSL TLS\n clients. (CVE-2014-3470)\");\n # https://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&externalId=2077640\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c3440b63\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20140605.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply patch ESXi510-201406401-SG for ESXi 5.1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0224\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi:5.1\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"vmware_vsphere_detect.nbin\");\n script_require_keys(\"Host/VMware/version\", \"Host/VMware/release\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nver = get_kb_item_or_exit(\"Host/VMware/version\");\nrel = get_kb_item_or_exit(\"Host/VMware/release\");\n\nif (\"ESXi\" >!< rel) audit(AUDIT_OS_NOT, \"ESXi\");\nif (\"VMware ESXi 5.1\" >!< rel) audit(AUDIT_OS_NOT, \"ESXi 5.1\");\n\nmatch = eregmatch(pattern:'^VMware ESXi.*build-([0-9]+)$', string:rel);\nif (isnull(match)) exit(1, 'Failed to extract the ESXi build number.');\n\nbuild = int(match[1]);\nfixed_build = 1900470;\n\nif (build < fixed_build)\n{\n if (report_verbosity > 0)\n {\n report = '\\n ESXi version : ' + ver +\n '\\n Installed build : ' + build +\n '\\n Fixed build : ' + fixed_build +\n '\\n';\n security_warning(port:0, extra:report);\n }\n else security_warning(0);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, \"VMware ESXi\", ver - \"ESXi \" + \" build \" + build);\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-08-26T00:45:57", "description": "According to its self-reported version, the version of IVE / UAC OS running on the remote host is affected by multiple vulnerabilities :\n\n - An error exists in the function 'ssl3_read_bytes' that could allow data to be injected into other sessions or allow denial of service attacks. Note this issue is only exploitable if 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2010-5298)\n\n - An error exists in the function 'do_ssl3_write' that could allow a NULL pointer to be dereferenced leading to denial of service attacks. Note this issue is exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2014-0198)\n\n - An unspecified error exists that could allow an attacker to cause usage of weak keying material leading to simplified man-in-the-middle attacks.\n (CVE-2014-0224)\n\n - An unspecified error exists related to anonymous ECDH ciphersuites that could allow denial of service attacks. Note this issue only affects OpenSSL TLS clients. (CVE-2014-3470)", "cvss3": {"score": null, "vector": null}, "published": "2014-06-18T00:00:00", "type": "nessus", "title": "Junos Pulse Secure Access IVE / UAC OS Multiple OpenSSL Vulnerabilities (JSA10629)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-5298", "CVE-2014-0198", "CVE-2014-0224", "CVE-2014-3470"], "modified": "2019-11-26T00:00:00", "cpe": ["cpe:/o:juniper:ive_os", "cpe:/a:juniper:junos_pulse_secure_access_service", "cpe:/a:juniper:junos_pulse_access_control_service"], "id": "JUNOS_PULSE_JSA10629.NASL", "href": "https://www.tenable.com/plugins/nessus/76124", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76124);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/11/26\");\n\n script_cve_id(\n \"CVE-2010-5298\",\n \"CVE-2014-0198\",\n \"CVE-2014-0224\",\n \"CVE-2014-3470\"\n );\n script_bugtraq_id(\n 66801,\n 67193,\n 67898,\n 67899\n );\n script_xref(name:\"CERT\", value:\"978508\");\n\n script_name(english:\"Junos Pulse Secure Access IVE / UAC OS Multiple OpenSSL Vulnerabilities (JSA10629)\");\n script_summary(english:\"Checks IVE/UAC OS version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is missing a vendor-supplied security patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version, the version of IVE / UAC OS\nrunning on the remote host is affected by multiple vulnerabilities :\n\n - An error exists in the function 'ssl3_read_bytes'\n that could allow data to be injected into other\n sessions or allow denial of service attacks. Note\n this issue is only exploitable if\n 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2010-5298)\n\n - An error exists in the function 'do_ssl3_write' that\n could allow a NULL pointer to be dereferenced leading to\n denial of service attacks. Note this issue is\n exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is\n enabled. (CVE-2014-0198)\n\n - An unspecified error exists that could allow an\n attacker to cause usage of weak keying material\n leading to simplified man-in-the-middle attacks.\n (CVE-2014-0224)\n\n - An unspecified error exists related to anonymous ECDH\n ciphersuites that could allow denial of service\n attacks. Note this issue only affects OpenSSL TLS\n clients. (CVE-2014-3470)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629\");\n script_set_attribute(attribute:\"see_also\", value:\"https://kb.juniper.net/InfoCenter/index?page=content&id=KB29195\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.openssl.org/news/vulnerabilities.html#CVE-2010-5298\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.openssl.org/news/vulnerabilities.html#CVE-2014-0198\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.openssl.org/news/vulnerabilities.html#CVE-2014-0224\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.openssl.org/news/vulnerabilities.html#CVE-2014-3470\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20140605.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Juniper Junos IVE OS version 7.1r19.1 / 7.4r11.1 / 8.0r4.1\nor later or UAC OS version 4.4r11.1 / 5.0r4.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0224\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:juniper:ive_os\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:juniper:junos_pulse_secure_access_service\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:juniper:junos_pulse_access_control_service\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/Juniper/IVE OS/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit('Host/Juniper/IVE OS/Version');\nmatch = eregmatch(string:version, pattern:\"^([0-9.]+)[Rr]([0-9.]+)\");\nif (isnull(match)) exit(1, 'Error parsing version: ' + version);\n\nrelease = match[1];\nbuild = match[2];\n\n# IVE OS\nif (release == '7.4' && ver_compare(ver:build, fix:'11.1', strict:FALSE) == -1)\n fix = '7.4r11.1';\nelse if (release == '8.0' && ver_compare(ver:build, fix:'4.1', strict:FALSE) == -1)\n fix = '8.0r4.1';\n\n# UAC OS\nelse if (release == '4.4' && ver_compare(ver:build, fix:'11.1', strict:FALSE) == -1)\n fix = '4.4r11.1';\nelse if (release == '5.0' && ver_compare(ver:build, fix:'4.1', strict:FALSE) == -1)\n fix = '5.0r4.1';\n\nelse\n audit(AUDIT_INST_VER_NOT_VULN, 'IVE/UAC OS', version);\n\nif (report_verbosity > 0)\n{\n report =\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix + '\\n';\n security_warning(port:0, extra:report);\n}\nelse security_warning(0);\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-08-26T00:45:40", "description": "The version of VMware Fusion installed on the remote Mac OS X is version 5.x prior to 5.0.5 or 6.x prior to 6.0.4. It is, therefore, affected by the following vulnerabilities in the OpenSSL library :\n\n - An error exists in the function 'ssl3_read_bytes' that could allow data to be injected into other sessions or allow denial of service attacks. Note this issue is only exploitable if 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2010-5298)\n\n - An error exists in the function 'do_ssl3_write' that could allow a NULL pointer to be dereferenced leading to denial of service attacks. Note this issue is exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2014-0198)\n\n - An unspecified error exists that could allow an attacker to cause usage of weak keying material leading to simplified man-in-the-middle attacks.\n (CVE-2014-0224)\n\n - An unspecified error exists related to anonymous ECDH ciphersuites that could allow denial of service attacks. Note this issue only affects OpenSSL TLS clients. (CVE-2014-3470)", "cvss3": {"score": null, "vector": null}, "published": "2014-07-10T00:00:00", "type": "nessus", "title": "VMware Fusion < 5.0.5 / 6.0.4 OpenSSL Library Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-5298", "CVE-2014-0198", "CVE-2014-0224", "CVE-2014-3470"], "modified": "2019-11-26T00:00:00", "cpe": ["cpe:/a:vmware:fusion"], "id": "MACOSX_FUSION_6_0_4.NASL", "href": "https://www.tenable.com/plugins/nessus/76452", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76452);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/11/26\");\n\n script_cve_id(\n \"CVE-2010-5298\",\n \"CVE-2014-0198\",\n \"CVE-2014-0224\",\n \"CVE-2014-3470\"\n );\n script_bugtraq_id(\n 66801,\n 67193,\n 67898,\n 67899\n );\n script_xref(name:\"CERT\", value:\"978508\");\n script_xref(name:\"VMSA\", value:\"2014-0006\");\n\n script_name(english:\"VMware Fusion < 5.0.5 / 6.0.4 OpenSSL Library Multiple Vulnerabilities\");\n script_summary(english:\"Checks the VMware Fusion version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A VMware product installed on the remote host is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of VMware Fusion installed on the remote Mac OS X is\nversion 5.x prior to 5.0.5 or 6.x prior to 6.0.4. It is, therefore,\naffected by the following vulnerabilities in the OpenSSL library :\n\n - An error exists in the function 'ssl3_read_bytes'\n that could allow data to be injected into other\n sessions or allow denial of service attacks. Note\n this issue is only exploitable if\n 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2010-5298)\n\n - An error exists in the function 'do_ssl3_write' that\n could allow a NULL pointer to be dereferenced leading\n to denial of service attacks. Note this issue is\n exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is\n enabled. (CVE-2014-0198)\n\n - An unspecified error exists that could allow an\n attacker to cause usage of weak keying material\n leading to simplified man-in-the-middle attacks.\n (CVE-2014-0224)\n\n - An unspecified error exists related to anonymous ECDH\n ciphersuites that could allow denial of service\n attacks. Note this issue only affects OpenSSL TLS\n clients. (CVE-2014-3470)\");\n # http://lists.vmware.com/pipermail/security-announce/2014/000253.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4357b8a5\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.vmware.com/security/advisories/VMSA-2014-0006.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.openssl.org/news/vulnerabilities.html#CVE-2010-5298\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.openssl.org/news/vulnerabilities.html#CVE-2014-0198\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.openssl.org/news/vulnerabilities.html#CVE-2014-0224\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.openssl.org/news/vulnerabilities.html#CVE-2014-3470\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to VMware Fusion 5.0.5 / 6.0.4 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0224\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/04/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:vmware:fusion\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_fusion_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"MacOSX/Fusion/Version\", \"MacOSX/Fusion/Path\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"Host/local_checks_enabled\");\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\nversion = get_kb_item_or_exit(\"MacOSX/Fusion/Version\");\npath = get_kb_item_or_exit(\"MacOSX/Fusion/Path\");\n\nfixed_version = '5.0.5 / 6.0.4';\nif (\n version =~ \"^6\\.\" && ver_compare(ver:version, fix:\"6.0.4\", strict:FALSE) == -1 ||\n version =~ \"^5\\.\" && ver_compare(ver:version, fix:\"5.0.5\", strict:FALSE) == -1\n)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version + '\\n';\n security_warning(port:0, extra:report);\n }\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"VMware Fusion\", version, path);\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-08-26T00:44:00", "description": "USN-2232-1 fixed vulnerabilities in OpenSSL. One of the patch backports for Ubuntu 10.04 LTS caused a regression for certain applications. This update fixes the problem.\n\nWe apologize for the inconvenience.\n\nJuri Aedla discovered that OpenSSL incorrectly handled invalid DTLS fragments. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. (CVE-2014-0195)\n\nImre Rad discovered that OpenSSL incorrectly handled DTLS recursions. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service.\n(CVE-2014-0221)\n\nKIKUCHI Masashi discovered that OpenSSL incorrectly handled certain handshakes. A remote attacker could use this flaw to perform a man-in-the-middle attack and possibly decrypt and modify traffic. (CVE-2014-0224)\n\nFelix Grobert and Ivan Fratric discovered that OpenSSL incorrectly handled anonymous ECDH ciphersuites. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS.\n(CVE-2014-3470).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.4, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}, "published": "2014-08-19T00:00:00", "type": "nessus", "title": "Ubuntu 10.04 LTS : openssl vulnerabilities (USN-2232-4)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0195", "CVE-2014-0221", "CVE-2014-0224", "CVE-2014-3470"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libssl0.9.8", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts"], "id": "UBUNTU_USN-2232-4.NASL", "href": "https://www.tenable.com/plugins/nessus/77245", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2232-4. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77245);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-0195\", \"CVE-2014-0221\", \"CVE-2014-0224\", \"CVE-2014-3470\");\n script_bugtraq_id(67898, 67899, 67900, 67901);\n script_xref(name:\"USN\", value:\"2232-4\");\n\n script_name(english:\"Ubuntu 10.04 LTS : openssl vulnerabilities (USN-2232-4)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"USN-2232-1 fixed vulnerabilities in OpenSSL. One of the patch\nbackports for Ubuntu 10.04 LTS caused a regression for certain\napplications. This update fixes the problem.\n\nWe apologize for the inconvenience.\n\nJuri Aedla discovered that OpenSSL incorrectly handled invalid DTLS\nfragments. A remote attacker could use this issue to cause OpenSSL to\ncrash, resulting in a denial of service, or possibly execute arbitrary\ncode. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and\nUbuntu 14.04 LTS. (CVE-2014-0195)\n\nImre Rad discovered that OpenSSL incorrectly handled DTLS\nrecursions. A remote attacker could use this issue to cause\nOpenSSL to crash, resulting in a denial of service.\n(CVE-2014-0221)\n\nKIKUCHI Masashi discovered that OpenSSL incorrectly handled\ncertain handshakes. A remote attacker could use this flaw to\nperform a man-in-the-middle attack and possibly decrypt and\nmodify traffic. (CVE-2014-0224)\n\nFelix Grobert and Ivan Fratric discovered that OpenSSL\nincorrectly handled anonymous ECDH ciphersuites. A remote\nattacker could use this issue to cause OpenSSL to crash,\nresulting in a denial of service. This issue only affected\nUbuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS.\n(CVE-2014-3470).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2232-4/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libssl0.9.8 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libssl0.9.8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libssl0.9.8\", pkgver:\"0.9.8k-7ubuntu8.21\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libssl0.9.8\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-26T00:43:51", "description": "The version of VMware OVF (Open Virtualization Format) Tool installed on the remote Mac OS X host is version 3.x prior to 3.5.2. It is, therefore, affected by multiple vulnerabilities in the bundled version of OpenSSL :\n\n - An error exists in the 'ssl3_read_bytes' function that permits data to be injected into other sessions or allows denial of service attacks. Note that this issue is exploitable only if SSL_MODE_RELEASE_BUFFERS is enabled. (CVE-2010-5298)\n\n - An error exists in the 'do_ssl3_write' function that permits a NULL pointer to be dereferenced, which could allow denial of service attacks. Note that this issue is exploitable only if SSL_MODE_RELEASE_BUFFERS is enabled. (CVE-2014-0198)\n\n - An error exists in the processing of ChangeCipherSpec messages that allows the usage of weak keying material.\n This permits simplified man-in-the-middle attacks to be done. (CVE-2014-0224)\n\n - An error exists in the 'dtls1_get_message_fragment' function related to anonymous ECDH cipher suites. This could allow denial of service attacks. Note that this issue only affects OpenSSL TLS clients. (CVE-2014-3470)", "cvss3": {"score": null, "vector": null}, "published": "2014-08-20T00:00:00", "type": "nessus", "title": "VMware OVF Tool 3.x < 3.5.2 Multiple OpenSSL Vulnerabilities (VMSA-2014-0006) (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-5298", "CVE-2014-0198", "CVE-2014-0224", "CVE-2014-3470"], "modified": "2019-11-25T00:00:00", "cpe": ["cpe:/a:vmware:ovf_tool"], "id": "MACOSX_VMWARE_OVFTOOL_VMSA_2014_0006.NASL", "href": "https://www.tenable.com/plugins/nessus/77331", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(77331);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/11/25\");\n\n script_cve_id(\n \"CVE-2010-5298\",\n \"CVE-2014-0198\",\n \"CVE-2014-0224\",\n \"CVE-2014-3470\"\n );\n script_bugtraq_id(\n 66801,\n 67193,\n 67898,\n 67899\n );\n script_xref(name:\"CERT\", value:\"978508\");\n script_xref(name:\"VMSA\", value:\"2014-0006\");\n\n script_name(english:\"VMware OVF Tool 3.x < 3.5.2 Multiple OpenSSL Vulnerabilities (VMSA-2014-0006) (Mac OS X)\");\n script_summary(english:\"Checks the VMware OVF Tool version (Mac OS X).\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host has an application installed that is affected\nby multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of VMware OVF (Open Virtualization Format) Tool installed\non the remote Mac OS X host is version 3.x prior to 3.5.2. It is,\ntherefore, affected by multiple vulnerabilities in the bundled version\nof OpenSSL :\n\n - An error exists in the 'ssl3_read_bytes' function\n that permits data to be injected into other sessions\n or allows denial of service attacks. Note that this\n issue is exploitable only if SSL_MODE_RELEASE_BUFFERS\n is enabled. (CVE-2010-5298)\n\n - An error exists in the 'do_ssl3_write' function that\n permits a NULL pointer to be dereferenced, which could\n allow denial of service attacks. Note that this issue\n is exploitable only if SSL_MODE_RELEASE_BUFFERS is\n enabled. (CVE-2014-0198)\n\n - An error exists in the processing of ChangeCipherSpec\n messages that allows the usage of weak keying material.\n This permits simplified man-in-the-middle attacks to be\n done. (CVE-2014-0224)\n\n - An error exists in the 'dtls1_get_message_fragment'\n function related to anonymous ECDH cipher suites. This\n could allow denial of service attacks. Note that this\n issue only affects OpenSSL TLS clients. (CVE-2014-3470)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.vmware.com/security/advisories/VMSA-2014-0006.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20140605.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to VMware OVF Tool 3.5.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0224\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:vmware:ovf_tool\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_vmware_ovftool_installed.nbin\");\n script_require_keys(\"installed_sw/VMware OVF Tool\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/MacOSX/Version\")) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\nappname = 'VMware OVF Tool';\n\nget_install_count(app_name:appname, exit_if_zero:TRUE);\ninstall = get_single_install(app_name:appname);\n\nversion = install[\"version\"];\npath = install[\"path\"];\n\nif (version !~ \"^3\\.[0-5]($|[^0-9])\") audit(AUDIT_NOT_INST, appname + \" 3.0.x - 3.5.x\");\n\nfix = '3.5.2';\nif (ver_compare(ver:version, fix:fix, strict:FALSE) < 0)\n{\n report =\n '\\n Product : ' + appname +\n '\\n Path : ' + path +\n '\\n Installed version : ' + version+\n '\\n Fixed version : ' + fix + '\\n';\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, appname, version, path);\n\nif (report_verbosity > 0) security_warning(port:0, extra:report);\nelse security_warning(0);\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-08-26T00:35:30", "description": "The remote Cisco IOS XE device is missing a vendor-supplied security patch, and its web user interface is configured to use HTTPS. It is, therefore, affected by the following vulnerabilities in the bundled OpenSSL library :\n\n - An error exists in the ssl3_read_bytes() function that could allow data to be injected into other sessions or allow denial of service attacks. Note this issue is only exploitable if 'SSL_MODE_RELEASE_BUFFERS' is enabled.\n (CVE-2010-5298)\n\n - An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) that could allow nonce disclosure via the 'FLUSH+RELOAD' cache side-channel attack. (CVE-2014-0076)\n\n - An error exists in the do_ssl3_write() function that could allow a NULL pointer to be dereferenced leading to denial of service attacks. Note this issue is exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2014-0198)\n\n - An unspecified error exists that could allow an attacker to cause usage of weak keying material leading to simplified man-in-the-middle attacks. (CVE-2014-0224)", "cvss3": {"score": null, "vector": null}, "published": "2016-02-26T00:00:00", "type": "nessus", "title": "Cisco IOS XE Multiple OpenSSL Vulnerabilities (CSCup22487)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-5298", "CVE-2014-0076", "CVE-2014-0198", "CVE-2014-0224"], "modified": "2019-11-19T00:00:00", "cpe": ["cpe:/o:cisco:ios_xe"], "id": "CISCO-SA-20140605-OPENSSL-IOSXE.NASL", "href": "https://www.tenable.com/plugins/nessus/88989", "sourceData": "#TRUSTED a600e6e6446568b8c596a26e09a708e3fa7ed48e119fb79b7e1a6938d6be570d72b7f6194f9090632b603ca559ef048a925dacfbe12c2bedc44c42b98df21b3e9fb44984fd3db462140b0d1b2847b885079787c9981fdacfdf8776135311cae08d0b2d89e5e08c07b1e71ce25551818629b274acd4aafacd3896ee452d82d909c10056be3efc187b3bfd6b3f03784c5301afe0c4e5229faf548a1a07c89027c05ce5570747fc0917972985b16d8dec99f7d91bec01cdb5c7ea0e30e75801dda97a3e724ebd694092f653bd94508f2ba5aecf4c32337892f555d2d07ec61edd6b6afb0634e8faeba9061ddaa94ec5b22cf6ce776d76c046ca1b34d06b3f35702f52239cfeb7727002daa44c9b9bd831f3050fe7aca4f61f7b1aa56b1d227b55ac188b3faccbf41159ca9b8240f1ac98273a36f681c4213b566f65d6800d5fac96a3d2e2f4968a70004efccbd571ba3e2fc074b28523e2428e77059f4b42e9d42716bf5f367794b85a167b988b2daf7a3495796b099aa608b04e0c5ad3e5a9fd2c5b51ed35eb7f4c4b3bf8566c7fe86b50ef0f0fb5ef3b17392cb809b7e4176910521f3e7dfca56f37111d13bb49814fcfd182907fe9d4020e3be1dbbf2d000efe06b8e8aec53336e01e6cfec5d45847fe6c59c76f2f55b821c85c61447cc8a3a6a85f4197bde2d7aac04fb2ce7d106c988ea31314e542dba70972193bb48136dd\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(88989);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/11/19\");\n\n script_cve_id(\n \"CVE-2010-5298\",\n \"CVE-2014-0076\",\n \"CVE-2014-0198\",\n \"CVE-2014-0224\"\n );\n script_bugtraq_id(\n 66363,\n 66801,\n 67193,\n 67899\n );\n script_xref(name:\"CERT\", value:\"978508\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCup22487\");\n script_xref(name:\"CISCO-SA\", value:\"cisco-sa-20140605-openssl\");\n\n script_name(english:\"Cisco IOS XE Multiple OpenSSL Vulnerabilities (CSCup22487)\");\n script_summary(english:\"Checks the IOS XE version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is missing a vendor-supplied security patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Cisco IOS XE device is missing a vendor-supplied security\npatch, and its web user interface is configured to use HTTPS. It is,\ntherefore, affected by the following vulnerabilities in the bundled\nOpenSSL library :\n\n - An error exists in the ssl3_read_bytes() function that\n could allow data to be injected into other sessions or\n allow denial of service attacks. Note this issue is only\n exploitable if 'SSL_MODE_RELEASE_BUFFERS' is enabled.\n (CVE-2010-5298)\n\n - An error exists related to the implementation of the\n Elliptic Curve Digital Signature Algorithm (ECDSA) that\n could allow nonce disclosure via the 'FLUSH+RELOAD'\n cache side-channel attack. (CVE-2014-0076)\n\n - An error exists in the do_ssl3_write() function that\n could allow a NULL pointer to be dereferenced leading to\n denial of service attacks. Note this issue is\n exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is\n enabled. (CVE-2014-0198)\n\n - An unspecified error exists that could allow an attacker\n to cause usage of weak keying material leading to\n simplified man-in-the-middle attacks. (CVE-2014-0224)\");\n # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl#@ID\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0aa6a7e6\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCup22487\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20140605.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/vulnerabilities.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.imperialviolet.org/2014/06/05/earlyccs.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to the relevant fixed version referenced in Cisco bug ID\nCSCup22487.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0224\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:cisco:ios_xe\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CISCO\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"cisco_ios_xe_version.nasl\");\n script_require_keys(\"Host/Cisco/IOS-XE/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"cisco_func.inc\");\ninclude(\"cisco_kb_cmd_func.inc\");\n\nversion = get_kb_item_or_exit(\"Host/Cisco/IOS-XE/Version\");\nflag = 0;\noverride = TRUE;\n\n# Only 3.11.0S, 3.11.1S and 3.12.0S are affected\nif (version == \"3.11.0S\") flag++;\nif (version == \"3.11.1S\") flag++;\nif (version == \"3.12.0S\") flag++;\n\nif (!flag)\n audit(AUDIT_INST_VER_NOT_VULN, \"Cisco IOS XE\", version);\n\nif (get_kb_item(\"Host/local_checks_enabled\"))\n{\n flag = 0;\n buf = cisco_command_kb_item(\n \"Host/Cisco/Config/show_running-config_all\", \"show running-config all\");\n\n if (check_cisco_result(buf))\n {\n override = FALSE;\n\n if (\n # Web UI HTTPS\n preg(string:buf, pattern:\"^ip http secure-server\", multiline:TRUE) ||\n # SSL VPN\n cisco_check_sections(\n config:buf,\n section_regex:\"^crypto ssl profile \",\n config_regex:'^\\\\s*no shutdown$'\n ) ||\n # HTTPS client feature / Voice-XML HTTPS client\n preg(string:buf, pattern:\"^(ip )?http client secure-\", multiline:TRUE) ||\n # CNS feature\n preg(string:buf, pattern:\"^cns (config|exec|event) .* encrypt\", multiline:TRUE) ||\n # Settlement for Packet Telephony feature\n cisco_check_sections(\n config:buf,\n section_regex:\"^settlement \",\n config_regex:make_list('^\\\\s*url https:', '^\\\\s*no shutdown$')\n ) ||\n # CMTS billing feature\n preg(string:buf, pattern:\"^cable metering .* secure\", multiline:TRUE)\n ) flag++;\n }\n else if (cisco_needs_enable(buf))\n {\n flag++;\n override = TRUE;\n }\n\n if (!flag)\n audit(AUDIT_HOST_NOT, \"affected because it does not appear as though any service utilizing the OpenSSL library is enabled\"); \n}\n\nif (report_verbosity > 0)\n{\n report =\n '\\n Cisco bug ID : CSCup22487' +\n '\\n Installed release : ' + version +\n '\\n';\n security_warning(port:0, extra:report+cisco_caveat(override));\n}\nelse security_warning(port:0, extra:cisco_caveat(override));\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-08-26T00:44:45", "description": "USN-2232-1 fixed vulnerabilities in OpenSSL. The upstream fix for CVE-2014-0224 caused a regression for certain applications that use renegotiation, such as PostgreSQL. This update fixes the problem.\n\nJuri Aedla discovered that OpenSSL incorrectly handled invalid DTLS fragments. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. (CVE-2014-0195)\n\nImre Rad discovered that OpenSSL incorrectly handled DTLS recursions. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service.\n(CVE-2014-0221)\n\nKIKUCHI Masashi discovered that OpenSSL incorrectly handled certain handshakes. A remote attacker could use this flaw to perform a man-in-the-middle attack and possibly decrypt and modify traffic. (CVE-2014-0224)\n\nFelix Grobert and Ivan Fratric discovered that OpenSSL incorrectly handled anonymous ECDH ciphersuites. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS.\n(CVE-2014-3470).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.4, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}, "published": "2014-06-24T00:00:00", "type": "nessus", "title": "Ubuntu 10.04 LTS / 12.04 LTS / 13.10 / 14.04 LTS : openssl regression (USN-2232-3)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0195", "CVE-2014-0221", "CVE-2014-0224", "CVE-2014-3470"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libssl0.9.8", "p-cpe:/a:canonical:ubuntu_linux:libssl1.0.0", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:13.10", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2232-3.NASL", "href": "https://www.tenable.com/plugins/nessus/76199", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2232-3. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76199);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-0195\", \"CVE-2014-0221\", \"CVE-2014-0224\", \"CVE-2014-3470\");\n script_xref(name:\"USN\", value:\"2232-3\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 12.04 LTS / 13.10 / 14.04 LTS : openssl regression (USN-2232-3)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"USN-2232-1 fixed vulnerabilities in OpenSSL. The upstream fix for\nCVE-2014-0224 caused a regression for certain applications that use\nrenegotiation, such as PostgreSQL. This update fixes the problem.\n\nJuri Aedla discovered that OpenSSL incorrectly handled invalid DTLS\nfragments. A remote attacker could use this issue to cause OpenSSL to\ncrash, resulting in a denial of service, or possibly execute arbitrary\ncode. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and\nUbuntu 14.04 LTS. (CVE-2014-0195)\n\nImre Rad discovered that OpenSSL incorrectly handled DTLS\nrecursions. A remote attacker could use this issue to cause\nOpenSSL to crash, resulting in a denial of service.\n(CVE-2014-0221)\n\nKIKUCHI Masashi discovered that OpenSSL incorrectly handled\ncertain handshakes. A remote attacker could use this flaw to\nperform a man-in-the-middle attack and possibly decrypt and\nmodify traffic. (CVE-2014-0224)\n\nFelix Grobert and Ivan Fratric discovered that OpenSSL\nincorrectly handled anonymous ECDH ciphersuites. A remote\nattacker could use this issue to cause OpenSSL to crash,\nresulting in a denial of service. This issue only affected\nUbuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS.\n(CVE-2014-3470).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2232-3/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libssl0.9.8 and / or libssl1.0.0 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libssl0.9.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libssl1.0.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:13.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04|12\\.04|13\\.10|14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 12.04 / 13.10 / 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libssl0.9.8\", pkgver:\"0.9.8k-7ubuntu8.19\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libssl1.0.0\", pkgver:\"1.0.1-4ubuntu5.16\")) flag++;\nif (ubuntu_check(osver:\"13.10\", pkgname:\"libssl1.0.0\", pkgver:\"1.0.1e-3ubuntu1.6\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libssl1.0.0\", pkgver:\"1.0.1f-1ubuntu2.4\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libssl0.9.8 / libssl1.0.0\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-26T00:45:21", "description": "The remote VMware ESXi host is 5.5 prior to build 1881737. It is, therefore, affected by the following vulnerabilities in the OpenSSL library :\n\n - An error exists in the function 'ssl3_read_bytes' that could allow data to be injected into other sessions or allow denial of service attacks. Note this issue is only exploitable if 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2010-5298)\n\n - An error exists in the function 'do_ssl3_write' that could allow a NULL pointer to be dereferenced leading to denial of service attacks. Note this issue is exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2014-0198)\n\n - An unspecified error exists that could allow an attacker to cause usage of weak keying material leading to simplified man-in-the-middle attacks.\n (CVE-2014-0224)\n\n - An unspecified error exists related to anonymous ECDH ciphersuites that could allow denial of service attacks. Note this issue only affects OpenSSL TLS clients. (CVE-2014-3470)", "cvss3": {"score": null, "vector": null}, "published": "2014-06-11T00:00:00", "type": "nessus", "title": "ESXi 5.5 < Build 1881737 OpenSSL Library Multiple Vulnerabilities (remote check)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-5298", "CVE-2014-0198", "CVE-2014-0224", "CVE-2014-3470"], "modified": "2019-11-26T00:00:00", "cpe": ["cpe:/o:vmware:esxi:5.5"], "id": "VMWARE_ESXI_5_5_BUILD_1881737_REMOTE.NASL", "href": "https://www.tenable.com/plugins/nessus/74470", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74470);\n script_version(\"1.17\");\n script_cvs_date(\"Date: 2019/11/26\");\n\n script_cve_id(\n \"CVE-2010-5298\",\n \"CVE-2014-0198\",\n \"CVE-2014-0224\",\n \"CVE-2014-3470\"\n );\n script_bugtraq_id(\n 66801,\n 67193,\n 67898,\n 67899\n );\n script_xref(name:\"CERT\", value:\"978508\");\n script_xref(name:\"VMSA\", value:\"2014-0006\");\n\n script_name(english:\"ESXi 5.5 < Build 1881737 OpenSSL Library Multiple Vulnerabilities (remote check)\");\n script_summary(english:\"Checks ESXi version and build number.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote VMware ESXi 5.5 host is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote VMware ESXi host is 5.5 prior to build 1881737. It is,\ntherefore, affected by the following vulnerabilities in the OpenSSL\nlibrary :\n\n - An error exists in the function 'ssl3_read_bytes'\n that could allow data to be injected into other\n sessions or allow denial of service attacks. Note\n this issue is only exploitable if\n 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2010-5298)\n\n - An error exists in the function 'do_ssl3_write' that\n could allow a NULL pointer to be dereferenced leading to\n denial of service attacks. Note this issue is\n exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is\n enabled. (CVE-2014-0198)\n\n - An unspecified error exists that could allow an\n attacker to cause usage of weak keying material\n leading to simplified man-in-the-middle attacks.\n (CVE-2014-0224)\n\n - An unspecified error exists related to anonymous ECDH\n ciphersuites that could allow denial of service\n attacks. Note this issue only affects OpenSSL TLS\n clients. (CVE-2014-3470)\");\n # https://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&externalId=2077359\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?33995d5d\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20140605.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply patch ESXi550-201406001 for ESXi 5.5.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0224\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi:5.5\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is (C) 2014-2019 Tenable Network Security, Inc.\");\n\n script_dependencies(\"vmware_vsphere_detect.nbin\");\n script_require_keys(\"Host/VMware/version\", \"Host/VMware/release\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nver = get_kb_item_or_exit(\"Host/VMware/version\");\nrel = get_kb_item_or_exit(\"Host/VMware/release\");\n\nif (\"ESXi\" >!< rel) audit(AUDIT_OS_NOT, \"ESXi\");\nif (\"VMware ESXi 5.5\" >!< rel) audit(AUDIT_OS_NOT, \"ESXi 5.5\");\n\nmatch = eregmatch(pattern:'^VMware ESXi.*build-([0-9]+)$', string:rel);\nif (isnull(match)) exit(1, 'Failed to extract the ESXi build number.');\n\nbuild = int(match[1]);\nfixed_build = 1881737;\n\nif (build < fixed_build)\n{\n if (report_verbosity > 0)\n {\n report = '\\n ESXi version : ' + ver +\n '\\n Installed build : ' + build +\n '\\n Fixed build : ' + fixed_build +\n '\\n';\n security_warning(port:0, extra:report);\n }\n else security_warning(0);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, \"VMware ESXi\", ver - \"ESXi \" + \" build \" + build);\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-08-26T00:44:27", "description": "The remote host has a version of Cisco AnyConnect prior to 3.1(5170).\nIt is, therefore, potentially affected by the following vulnerabilities :\n\n - An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) that could allow nonce disclosure via the 'FLUSH+RELOAD' cache side-channel attack. (CVE-2014-0076)\n\n - A buffer overflow error exists related to invalid DTLS fragment handling that could lead to execution of arbitrary code. Note this issue only affects OpenSSL when used as a DTLS client or server. (CVE-2014-0195)\n\n - An error exists related to DTLS handshake handling that could lead to denial of service attacks. Note this issue only affects OpenSSL when used as a DTLS client.\n (CVE-2014-0221)\n\n - An unspecified error exists that could allow an attacker to cause usage of weak keying material leading to simplified man-in-the-middle attacks.\n (CVE-2014-0224)", "cvss3": {"score": null, "vector": null}, "published": "2014-07-14T00:00:00", "type": "nessus", "title": "Cisco AnyConnect Secure Mobility Client 2.x / 3.x < 3.1(5170) Multiple OpenSSL Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0076", "CVE-2014-0195", "CVE-2014-0221", "CVE-2014-0224"], "modified": "2019-11-26T00:00:00", "cpe": ["cpe:/a:cisco:anyconnect_secure_mobility_client"], "id": "CISCO_ANYCONNECT_3_1_5170.NASL", "href": "https://www.tenable.com/plugins/nessus/76491", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76491);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/11/26\");\n\n script_cve_id(\n \"CVE-2014-0076\",\n \"CVE-2014-0195\",\n \"CVE-2014-0221\",\n \"CVE-2014-0224\"\n );\n script_bugtraq_id(\n 66363,\n 67899,\n 67900,\n 67901\n );\n script_xref(name:\"CERT\", value:\"978508\");\n\n script_name(english:\"Cisco AnyConnect Secure Mobility Client 2.x / 3.x < 3.1(5170) Multiple OpenSSL Vulnerabilities\");\n script_summary(english:\"Checks version of Cisco AnyConnect Client.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host has a version of Cisco AnyConnect prior to 3.1(5170).\nIt is, therefore, potentially affected by the following\nvulnerabilities :\n\n - An error exists related to the implementation of the\n Elliptic Curve Digital Signature Algorithm (ECDSA) that\n could allow nonce disclosure via the 'FLUSH+RELOAD'\n cache side-channel attack. (CVE-2014-0076)\n\n - A buffer overflow error exists related to invalid DTLS\n fragment handling that could lead to execution of\n arbitrary code. Note this issue only affects OpenSSL\n when used as a DTLS client or server. (CVE-2014-0195)\n\n - An error exists related to DTLS handshake handling that\n could lead to denial of service attacks. Note this\n issue only affects OpenSSL when used as a DTLS client.\n (CVE-2014-0221)\n\n - An unspecified error exists that could allow an\n attacker to cause usage of weak keying material\n leading to simplified man-in-the-middle attacks.\n (CVE-2014-0224)\");\n # http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5539aa9d\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20140605.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Cisco AnyConnect Secure Mobility Client 3.1(5170) or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0195\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:cisco:anyconnect_secure_mobility_client\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"cisco_anyconnect_vpn_installed.nasl\");\n script_require_keys(\"SMB/cisco_anyconnect/Installed\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\n\nappname = 'Cisco AnyConnect Mobility VPN Client';\nkb_base = 'SMB/cisco_anyconnect/';\nreport = '';\n\nnum_installed = get_kb_item_or_exit(kb_base + 'NumInstalled');\n\nfor (install_num = 0; install_num < num_installed; install_num++)\n{\n path = get_kb_item_or_exit(kb_base + install_num + '/path');\n ver = get_kb_item_or_exit(kb_base + install_num + '/version');\n fix = '3.1.5170';\n fix_display = fix + ' (3.1(5170))';\n\n if (ver_compare(ver:ver, fix:fix, strict:FALSE) == -1)\n {\n report +=\n '\\n Path : ' + path +\n '\\n Installed version : ' + ver +\n '\\n Fixed version : ' + fix_display + '\\n';\n }\n}\n\nif (report != '')\n{\n port = get_kb_item('SMB/transport');\n if (!port) port = 445;\n\n if (report_verbosity > 0) security_warning(port:port, extra:report);\n else security_warning(port);\n exit(0);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, appname);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-26T00:45:56", "description": "The version of vCenter Chargeback Manager installed on the remote host is 2.6.0. It is, therefore, affected by the following OpenSSL related vulnerabilities :\n\n - An error exists in the function 'ssl3_read_bytes' that could allow data to be injected into other sessions or allow denial of service attacks. Note this issue is only exploitable if 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2010-5298)\n\n - An error exists in the function 'do_ssl3_write' that could allow a NULL pointer to be dereferenced leading to denial of service attacks. Note this issue is exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2014-0198)\n\n - An unspecified error exists that could allow an attacker to cause usage of weak keying material leading to simplified man-in-the-middle attacks.\n (CVE-2014-0224)\n\n - An unspecified error exists related to anonymous ECDH ciphersuites that could allow denial of service attacks. Note this issue only affects OpenSSL TLS clients. (CVE-2014-3470)", "cvss3": {"score": null, "vector": null}, "published": "2014-07-09T00:00:00", "type": "nessus", "title": "VMware vCenter Chargeback Manager Multiple OpenSSL Vulnerabilities (VMSA-2014-0006)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-5298", "CVE-2014-0198", "CVE-2014-0224", "CVE-2014-3470"], "modified": "2019-11-26T00:00:00", "cpe": ["cpe:/a:vmware:vcenter_chargeback_manager"], "id": "VMWARE_VCENTER_CHARGEBACK_MANAGER_2601.NASL", "href": "https://www.tenable.com/plugins/nessus/76426", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76426);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/11/26\");\n\n script_cve_id(\n \"CVE-2010-5298\",\n \"CVE-2014-0198\",\n \"CVE-2014-0224\",\n \"CVE-2014-3470\"\n );\n script_bugtraq_id(\n 66801,\n 67193,\n 67898,\n 67899\n );\n script_xref(name:\"CERT\", value:\"978508\");\n script_xref(name:\"VMSA\", value:\"2014-0006\");\n\n script_name(english:\"VMware vCenter Chargeback Manager Multiple OpenSSL Vulnerabilities (VMSA-2014-0006)\");\n script_summary(english:\"Checks version of tcnative-1.dll.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has an application installed that is affected\nby multiple OpenSSL vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of vCenter Chargeback Manager installed on the remote host\nis 2.6.0. It is, therefore, affected by the following OpenSSL related\nvulnerabilities :\n\n - An error exists in the function 'ssl3_read_bytes'\n that could allow data to be injected into other\n sessions or allow denial of service attacks. Note\n this issue is only exploitable if\n 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2010-5298)\n\n - An error exists in the function 'do_ssl3_write' that\n could allow a NULL pointer to be dereferenced leading to\n denial of service attacks. Note this issue is\n exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is\n enabled. (CVE-2014-0198)\n\n - An unspecified error exists that could allow an\n attacker to cause usage of weak keying material\n leading to simplified man-in-the-middle attacks.\n (CVE-2014-0224)\n\n - An unspecified error exists related to anonymous ECDH\n ciphersuites that could allow denial of service\n attacks. Note this issue only affects OpenSSL TLS\n clients. (CVE-2014-3470)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.vmware.com/security/advisories/VMSA-2014-0006.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.vmware.com/pipermail/security-announce/2014/000255.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to VMware vCenter Chargeback Manager 2.6.0.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0224\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:vmware:vcenter_chargeback_manager\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"vmware_vcenter_chargeback_manager_installed.nasl\", \"smb_enum_services.nasl\");\n script_require_keys(\"SMB/VMware vCenter Chargeback Manager/Version\");\n script_require_ports(139, 445);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\n\napp = 'VMware vCenter Chargeback Manager';\nversion = get_kb_item_or_exit('SMB/'+app+'/Version');\npath = get_kb_item_or_exit('SMB/'+app+'/Path');\n\nif (version !~ '^2\\\\.6\\\\.') exit(0, \"The version of \"+app+\" installed is \"+version+\", not 2.6.\");\n\nif (report_paranoia < 2)\n{\n status = get_kb_item_or_exit('SMB/svc/vCenterCBtomcat');\n if (status != SERVICE_ACTIVE) exit(0, 'The vCenterCBtomcat service is installed but not active.');\n}\n\nif (hotfix_is_vulnerable(dir:\"\\apache-tomcat\\bin\", file:'tcnative-1.dll', path:path, version:'1.1.30.0'))\n{\n hotfix_security_warning();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_INST_PATH_NOT_VULN, app, version, path);\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-08-26T00:45:05", "description": "The version of VMware Workstation installed on the remote host is version 9.x prior to 9.0.4 or 10.x prior to 10.0.3. It is, therefore, affected by the following vulnerabilities in the OpenSSL library :\n\n - An error exists in the function 'ssl3_read_bytes' that could allow data to be injected into other sessions or allow denial of service attacks. Note this issue is only exploitable if 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2010-5298)\n\n - An error exists in the function 'do_ssl3_write' that could allow a NULL pointer to be dereferenced leading to denial of service attacks. Note this issue is exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2014-0198)\n\n - An unspecified error exists that could allow an attacker to cause usage of weak keying material leading to simplified man-in-the-middle attacks.\n (CVE-2014-0224)\n\n - An unspecified error exists related to anonymous ECDH ciphersuites that could allow denial of service attacks. Note this issue only affects OpenSSL TLS clients. (CVE-2014-3470)", "cvss3": {"score": null, "vector": null}, "published": "2014-07-10T00:00:00", "type": "nessus", "title": "VMware Workstation < 9.0.4 / 10.0.3 OpenSSL Library Multiple Vulnerabilities (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-5298", "CVE-2014-0198", "CVE-2014-0224", "CVE-2014-3470"], "modified": "2020-09-21T00:00:00", "cpe": ["cpe:/a:vmware:workstation"], "id": "VMWARE_WORKSTATION_LINUX_10_0_3.NASL", "href": "https://www.tenable.com/plugins/nessus/76455", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76455);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/21\");\n\n script_cve_id(\n \"CVE-2010-5298\",\n \"CVE-2014-0198\",\n \"CVE-2014-0224\",\n \"CVE-2014-3470\"\n );\n script_bugtraq_id(\n 66801,\n 67193,\n 67898,\n 67899\n );\n script_xref(name:\"CERT\", value:\"978508\");\n script_xref(name:\"VMSA\", value:\"2014-0006\");\n\n script_name(english:\"VMware Workstation < 9.0.4 / 10.0.3 OpenSSL Library Multiple Vulnerabilities (Linux)\");\n script_summary(english:\"Checks the VMware Workstation version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has a virtualization application that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of VMware Workstation installed on the remote host is\nversion 9.x prior to 9.0.4 or 10.x prior to 10.0.3. It is, therefore,\naffected by the following vulnerabilities in the OpenSSL library :\n\n - An error exists in the function 'ssl3_read_bytes'\n that could allow data to be injected into other\n sessions or allow denial of service attacks. Note\n this issue is only exploitable if\n 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2010-5298)\n\n - An error exists in the function 'do_ssl3_write' that\n could allow a NULL pointer to be dereferenced leading\n to denial of service attacks. Note this issue is\n exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is\n enabled. (CVE-2014-0198)\n\n - An unspecified error exists that could allow an\n attacker to cause usage of weak keying material\n leading to simplified man-in-the-middle attacks.\n (CVE-2014-0224)\n\n - An unspecified error exists related to anonymous ECDH\n ciphersuites that could allow denial of service\n attacks. Note this issue only affects OpenSSL TLS\n clients. (CVE-2014-3470)\");\n # http://lists.vmware.com/pipermail/security-announce/2014/000253.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4357b8a5\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.vmware.com/security/advisories/VMSA-2014-0006.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.openssl.org/news/vulnerabilities.html#CVE-2010-5298\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.openssl.org/news/vulnerabilities.html#CVE-2014-0198\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.openssl.org/news/vulnerabilities.html#CVE-2014-0224\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.openssl.org/news/vulnerabilities.html#CVE-2014-3470\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to VMware Workstation 9.0.4 / 10.0.3 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0224\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/04/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:vmware:workstation\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"General\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"vmware_workstation_linux_installed.nbin\");\n script_require_keys(\"Host/VMware Workstation/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit(\"Host/VMware Workstation/Version\");\n\nfixed = \"9.0.4 / 10.0.3\";\nif (\n version =~ \"^10\\.\" && ver_compare(ver:version, fix:\"10.0.3\", strict:FALSE) == -1 ||\n version =~ \"^9\\.\" && ver_compare(ver:version, fix:\"9.0.4\", strict:FALSE) == -1\n)\n{\n if (report_verbosity > 0)\n {\n report +=\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed +\n '\\n';\n security_warning(port:0, extra:report);\n }\n else security_warning(0);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, \"VMware Workstation\", version);\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-08-26T00:43:56", "description": "The version of Pivotal Web Server (formerly VMware vFabric Web Server) installed on the remote host is version 5.x prior to 5.4.1. It is, therefore, affected by multiple vulnerabilities in the bundled version of OpenSSL :\n\n - An error exists in the 'ssl3_read_bytes' function that permits data to be injected into other sessions or allows denial of service attacks. Note that this issue is exploitable only if SSL_MODE_RELEASE_BUFFERS is enabled. (CVE-2010-5298)\n\n - An error exists in the 'do_ssl3_write' function that permits a null pointer to be dereferenced, which could allow denial of service attacks. Note that this issue is exploitable only if SSL_MODE_RELEASE_BUFFERS is enabled. (CVE-2014-0198)\n\n - An error exists in the processing of ChangeCipherSpec messages that allows the usage of weak keying material.\n This permits simplified man-in-the-middle attacks to be done. (CVE-2014-0224)\n\n - An error exists in the 'dtls1_get_message_fragment' function related to anonymous ECDH cipher suites. This could allow denial of service attacks. Note that this issue only affects OpenSSL TLS clients. (CVE-2014-3470)\n\nNote that Nessus did not actually test for these issues, but has instead relied on the version in the server's banner.", "cvss3": {"score": null, "vector": null}, "published": "2014-08-26T00:00:00", "type": "nessus", "title": "Pivotal Web Server 5.x < 5.4.1 Multiple OpenSSL Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-5298", "CVE-2014-0198", "CVE-2014-0224", "CVE-2014-3470"], "modified": "2019-11-25T00:00:00", "cpe": ["cpe:/a:vmware:vfabric_web_server", "cpe:/a:pivotal:pivotal_web_server"], "id": "PIVOTAL_WEBSERVER_5_4_1.NASL", "href": "https://www.tenable.com/plugins/nessus/77389", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(77389);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/11/25\");\n\n script_cve_id(\n \"CVE-2010-5298\",\n \"CVE-2014-0198\",\n \"CVE-2014-0224\",\n \"CVE-2014-3470\"\n );\n script_bugtraq_id(\n 66801,\n 67193,\n 67898,\n 67899\n );\n script_xref(name:\"CERT\", value:\"978508\");\n script_xref(name:\"VMSA\", value:\"2014-0006\");\n\n script_name(english:\"Pivotal Web Server 5.x < 5.4.1 Multiple OpenSSL Vulnerabilities\");\n script_summary(english:\"Checks the version in the server response header.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server has an application installed that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Pivotal Web Server (formerly VMware vFabric Web Server)\ninstalled on the remote host is version 5.x prior to 5.4.1. It is,\ntherefore, affected by multiple vulnerabilities in the bundled version\nof OpenSSL :\n\n - An error exists in the 'ssl3_read_bytes' function\n that permits data to be injected into other sessions\n or allows denial of service attacks. Note that this\n issue is exploitable only if SSL_MODE_RELEASE_BUFFERS\n is enabled. (CVE-2010-5298)\n\n - An error exists in the 'do_ssl3_write' function that\n permits a null pointer to be dereferenced, which could\n allow denial of service attacks. Note that this issue\n is exploitable only if SSL_MODE_RELEASE_BUFFERS is\n enabled. (CVE-2014-0198)\n\n - An error exists in the processing of ChangeCipherSpec\n messages that allows the usage of weak keying material.\n This permits simplified man-in-the-middle attacks to be\n done. (CVE-2014-0224)\n\n - An error exists in the 'dtls1_get_message_fragment'\n function related to anonymous ECDH cipher suites. This\n could allow denial of service attacks. Note that this\n issue only affects OpenSSL TLS clients. (CVE-2014-3470)\n\nNote that Nessus did not actually test for these issues, but has\ninstead relied on the version in the server's banner.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.vmware.com/security/advisories/VMSA-2014-0006.html\");\n # https://my.vmware.com/web/vmware/details?downloadGroup=VF_530_PVTL_WSVR_541&productId=335&rPId=6214\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?80b8e207\");\n script_set_attribute(attribute:\"see_also\", value:\"https://pivotal.io/security/cve-2014-0224\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20140605.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to version 5.4.1 / 6.0 or later.\n\nAlternatively, apply the vendor patch and restart the service.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0224\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/26\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:vmware:vfabric_web_server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:pivotal:pivotal_web_server\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"pivotal_webserver_version.nbin\");\n script_require_keys(\"installed_sw/Pivotal Web Server\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"install_func.inc\");\n\napp_name = \"Pivotal Web Server\";\nget_install_count(app_name:app_name, exit_if_zero:TRUE);\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nport = get_http_port(default:80);\n\ninstall = get_single_install(app_name:app_name, port:port);\nversion = install['version'];\nsource = install['Source'];\n\nif (version !~ \"^5\\.\") audit(AUDIT_NOT_LISTEN, app_name + \" 5.x\", port);\n\n# Affected :\n# vFabric Web Server 5.0.x, 5.1.x, 5.2.x, 5.3.x\n# Pivotal Web Server 5.4.0\nif (\n # 5.x < 5.4\n version =~ \"^5\\.[0-3]($|[^0-9])\"\n ||\n # 5.4.x < 5.4.1\n version =~ \"^5\\.4\\.0($|[^0-9])\"\n)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Version source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 5.4.1 / 6.0\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, app_name, port, version);\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-04-16T14:07:16", "description": "Multiple vulnerabilities have been discovered in OpenSSL :\n\n - CVE-2014-0195 Jueri Aedla discovered that a buffer overflow in processing DTLS fragments could lead to the execution of arbitrary code or denial of service.\n\n - CVE-2014-0221 Imre Rad discovered the processing of DTLS hello packets is susceptible to denial of service.\n\n - CVE-2014-0224 KIKUCHI Masashi discovered that carefully crafted handshakes can force the use of weak keys, resulting in potential man-in-the-middle attacks.\n\n - CVE-2014-3470 Felix Groebert and Ivan Fratric discovered that the implementation of anonymous ECDH ciphersuites is suspe