Search...

VMware vCenter Operations Manager Multiple OpenSSL Vulnerabilities (VMSA-2014-0006)

2014-07-03T00:00:00

ID VMWARE_VCENTER_OPERATIONS_MANAGER_VMSA_2014-0006.NASL
Type nessus
Reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
Modified 2021-01-02T00:00:00

Description

The version of vCenter Operations Manager installed on the remote host is 5.7.x or later and prior to 5.8.2. It is, therefore, affected by the following OpenSSL related vulnerabilities :

An error exists in the function 'ssl3_read_bytes' that could allow data to be injected into other sessions or allow denial of service attacks. Note this issue is only exploitable if 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2010-5298)

An error exists in the function 'do_ssl3_write' that could allow a NULL pointer to be dereferenced leading to denial of service attacks. Note this issue is exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2014-0198)

An unspecified error exists that could allow an attacker to cause usage of weak keying material leading to simplified man-in-the-middle attacks. (CVE-2014-0224)

An unspecified error exists related to anonymous ECDH ciphersuites that could allow denial of service attacks. Note this issue only affects OpenSSL TLS clients. (CVE-2014-3470)

Note that the patch for 5.7.x is still pending at this time.

                                        
                                            #
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(76360);
  script_version("1.6");
  script_cvs_date("Date: 2019/11/26");

  script_cve_id(
    "CVE-2010-5298",
    "CVE-2014-0198",
    "CVE-2014-0224",
    "CVE-2014-3470"
  );
  script_bugtraq_id(
    66801,
    67193,
    67898,
    67899
  );
  script_xref(name:"CERT", value:"978508");
  script_xref(name:"VMSA", value:"2014-0006");

  script_name(english:"VMware vCenter Operations Manager Multiple OpenSSL Vulnerabilities (VMSA-2014-0006)");
  script_summary(english:"Checks the version of vCenter Operations Manager.");

  script_set_attribute(attribute:"synopsis", value:
"The remote host has a virtualization appliance installed that is
affected by multiple OpenSSL vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of vCenter Operations Manager installed on the remote host
is 5.7.x or later and prior to 5.8.2. It is, therefore, affected by
the following OpenSSL related vulnerabilities :

  - An error exists in the function 'ssl3_read_bytes'
    that could allow data to be injected into other
    sessions or allow denial of service attacks. Note
    this issue is only exploitable if
    'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2010-5298)

  - An error exists in the function 'do_ssl3_write' that
    could allow a NULL pointer to be dereferenced leading to
    denial of service attacks. Note this issue is
    exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is
    enabled. (CVE-2014-0198)

  - An unspecified error exists that could allow an
    attacker to cause usage of weak keying material
    leading to simplified man-in-the-middle attacks.
    (CVE-2014-0224)

  - An unspecified error exists related to anonymous ECDH
    ciphersuites that could allow denial of service
    attacks. Note this issue only affects OpenSSL TLS
    clients. (CVE-2014-3470)

Note that the patch for 5.7.x is still pending at this time.");
  script_set_attribute(attribute:"see_also", value:"http://www.vmware.com/security/advisories/VMSA-2014-0006.html");
  script_set_attribute(attribute:"solution", value:
"Upgrade to vCenter Operations Manager 5.8.2 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-0224");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/04/12");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/07/01");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/07/03");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:vmware:vcenter_operations");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/VMware vCenter Operations Manager/Version");
  script_require_ports("Services/ssh", 22);

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");

version = get_kb_item_or_exit("Host/VMware vCenter Operations Manager/Version");

if (
  version =~ '^5\\.7\\.' ||
  (version =~ '^5\\.8\\.' && ver_compare(ver:version, fix:'5.8.2', strict:FALSE) &lt; 0)
)
{
  if (report_verbosity &gt; 0)
  {
    report =
      '\n  Installed version : ' + version +
      '\n  Fixed version     : 5.8.2\n';
    security_warning(port:0, extra:report);
  }
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_INST_VER_NOT_VULN, 'VMware vCenter Operations Manager', version);

JSON Vulners Source

Initial Source

{"id": "VMWARE_VCENTER_OPERATIONS_MANAGER_VMSA_2014-0006.NASL", "bulletinFamily": "scanner", "title": "VMware vCenter Operations Manager Multiple OpenSSL Vulnerabilities (VMSA-2014-0006)", "description": "The version of vCenter Operations Manager installed on the remote host\nis 5.7.x or later and prior to 5.8.2. It is, therefore, affected by\nthe following OpenSSL related vulnerabilities :\n\n - An error exists in the function 'ssl3_read_bytes'\n that could allow data to be injected into other\n sessions or allow denial of service attacks. Note\n this issue is only exploitable if\n 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2010-5298)\n\n - An error exists in the function 'do_ssl3_write' that\n could allow a NULL pointer to be dereferenced leading to\n denial of service attacks. Note this issue is\n exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is\n enabled. (CVE-2014-0198)\n\n - An unspecified error exists that could allow an\n attacker to cause usage of weak keying material\n leading to simplified man-in-the-middle attacks.\n (CVE-2014-0224)\n\n - An unspecified error exists related to anonymous ECDH\n ciphersuites that could allow denial of service\n attacks. Note this issue only affects OpenSSL TLS\n clients. (CVE-2014-3470)\n\nNote that the patch for 5.7.x is still pending at this time.", "published": "2014-07-03T00:00:00", "modified": "2021-01-02T00:00:00", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}, "href": "https://www.tenable.com/plugins/nessus/76360", "reporter": "This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.vmware.com/security/advisories/VMSA-2014-0006.html"], "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2010-5298", "CVE-2014-0198"], "type": "nessus", "lastseen": "2021-01-01T07:00:08", "edition": 25, "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2014-3470", "CVE-2014-0198", "CVE-2010-5298", "CVE-2014-0224"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310881946", "OPENVAS:1361412562310105209", "OPENVAS:1361412562310105044", "OPENVAS:1361412562310105045", "OPENVAS:1361412562310871183", "OPENVAS:1361412562310871172", "OPENVAS:1361412562310121244", "OPENVAS:1361412562310123403", "OPENVAS:1361412562310123365", "OPENVAS:1361412562310105057"]}, {"type": "nessus", "idList": ["VMWARE_VMSA-2014-0006_REMOTE.NASL", "VMWARE_PLAYER_LINUX_6_0_3.NASL", "VMWARE_PLAYER_MULTIPLE_VMSA_2014-0006.NASL", "VMWARE_VCENTER_VMSA-2014-0006.NASL", "VMWARE_VSPHERE_REPLICATION_VMSA_2014_0006.NASL", "VSPHERE_CLIENT_VMSA_2014-0006.NASL", "JUNOS_PULSE_JSA10629.NASL", "VMWARE_ESXI_5_1_BUILD_1900470_REMOTE.NASL", "VMWARE_ESXI_5_5_BUILD_1881737_REMOTE.NASL", "VMWARE_WORKSTATION_LINUX_10_0_3.NASL"]}, {"type": "ics", "idList": ["ICSA-14-198-03G"]}, {"type": "vmware", "idList": ["VMSA-2014-0006"]}, {"type": "kaspersky", "idList": ["KLA10382"]}, {"type": "f5", "idList": ["SOL15328", "SOL15329", "SOL15342", "F5:K15325", "F5:K15342", "SOL15325", "F5:K15329", "F5:K15328"]}, {"type": "hackerone", "idList": ["H1:50885"]}, {"type": "citrix", "idList": ["CTX140876"]}, {"type": "centos", "idList": ["CESA-2014:0625"]}, {"type": "thn", "idList": ["THN:D2B91981A95FA63440BEC1909D1FAE82"]}, {"type": "redhat", "idList": ["RHSA-2014:0628", "RHSA-2014:0679", "RHSA-2014:0625"]}, {"type": "gentoo", "idList": ["GLSA-201407-05"]}, {"type": "oraclelinux", "idList": ["ELSA-2014-0679", "ELSA-2014-0625"]}, {"type": "slackware", "idList": ["SSA-2014-156-03"]}, {"type": "seebug", "idList": ["SSV:92577"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20140613-OPENSSL"]}, {"type": "cisco", "idList": ["CISCO-SA-20140605-OPENSSL"]}], "modified": "2021-01-01T07:00:08", "rev": 2}, "score": {"value": 5.7, "vector": "NONE", "modified": "2021-01-01T07:00:08", "rev": 2}, "vulnersScore": 5.7}, "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76360);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/11/26\");\n\n script_cve_id(\n \"CVE-2010-5298\",\n \"CVE-2014-0198\",\n \"CVE-2014-0224\",\n \"CVE-2014-3470\"\n );\n script_bugtraq_id(\n 66801,\n 67193,\n 67898,\n 67899\n );\n script_xref(name:\"CERT\", value:\"978508\");\n script_xref(name:\"VMSA\", value:\"2014-0006\");\n\n script_name(english:\"VMware vCenter Operations Manager Multiple OpenSSL Vulnerabilities (VMSA-2014-0006)\");\n script_summary(english:\"Checks the version of vCenter Operations Manager.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has a virtualization appliance installed that is\naffected by multiple OpenSSL vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of vCenter Operations Manager installed on the remote host\nis 5.7.x or later and prior to 5.8.2. It is, therefore, affected by\nthe following OpenSSL related vulnerabilities :\n\n - An error exists in the function 'ssl3_read_bytes'\n that could allow data to be injected into other\n sessions or allow denial of service attacks. Note\n this issue is only exploitable if\n 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2010-5298)\n\n - An error exists in the function 'do_ssl3_write' that\n could allow a NULL pointer to be dereferenced leading to\n denial of service attacks. Note this issue is\n exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is\n enabled. (CVE-2014-0198)\n\n - An unspecified error exists that could allow an\n attacker to cause usage of weak keying material\n leading to simplified man-in-the-middle attacks.\n (CVE-2014-0224)\n\n - An unspecified error exists related to anonymous ECDH\n ciphersuites that could allow denial of service\n attacks. Note this issue only affects OpenSSL TLS\n clients. (CVE-2014-3470)\n\nNote that the patch for 5.7.x is still pending at this time.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.vmware.com/security/advisories/VMSA-2014-0006.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to vCenter Operations Manager 5.8.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0224\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:vmware:vcenter_operations\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/VMware vCenter Operations Manager/Version\");\n script_require_ports(\"Services/ssh\", 22);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit(\"Host/VMware vCenter Operations Manager/Version\");\n\nif (\n version =~ '^5\\\\.7\\\\.' ||\n (version =~ '^5\\\\.8\\\\.' && ver_compare(ver:version, fix:'5.8.2', strict:FALSE) < 0)\n)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Installed version : ' + version +\n '\\n Fixed version : 5.8.2\\n';\n security_warning(port:0, extra:report);\n }\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, 'VMware vCenter Operations Manager', version);\n", "naslFamily": "Misc.", "pluginID": "76360", "cpe": ["cpe:/a:vmware:vcenter_operations"], "scheme": null}

{"cve": [{"lastseen": "2020-12-09T19:34:45", "description": "Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment.", "edition": 5, "cvss3": {}, "published": "2014-04-14T22:38:00", "title": "CVE-2010-5298", "type": "cve", "cwe": ["CWE-362"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-5298"], "modified": "2018-10-10T20:09:00", "cpe": ["cpe:/a:openssl:openssl:1.0.0k", "cpe:/a:openssl:openssl:0.9.8y", "cpe:/a:openssl:openssl:0.9.8m", "cpe:/a:openssl:openssl:1.0.1a", "cpe:/a:openssl:openssl:0.9.8n", "cpe:/a:openssl:openssl:0.9.6e", "cpe:/a:openssl:openssl:0.9.8b", "cpe:/a:openssl:openssl:0.9.8h", "cpe:/a:openssl:openssl:0.9.8u", "cpe:/a:openssl:openssl:1.0.1", "cpe:/a:openssl:openssl:0.9.8w", "cpe:/a:openssl:openssl:0.9.8k", "cpe:/a:openssl:openssl:1.0.1e", "cpe:/a:openssl:openssl:0.9.3a", "cpe:/a:openssl:openssl:0.9.8j", "cpe:/a:openssl:openssl:0.9.8t", "cpe:/a:openssl:openssl:1.0.1d", "cpe:/a:openssl:openssl:0.9.8a", "cpe:/a:openssl:openssl:0.9.8q", "cpe:/a:openssl:openssl:1.0.0a", "cpe:/a:openssl:openssl:0.9.7c", "cpe:/a:openssl:openssl:0.9.7j", "cpe:/a:openssl:openssl:0.9.6", "cpe:/a:openssl:openssl:1.0.1g", "cpe:/a:openssl:openssl:0.9.7g", "cpe:/a:openssl:openssl:0.9.6j", "cpe:/a:openssl:openssl:0.9.8o", "cpe:/a:openssl:openssl:1.0.0h", "cpe:/a:openssl:openssl:0.9.7a", "cpe:/a:openssl:openssl:0.9.3", "cpe:/a:openssl:openssl:0.9.7m", "cpe:/a:openssl:openssl:0.9.8x", "cpe:/a:openssl:openssl:0.9.1c", "cpe:/a:openssl:openssl:0.9.7h", "cpe:/a:openssl:openssl:0.9.7", "cpe:/a:openssl:openssl:1.0.1b", "cpe:/a:openssl:openssl:0.9.6k", "cpe:/a:openssl:openssl:0.9.5a", "cpe:/a:openssl:openssl:0.9.6a", "cpe:/a:openssl:openssl:0.9.8s", "cpe:/a:openssl:openssl:0.9.7d", "cpe:/a:openssl:openssl:1.0.0l", "cpe:/a:openssl:openssl:0.9.6h", "cpe:/a:openssl:openssl:0.9.8f", "cpe:/a:openssl:openssl:0.9.8", "cpe:/a:openssl:openssl:1.0.0", "cpe:/a:openssl:openssl:1.0.0i", "cpe:/a:openssl:openssl:0.9.5", "cpe:/a:openssl:openssl:0.9.4", "cpe:/a:openssl:openssl:0.9.8i", "cpe:/a:openssl:openssl:1.0.0f", "cpe:/a:openssl:openssl:0.9.7f", "cpe:/a:openssl:openssl:0.9.8c", "cpe:/a:openssl:openssl:0.9.7b", "cpe:/a:openssl:openssl:1.0.1c", "cpe:/a:openssl:openssl:1.0.0e", "cpe:/a:openssl:openssl:1.0.0g", "cpe:/a:openssl:openssl:0.9.8r", "cpe:/a:openssl:openssl:0.9.6c", "cpe:/a:openssl:openssl:0.9.7l", "cpe:/a:openssl:openssl:0.9.6i", "cpe:/a:openssl:openssl:1.0.0j", "cpe:/a:openssl:openssl:1.0.0b", "cpe:/a:openssl:openssl:0.9.6d", "cpe:/a:openssl:openssl:0.9.7i", "cpe:/a:openssl:openssl:0.9.8d", "cpe:/a:openssl:openssl:0.9.8v", "cpe:/a:openssl:openssl:1.0.0d", "cpe:/a:openssl:openssl:1.0.1f", "cpe:/a:openssl:openssl:0.9.7k", "cpe:/a:openssl:openssl:0.9.6g", "cpe:/a:openssl:openssl:0.9.6m", "cpe:/a:openssl:openssl:0.9.7e", "cpe:/a:openssl:openssl:0.9.6f", "cpe:/a:openssl:openssl:0.9.8e", "cpe:/a:openssl:openssl:0.9.8g", "cpe:/a:openssl:openssl:1.0.0c", "cpe:/a:openssl:openssl:0.9.6b", "cpe:/a:openssl:openssl:0.9.2b", "cpe:/a:openssl:openssl:0.9.8l", "cpe:/a:openssl:openssl:0.9.6l", "cpe:/a:openssl:openssl:0.9.8p"], "id": "CVE-2010-5298", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5298", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:N/I:P/A:P"}, "cpe23": ["cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7:beta6:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8w:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.5a:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7:beta4:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7:beta3:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7:beta5:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.5a:beta2:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8r:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.5:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.3a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8x:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8v:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7m:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8y:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6:beta3:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6:beta2:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8u:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8t:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.5:beta2:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6a:beta2:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8s:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8m:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6a:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7l:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6a:beta3:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:58:23", "description": "The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value.\nPer: http://cwe.mitre.org/data/definitions/476.html\n\n\"CWE-476: NULL Pointer Dereference\"", "edition": 6, "cvss3": {}, "published": "2014-06-05T21:55:00", "title": "CVE-2014-3470", "type": "cve", "cwe": ["CWE-310"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3470"], "modified": "2019-04-22T17:48:00", "cpe": ["cpe:/a:openssl:openssl:1.0.0k", "cpe:/a:openssl:openssl:0.9.8y", "cpe:/a:openssl:openssl:0.9.8m", "cpe:/a:openssl:openssl:1.0.1a", "cpe:/a:openssl:openssl:0.9.8n", "cpe:/a:openssl:openssl:0.9.8b", "cpe:/a:openssl:openssl:0.9.8h", "cpe:/a:openssl:openssl:0.9.8u", "cpe:/a:openssl:openssl:1.0.1", "cpe:/a:openssl:openssl:0.9.8w", "cpe:/a:openssl:openssl:0.9.8k", "cpe:/o:redhat:enterprise_linux:5", "cpe:/a:openssl:openssl:1.0.1e", "cpe:/a:openssl:openssl:0.9.8j", "cpe:/a:openssl:openssl:0.9.8t", "cpe:/a:openssl:openssl:1.0.1d", "cpe:/a:openssl:openssl:0.9.8a", "cpe:/a:openssl:openssl:0.9.8q", "cpe:/a:openssl:openssl:1.0.0a", "cpe:/a:openssl:openssl:1.0.1g", "cpe:/a:openssl:openssl:0.9.8o", "cpe:/a:openssl:openssl:1.0.0h", "cpe:/a:openssl:openssl:0.9.8x", "cpe:/a:openssl:openssl:1.0.1b", "cpe:/o:fedoraproject:fedora:*", "cpe:/a:openssl:openssl:0.9.8s", "cpe:/a:openssl:openssl:1.0.0l", "cpe:/a:openssl:openssl:0.9.8f", "cpe:/a:openssl:openssl:0.9.8", "cpe:/a:openssl:openssl:1.0.0", "cpe:/a:openssl:openssl:1.0.0i", "cpe:/a:openssl:openssl:0.9.8i", "cpe:/a:openssl:openssl:1.0.0f", "cpe:/a:openssl:openssl:0.9.8c", "cpe:/a:openssl:openssl:1.0.1c", "cpe:/a:openssl:openssl:1.0.0e", "cpe:/a:openssl:openssl:1.0.0g", "cpe:/a:openssl:openssl:0.9.8r", "cpe:/a:openssl:openssl:1.0.0j", "cpe:/a:openssl:openssl:1.0.0b", "cpe:/a:openssl:openssl:0.9.8d", "cpe:/a:openssl:openssl:0.9.8v", "cpe:/a:openssl:openssl:1.0.0d", "cpe:/a:openssl:openssl:1.0.1f", "cpe:/a:openssl:openssl:0.9.8e", "cpe:/a:openssl:openssl:0.9.8g", "cpe:/a:openssl:openssl:1.0.0c", "cpe:/a:redhat:storage:2.1", "cpe:/a:openssl:openssl:0.9.8l", "cpe:/o:redhat:enterprise_linux:6.0", "cpe:/a:openssl:openssl:0.9.8p"], "id": "CVE-2014-3470", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3470", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8w:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8r:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8x:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8v:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8y:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:*:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8u:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:storage:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8t:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8s:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8m:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T12:01:11", "description": "The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition.\n<a href=\"http://cwe.mitre.org/data/definitions/476.html\">CWE-476: NULL Pointer Dereference</a>", "edition": 4, "cvss3": {}, "published": "2014-05-06T10:44:00", "title": "CVE-2014-0198", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0198"], "modified": "2018-10-09T19:37:00", "cpe": ["cpe:/a:openssl:openssl:1.0.0k", "cpe:/a:openssl:openssl:1.0.1a", "cpe:/a:openssl:openssl:1.0.1", "cpe:/a:openssl:openssl:1.0.1e", "cpe:/a:openssl:openssl:1.0.1d", "cpe:/a:openssl:openssl:1.0.0a", "cpe:/a:openssl:openssl:1.0.1g", "cpe:/a:openssl:openssl:1.0.0h", "cpe:/a:openssl:openssl:1.0.1b", "cpe:/a:openssl:openssl:1.0.0l", "cpe:/a:openssl:openssl:1.0.0", "cpe:/a:openssl:openssl:1.0.0i", "cpe:/a:openssl:openssl:1.0.0f", "cpe:/a:openssl:openssl:1.0.1c", "cpe:/a:openssl:openssl:1.0.0e", "cpe:/a:openssl:openssl:1.0.0g", "cpe:/a:openssl:openssl:1.0.0j", "cpe:/a:openssl:openssl:1.0.0b", "cpe:/a:openssl:openssl:1.0.0d", "cpe:/a:openssl:openssl:1.0.1f", "cpe:/a:openssl:openssl:1.0.0c"], "id": "CVE-2014-0198", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0198", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:58:19", "description": "OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the \"CCS Injection\" vulnerability.", "edition": 9, "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.4, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.2}, "published": "2014-06-05T21:55:00", "title": "CVE-2014-0224", "type": "cve", "cwe": ["CWE-326"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0224"], "modified": "2020-07-28T16:40:00", "cpe": ["cpe:/a:redhat:jboss_enterprise_web_server:2.0.1", "cpe:/o:redhat:enterprise_linux:4", "cpe:/a:redhat:jboss_enterprise_web_platform:5.2.0", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:fedoraproject:fedora:19", "cpe:/o:opensuse:opensuse:13.1", "cpe:/a:redhat:jboss_enterprise_application_platform:5.2.0", "cpe:/o:opensuse:opensuse:13.2", "cpe:/o:fedoraproject:fedora:20", "cpe:/a:redhat:jboss_enterprise_application_platform:6.2.3", "cpe:/a:redhat:storage:2.1", "cpe:/o:redhat:enterprise_linux:6.0"], "id": "CVE-2014-0224", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0224", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:jboss_enterprise_web_platform:5.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:jboss_enterprise_web_server:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:storage:2.1:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:4:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.2.0:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2019-10-02T15:18:38", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2010-5298", "CVE-2014-0198"], "description": "VMware product updates address OpenSSL security vulnerabilities.", "modified": "2019-10-02T00:00:00", "published": "2014-06-13T00:00:00", "id": "OPENVAS:1361412562310105045", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310105045", "type": "openvas", "title": "VMSA-2014-0006: VMware product updates address OpenSSL security vulnerabilities (remote check)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# VMSA-2014-0006: VMware product updates address OpenSSL security vulnerabilities (remote check)\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.105045\");\n script_cve_id(\"CVE-2014-0224\", \"CVE-2014-0198\", \"CVE-2010-5298\", \"CVE-2014-3470\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_version(\"2019-10-02T07:08:50+0000\");\n script_name(\"VMSA-2014-0006: VMware product updates address OpenSSL security vulnerabilities (remote check)\");\n\n\n script_xref(name:\"URL\", value:\"http://www.vmware.com/security/advisories/VMSA-2014-0006.html\");\n\n script_tag(name:\"last_modification\", value:\"2019-10-02 07:08:50 +0000 (Wed, 02 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2014-06-13 11:04:01 +0100 (Fri, 13 Jun 2014)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_copyright(\"This script is Copyright (C) 2014 Greenbone Networks GmbH\");\n script_dependencies(\"gb_vmware_esx_web_detect.nasl\");\n script_mandatory_keys(\"VMware/ESX/build\", \"VMware/ESX/version\");\n\n script_tag(name:\"vuldetect\", value:\"Check the build number\");\n script_tag(name:\"insight\", value:\"a. OpenSSL update for multiple products.\n\nOpenSSL libraries have been updated in multiple products to versions 0.9.8za and 1.0.1h\nin order to resolve multiple security issues.\");\n script_tag(name:\"solution\", value:\"Apply the missing patch(es).\");\n script_tag(name:\"summary\", value:\"VMware product updates address OpenSSL security vulnerabilities.\");\n script_tag(name:\"affected\", value:\"ESXi 5.5 prior to ESXi550-201406401-SGi,\nESXi 5.1 without patch ESXi510-201406401-SG,\nESXi 5.0 without patch ESXi500-201407401-SG\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n\n}\n\ninclude(\"vmware_esx.inc\");\n\nif( ! esxVersion = get_kb_item( \"VMware/ESX/version\" ) ) exit( 0 );\nif( ! esxBuild = get_kb_item( \"VMware/ESX/build\" ) ) exit( 0 );\n\nfixed_builds = make_array( \"5.5.0\",\"1881737\",\n \"5.1.0\",\"1900470\",\n \"5.0.0\",\"1918656\");\n\nif( ! fixed_builds[esxVersion] ) exit( 0 );\n\nif( int( esxBuild ) < int( fixed_builds[esxVersion] ) )\n{\n security_message(port:0, data: esxi_remote_report( ver:esxVersion, build: esxBuild, fixed_build: fixed_builds[esxVersion] ) );\n exit(0);\n}\n\nexit( 99 );\n\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2019-10-02T15:18:32", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2010-5298", "CVE-2014-0198"], "description": "VMware product updates address OpenSSL security vulnerabilities.", "modified": "2019-10-02T00:00:00", "published": "2014-07-04T00:00:00", "id": "OPENVAS:1361412562310105057", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310105057", "type": "openvas", "title": "VMware Security Updates for vCenter Server (VMSA-2014-0006)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# VMware Security Updates for vCenter Server (VMSA-2014-0006)\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.105057\");\n script_cve_id(\"CVE-2014-0224\", \"CVE-2014-0198\", \"CVE-2010-5298\", \"CVE-2014-3470\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_version(\"2019-10-02T07:08:50+0000\");\n script_name(\"VMware Security Updates for vCenter Server (VMSA-2014-0006)\");\n\n\n script_xref(name:\"URL\", value:\"http://www.vmware.com/security/advisories/VMSA-2014-0006.html\");\n\n script_tag(name:\"last_modification\", value:\"2019-10-02 07:08:50 +0000 (Wed, 02 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2014-07-04 11:04:01 +0100 (Fri, 04 Jul 2014)\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_family(\"General\");\n script_copyright(\"This script is Copyright (C) 2014 Greenbone Networks GmbH\");\n script_dependencies(\"gb_vmware_vcenter_detect.nasl\");\n script_mandatory_keys(\"VMware_vCenter/version\", \"VMware_vCenter/build\");\n\n script_tag(name:\"vuldetect\", value:\"Check the build number\");\n script_tag(name:\"insight\", value:\"a. OpenSSL update for multiple products.\n\nOpenSSL libraries have been updated in multiple products to versions 0.9.8za and 1.0.1h\nin order to resolve multiple security issues.\");\n script_tag(name:\"solution\", value:\"Apply the missing patch(es).\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"VMware product updates address OpenSSL security vulnerabilities.\");\n script_tag(name:\"affected\", value:\"vCenter prior to 5.5u1b\nvCenter prior to 5.1U2a\nvCenter prior to 5.0U3a\");\n\n exit(0);\n\n}\n\ninclude(\"vmware_esx.inc\");\n\nif ( ! vcenter_version = get_kb_item(\"VMware_vCenter/version\") ) exit( 0 );\nif ( ! vcenter_build = get_kb_item(\"VMware_vCenter/build\") ) exit( 0 );\n\nfixed_builds = make_array( \"5.5.0\",\"1891310\",\n \"5.1.0\",\"1917403\",\n \"5.0.0\",\"1923446\" );\n\nif ( ! fixed_builds[ vcenter_version] ) exit( 0 );\n\nif ( int( vcenter_build ) < int( fixed_builds[ vcenter_version ] ) )\n{\n security_message( port:0, data: esxi_remote_report( ver:vcenter_version, build: vcenter_build, fixed_build: fixed_builds[vcenter_version], typ:'vCenter' ) );\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2019-12-19T16:06:24", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2010-5298", "CVE-2014-0198"], "description": "VMware product updates address OpenSSL security vulnerabilities.", "modified": "2019-12-18T00:00:00", "published": "2014-06-13T00:00:00", "id": "OPENVAS:1361412562310105044", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310105044", "type": "openvas", "title": "VMware ESXi updates address OpenSSL security vulnerabilities (VMSA-2014-0006)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# VMSA-2014-0006: VMware product updates address OpenSSL security vulnerabilities.\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.105044\");\n script_cve_id(\"CVE-2014-0224\", \"CVE-2014-0198\", \"CVE-2010-5298\", \"CVE-2014-3470\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_version(\"2019-12-18T11:13:08+0000\");\n script_name(\"VMware ESXi updates address OpenSSL security vulnerabilities (VMSA-2014-0006)\");\n\n script_xref(name:\"URL\", value:\"http://www.vmware.com/security/advisories/VMSA-2014-0006.html\");\n\n script_tag(name:\"last_modification\", value:\"2019-12-18 11:13:08 +0000 (Wed, 18 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2014-06-13 11:04:01 +0100 (Fri, 13 Jun 2014)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"VMware Local Security Checks\");\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_dependencies(\"gb_vmware_esxi_init.nasl\");\n script_mandatory_keys(\"VMware/ESXi/LSC\", \"VMware/ESX/version\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if the target host is missing one or more patch(es).\");\n\n script_tag(name:\"insight\", value:\"a. OpenSSL update for multiple products.\n\n OpenSSL libraries have been updated in multiple products to versions 0.9.8za and 1.0.1h\n in order to resolve multiple security issues.\");\n\n script_tag(name:\"solution\", value:\"Apply the missing patch(es).\");\n\n script_tag(name:\"summary\", value:\"VMware product updates address OpenSSL security vulnerabilities.\");\n\n script_tag(name:\"affected\", value:\"ESXi 5.5 prior to ESXi550-201406401-SG\n\n ESXi 5.1 without patch ESXi510-201406401-SG\n\n ESXi 5.0 without patch ESXi500-201407401-SG\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"vmware_esx.inc\");\ninclude(\"version_func.inc\");\n\nif(!get_kb_item(\"VMware/ESXi/LSC\"))\n exit(0);\n\nif(!esxVersion = get_kb_item(\"VMware/ESX/version\"))\n exit(0);\n\npatches = make_array(\"5.5.0\", \"VIB:esx-base:5.5.0-1.18.1881737\",\n \"5.1.0\", \"VIB:esx-base:5.1.0-2.29.1900470\",\n \"5.0.0\", \"VIB:esx-base:5.0.0-3.50.1918656\");\n\nif(!patches[esxVersion])\n exit(99);\n\nif(report = esxi_patch_missing(esxi_version:esxVersion, patch:patches[esxVersion])) {\n security_message(port:0, data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:53", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2010-5298", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221"], "description": "Oracle Linux Local Security Checks ELSA-2014-0679", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123365", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123365", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2014-0679", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2014-0679.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123365\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:02:49 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2014-0679\");\n script_tag(name:\"insight\", value:\"ELSA-2014-0679 - openssl security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2014-0679\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2014-0679.html\");\n script_cve_id(\"CVE-2010-5298\", \"CVE-2014-0195\", \"CVE-2014-0198\", \"CVE-2014-0221\", \"CVE-2014-0224\", \"CVE-2014-3470\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux7\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~34.el7_0.3\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1e~34.el7_0.3\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-libs\", rpm:\"openssl-libs~1.0.1e~34.el7_0.3\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~1.0.1e~34.el7_0.3\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-static\", rpm:\"openssl-static~1.0.1e~34.el7_0.3\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:32", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2010-5298", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221"], "description": "The remote host is missing an update for the ", "modified": "2018-12-04T00:00:00", "published": "2014-07-04T00:00:00", "id": "OPENVAS:1361412562310871183", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871183", "type": "openvas", "title": "RedHat Update for openssl RHSA-2014:0679-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for openssl RHSA-2014:0679-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871183\");\n script_version(\"$Revision: 12634 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-12-04 08:26:26 +0100 (Tue, 04 Dec 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-07-04 16:48:53 +0530 (Fri, 04 Jul 2014)\");\n script_cve_id(\"CVE-2010-5298\", \"CVE-2014-0195\", \"CVE-2014-0198\", \"CVE-2014-0221\", \"CVE-2014-0224\", \"CVE-2014-3470\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"RedHat Update for openssl RHSA-2014:0679-01\");\n\n script_tag(name:\"affected\", value:\"openssl on Red Hat Enterprise Linux Server (v. 7)\");\n\n script_tag(name:\"insight\", value:\"OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\n and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.\n\nIt was found that OpenSSL clients and servers could be forced, via a\nspecially crafted handshake packet, to use weak keying material for\ncommunication. A man-in-the-middle attacker could use this flaw to decrypt\nand modify traffic between a client and a server. (CVE-2014-0224)\n\nNote: In order to exploit this flaw, both the server and the client must be\nusing a vulnerable version of OpenSSL the server must be using OpenSSL\nversion 1.0.1 and above, and the client must be using any version of\nOpenSSL. For more information about this flaw, buffer overflow flaw was found in the way OpenSSL handled invalid DTLS\npacket fragments. A remote attacker could possibly use this flaw to execute\narbitrary code on a DTLS client or server. (CVE-2014-0195)\n\nMultiple flaws were found in the way OpenSSL handled read and write buffers\nwhen the SSL_MODE_RELEASE_BUFFERS mode was enabled. A TLS/SSL client or\nserver using OpenSSL could crash or unexpectedly drop connections when\nprocessing certain SSL traffic. (CVE-2010-5298, CVE-2014-0198)\n\nA denial of service flaw was found in the way OpenSSL handled certain DTLS\nServerHello requests. A specially crafted DTLS handshake packet could cause\na DTLS client using OpenSSL to crash. (CVE-2014-0221)\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed\nanonymous Elliptic Curve Diffie Hellman (ECDH) key exchange. A specially\ncrafted handshake packet could cause a TLS/SSL client that has the\nanonymous ECDH cipher suite enabled to crash. (CVE-2014-3470)\n\nRed Hat would like to thank the OpenSSL project for reporting these issues.\nUpstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter\nof CVE-2014-0224, Jri Aedla as the original reporter of CVE-2014-0195,\nImre Rad of Search-Lab as the original reporter of CVE-2014-0221, and Felix\nGrbert and Ivan Fratri of Google as the original reporters of\nCVE-2014-3470.\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"RHSA\", value:\"2014:0679-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2014-June/msg00020.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n script_xref(name:\"URL\", value:\"https://access.redhat.com/site/articles/904433\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~34.el7_0.3\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-debuginfo\", rpm:\"openssl-debuginfo~1.0.1e~34.el7_0.3\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1e~34.el7_0.3\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-libs\", rpm:\"openssl-libs~1.0.1e~34.el7_0.3\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2010-5298", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221"], "description": "The remote host is missing an update for the ", "modified": "2018-12-04T00:00:00", "published": "2014-06-09T00:00:00", "id": "OPENVAS:1361412562310871172", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871172", "type": "openvas", "title": "RedHat Update for openssl RHSA-2014:0625-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for openssl RHSA-2014:0625-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871172\");\n script_version(\"$Revision: 12634 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-12-04 08:26:26 +0100 (Tue, 04 Dec 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-06-09 15:44:30 +0530 (Mon, 09 Jun 2014)\");\n script_cve_id(\"CVE-2010-5298\", \"CVE-2014-0195\", \"CVE-2014-0198\", \"CVE-2014-0221\",\n \"CVE-2014-0224\", \"CVE-2014-3470\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"RedHat Update for openssl RHSA-2014:0625-01\");\n\n script_tag(name:\"affected\", value:\"openssl on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n\n script_tag(name:\"insight\", value:\"OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nIt was found that OpenSSL clients and servers could be forced, via a\nspecially crafted handshake packet, to use weak keying material for\ncommunication. A man-in-the-middle attacker could use this flaw to decrypt\nand modify traffic between a client and a server. (CVE-2014-0224)\n\nNote: In order to exploit this flaw, both the server and the client must be\nusing a vulnerable version of OpenSSL the server must be using OpenSSL\nversion 1.0.1 and above, and the client must be using any version of\nOpenSSL. For more information about this flaw, buffer overflow flaw was found in the way OpenSSL handled invalid DTLS\npacket fragments. A remote attacker could possibly use this flaw to execute\narbitrary code on a DTLS client or server. (CVE-2014-0195)\n\nMultiple flaws were found in the way OpenSSL handled read and write buffers\nwhen the SSL_MODE_RELEASE_BUFFERS mode was enabled. A TLS/SSL client or\nserver using OpenSSL could crash or unexpectedly drop connections when\nprocessing certain SSL traffic. (CVE-2010-5298, CVE-2014-0198)\n\nA denial of service flaw was found in the way OpenSSL handled certain DTLS\nServerHello requests. A specially crafted DTLS handshake packet could cause\na DTLS client using OpenSSL to crash. (CVE-2014-0221)\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed\nanonymous Elliptic Curve Diffie Hellman (ECDH) key exchange. A specially\ncrafted handshake packet could cause a TLS/SSL client that has the\nanonymous ECDH cipher suite enabled to crash. (CVE-2014-3470)\n\nRed Hat would like to thank the OpenSSL project for reporting these issues.\nUpstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter\nof CVE-2014-0224, Jri Aedla as the original reporter of CVE-2014-0195,\nImre Rad of Search-Lab as the original reporter of CVE-2014-0221, and Felix\nGrbert and Ivan Fratri of Google as the original reporters of\nCVE-2014-3470.\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"RHSA\", value:\"2014:0625-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2014-June/msg00009.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n\n script_xref(name:\"URL\", value:\"https://access.redhat.com/site/articles/904433\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~16.el6_5.14\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-debuginfo\", rpm:\"openssl-debuginfo~1.0.1e~16.el6_5.14\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1e~16.el6_5.14\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:53", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2010-5298", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221"], "description": "Oracle Linux Local Security Checks ELSA-2014-0625", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123403", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123403", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2014-0625", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2014-0625.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123403\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:03:20 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2014-0625\");\n script_tag(name:\"insight\", value:\"ELSA-2014-0625 - openssl security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2014-0625\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2014-0625.html\");\n script_cve_id(\"CVE-2010-5298\", \"CVE-2014-0195\", \"CVE-2014-0198\", \"CVE-2014-0221\", \"CVE-2014-0224\", \"CVE-2014-3470\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~16.el6_5.14\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1e~16.el6_5.14\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~1.0.1e~16.el6_5.14\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-static\", rpm:\"openssl-static~1.0.1e~16.el6_5.14\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2010-5298", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221"], "description": "Gentoo Linux Local Security Checks GLSA 201407-05", "modified": "2018-10-26T00:00:00", "published": "2015-09-29T00:00:00", "id": "OPENVAS:1361412562310121244", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121244", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201407-05", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201407-05.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121244\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:27:40 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201407-05\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in OpenSSL. Please review the OpenSSL Security Advisory [05 Jun 2014] and the CVE identifiers referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201407-05\");\n script_cve_id(\"CVE-2010-5298\", \"CVE-2014-0195\", \"CVE-2014-0198\", \"CVE-2014-0221\", \"CVE-2014-0224\", \"CVE-2014-3470\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201407-05\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 1.0.1h-r1\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 1.0.0m\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 0.9.8z_p1\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 0.9.8z_p2\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 0.9.8z_p3\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 0.9.8z_p4\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 0.9.8z_p5\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 0.9.8z_p6\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 0.9.8z_p7\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 0.9.8z_p8\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 0.9.8z_p9\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 0.9.8z_p10\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 0.9.8z_p11\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 0.9.8z_p12\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 0.9.8z_p13\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 0.9.8z_p14\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 0.9.8z_p15\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(), vulnerable: make_list(\"lt 1.0.1h-r1\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:13", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2010-5298", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-06-09T00:00:00", "id": "OPENVAS:1361412562310881946", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881946", "type": "openvas", "title": "CentOS Update for openssl CESA-2014:0625 centos6", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for openssl CESA-2014:0625 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.881946\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-06-09 12:34:08 +0530 (Mon, 09 Jun 2014)\");\n script_cve_id(\"CVE-2010-5298\", \"CVE-2014-0195\", \"CVE-2014-0198\", \"CVE-2014-0221\",\n \"CVE-2014-0224\", \"CVE-2014-3470\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"CentOS Update for openssl CESA-2014:0625 centos6\");\n\n script_tag(name:\"affected\", value:\"openssl on CentOS 6\");\n script_tag(name:\"insight\", value:\"OpenSSL is a toolkit that implements the Secure Sockets Layer\n(SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nIt was found that OpenSSL clients and servers could be forced, via a\nspecially crafted handshake packet, to use weak keying material for\ncommunication. A man-in-the-middle attacker could use this flaw to decrypt\nand modify traffic between a client and a server. (CVE-2014-0224)\n\nNote: In order to exploit this flaw, both the server and the client must be\nusing a vulnerable version of OpenSSL the server must be using OpenSSL\nversion 1.0.1 and above, and the client must be using any version of\nOpenSSL. Please see the references or more information about this flaw.\n\nA buffer overflow flaw was found in the way OpenSSL handled invalid DTLS\npacket fragments. A remote attacker could possibly use this flaw to execute\narbitrary code on a DTLS client or server. (CVE-2014-0195)\n\nMultiple flaws were found in the way OpenSSL handled read and write buffers\nwhen the SSL_MODE_RELEASE_BUFFERS mode was enabled. A TLS/SSL client or\nserver using OpenSSL could crash or unexpectedly drop connections when\nprocessing certain SSL traffic. (CVE-2010-5298, CVE-2014-0198)\n\nA denial of service flaw was found in the way OpenSSL handled certain DTLS\nServerHello requests. A specially crafted DTLS handshake packet could cause\na DTLS client using OpenSSL to crash. (CVE-2014-0221)\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed\nanonymous Elliptic Curve Diffie Hellman (ECDH) key exchange. A specially\ncrafted handshake packet could cause a TLS/SSL client that has the\nanonymous ECDH cipher suite enabled to crash. (CVE-2014-3470)\n\nRed Hat would like to thank the OpenSSL project for reporting these issues.\nUpstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter\nof CVE-2014-0224, Jri Aedla as the original reporter of CVE-2014-0195,\nImre Rad of Search-Lab as the original reporter of CVE-2014-0221, and Felix\nGrbert and Ivan Fratri of Google as the original reporters of\nCVE-2014-3470.\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"CESA\", value:\"2014:0625\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2014-June/020344.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n script_xref(name:\"URL\", value:\"https://access.redhat.com/site/articles/904433\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~16.el6_5.14\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1e~16.el6_5.14\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~1.0.1e~16.el6_5.14\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-static\", rpm:\"openssl-static~1.0.1e~16.el6_5.14\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-25T12:18:45", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0076", "CVE-2014-0224", "CVE-2014-3470", "CVE-2010-5298", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221"], "description": "Multiple Vulnerabilities in OpenSSL", "modified": "2019-07-24T00:00:00", "published": "2015-02-11T00:00:00", "id": "OPENVAS:1361412562310105202", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310105202", "type": "openvas", "title": "FortiOS: Multiple Vulnerabilities in OpenSSL", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# FortiOS: Multiple Vulnerabilities in OpenSSL\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/h:fortinet:fortianalyzer\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.105202\");\n script_cve_id(\"CVE-2014-0224\", \"CVE-2014-0221\", \"CVE-2014-0195\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_version(\"2019-07-24T08:39:52+0000\");\n\n script_name(\"FortiOS: Multiple Vulnerabilities in OpenSSL\");\n\n script_xref(name:\"URL\", value:\"https://fortiguard.com/psirt/FG-IR-14-018\");\n\n script_tag(name:\"impact\", value:\"CVE-2014-0224 may allow an attacker with a privileged network position (man-in-the-middle) to decrypt SSL encrypted\ncommunications.\n\nCVE-2014-0221 may allow an attacker to crash a DTLS client with an invalid handshake.\n\nCVE-2014-0195 can result in a buffer overrun attack by sending invalid DTLS fragments to an OpenSSL DTLS client or server.\n\nCVE-2014-0198 and CVE-2010-5298 may allow an attacker to cause a denial of service under certain conditions, when SSL_MODE_RELEASE_BUFFERS\nis enabled.\n\nCVE-2014-3470 may allow an attacker to trigger a denial of service in SSL clients when anonymous ECDH ciphersuites are enabled. This issue\ndoes not affect Fortinet products.\n\nCVE-2014-0076 can be used to discover ECDSA nonces on multi-user systems by exploiting timing attacks in CPU L3 caches. This does not apply\nto Fortinet products.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"solution\", value:\"Upgrade to FortiAnalyzer 5.2.0/5.0.7 (build 321) or higher.\");\n\n script_tag(name:\"summary\", value:\"Multiple Vulnerabilities in OpenSSL\");\n\n script_tag(name:\"affected\", value:\"FortiAnalyzer < 5.2.0/5.0.7\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_tag(name:\"last_modification\", value:\"2019-07-24 08:39:52 +0000 (Wed, 24 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2015-02-11 12:17:13 +0100 (Wed, 11 Feb 2015)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"FortiOS Local Security Checks\");\n script_copyright(\"This script is Copyright (C) 2015 Greenbone Networks GmbH\");\n script_dependencies(\"gb_fortianalyzer_version.nasl\");\n script_mandatory_keys(\"fortianalyzer/version\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nversion = get_app_version( cpe:CPE );\nif( ! version )\n version = get_kb_item(\"fortianalyzer/version\");\n\nif( ! version ) exit( 0 );\n\nif( version =~ \"^5\\.2\" )\n fix = \"5.2.0\";\n\nelse if( version =~ \"^5\\.0\" )\n{\n fix = '5.0.7';\n build = get_kb_item(\"fortianalyzer/build\");\n if( build )\n {\n if( int( build ) >= 321 ) exit( 99 );\n }\n}\n\nif( ! fix ) exit( 0 );\n\nif( version_is_less( version:version, test_version:fix ) )\n{\n model = get_kb_item(\"fortianalyzer/model\");\n if( ! isnull( model ) ) report = 'Model: ' + model + '\\n';\n report += 'Installed Version: ' + version + '\\nFixed Version: ' + fix + '\\n';\n security_message( port:0, data:report );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-01T07:00:05", "description": "The remote host contains VMware OVF (Open Virtualization Format) Tool\nversion 3.x prior to 3.5.2. It is, therefore, affected by multiple\nvulnerabilities in the bundled version of OpenSSL :\n\n - An error exists in the 'ssl3_read_bytes' function\n that permits data to be injected into other sessions\n or allows denial of service attacks. Note that this\n issue is exploitable only if SSL_MODE_RELEASE_BUFFERS\n is enabled. (CVE-2010-5298)\n\n - An error exists in the 'do_ssl3_write' function that\n permits a NULL pointer to be dereferenced, which could\n allow denial of service attacks. Note that this issue\n is exploitable only if SSL_MODE_RELEASE_BUFFERS is\n enabled. (CVE-2014-0198)\n\n - An error exists in the processing of ChangeCipherSpec\n messages that allows the usage of weak keying material.\n This permits simplified man-in-the-middle attacks to be\n done. (CVE-2014-0224)\n\n - An error exists in the 'dtls1_get_message_fragment'\n function related to anonymous ECDH cipher suites. This\n could allow denial of service attacks. Note that this\n issue only affects OpenSSL TLS clients. (CVE-2014-3470)", "edition": 25, "published": "2014-08-20T00:00:00", "title": "VMware OVF Tool 3.x < 3.5.2 Multiple OpenSSL Vulnerabilities (VMSA-2014-0006)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2010-5298", "CVE-2014-0198"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:vmware:ovf_tool"], "id": "VMWARE_OVFTOOL_VMSA_2014-0006.NASL", "href": "https://www.tenable.com/plugins/nessus/77332", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(77332);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/11/25\");\n\n script_cve_id(\n \"CVE-2010-5298\",\n \"CVE-2014-0198\",\n \"CVE-2014-0224\",\n \"CVE-2014-3470\"\n );\n script_bugtraq_id(\n 66801,\n 67193,\n 67898,\n 67899\n );\n script_xref(name:\"CERT\", value:\"978508\");\n script_xref(name:\"VMSA\", value:\"2014-0006\");\n\n script_name(english:\"VMware OVF Tool 3.x < 3.5.2 Multiple OpenSSL Vulnerabilities (VMSA-2014-0006)\");\n script_summary(english:\"Checks the version of OVF Tool.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has an application installed that is affected\nby multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host contains VMware OVF (Open Virtualization Format) Tool\nversion 3.x prior to 3.5.2. It is, therefore, affected by multiple\nvulnerabilities in the bundled version of OpenSSL :\n\n - An error exists in the 'ssl3_read_bytes' function\n that permits data to be injected into other sessions\n or allows denial of service attacks. Note that this\n issue is exploitable only if SSL_MODE_RELEASE_BUFFERS\n is enabled. (CVE-2010-5298)\n\n - An error exists in the 'do_ssl3_write' function that\n permits a NULL pointer to be dereferenced, which could\n allow denial of service attacks. Note that this issue\n is exploitable only if SSL_MODE_RELEASE_BUFFERS is\n enabled. (CVE-2014-0198)\n\n - An error exists in the processing of ChangeCipherSpec\n messages that allows the usage of weak keying material.\n This permits simplified man-in-the-middle attacks to be\n done. (CVE-2014-0224)\n\n - An error exists in the 'dtls1_get_message_fragment'\n function related to anonymous ECDH cipher suites. This\n could allow denial of service attacks. Note that this\n issue only affects OpenSSL TLS clients. (CVE-2014-3470)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.vmware.com/security/advisories/VMSA-2014-0006.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20140605.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to VMware OVF Tool 3.5.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0224\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:vmware:ovf_tool\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"vmware_ovftool_installed.nasl\");\n script_require_keys(\"installed_sw/VMware OVF Tool\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nappname = \"VMware OVF Tool\";\n\nget_install_count(app_name:appname, exit_if_zero:TRUE);\ninstall = get_single_install(app_name:appname);\n\nversion = install['version'];\npath = install['path'];\n\nif (version !~ \"^3\\.[0-5]($|[^0-9])\") audit(AUDIT_NOT_INST, appname + \" 3.0.x - 3.5.x\");\n\nfixed_version = '3.5.2';\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) < 0)\n{\n port = get_kb_item('SMB/transport');\n if (!port) port = 445;\n\n if (report_verbosity > 0)\n {\n report +=\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version +\n '\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, appname, version, path);\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-01-01T07:00:07", "description": "The version of vCenter Chargeback Manager installed on the remote host\nis 2.6.0. It is, therefore, affected by the following OpenSSL related\nvulnerabilities :\n\n - An error exists in the function 'ssl3_read_bytes'\n that could allow data to be injected into other\n sessions or allow denial of service attacks. Note\n this issue is only exploitable if\n 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2010-5298)\n\n - An error exists in the function 'do_ssl3_write' that\n could allow a NULL pointer to be dereferenced leading to\n denial of service attacks. Note this issue is\n exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is\n enabled. (CVE-2014-0198)\n\n - An unspecified error exists that could allow an\n attacker to cause usage of weak keying material\n leading to simplified man-in-the-middle attacks.\n (CVE-2014-0224)\n\n - An unspecified error exists related to anonymous ECDH\n ciphersuites that could allow denial of service\n attacks. Note this issue only affects OpenSSL TLS\n clients. (CVE-2014-3470)", "edition": 25, "published": "2014-07-09T00:00:00", "title": "VMware vCenter Chargeback Manager Multiple OpenSSL Vulnerabilities (VMSA-2014-0006)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2010-5298", "CVE-2014-0198"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:vmware:vcenter_chargeback_manager"], "id": "VMWARE_VCENTER_CHARGEBACK_MANAGER_2601.NASL", "href": "https://www.tenable.com/plugins/nessus/76426", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76426);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/11/26\");\n\n script_cve_id(\n \"CVE-2010-5298\",\n \"CVE-2014-0198\",\n \"CVE-2014-0224\",\n \"CVE-2014-3470\"\n );\n script_bugtraq_id(\n 66801,\n 67193,\n 67898,\n 67899\n );\n script_xref(name:\"CERT\", value:\"978508\");\n script_xref(name:\"VMSA\", value:\"2014-0006\");\n\n script_name(english:\"VMware vCenter Chargeback Manager Multiple OpenSSL Vulnerabilities (VMSA-2014-0006)\");\n script_summary(english:\"Checks version of tcnative-1.dll.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has an application installed that is affected\nby multiple OpenSSL vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of vCenter Chargeback Manager installed on the remote host\nis 2.6.0. It is, therefore, affected by the following OpenSSL related\nvulnerabilities :\n\n - An error exists in the function 'ssl3_read_bytes'\n that could allow data to be injected into other\n sessions or allow denial of service attacks. Note\n this issue is only exploitable if\n 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2010-5298)\n\n - An error exists in the function 'do_ssl3_write' that\n could allow a NULL pointer to be dereferenced leading to\n denial of service attacks. Note this issue is\n exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is\n enabled. (CVE-2014-0198)\n\n - An unspecified error exists that could allow an\n attacker to cause usage of weak keying material\n leading to simplified man-in-the-middle attacks.\n (CVE-2014-0224)\n\n - An unspecified error exists related to anonymous ECDH\n ciphersuites that could allow denial of service\n attacks. Note this issue only affects OpenSSL TLS\n clients. (CVE-2014-3470)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.vmware.com/security/advisories/VMSA-2014-0006.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.vmware.com/pipermail/security-announce/2014/000255.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to VMware vCenter Chargeback Manager 2.6.0.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0224\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:vmware:vcenter_chargeback_manager\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"vmware_vcenter_chargeback_manager_installed.nasl\", \"smb_enum_services.nasl\");\n script_require_keys(\"SMB/VMware vCenter Chargeback Manager/Version\");\n script_require_ports(139, 445);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\n\napp = 'VMware vCenter Chargeback Manager';\nversion = get_kb_item_or_exit('SMB/'+app+'/Version');\npath = get_kb_item_or_exit('SMB/'+app+'/Path');\n\nif (version !~ '^2\\\\.6\\\\.') exit(0, \"The version of \"+app+\" installed is \"+version+\", not 2.6.\");\n\nif (report_paranoia < 2)\n{\n status = get_kb_item_or_exit('SMB/svc/vCenterCBtomcat');\n if (status != SERVICE_ACTIVE) exit(0, 'The vCenterCBtomcat service is installed but not active.');\n}\n\nif (hotfix_is_vulnerable(dir:\"\\apache-tomcat\\bin\", file:'tcnative-1.dll', path:path, version:'1.1.30.0'))\n{\n hotfix_security_warning();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_INST_PATH_NOT_VULN, app, version, path);\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-01-01T06:59:47", "description": "The remote VMware ESXi host is version 5.0 prior to build 1918656. It\nis, therefore, affected by the following vulnerabilities in the\nOpenSSL library :\n\n - An error exists in the function 'ssl3_read_bytes'\n that could allow data to be injected into other\n sessions or allow denial of service attacks. Note\n this issue is only exploitable if\n 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2010-5298)\n\n - An error exists in the function 'do_ssl3_write' that\n could allow a NULL pointer to be dereferenced leading\n to denial of service attacks. Note this issue is\n exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is\n enabled. (CVE-2014-0198)\n\n - An unspecified error exists that could allow an\n attacker to cause usage of weak keying material\n leading to simplified man-in-the-middle attacks.\n (CVE-2014-0224)\n\n - An unspecified error exists related to anonymous ECDH\n ciphersuites that could allow denial of service\n attacks. Note this issue only affects OpenSSL TLS\n clients. (CVE-2014-3470)", "edition": 26, "published": "2014-07-04T00:00:00", "title": "ESXi 5.0 < Build 1918656 OpenSSL Library Multiple Vulnerabilities (remote check)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2010-5298", "CVE-2014-0198"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:vmware:esxi:5.0"], "id": "VMWARE_ESXI_5_0_BUILD_1918656_REMOTE.NASL", "href": "https://www.tenable.com/plugins/nessus/76368", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76368);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2019/11/26\");\n\n script_cve_id(\n \"CVE-2010-5298\",\n \"CVE-2014-0198\",\n \"CVE-2014-0224\",\n \"CVE-2014-3470\"\n );\n script_bugtraq_id(\n 66801,\n 67193,\n 67898,\n 67899\n );\n script_xref(name:\"CERT\", value:\"978508\");\n script_xref(name:\"VMSA\", value:\"2014-0006\");\n\n script_name(english:\"ESXi 5.0 < Build 1918656 OpenSSL Library Multiple Vulnerabilities (remote check)\");\n script_summary(english:\"Checks the ESXi version and build number.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote VMware ESXi 5.0 host is affected by multiple security\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote VMware ESXi host is version 5.0 prior to build 1918656. It\nis, therefore, affected by the following vulnerabilities in the\nOpenSSL library :\n\n - An error exists in the function 'ssl3_read_bytes'\n that could allow data to be injected into other\n sessions or allow denial of service attacks. Note\n this issue is only exploitable if\n 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2010-5298)\n\n - An error exists in the function 'do_ssl3_write' that\n could allow a NULL pointer to be dereferenced leading\n to denial of service attacks. Note this issue is\n exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is\n enabled. (CVE-2014-0198)\n\n - An unspecified error exists that could allow an\n attacker to cause usage of weak keying material\n leading to simplified man-in-the-middle attacks.\n (CVE-2014-0224)\n\n - An unspecified error exists related to anonymous ECDH\n ciphersuites that could allow denial of service\n attacks. Note this issue only affects OpenSSL TLS\n clients. (CVE-2014-3470)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.vmware.com/security/advisories/VMSA-2014-0006.html\");\n # https://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&externalId=2078807\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c7cdd0f9\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20140605.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply patch ESXi500-201407001 for ESXi 5.0.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0224\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi:5.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"vmware_vsphere_detect.nbin\");\n script_require_keys(\"Host/VMware/version\", \"Host/VMware/release\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nver = get_kb_item_or_exit(\"Host/VMware/version\");\nrel = get_kb_item_or_exit(\"Host/VMware/release\");\n\nif (\"ESXi\" >!< rel) audit(AUDIT_OS_NOT, \"ESXi\");\nif (\"VMware ESXi 5.0\" >!< rel) audit(AUDIT_OS_NOT, \"ESXi 5.0\");\n\nmatch = eregmatch(pattern:'^VMware ESXi.*build-([0-9]+)$', string:rel);\nif (isnull(match)) exit(1, 'Failed to extract the ESXi build number.');\n\nbuild = int(match[1]);\nfixed_build = 1918656;\n\nif (build < fixed_build)\n{\n if (report_verbosity > 0)\n {\n report = '\\n ESXi version : ' + ver +\n '\\n Installed build : ' + build +\n '\\n Fixed build : ' + fixed_build +\n '\\n';\n security_warning(port:0, extra:report);\n }\n else security_warning(0);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, \"VMware ESXi\", ver - \"ESXi \" + \" build \" + build);\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-01-01T07:00:22", "description": "The version of VMware Workstation installed on the remote host is\nversion 9.x prior to 9.0.4 or 10.x prior to 10.0.3. It is, therefore,\naffected by the following vulnerabilities in the OpenSSL library :\n\n - An error exists in the function 'ssl3_read_bytes'\n that could allow data to be injected into other\n sessions or allow denial of service attacks. Note\n this issue is only exploitable if\n 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2010-5298)\n\n - An error exists in the function 'do_ssl3_write' that\n could allow a NULL pointer to be dereferenced leading\n to denial of service attacks. Note this issue is\n exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is\n enabled. (CVE-2014-0198)\n\n - An unspecified error exists that could allow an\n attacker to cause usage of weak keying material\n leading to simplified man-in-the-middle attacks.\n (CVE-2014-0224)\n\n - An unspecified error exists related to anonymous ECDH\n ciphersuites that could allow denial of service\n attacks. Note this issue only affects OpenSSL TLS\n clients. (CVE-2014-3470)", "edition": 25, "published": "2014-07-10T00:00:00", "title": "VMware Workstation < 9.0.4 / 10.0.3 OpenSSL Library Multiple Vulnerabilities (Windows)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2010-5298", "CVE-2014-0198"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:vmware:workstation"], "id": "VMWARE_WORKSTATION_MULTIPLE_VMSA_2014_0006.NASL", "href": "https://www.tenable.com/plugins/nessus/76456", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76456);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/11/26\");\n\n script_cve_id(\n \"CVE-2010-5298\",\n \"CVE-2014-0198\",\n \"CVE-2014-0224\",\n \"CVE-2014-3470\"\n );\n script_bugtraq_id(\n 66801,\n 67193,\n 67898,\n 67899\n );\n script_xref(name:\"CERT\", value:\"978508\");\n script_xref(name:\"VMSA\", value:\"2014-0006\");\n\n script_name(english:\"VMware Workstation < 9.0.4 / 10.0.3 OpenSSL Library Multiple Vulnerabilities (Windows)\");\n script_summary(english:\"Checks the VMware Workstation version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has a virtualization application that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of VMware Workstation installed on the remote host is\nversion 9.x prior to 9.0.4 or 10.x prior to 10.0.3. It is, therefore,\naffected by the following vulnerabilities in the OpenSSL library :\n\n - An error exists in the function 'ssl3_read_bytes'\n that could allow data to be injected into other\n sessions or allow denial of service attacks. Note\n this issue is only exploitable if\n 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2010-5298)\n\n - An error exists in the function 'do_ssl3_write' that\n could allow a NULL pointer to be dereferenced leading\n to denial of service attacks. Note this issue is\n exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is\n enabled. (CVE-2014-0198)\n\n - An unspecified error exists that could allow an\n attacker to cause usage of weak keying material\n leading to simplified man-in-the-middle attacks.\n (CVE-2014-0224)\n\n - An unspecified error exists related to anonymous ECDH\n ciphersuites that could allow denial of service\n attacks. Note this issue only affects OpenSSL TLS\n clients. (CVE-2014-3470)\");\n # http://lists.vmware.com/pipermail/security-announce/2014/000253.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4357b8a5\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.vmware.com/security/advisories/VMSA-2014-0006.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.openssl.org/news/vulnerabilities.html#CVE-2010-5298\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.openssl.org/news/vulnerabilities.html#CVE-2014-0198\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.openssl.org/news/vulnerabilities.html#CVE-2014-0224\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.openssl.org/news/vulnerabilities.html#CVE-2014-3470\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to VMware Workstation 9.0.4 / 10.0.3 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0224\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/04/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:vmware:workstation\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"vmware_workstation_detect.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\", \"VMware/Workstation/Version\", \"VMware/Workstation/Path\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\n\nappname = 'VMware Workstation';\n\nversion = get_kb_item(\"VMware/Workstation/Version\");\nif (isnull(version)) audit(AUDIT_NOT_INST, appname);\n\npath = get_kb_item_or_exit(\"VMware/Workstation/Path\");\n\nfix = \"9.0.4 / 10.0.3\";\nif (\n version =~ \"^10\\.\" && ver_compare(ver:version, fix:\"10.0.3\", strict:FALSE) == -1 ||\n version =~ \"^9\\.\" && ver_compare(ver:version, fix:\"9.0.4\", strict:FALSE) == -1\n)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n if (report_verbosity >0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix + '\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n exit(0);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, appname, version, path);\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-09-22T10:55:14", "description": "The version of VMware Workstation installed on the remote host is\nversion 9.x prior to 9.0.4 or 10.x prior to 10.0.3. It is, therefore,\naffected by the following vulnerabilities in the OpenSSL library :\n\n - An error exists in the function 'ssl3_read_bytes'\n that could allow data to be injected into other\n sessions or allow denial of service attacks. Note\n this issue is only exploitable if\n 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2010-5298)\n\n - An error exists in the function 'do_ssl3_write' that\n could allow a NULL pointer to be dereferenced leading\n to denial of service attacks. Note this issue is\n exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is\n enabled. (CVE-2014-0198)\n\n - An unspecified error exists that could allow an\n attacker to cause usage of weak keying material\n leading to simplified man-in-the-middle attacks.\n (CVE-2014-0224)\n\n - An unspecified error exists related to anonymous ECDH\n ciphersuites that could allow denial of service\n attacks. Note this issue only affects OpenSSL TLS\n clients. (CVE-2014-3470)", "edition": 22, "published": "2014-07-10T00:00:00", "title": "VMware Workstation < 9.0.4 / 10.0.3 OpenSSL Library Multiple Vulnerabilities (Linux)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2010-5298", "CVE-2014-0198"], "modified": "2014-07-10T00:00:00", "cpe": ["cpe:/a:vmware:workstation"], "id": "VMWARE_WORKSTATION_LINUX_10_0_3.NASL", "href": "https://www.tenable.com/plugins/nessus/76455", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76455);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/21\");\n\n script_cve_id(\n \"CVE-2010-5298\",\n \"CVE-2014-0198\",\n \"CVE-2014-0224\",\n \"CVE-2014-3470\"\n );\n script_bugtraq_id(\n 66801,\n 67193,\n 67898,\n 67899\n );\n script_xref(name:\"CERT\", value:\"978508\");\n script_xref(name:\"VMSA\", value:\"2014-0006\");\n\n script_name(english:\"VMware Workstation < 9.0.4 / 10.0.3 OpenSSL Library Multiple Vulnerabilities (Linux)\");\n script_summary(english:\"Checks the VMware Workstation version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has a virtualization application that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of VMware Workstation installed on the remote host is\nversion 9.x prior to 9.0.4 or 10.x prior to 10.0.3. It is, therefore,\naffected by the following vulnerabilities in the OpenSSL library :\n\n - An error exists in the function 'ssl3_read_bytes'\n that could allow data to be injected into other\n sessions or allow denial of service attacks. Note\n this issue is only exploitable if\n 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2010-5298)\n\n - An error exists in the function 'do_ssl3_write' that\n could allow a NULL pointer to be dereferenced leading\n to denial of service attacks. Note this issue is\n exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is\n enabled. (CVE-2014-0198)\n\n - An unspecified error exists that could allow an\n attacker to cause usage of weak keying material\n leading to simplified man-in-the-middle attacks.\n (CVE-2014-0224)\n\n - An unspecified error exists related to anonymous ECDH\n ciphersuites that could allow denial of service\n attacks. Note this issue only affects OpenSSL TLS\n clients. (CVE-2014-3470)\");\n # http://lists.vmware.com/pipermail/security-announce/2014/000253.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4357b8a5\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.vmware.com/security/advisories/VMSA-2014-0006.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.openssl.org/news/vulnerabilities.html#CVE-2010-5298\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.openssl.org/news/vulnerabilities.html#CVE-2014-0198\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.openssl.org/news/vulnerabilities.html#CVE-2014-0224\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.openssl.org/news/vulnerabilities.html#CVE-2014-3470\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to VMware Workstation 9.0.4 / 10.0.3 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0224\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/04/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:vmware:workstation\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"General\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"vmware_workstation_linux_installed.nbin\");\n script_require_keys(\"Host/VMware Workstation/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit(\"Host/VMware Workstation/Version\");\n\nfixed = \"9.0.4 / 10.0.3\";\nif (\n version =~ \"^10\\.\" && ver_compare(ver:version, fix:\"10.0.3\", strict:FALSE) == -1 ||\n version =~ \"^9\\.\" && ver_compare(ver:version, fix:\"9.0.4\", strict:FALSE) == -1\n)\n{\n if (report_verbosity > 0)\n {\n report +=\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed +\n '\\n';\n security_warning(port:0, extra:report);\n }\n else security_warning(0);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, \"VMware Workstation\", version);\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-01-01T06:59:55", "description": "The remote VMware ESXi host is 5.5 prior to build 1881737. It is,\ntherefore, affected by the following vulnerabilities in the OpenSSL\nlibrary :\n\n - An error exists in the function 'ssl3_read_bytes'\n that could allow data to be injected into other\n sessions or allow denial of service attacks. Note\n this issue is only exploitable if\n 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2010-5298)\n\n - An error exists in the function 'do_ssl3_write' that\n could allow a NULL pointer to be dereferenced leading to\n denial of service attacks. Note this issue is\n exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is\n enabled. (CVE-2014-0198)\n\n - An unspecified error exists that could allow an\n attacker to cause usage of weak keying material\n leading to simplified man-in-the-middle attacks.\n (CVE-2014-0224)\n\n - An unspecified error exists related to anonymous ECDH\n ciphersuites that could allow denial of service\n attacks. Note this issue only affects OpenSSL TLS\n clients. (CVE-2014-3470)", "edition": 26, "published": "2014-06-11T00:00:00", "title": "ESXi 5.5 < Build 1881737 OpenSSL Library Multiple Vulnerabilities (remote check)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2010-5298", "CVE-2014-0198"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:vmware:esxi:5.5"], "id": "VMWARE_ESXI_5_5_BUILD_1881737_REMOTE.NASL", "href": "https://www.tenable.com/plugins/nessus/74470", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74470);\n script_version(\"1.17\");\n script_cvs_date(\"Date: 2019/11/26\");\n\n script_cve_id(\n \"CVE-2010-5298\",\n \"CVE-2014-0198\",\n \"CVE-2014-0224\",\n \"CVE-2014-3470\"\n );\n script_bugtraq_id(\n 66801,\n 67193,\n 67898,\n 67899\n );\n script_xref(name:\"CERT\", value:\"978508\");\n script_xref(name:\"VMSA\", value:\"2014-0006\");\n\n script_name(english:\"ESXi 5.5 < Build 1881737 OpenSSL Library Multiple Vulnerabilities (remote check)\");\n script_summary(english:\"Checks ESXi version and build number.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote VMware ESXi 5.5 host is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote VMware ESXi host is 5.5 prior to build 1881737. It is,\ntherefore, affected by the following vulnerabilities in the OpenSSL\nlibrary :\n\n - An error exists in the function 'ssl3_read_bytes'\n that could allow data to be injected into other\n sessions or allow denial of service attacks. Note\n this issue is only exploitable if\n 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2010-5298)\n\n - An error exists in the function 'do_ssl3_write' that\n could allow a NULL pointer to be dereferenced leading to\n denial of service attacks. Note this issue is\n exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is\n enabled. (CVE-2014-0198)\n\n - An unspecified error exists that could allow an\n attacker to cause usage of weak keying material\n leading to simplified man-in-the-middle attacks.\n (CVE-2014-0224)\n\n - An unspecified error exists related to anonymous ECDH\n ciphersuites that could allow denial of service\n attacks. Note this issue only affects OpenSSL TLS\n clients. (CVE-2014-3470)\");\n # https://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&externalId=2077359\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?33995d5d\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20140605.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply patch ESXi550-201406001 for ESXi 5.5.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0224\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi:5.5\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is (C) 2014-2019 Tenable Network Security, Inc.\");\n\n script_dependencies(\"vmware_vsphere_detect.nbin\");\n script_require_keys(\"Host/VMware/version\", \"Host/VMware/release\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nver = get_kb_item_or_exit(\"Host/VMware/version\");\nrel = get_kb_item_or_exit(\"Host/VMware/release\");\n\nif (\"ESXi\" >!< rel) audit(AUDIT_OS_NOT, \"ESXi\");\nif (\"VMware ESXi 5.5\" >!< rel) audit(AUDIT_OS_NOT, \"ESXi 5.5\");\n\nmatch = eregmatch(pattern:'^VMware ESXi.*build-([0-9]+)$', string:rel);\nif (isnull(match)) exit(1, 'Failed to extract the ESXi build number.');\n\nbuild = int(match[1]);\nfixed_build = 1881737;\n\nif (build < fixed_build)\n{\n if (report_verbosity > 0)\n {\n report = '\\n ESXi version : ' + ver +\n '\\n Installed build : ' + build +\n '\\n Fixed build : ' + fixed_build +\n '\\n';\n security_warning(port:0, extra:report);\n }\n else security_warning(0);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, \"VMware ESXi\", ver - \"ESXi \" + \" build \" + build);\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-01-01T04:55:03", "description": "The version of Pivotal Web Server (formerly VMware vFabric Web Server)\ninstalled on the remote host is version 5.x prior to 5.4.1. It is,\ntherefore, affected by multiple vulnerabilities in the bundled version\nof OpenSSL :\n\n - An error exists in the 'ssl3_read_bytes' function\n that permits data to be injected into other sessions\n or allows denial of service attacks. Note that this\n issue is exploitable only if SSL_MODE_RELEASE_BUFFERS\n is enabled. (CVE-2010-5298)\n\n - An error exists in the 'do_ssl3_write' function that\n permits a null pointer to be dereferenced, which could\n allow denial of service attacks. Note that this issue\n is exploitable only if SSL_MODE_RELEASE_BUFFERS is\n enabled. (CVE-2014-0198)\n\n - An error exists in the processing of ChangeCipherSpec\n messages that allows the usage of weak keying material.\n This permits simplified man-in-the-middle attacks to be\n done. (CVE-2014-0224)\n\n - An error exists in the 'dtls1_get_message_fragment'\n function related to anonymous ECDH cipher suites. This\n could allow denial of service attacks. Note that this\n issue only affects OpenSSL TLS clients. (CVE-2014-3470)\n\nNote that Nessus did not actually test for these issues, but has\ninstead relied on the version in the server's banner.", "edition": 27, "published": "2014-08-26T00:00:00", "title": "Pivotal Web Server 5.x < 5.4.1 Multiple OpenSSL Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2010-5298", "CVE-2014-0198"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:pivotal:pivotal_web_server", "cpe:/a:vmware:vfabric_web_server"], "id": "PIVOTAL_WEBSERVER_5_4_1.NASL", "href": "https://www.tenable.com/plugins/nessus/77389", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(77389);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/11/25\");\n\n script_cve_id(\n \"CVE-2010-5298\",\n \"CVE-2014-0198\",\n \"CVE-2014-0224\",\n \"CVE-2014-3470\"\n );\n script_bugtraq_id(\n 66801,\n 67193,\n 67898,\n 67899\n );\n script_xref(name:\"CERT\", value:\"978508\");\n script_xref(name:\"VMSA\", value:\"2014-0006\");\n\n script_name(english:\"Pivotal Web Server 5.x < 5.4.1 Multiple OpenSSL Vulnerabilities\");\n script_summary(english:\"Checks the version in the server response header.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server has an application installed that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Pivotal Web Server (formerly VMware vFabric Web Server)\ninstalled on the remote host is version 5.x prior to 5.4.1. It is,\ntherefore, affected by multiple vulnerabilities in the bundled version\nof OpenSSL :\n\n - An error exists in the 'ssl3_read_bytes' function\n that permits data to be injected into other sessions\n or allows denial of service attacks. Note that this\n issue is exploitable only if SSL_MODE_RELEASE_BUFFERS\n is enabled. (CVE-2010-5298)\n\n - An error exists in the 'do_ssl3_write' function that\n permits a null pointer to be dereferenced, which could\n allow denial of service attacks. Note that this issue\n is exploitable only if SSL_MODE_RELEASE_BUFFERS is\n enabled. (CVE-2014-0198)\n\n - An error exists in the processing of ChangeCipherSpec\n messages that allows the usage of weak keying material.\n This permits simplified man-in-the-middle attacks to be\n done. (CVE-2014-0224)\n\n - An error exists in the 'dtls1_get_message_fragment'\n function related to anonymous ECDH cipher suites. This\n could allow denial of service attacks. Note that this\n issue only affects OpenSSL TLS clients. (CVE-2014-3470)\n\nNote that Nessus did not actually test for these issues, but has\ninstead relied on the version in the server's banner.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.vmware.com/security/advisories/VMSA-2014-0006.html\");\n # https://my.vmware.com/web/vmware/details?downloadGroup=VF_530_PVTL_WSVR_541&productId=335&rPId=6214\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?80b8e207\");\n script_set_attribute(attribute:\"see_also\", value:\"https://pivotal.io/security/cve-2014-0224\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20140605.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to version 5.4.1 / 6.0 or later.\n\nAlternatively, apply the vendor patch and restart the service.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0224\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/26\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:vmware:vfabric_web_server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:pivotal:pivotal_web_server\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"pivotal_webserver_version.nbin\");\n script_require_keys(\"installed_sw/Pivotal Web Server\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"install_func.inc\");\n\napp_name = \"Pivotal Web Server\";\nget_install_count(app_name:app_name, exit_if_zero:TRUE);\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nport = get_http_port(default:80);\n\ninstall = get_single_install(app_name:app_name, port:port);\nversion = install['version'];\nsource = install['Source'];\n\nif (version !~ \"^5\\.\") audit(AUDIT_NOT_LISTEN, app_name + \" 5.x\", port);\n\n# Affected :\n# vFabric Web Server 5.0.x, 5.1.x, 5.2.x, 5.3.x\n# Pivotal Web Server 5.4.0\nif (\n # 5.x < 5.4\n version =~ \"^5\\.[0-3]($|[^0-9])\"\n ||\n # 5.4.x < 5.4.1\n version =~ \"^5\\.4\\.0($|[^0-9])\"\n)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Version source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 5.4.1 / 6.0\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, app_name, port, version);\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-01-01T07:00:20", "description": "The VMware vSphere Replication installed on the remote host is version\n5.5.x prior to 5.5.1.1, or else it is version 5.6.x. It is, therefore,\naffected by the following OpenSSL related vulnerabilities :\n\n - An error exists in the function 'ssl3_read_bytes' that\n could allow data to be injected into other sessions or\n allow denial of service attacks. Note that this issue\n is exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is\n enabled. (CVE-2010-5298)\n\n - An error exists in the function 'do_ssl3_write' that\n could allow a NULL pointer to be dereferenced leading to\n denial of service attacks. Note that this issue is\n exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is\n enabled. (CVE-2014-0198)\n\n - An unspecified error exists that could allow an attacker\n to cause usage of weak keying material leading to\n simplified man-in-the-middle attacks. (CVE-2014-0224)\n\n - An unspecified error exists related to anonymous ECDH\n cipher suites that could allow denial of service\n attacks. Note that this issue only affects OpenSSL TLS\n clients. (CVE-2014-3470)", "edition": 25, "published": "2014-10-02T00:00:00", "title": "VMware vSphere Replication Multiple OpenSSL Vulnerabilities (VMSA-2014-0006)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2010-5298", "CVE-2014-0198"], "modified": "2021-01-02T00:00:00", "cpe": ["x-cpe:/a:vmware:vsphere_replication"], "id": "VMWARE_VSPHERE_REPLICATION_VMSA_2014_0006.NASL", "href": "https://www.tenable.com/plugins/nessus/78024", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78024);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/11/25\");\n\n script_cve_id(\n \"CVE-2010-5298\",\n \"CVE-2014-0198\",\n \"CVE-2014-0224\",\n \"CVE-2014-3470\"\n );\n script_bugtraq_id(\n 66801,\n 67193,\n 67898,\n 67899\n );\n script_xref(name:\"CERT\", value:\"978508\");\n script_xref(name:\"VMSA\", value:\"2014-0006\");\n\n script_name(english:\"VMware vSphere Replication Multiple OpenSSL Vulnerabilities (VMSA-2014-0006)\");\n script_summary(english:\"Checks the version of vSphere Replication.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has a virtualization appliance installed that is\naffected by multiple OpenSSL vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The VMware vSphere Replication installed on the remote host is version\n5.5.x prior to 5.5.1.1, or else it is version 5.6.x. It is, therefore,\naffected by the following OpenSSL related vulnerabilities :\n\n - An error exists in the function 'ssl3_read_bytes' that\n could allow data to be injected into other sessions or\n allow denial of service attacks. Note that this issue\n is exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is\n enabled. (CVE-2010-5298)\n\n - An error exists in the function 'do_ssl3_write' that\n could allow a NULL pointer to be dereferenced leading to\n denial of service attacks. Note that this issue is\n exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is\n enabled. (CVE-2014-0198)\n\n - An unspecified error exists that could allow an attacker\n to cause usage of weak keying material leading to\n simplified man-in-the-middle attacks. (CVE-2014-0224)\n\n - An unspecified error exists related to anonymous ECDH\n cipher suites that could allow denial of service\n attacks. Note that this issue only affects OpenSSL TLS\n clients. (CVE-2014-3470)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.vmware.com/security/advisories/VMSA-2014-0006.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to vSphere Replication 5.5.1.1 / 5.8 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0224\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/a:vmware:vsphere_replication\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/VMware vSphere Replication/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit(\"Host/VMware vSphere Replication/Version\");\nverui = get_kb_item_or_exit(\"Host/VMware vSphere Replication/VerUI\");\n\nif (version =~ '^5\\\\.[56]\\\\.')\n{\n build = get_kb_item_or_exit(\"Host/VMware vSphere Replication/Build\");\n if (version =~ '^5\\\\.5\\\\.' && int(build) < 1879843) fix = '5.5.1 Build 1879843';\n else if (version =~ '^5\\\\.6\\\\.') fix = '5.8.0 Build 2055179';\n}\n\nif (fix)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Installed version : ' + verui +\n '\\n Fixed version : ' + fix + '\\n';\n security_warning(port:0, extra:report);\n }\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, 'VMware vSphere Replication', verui);\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-01-01T06:59:53", "description": "The remote VMware ESXi host is version 5.1 prior to build 1900470. It\nis, therefore, affected by the following vulnerabilities in the\nOpenSSL library :\n\n - An error exists in the function 'ssl3_read_bytes'\n that could allow data to be injected into other\n sessions or allow denial of service attacks. Note\n this issue is only exploitable if\n 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2010-5298)\n\n - An error exists in the function 'do_ssl3_write' that\n could allow a NULL pointer to be dereferenced leading\n to denial of service attacks. Note this issue is\n exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is\n enabled. (CVE-2014-0198)\n\n - An unspecified error exists that could allow an\n attacker to cause usage of weak keying material\n leading to simplified man-in-the-middle attacks.\n (CVE-2014-0224)\n\n - An unspecified error exists related to anonymous ECDH\n ciphersuites that could allow denial of service\n attacks. Note this issue only affects OpenSSL TLS\n clients. (CVE-2014-3470)", "edition": 26, "published": "2014-06-24T00:00:00", "title": "ESXi 5.1 < Build 1900470 OpenSSL Library Multiple Vulnerabilities (remote check)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2010-5298", "CVE-2014-0198"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:vmware:esxi:5.1"], "id": "VMWARE_ESXI_5_1_BUILD_1900470_REMOTE.NASL", "href": "https://www.tenable.com/plugins/nessus/76203", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76203);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2019/11/26\");\n\n script_cve_id(\n \"CVE-2010-5298\",\n \"CVE-2014-0198\",\n \"CVE-2014-0224\",\n \"CVE-2014-3470\"\n );\n script_bugtraq_id(\n 66801,\n 67193,\n 67898,\n 67899\n );\n script_xref(name:\"CERT\", value:\"978508\");\n script_xref(name:\"VMSA\", value:\"2014-0006\");\n\n script_name(english:\"ESXi 5.1 < Build 1900470 OpenSSL Library Multiple Vulnerabilities (remote check)\");\n script_summary(english:\"Checks ESXi version and build number.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote VMware ESXi 5.1 host is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote VMware ESXi host is version 5.1 prior to build 1900470. It\nis, therefore, affected by the following vulnerabilities in the\nOpenSSL library :\n\n - An error exists in the function 'ssl3_read_bytes'\n that could allow data to be injected into other\n sessions or allow denial of service attacks. Note\n this issue is only exploitable if\n 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2010-5298)\n\n - An error exists in the function 'do_ssl3_write' that\n could allow a NULL pointer to be dereferenced leading\n to denial of service attacks. Note this issue is\n exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is\n enabled. (CVE-2014-0198)\n\n - An unspecified error exists that could allow an\n attacker to cause usage of weak keying material\n leading to simplified man-in-the-middle attacks.\n (CVE-2014-0224)\n\n - An unspecified error exists related to anonymous ECDH\n ciphersuites that could allow denial of service\n attacks. Note this issue only affects OpenSSL TLS\n clients. (CVE-2014-3470)\");\n # https://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&externalId=2077640\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c3440b63\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20140605.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply patch ESXi510-201406401-SG for ESXi 5.1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0224\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi:5.1\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"vmware_vsphere_detect.nbin\");\n script_require_keys(\"Host/VMware/version\", \"Host/VMware/release\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nver = get_kb_item_or_exit(\"Host/VMware/version\");\nrel = get_kb_item_or_exit(\"Host/VMware/release\");\n\nif (\"ESXi\" >!< rel) audit(AUDIT_OS_NOT, \"ESXi\");\nif (\"VMware ESXi 5.1\" >!< rel) audit(AUDIT_OS_NOT, \"ESXi 5.1\");\n\nmatch = eregmatch(pattern:'^VMware ESXi.*build-([0-9]+)$', string:rel);\nif (isnull(match)) exit(1, 'Failed to extract the ESXi build number.');\n\nbuild = int(match[1]);\nfixed_build = 1900470;\n\nif (build < fixed_build)\n{\n if (report_verbosity > 0)\n {\n report = '\\n ESXi version : ' + ver +\n '\\n Installed build : ' + build +\n '\\n Fixed build : ' + fixed_build +\n '\\n';\n security_warning(port:0, extra:report);\n }\n else security_warning(0);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, \"VMware ESXi\", ver - \"ESXi \" + \" build \" + build);\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-01-01T07:00:26", "description": "The version of vSphere Client installed on the remote Windows host is\nis affected by the following vulnerabilities in the OpenSSL library :\n\n - An error exists in the function 'ssl3_read_bytes'\n that could allow data to be injected into other\n sessions or allow denial of service attacks. Note\n this issue is only exploitable if\n 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2010-5298)\n\n - An error exists in the function 'do_ssl3_write' that\n could allow a NULL pointer to be dereferenced leading to\n denial of service attacks. Note this issue is\n exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is\n enabled. (CVE-2014-0198)\n\n - An unspecified error exists that could allow an\n attacker to cause usage of weak keying material\n leading to simplified man-in-the-middle attacks.\n (CVE-2014-0224)\n\n - An unspecified error exists related to anonymous ECDH\n ciphersuites that could allow denial of service\n attacks. Note this issue only affects OpenSSL TLS\n clients. (CVE-2014-3470)", "edition": 26, "published": "2014-07-03T00:00:00", "title": "VMware vSphere Client Multiple Vulnerabilities (VMSA-2014-0006)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2010-5298", "CVE-2014-0198"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:vmware:vsphere_client"], "id": "VSPHERE_CLIENT_VMSA_2014-0006.NASL", "href": "https://www.tenable.com/plugins/nessus/76355", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76355);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/11/26\");\n\n script_cve_id(\n \"CVE-2010-5298\",\n \"CVE-2014-0198\",\n \"CVE-2014-0224\",\n \"CVE-2014-3470\"\n );\n script_bugtraq_id(\n 66801,\n 67193,\n 67898,\n 67899\n );\n script_xref(name:\"CERT\", value:\"978508\");\n script_xref(name:\"VMSA\", value:\"2014-0006\");\n\n script_name(english:\"VMware vSphere Client Multiple Vulnerabilities (VMSA-2014-0006)\");\n script_summary(english:\"Checks the version of vSphere Client.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has a virtualization client application installed that\nis affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of vSphere Client installed on the remote Windows host is\nis affected by the following vulnerabilities in the OpenSSL library :\n\n - An error exists in the function 'ssl3_read_bytes'\n that could allow data to be injected into other\n sessions or allow denial of service attacks. Note\n this issue is only exploitable if\n 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2010-5298)\n\n - An error exists in the function 'do_ssl3_write' that\n could allow a NULL pointer to be dereferenced leading to\n denial of service attacks. Note this issue is\n exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is\n enabled. (CVE-2014-0198)\n\n - An unspecified error exists that could allow an\n attacker to cause usage of weak keying material\n leading to simplified man-in-the-middle attacks.\n (CVE-2014-0224)\n\n - An unspecified error exists related to anonymous ECDH\n ciphersuites that could allow denial of service\n attacks. Note this issue only affects OpenSSL TLS\n clients. (CVE-2014-3470)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.vmware.com/security/advisories/VMSA-2014-0006.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20140605.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to vSphere Client 5.0 Update 3a / 5.1 Update 2a / 5.5 Update\n1b or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0224\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:vmware:vsphere_client\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"vsphere_client_installed.nasl\");\n script_require_keys(\"SMB/VMware vSphere Client/Installed\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\ninstalls = get_kb_list_or_exit(\"SMB/VMware vSphere Client/*/Path\");\n\ninfo = '';\nunaffected = make_list();\nvuln = 0;\n\nforeach version (keys(installs))\n{\n path = installs[version];\n version = version - 'SMB/VMware vSphere Client/' - '/Path';\n matches = eregmatch(pattern:'^([0-9\\\\.]+) build ([0-9]+)$', string:version);\n if (matches)\n {\n ver = matches[1];\n build = matches[2];\n }\n if (ver =~ '^5\\\\.5\\\\.0$' && int(build) < 1880841)\n {\n vuln++;\n info +=\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 5.5.0 build 1880841\\n';\n }\n else if (ver =~ '^5\\\\.1\\\\.0$' && int(build) < 1880906)\n {\n vuln++;\n info +=\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 5.1.0 build 1880906\\n';\n }\n else if (ver =~ '^5\\\\.0\\\\.0$' && int(build) < 1917469)\n {\n vuln++;\n info +=\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 5.0.0 build 1917469\\n';\n }\n else\n unaffected = make_list(unaffected, version);\n}\n\nif (vuln)\n{\n port = get_kb_item('SMB/transport');\n if (!port) port = 445;\n\n if (report_verbosity > 0) security_warning(port:port, extra:info);\n else security_warning(port);\n exit(0);\n}\n\nif (max_index(unaffected) > 0) audit(AUDIT_INST_VER_NOT_VULN, \"VMware vSphere Client\", unaffected);\nelse exit(1, 'Unexpected error - \\'unaffected\\' is empty.');\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}], "ics": [{"lastseen": "2020-12-18T03:22:24", "bulletinFamily": "info", "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2010-5298", "CVE-2014-0198"], "description": "## OVERVIEW\n\nThis updated advisory is a follow-up to the updated advisory titled ICSA-14-198-03F Siemens OpenSSL Vulnerabilities that was published October 16, 2014, on the NCCIC/ICS-CERT web site.\n\n### **\\--------- Begin Update G Part 1 of 3 --------**\n\nSiemens has identified four vulnerabilities in its OpenSSL cryptographic software library affecting several Siemens industrial products. Updates are available for APE 2.0.2, S7-1500, WinCC OA (PVSS), CP1543-1, Ruggedcom ROX 1, and ROX 2-based products.\n\n### **\\--------- End Update G Part 1 of 3 ----------**\n\nThese vulnerabilities could be exploited remotely. Exploits that target OpenSSL vulnerabilities are publicly available. ICS-CERT is unaware of any OpenSSL exploits that target Siemens\u2019 products specifically.\n\n## AFFECTED PRODUCTS\n\nThe following Siemens products are affected:\n\n### **\\--------- Begin Update G Part 2 of 3 --------**\n\n * APE (only affected if SSL/TLS component is used):\n * APE stand-alone: All versions prior to V2.0.2,\n * ELAN on APE: All versions prior to V8.4.0,\n * CP1543-1: prior to Version 1.1.25,\n * ROX 1: all versions prior to V1.16.1 (only affected if Crossbow is installed),\n * ROX 2: all versions prior to V2.6.0 (only affected if ELAN or Crossbow is installed),\n * Crossbow: All versions prior to V4.2.3\n * ELAN: All versions prior to V8.4.0\n * S7-1500: versions prior to Version 1.6, and\n * WinCC OA (PVSS): Version 3.12-P001\u20133.12-P008\n\n### **\\--------- End Update G Part 2 of 3 ----------**\n\n## IMPACT\n\nThe vulnerabilities identified could impact authenticity, integrity, and availability of affected devices. The man-in-the-middle attack could allow an attacker to hijack a session between an authorized user and the device. The other vulnerabilities reported could impact the availability of the device by causing the web server of the product to crash.\n\nImpact to individual organizations depends on many factors that are unique to each organization. ICS-CERT recommends that organizations evaluate the impact of these vulnerabilities based on their operational environment, architecture, and product implementation.\n\n## BACKGROUND\n\nSiemens is a multinational company headquartered in Munich, Germany. Siemens develops products mainly in the energy, healthcare and public health sectors, and transportation systems.\n\nThe affected Siemens industrial products are for process and network control and monitoring in critical infrastructure sectors such as Chemical, Critical Manufacturing, Energy, Food and Agriculture, and Water and Wastewater Systems.\n\n## VULNERABILITY CHARACTERIZATION\n\n### VULNERABILITY OVERVIEW\n\n### MAN-IN-THE-MIDDLEa\n\nAn attacker could perform a man-in-the-middle (MitM) attack between a vulnerable client and a vulnerable server. This vulnerability affects ROX, APE, S7-1500, and CP1543-1.\n\nCVE-2014-0224b has been assigned to this vulnerability. A CVSS v2 base score of 6.8 has been assigned; the CVSS vector string is (AV:N/AC:M/Au:N/C:P/I:P/A:P).c\n\n### IMPROPER INPUT VALIDATIONd\n\nSpecially crafted packets may crash the web server of the product. This vulnerability affects the SIMATIC S7-1500.\n\nCVE-2014-0198e has been assigned to this vulnerability. A CVSS v2 base score of 4.3 has been assigned; the CVSS vector string is (AV:N/AC:M/Au:N/C:N/I:N/A:P).f\n\n### IMPROPER INPUT VALIDATIONg\n\nSpecially crafted packets may crash the web server of the product. This vulnerability affects the SIMATIC S7-1500.\n\nCVE-2010-5298h has been assigned to this vulnerability. A CVSS v2 base score of 4.0 has been assigned; the CVSS vector string is (AV:N/AC:H/Au:N/C:N/I:P/A:P).i\n\n### IMPROPER INPUT VALIDATIONj\n\nSpecially crafted packets may crash the web server of the product. This vulnerability affects the WinCC OA (PVSS).\n\nCVE-2014-3470k has been assigned to this vulnerability. A CVSS v2 base score of 4.3 has been assigned; the CVSS vector string is (AV:N/AC:M/Au:N/C:N/I:N/A:P).l\n\n### VULNERABILITY DETAILS\n\n#### EXPLOITABILITY\n\nThese vulnerabilities could be exploited remotely.\n\n#### EXISTENCE OF EXPLOIT\n\nExploits that target OpenSSL vulnerabilities are publicly available. ICS-CERT is unaware of any OpenSSL exploits that target Siemens\u2019 products specifically.\n\n#### DIFFICULTY\n\nAn attacker with a moderate skill would be able to exploit these vulnerabilities.\n\n## MITIGATION\n\nSiemens provides updates for the following products:\n\n### **\\--------- Begin Update G Part 3 of 3 --------**\n\nAPE 2.0.2 stand-alone available at:\n\n<http://support.automation.siemens.com/WW/view/en/97654933>\n\nS7-1500: update to Version 1.6 at:\n\n<http://support.automation.siemens.com/WW/view/de/98164677>\n\nWinCC OA (PVSS) available at the Siemens[ ETM portal](<https://portal.etm.at/index.php?option=com_user&view=login&return=aHR0cHM6Ly9wb3J0YWwuZXRtLmF0L2luZGV4LnBocD9vcHRpb249Y29tX2NvbnRleHQmdmlldz1jYXRlZ29yeSZpZD02NSZsYXlvdXQ9YmxvZyZJdGVtaWQ9ODA=https://portal.etm.at/index.php?option=com_user&view=login&return=aHR0cHM6Ly9wb3J0YWwuZXRtLmF0L2luZGV4LnBocD9vcHRpb249Y29tX2NvbnRleHQmdmlldz1jYXRlZ29yeSZpZD02NSZsYXlvdXQ9YmxvZyZJdGVtaWQ9ODA=>).\n\nCP1543-1 update to Version V1.1.25 at:\n\n<http://support.automation.siemens.com/WW/view/en/99804563>\n\nUpdated firmware for Ruggedcom ROX-based devices and ELAN software can be obtained for free from the following contact points:\n\n * Submit a support request to Siemens online:\n * <http://www.siemens.com/automation/support-request>\n * Call a local hotline center:\n * <http://www.automation.siemens.com/mcms/aspa-db/en/automation-technology/Pages/default.aspx>\n\nUpdate Debian using the standard update procedures if eLAN is installed on a Linux system.\n\n### **\\--------- End Update G Part 3 of 3 ----------**\n\nSiemens provides specific advice for mitigating risk in each of the affected products in SSA\u2011234763, which can be found at its web site at the following location:\n\n<http://www.siemens.com/cert/advisories>\n\nICS-CERT encourages asset owners to take additional defensive measures to protect against this and other cybersecurity risks.\n\n * Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.\n * Locate control system networks and remote devices behind firewalls, and isolate them from the business network.\n * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.\n\nICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT web page at: http://ics-cert.us-cert.gov/content/recommended-practices. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\n\nAdditional mitigation guidance and recommended practices are publicly available in the ICS\u2011CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT web site (http://ics-cert.us-cert.gov/).\n\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.\n\nIn addition, ICS-CERT recommends that users take the following measures to protect themselves from social engineering attacks:\n\n 1. Do not click web links or open unsolicited attachments in email messages.\n 2. Refer to Recognizing and Avoiding Email Scamsm for more information on avoiding email scams.\n 3. Refer to Avoiding Social Engineering and Phishing Attacksn for more information on social engineering attacks.\n * a. CWE-310: Cryptographic Issues, http://cwe.mitre.org/data/definitions/310.html, web site last accessed July 17, 2014.\n * b. NVD, http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0224, web site last accessed July 17, 2014.\n * c. CVSS Calculator, http://nvd.nist.gov/cvss.cfm?version=2&vector=AV:N/AC:M/Au:N/C:P/I:P/A:P, web site last accessed July 17, 2014.\n * d. CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer, http://cwe.mitre.org/data/definitions/119.html, web site last accessed July 17, 2014.\n * e. NVD, http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0198, web site last accessed July 17, 2014.\n * f. CVSS Calculator, http://nvd.nist.gov/cvss.cfm?version=2&vector=AV:N/AC:M/Au:N/C:N/I:N/A:P, web site last accessed July 17, 2014.\n * g. CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition'), http://cwe.mitre.org/data/definitions/362.html, web site last accessed July 17, 2014.\n * h. NVD, http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5298, web site last accessed July 17, 2014.\n * i. CVSS Calculator, http://nvd.nist.gov/cvss.cfm?version=2&vector=AV:N/AC:H/Au:N/C:N/I:P/A:P, web site last accessed July 17, 2014.\n * j. CWE-476: NULL Pointer Dereference, http://cwe.mitre.org/data/definitions/476.html, web site last accessed July 17, 2014.\n * k. NVD, http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3470, web site last accessed July 17, 2014.\n * l. CVSS Calculator, http://nvd.nist.gov/cvss.cfm?version=2&vector=AV:N/AC:M/Au:N/C:N/I:N/A:P, web site last accessed July 17, 2014.\n * m. Recognizing and Avoiding Email Scams, http://www.us-cert.gov/reading_room/emailscams_0905.pdf, web site last accessed July 17, 2014.\n * n. National Cyber Alert System Cyber Security Tip ST04-014, http://www.us-cert.gov/cas/tips/ST04-014.html, web site last accessed July 17, 2014.\n\n## \nContact Information\n\nFor any questions related to this report, please contact the CISA at: \n \nEmail: [CISAservicedesk@cisa.dhs.gov](<mailto:cisaservicedesk@cisa.dhs.gov>) \nToll Free: 1-888-282-0870\n\nFor industrial control systems cybersecurity information: https://us-cert.cisa.gov/ics \nor incident reporting: https://us-cert.cisa.gov/report\n\nCISA continuously strives to improve its products and services. You can help by choosing one of the links below to provide feedback about this product.\n\nThis product is provided subject to this Notification and this [Privacy & Use](<https://www.dhs.gov/privacy-policy>) policy.\n\n**Please share your thoughts.**\n\nWe recently updated our anonymous [product survey](<https://surveymonkey.com/r/G8STDRY?product=https://us-cert.cisa.gov/ics/advisories/ICSA-14-198-03G>); we'd welcome your feedback.\n", "edition": 17, "modified": "2018-08-29T00:00:00", "published": "2015-02-17T00:00:00", "id": "ICSA-14-198-03G", "href": "https://www.us-cert.gov//ics/advisories/ICSA-14-198-03G", "title": "Siemens OpenSSL Vulnerabilities (Update G)", "type": "ics", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}], "vmware": [{"lastseen": "2019-11-06T16:05:34", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2010-5298", "CVE-2014-0198"], "description": "a. OpenSSL update for multiple products. \n\n\nOpenSSL libraries have been updated in multiple products to versions 0.9.8za and 1.0.1h in order to resolve multiple security issues. \n \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2014-0224, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470, CVE-2014-0221 and CVE-2014-0195 to these issues. The most important of these issues is CVE-2014-0224.\n\nCVE-2014-0198, CVE-2010-5298 and CVE-2014-3470 are considered to be of moderate severity. Exploitation is highly unlikely or is mitigated due to the application configuration.\n\nCVE-2014-0221 and CVE-2014-0195, which are listed in the OpenSSL Security Advisory (see Reference section below), do not affect any VMware products. \n \nCVE-2014-0224 may lead to a Man-in-the-Middle attack if a server is running a vulnerable version of OpenSSL 1.0.1 and clients are running a vulnerable version of OpenSSL 0.9.8 or 1.0.1. Updating the server will mitigate this issue for both the server and all affected clients. \n \nCVE-2014-0224 may affect products differently depending on whether the product is acting as a client or a server and of which version of OpenSSL the product is using. For readability the affected products have been split into 3 tables below, based on the different client-server configurations and deployment scenarios. \n \n**MITIGATIONS \n \n**\n\n * Clients that communicate with a patched or non-vulnerable server are not vulnerable to CVE-2014-0224. Applying these patches to affected servers will mitigate the affected clients (See Table 1 below).\n * Clients that communicate over untrusted networks such as public Wi-Fi and communicate to a server running a vulnerable version of OpenSSL 1.0.1. can be mitigated by using a secure network such as VPN (see Table 2 below). \n * Clients and servers that are deployed on an isolated network are less exposed to CVE-2014-0224 (see Table 3 below). The affected products are typically deployed to communicate over the management network.\n\n \n**RECOMMENDATIONS** \n \nVMware recommends customers evaluate and deploy patches for affected Servers in Table 1 below as these patches become available. Patching these servers will remove the ability to exploit the vulnerability described in CVE-2014-0224 on both clients and servers. \n \nVMware recommends customers consider applying patches to products listed in Table 2 & 3 as required.\n\nColumn 4 of the following tables lists the action required to remediate the vulnerability in each release, if a solution is available.\n\n_**Table 1**_\n\nAffected servers running a vulnerable version of OpenSSL 1.0.1.\n", "edition": 5, "modified": "2014-10-09T00:00:00", "published": "2014-06-10T00:00:00", "id": "VMSA-2014-0006", "href": "https://www.vmware.com/security/advisories/VMSA-2014-0006.html", "title": "VMware product updates address OpenSSL security vulnerabilities", "type": "vmware", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}], "kaspersky": [{"lastseen": "2020-09-02T12:00:27", "bulletinFamily": "info", "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2010-5298", "CVE-2014-0198"], "description": "### *Detect date*:\n06/10/2014\n\n### *Severity*:\nHigh\n\n### *Description*:\nMultiple serious vulnerabilities have been found in VMware products. Malicious users can exploit these vulnerabilities to obtain sensitive information, hijack a session or cause denial of service. Below is a complete list of vulnerabilities\n\n### *Affected products*:\nESXi without patch ESXi550-201406401-SG versions 5.0, 5.1, 5.5 \nWorkstation 10 versions earlier than 10.0.3 \nWorkstation 9 versions earlier than 9.0.4 \nPlayer 6 versions earlier than 6.0.3 \nPlayer 5 versions earlier than 5.0.4 \nFusion 6 versions earlier than 6.0.4 \nFusion 5 versions earlier than 5.0.5 \nHorizon Mirage Edge Gateway versions earlier than 4.4.3 \nHorizon View versions earlier than 5.3.2 \nHorizon View 5.3 versions earlier than FP3 \nHorizon Workspace Server 1.5 without patch horizon-nginx-rpm-1.5.0.0-1876270.x86_64.rpm \nHorizon Workspace Server 1.8 without patch horizon-nginx-rpm-1.8.2.1820-1876338.x86_64.rpm \nHorizon View Clients versions earlier than 3.0 \nvCD 5.5 versions earlier than 5.5.1.2 \nvCD 5.1 versions earlier than 5.1.3.1 \nvCenter versions earlier than 5.5u1b vCenter Support \nAssistant versions earlier than 5.5.1.1 vCloud Automation \nCenter versions earlier than 6.0.1.2 vCenter Configuration \nManager versions earlier than 5.7.2 \nvCenter Converter Standalone versions earlier than 5.5.2 \nConverter Standalone versions earlier than 5.1.1 \n\n### *Solution*:\nUpdate to latest version \n[Vmware Products](<https://my.vmware.com/web/vmware/downloads>)\n\n### *Original advisories*:\n[VMware bulletin](<http://www.vmware.com/security/advisories/VMSA-2014-0006.html>) \n\n\n### *Impacts*:\nOSI \n\n### *Related products*:\n[VMware Workstation](<https://threats.kaspersky.com/en/product/VMware-Workstation/>)\n\n### *CVE-IDS*:\n[CVE-2014-0198](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198>)4.3Warning \n[CVE-2014-0224](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224>)6.8High \n[CVE-2014-3470](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470>)4.3Warning \n[CVE-2010-5298](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298>)4.0Warning", "edition": 43, "modified": "2020-05-22T00:00:00", "published": "2014-06-10T00:00:00", "id": "KLA10382", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10382", "title": "\r KLA10382Multiple vulnerabilities in VMware ", "type": "kaspersky", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}], "f5": [{"lastseen": "2019-02-20T21:07:56", "bulletinFamily": "software", "cvelist": ["CVE-2010-5298"], "description": "\nF5 Product Development has assigned ID 465338 (BIG-IP APM), ID 464623 (BIG-IQ), and ID 410742 (ARX) to this vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Vulnerable component or feature \n---|---|---|--- \nBIG-IP LTM | None \n| 11.0.0 - 11.5.1 \n10.0.0 - 10.2.4 \n| None \nBIG-IP AAM | None | 11.4.0 - 11.5.1 | None \nBIG-IP AFM | None | 11.3.0 - 11.5.1 | None \nBIG-IP Analytics | None | 11.0.0 - 11.5.1 | None \nBIG-IP APM | 11.5.0 - 11.5.1 | 11.5.1 HF3 \n11.5.0 HF4 \n11.0.0 - 11.4.1 \n10.1.0 - 10.2.4 | curl-apd \n \nBIG-IP ASM | None | 11.0.0 - 11.5.1 \n10.0.0 - 10.2.4 | None \nBIG-IP Edge Gateway \n| None | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 | None \nBIG-IP GTM | None | 11.0.0 - 11.5.1 \n10.0.0 - 10.2.4 | None \nBIG-IP Link Controller | None \n| 11.0.0 - 11.5.1 \n10.0.0 - 10.2.4 \n| None \nBIG-IP PEM | None \n| 11.3.0 - 11.5.1 \n| None \nBIG-IP PSM | None | 11.0.0 - 11.4.1 \n10.0.0 - 10.2.4 | None \nBIG-IP WebAccelerator | None | 11.0.0 - 11.3.0 \n10.0.0 - 10.2.4 | None \nBIG-IP WOM | None | 11.0.0 - 11.3.0 \n10.0.0 - 10.2.4 | None \nARX | 6.0.0 - 6.4.0 | None \n| ARX GUI \n \nEnterprise Manager | None | 3.0.0 - 3.1.1 \n2.1.0 - 2.3.0 | None \nFirePass | None | 7.0.0 \n6.0.0 - 6.1.0 | None \nBIG-IQ Cloud | 4.0.0 - 4.3.0 \n| None \n| nginx (webd) \n \nBIG-IQ Device | 4.2.0 - 4.3.0 \n| None \n| nginx (webd) \nBIG-IQ Security | 4.0.0 - 4.3.0 \n| None \n| nginx (webd) \nLineRate | None | 2.2.0 - 2.3.1 | None\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "edition": 1, "modified": "2017-03-14T22:07:00", "published": "2014-06-14T04:03:00", "id": "F5:K15328", "href": "https://support.f5.com/csp/article/K15328", "title": "OpenSSL vulnerability CVE-2010-5298", "type": "f5", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-26T17:22:50", "bulletinFamily": "software", "cvelist": ["CVE-2010-5298"], "edition": 1, "description": "Vulnerability Recommended Actions\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n", "modified": "2016-07-25T00:00:00", "published": "2014-06-13T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15328.html", "id": "SOL15328", "title": "SOL15328 - OpenSSL vulnerability CVE-2010-5298", "type": "f5", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2020-04-06T22:39:29", "bulletinFamily": "software", "cvelist": ["CVE-2014-3470"], "description": "\nF5 Product Development has assigned ID LRS-26017 (LineRate) and ID 466317 (BIG-IP Edge Client) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table.\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Vulnerable component or feature \n---|---|---|--- \nBIG-IP LTM | None | 11.0.0 - 11.5.1 \n10.0.0 - 10.2.4 | None \nBIG-IP AAM | None | 11.4.0 - 11.5.1 | None \nBIG-IP AFM | None | 11.3.0 - 11.5.1 | None \nBIG-IP Analytics | None | 11.0.0 - 11.5.1 | None \nBIG-IP APM | None | 11.0.0 - 11.5.1 \n10.1.0 - 10.2.4 | None \nBIG-IP ASM | None | 11.0.0 - 11.5.1 \n10.0.0 - 10.2.4 | None \nBIG-IP Edge Gateway | None | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 | None \nBIG-IP GTM | None | 11.0.0 - 11.5.1 \n10.0.0 - 10.2.4 | None \nBIG-IP Link Controller | None | 11.0.0 - 11.5.1 \n10.0.0 - 10.2.4 | None \nBIG-IP PEM | None | 11.3.0 - 11.5.1 | None \nBIG-IP PSM | None | 11.0.0 - 11.4.1 \n10.0.0 - 10.2.4 | None \nBIG-IP WebAccelerator | None | 11.0.0 - 11.3.0 \n10.0.0 - 10.2.4 | None \nBIG-IP WOM | None | 11.0.0 - 11.3.0 \n10.0.0 - 10.2.4 | None \nARX | None | 6.0.0 - 6.4.0 | None \nEnterprise Manager | None | 3.0.0 - 3.1.1 \n2.1.0 - 2.3.0 | None \nFirePass | None | 7.0.0 \n6.0.0 - 6.1.0 | None \nBIG-IQ Cloud | None | 4.0.0 - 4.3.0 | None \nBIG-IQ Device | None | 4.2.0 - 4.3.0 | None \nBIG-IQ Security | None | 4.0.0 - 4.3.0 | None \nLineRate | 2.3.0 - 2.3.1 \n2.2.0 - 2.2.4 \n1.6.0 - 1.6.3 | 2.3.2 \n2.2.5 | OpenSSL \nBIG-IP Edge Clients for Linux | 6035 - 7071 | 7101.2014.0612.* \n7100.2014.0612.* \n7091.2014.0612.* \n7090.2014.0612.* \n7080.2014.0624.* | VPN \nBIG-IP Edge Client for MAC OS X | 6035 - 7071 | 7101.2014.0612.* \n7100.2014.0612.* \n7091.2014.0612.* \n7090.2014.0612.* \n7080.2014.0624.* | VPN \nBIG-IP Edge Client for Windows | 7101.* - 7101.2014.0611.* \n7100.* - 7100.2014.0611.* \n7091.* - 7091.2014.0611.* \n7090.* - 7090.2014.0611.* \n7080.* - 7080.2014.0623.* \n6035 - 7071 | 7101.2014.0612.1847 \n7100.2014.0612.1847 \n7091.2014.0612.1950 \n7090.2014.0612.1853 \n7080.2014.0624.2054 | VPN \nBIG-IP Edge Client for iOS | 1.0.0 - 2.0.2 | 2.0.3 | VPN \nBIG-IP Edge Client for Android | 1.0.0 - 2.0.4 | 2.0.5 | VPN\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nTo mitigate the risk posed by this vulnerability for the affected LineRate versions, you can disable the ECDH ciphersuites in the OpenSSL component.\n\n * [K13757: BIG-IP Edge Client version matrix](<https://support.f5.com/csp/article/K13757>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents.](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K14839: Overview of the LineRate security vulnerability response policy](<https://support.f5.com/csp/article/K14839>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "edition": 1, "modified": "2019-05-08T18:42:00", "published": "2014-08-14T02:13:00", "id": "F5:K15342", "href": "https://support.f5.com/csp/article/K15342", "title": "OpenSSL vulnerability CVE-2014-3470", "type": "f5", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-02-20T21:07:47", "bulletinFamily": "software", "cvelist": ["CVE-2014-0198"], "description": "\nF5 Product Development has assigned ID 465339 to this vulnerability, and has evaluated the currently supported releases for potential vulnerability. In addition, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) lists Heuristic H465949 on the **Diagnostics** > **Identified** > **Medium** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Vulnerable component or feature \n---|---|---|--- \nBIG-IP LTM | None \n| 11.0.0 - 11.5.1 \n10.0.0 - 10.2.4 \n| None \nBIG-IP AAM | None | 11.4.0 - 11.5.1 \n| None \nBIG-IP AFM | None | 11.3.0 - 11.5.1 | None \nBIG-IP Analytics | None | 11.0.0 - 11.5.1 | None \nBIG-IP APM | 11.5.0 - 11.5.1 | 11.6.0 \n11.5.1 HF3 \n11.5.0 HF4 \n11.0.0 - 11.4.1 \n10.1.0 - 10.2.4 | curl-apd \n \nBIG-IP ASM | None | 11.0.0 - 11.5.1 \n10.0.0 - 10.2.4 | None \nBIG-IP Edge Gateway \n| None | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 | None \nBIG-IP GTM | None | 11.0.0 - 11.5.1 \n10.0.0 - 10.2.4 | None \nBIG-IP Link Controller | None \n| 11.0.0 - 11.5.1 \n10.0.0 - 10.2.4 \n| None \nBIG-IP PEM | None \n| 11.3.0 - 11.5.1 \n| None \nBIG-IP PSM | None | 11.0.0 - 11.4.1 \n10.0.0 - 10.2.4 | None \nBIG-IP WebAccelerator | None | 11.0.0 - 11.3.0 \n10.0.0 - 10.2.4 | None \nBIG-IP WOM | None | 11.0.0 - 11.3.0 \n10.0.0 - 10.2.4 | None \nARX | None | 6.0.0 - 6.4.0 | None \nEnterprise Manager | None | 3.0.0 - 3.1.1 \n2.1.0 - 2.3.0 | None \nFirePass | None | 7.0.0 \n6.0.0 - 6.1.0 | None \nBIG-IQ Cloud | None \n| 4.0.0 - 4.3.0 \n| None \nBIG-IQ Device | None \n| 4.2.0 - 4.3.0 \n| None \nBIG-IQ Security | None \n| 4.0.0 - 4.3.0 \n| None \nLineRate | None | 2.3.0 - 2.3.1 \n2.2.0 | None\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K13123: Managing BIG-IP product hotfixes (11.x - 12.x)](<https://support.f5.com/csp/article/K13123>)\n", "edition": 1, "modified": "2017-03-14T22:07:00", "published": "2014-06-13T23:41:00", "id": "F5:K15329", "href": "https://support.f5.com/csp/article/K15329", "title": "SSL_MODE_RELEASE_BUFFERS vulnerability CVE-2014-0198", "type": "f5", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-26T17:23:26", "bulletinFamily": "software", "cvelist": ["CVE-2014-3470"], "edition": 1, "description": "The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value. ([CVE-2014-3470](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470>))\n", "modified": "2016-05-23T00:00:00", "published": "2014-06-16T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15342.html", "id": "SOL15342", "title": "SOL15342 - OpenSSL vulnerability CVE-2014-3470", "type": "f5", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2020-04-06T22:39:45", "bulletinFamily": "software", "cvelist": ["CVE-2014-0224"], "description": "\nF5 Product Development has assigned IDs 465799 and 466486 (BIG-IP), ID 466469 (FirePass), ID 466956 (Enterprise Manager), ID 466954 (BIG-IQ), and ID 466317 (BIG-IP Edge Client) to this vulnerability. Additionally, BIG-IP [iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H465802 on the** Diagnostics** > **Identified** > **Medium | High** screen.\n\nTo determine if your release contains vulnerable server-side components, vulnerable client-side components, or both, and to obtain information about releases or hotfixes that resolve the vulnerability, refer to the following tables:\n\n**Server-side components**\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Vulnerable component or feature \n---|---|---|--- \nBIG-IP LTM| 11.5.0, 11.5.1| 12.0.0 \n11.6.0 \n11.5.3 \n11.5.2 \n11.5.1 HF3 \n11.5.0 HF4 \n11.0.0 - 11.4.1 \n10.0.0 - 10.2.4| Configuration utility \nbig3d \nCOMPAT SSL ciphers \nBIG-IP AAM| 11.5.0, 11.5.1| 12.0.0 \n11.6.0 \n11.5.3 \n11.5.2 \n11.5.1 HF3 \n11.5.0 HF4 \n11.4.0 - 11.4.1| Configuration utility \nbig3d \nCOMPAT SSL ciphers \nBIG-IP AFM| 11.5.0, 11.5.1| 12.0.0 \n11.6.0 \n11.5.3 \n11.5.2 \n11.5.1 HF3 \n11.5.0 HF4 \n11.3.0 - 11.4.1| Configuration utility \nbig3d \nCOMPAT SSL ciphers \nBIG-IP Analytics| 11.5.0, 11.5.1| 12.0.0 \n11.6.0 \n11.5.3 \n11.5.2 \n11.5.1 HF3 \n11.5.0 HF4 \n11.0.0 - 11.4.1| Configuration utility \nbig3d \nCOMPAT SSL ciphers \nBIG-IP APM| 11.5.0, 11.5.1| 12.0.0 \n11.6.0 \n11.5.3 \n11.5.2 \n11.5.1 HF3 \n11.5.0 HF4 \n11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| Configuration utility \nbig3d \nCOMPAT SSL ciphers \nBIG-IP ASM| 11.5.0, 11.5.1| 12.0.0 \n11.6.0 \n11.5.3 \n11.5.2 \n11.5.1 HF3 \n11.5.0 HF4 \n11.0.0 - 11.4.1 \n10.0.0 - 10.2.4| Configuration utility \nbig3d \nCOMPAT SSL ciphers \nBIG-IP DNS| None| 12.0.0| None \nBIG-IP Edge Gateway| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None \nBIG-IP GTM| 11.5.0, 11.5.1| 11.6.0 \n11.5.3 \n11.5.2 \n11.5.1 HF3 \n11.5.0 HF4 \n11.0.0 - 11.4.1 \n10.0.0 - 10.2.4| Configuration utility \nbig3d \nCOMPAT SSL ciphers \nBIG-IP Link Controller| 11.5.0, 11.5.1| 12.0.0 \n11.6.0 \n11.5.3 \n11.5.2 \n11.5.1 HF3 \n11.5.0 HF4 \n11.0.0 - 11.4.1 \n10.0.0 - 10.2.4| Configuration utility \nbig3d \nCOMPAT SSL ciphers \nBIG-IP PEM| 11.5.0, 11.5.1| 12.0.0 \n11.6.0 \n11.5.3 \n11.5.2 \n11.5.1 HF3 \n11.5.0 HF4 \n11.3.0 - 11.4.1| Configuration utility \nbig3d \nCOMPAT SSL ciphers \nBIG-IP PSM| None| 11.0.0 - 11.4.1 \n10.0.0 - 10.2.4| None \nBIG-IP WebAccelerator| None| 11.0.0 - 11.3.0 \n10.0.0 - 10.2.4| None \nBIG-IP WOM| None| 11.0.0 - 11.3.0 \n10.0.0 - 10.2.4| None \nARX| None| 6.0.0 - 6.4.0| None \nEnterprise Manager| None| 3.0.0 - 3.1.1 \n2.1.0 - 2.3.0| None \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| None \nBIG-IQ Cloud| None| 4.0.0 - 4.5.0| None \nBIG-IQ Device| None| 4.2.0 - 4.5.0| None \nBIG-IQ Security| None| 4.0.0 - 4.5.0| None \nLineRate| 2.3.0 - 2.3.1 \n2.2.0 - 2.2.4 \n1.6.0 - 1.6.3| None| OpenSSL \n \n**Client-side components**\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Vulnerable component or feature \n---|---|---|--- \nBIG-IP LTM| 11.0.0 - 11.5.1 \n10.0.0 - 10.2.4| 12.0.0 \n11.6.0 \n11.5.1 HF3 \n11.5.0 HF4 \n11.2.1 HF15| Host-initiated SSL connections \nCOMPAT SSL ciphers \nBIG-IP AAM| 11.4.0 - 11.5.1| 12.0.0 \n11.6.0 \n11.5.1 HF3 \n11.5.0 HF4| Host-initiated SSL connections \nCOMPAT SSL ciphers \nBIG-IP AFM| 11.3.0 - 11.5.1| 12.0.0 \n11.6.0 \n11.5.1 HF3 \n11.5.0 HF4| Host-initiated SSL connections \nCOMPAT SSL ciphers \nBIG-IP Analytics| 11.0.0 - 11.5.1| 12.0.0 \n11.6.0 \n11.5.1 HF3 \n11.5.0 HF4 \n11.2.1 HF15| Host-initiated SSL connections \nCOMPAT SSL ciphers \nBIG-IP APM| 11.0.0 - 11.5.1 \n10.1.0 - 10.2.4| 12.0.0 \n11.6.0 \n11.5.1 HF3 \n11.5.0 HF4 \n11.2.1 HF15| Host-initiated SSL connections \nCOMPAT SSL ciphers \nBIG-IP ASM| 11.0.0 - 11.5.1 \n10.0.0 - 10.2.4| 12.0.0 \n11.6.0 \n11.5.1 HF3 \n11.5.0 HF4 \n11.2.1 HF15| Host-initiated SSL connections \nCOMPAT SSL ciphers \nBIG-IP DNS| None| 12.0.0| None \nBIG-IP Edge Gateway| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| 11.2.1 HF15| Host-initiated SSL connections \nCOMPAT SSL ciphers \nBIG-IP GTM| 11.0.0 - 11.5.1 \n10.0.0 - 10.2.4| 11.6.0 \n11.5.1 HF3 \n11.5.0 HF4 \n11.2.1 HF15| Host-initiated SSL connections \nBIG-IP Link Controller| 11.0.0 - 11.5.1 \n10.0.0 - 10.2.4| 12.0.0 \n11.6.0 \n11.5.1 HF3 \n11.5.0 HF4 \n11.2.1 HF15| Host-initiated SSL connections \nCOMPAT SSL ciphers \nBIG-IP PEM| 11.3.0 - 11.5.1| 11.5.1 HF3 \n11.5.0 HF4| Host-initiated SSL connections \nCOMPAT SSL ciphers \nBIG-IP PSM| 11.0.0 - 11.4.1 \n10.0.0 - 10.2.4| 11.2.1 HF15| Host-initiated SSL connections \nCOMPAT SSL ciphers \nBIG-IP WebAccelerator| 11.0.0 - 11.3.0 \n10.0.0 - 10.2.4| 11.2.1 HF15| Host-initiated SSL connections \nCOMPAT SSL ciphers \nBIG-IP WOM| 11.0.0 - 11.3.0 \n10.0.0 - 10.2.4| 11.2.1 HF15| Host-initiated SSL connections \nCOMPAT SSL ciphers \nARX| None| 6.0.0 - 6.4.0| None \nEnterprise Manager| 2.0.0 - 2.3.0| None| Host-initiated SSL connections \nFirePass| 7.0.0 \n6.0.0 - 6.1.0| None| Host-initiated SSL connections \nBIG-IQ Cloud| 4.0.0 - 4.3.0| None| Host-initiated SSL connections \nBIG-IQ Device| 4.2.0 - 4.3.0| None| Host-initiated SSL connections \nBIG-IQ Security| 4.0.0 - 4.3.0| None| Host-initiated SSL connections \nLineRate| 2.3.0 - 2.3.1 \n2.2.0 - 2.2.4 \n1.6.0 - 1.6.3| None| Host-initiated SSL connections \nBIG-IP Edge Clients for Linux| 6035 - 7071| 7101.2014.0612.* \n7100.2014.0612.* \n7091.2014.0612.* \n7090.2014.0612.* \n7080.2014.0624.*| VPN \nBIG-IP Edge Client for MAC OS X| 6035 - 7071| 7101.2014.0612.* \n7100.2014.0612.* \n7091.2014.0612.* \n7090.2014.0612.* \n7080.2014.0624.*| VPN \nBIG-IP Edge Client for Windows| 7101.* - 7101.2014.0611.* \n7100.* - 7100.2014.0611.* \n7091.* - 7091.2014.0611.* \n7090.* - 7090.2014.0611.* \n7080.* - 7080.2014.0623.* \n6035 - 7071| 7101.2014.0612.1847 \n7100.2014.0612.1847 \n7091.2014.0612.1950 \n7090.2014.0612.1853 \n7080.2014.0624.2054| VPN (DTLS Only) \nBIG-IP Edge Client for iOS| 2.0.0 - 2.0.2 \n1.0.5 - 1.0.6| 2.0.3| VPN \nBIG-IP Edge Client for Android| 2.0.1 - 2.0.4| 2.0.5| VPN\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable column**. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\n**Mitigating this vulnerability**\n\nTo mitigate this vulnerability, you should consider the following recommendations:\n\n * Consider denying access to the Configuration utility and using only the command line and** **Traffic Management Shell (**tmsh**) until the BIG-IP system is updated. If that is not possible, F5 recommends that you access the Configuration utility over only a secure network.\n * If SSL profiles are configured to use COMPAT ciphers, consider reconfiguring the profiles to use ciphers from the NATIVE SSL stack. For information about the NATIVE and COMPAT ciphers, refer to the following articles: \n\n * [K13163: SSL ciphers supported on BIG-IP platforms (11.x - 12.x)](<https://support.f5.com/csp/article/K13163>)\n * [K13171: Configuring the cipher strength for SSL profiles (11.x)](<https://support.f5.com/csp/article/K13171>)\n * [K13187: COMPAT SSL ciphers are no longer included in standard cipher strings](<https://support.f5.com/csp/article/K13187>)\n * Limit traffic between the BIG-IP system and pool members to trusted traffic.\n * Verify that servers with which the F5 device communicates (such as pool members) are not using vulnerable OpenSSL versions.\n\n * For more information about SSL profiles, refer to the following articles: \n * [K14783: Overview of the Client SSL profile (11.x - 12.x)](<https://support.f5.com/csp/article/K14783>)\n * [K14806: Overview of the Server SSL profile (11.x - 12.x)](<https://support.f5.com/csp/article/K14806>)\n * The [Nmap ssl-ccs-injection](<https://nmap.org/nsedoc/scripts/ssl-ccs-injection.html>) page \n**Note:** This link takes you to a resource outside of AskF5. The third party could remove the document without our knowledge.\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated document](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K17329: BIG-IP GTM name has changed to BIG-IP DNS](<https://support.f5.com/csp/article/K17329>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n", "edition": 1, "modified": "2019-11-12T22:53:00", "published": "2015-10-15T21:04:00", "id": "F5:K15325", "href": "https://support.f5.com/csp/article/K15325", "title": "OpenSSL vulnerability CVE-2014-0224", "type": "f5", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2016-03-19T09:02:07", "bulletinFamily": "software", "cvelist": ["CVE-2014-0198"], "edition": 1, "description": "Recommended action\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL13123: Managing BIG-IP product hotfixes (11.x)\n", "modified": "2014-12-02T00:00:00", "published": "2014-06-13T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15329.html", "id": "SOL15329", "title": "SOL15329 - SSL_MODE_RELEASE_BUFFERS vulnerability CVE-2014-0198", "type": "f5", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-26T17:23:25", "bulletinFamily": "software", "cvelist": ["CVE-2014-0224"], "edition": 1, "description": "**Client-side components**Product| Versions known to be vulnerable| Versions known to be not vulnerable| Vulnerable component or feature \n---|---|---|--- \nBIG-IP LTM| 11.0.0 - 11.5.1 \n10.0.0 - 10.2.4| 12.0.0 \n11.6.0 \n11.5.1 HF3 \n11.5.0 HF4 \n11.2.1 HF15| Host-initiated SSL connections \nCOMPAT SSL ciphers \nBIG-IP AAM| 11.4.0 - 11.5.1| 12.0.0 \n11.6.0 \n11.5.1 HF3 \n11.5.0 HF4| Host-initiated SSL connections \nCOMPAT SSL ciphers \nBIG-IP AFM| 11.3.0 - 11.5.1| 12.0.0 \n11.6.0 \n11.5.1 HF3 \n11.5.0 HF4| Host-initiated SSL connections \nCOMPAT SSL ciphers \nBIG-IP Analytics| 11.0.0 - 11.5.1| 12.0.0 \n11.6.0 \n11.5.1 HF3 \n11.5.0 HF4 \n11.2.1 HF15| Host-initiated SSL connections \nCOMPAT SSL ciphers \nBIG-IP APM| 11.0.0 - 11.5.1 \n10.1.0 - 10.2.4| 12.0.0 \n11.6.0 \n11.5.1 HF3 \n11.5.0 HF4 \n11.2.1 HF15| Host-initiated SSL connections \nCOMPAT SSL ciphers \nBIG-IP ASM| 11.0.0 - 11.5.1 \n10.0.0 - 10.2.4| 12.0.0 \n11.6.0 \n11.5.1 HF3 \n11.5.0 HF4 \n11.2.1 HF15| Host-initiated SSL connections \nCOMPAT SSL ciphers \nBIG-IP DNS| None| 12.0.0| None \nBIG-IP Edge Gateway| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| 11.2.1 HF15| Host-initiated SSL connections \nCOMPAT SSL ciphers \nBIG-IP GTM| 11.0.0 - 11.5.1 \n10.0.0 - 10.2.4| 11.6.0 \n11.5.1 HF3 \n11.5.0 HF4 \n11.2.1 HF15| Host-initiated SSL connections \nBIG-IP Link Controller| 11.0.0 - 11.5.1 \n10.0.0 - 10.2.4| 12.0.0 \n11.6.0 \n11.5.1 HF3 \n11.5.0 HF4 \n11.2.1 HF15| Host-initiated SSL connections \nCOMPAT SSL ciphers \nBIG-IP PEM| 11.3.0 - 11.5.1| 11.5.1 HF3 \n11.5.0 HF4| Host-initiated SSL connections \nCOMPAT SSL ciphers \nBIG-IP PSM| 11.0.0 - 11.4.1 \n10.0.0 - 10.2.4| 11.2.1 HF15| Host-initiated SSL connections \nCOMPAT SSL ciphers \nBIG-IP WebAccelerator| 11.0.0 - 11.3.0 \n10.0.0 - 10.2.4| 11.2.1 HF15| Host-initiated SSL connections \nCOMPAT SSL ciphers \nBIG-IP WOM| 11.0.0 - 11.3.0 \n10.0.0 - 10.2.4| 11.2.1 HF15| Host-initiated SSL connections \nCOMPAT SSL ciphers \nARX| None| 6.0.0 - 6.4.0| None \nEnterprise Manager| 2.0.0 - 2.3.0| None| Host-initiated SSL connections \nFirePass| 7.0.0 \n6.0.0 - 6.1.0| None| Host-initiated SSL connections \nBIG-IQ Cloud| 4.0.0 - 4.3.0| None| Host-initiated SSL connections \nBIG-IQ Device| 4.2.0 - 4.3.0| None| Host-initiated SSL connections \nBIG-IQ Security| 4.0.0 - 4.3.0| None| Host-initiated SSL connections \nLineRate| 2.3.0 - 2.3.1 \n2.2.0 - 2.2.4 \n1.6.0 - 1.6.3| None| Host-initiated SSL connections \nBIG-IP Edge Clients for Linux| 6035 - 7071| 7101.2014.0612.* \n7100.2014.0612.* \n7091.2014.0612.* \n7090.2014.0612.* \n7080.2014.0624.*| VPN \nBIG-IP Edge Client for MAC OS X| 6035 - 7071| 7101.2014.0612.* \n7100.2014.0612.* \n7091.2014.0612.* \n7090.2014.0612.* \n7080.2014.0624.*| VPN \nBIG-IP Edge Client for Windows| 7101.* - 7101.2014.0611.* \n7100.* - 7100.2014.0611.* \n7091.* - 7091.2014.0611.* \n7090.* - 7090.2014.0611.* \n7080.* - 7080.2014.0623.* \n6035 - 7071| 7101.2014.0612.1847 \n7100.2014.0612.1847 \n7091.2014.0612.1950 \n7090.2014.0612.1853 \n7080.2014.0624.2054| VPN (DTLS Only) \nBIG-IP Edge Client for iOS| 2.0.0 - 2.0.2 \n1.0.5 - 1.0.6| 2.0.3| VPN \nBIG-IP Edge Client for Android| 2.0.1 - 2.0.4| 2.0.5| VPN \n \nVulnerability Recommended Actions\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists. \n \n**Important**: F5 has created an engineering hotfix to address this issue for FirePass 7.0. You can obtain the engineering hotfix by contacting [F5 Technical Support](<http://www.f5.com/training-support/customer-support/contact/>) and referencing this article number. For more information, refer to SOL8986: F5 software life cycle policy. \n \nF5 is responding to this vulnerability as determined by the parameters defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\n**Mitigating this vulnerability**\n\nTo mitigate this vulnerability, you should consider the following recommendations:\n\n * Consider denying access to the Configuration utility and using only the command line and** **Traffic Management Shell (**tmsh**) until the BIG-IP system is updated. If that is not possible, F5 recommends that you access the Configuration utility over only a secure network.\n * If SSL profiles are configured to use COMPAT ciphers, consider reconfiguring the profiles to use ciphers from the NATIVE SSL stack. For information about the NATIVE and COMPAT ciphers, refer to the following articles: \n \n\n * SOL13163: SSL ciphers supported on BIG-IP platforms (11.x - 12.x)\n * SOL13171: Configuring the cipher strength for SSL profiles (11.x)\n * SOL13187: COMPAT SSL ciphers are no longer included in standard cipher strings\n * Limit traffic between the BIG-IP system and pool members to trusted traffic.\n * Verify that servers with which the F5 device communicates (such as pool members) are not using vulnerable OpenSSL versions.\n\nSupplemental Information\n\n * For more information about SSL profiles, refer to the following articles: \n \n\n * SOL14783: Overview of the Client SSL profile (11.x - 12.x)\n * SOL14806: Overview of the Server SSL profile (11.x - 12.x)\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated document\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL17329: BIG-IP GTM name has changed to BIG-IP DNS\n", "modified": "2016-07-25T00:00:00", "published": "2014-06-05T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15325.html", "id": "SOL15325", "title": "SOL15325 - OpenSSL vulnerability CVE-2014-0224", "type": "f5", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "hackerone": [{"lastseen": "2018-04-19T17:34:12", "bulletinFamily": "bugbounty", "bounty": 10.0, "cvelist": ["CVE-2014-0224"], "description": "your site is vulnerable to CVE-2014-0224\r\n \r\n\r\nOpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the \"CCS Injection\" vulnerability.", "modified": "2015-04-10T05:04:11", "published": "2015-03-11T04:42:02", "id": "H1:50885", "href": "https://hackerone.com/reports/50885", "type": "hackerone", "title": "Whisper: CVE-2014-0224 openssl ccs vulnerability", "cvss": {"score": 0.0, "vector": "NONE"}}], "citrix": [{"lastseen": "2020-11-18T15:29:37", "bulletinFamily": "software", "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2010-5298", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221"], "description": "<section class=\"article-content\" data-swapid=\"ArticleContent\">\n<div class=\"content-block\" data-swapid=\"ContentBlock\"><div>\n<div>\n <a name=\"TopOfPage\"></a>\n Overview\n The OpenSSL security advisory released on the 5th of June 2014 disclosed six security vulnerabilities in this open source component; these are described below:\n<ul>\n \u2022 CVE-2014-0224: SSL/TLS MITM vulnerability\n \u2022 CVE-2014-0221: DTLS recursion flaw\n \u2022 CVE-2014-0195: DTLS invalid fragment vulnerability\n \u2022 CVE-2014-0198: SSL_MODE_RELEASE_BUFFERS NULL pointer dereference\n \u2022 CVE-2010-5298: SSL_MODE_RELEASE_BUFFERS session injection or denial of service\n \u2022 CVE-2014-3470: Anonymous ECDH denial of service\n</ul>\n For more details on the underlying CVEs please refer to the OpenSSL security advisory: <a href=\"https://www.openssl.org/news/secadv_20140605.txt\">https://www.openssl.org/news/secadv_20140605.txt</a>\n As noted in the OpenSSL security advisory, CVE-2014-0224 is currently only believed to be exploitable in scenarios where an unpatched OpenSSL based client is connecting to an unpatched OpenSSL 1.0.1 based server. As patching the server components addresses the currently known attack, Citrix recommends that customers apply any required patches to server-side components to mitigate this issue.\n In deployments where Citrix client components are used to make TLS connections to non-Citrix servers, Citrix recommends that customers verify with the vendors that those server components are not impacted by CVE-2014-0224.\n What Citrix is Doing\n Citrix is actively analyzing the impact of this issue on currently supported products. The following sections of this advisory provide current information on each product.\n Components that require Citrix updates:\n<ul>\n \u2022 Citrix CloudBridge: Updated appliance firmware has been released to address this vulnerability on Citrix CoudBridge. Customers are advised to upgrade their appliances to version 7.3.0 or later or 7.2.2 or later. These updated versions are availble from the Citrix website at the following address: <a href=\"https://www.citrix.com/downloads/cloudbridge/firmware/\">https://www.citrix.com/downloads/cloudbridge/firmware/</a>\n \u2022 Citrix CloudPlatform: The TLS interface exposed by the Secondary Storage VM in Cloud Platform versions 4.2, 4.2.1, 4.2.1-x, 4.3, and 4.3.0.1 are impacted by CVE- 2014-0224. Citrix has released updated system virtual machine templates to resolve this issue. Citrix recommends that customers update the system virtual machine templates to a patched version and then reboot any Secondary Storage VMs to ensure that the updated OpenSSL version is being used. Instructions on updating the system virtual machine templates can be found in the following Citrix Knowledge Center article <a href=\"https://support.citrix.com/article/CTX200024\">https://support.citrix.com/article/CTX200024</a>. \n \u2022 Citrix NetScaler IPMI/LOM Interface: This interface is impacted by these issues. Additional details will be added to this document as soon as they are available.\n \u2022 Citrix XenMobile App Controller: XenMobile App Controller versions 2.9 and 2.10 are impacted by CVE-2014-0224. Patches have been released to address this issue for both App controller 2.9 and 2.10. Citrix recommends that customers deploy these patches as soon as possible. These patches are available from the following location: <a href=\"https://www.citrix.com/downloads/xenmobile/product-software.html\">https://www.citrix.com/downloads/xenmobile/product-software.html</a>\n \u2022 Citrix Licensing: Currently supported versions of the Citrix License Server for Windows and the License Server VPX are impacted by CVE-2014-0224. New versions of the License Server for Windows and License Server VPX have been released to address this issue. These new versions can be found at the following location: Version 11.12.1: <a href=\"https://www.citrix.com/downloads/licensing/license-server.html\">https://www.citrix.com/downloads/licensing/license-server.html</a>. \n \u2022 Citrix VDI-in-a-Box: Currently supported versions of Citrix VDI-in-a-Box appliances are impacted by CVE-2014-0224. New VDI-in-a-Box appliances have been released to address this vulnerability. Citrix recommends that customers migrate their VDI-in-a-Box deployments to these versions or deploy new appliances. These updated appliances can be obtained from the following location: Version 5.4.4: <a href=\"https://www.citrix.com/downloads/vdi-in-a-box/product-software/vdi-in-a-box-54\">https://www.citrix.com/downloads/vdi-in-a-box/product-software/vdi-in-a-box-54</a>. Version 5.3.8: <a href=\"https://www.citrix.com/downloads/vdi-in-a-box/product-software/vdi-in-a-box-53\">https://www.citrix.com/downloads/vdi-in-a-box/product-software/vdi-in-a-box-53</a>. A MyCitrix login is required to access these files. Information on how to verify the version of OpenSSL in use can be found in the following document: CTX140975 \u2013 <a href=\"https://support.citrix.com/article/CTX140975\">How to Check OpenSSL Version in a VDI-in-a-Box Appliance</a>. Further information on how to apply the upgrades can be found in the following document: CTX140490 \u2013 <a href=\"/article/CTX140490\">VDI-in-a-Box Hotfix Upgrades</a>.\n \u2022 Citrix XenClient Enterprise: XenClient Enterprise versions prior to 5.1.3 are impacted by CVE-2010-5298. Citrix has released versions 5.1.3 and 4.5.7 to address this issue. Citrix recommends that customers update their XenClient Enterprise installations. The updated software can be found at the following locations: 5.1.3: <a href=\"https://www.citrix.com/downloads/xenclient/product-software/xenclient-enterprise-51.html\">https://www.citrix.com/downloads/xenclient/product-software/xenclient-enterprise-5</a>1. 4.5.7: <a href=\"https://www.citrix.com/downloads/xenclient/product-software/xenclient-enterprise-45\">https://www.citrix.com/downloads/xenclient/product-software/xenclient-enterprise-45</a>\n</ul>\n \u2022 HDX RealTime Optimization Pack for Microsoft Lync 2010: This component is impacted by CVE-2014-0224. An updated version of this component has been released to address this issue. Citrix recommends customers deploy these patches as soon as possible. More information on how to download and apply the updated version can be found at the following address: <a href=\"http://support.citrix.com/proddocs/topic/hdx-realtime-optimization-pack-15/hdx-realtime-optimization-pack-download-15.html\">http://support.citrix.com/proddocs/topic/hdx-realtime-optimization-pack-15/hdx-realtime-optimization-pack-download-15.html</a> \n Components that may require third-party updates:\n<ul>\n \u2022 Citrix Web Interface: Web Interface makes use of the TLS functionality provided by the underlying web server. Citrix customers are advised to verify that any deployed web servers used to host Web Interface are not vulnerable to these issues. \n \u2022 Citrix CloudPortal Business Manager: This product does not include any TLS libraries and, as such, is not vulnerable to these issues. Some customer deployments may make use of an additional SSL proxy component; Citrix advises customers to contact the vendors of any SSL proxy components being used to determine if they are vulnerable to these CVEs.\n</ul>\n Components that are not impacted:\n<ul>\n \u2022 Citrix XenDesktop Delivery Controller (DDC): Currently supported versions of the DDC do not use a TLS library that is vulnerable to these issues.\n \u2022 Citrix XenDesktop Virtual Desktop Agent (VDA): Currently supported versions of the VDA do not use a TLS library that is vulnerable to these issues.\n \u2022 Citrix Studio: Currently supported versions of Citrix Studio do not use a TLS library that is vulnerable to these issues.\n \u2022 Citrix Director: Currently supported versions of Citrix Desktop Director do not use a TLS library that is vulnerable to these issues.\n \u2022 Citrix XenApp: Currently supported versions of Citrix XenApp servers and administrative consoles do not use a TLS library that is vulnerable to these issues. Customers are advised to verify that their XenApp deployments do not contain any other vulnerable components listed in this advisory. \n \u2022 Citrix Edgesight: Currently supported versions of Citrix Edgesight do not use a TLS library that is vulnerable to these issues.\n \u2022 Citrix Profile Management (UPM): Currently supported versions of Citrix UPM do not use a TLS library that is vulnerable to these issues.\n \u2022 Citrix Merchandising Server: The TLS server component of currently supported versions of Citrix Merchandising Server is not vulnerable to these issues.\n \u2022 Citrix StoreFront: The TLS library used by currently supported versions of Citrix Storefront is not vulnerable to these issues.\n \u2022 Citrix Password Manager: The TLS server component of currently supported versions of Citrix Password Manager is not vulnerable to these issues.\n \u2022 Citrix NetScaler Packet Engine: The core packet engine functionality of currently supported versions of Citrix NetScaler is not vulnerable to these issues.\n \u2022 Citrix NetScaler Gateway: The SSL Server functionality of NetScaler Gateway, formerly Access Gateway Enterprise Edition, is not vulnerable to these issues.\n \u2022 Citrix XenServer: When acting as an SSL server, the TLS libraries used by currently supported versions of Citrix XenServer are not vulnerable to these issues. \n \u2022 Citrix Secure Gateway: When acting as an SSL server, the TLS libraries used by the currently supported version of Citrix Secure Gateway are not vulnerable to these issues.\n \u2022 Citrix SSL Relay: The TLS libraries used by the currently supported version of the SSL Relay are not vulnerable to these issues.\n \u2022 Citrix Provisioning Services: Currently supported versions of Citrix Provisioning Services are not vulnerable to these issues.\n \u2022 Citrix CloudPortal Services Manager: The TLS libraries used by currently supported versions of CloudPortal Services Manager are not vulnerable to these issues. \n \u2022 Citrix XenMobile MDM Edition: The TLS libraries used by components of XenMobile MDM edition, including the XenMobile Device Manager component, are not vulnerable to these issues.\n \u2022 GoToMeeting, GoToMyPC, ShareFile, GoToAssist, GoToWebinar, GoToTraining, Podio, and other related SaaS division products are not vulnerable to these issues. However, as a security best practice, for SaaS software utilizing OpenSSL, we are updating to the most current version.\n</ul>\n Client components that may be exposed to CVE-2014-0224 if used with unpatched servers:\n<ul>\n \u2022 Citrix NetScaler: TLS client connections initiated from the versions of Citrix NetScaler mentioned below are not vulnerable to these issues \n- Citrix NetScaler ADC and NetScaler Gateway version 10.1 and 10.1.e builds 10.1 Build 127.10 and 10.1 Build 127.1001.e and later\n- Citrix NetScaler ADC and NetScaler Gateway version 10.5 and 10.5.e builds 10.5 Build 50.10 and 10.5 Build 51.1017.e and later\n - Citrix NetScaler ADC and NetScaler Gateway version 11.0 build 55.20 and later \n \u2022 Citrix Receiver for Windows: Citrix Receiver for Windows up to and including version 4.1\n \u2022 Citrix Receiver for Mac: Citrix Receiver for Mac up to and including version 11.8.2\n \u2022 Citrix Receiver for Linux: Citrix Receiver for Linux up to and including version 13.0\n \u2022 Citrix Receiver for iOS: Citrix Receiver for iOS up to and including version 5.8.3\n</ul>\n Other Products:\n Analysis of other Citrix products is in progress, details on these will be added to this document as soon as they are available. Please check this document regularly for updates.\n What Citrix Is Doing\n Citrix is notifying customers and channel partners about this potential security issue. This article is also available from the Citrix Knowledge Center at <a href=\"http://support.citrix.com/\">http://support.citrix.com/</a>.\n Obtaining Support on This Issue\n If you require technical assistance with this issue, please contact Citrix Technical Support. Contact details for Citrix Technical Support are available at <a href=\"http://www.citrix.com/site/ss/supportContacts.asp\">http://www.citrix.com/site/ss/supportContacts.asp</a>.\n Reporting Security Vulnerabilities to Citrix\n Citrix welcomes input regarding the security of its products and considers any and all potential vulnerabilities seriously. For guidance on how to report security-related issues to Citrix, please see the following document: CTX081743 \u2013 <a href=\"/article/CTX081743\">Reporting Security Issues to Citrix</a>\n</div>\n<div>\n<h2> Changelog</h2>\n<div>\n<div>\n<div>\n<table width=\"100%\">\n<tbody>\n<tr>\n<td colspan=\"1\" rowspan=\"1\" width=\"150\">Date</td>\n<td colspan=\"1\" rowspan=\"1\">Change</td>\n</tr>\n<tr>\n<td colspan=\"1\" rowspan=\"1\" width=\"150\">October 23rd 2014 </td>\n<td colspan=\"1\" rowspan=\"1\">Addition of HDX RealTime Optimization Pack to Affected Components section</td>\n</tr>\n<tr>\n<td colspan=\"1\" rowspan=\"1\">November 3rd 2014</td>\n<td colspan=\"1\" rowspan=\"1\">Update to Licensing section</td>\n</tr>\n<tr>\n<td colspan=\"1\" rowspan=\"1\">February 11th 2015</td>\n<td colspan=\"1\" rowspan=\"1\">Addition of CloudBridge section</td>\n</tr>\n<tr>\n<td colspan=\"1\" rowspan=\"1\">June 7th 2016</td>\n<td colspan=\"1\" rowspan=\"1\">Update to NetScaler section</td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n</div>\n</div></div>\n</section>", "edition": 2, "modified": "2016-06-07T04:00:00", "published": "2014-06-06T04:00:00", "id": "CTX140876", "href": "https://support.citrix.com/article/CTX140876", "title": "Citrix Security Advisory for OpenSSL Vulnerabilities (June 2014)", "type": "citrix", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2019-12-20T18:27:06", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2010-5298", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221"], "description": "**CentOS Errata and Security Advisory** CESA-2014:0625\n\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nIt was found that OpenSSL clients and servers could be forced, via a\nspecially crafted handshake packet, to use weak keying material for\ncommunication. A man-in-the-middle attacker could use this flaw to decrypt\nand modify traffic between a client and a server. (CVE-2014-0224)\n\nNote: In order to exploit this flaw, both the server and the client must be\nusing a vulnerable version of OpenSSL; the server must be using OpenSSL\nversion 1.0.1 and above, and the client must be using any version of\nOpenSSL. For more information about this flaw, refer to:\nhttps://access.redhat.com/site/articles/904433\n\nA buffer overflow flaw was found in the way OpenSSL handled invalid DTLS\npacket fragments. A remote attacker could possibly use this flaw to execute\narbitrary code on a DTLS client or server. (CVE-2014-0195)\n\nMultiple flaws were found in the way OpenSSL handled read and write buffers\nwhen the SSL_MODE_RELEASE_BUFFERS mode was enabled. A TLS/SSL client or\nserver using OpenSSL could crash or unexpectedly drop connections when\nprocessing certain SSL traffic. (CVE-2010-5298, CVE-2014-0198)\n\nA denial of service flaw was found in the way OpenSSL handled certain DTLS\nServerHello requests. A specially crafted DTLS handshake packet could cause\na DTLS client using OpenSSL to crash. (CVE-2014-0221)\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed\nanonymous Elliptic Curve Diffie Hellman (ECDH) key exchange. A specially\ncrafted handshake packet could cause a TLS/SSL client that has the\nanonymous ECDH cipher suite enabled to crash. (CVE-2014-3470)\n\nRed Hat would like to thank the OpenSSL project for reporting these issues.\nUpstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter\nof CVE-2014-0224, J\u00fcri Aedla as the original reporter of CVE-2014-0195,\nImre Rad of Search-Lab as the original reporter of CVE-2014-0221, and Felix\nGr\u00f6bert and Ivan Fratri\u0107 of Google as the original reporters of\nCVE-2014-3470.\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2014-June/032382.html\n\n**Affected packages:**\nopenssl\nopenssl-devel\nopenssl-perl\nopenssl-static\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2014-0625.html", "edition": 3, "modified": "2014-06-05T13:06:47", "published": "2014-06-05T13:06:47", "href": "http://lists.centos.org/pipermail/centos-announce/2014-June/032382.html", "id": "CESA-2014:0625", "title": "openssl security update", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "thn": [{"lastseen": "2018-01-27T09:17:49", "bulletinFamily": "info", "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2010-5298", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221"], "description": "[![OpenSSL Vulnerable to Man-in-the-Middle Attack and Several Other Vulnerabilities](https://3.bp.blogspot.com/-W9MmiVzV-K4/U5CfAfLYiXI/AAAAAAAAb9U/ypeNlFGpb14/s728/Openssl-bug-mitm.jpg)](<https://3.bp.blogspot.com/-W9MmiVzV-K4/U5CfAfLYiXI/AAAAAAAAb9U/ypeNlFGpb14/s1600/Openssl-bug-mitm.jpg>)\n\nRemember OpenSSL [Heartbleed vulnerability](<https://thehackernews.com/2014/04/heartbleed-bug-explained-10-most.html>)? Several weeks ago, the exposure of this security bug chilled the Internet, revealed that millions of websites were vulnerable to a flaw in the OpenSSL code which they used to encrypt their communications.\n\n \n\n\nNow once again the OpenSSL Foundation has issued software updates to patch six new vulnerabilities, and two of them are critical.\n\n \n\n\n**MAN-IN-THE-MIDDLE ATTACK (CVE-2014-0224)**\n\nFirst critical vulnerability (CVE-2014-0224) in [OpenSSL](<https://thehackernews.com/search/label/OpenSSL>) is \"_CCS Injection_\" - resides in ChangeCipherSpec (CCS) request sent during the handshake that could allow an attacker to perform a [man-in-the-middle attack](<https://thehackernews.com/search/label/Man-in-the-Middle>) against the encrypted connection servers and clients. \n\n \n\n\nBy exploiting this vulnerability an attacker could intercept an encrypted connection which allows him to decrypt, read or manipulate the data. But the reported flaw is exploitable only if both server and client are vulnerable to this issue.\n\n \n\n\nAccording to the OpenSSL [advisory](<https://www.openssl.org/news/secadv_20140605.txt>), \"_An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers._\" All versions of OpenSSL are vulnerable on the client side. Only 1.0.1 and above are currently known to be vulnerable on the server side. SSL VPN (_virtual private network_) products are believed to be especially vulnerable to this flaw.\n\n \n\n\nOpenSSL CCS Injection vulnerability is discovered by a Japanese security researcher, _[Masashi Kikuchi](<http://ccsinjection.lepidum.co.jp/blog/2014-06-05/CCS-Injection-en/index.html>)_ from Lepidum security firm._ _According to him this bug was existed since the very first release of OpenSSL. RedHat also posted a detailed [explanation](<https://securityblog.redhat.com/2014/06/05/openssl-mitm-ccs-injection-attack-cve-2014-0224/>) about this bug on their security blog.\n\n** \n**\n\n**DTLS invalid fragment vulnerability (CVE-2014-0195):**** **Sending invalid DTLS fragments to a OpenSSL DTLS client or server can lead to a buffer overrun attack. A potential hacker could exploit this flaw to run arbitrary code on a vulnerable client or server. This [vulnerability](<https://thehackernews.com/search/label/Vulnerability>) also marked as critical bug.\n\n \n\n\n**DTLS recursion flaw (CVE-2014-0221): **A remote attacker can send an invalid DTLS (Datagram Transport Layer Security) handshake to an OpenSSL DTLS client, which will force the code to recurse eventually crashing in a DoS attack. This attack is limited to the applications using OpenSSL as a DTLS client.\n\n \n\n\nDTLS mainly used in VOIP and other communication related applications like Cisco Systems\u2019 AnyConnect VPN Client. Chrome and Firefox web browser also support [DTLS for WebRTC](<https://thehackernews.com/2014/06/mozilla-to-provide-webrtc-based-free.html>) (_Web Real-Time Communication_) for P2P file sharing and Voice/Video Chats.\n\n \n\n\nOther important OpenSSL vulnerabilities are:\n\n * **SSL_MODE_RELEASE_BUFFERS NULL pointer dereference (CVE-2014-0198),** allows remote attackers to cause a denial of service via a NULL pointer dereference.\n * **SSL_MODE_RELEASE_BUFFERS session injection or denial of service (CVE-2010-5298),** allows remote attackers to inject data across sessions or cause a denial of service.\n * **Anonymous ECDH denial of service (CVE-2014-3470),** OpenSSL TLS clients enabling anonymous ECDH (Elliptic Curve Diffie Hellman) ciphersuites are subject to a denial of service attack.\n\nBut the good news is that these vulnerabilities are not as critical as Heartbleed bug. The patched versions 0.9.8za, 1.0.0m and 1.0.1h are available on the project website to download and The OpenSSL Foundation is urging companies to update their implementation as soon as possible.\n", "modified": "2014-06-05T16:51:06", "published": "2014-06-05T05:49:00", "id": "THN:D2B91981A95FA63440BEC1909D1FAE82", "href": "https://thehackernews.com/2014/06/openssl-vulnerable-to-man-in-middle.html", "type": "thn", "title": "OpenSSL Vulnerable to Man-in-the-Middle Attack and Several Other Bugs", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "redhat": [{"lastseen": "2019-08-13T18:45:40", "bulletinFamily": "unix", "cvelist": ["CVE-2010-5298", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221", "CVE-2014-0224", "CVE-2014-3470"], "description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nIt was found that OpenSSL clients and servers could be forced, via a\nspecially crafted handshake packet, to use weak keying material for\ncommunication. A man-in-the-middle attacker could use this flaw to decrypt\nand modify traffic between a client and a server. (CVE-2014-0224)\n\nNote: In order to exploit this flaw, both the server and the client must be\nusing a vulnerable version of OpenSSL; the server must be using OpenSSL\nversion 1.0.1 and above, and the client must be using any version of\nOpenSSL. For more information about this flaw, refer to:\nhttps://access.redhat.com/site/articles/904433\n\nA buffer overflow flaw was found in the way OpenSSL handled invalid DTLS\npacket fragments. A remote attacker could possibly use this flaw to execute\narbitrary code on a DTLS client or server. (CVE-2014-0195)\n\nMultiple flaws were found in the way OpenSSL handled read and write buffers\nwhen the SSL_MODE_RELEASE_BUFFERS mode was enabled. A TLS/SSL client or\nserver using OpenSSL could crash or unexpectedly drop connections when\nprocessing certain SSL traffic. (CVE-2010-5298, CVE-2014-0198)\n\nA denial of service flaw was found in the way OpenSSL handled certain DTLS\nServerHello requests. A specially crafted DTLS handshake packet could cause\na DTLS client using OpenSSL to crash. (CVE-2014-0221)\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed\nanonymous Elliptic Curve Diffie Hellman (ECDH) key exchange. A specially\ncrafted handshake packet could cause a TLS/SSL client that has the\nanonymous ECDH cipher suite enabled to crash. (CVE-2014-3470)\n\nRed Hat would like to thank the OpenSSL project for reporting these issues.\nUpstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter\nof CVE-2014-0224, J\u00fcri Aedla as the original reporter of CVE-2014-0195,\nImre Rad of Search-Lab as the original reporter of CVE-2014-0221, and Felix\nGr\u00f6bert and Ivan Fratri\u0107 of Google as the original reporters of\nCVE-2014-3470.\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\n", "modified": "2018-06-06T20:24:08", "published": "2014-06-05T04:00:00", "id": "RHSA-2014:0625", "href": "https://access.redhat.com/errata/RHSA-2014:0625", "type": "redhat", "title": "(RHSA-2014:0625) Important: openssl security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:46:18", "bulletinFamily": "unix", "cvelist": ["CVE-2010-5298", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221", "CVE-2014-0224", "CVE-2014-3470"], "description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nIt was found that OpenSSL clients and servers could be forced, via a\nspecially crafted handshake packet, to use weak keying material for\ncommunication. A man-in-the-middle attacker could use this flaw to decrypt\nand modify traffic between a client and a server. (CVE-2014-0224)\n\nNote: In order to exploit this flaw, both the server and the client must be\nusing a vulnerable version of OpenSSL; the server must be using OpenSSL\nversion 1.0.1 and above, and the client must be using any version of\nOpenSSL. For more information about this flaw, refer to:\nhttps://access.redhat.com/site/articles/904433\n\nA buffer overflow flaw was found in the way OpenSSL handled invalid DTLS\npacket fragments. A remote attacker could possibly use this flaw to execute\narbitrary code on a DTLS client or server. (CVE-2014-0195)\n\nMultiple flaws were found in the way OpenSSL handled read and write buffers\nwhen the SSL_MODE_RELEASE_BUFFERS mode was enabled. A TLS/SSL client or\nserver using OpenSSL could crash or unexpectedly drop connections when\nprocessing certain SSL traffic. (CVE-2010-5298, CVE-2014-0198)\n\nA denial of service flaw was found in the way OpenSSL handled certain DTLS\nServerHello requests. A specially crafted DTLS handshake packet could cause\na DTLS client using OpenSSL to crash. (CVE-2014-0221)\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed\nanonymous Elliptic Curve Diffie Hellman (ECDH) key exchange. A specially\ncrafted handshake packet could cause a TLS/SSL client that has the\nanonymous ECDH cipher suite enabled to crash. (CVE-2014-3470)\n\nRed Hat would like to thank the OpenSSL project for reporting these issues.\nUpstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter\nof CVE-2014-0224, J\u00fcri Aedla as the original reporter of CVE-2014-0195,\nImre Rad of Search-Lab as the original reporter of CVE-2014-0221, and Felix\nGr\u00f6bert and Ivan Fratri\u0107 of Google as the original reporters of\nCVE-2014-3470.\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\n", "modified": "2015-04-24T14:18:05", "published": "2014-06-05T04:00:00", "id": "RHSA-2014:0628", "href": "https://access.redhat.com/errata/RHSA-2014:0628", "type": "redhat", "title": "(RHSA-2014:0628) Important: openssl security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:47:02", "bulletinFamily": "unix", "cvelist": ["CVE-2010-5298", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221", "CVE-2014-0224", "CVE-2014-3470"], "description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nIt was found that OpenSSL clients and servers could be forced, via a\nspecially crafted handshake packet, to use weak keying material for\ncommunication. A man-in-the-middle attacker could use this flaw to decrypt\nand modify traffic between a client and a server. (CVE-2014-0224)\n\nNote: In order to exploit this flaw, both the server and the client must be\nusing a vulnerable version of OpenSSL; the server must be using OpenSSL\nversion 1.0.1 and above, and the client must be using any version of\nOpenSSL. For more information about this flaw, refer to:\nhttps://access.redhat.com/site/articles/904433\n\nA buffer overflow flaw was found in the way OpenSSL handled invalid DTLS\npacket fragments. A remote attacker could possibly use this flaw to execute\narbitrary code on a DTLS client or server. (CVE-2014-0195)\n\nMultiple flaws were found in the way OpenSSL handled read and write buffers\nwhen the SSL_MODE_RELEASE_BUFFERS mode was enabled. A TLS/SSL client or\nserver using OpenSSL could crash or unexpectedly drop connections when\nprocessing certain SSL traffic. (CVE-2010-5298, CVE-2014-0198)\n\nA denial of service flaw was found in the way OpenSSL handled certain DTLS\nServerHello requests. A specially crafted DTLS handshake packet could cause\na DTLS client using OpenSSL to crash. (CVE-2014-0221)\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed\nanonymous Elliptic Curve Diffie Hellman (ECDH) key exchange. A specially\ncrafted handshake packet could cause a TLS/SSL client that has the\nanonymous ECDH cipher suite enabled to crash. (CVE-2014-3470)\n\nRed Hat would like to thank the OpenSSL project for reporting these issues.\nUpstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter\nof CVE-2014-0224, J\u00fcri Aedla as the original reporter of CVE-2014-0195,\nImre Rad of Search-Lab as the original reporter of CVE-2014-0221, and Felix\nGr\u00f6bert and Ivan Fratri\u0107 of Google as the original reporters of\nCVE-2014-3470.\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\n", "modified": "2018-04-12T03:33:20", "published": "2014-06-10T04:00:00", "id": "RHSA-2014:0679", "href": "https://access.redhat.com/errata/RHSA-2014:0679", "type": "redhat", "title": "(RHSA-2014:0679) Important: openssl security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:37", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2010-5298", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221"], "edition": 1, "description": "### Background\n\nOpenSSL is an Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general purpose cryptography library. \n\n### Description\n\nMultiple vulnerabilities have been discovered in OpenSSL. Please review the OpenSSL Security Advisory [05 Jun 2014] and the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could send specially crafted DTLS fragments to an OpenSSL DTLS client or server to possibly execute arbitrary code with the privileges of the process using OpenSSL. \n\nFurthermore, an attacker could force the use of weak keying material in OpenSSL SSL/TLS clients and servers, inject data across sessions, or cause a Denial of Service via various vectors. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll OpenSSL users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/openssl-1.0.1h-r1\"", "modified": "2015-06-06T00:00:00", "published": "2014-07-27T00:00:00", "id": "GLSA-201407-05", "href": "https://security.gentoo.org/glsa/201407-05", "type": "gentoo", "title": "OpenSSL: Multiple vulnerabilities", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:36:35", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2010-5298", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221"], "description": "[1.0.1e-16.14]\n- fix CVE-2010-5298 - possible use of memory after free\n- fix CVE-2014-0195 - buffer overflow via invalid DTLS fragment\n- fix CVE-2014-0198 - possible NULL pointer dereference\n- fix CVE-2014-0221 - DoS from invalid DTLS handshake packet\n- fix CVE-2014-0224 - SSL/TLS MITM vulnerability\n- fix CVE-2014-3470 - client-side DoS when using anonymous ECDH", "edition": 4, "modified": "2014-06-05T00:00:00", "published": "2014-06-05T00:00:00", "id": "ELSA-2014-0625", "href": "http://linux.oracle.com/errata/ELSA-2014-0625.html", "title": "openssl security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:41", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2010-5298", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221"], "description": "[1.0.1e-34.3]\n- fix CVE-2010-5298 - possible use of memory after free\n- fix CVE-2014-0195 - buffer overflow via invalid DTLS fragment\n- fix CVE-2014-0198 - possible NULL pointer dereference\n- fix CVE-2014-0221 - DoS from invalid DTLS handshake packet\n- fix CVE-2014-0224 - SSL/TLS MITM vulnerability\n- fix CVE-2014-3470 - client-side DoS when using anonymous ECDH", "edition": 4, "modified": "2014-07-23T00:00:00", "published": "2014-07-23T00:00:00", "id": "ELSA-2014-0679", "href": "http://linux.oracle.com/errata/ELSA-2014-0679.html", "title": "openssl security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "slackware": [{"lastseen": "2020-10-25T16:36:20", "bulletinFamily": "unix", "cvelist": ["CVE-2010-5298", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221", "CVE-2014-0224", "CVE-2014-3470"], "description": "New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,\nand -current to fix security issues.\n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n\npatches/packages/openssl-1.0.1h-i486-1_slack14.1.txz: Upgraded.\n Multiple security issues have been corrected, including a possible\n man-in-the-middle attack where weak keying material is forced, denial\n of service, and the execution of arbitrary code.\n For more information, see:\n http://www.openssl.org/news/secadv_20140605.txt\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470\n (* Security fix *)\npatches/packages/openssl-solibs-1.0.1h-i486-1_slack14.1.txz: Upgraded.\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated packages for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8za-i486-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8za-i486-1_slack13.0.txz\n\nUpdated packages for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8za-x86_64-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8za-x86_64-1_slack13.0.txz\n\nUpdated packages for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8za-i486-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8za-i486-1_slack13.1.txz\n\nUpdated packages for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8za-x86_64-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8za-x86_64-1_slack13.1.txz\n\nUpdated packages for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8za-i486-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8za-i486-1_slack13.37.txz\n\nUpdated packages for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8za-x86_64-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8za-x86_64-1_slack13.37.txz\n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1h-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1h-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1h-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1h-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1h-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1h-i486-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1h-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1h-x86_64-1_slack14.1.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1h-i486-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1h-i486-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1h-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1h-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 13.0 packages:\n634b8ecc8abc6d3f249b73d0fefa5959 openssl-0.9.8za-i486-1_slack13.0.txz\na2529f1243d42a3608f61b96236b5f60 openssl-solibs-0.9.8za-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 packages:\n2ddac651c5f2531f3a7f70d9f5823bd6 openssl-0.9.8za-x86_64-1_slack13.0.txz\nd7ffeb15713a587f642fbb3d5c310c75 openssl-solibs-0.9.8za-x86_64-1_slack13.0.txz\n\nSlackware 13.1 packages:\n0b84a6a1edf76cba83d4c52c54196baa openssl-0.9.8za-i486-1_slack13.1.txz\ndfd5d241b0e1703ae9d70d6ccda06179 openssl-solibs-0.9.8za-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 packages:\nbd749622577a5f76a59d90b95aa922fd openssl-0.9.8za-x86_64-1_slack13.1.txz\n35cf911dd9f0cc13f7f0056d9e1f4520 openssl-solibs-0.9.8za-x86_64-1_slack13.1.txz\n\nSlackware 13.37 packages:\n8f674defac9002c81265d284b1072f75 openssl-0.9.8za-i486-1_slack13.37.txz\n48ce79e7714cb0c823d2b6ea4a88ba51 openssl-solibs-0.9.8za-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 packages:\nefa09162c22782c15806bca99472c5be openssl-0.9.8za-x86_64-1_slack13.37.txz\n8e3b8d1e3d3a740bd274fbe38dc10f96 openssl-solibs-0.9.8za-x86_64-1_slack13.37.txz\n\nSlackware 14.0 packages:\n8e2698d19f54c7e0cac8f998df23b782 openssl-1.0.1h-i486-1_slack14.0.txz\ncf6233bc169cf6dd192bb7210f779fc1 openssl-solibs-1.0.1h-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\n2b4f0610d5e46fa7bb27a0b39f0d6d33 openssl-1.0.1h-x86_64-1_slack14.0.txz\n18fdd83dcf86204275508a689a017dea openssl-solibs-1.0.1h-x86_64-1_slack14.0.txz\n\nSlackware 14.1 packages:\n49aea7da42eef41da894f29762971863 openssl-1.0.1h-i486-1_slack14.1.txz\n6f19f4fdc3f018b4e821c519d7bb1e5c openssl-solibs-1.0.1h-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\nccf5ff2b107c665a4f3bf98176937749 openssl-1.0.1h-x86_64-1_slack14.1.txz\nea1aaba38c98b096186ca94ca541a793 openssl-solibs-1.0.1h-x86_64-1_slack14.1.txz\n\nSlackware -current packages:\ndb1ed7ded71ab503f567940fff39eb16 a/openssl-solibs-1.0.1h-i486-1.txz\n0db4f91f9b568b2b2629950e5ab88b22 n/openssl-1.0.1h-i486-1.txz\n\nSlackware x86_64 -current packages:\nd01aef33335bee27f36574241f54091f a/openssl-solibs-1.0.1h-x86_64-1.txz\n95a743d21c58f39573845d6ec5270656 n/openssl-1.0.1h-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the packages as root:\n > upgradepkg openssl-1.0.1h-i486-1_slack14.1.txz openssl-solibs-1.0.1h-i486-1_slack14.1.txz", "modified": "2014-06-06T05:27:11", "published": "2014-06-06T05:27:11", "id": "SSA-2014-156-03", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.746956", "type": "slackware", "title": "[slackware-security] openssl", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "seebug": [{"lastseen": "2017-11-19T12:02:28", "description": "OpenSSL is an open-source SSL implementation, used to implement the network communication of high-strength encryption, it is now widely used in various network applications.\n\nOpenSSL 0.9.8 za, 1.0.0 m, 1.0.1 h prior version, does not properly handle ChangeCipherSpec messages, which allows the middle attack in certain OpenSSL-to-OpenSSL communications within the use of a zero-length master key, and then use a specially crafted TLS handshake to hijack a session and gain sensitive information.\n\nOpenSSL TLS heartbeat read remote information disclosure Vulnerability (CVE-2014-0160) http://www.linuxidc.com/Linux/2014-04/99741.htm\n\nOpenSSL serious bug allows an attacker to read 64k of memory, and Debian half an hour to fix http://www.linuxidc.com/Linux/2014-04/99737.htm\n\nOpenSSL \u201cheartbleed\u201d security vulnerability http://www.linuxidc.com/Linux/2014-04/99706.htm\n\nBy OpenSSL to provide FTP+SSL/TLS authentication functions, and to achieve secure data transmission http://www.linuxidc.com/Linux/2013-05/84986.htm\n\n * Source: KIKUCHI Masashi\n", "published": "2016-12-20T00:00:00", "type": "seebug", "title": "OpenSSL SSL/TLS MITM Vulnerability (CVE-2014-0224)", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-0160", "CVE-2014-0224"], "modified": "2016-12-20T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-92577", "id": "SSV:92577", "sourceData": "", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": ""}], "amazon": [{"lastseen": "2020-11-10T12:36:34", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2010-5298", "CVE-2014-0195", "CVE-2014-0198", "CVE-2015-0292", "CVE-2014-0221"], "description": "**Issue Overview:**\n\nIt was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. ([CVE-2014-0224 __](<https://access.redhat.com/security/cve/CVE-2014-0224>))\n\nNote: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL.\n\nA buffer overflow flaw was found in the way OpenSSL handled invalid DTLS packet fragments. A remote attacker could possibly use this flaw to execute arbitrary code on a DTLS client or server. ([CVE-2014-0195 __](<https://access.redhat.com/security/cve/CVE-2014-0195>))\n\nMultiple flaws were found in the way OpenSSL handled read and write buffers when the SSL_MODE_RELEASE_BUFFERS mode was enabled. A TLS/SSL client or server using OpenSSL could crash or unexpectedly drop connections when processing certain SSL traffic. ([CVE-2010-5298 __](<https://access.redhat.com/security/cve/CVE-2010-5298>), [CVE-2014-0198 __](<https://access.redhat.com/security/cve/CVE-2014-0198>))\n\nA denial of service flaw was found in the way OpenSSL handled certain DTLS ServerHello requests. A specially crafted DTLS handshake packet could cause a DTLS client using OpenSSL to crash. ([CVE-2014-0221 __](<https://access.redhat.com/security/cve/CVE-2014-0221>))\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed anonymous Elliptic Curve Diffie Hellman (ECDH) key exchange. A specially crafted handshake packet could cause a TLS/SSL client that has the anonymous ECDH cipher suite enabled to crash. ([CVE-2014-3470 __](<https://access.redhat.com/security/cve/CVE-2014-3470>))\n\nAn integer underflow flaw, leading to a heap-based buffer overflow, was found in the way OpenSSL decoded certain base64 strings. A remote attacker could provide a specially crafted base64 string via certain PEM processing routines that, when parsed by the OpenSSL library, would cause the OpenSSL server to crash. ([CVE-2015-0292 __](<https://access.redhat.com/security/cve/CVE-2015-0292>))\n\n \n**Affected Packages:** \n\n\nopenssl\n\n \n**Issue Correction:** \nRun _yum update openssl_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n openssl-devel-1.0.1h-1.72.amzn1.i686 \n openssl-1.0.1h-1.72.amzn1.i686 \n openssl-debuginfo-1.0.1h-1.72.amzn1.i686 \n openssl-perl-1.0.1h-1.72.amzn1.i686 \n openssl-static-1.0.1h-1.72.amzn1.i686 \n \n src: \n openssl-1.0.1h-1.72.amzn1.src \n \n x86_64: \n openssl-debuginfo-1.0.1h-1.72.amzn1.x86_64 \n openssl-static-1.0.1h-1.72.amzn1.x86_64 \n openssl-devel-1.0.1h-1.72.amzn1.x86_64 \n openssl-perl-1.0.1h-1.72.amzn1.x86_64 \n openssl-1.0.1h-1.72.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2014-06-04T15:45:00", "published": "2014-06-04T15:45:00", "id": "ALAS-2014-349", "href": "https://alas.aws.amazon.com/ALAS-2014-349.html", "title": "Important: openssl", "type": "amazon", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cisco": [{"lastseen": "2020-12-24T11:41:39", "bulletinFamily": "software", "cvelist": ["CVE-2010-5298", "CVE-2014-0076", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221", "CVE-2014-0224", "CVE-2014-3470"], "description": "Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to execute arbitrary code, create a denial of service (DoS) condition, or perform a man-in-the-middle attack. On June 5, 2014, the OpenSSL Project released a security advisory detailing seven distinct vulnerabilities. The vulnerabilities are referenced in this document as follows:\n\n SSL/TLS Man-in-the-Middle Vulnerability\n DTLS Recursion Flaw Vulnerability\n DTLS Invalid Fragment Vulnerability\n SSL_MODE_RELEASE_BUFFERS NULL Pointer Dereference Vulnerability\n SSL_MODE_RELEASE_BUFFERS Session Injection or Denial of Service Vulnerability\n Anonymous ECDH Denial of Service Vulnerability\n ECDSA NONCE Side-Channel Recovery Attack Vulnerability\n\nPlease note that the devices that are affected by this vulnerability are the devices acting as a Secure Sockets Layer (SSL) or Datagram Transport Layer Security (DTLS) server terminating SSL or DTLS connections or devices acting as an SSL client initiating an SSL or DTLS connection. Devices that are simply traversed by SSL or DTLS traffic without terminating it are not affected.\n\nCisco will release software updates that address these vulnerabilities. \n\nWorkarounds that mitigate these vulnerabilities may be available.\n\nThis advisory is available at the following link:\n\nhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl[\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl\"]", "modified": "2015-03-27T19:50:00", "published": "2014-06-05T22:40:00", "id": "CISCO-SA-20140605-OPENSSL", "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl", "type": "cisco", "title": "Multiple Vulnerabilities in OpenSSL Affecting Cisco Products", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}]}