Vulnerabilites related to IBM - Content Manager
cve-2018-1502
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg22014917 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1040760 | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/141338 | vdb-entry, x_refsource_XF |
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Content Manager |
Version: 8.4.3 Version: 8.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:59:39.206Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg22014917"
},
{
"name": "1040760",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040760"
},
{
"name": "ibm-icm-cve20181502-xss(141338)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/141338"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Content Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.4.3"
},
{
"status": "affected",
"version": "8.5"
}
]
}
],
"datePublic": "2018-04-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Content Manager Enterprise Edition Resource Manager 8.4.3 and 9.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 141338."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-02T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg22014917"
},
{
"name": "1040760",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040760"
},
{
"name": "ibm-icm-cve20181502-xss(141338)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/141338"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-04-20T00:00:00",
"ID": "CVE-2018-1502",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Content Manager",
"version": {
"version_data": [
{
"version_value": "8.4.3"
},
{
"version_value": "8.5"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Content Manager Enterprise Edition Resource Manager 8.4.3 and 9.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 141338."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg22014917",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg22014917"
},
{
"name": "1040760",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040760"
},
{
"name": "ibm-icm-cve20181502-xss(141338)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/141338"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1502",
"datePublished": "2018-05-01T14:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-16T19:29:58.171Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
var-201505-0233
Vulnerability from variot
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue. There is a security vulnerability in the TLS protocol 1.2 and earlier versions. The vulnerability comes from that when the server enables the DHE_EXPORT cipher suite, the program does not pass the DHE_EXPORT option correctly. Attackers can exploit this vulnerability to implement man-in-the-middle attacks and cipher-downgrade attacks by rewriting ClientHello (use DHE_EXPORT instead of DHE) and then rewrite ServerHello (use DHE instead of DHE_EXPORT).
Background
OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security as well as a general purpose cryptography library. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201603-11
https://security.gentoo.org/
Severity: Normal Title: Oracle JRE/JDK: Multiple vulnerabilities Date: March 12, 2016 Bugs: #525472, #540054, #546678, #554886, #563684, #572432 ID: 201603-11
Synopsis
Multiple vulnerabilities have been found in Oracle's JRE and JDK software suites allowing remote attackers to remotely execute arbitrary code, obtain information, and cause Denial of Service.
Background
Java Platform, Standard Edition (Java SE) lets you develop and deploy Java applications on desktops and servers, as well as in today's demanding embedded environments. Java offers the rich user interface, performance, versatility, portability, and security that today's applications require.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-java/oracle-jre-bin < 1.8.0.72 >= 1.8.0.72 2 dev-java/oracle-jdk-bin < 1.8.0.72 >= 1.8.0.72 ------------------------------------------------------------------- 2 affected packages
Description
Multiple vulnerabilities exist in both Oracle's JRE and JDK. Please review the referenced CVE's for additional information.
Workaround
There is no known workaround at this time.
Resolution
All Oracle JRE Users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v ">=dev-java/oracle-jre-bin-1.8.0.72"
All Oracle JDK Users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v ">=dev-java/oracle-jdk-bin-1.8.0.72"
References
[ 1 ] CVE-2015-0437 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0437 [ 2 ] CVE-2015-0437 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0437 [ 3 ] CVE-2015-0458 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0458 [ 4 ] CVE-2015-0459 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0459 [ 5 ] CVE-2015-0460 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0460 [ 6 ] CVE-2015-0469 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0469 [ 7 ] CVE-2015-0470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0470 [ 8 ] CVE-2015-0477 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0477 [ 9 ] CVE-2015-0478 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0478 [ 10 ] CVE-2015-0480 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0480 [ 11 ] CVE-2015-0484 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0484 [ 12 ] CVE-2015-0486 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0486 [ 13 ] CVE-2015-0488 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0488 [ 14 ] CVE-2015-0491 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0491 [ 15 ] CVE-2015-0492 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0492 [ 16 ] CVE-2015-2590 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2590 [ 17 ] CVE-2015-2601 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2601 [ 18 ] CVE-2015-2613 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2613 [ 19 ] CVE-2015-2619 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2619 [ 20 ] CVE-2015-2621 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2621 [ 21 ] CVE-2015-2625 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2625 [ 22 ] CVE-2015-2627 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2627 [ 23 ] CVE-2015-2628 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2628 [ 24 ] CVE-2015-2632 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2632 [ 25 ] CVE-2015-2637 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2637 [ 26 ] CVE-2015-2638 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2638 [ 27 ] CVE-2015-2659 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2659 [ 28 ] CVE-2015-2664 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2664 [ 29 ] CVE-2015-4000 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4000 [ 30 ] CVE-2015-4729 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4729 [ 31 ] CVE-2015-4731 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4731 [ 32 ] CVE-2015-4732 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4732 [ 33 ] CVE-2015-4733 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4733 [ 34 ] CVE-2015-4734 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4734 [ 35 ] CVE-2015-4734 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4734 [ 36 ] CVE-2015-4736 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4736 [ 37 ] CVE-2015-4748 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4748 [ 38 ] CVE-2015-4760 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4760 [ 39 ] CVE-2015-4803 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4803 [ 40 ] CVE-2015-4803 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4803 [ 41 ] CVE-2015-4805 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4805 [ 42 ] CVE-2015-4805 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4805 [ 43 ] CVE-2015-4806 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4806 [ 44 ] CVE-2015-4806 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4806 [ 45 ] CVE-2015-4810 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4810 [ 46 ] CVE-2015-4810 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4810 [ 47 ] CVE-2015-4835 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4835 [ 48 ] CVE-2015-4835 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4835 [ 49 ] CVE-2015-4840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4840 [ 50 ] CVE-2015-4840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4840 [ 51 ] CVE-2015-4842 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4842 [ 52 ] CVE-2015-4842 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4842 [ 53 ] CVE-2015-4843 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4843 [ 54 ] CVE-2015-4843 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4843 [ 55 ] CVE-2015-4844 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4844 [ 56 ] CVE-2015-4844 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4844 [ 57 ] CVE-2015-4860 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4860 [ 58 ] CVE-2015-4860 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4860 [ 59 ] CVE-2015-4868 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4868 [ 60 ] CVE-2015-4868 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4868 [ 61 ] CVE-2015-4871 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4871 [ 62 ] CVE-2015-4871 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4871 [ 63 ] CVE-2015-4872 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4872 [ 64 ] CVE-2015-4872 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4872 [ 65 ] CVE-2015-4881 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4881 [ 66 ] CVE-2015-4881 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4881 [ 67 ] CVE-2015-4882 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4882 [ 68 ] CVE-2015-4882 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4882 [ 69 ] CVE-2015-4883 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4883 [ 70 ] CVE-2015-4883 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4883 [ 71 ] CVE-2015-4893 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4893 [ 72 ] CVE-2015-4893 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4893 [ 73 ] CVE-2015-4901 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4901 [ 74 ] CVE-2015-4901 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4901 [ 75 ] CVE-2015-4902 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4902 [ 76 ] CVE-2015-4902 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4902 [ 77 ] CVE-2015-4903 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4903 [ 78 ] CVE-2015-4903 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4903 [ 79 ] CVE-2015-4906 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4906 [ 80 ] CVE-2015-4906 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4906 [ 81 ] CVE-2015-4908 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4908 [ 82 ] CVE-2015-4908 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4908 [ 83 ] CVE-2015-4911 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4911 [ 84 ] CVE-2015-4911 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4911 [ 85 ] CVE-2015-4916 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4916 [ 86 ] CVE-2015-4916 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4916 [ 87 ] CVE-2015-7840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7840 [ 88 ] CVE-2015-7840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7840
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201603-11
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n a-c04926789
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04926789 Version: 1
HPSBUX03435 SSRT102977 rev.1 - HP-UX Web Server Suite running Apache, Remote Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2016-01-07 Last Updated: 2016-01-07
Potential Security Impact: Remote Denial of Service (DoS)
Source: Hewlett Packard Enterprise, Product Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP-UX Web Server Suite running Apache on HP-UX 11iv3. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) and other impacts including:
The TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as "Logjam" could be exploited remotely to allow unauthorized modification. The RC4 stream cipher vulnerability in SSL/TLS known as "Bar Mitzvah" could be exploited remotely to allow disclosure of information.
References:
CVE-2015-4000 CVE-2015-2808 CVE-2015-3183 PSRT102977
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX Web Server Suite v4.05 HPUXWSATW405 httpd prior to 2.2.29.02
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2015-4000 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2015-2808 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2015-3183 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HPE has provided the following software updates to resolve the vulnerabilities with HP-UX Web Server Suite running Apache.
The updates are available for download from the following location:
https://h20392.www2.hpe.com/portal/swdepot/displayProductInfo.do?productNumbe r=HPUXWSATW406
Issues addressed:
CVE-2015-4000:
Disable Export cipher by default. DH parameter with 1024 bits is used by default. Allow to configure custom DHE or ECDHE parameters by appending the concerned parameter file to the certificate file given for the SSLCertificateFile directive.
CVE-2015-2808:
Disable RC4 cipher in configuration file.
Notes:
HP-UX Web Server Suite v4.06 HPUXWSATW406 contains the following components:
Apache B.2.2.29.02 Tomcat Servlet Engine C.6.0.43.01 PHP 5.4.40.1 (Part of Apache) Webmin A.1.070.13
See HPE Security Bulletin HPSBUX03512 for information about resolution for Apache web server of HP-UX 11iv2 at the following location: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04832246 MANUAL ACTIONS: Yes - Update Download and install the software update
PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HPE and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.31 IA/PA
hpuxws22APACHE.APACHE hpuxws22APACHE.AUTH_LDAP hpuxws22APACHE.MOD_JK hpuxws22APACHE.MOD_PERL hpuxws22APACHE.PHP hpuxws22APACHE.WEBPROXY action: install revision B.2.2.29.02 or subsequent
hpuxws22TOMCAT.TOMCAT action: install revision C.6.0.43.01 or subsequent
HP-UX B.11.31 PA
hpuxws22APACHE.APACHE2 hpuxws22APACHE.AUTH_LDAP2 hpuxws22APACHE.MOD_JK2 hpuxws22APACHE.MOD_PERL2 hpuxws22APACHE.PHP2 hpuxws22APACHE.WEBPROXY2 action: install revision B.2.2.29.02 or subsequent
HP-UX B.11.23 IA/PA
hpuxws22WEBMIN.HPDOCS hpuxws22WEBMIN.WEBMIN action: install revision A.1.070.13 or subsequent
END AFFECTED VERSIONS
HISTORY Version:1 (rev.1) - 7 January 2016 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.
Report: To report a potential security vulnerability with any HPE supported product, send Email to: security-alert@hpe.com
Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX
Copyright 2016 Hewlett Packard Enterprise
Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Important: Red Hat JBoss Enterprise Application Platform 6.4.10 natives update on RHEL 7 Advisory ID: RHSA-2016:2054-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2054.html Issue date: 2016-10-12 CVE Names: CVE-2015-3183 CVE-2015-3195 CVE-2015-4000 CVE-2016-2105 CVE-2016-2106 CVE-2016-2108 CVE-2016-2109 CVE-2016-3110 CVE-2016-4459 =====================================================================
- Summary:
Updated packages that provide Red Hat JBoss Enterprise Application Platform 6.4.10 natives, fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server - noarch, ppc64, x86_64
- Description:
Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7.
This release includes bug fixes and enhancements, as well as a new release of OpenSSL that addresses a number of outstanding security flaws. For further information, see the knowledge base article linked to in the References section. All users of Red Hat JBoss Enterprise Application Platform 6.4 on Red Hat Enterprise Linux 7 are advised to upgrade to these updated packages. The JBoss server process must be restarted for the update to take effect.
Security Fix(es):
-
A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library. (CVE-2016-2108)
-
Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP request smuggling attacks. (CVE-2015-3183)
-
A memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and CMS data. A remote attacker could use this flaw to cause an application that parses PKCS#7 or CMS data from untrusted sources to use an excessive amount of memory and possibly crash. (CVE-2015-3195)
-
A flaw was found in the way the TLS protocol composes the Diffie-Hellman exchange (for both export and non-export grade cipher suites). An attacker could use this flaw to downgrade a DHE connection to use export-grade key sizes, which could then be broken by sufficient pre-computation. This can lead to a passive man-in-the-middle attack in which the attacker is able to decrypt all traffic. (CVE-2015-4000)
-
An integer overflow flaw, leading to a buffer overflow, was found in the way the EVP_EncodeUpdate() function of OpenSSL parsed very large amounts of input data. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. (CVE-2016-2105)
-
An integer overflow flaw, leading to a buffer overflow, was found in the way the EVP_EncryptUpdate() function of OpenSSL parsed very large amounts of input data. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. (CVE-2016-2106)
-
It was discovered that it is possible to remotely Segfault Apache http server with a specially crafted string sent to the mod_cluster via service messages (MCMP). (CVE-2016-3110)
-
A denial of service flaw was found in the way OpenSSL parsed certain ASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An application using OpenSSL that accepts untrusted ASN.1 BIO input could be forced to allocate an excessive amount of data. (CVE-2016-2109)
-
It was discovered that specifying configuration with a JVMRoute path longer than 80 characters will cause segmentation fault leading to a server crash. (CVE-2016-4459)
Red Hat would like to thank the OpenSSL project for reporting CVE-2016-2108, CVE-2016-2105, and CVE-2016-2106 and Michal Karm Babacek for reporting CVE-2016-3110. The CVE-2016-4459 issue was discovered by Robert Bost (Red Hat). Upstream acknowledges Huzaifa Sidhpurwala (Red Hat), Hanno BAPck, and David Benjamin (Google) as the original reporters of CVE-2016-2108; and Guido Vranken as the original reporter of CVE-2016-2105 and CVE-2016-2106.
- Solution:
Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
- Bugs fixed (https://bugzilla.redhat.com/):
1223211 - CVE-2015-4000 LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks 1243887 - CVE-2015-3183 httpd: HTTP request smuggling attack against chunked request parser 1288322 - CVE-2015-3195 OpenSSL: X509_ATTRIBUTE memory leak 1326320 - CVE-2016-3110 mod_cluster: remotely Segfault Apache http server 1330101 - CVE-2016-2109 openssl: ASN.1 BIO handling of large amounts of data 1331402 - CVE-2016-2108 openssl: Memory corruption in the ASN.1 encoder 1331441 - CVE-2016-2105 openssl: EVP_EncodeUpdate overflow 1331536 - CVE-2016-2106 openssl: EVP_EncryptUpdate overflow 1341583 - CVE-2016-4459 mod_cluster: Buffer overflow in mod_manager when sending request with long JVMRoute 1345989 - RHEL7 RPMs: Upgrade mod_cluster-native to 1.2.13.Final-redhat-1 1345993 - RHEL7 RPMs: Upgrade mod_jk to 1.2.41.redhat-1 1345997 - RHEL7 RPMs: Upgrade tomcat-native to 1.1.34
- Package List:
Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server:
Source: hornetq-native-2.3.25-4.SP11_redhat_1.ep6.el7.src.rpm httpd22-2.2.26-56.ep6.el7.src.rpm jbcs-httpd24-openssl-1.0.2h-4.jbcs.el7.src.rpm mod_jk-1.2.41-2.redhat_4.ep6.el7.src.rpm tomcat-native-1.1.34-5.redhat_1.ep6.el7.src.rpm
noarch: jbcs-httpd24-1-3.jbcs.el7.noarch.rpm jbcs-httpd24-runtime-1-3.jbcs.el7.noarch.rpm
ppc64: hornetq-native-2.3.25-4.SP11_redhat_1.ep6.el7.ppc64.rpm hornetq-native-debuginfo-2.3.25-4.SP11_redhat_1.ep6.el7.ppc64.rpm httpd22-2.2.26-56.ep6.el7.ppc64.rpm httpd22-debuginfo-2.2.26-56.ep6.el7.ppc64.rpm httpd22-devel-2.2.26-56.ep6.el7.ppc64.rpm httpd22-manual-2.2.26-56.ep6.el7.ppc64.rpm httpd22-tools-2.2.26-56.ep6.el7.ppc64.rpm jbcs-httpd24-openssl-1.0.2h-4.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-debuginfo-1.0.2h-4.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-devel-1.0.2h-4.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-libs-1.0.2h-4.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-perl-1.0.2h-4.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-static-1.0.2h-4.jbcs.el7.ppc64.rpm jbossas-hornetq-native-2.3.25-4.SP11_redhat_1.ep6.el7.ppc64.rpm jbossas-jbossweb-native-1.1.34-5.redhat_1.ep6.el7.ppc64.rpm mod_jk-ap22-1.2.41-2.redhat_4.ep6.el7.ppc64.rpm mod_jk-debuginfo-1.2.41-2.redhat_4.ep6.el7.ppc64.rpm mod_ldap22-2.2.26-56.ep6.el7.ppc64.rpm mod_ssl22-2.2.26-56.ep6.el7.ppc64.rpm tomcat-native-1.1.34-5.redhat_1.ep6.el7.ppc64.rpm tomcat-native-debuginfo-1.1.34-5.redhat_1.ep6.el7.ppc64.rpm
x86_64: hornetq-native-2.3.25-4.SP11_redhat_1.ep6.el7.x86_64.rpm hornetq-native-debuginfo-2.3.25-4.SP11_redhat_1.ep6.el7.x86_64.rpm httpd22-2.2.26-56.ep6.el7.x86_64.rpm httpd22-debuginfo-2.2.26-56.ep6.el7.x86_64.rpm httpd22-devel-2.2.26-56.ep6.el7.x86_64.rpm httpd22-manual-2.2.26-56.ep6.el7.x86_64.rpm httpd22-tools-2.2.26-56.ep6.el7.x86_64.rpm jbcs-httpd24-openssl-1.0.2h-4.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-debuginfo-1.0.2h-4.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-devel-1.0.2h-4.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-libs-1.0.2h-4.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-perl-1.0.2h-4.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-static-1.0.2h-4.jbcs.el7.x86_64.rpm jbossas-hornetq-native-2.3.25-4.SP11_redhat_1.ep6.el7.x86_64.rpm jbossas-jbossweb-native-1.1.34-5.redhat_1.ep6.el7.x86_64.rpm mod_jk-ap22-1.2.41-2.redhat_4.ep6.el7.x86_64.rpm mod_jk-debuginfo-1.2.41-2.redhat_4.ep6.el7.x86_64.rpm mod_ldap22-2.2.26-56.ep6.el7.x86_64.rpm mod_ssl22-2.2.26-56.ep6.el7.x86_64.rpm tomcat-native-1.1.34-5.redhat_1.ep6.el7.x86_64.rpm tomcat-native-debuginfo-1.1.34-5.redhat_1.ep6.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2015-3183 https://access.redhat.com/security/cve/CVE-2015-3195 https://access.redhat.com/security/cve/CVE-2015-4000 https://access.redhat.com/security/cve/CVE-2016-2105 https://access.redhat.com/security/cve/CVE-2016-2106 https://access.redhat.com/security/cve/CVE-2016-2108 https://access.redhat.com/security/cve/CVE-2016-2109 https://access.redhat.com/security/cve/CVE-2016-3110 https://access.redhat.com/security/cve/CVE-2016-4459 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/articles/2688611 https://access.redhat.com/solutions/222023 https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/6.4/index.html https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform&downloadType=securityPatches&version=6.4
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFX/nCuXlSAg2UNWIIRAq6gAKCk3O4+LVrC6nN6yUHOOzpm8GB7NQCcDcA0 n7n6E5uqbAY0W1AG5Z+9yy8= =6ET2 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 7) - x86_64
- Description:
IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.
This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. (CVE-2015-1931, CVE-2015-2590, CVE-2015-2601, CVE-2015-2613, CVE-2015-2619, CVE-2015-2621, CVE-2015-2625, CVE-2015-2632, CVE-2015-2637, CVE-2015-2638, CVE-2015-2664, CVE-2015-4000, CVE-2015-4729, CVE-2015-4731, CVE-2015-4732, CVE-2015-4733, CVE-2015-4736, CVE-2015-4748, CVE-2015-4749, CVE-2015-4760)
Note: This update forces the TLS/SSL client implementation in IBM JDK to reject DH key sizes below 768 bits to address the CVE-2015-4000 issue. Refer to Red Hat Bugzilla bug 1223211, linked to in the References section, for additional details about this change. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):
1223211 - CVE-2015-4000 LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks 1241965 - CVE-2015-2625 OpenJDK: name for reverse DNS lookup used in certificate identity check (JSSE, 8067694) 1242019 - CVE-2015-2601 OpenJDK: non-constant time comparisons in crypto code (JCE, 8074865) 1242234 - CVE-2015-4731 OpenJDK: improper permission checks in MBeanServerInvocationHandler (JMX, 8076397) 1242240 - CVE-2015-4732 OpenJDK: insufficient context checks during object deserialization (Libraries, 8076405) 1242275 - CVE-2015-4733 OpenJDK: RemoteObjectInvocationHandler allows calling finalize() (RMI, 8076409) 1242281 - CVE-2015-4748 OpenJDK: incorrect OCSP nextUpdate checking (Libraries, 8075374) 1242372 - CVE-2015-2621 OpenJDK: incorrect code permission checks in RMIConnectionImpl (JMX, 8075853) 1242379 - CVE-2015-4749 OpenJDK: DnsClient fails to release request information after error (JNDI, 8075378) 1242394 - CVE-2015-2632 ICU: integer overflow in LETableReference verifyLength() (OpenJDK 2D, 8077520) 1242447 - CVE-2015-4760 ICU: missing boundary checks in layout engine (OpenJDK 2D, 8071715) 1242456 - CVE-2015-2613 NSS / JCE: missing EC parameter validation in ECDH_Derive() (OpenJDK JCE, 8075833) 1243139 - CVE-2015-2590 OpenJDK: deserialization issue in ObjectInputStream.readSerialData() (Libraries, 8076401) 1243283 - CVE-2015-2638 Oracle JDK: unspecified vulnerability fixed in 6u101, 7u85 and 8u51 (2D) 1243284 - CVE-2015-4736 Oracle JDK: unspecified vulnerability fixed in 7u85 and 8u51 (Deployment) 1243286 - CVE-2015-2619 Oracle JDK: unspecified vulnerability fixed in 7u85 and 8u51 (2D) 1243287 - CVE-2015-2637 Oracle JDK: unspecified vulnerability fixed in 6u101, 7u85 and 8u51 (2D) 1243290 - CVE-2015-4729 Oracle JDK: unspecified vulnerability fixed in 7u85 and 8u51 (Deployment) 1243300 - CVE-2015-2664 Oracle JDK: unspecified vulnerability fixed in 6u101, 7u85 and 8u51 (Deployment) 1244828 - CVE-2015-1931 IBM JDK: plain text data stored in memory dumps
6
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201505-0233",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "12"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.10"
},
{
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.19"
},
{
"model": "firefox os",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.2"
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "openssl",
"scope": "lte",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.2a"
},
{
"model": "firefox",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "38.1.0"
},
{
"model": "linux enterprise desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "12"
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.6.0"
},
{
"model": "content manager",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.8.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.04"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "38.1"
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "15.04"
},
{
"model": "browser",
"scope": "eq",
"trust": 1.0,
"vendor": "opera",
"version": null
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "31.8"
},
{
"model": "iphone os",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "8.3"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "12.04"
},
{
"model": "openssl",
"scope": "gte",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.2"
},
{
"model": "jrockit",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "r28.3.6"
},
{
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "safari",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": null
},
{
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.6.0"
},
{
"model": "firefox esr",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "31.8"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "7.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "39.0"
},
{
"model": "openssl",
"scope": "lte",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1m"
},
{
"model": "openssl",
"scope": "gte",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1"
},
{
"model": "mac os x",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "10.10.3"
},
{
"model": "linux enterprise software development kit",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "12"
},
{
"model": "firefox",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": null
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": null
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.35"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "b.11.31"
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.8.0"
},
{
"model": "sparc-opl service processor",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "1121"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "11.0"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-4000"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "132729"
},
{
"db": "PACKETSTORM",
"id": "139114"
},
{
"db": "PACKETSTORM",
"id": "132728"
},
{
"db": "PACKETSTORM",
"id": "132804"
}
],
"trust": 0.4
},
"cve": "CVE-2015-4000",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2015-4000",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-81961",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.2,
"id": "CVE-2015-4000",
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-4000",
"trust": 1.0,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-81961",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2015-4000",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81961"
},
{
"db": "VULMON",
"id": "CVE-2015-4000"
},
{
"db": "NVD",
"id": "CVE-2015-4000"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the \"Logjam\" issue. There is a security vulnerability in the TLS protocol 1.2 and earlier versions. The vulnerability comes from that when the server enables the DHE_EXPORT cipher suite, the program does not pass the DHE_EXPORT option correctly. Attackers can exploit this vulnerability to implement man-in-the-middle attacks and cipher-downgrade attacks by rewriting ClientHello (use DHE_EXPORT instead of DHE) and then rewrite ServerHello (use DHE instead of DHE_EXPORT). \n\nBackground\n==========\n\nOpenSSL is an Open Source toolkit implementing the Secure Sockets Layer\nand Transport Layer Security as well as a general purpose cryptography\nlibrary. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201603-11\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Oracle JRE/JDK: Multiple vulnerabilities\n Date: March 12, 2016\n Bugs: #525472, #540054, #546678, #554886, #563684, #572432\n ID: 201603-11\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Oracle\u0027s JRE and JDK\nsoftware suites allowing remote attackers to remotely execute arbitrary\ncode, obtain information, and cause Denial of Service. \n\nBackground\n==========\n\nJava Platform, Standard Edition (Java SE) lets you develop and deploy\nJava applications on desktops and servers, as well as in today\u0027s\ndemanding embedded environments. Java offers the rich user interface,\nperformance, versatility, portability, and security that today\u0027s\napplications require. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-java/oracle-jre-bin \u003c 1.8.0.72 \u003e= 1.8.0.72\n 2 dev-java/oracle-jdk-bin \u003c 1.8.0.72 \u003e= 1.8.0.72\n -------------------------------------------------------------------\n 2 affected packages\n\nDescription\n===========\n\nMultiple vulnerabilities exist in both Oracle\u0027s JRE and JDK. Please\nreview the referenced CVE\u0027s for additional information. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Oracle JRE Users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"\u003e=dev-java/oracle-jre-bin-1.8.0.72\"\n\nAll Oracle JDK Users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"\u003e=dev-java/oracle-jdk-bin-1.8.0.72\"\n\nReferences\n==========\n\n[ 1 ] CVE-2015-0437\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0437\n[ 2 ] CVE-2015-0437\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0437\n[ 3 ] CVE-2015-0458\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0458\n[ 4 ] CVE-2015-0459\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0459\n[ 5 ] CVE-2015-0460\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0460\n[ 6 ] CVE-2015-0469\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0469\n[ 7 ] CVE-2015-0470\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0470\n[ 8 ] CVE-2015-0477\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0477\n[ 9 ] CVE-2015-0478\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0478\n[ 10 ] CVE-2015-0480\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0480\n[ 11 ] CVE-2015-0484\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0484\n[ 12 ] CVE-2015-0486\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0486\n[ 13 ] CVE-2015-0488\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0488\n[ 14 ] CVE-2015-0491\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0491\n[ 15 ] CVE-2015-0492\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0492\n[ 16 ] CVE-2015-2590\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2590\n[ 17 ] CVE-2015-2601\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2601\n[ 18 ] CVE-2015-2613\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2613\n[ 19 ] CVE-2015-2619\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2619\n[ 20 ] CVE-2015-2621\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2621\n[ 21 ] CVE-2015-2625\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2625\n[ 22 ] CVE-2015-2627\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2627\n[ 23 ] CVE-2015-2628\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2628\n[ 24 ] CVE-2015-2632\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2632\n[ 25 ] CVE-2015-2637\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2637\n[ 26 ] CVE-2015-2638\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2638\n[ 27 ] CVE-2015-2659\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2659\n[ 28 ] CVE-2015-2664\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2664\n[ 29 ] CVE-2015-4000\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4000\n[ 30 ] CVE-2015-4729\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4729\n[ 31 ] CVE-2015-4731\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4731\n[ 32 ] CVE-2015-4732\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4732\n[ 33 ] CVE-2015-4733\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4733\n[ 34 ] CVE-2015-4734\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4734\n[ 35 ] CVE-2015-4734\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4734\n[ 36 ] CVE-2015-4736\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4736\n[ 37 ] CVE-2015-4748\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4748\n[ 38 ] CVE-2015-4760\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4760\n[ 39 ] CVE-2015-4803\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4803\n[ 40 ] CVE-2015-4803\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4803\n[ 41 ] CVE-2015-4805\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4805\n[ 42 ] CVE-2015-4805\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4805\n[ 43 ] CVE-2015-4806\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4806\n[ 44 ] CVE-2015-4806\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4806\n[ 45 ] CVE-2015-4810\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4810\n[ 46 ] CVE-2015-4810\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4810\n[ 47 ] CVE-2015-4835\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4835\n[ 48 ] CVE-2015-4835\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4835\n[ 49 ] CVE-2015-4840\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4840\n[ 50 ] CVE-2015-4840\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4840\n[ 51 ] CVE-2015-4842\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4842\n[ 52 ] CVE-2015-4842\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4842\n[ 53 ] CVE-2015-4843\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4843\n[ 54 ] CVE-2015-4843\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4843\n[ 55 ] CVE-2015-4844\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4844\n[ 56 ] CVE-2015-4844\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4844\n[ 57 ] CVE-2015-4860\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4860\n[ 58 ] CVE-2015-4860\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4860\n[ 59 ] CVE-2015-4868\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4868\n[ 60 ] CVE-2015-4868\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4868\n[ 61 ] CVE-2015-4871\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4871\n[ 62 ] CVE-2015-4871\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4871\n[ 63 ] CVE-2015-4872\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4872\n[ 64 ] CVE-2015-4872\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4872\n[ 65 ] CVE-2015-4881\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4881\n[ 66 ] CVE-2015-4881\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4881\n[ 67 ] CVE-2015-4882\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4882\n[ 68 ] CVE-2015-4882\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4882\n[ 69 ] CVE-2015-4883\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4883\n[ 70 ] CVE-2015-4883\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4883\n[ 71 ] CVE-2015-4893\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4893\n[ 72 ] CVE-2015-4893\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4893\n[ 73 ] CVE-2015-4901\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4901\n[ 74 ] CVE-2015-4901\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4901\n[ 75 ] CVE-2015-4902\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4902\n[ 76 ] CVE-2015-4902\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4902\n[ 77 ] CVE-2015-4903\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4903\n[ 78 ] CVE-2015-4903\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4903\n[ 79 ] CVE-2015-4906\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4906\n[ 80 ] CVE-2015-4906\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4906\n[ 81 ] CVE-2015-4908\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4908\n[ 82 ] CVE-2015-4908\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4908\n[ 83 ] CVE-2015-4911\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4911\n[ 84 ] CVE-2015-4911\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4911\n[ 85 ] CVE-2015-4916\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4916\n[ 86 ] CVE-2015-4916\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4916\n[ 87 ] CVE-2015-7840\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7840\n[ 88 ] CVE-2015-7840\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7840\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201603-11\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n\na-c04926789\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04926789\nVersion: 1\n\nHPSBUX03435 SSRT102977 rev.1 - HP-UX Web Server Suite running Apache, Remote\nDenial of Service (DoS)\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2016-01-07\nLast Updated: 2016-01-07\n\nPotential Security Impact: Remote Denial of Service (DoS)\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP-UX Web Server\nSuite running Apache on HP-UX 11iv3. These vulnerabilities could be exploited\nremotely to create a Denial of Service (DoS) and other impacts including:\n\nThe TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman\nkey exchange known as \"Logjam\" could be exploited remotely to allow\nunauthorized modification. \nThe RC4 stream cipher vulnerability in SSL/TLS known as \"Bar Mitzvah\" could\nbe exploited remotely to allow disclosure of information. \n\nReferences:\n\nCVE-2015-4000\nCVE-2015-2808\nCVE-2015-3183\nPSRT102977\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX Web Server Suite v4.05 HPUXWSATW405 httpd prior to 2.2.29.02\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2015-4000 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2015-2808 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2015-3183 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHPE has provided the following software updates to resolve the\nvulnerabilities with HP-UX Web Server Suite running Apache. \n\nThe updates are available for download from the following location:\n\nhttps://h20392.www2.hpe.com/portal/swdepot/displayProductInfo.do?productNumbe\nr=HPUXWSATW406\n\nIssues addressed:\n\nCVE-2015-4000:\n\nDisable Export cipher by default. \nDH parameter with 1024 bits is used by default. \nAllow to configure custom DHE or ECDHE parameters by appending the concerned\nparameter file to the certificate file given for the SSLCertificateFile\ndirective. \n\nCVE-2015-2808:\n\nDisable RC4 cipher in configuration file. \n\nNotes:\n\nHP-UX Web Server Suite v4.06 HPUXWSATW406 contains the following components:\n\nApache B.2.2.29.02\nTomcat Servlet Engine C.6.0.43.01\nPHP 5.4.40.1 (Part of Apache)\nWebmin A.1.070.13\n\nSee HPE Security Bulletin HPSBUX03512 for information about resolution for\nApache web server of HP-UX 11iv2 at the following location:\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04832246\nMANUAL ACTIONS: Yes - Update\nDownload and install the software update\n\nPRODUCT SPECIFIC INFORMATION\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application\nthat replaces HP-UX Security Patch Check. It analyzes all Security Bulletins\nissued by HPE and lists recommended actions that may apply to a specific\nHP-UX system. It can also download patches and create a depot automatically. \nFor more information see: https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX B.11.31 IA/PA\n===================\n\nhpuxws22APACHE.APACHE\nhpuxws22APACHE.AUTH_LDAP\nhpuxws22APACHE.MOD_JK\nhpuxws22APACHE.MOD_PERL\nhpuxws22APACHE.PHP\nhpuxws22APACHE.WEBPROXY\naction: install revision B.2.2.29.02 or subsequent\n\nhpuxws22TOMCAT.TOMCAT\naction: install revision C.6.0.43.01 or subsequent\n\nHP-UX B.11.31 PA\n================\n\nhpuxws22APACHE.APACHE2\nhpuxws22APACHE.AUTH_LDAP2\nhpuxws22APACHE.MOD_JK2\nhpuxws22APACHE.MOD_PERL2\nhpuxws22APACHE.PHP2\nhpuxws22APACHE.WEBPROXY2\naction: install revision B.2.2.29.02 or subsequent\n\nHP-UX B.11.23 IA/PA\n===================\n\nhpuxws22WEBMIN.HPDOCS\nhpuxws22WEBMIN.WEBMIN\naction: install revision A.1.070.13 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) - 7 January 2016 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability with any HPE supported\nproduct, send Email to: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: Red Hat JBoss Enterprise Application Platform 6.4.10 natives update on RHEL 7\nAdvisory ID: RHSA-2016:2054-01\nProduct: Red Hat JBoss Enterprise Application Platform\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2016-2054.html\nIssue date: 2016-10-12\nCVE Names: CVE-2015-3183 CVE-2015-3195 CVE-2015-4000 \n CVE-2016-2105 CVE-2016-2106 CVE-2016-2108 \n CVE-2016-2109 CVE-2016-3110 CVE-2016-4459 \n=====================================================================\n\n1. Summary:\n\nUpdated packages that provide Red Hat JBoss Enterprise Application Platform\n6.4.10 natives, fix several bugs, and add various enhancements are now\navailable for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server - noarch, ppc64, x86_64\n\n3. Description:\n\nRed Hat JBoss Enterprise Application Platform 6 is a platform for Java\napplications based on JBoss Application Server 7. \n\nThis release includes bug fixes and enhancements, as well as a new release\nof OpenSSL that addresses a number of outstanding security flaws. For\nfurther information, see the knowledge base article linked to in the\nReferences section. All users of Red Hat JBoss Enterprise Application\nPlatform 6.4 on Red Hat Enterprise Linux 7 are advised to upgrade to these\nupdated packages. The JBoss server process must be restarted for the update\nto take effect. \n\nSecurity Fix(es):\n\n* A flaw was found in the way OpenSSL encoded certain ASN.1 data\nstructures. An attacker could use this flaw to create a specially crafted\ncertificate which, when verified or re-encoded by OpenSSL, could cause it\nto crash, or execute arbitrary code using the permissions of the user\nrunning an application compiled against the OpenSSL library. \n(CVE-2016-2108)\n\n* Multiple flaws were found in the way httpd parsed HTTP requests and\nresponses using chunked transfer encoding. A remote attacker could use\nthese flaws to create a specially crafted request, which httpd would decode\ndifferently from an HTTP proxy software in front of it, possibly leading to\nHTTP request smuggling attacks. (CVE-2015-3183)\n\n* A memory leak vulnerability was found in the way OpenSSL parsed PKCS#7\nand CMS data. A remote attacker could use this flaw to cause an application\nthat parses PKCS#7 or CMS data from untrusted sources to use an excessive\namount of memory and possibly crash. (CVE-2015-3195)\n\n* A flaw was found in the way the TLS protocol composes the Diffie-Hellman\nexchange (for both export and non-export grade cipher suites). An attacker\ncould use this flaw to downgrade a DHE connection to use export-grade key\nsizes, which could then be broken by sufficient pre-computation. This can\nlead to a passive man-in-the-middle attack in which the attacker is able to\ndecrypt all traffic. (CVE-2015-4000)\n\n* An integer overflow flaw, leading to a buffer overflow, was found in the\nway the EVP_EncodeUpdate() function of OpenSSL parsed very large amounts of\ninput data. A remote attacker could use this flaw to crash an application\nusing OpenSSL or, possibly, execute arbitrary code with the permissions of\nthe user running that application. (CVE-2016-2105)\n\n* An integer overflow flaw, leading to a buffer overflow, was found in the\nway the EVP_EncryptUpdate() function of OpenSSL parsed very large amounts\nof input data. A remote attacker could use this flaw to crash an\napplication using OpenSSL or, possibly, execute arbitrary code with the\npermissions of the user running that application. (CVE-2016-2106)\n\n* It was discovered that it is possible to remotely Segfault Apache http\nserver with a specially crafted string sent to the mod_cluster via service\nmessages (MCMP). (CVE-2016-3110)\n\n* A denial of service flaw was found in the way OpenSSL parsed certain\nASN.1-encoded data from BIO (OpenSSL\u0027s I/O abstraction) inputs. An\napplication using OpenSSL that accepts untrusted ASN.1 BIO input could be\nforced to allocate an excessive amount of data. (CVE-2016-2109)\n\n* It was discovered that specifying configuration with a JVMRoute path\nlonger than 80 characters will cause segmentation fault leading to a server\ncrash. (CVE-2016-4459)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2016-2108, CVE-2016-2105, and CVE-2016-2106 and Michal Karm Babacek for\nreporting CVE-2016-3110. The CVE-2016-4459 issue was discovered by Robert\nBost (Red Hat). Upstream acknowledges Huzaifa Sidhpurwala (Red Hat), Hanno\nBAPck, and David Benjamin (Google) as the original reporters of\nCVE-2016-2108; and Guido Vranken as the original reporter of CVE-2016-2105\nand CVE-2016-2106. \n\n4. Solution:\n\nBefore applying this update, back up your existing Red Hat JBoss Enterprise\nApplication Platform installation and deployed applications. \n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library\nmust be restarted, or the system rebooted. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1223211 - CVE-2015-4000 LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks\n1243887 - CVE-2015-3183 httpd: HTTP request smuggling attack against chunked request parser\n1288322 - CVE-2015-3195 OpenSSL: X509_ATTRIBUTE memory leak\n1326320 - CVE-2016-3110 mod_cluster: remotely Segfault Apache http server\n1330101 - CVE-2016-2109 openssl: ASN.1 BIO handling of large amounts of data\n1331402 - CVE-2016-2108 openssl: Memory corruption in the ASN.1 encoder\n1331441 - CVE-2016-2105 openssl: EVP_EncodeUpdate overflow\n1331536 - CVE-2016-2106 openssl: EVP_EncryptUpdate overflow\n1341583 - CVE-2016-4459 mod_cluster: Buffer overflow in mod_manager when sending request with long JVMRoute\n1345989 - RHEL7 RPMs: Upgrade mod_cluster-native to 1.2.13.Final-redhat-1\n1345993 - RHEL7 RPMs: Upgrade mod_jk to 1.2.41.redhat-1\n1345997 - RHEL7 RPMs: Upgrade tomcat-native to 1.1.34\n\n6. Package List:\n\nRed Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server:\n\nSource:\nhornetq-native-2.3.25-4.SP11_redhat_1.ep6.el7.src.rpm\nhttpd22-2.2.26-56.ep6.el7.src.rpm\njbcs-httpd24-openssl-1.0.2h-4.jbcs.el7.src.rpm\nmod_jk-1.2.41-2.redhat_4.ep6.el7.src.rpm\ntomcat-native-1.1.34-5.redhat_1.ep6.el7.src.rpm\n\nnoarch:\njbcs-httpd24-1-3.jbcs.el7.noarch.rpm\njbcs-httpd24-runtime-1-3.jbcs.el7.noarch.rpm\n\nppc64:\nhornetq-native-2.3.25-4.SP11_redhat_1.ep6.el7.ppc64.rpm\nhornetq-native-debuginfo-2.3.25-4.SP11_redhat_1.ep6.el7.ppc64.rpm\nhttpd22-2.2.26-56.ep6.el7.ppc64.rpm\nhttpd22-debuginfo-2.2.26-56.ep6.el7.ppc64.rpm\nhttpd22-devel-2.2.26-56.ep6.el7.ppc64.rpm\nhttpd22-manual-2.2.26-56.ep6.el7.ppc64.rpm\nhttpd22-tools-2.2.26-56.ep6.el7.ppc64.rpm\njbcs-httpd24-openssl-1.0.2h-4.jbcs.el7.ppc64.rpm\njbcs-httpd24-openssl-debuginfo-1.0.2h-4.jbcs.el7.ppc64.rpm\njbcs-httpd24-openssl-devel-1.0.2h-4.jbcs.el7.ppc64.rpm\njbcs-httpd24-openssl-libs-1.0.2h-4.jbcs.el7.ppc64.rpm\njbcs-httpd24-openssl-perl-1.0.2h-4.jbcs.el7.ppc64.rpm\njbcs-httpd24-openssl-static-1.0.2h-4.jbcs.el7.ppc64.rpm\njbossas-hornetq-native-2.3.25-4.SP11_redhat_1.ep6.el7.ppc64.rpm\njbossas-jbossweb-native-1.1.34-5.redhat_1.ep6.el7.ppc64.rpm\nmod_jk-ap22-1.2.41-2.redhat_4.ep6.el7.ppc64.rpm\nmod_jk-debuginfo-1.2.41-2.redhat_4.ep6.el7.ppc64.rpm\nmod_ldap22-2.2.26-56.ep6.el7.ppc64.rpm\nmod_ssl22-2.2.26-56.ep6.el7.ppc64.rpm\ntomcat-native-1.1.34-5.redhat_1.ep6.el7.ppc64.rpm\ntomcat-native-debuginfo-1.1.34-5.redhat_1.ep6.el7.ppc64.rpm\n\nx86_64:\nhornetq-native-2.3.25-4.SP11_redhat_1.ep6.el7.x86_64.rpm\nhornetq-native-debuginfo-2.3.25-4.SP11_redhat_1.ep6.el7.x86_64.rpm\nhttpd22-2.2.26-56.ep6.el7.x86_64.rpm\nhttpd22-debuginfo-2.2.26-56.ep6.el7.x86_64.rpm\nhttpd22-devel-2.2.26-56.ep6.el7.x86_64.rpm\nhttpd22-manual-2.2.26-56.ep6.el7.x86_64.rpm\nhttpd22-tools-2.2.26-56.ep6.el7.x86_64.rpm\njbcs-httpd24-openssl-1.0.2h-4.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-debuginfo-1.0.2h-4.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-devel-1.0.2h-4.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-libs-1.0.2h-4.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-perl-1.0.2h-4.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-static-1.0.2h-4.jbcs.el7.x86_64.rpm\njbossas-hornetq-native-2.3.25-4.SP11_redhat_1.ep6.el7.x86_64.rpm\njbossas-jbossweb-native-1.1.34-5.redhat_1.ep6.el7.x86_64.rpm\nmod_jk-ap22-1.2.41-2.redhat_4.ep6.el7.x86_64.rpm\nmod_jk-debuginfo-1.2.41-2.redhat_4.ep6.el7.x86_64.rpm\nmod_ldap22-2.2.26-56.ep6.el7.x86_64.rpm\nmod_ssl22-2.2.26-56.ep6.el7.x86_64.rpm\ntomcat-native-1.1.34-5.redhat_1.ep6.el7.x86_64.rpm\ntomcat-native-debuginfo-1.1.34-5.redhat_1.ep6.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2015-3183\nhttps://access.redhat.com/security/cve/CVE-2015-3195\nhttps://access.redhat.com/security/cve/CVE-2015-4000\nhttps://access.redhat.com/security/cve/CVE-2016-2105\nhttps://access.redhat.com/security/cve/CVE-2016-2106\nhttps://access.redhat.com/security/cve/CVE-2016-2108\nhttps://access.redhat.com/security/cve/CVE-2016-2109\nhttps://access.redhat.com/security/cve/CVE-2016-3110\nhttps://access.redhat.com/security/cve/CVE-2016-4459\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/articles/2688611\nhttps://access.redhat.com/solutions/222023\nhttps://access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/6.4/index.html\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform\u0026downloadType=securityPatches\u0026version=6.4\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFX/nCuXlSAg2UNWIIRAq6gAKCk3O4+LVrC6nN6yUHOOzpm8GB7NQCcDcA0\nn7n6E5uqbAY0W1AG5Z+9yy8=\n=6ET2\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. 7) - x86_64\n\n3. Description:\n\nIBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment\nand the IBM Java Software Development Kit. \n\nThis update fixes several vulnerabilities in the IBM Java Runtime\nEnvironment and the IBM Java Software Development Kit. (CVE-2015-1931, CVE-2015-2590, CVE-2015-2601,\nCVE-2015-2613, CVE-2015-2619, CVE-2015-2621, CVE-2015-2625, CVE-2015-2632,\nCVE-2015-2637, CVE-2015-2638, CVE-2015-2664, CVE-2015-4000, CVE-2015-4729,\nCVE-2015-4731, CVE-2015-4732, CVE-2015-4733, CVE-2015-4736, CVE-2015-4748,\nCVE-2015-4749, CVE-2015-4760)\n\nNote: This update forces the TLS/SSL client implementation in IBM JDK to\nreject DH key sizes below 768 bits to address the CVE-2015-4000 issue. \nRefer to Red Hat Bugzilla bug 1223211, linked to in the References section,\nfor additional details about this change. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):\n\n1223211 - CVE-2015-4000 LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks\n1241965 - CVE-2015-2625 OpenJDK: name for reverse DNS lookup used in certificate identity check (JSSE, 8067694)\n1242019 - CVE-2015-2601 OpenJDK: non-constant time comparisons in crypto code (JCE, 8074865)\n1242234 - CVE-2015-4731 OpenJDK: improper permission checks in MBeanServerInvocationHandler (JMX, 8076397)\n1242240 - CVE-2015-4732 OpenJDK: insufficient context checks during object deserialization (Libraries, 8076405)\n1242275 - CVE-2015-4733 OpenJDK: RemoteObjectInvocationHandler allows calling finalize() (RMI, 8076409)\n1242281 - CVE-2015-4748 OpenJDK: incorrect OCSP nextUpdate checking (Libraries, 8075374)\n1242372 - CVE-2015-2621 OpenJDK: incorrect code permission checks in RMIConnectionImpl (JMX, 8075853)\n1242379 - CVE-2015-4749 OpenJDK: DnsClient fails to release request information after error (JNDI, 8075378)\n1242394 - CVE-2015-2632 ICU: integer overflow in LETableReference verifyLength() (OpenJDK 2D, 8077520)\n1242447 - CVE-2015-4760 ICU: missing boundary checks in layout engine (OpenJDK 2D, 8071715)\n1242456 - CVE-2015-2613 NSS / JCE: missing EC parameter validation in ECDH_Derive() (OpenJDK JCE, 8075833)\n1243139 - CVE-2015-2590 OpenJDK: deserialization issue in ObjectInputStream.readSerialData() (Libraries, 8076401)\n1243283 - CVE-2015-2638 Oracle JDK: unspecified vulnerability fixed in 6u101, 7u85 and 8u51 (2D)\n1243284 - CVE-2015-4736 Oracle JDK: unspecified vulnerability fixed in 7u85 and 8u51 (Deployment)\n1243286 - CVE-2015-2619 Oracle JDK: unspecified vulnerability fixed in 7u85 and 8u51 (2D)\n1243287 - CVE-2015-2637 Oracle JDK: unspecified vulnerability fixed in 6u101, 7u85 and 8u51 (2D)\n1243290 - CVE-2015-4729 Oracle JDK: unspecified vulnerability fixed in 7u85 and 8u51 (Deployment)\n1243300 - CVE-2015-2664 Oracle JDK: unspecified vulnerability fixed in 6u101, 7u85 and 8u51 (Deployment)\n1244828 - CVE-2015-1931 IBM JDK: plain text data stored in memory dumps\n\n6",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-4000"
},
{
"db": "VULHUB",
"id": "VHN-81961"
},
{
"db": "VULMON",
"id": "CVE-2015-4000"
},
{
"db": "PACKETSTORM",
"id": "132398"
},
{
"db": "PACKETSTORM",
"id": "135510"
},
{
"db": "PACKETSTORM",
"id": "132729"
},
{
"db": "PACKETSTORM",
"id": "136182"
},
{
"db": "PACKETSTORM",
"id": "135172"
},
{
"db": "PACKETSTORM",
"id": "139114"
},
{
"db": "PACKETSTORM",
"id": "132728"
},
{
"db": "PACKETSTORM",
"id": "132804"
}
],
"trust": 1.8
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-81961",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81961"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-4000",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1032864",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1033341",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1032777",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1032727",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1032871",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1032475",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1032783",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1032653",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1032702",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1033222",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1032865",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1033065",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1033208",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1033019",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1033991",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1032759",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1040630",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1032910",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1033067",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1032637",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1033064",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1032654",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1032656",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1034087",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1032932",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1033385",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1032652",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1032688",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1032699",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1032649",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1032960",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1032647",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1032474",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1033210",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1032778",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1033416",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1033891",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1032884",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1032651",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1033760",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1033433",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1032476",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1032784",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1036218",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1032856",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1033430",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1034884",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1032655",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1032650",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1032648",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1033513",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1033209",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1032645",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1034728",
"trust": 1.1
},
{
"db": "JUNIPER",
"id": "JSA10681",
"trust": 1.1
},
{
"db": "JUNIPER",
"id": "JSA10727",
"trust": 1.1
},
{
"db": "BID",
"id": "91787",
"trust": 1.1
},
{
"db": "BID",
"id": "74733",
"trust": 1.1
},
{
"db": "MCAFEE",
"id": "SB10122",
"trust": 1.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2015/05/20/8",
"trust": 1.1
},
{
"db": "SIEMENS",
"id": "SSA-412672",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "135510",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "132413",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "132649",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "132586",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "132164",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "132610",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "135506",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136247",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "137744",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "132439",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "132652",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "139002",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "132465",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "133338",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "132468",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "134232",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "134902",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "133324",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136975",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "134755",
"trust": 0.1
},
{
"db": "CNNVD",
"id": "CNNVD-201505-428",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-81961",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-4000",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "132398",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "132729",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136182",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "135172",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "139114",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "132728",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "132804",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81961"
},
{
"db": "VULMON",
"id": "CVE-2015-4000"
},
{
"db": "PACKETSTORM",
"id": "132398"
},
{
"db": "PACKETSTORM",
"id": "135510"
},
{
"db": "PACKETSTORM",
"id": "132729"
},
{
"db": "PACKETSTORM",
"id": "136182"
},
{
"db": "PACKETSTORM",
"id": "135172"
},
{
"db": "PACKETSTORM",
"id": "139114"
},
{
"db": "PACKETSTORM",
"id": "132728"
},
{
"db": "PACKETSTORM",
"id": "132804"
},
{
"db": "NVD",
"id": "CVE-2015-4000"
}
]
},
"id": "VAR-201505-0233",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-81961"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-26T21:36:54.160000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "IBM: Security Bulletin: IBM Spectrum Protect Plus vulnerable to Logjam (CVE-2015-4000)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=b088cb485f81aa1e40d469e515f8cc7c"
},
{
"title": "IBM: IBM Security Bulletin: Spectrum Protect Operations Center vulnerable to Logjam (CVE-2015-4000)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=9002898279163d9972f239986ab6a5c6"
},
{
"title": "IBM: Security Bulletin: IBM Spectrum Protect Backup-Archive Client web user interface, IBM Spectrum Protect for Space Management, and IBM Spectrum Protect for Virtual Environments are vulnerabile to Logjam (CVE-2015-4000)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=b5bf5318623f05f2683ba6f4e835fc5b"
},
{
"title": "IBM: Security Bulletin: IBM Spectrum Protect Snapshot for VMware is vulnerable to Logjam (CVE-2015-4000)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=3786c3f564f19ff96adea0022e47fe27"
},
{
"title": "Mozilla: NSS accepts export-length DHE keys with regular DHE cipher suites",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories\u0026qid=af1e71a1de8256659f6ad0f6663d3bee"
},
{
"title": "Mozilla: Mozilla Foundation Security Advisory 2015-70",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories\u0026qid=2015-70"
},
{
"title": "Amazon Linux AMI: ALAS-2015-569",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2015-569"
},
{
"title": "Citrix Security Bulletins: CVE-2015-4000 - Citrix Security Advisory for DHE_EXPORT TLS Vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=84bde745a5fd5d1cca4aceefe7138a6d"
},
{
"title": "Ubuntu Security Notice: thunderbird vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-2673-1"
},
{
"title": "Debian Security Advisories: DSA-3688-1 nss -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=373dcfd6d281e203a1b020510989c2b1"
},
{
"title": "Symantec Security Advisories: SA111 : OpenSSL Vulnerabilities 28-Jan-2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=83d562565218abbdbef42ef8962d127b"
},
{
"title": "Amazon Linux AMI: ALAS-2015-550",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2015-550"
},
{
"title": "Ubuntu Security Notice: openjdk-7 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-2696-1"
},
{
"title": "Ubuntu Security Notice: openjdk-6 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-2706-1"
},
{
"title": "Debian Security Advisories: DSA-3300-1 iceweasel -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=eee46f11209708fd3b15b41452809324"
},
{
"title": "Ubuntu Security Notice: firefox vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-2656-1"
},
{
"title": "Debian Security Advisories: DSA-3339-1 openjdk-6 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=6c93f875c2194ec5cd3ae93ab207dafa"
},
{
"title": "Ubuntu Security Notice: firefox vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-2656-2"
},
{
"title": "Amazon Linux AMI: ALAS-2015-586",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2015-586"
},
{
"title": "Amazon Linux AMI: ALAS-2015-570",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2015-570"
},
{
"title": "Symantec Security Advisories: SA98 : OpenSSL Security Advisory 11-June-2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=a7350b0751124b5a44ba8dbd2df71f9f"
},
{
"title": "Debian Security Advisories: DSA-3316-1 openjdk-7 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=6dadb5ef54390af9161ced1370e85421"
},
{
"title": "Amazon Linux AMI: ALAS-2015-571",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2015-571"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=8b701aba68029ec36b631a8e26157a22"
},
{
"title": "Citrix Security Bulletins: Multiple Security Vulnerabilities in Citrix NetScaler Platform IPMI Lights Out Management (LOM) firmware",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=eb059834b7f24e2562bcf592b6d0afbc"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=eb439566c9130adc92d21bc093204cf8"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - October 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=744c19dc9f4f70ad58059bf8733ec9c1"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - April 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=122319027ae43d6d626710f1b1bb1d43"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - July 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=459961024c4bdce7bb3a1a40a65a6f2e"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - July 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - January 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=63802a6c83b107c4e6e0c7f9241a66a8"
},
{
"title": "nmap-esentire",
"trust": 0.1,
"url": "https://github.com/eSentire/nmap-esentire "
},
{
"title": "HAProxy-Keepalived-Sec-HighLoads",
"trust": 0.1,
"url": "https://github.com/fatlan/HAProxy-Keepalived-Sec-HighLoads "
},
{
"title": "stuff",
"trust": 0.1,
"url": "https://github.com/thekondrashov/stuff "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2015-4000 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/CertifiedCEH/DB "
},
{
"title": "Shodan-Browser",
"trust": 0.1,
"url": "https://github.com/javirodriguezzz/Shodan-Browser "
},
{
"title": "python-ssl-deprecated",
"trust": 0.1,
"url": "https://github.com/yurkao/python-ssl-deprecated "
},
{
"title": "a2sv",
"trust": 0.1,
"url": "https://github.com/84KaliPleXon3/a2sv "
},
{
"title": "a2sv",
"trust": 0.1,
"url": "https://github.com/TheRipperJhon/a2sv "
},
{
"title": "Network-Security-2021",
"trust": 0.1,
"url": "https://github.com/giusepperuggiero96/Network-Security-2021 "
},
{
"title": "script_a2sv",
"trust": 0.1,
"url": "https://github.com/F4RM0X/script_a2sv "
},
{
"title": "a2sv",
"trust": 0.1,
"url": "https://github.com/hahwul/a2sv "
},
{
"title": "a2sv",
"trust": 0.1,
"url": "https://github.com/H4CK3RT3CH/a2sv "
},
{
"title": "sslscanner",
"trust": 0.1,
"url": "https://github.com/fireorb/sslscanner "
},
{
"title": "A2SV--SSL-VUL-Scan",
"trust": 0.1,
"url": "https://github.com/nyctophile6/A2SV--SSL-VUL-Scan "
},
{
"title": "a2sv",
"trust": 0.1,
"url": "https://github.com/Mre11i0t/a2sv "
},
{
"title": "HTTPSScan",
"trust": 0.1,
"url": "https://github.com/alexoslabs/HTTPSScan "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Valdem88/dev-17_ib-yakovlev_vs "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2015-4000"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-310",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81961"
},
{
"db": "NVD",
"id": "CVE-2015-4000"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.2,
"url": "https://security.gentoo.org/glsa/201506-02"
},
{
"trust": 1.2,
"url": "https://security.gentoo.org/glsa/201603-11"
},
{
"trust": 1.2,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1242.html"
},
{
"trust": 1.2,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1243.html"
},
{
"trust": 1.2,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1485.html"
},
{
"trust": 1.1,
"url": "http://lists.apple.com/archives/security-announce/2015/jun/msg00001.html"
},
{
"trust": 1.1,
"url": "http://lists.apple.com/archives/security-announce/2015/jun/msg00002.html"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/74733"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/91787"
},
{
"trust": 1.1,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
},
{
"trust": 1.1,
"url": "http://aix.software.ibm.com/aix/efixes/security/sendmail_advisory2.asc"
},
{
"trust": 1.1,
"url": "http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery"
},
{
"trust": 1.1,
"url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04876402"
},
{
"trust": 1.1,
"url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04949778"
},
{
"trust": 1.1,
"url": "http://support.apple.com/kb/ht204941"
},
{
"trust": 1.1,
"url": "http://support.apple.com/kb/ht204942"
},
{
"trust": 1.1,
"url": "http://support.citrix.com/article/ctx201114"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959111"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959195"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959325"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959453"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959481"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959517"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959530"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959539"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959636"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959812"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960191"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961717"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962455"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962739"
},
{
"trust": 1.1,
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21958984"
},
{
"trust": 1.1,
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21959132"
},
{
"trust": 1.1,
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960041"
},
{
"trust": 1.1,
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960194"
},
{
"trust": 1.1,
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960380"
},
{
"trust": 1.1,
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960418"
},
{
"trust": 1.1,
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21962816"
},
{
"trust": 1.1,
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21967893"
},
{
"trust": 1.1,
"url": "http://www.fortiguard.com/advisory/2015-05-20-logjam-attack"
},
{
"trust": 1.1,
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-70.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
},
{
"trust": 1.1,
"url": "http://www.solarwinds.com/documentation/storage/storagemanager/docs/releasenotes/releasenotes.htm"
},
{
"trust": 1.1,
"url": "https://bto.bluecoat.com/security-advisory/sa98"
},
{
"trust": 1.1,
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1138554"
},
{
"trust": 1.1,
"url": "https://developer.mozilla.org/en-us/docs/mozilla/projects/nss/nss_3.19.1_release_notes"
},
{
"trust": 1.1,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04770140"
},
{
"trust": 1.1,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04772190"
},
{
"trust": 1.1,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04773119"
},
{
"trust": 1.1,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04773241"
},
{
"trust": 1.1,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04832246"
},
{
"trust": 1.1,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04918839"
},
{
"trust": 1.1,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04923929"
},
{
"trust": 1.1,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04926789"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04740527"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04953655"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05045763"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05128722"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05193083"
},
{
"trust": 1.1,
"url": "https://help.ecostruxureit.com/display/public/uadco8x/struxureware+data+center+operation+software+vulnerability+fixes"
},
{
"trust": 1.1,
"url": "https://openssl.org/news/secadv/20150611.txt"
},
{
"trust": 1.1,
"url": "https://puppet.com/security/cve/cve-2015-4000"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20150619-0001/"
},
{
"trust": 1.1,
"url": "https://support.citrix.com/article/ctx216642"
},
{
"trust": 1.1,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21959745"
},
{
"trust": 1.1,
"url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098403"
},
{
"trust": 1.1,
"url": "https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/"
},
{
"trust": 1.1,
"url": "https://www.openssl.org/news/secadv_20150611.txt"
},
{
"trust": 1.1,
"url": "https://www.suse.com/security/cve/cve-2015-4000.html"
},
{
"trust": 1.1,
"url": "http://www.debian.org/security/2015/dsa-3287"
},
{
"trust": 1.1,
"url": "http://www.debian.org/security/2015/dsa-3300"
},
{
"trust": 1.1,
"url": "http://www.debian.org/security/2015/dsa-3316"
},
{
"trust": 1.1,
"url": "http://www.debian.org/security/2015/dsa-3324"
},
{
"trust": 1.1,
"url": "http://www.debian.org/security/2015/dsa-3339"
},
{
"trust": 1.1,
"url": "http://www.debian.org/security/2016/dsa-3688"
},
{
"trust": 1.1,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-june/159351.html"
},
{
"trust": 1.1,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-june/159314.html"
},
{
"trust": 1.1,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-june/160117.html"
},
{
"trust": 1.1,
"url": "https://security.gentoo.org/glsa/201512-10"
},
{
"trust": 1.1,
"url": "https://security.gentoo.org/glsa/201701-46"
},
{
"trust": 1.1,
"url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04718196"
},
{
"trust": 1.1,
"url": "https://blog.cloudflare.com/logjam-the-latest-tls-vulnerability-explained/"
},
{
"trust": 1.1,
"url": "https://weakdh.org/"
},
{
"trust": 1.1,
"url": "https://weakdh.org/imperfect-forward-secrecy.pdf"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"trust": 1.1,
"url": "http://openwall.com/lists/oss-security/2015/05/20/8"
},
{
"trust": 1.1,
"url": "http://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2015-008.txt.asc"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1072.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1185.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1197.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1228.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1229.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1230.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1241.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1486.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1488.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1526.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1544.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1604.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2016-1624.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2016-2056.html"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1032474"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1032475"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1032476"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1032637"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1032645"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1032647"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1032648"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1032649"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1032650"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1032651"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1032652"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1032653"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1032654"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1032655"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1032656"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1032688"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1032699"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1032702"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1032727"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1032759"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1032777"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1032778"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1032783"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1032784"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1032856"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1032864"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1032865"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1032871"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1032884"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1032910"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1032932"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1032960"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1033019"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1033064"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1033065"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1033067"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1033208"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1033209"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1033210"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1033222"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1033341"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1033385"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1033416"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1033430"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1033433"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1033513"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1033760"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1033891"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1033991"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1034087"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1034728"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1034884"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1036218"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1040630"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00001.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00005.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00001.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00031.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00040.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00016.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00011.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00032.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00037.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00039.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00094.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00097.html"
},
{
"trust": 1.1,
"url": "http://www.ubuntu.com/usn/usn-2656-1"
},
{
"trust": 1.1,
"url": "http://www.ubuntu.com/usn/usn-2656-2"
},
{
"trust": 1.1,
"url": "http://www.ubuntu.com/usn/usn-2673-1"
},
{
"trust": 1.1,
"url": "http://www.ubuntu.com/usn/usn-2696-1"
},
{
"trust": 1.1,
"url": "http://www.ubuntu.com/usn/usn-2706-1"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=144060606031437\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=143637549705650\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=144060576831314\u0026w=2"
},
{
"trust": 1.0,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10681"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=144102017024820\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=144043644216842\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=144069189622016\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=144104533800819\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=143506486712441\u0026w=2"
},
{
"trust": 1.0,
"url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03831en_us"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=144050121701297\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=143880121627664\u0026w=2"
},
{
"trust": 1.0,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10122"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=143557934009303\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=143655800220052\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=145409266329539\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=143558092609708\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=143628304012255\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=144061542602287\u0026w=2"
},
{
"trust": 1.0,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10727"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4000"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2601"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2015-4000"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2637"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2632"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2621"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2638"
},
{
"trust": 0.4,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.4,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2625"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2590"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2664"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4732"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2015-4760"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2015-2621"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2628"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2015-2601"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2015-4732"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2015-2632"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4760"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2015-2664"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2627"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1223211#c33"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2015-4733"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2015-4748"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2015-4731"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2015-2625"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2015-2638"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2015-4749"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2808"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4733"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4749"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2015-2590"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2015-2637"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4731"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4748"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2619"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2613"
},
{
"trust": 0.2,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4000"
},
{
"trust": 0.2,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.2,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.2,
"url": "http://www.hpe.com/support/subscriber_choice"
},
{
"trust": 0.2,
"url": "http://www.hpe.com/support/security_bulletin_archive"
},
{
"trust": 0.2,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1207101#c11"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-2627"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-2808"
},
{
"trust": 0.2,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#appendixjava"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-2628"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3183"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-2613"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4729"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-4736"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4736"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-4729"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-2619"
},
{
"trust": 0.1,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026amp;id=jsa10681"
},
{
"trust": 0.1,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026amp;id=jsa10727"
},
{
"trust": 0.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10122"
},
{
"trust": 0.1,
"url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026amp;docid=emr_na-hpesbhf03831en_us"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=143557934009303\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=143628304012255\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=143558092609708\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=143655800220052\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=144060576831314\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=144069189622016\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=144050121701297\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=144060606031437\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=144102017024820\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=144061542602287\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=145409266329539\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=144043644216842\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=143506486712441\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=144104533800819\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=143637549705650\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=143880121627664\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=144493176821532\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1792"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1788"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1790"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1792"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1791"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1790"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1789"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1788"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1791"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8176"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-8176"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1789"
},
{
"trust": 0.1,
"url": "https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetsea"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4734"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2621"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2627"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0458"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0492"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0458"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2659"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0470"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4911"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4732"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4906"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4882"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4908"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0488"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4868"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4902"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0484"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4835"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0488"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4903"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2637"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4844"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4736"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4842"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0480"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2659"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4760"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4810"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0437"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0469"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0480"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0437"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4893"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2590"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0478"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4916"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0459"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0469"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2613"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2601"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2628"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0460"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2619"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4871"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0478"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0459"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0486"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2638"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4733"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0492"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4805"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0470"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4748"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7840"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4901"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4881"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4806"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0477"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2625"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4803"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0477"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0491"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4840"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0491"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4729"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4872"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0486"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4843"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4860"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0460"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2664"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0484"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2632"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4731"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4883"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n"
},
{
"trust": 0.1,
"url": "https://www.hp.com/go/swa"
},
{
"trust": 0.1,
"url": "https://h20392.www2.hpe.com/portal/swdepot/displayproductinfo.do?productnumbe"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04832246"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/2688611"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/solutions/222023"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2109"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2106"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-2109"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2016-2054.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4459"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3195"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-2106"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-2105"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-3110"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-4459"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2108"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-3195"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-3183"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2105"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/jboss_enterprise_application_platform/6.4/index.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-3110"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform\u0026downloadtype=securitypatches\u0026version=6.4"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-2108"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2596"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-2596"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-1931"
},
{
"trust": 0.1,
"url": "http://www.ibm.com/developerworks/java/jdk/alerts/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1931"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81961"
},
{
"db": "PACKETSTORM",
"id": "132398"
},
{
"db": "PACKETSTORM",
"id": "135510"
},
{
"db": "PACKETSTORM",
"id": "132729"
},
{
"db": "PACKETSTORM",
"id": "136182"
},
{
"db": "PACKETSTORM",
"id": "135172"
},
{
"db": "PACKETSTORM",
"id": "139114"
},
{
"db": "PACKETSTORM",
"id": "132728"
},
{
"db": "PACKETSTORM",
"id": "132804"
},
{
"db": "NVD",
"id": "CVE-2015-4000"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-81961"
},
{
"db": "VULMON",
"id": "CVE-2015-4000"
},
{
"db": "PACKETSTORM",
"id": "132398"
},
{
"db": "PACKETSTORM",
"id": "135510"
},
{
"db": "PACKETSTORM",
"id": "132729"
},
{
"db": "PACKETSTORM",
"id": "136182"
},
{
"db": "PACKETSTORM",
"id": "135172"
},
{
"db": "PACKETSTORM",
"id": "139114"
},
{
"db": "PACKETSTORM",
"id": "132728"
},
{
"db": "PACKETSTORM",
"id": "132804"
},
{
"db": "NVD",
"id": "CVE-2015-4000"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-05-21T00:00:00",
"db": "VULHUB",
"id": "VHN-81961"
},
{
"date": "2015-05-21T00:00:00",
"db": "VULMON",
"id": "CVE-2015-4000"
},
{
"date": "2015-06-22T14:14:00",
"db": "PACKETSTORM",
"id": "132398"
},
{
"date": "2016-01-29T20:33:00",
"db": "PACKETSTORM",
"id": "135510"
},
{
"date": "2015-07-17T19:49:52",
"db": "PACKETSTORM",
"id": "132729"
},
{
"date": "2016-03-14T14:43:36",
"db": "PACKETSTORM",
"id": "136182"
},
{
"date": "2016-01-08T15:12:14",
"db": "PACKETSTORM",
"id": "135172"
},
{
"date": "2016-10-12T20:16:45",
"db": "PACKETSTORM",
"id": "139114"
},
{
"date": "2015-07-17T19:49:22",
"db": "PACKETSTORM",
"id": "132728"
},
{
"date": "2015-07-22T22:39:35",
"db": "PACKETSTORM",
"id": "132804"
},
{
"date": "2015-05-21T00:59:00.087000",
"db": "NVD",
"id": "CVE-2015-4000"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-09T00:00:00",
"db": "VULHUB",
"id": "VHN-81961"
},
{
"date": "2023-02-09T00:00:00",
"db": "VULMON",
"id": "CVE-2015-4000"
},
{
"date": "2024-11-21T02:30:14.667000",
"db": "NVD",
"id": "CVE-2015-4000"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "136182"
},
{
"db": "PACKETSTORM",
"id": "135172"
}
],
"trust": 0.2
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gentoo Linux Security Advisory 201506-02",
"sources": [
{
"db": "PACKETSTORM",
"id": "132398"
}
],
"trust": 0.1
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "info disclosure",
"sources": [
{
"db": "PACKETSTORM",
"id": "132398"
}
],
"trust": 0.1
}
}