Vulnerability-Lookup

CVE-2011-0014 (GCVE-0-2011-0014)

Vulnerability from cvelistv5 – Published: 2011-02-18 23:00 – Updated: 2024-08-06 21:36

Summary

ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows remote attackers to cause a denial of service (crash), and possibly obtain sensitive information in applications that use OpenSSL, via a malformed ClientHello handshake message that triggers an out-of-bounds memory access, aka "OCSP stapling vulnerability."

Severity

No CVSS data available.

CWE

Assigner

redhat

References

35 references

URL	Tags
http://www.vupen.com/english/advisories/2011/0361	vdb-entryx_refsource_VUPEN
http://slackware.com/security/viewer.php?l=slackw…	vendor-advisoryx_refsource_SLACKWARE
http://www-01.ibm.com/support/docview.wss?uid=ssg…	x_refsource_CONFIRM
http://osvdb.org/70847	vdb-entryx_refsource_OSVDB
http://support.apple.com/kb/HT4723	x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2011/0399	vdb-entryx_refsource_VUPEN
http://www.redhat.com/support/errata/RHSA-2011-06…	vendor-advisoryx_refsource_REDHAT
http://secunia.com/advisories/43301	third-party-advisoryx_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
http://www.vupen.com/english/advisories/2011/0387	vdb-entryx_refsource_VUPEN
http://secunia.com/advisories/43286	third-party-advisoryx_refsource_SECUNIA
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
http://www.debian.org/security/2011/dsa-2162	vendor-advisoryx_refsource_DEBIAN
http://www.vupen.com/english/advisories/2011/0395	vdb-entryx_refsource_VUPEN
http://ftp.netbsd.org/pub/NetBSD/security/advisor…	vendor-advisoryx_refsource_NETBSD
http://www.ubuntu.com/usn/USN-1064-1	vendor-advisoryx_refsource_UBUNTU
http://marc.info/?l=bugtraq&m=130497251507577&w=2	vendor-advisoryx_refsource_HP
http://h20000.www2.hp.com/bizsupport/TechSupport/…	vendor-advisoryx_refsource_HP
http://h20000.www2.hp.com/bizsupport/TechSupport/…	vendor-advisoryx_refsource_HP
http://secunia.com/advisories/43227	third-party-advisoryx_refsource_SECUNIA
http://www.vupen.com/english/advisories/2011/0389	vdb-entryx_refsource_VUPEN
http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
http://www.securityfocus.com/bid/46264	vdb-entryx_refsource_BID
http://secunia.com/advisories/57353	third-party-advisoryx_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=131042179515633&w=2	vendor-advisoryx_refsource_HP
http://www.openssl.org/news/secadv_20110208.txt	x_refsource_CONFIRM
http://secunia.com/advisories/44269	third-party-advisoryx_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=130497251507577&w=2	vendor-advisoryx_refsource_HP
http://secunia.com/advisories/43339	third-party-advisoryx_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=131042179515633&w=2	vendor-advisoryx_refsource_HP
http://www.vupen.com/english/advisories/2011/0603	vdb-entryx_refsource_VUPEN
http://www.securitytracker.com/id?1025050	vdb-entryx_refsource_SECTRACK
https://support.f5.com/csp/article/K10534046	x_refsource_CONFIRM

Date Public

2011-02-08 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T21:36:02.316Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2011-0361",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0361"
          },
          {
            "name": "SSA:2011-041-04",
            "tags": [
              "vendor-advisory",
              "x_refsource_SLACKWARE",
              "x_transferred"
            ],
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2011\u0026m=slackware-security.668823"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564"
          },
          {
            "name": "70847",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/70847"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT4723"
          },
          {
            "name": "ADV-2011-0399",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0399"
          },
          {
            "name": "RHSA-2011:0677",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2011-0677.html"
          },
          {
            "name": "43301",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/43301"
          },
          {
            "name": "oval:org.mitre.oval:def:18985",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18985"
          },
          {
            "name": "APPLE-SA-2011-06-23-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html"
          },
          {
            "name": "ADV-2011-0387",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0387"
          },
          {
            "name": "43286",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/43286"
          },
          {
            "name": "SUSE-SR:2011:005",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"
          },
          {
            "name": "DSA-2162",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2011/dsa-2162"
          },
          {
            "name": "ADV-2011-0395",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0395"
          },
          {
            "name": "NetBSD-SA2011-002",
            "tags": [
              "vendor-advisory",
              "x_refsource_NETBSD",
              "x_transferred"
            ],
            "url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2011-002.txt.asc"
          },
          {
            "name": "USN-1064-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1064-1"
          },
          {
            "name": "SSRT100475",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=130497251507577\u0026w=2"
          },
          {
            "name": "HPSBMA02658",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777"
          },
          {
            "name": "SSRT100413",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777"
          },
          {
            "name": "43227",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/43227"
          },
          {
            "name": "ADV-2011-0389",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0389"
          },
          {
            "name": "MDVSA-2011:028",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:028"
          },
          {
            "name": "FEDORA-2011-1273",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054007.html"
          },
          {
            "name": "46264",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/46264"
          },
          {
            "name": "57353",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/57353"
          },
          {
            "name": "HPSBUX02689",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=131042179515633\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.openssl.org/news/secadv_20110208.txt"
          },
          {
            "name": "44269",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44269"
          },
          {
            "name": "HPSBOV02670",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=130497251507577\u0026w=2"
          },
          {
            "name": "43339",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/43339"
          },
          {
            "name": "SSRT100494",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=131042179515633\u0026w=2"
          },
          {
            "name": "ADV-2011-0603",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0603"
          },
          {
            "name": "1025050",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1025050"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K10534046"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-02-08T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows remote attackers to cause a denial of service (crash), and possibly obtain sensitive information in applications that use OpenSSL, via a malformed ClientHello handshake message that triggers an out-of-bounds memory access, aka \"OCSP stapling vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-06-27T17:06:06.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "ADV-2011-0361",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0361"
        },
        {
          "name": "SSA:2011-041-04",
          "tags": [
            "vendor-advisory",
            "x_refsource_SLACKWARE"
          ],
          "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2011\u0026m=slackware-security.668823"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564"
        },
        {
          "name": "70847",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/70847"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT4723"
        },
        {
          "name": "ADV-2011-0399",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0399"
        },
        {
          "name": "RHSA-2011:0677",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2011-0677.html"
        },
        {
          "name": "43301",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/43301"
        },
        {
          "name": "oval:org.mitre.oval:def:18985",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18985"
        },
        {
          "name": "APPLE-SA-2011-06-23-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html"
        },
        {
          "name": "ADV-2011-0387",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0387"
        },
        {
          "name": "43286",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/43286"
        },
        {
          "name": "SUSE-SR:2011:005",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"
        },
        {
          "name": "DSA-2162",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2011/dsa-2162"
        },
        {
          "name": "ADV-2011-0395",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0395"
        },
        {
          "name": "NetBSD-SA2011-002",
          "tags": [
            "vendor-advisory",
            "x_refsource_NETBSD"
          ],
          "url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2011-002.txt.asc"
        },
        {
          "name": "USN-1064-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1064-1"
        },
        {
          "name": "SSRT100475",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=130497251507577\u0026w=2"
        },
        {
          "name": "HPSBMA02658",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777"
        },
        {
          "name": "SSRT100413",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777"
        },
        {
          "name": "43227",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/43227"
        },
        {
          "name": "ADV-2011-0389",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0389"
        },
        {
          "name": "MDVSA-2011:028",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:028"
        },
        {
          "name": "FEDORA-2011-1273",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054007.html"
        },
        {
          "name": "46264",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/46264"
        },
        {
          "name": "57353",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/57353"
        },
        {
          "name": "HPSBUX02689",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=131042179515633\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.openssl.org/news/secadv_20110208.txt"
        },
        {
          "name": "44269",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44269"
        },
        {
          "name": "HPSBOV02670",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=130497251507577\u0026w=2"
        },
        {
          "name": "43339",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/43339"
        },
        {
          "name": "SSRT100494",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=131042179515633\u0026w=2"
        },
        {
          "name": "ADV-2011-0603",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0603"
        },
        {
          "name": "1025050",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1025050"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.f5.com/csp/article/K10534046"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2011-0014",
    "datePublished": "2011-02-18T23:00:00.000Z",
    "dateReserved": "2010-12-07T00:00:00.000Z",
    "dateUpdated": "2024-08-06T21:36:02.316Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2011-0014",
      "date": "2026-05-26",
      "epss": "0.01196",
      "percentile": "0.79114"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"261EE631-AB43-44FE-B02A-DFAAB8D35927\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FA0E0BBF-D0BE-41A7-B9BB-C28F01000BC0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1A1365ED-4651-4AB2-A64B-43782EA2F0E8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EC82690C-DCED-47BA-AA93-4D0C9E95B806\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"43B90ED1-DAB4-4239-8AD8-87E8D568D5D2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3C9BF2DD-85EF-49CF-8D83-0DB46449E333\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"86C46AB8-52E5-4385-9C5C-F63FF9DB82AA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"564AA4E7-223E-48D8-B3E0-A461969CF530\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A82CFB41-BEA5-4B5F-BCAA-9BAED22EEAF0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"35C2AE06-B6E8-41C4-BB60-177AC4819CE6\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2FBD8C92-6138-4274-ACBA-D7D42DAEC5AC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*\", \"matchCriteriaId\": \"3A2075BD-6102-4B0F-839A-836E9585F43B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*\", \"matchCriteriaId\": \"2A2FA09E-2BF7-4968-B62D-00DA57F81EA1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*\", \"matchCriteriaId\": \"F02E634E-1E3D-4E44-BADA-76F92483A732\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*\", \"matchCriteriaId\": \"FCC2B07A-49EF-411F-8A4D-89435E22B043\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*\", \"matchCriteriaId\": \"7E9480D6-3B6A-4C41-B8C1-C3F945040772\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"10FF0A06-DA61-4250-B083-67E55E362677\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8A6BA453-C150-4159-B80B-5465EFF83F11\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"638A2E69-8AB6-4FEA-852A-FEF16A500C1A\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows remote attackers to cause a denial of service (crash), and possibly obtain sensitive information in applications that use OpenSSL, via a malformed ClientHello handshake message that triggers an out-of-bounds memory access, aka \\\"OCSP stapling vulnerability.\\\"\"}, {\"lang\": \"es\", \"value\": \"ssl/t1_lib.c en OpenSSL v0.9.8h hasta v0.9.8q y v1.0.0 hasta v1.0.0c permite a atacantes remotos causar una denegaci\\u00f3n de servicio (por ca\\u00edda de la aplicaci\\u00f3n) y posiblemente obtener informaci\\u00f3n sensible en las aplicaciones que utilizan OpenSSL, a trav\\u00e9s de un formato incorrecto de mensaje ClientHello que desencadena un acceso a memoria fuera de rango, tambi\\u00e9n conocida como \\\"vulnerabilidad de grapado OCSP.\\\"\"}]",
      "id": "CVE-2011-0014",
      "lastModified": "2024-11-21T01:23:07.513",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:P\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2011-02-19T01:00:01.777",
      "references": "[{\"url\": \"http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2011-002.txt.asc\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054007.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=130497251507577\u0026w=2\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=130497251507577\u0026w=2\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=131042179515633\u0026w=2\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=131042179515633\u0026w=2\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://osvdb.org/70847\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://secunia.com/advisories/43227\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/43286\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/43301\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/43339\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/44269\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://secunia.com/advisories/57353\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2011\u0026m=slackware-security.668823\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://support.apple.com/kb/HT4723\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.debian.org/security/2011/dsa-2162\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2011:028\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.openssl.org/news/secadv_20110208.txt\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2011-0677.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.securityfocus.com/bid/46264\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.securitytracker.com/id?1025050\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.ubuntu.com/usn/USN-1064-1\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.vupen.com/english/advisories/2011/0361\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2011/0387\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2011/0389\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2011/0395\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2011/0399\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2011/0603\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18985\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://support.f5.com/csp/article/K10534046\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2011-002.txt.asc\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054007.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=130497251507577\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=130497251507577\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=131042179515633\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=131042179515633\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://osvdb.org/70847\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/43227\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/43286\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/43301\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/43339\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/44269\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/57353\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2011\u0026m=slackware-security.668823\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://support.apple.com/kb/HT4723\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.debian.org/security/2011/dsa-2162\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2011:028\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.openssl.org/news/secadv_20110208.txt\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2011-0677.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/46264\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1025050\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.ubuntu.com/usn/USN-1064-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2011/0361\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2011/0387\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2011/0389\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2011/0395\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2011/0399\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2011/0603\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18985\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://support.f5.com/csp/article/K10534046\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "secalert@redhat.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-399\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2011-0014\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2011-02-19T01:00:01.777\",\"lastModified\":\"2026-04-29T01:13:23.040\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows remote attackers to cause a denial of service (crash), and possibly obtain sensitive information in applications that use OpenSSL, via a malformed ClientHello handshake message that triggers an out-of-bounds memory access, aka \\\"OCSP stapling vulnerability.\\\"\"},{\"lang\":\"es\",\"value\":\"ssl/t1_lib.c en OpenSSL v0.9.8h hasta v0.9.8q y v1.0.0 hasta v1.0.0c permite a atacantes remotos causar una denegaci\u00f3n de servicio (por ca\u00edda de la aplicaci\u00f3n) y posiblemente obtener informaci\u00f3n sensible en las aplicaciones que utilizan OpenSSL, a trav\u00e9s de un formato incorrecto de mensaje ClientHello que desencadena un acceso a memoria fuera de rango, tambi\u00e9n conocida como \\\"vulnerabilidad de grapado OCSP.\\\"\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-399\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"261EE631-AB43-44FE-B02A-DFAAB8D35927\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA0E0BBF-D0BE-41A7-B9BB-C28F01000BC0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A1365ED-4651-4AB2-A64B-43782EA2F0E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EC82690C-DCED-47BA-AA93-4D0C9E95B806\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"43B90ED1-DAB4-4239-8AD8-87E8D568D5D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C9BF2DD-85EF-49CF-8D83-0DB46449E333\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"86C46AB8-52E5-4385-9C5C-F63FF9DB82AA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"564AA4E7-223E-48D8-B3E0-A461969CF530\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A82CFB41-BEA5-4B5F-BCAA-9BAED22EEAF0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"35C2AE06-B6E8-41C4-BB60-177AC4819CE6\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2FBD8C92-6138-4274-ACBA-D7D42DAEC5AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"3A2075BD-6102-4B0F-839A-836E9585F43B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A2FA09E-2BF7-4968-B62D-00DA57F81EA1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*\",\"matchCriteriaId\":\"F02E634E-1E3D-4E44-BADA-76F92483A732\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*\",\"matchCriteriaId\":\"FCC2B07A-49EF-411F-8A4D-89435E22B043\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E9480D6-3B6A-4C41-B8C1-C3F945040772\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"10FF0A06-DA61-4250-B083-67E55E362677\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A6BA453-C150-4159-B80B-5465EFF83F11\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"638A2E69-8AB6-4FEA-852A-FEF16A500C1A\"}]}]}],\"references\":[{\"url\":\"http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2011-002.txt.asc\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054007.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=130497251507577\u0026w=2\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=131042179515633\u0026w=2\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://osvdb.org/70847\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/43227\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/43286\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/43301\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/43339\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/44269\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/57353\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2011\u0026m=slackware-security.668823\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://support.apple.com/kb/HT4723\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.debian.org/security/2011/dsa-2162\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2011:028\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.openssl.org/news/secadv_20110208.txt\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2011-0677.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/46264\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securitytracker.com/id?1025050\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.ubuntu.com/usn/USN-1064-1\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2011/0361\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2011/0387\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2011/0389\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2011/0395\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2011/0399\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2011/0603\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18985\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://support.f5.com/csp/article/K10534046\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2011-002.txt.asc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054007.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=130497251507577\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=131042179515633\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://osvdb.org/70847\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/43227\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/43286\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/43301\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/43339\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/44269\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/57353\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2011\u0026m=slackware-security.668823\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.apple.com/kb/HT4723\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2011/dsa-2162\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2011:028\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openssl.org/news/secadv_20110208.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2011-0677.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/46264\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1025050\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/USN-1064-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2011/0361\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2011/0387\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2011/0389\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2011/0395\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2011/0399\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2011/0603\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18985\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.f5.com/csp/article/K10534046\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CERTA-2011-AVI-073

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité dans OpenSSL permet à une personne malintentionnée de provoquer un déni de service à distance.

Description

Une vulnérabilité dans OpenSSL permet de provoquer un déni de service à distance en envoyant des messages spécialement conçus au serveur.

Cette faille ne concerne que les serveurs utilisant la fonction SSL_CTX_set_tlsext_status_cb(). Les versions 2.3.3 et suivantes du serveur Apache httpd sont notamment concernées.

Solution

Mettre à jour en version 1.0.0d ou en version 0.9.8r.

None

Impacted products

	Vendor	Product	Description
	OpenSSL	OpenSSL	OpenSSL versions 0.9.8h à 0.9.8q ;
	OpenSSL	OpenSSL	OpenSSL versions 1.0.0 à 1.0.0c.

References

Title

Publication Time

Tags

Avis de sécurité OpenSSL du 08 février 2011	None	vendor-advisory
Bulletin de sécurité Fedora FEDORA-2011-1273 du 10 février 2011 :	-	other
Bulletin de sécurité Fedora FEDORA-2011-1255 du 10 février 2011 :	-	other
Bulletin de sécurité Fedora FEDORA-2011-5876 du 23 avril 2011 (mingw32-openssl) :	-	other
Bulletin de sécurité Mandriva MDVSA-2011:028 du 15 février 2011 :	-	other
Bulletin de sécurité Ubuntu USN-1064-1 du 15 février 2011 :	-	other
Bulletin de sécurité Fedora FEDORA-2011-5865 du 23 avril 2011 (mingw32-openssl) :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "OpenSSL versions 0.9.8h \u00e0 0.9.8q ;",
      "product": {
        "name": "OpenSSL",
        "vendor": {
          "name": "OpenSSL",
          "scada": false
        }
      }
    },
    {
      "description": "OpenSSL versions 1.0.0 \u00e0 1.0.0c.",
      "product": {
        "name": "OpenSSL",
        "vendor": {
          "name": "OpenSSL",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 dans OpenSSL permet de provoquer un d\u00e9ni de service \u00e0\ndistance en envoyant des messages sp\u00e9cialement con\u00e7us au serveur.\n\nCette faille ne concerne que les serveurs utilisant la fonction\nSSL_CTX_set_tlsext_status_cb(). Les versions 2.3.3 et suivantes du\nserveur Apache httpd sont notamment concern\u00e9es.\n\n## Solution\n\nMettre \u00e0 jour en version 1.0.0d ou en version 0.9.8r.\n",
  "cves": [
    {
      "name": "CVE-2011-0014",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0014"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Fedora FEDORA-2011-1273 du 10 f\u00e9vrier    2011 :",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054007.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Fedora FEDORA-2011-1255 du 10 f\u00e9vrier    2011 :",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056102.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Fedora FEDORA-2011-5876 du 23 avril    2011 (mingw32-openssl) :",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059314.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mandriva MDVSA-2011:028 du 15 f\u00e9vrier    2011 :",
      "url": "http://www.mandriva.com/support/security/advisories/?name=MDVSA-2011:028"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-1064-1 du 15 f\u00e9vrier 2011 :",
      "url": "http://www.ubuntu.com/usn/usn-1064-1"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Fedora FEDORA-2011-5865 du 23 avril    2011 (mingw32-openssl) :",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059313.html"
    }
  ],
  "reference": "CERTA-2011-AVI-073",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-02-09T00:00:00.000000"
    },
    {
      "description": "ajout des r\u00e9f\u00e9rences aux bulletins Fedora, Mandriva et Ubuntu.",
      "revision_date": "2011-02-16T00:00:00.000000"
    },
    {
      "description": "ajout de la r\u00e9f\u00e9rence au bulletin Fedora (mingw32-openssl).",
      "revision_date": "2011-05-04T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans OpenSSL permet \u00e0 une personne malintentionn\u00e9e de\nprovoquer un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans OpenSSL",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Avis de s\u00e9curit\u00e9 OpenSSL du 08 f\u00e9vrier 2011",
      "url": "http://www.openssl.org/news/secadv_20110208.txt"
    }
  ]
}

CERTA-2011-AVI-242

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités, dont la plus critique permet l'exécution de code arbitraire à distance, ont été corrigées dans HP Insight Control pour Linux.

Description

Plusieurs vulnérabilités ont été corrigées dans HP Insight Control pour Linux; certaines correspondent à des vulnérabilités connues dans l'implémentation de OpenSSL et OpenSSH, une autre n'a pas été divulguée.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

HP Insight Control pour Linux versions antérieures à 6.3.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité HP c02794777 du 19 avril 2011

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eHP Insight Control pour Linux versions  ant\u00e9rieures \u00e0 6.3.\u003c/p\u003e",
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans HP Insight Control pour\nLinux; certaines correspondent \u00e0 des vuln\u00e9rabilit\u00e9s connues dans\nl\u0027impl\u00e9mentation de OpenSSL et OpenSSH, une autre n\u0027a pas \u00e9t\u00e9 divulgu\u00e9e.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-0539",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0539"
    },
    {
      "name": "CVE-2010-4180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4180"
    },
    {
      "name": "CVE-2010-3864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3864"
    },
    {
      "name": "CVE-2011-0014",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0014"
    },
    {
      "name": "CVE-2011-1535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1535"
    }
  ],
  "links": [],
  "reference": "CERTA-2011-AVI-242",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-04-21T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s, dont la plus critique permet l\u0027ex\u00e9cution de\ncode arbitraire \u00e0 distance, ont \u00e9t\u00e9 corrig\u00e9es dans HP Insight Control\npour Linux.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans HP Insight Control",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 HP c02794777 du 19 avril 2011",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777"
    }
  ]
}

CERTA-2011-AVI-369

Vulnerability from certfr_avis - Published: - Updated:

De nombreuses vulnérabilités ont été corrigées dans Mac OS X. Leur exploitation permet, entre autres, l'exécution de code arbitraire à distance.

Description

De multiples vulnérabilités ont été corrigées dans différents composants du système d'exploitation Mac OS X, notamment :

AirPort ;
App Store ;
Gestion des certificats ;
ColorSync ;
CoreFoundation ;
CoreGraphics ;
FTP Server ;
ImageIO ;
Kernel ;
Libsystem ;
Libxslt ;
MobileMe ;
MySQL ;
OpenSSL ;
QuickTime ;
Samba ;
Servermgrd ;
Subversion.

Certaines vulnérabilités permettent l'exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	Mac OS X 10.5.8 ;
N/A	N/A	Mac OS X Server 10.6.x.
N/A	N/A	Mac OS X Server 10.5.8 ;
N/A	N/A	Mac OS X 10.6.x ;

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT4723 du 23 juin 2011

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Mac OS X 10.5.8 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X Server 10.6.x.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X Server 10.5.8 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X 10.6.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans diff\u00e9rents composants\ndu syst\u00e8me d\u0027exploitation Mac OS X, notamment\u00a0:\n\n-   AirPort\u00a0;\n-   App Store\u00a0;\n-   Gestion des certificats\u00a0;\n-   ColorSync\u00a0;\n-   CoreFoundation\u00a0;\n-   CoreGraphics\u00a0;\n-   FTP Server\u00a0;\n-   ImageIO\u00a0;\n-   Kernel\u00a0;\n-   Libsystem\u00a0;\n-   Libxslt\u00a0;\n-   MobileMe\u00a0;\n-   MySQL\u00a0;\n-   OpenSSL\u00a0;\n-   QuickTime\u00a0;\n-   Samba\u00a0;\n-   Servermgrd\u00a0;\n-   Subversion.\n\nCertaines vuln\u00e9rabilit\u00e9s permettent l\u0027ex\u00e9cution de code arbitraire \u00e0\ndistance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-0195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0195"
    },
    {
      "name": "CVE-2011-0200",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0200"
    },
    {
      "name": "CVE-2011-0208",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0208"
    },
    {
      "name": "CVE-2010-4651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4651"
    },
    {
      "name": "CVE-2010-3835",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3835"
    },
    {
      "name": "CVE-2011-0198",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0198"
    },
    {
      "name": "CVE-2011-0715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0715"
    },
    {
      "name": "CVE-2010-3837",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3837"
    },
    {
      "name": "CVE-2010-3682",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3682"
    },
    {
      "name": "CVE-2011-0207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0207"
    },
    {
      "name": "CVE-2011-0202",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0202"
    },
    {
      "name": "CVE-2011-0196",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0196"
    },
    {
      "name": "CVE-2010-3677",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3677"
    },
    {
      "name": "CVE-2011-0197",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0197"
    },
    {
      "name": "CVE-2011-0210",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0210"
    },
    {
      "name": "CVE-2011-0209",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0209"
    },
    {
      "name": "CVE-2011-0203",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0203"
    },
    {
      "name": "CVE-2011-0206",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0206"
    },
    {
      "name": "CVE-2011-0719",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0719"
    },
    {
      "name": "CVE-2010-3790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3790"
    },
    {
      "name": "CVE-2010-4180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4180"
    },
    {
      "name": "CVE-2009-3245",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3245"
    },
    {
      "name": "CVE-2010-0740",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0740"
    },
    {
      "name": "CVE-2010-2632",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2632"
    },
    {
      "name": "CVE-2011-1132",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1132"
    },
    {
      "name": "CVE-2011-0213",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0213"
    },
    {
      "name": "CVE-2010-3838",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3838"
    },
    {
      "name": "CVE-2011-0212",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0212"
    },
    {
      "name": "CVE-2011-0205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0205"
    },
    {
      "name": "CVE-2010-3836",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3836"
    },
    {
      "name": "CVE-2011-0204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0204"
    },
    {
      "name": "CVE-2011-0199",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0199"
    },
    {
      "name": "CVE-2010-3069",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3069"
    },
    {
      "name": "CVE-2011-0201",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0201"
    },
    {
      "name": "CVE-2010-3864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3864"
    },
    {
      "name": "CVE-2010-3833",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3833"
    },
    {
      "name": "CVE-2011-0014",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0014"
    },
    {
      "name": "CVE-2011-0211",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0211"
    },
    {
      "name": "CVE-2010-3834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3834"
    }
  ],
  "links": [],
  "reference": "CERTA-2011-AVI-369",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-06-24T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De nombreuses vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans Mac OS X. Leur\nexploitation permet, entre autres, l\u0027ex\u00e9cution de code arbitraire \u00e0\ndistance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Mac OS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT4723 du 23 juin 2011",
      "url": "http://docs.info.apple.com/article.html?artnum=HT4723"
    }
  ]
}

CERTA-2011-AVI-661

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité dans syslog-ng Premium Edition permet à une personne malintentionnée de provoquer un déni de service à distance ou d'accéder à des informations sensibles.

Description

Une vulnérabilité dans le processus de vérification du message « ClientHello Handshake » dans « OpenSSL » permet à une personne malintentionnée de provoquer un déni de service à distance ou d'accéder à des informations sensibles.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	N/A	N/A	syslog-ng Premium Edition 4.x.
	N/A	N/A	syslog-ng Premium Edition 3.x ;

References

Title

Publication Time

Tags

Bulletin de sécurité Balabit du 21 novembre 2011	None	vendor-advisory
Bulletin de sécurité de Balabit du 21 novembre 2011 :	-	other
Bulletin de sécurité de Balabit du 21 novembre 2011 :	-	other
Bulletin de sécurité de Balabit du 21 novembre 2011 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "syslog-ng Premium Edition 4.x.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "syslog-ng Premium Edition 3.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 dans le processus de v\u00e9rification du message\n\u00ab\u00a0ClientHello Handshake\u00a0\u00bb dans \u00ab\u00a0OpenSSL\u00a0\u00bb permet \u00e0 une personne\nmalintentionn\u00e9e de provoquer un d\u00e9ni de service \u00e0 distance ou d\u0027acc\u00e9der\n\u00e0 des informations sensibles.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-0014",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0014"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 de Balabit du 21 novembre 2011 :",
      "url": "https://lists.balabit.hu/pipermail/syslog-ng-announce/2011-November/000129.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 de Balabit du 21 novembre 2011 :",
      "url": "https://lists.balabit.hu/pipermail/syslog-ng-announce/2011-November/000128.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 de Balabit du 21 novembre 2011 :",
      "url": "https://lists.balabit.hu/pipermail/syslog-ng-announce/2011-November/000127.html"
    }
  ],
  "reference": "CERTA-2011-AVI-661",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-11-22T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans syslog-ng Premium Edition permet \u00e0 une personne\nmalintentionn\u00e9e de provoquer un d\u00e9ni de service \u00e0 distance ou d\u0027acc\u00e9der\n\u00e0 des informations sensibles.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans syslog-ng Premium Edition",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Balabit du 21 novembre 2011",
      "url": null
    }
  ]
}

CERTA-2012-AVI-056

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités permettant à un utilisateur malintentionné de causer un déni de service, d'obtenir des informations sensibles et d'exécuter du code à distance sont présentes dans Blue Coat Reporter.

Description

Plusieurs vulnérabilités sont présentes dans Blue Coat Reporter. Elles concernent la version de la bibliothèque OpenSSL utilisée dans Blue Coat Reporter et permettent en outre de causer un déni de service, d'obtenir des informations sensibles et d'exécuter du code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Broadcom	Reporter	Blue Coat Reporter versions antérieures à 9.3.1.1.
	Broadcom	Reporter	Blue Coat Reporter versions antérieures à 9.2.5.1 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Blue Coat SA68 du 01 février 2012

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Blue Coat Reporter versions ant\u00e9rieures \u00e0 9.3.1.1.",
      "product": {
        "name": "Reporter",
        "vendor": {
          "name": "Broadcom",
          "scada": false
        }
      }
    },
    {
      "description": "Blue Coat Reporter versions ant\u00e9rieures \u00e0 9.2.5.1 ;",
      "product": {
        "name": "Reporter",
        "vendor": {
          "name": "Broadcom",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s sont pr\u00e9sentes dans Blue Coat Reporter. Elles\nconcernent la version de la biblioth\u00e8que OpenSSL utilis\u00e9e dans Blue Coat\nReporter et permettent en outre de causer un d\u00e9ni de service, d\u0027obtenir\ndes informations sensibles et d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-3864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3864"
    },
    {
      "name": "CVE-2011-0014",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0014"
    }
  ],
  "links": [],
  "reference": "CERTA-2012-AVI-056",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-02-03T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s permettant \u00e0 un utilisateur malintentionn\u00e9 de\ncauser un d\u00e9ni de service, d\u0027obtenir des informations sensibles et\nd\u0027ex\u00e9cuter du code \u00e0 distance sont pr\u00e9sentes dans \u003cspan\nclass=\"textit\"\u003eBlue Coat Reporter\u003c/span\u003e.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans Blue Coat Reporter",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Blue Coat SA68 du 01 f\u00e9vrier 2012",
      "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA68"
    }
  ]
}

CERTA-2012-AVI-218

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans HP System Management Homepage. Leur exploitation permet, entre autres, d'exécuter du code arbitraire à distance et de réaliser des dénis de service.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

HP System Management Homepage versions antérieures à 7.0.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité HP c03280632 du 16 avril 2012

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003e\u003cSPAN class=\"textit\"\u003eHP System Management Homepage\u003c/SPAN\u003e  versions ant\u00e9rieures \u00e0 7.0.\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-2202",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2202"
    },
    {
      "name": "CVE-2011-0195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0195"
    },
    {
      "name": "CVE-2011-3192",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3192"
    },
    {
      "name": "CVE-2011-2483",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2483"
    },
    {
      "name": "CVE-2011-3348",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3348"
    },
    {
      "name": "CVE-2011-3210",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3210"
    },
    {
      "name": "CVE-2011-1471",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1471"
    },
    {
      "name": "CVE-2010-1623",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1623"
    },
    {
      "name": "CVE-2011-3182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3182"
    },
    {
      "name": "CVE-2010-0734",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0734"
    },
    {
      "name": "CVE-2010-2791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2791"
    },
    {
      "name": "CVE-2011-3268",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3268"
    },
    {
      "name": "CVE-2012-0135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0135"
    },
    {
      "name": "CVE-2011-1153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1153"
    },
    {
      "name": "CVE-2010-4645",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4645"
    },
    {
      "name": "CVE-2010-2068",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2068"
    },
    {
      "name": "CVE-2010-1452",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1452"
    },
    {
      "name": "CVE-2011-3267",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3267"
    },
    {
      "name": "CVE-2010-4409",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4409"
    },
    {
      "name": "CVE-2011-1148",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1148"
    },
    {
      "name": "CVE-2011-1467",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1467"
    },
    {
      "name": "CVE-2011-3368",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3368"
    },
    {
      "name": "CVE-2012-1993",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1993"
    },
    {
      "name": "CVE-2011-2192",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2192"
    },
    {
      "name": "CVE-2011-3207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3207"
    },
    {
      "name": "CVE-2011-1470",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1470"
    },
    {
      "name": "CVE-2011-1464",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1464"
    },
    {
      "name": "CVE-2011-3639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3639"
    },
    {
      "name": "CVE-2009-0037",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0037"
    },
    {
      "name": "CVE-2010-3436",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3436"
    },
    {
      "name": "CVE-2011-4317",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4317"
    },
    {
      "name": "CVE-2011-1945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1945"
    },
    {
      "name": "CVE-2011-1928",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1928"
    },
    {
      "name": "CVE-2011-3846",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3846"
    },
    {
      "name": "CVE-2011-0014",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0014"
    },
    {
      "name": "CVE-2011-0419",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0419"
    },
    {
      "name": "CVE-2011-1468",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1468"
    },
    {
      "name": "CVE-2011-1938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1938"
    },
    {
      "name": "CVE-2011-3189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3189"
    }
  ],
  "links": [],
  "reference": "CERTA-2012-AVI-218",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-04-18T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eHP System Management Homepage\u003c/span\u003e. Leur exploitation\npermet, entre autres, d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance et de\nr\u00e9aliser des d\u00e9nis de service.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans HP System Management Homepage",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 HP c03280632 du 16 avril 2012",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03280632"
    }
  ]
}

CERTA-2012-AVI-479

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans les produits VMware. Elles concernent les éléments d'éditeurs tiers implémentés dans les solutions. Les éléments suivants ont étés mis à jour :

Java Runtime Environment (JRE) ;
OpenSSL ;
le noyau ;
Perl ;
libxml2 ;
glibc ;
GnuTLS ;
popt et rpm ;
Apache struts.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
VMware	N/A	VMware ESX version 4.1 ;
VMware	N/A	VMware vCO version 4.0.
VMware	N/A	VMware vCenter version 5.0 ;
VMware	N/A	VMware vCOps version 1.0.x ;
VMware	ESXi	VMware ESXi version 3.5 ;
VMware	N/A	VMware Update Manager version 5.0 ;
VMware	N/A	VMware Update Manager version 4.0 ;
VMware	N/A	VMware vCO version 4.1 ;
VMware	ESXi	VMware ESXi version 4.1 ;
VMware	N/A	VMware vCenter version 4.0 ;
VMware	N/A	VMware vCenter version 4.1 ;
VMware	N/A	VMware vCOps version 5.0.2 ;
VMware	ESXi	VMware ESXi version 4.0 ;
VMware	N/A	VMware VirtualCenter version 2.5 ;
VMware	N/A	VMware Update Manager version 4.1 ;
VMware	ESXi	VMware ESXi version 5.0 ;
VMware	N/A	VMware ESX version 4.0 ;
VMware	N/A	VMware ESX version 3.5 ;

References

Title

Publication Time

Tags

Bulletin de sécurité VMware VMSA-2012-0013 du 30 août 2012

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "VMware ESX version 4.1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware vCO version 4.0.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware vCenter version 5.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware vCOps version 1.0.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESXi version 3.5 ;",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware Update Manager version 5.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware Update Manager version 4.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware vCO version 4.1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESXi version 4.1 ;",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware vCenter version 4.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware vCenter version 4.1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware vCOps version 5.0.2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESXi version 4.0 ;",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware VirtualCenter version 2.5 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware Update Manager version 4.1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESXi version 5.0 ;",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESX version 4.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESX version 3.5 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-1833",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1833"
    },
    {
      "name": "CVE-2012-0050",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0050"
    },
    {
      "name": "CVE-2011-4132",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4132"
    },
    {
      "name": "CVE-2011-4609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4609"
    },
    {
      "name": "CVE-2012-0207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0207"
    },
    {
      "name": "CVE-2011-5057",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-5057"
    },
    {
      "name": "CVE-2010-4252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4252"
    },
    {
      "name": "CVE-2011-4619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4619"
    },
    {
      "name": "CVE-2012-2110",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2110"
    },
    {
      "name": "CVE-2011-4576",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4576"
    },
    {
      "name": "CVE-2011-2496",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2496"
    },
    {
      "name": "CVE-2009-5064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-5064"
    },
    {
      "name": "CVE-2011-4577",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4577"
    },
    {
      "name": "CVE-2009-5029",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-5029"
    },
    {
      "name": "CVE-2012-1569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1569"
    },
    {
      "name": "CVE-2011-4324",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4324"
    },
    {
      "name": "CVE-2011-4110",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4110"
    },
    {
      "name": "CVE-2011-4108",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4108"
    },
    {
      "name": "CVE-2012-1583",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1583"
    },
    {
      "name": "CVE-2010-2761",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2761"
    },
    {
      "name": "CVE-2012-0060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0060"
    },
    {
      "name": "CVE-2012-0391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0391"
    },
    {
      "name": "CVE-2011-4325",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4325"
    },
    {
      "name": "CVE-2010-0830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0830"
    },
    {
      "name": "CVE-2012-0061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0061"
    },
    {
      "name": "CVE-2010-4180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4180"
    },
    {
      "name": "CVE-2012-0864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0864"
    },
    {
      "name": "CVE-2011-3209",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3209"
    },
    {
      "name": "CVE-2010-4410",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4410"
    },
    {
      "name": "CVE-2012-0392",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0392"
    },
    {
      "name": "CVE-2012-0394",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0394"
    },
    {
      "name": "CVE-2012-0815",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0815"
    },
    {
      "name": "CVE-2011-3188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3188"
    },
    {
      "name": "CVE-2011-1020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1020"
    },
    {
      "name": "CVE-2011-4109",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4109"
    },
    {
      "name": "CVE-2012-1573",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1573"
    },
    {
      "name": "CVE-2011-4128",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4128"
    },
    {
      "name": "CVE-2012-0841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0841"
    },
    {
      "name": "CVE-2011-2484",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2484"
    },
    {
      "name": "CVE-2012-0393",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0393"
    },
    {
      "name": "CVE-2011-3597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3597"
    },
    {
      "name": "CVE-2011-3363",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3363"
    },
    {
      "name": "CVE-2011-2699",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2699"
    },
    {
      "name": "CVE-2011-0014",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0014"
    },
    {
      "name": "CVE-2011-1089",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1089"
    }
  ],
  "links": [],
  "reference": "CERTA-2012-AVI-479",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-09-03T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eVMware\u003c/span\u003e. Elles concernent les \u00e9l\u00e9ments d\u0027\u00e9diteurs\ntiers impl\u00e9ment\u00e9s dans les solutions. Les \u00e9l\u00e9ments suivants ont \u00e9t\u00e9s mis\n\u00e0 jour :\n\n-   Java Runtime Environment (JRE) ;\n-   OpenSSL ;\n-   le noyau ;\n-   Perl ;\n-   libxml2 ;\n-   glibc ;\n-   GnuTLS ;\n-   popt et rpm ;\n-   Apache struts.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans VMware",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2012-0013 du 30 ao\u00fbt 2012",
      "url": "http://www.vmware.com/security/advisories/VMSA-2012-0013.html"
    }
  ]
}

CERTA-2013-AVI-090

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans IBM InfoSphere Balanced Warehouse. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	N/A	IBM Smart Analytics System 5600 V2
IBM	N/A	IBM Smart Analytics System 5710
IBM	N/A	IBM Smart Analytics System 2050 pour Linux
IBM	N/A	IBM InfoSphere Balanced Warehouse C3000
IBM	N/A	IBM InfoSphere Balanced Warehouse C4000
IBM	N/A	IBM Smart Analytics System 1050 pour Linux
IBM	N/A	IBM InfoSphere Balanced Warehouse D5100
IBM	N/A	IBM Smart Analytics System 5600 V1

References

Title

Publication Time

Tags

Bulletin de sécurité IBM swg21619837 du 31 janvier 2013

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM Smart Analytics System 5600 V2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Smart Analytics System 5710",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Smart Analytics System 2050 pour Linux",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM InfoSphere Balanced Warehouse C3000",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM InfoSphere Balanced Warehouse C4000",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Smart Analytics System 1050 pour Linux",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM InfoSphere Balanced Warehouse D5100",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Smart Analytics System 5600 V1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2012-0050",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0050"
    },
    {
      "name": "CVE-2011-3210",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3210"
    },
    {
      "name": "CVE-2011-4619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4619"
    },
    {
      "name": "CVE-2012-2110",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2110"
    },
    {
      "name": "CVE-2011-4576",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4576"
    },
    {
      "name": "CVE-2011-4577",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4577"
    },
    {
      "name": "CVE-2012-0884",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0884"
    },
    {
      "name": "CVE-2011-4108",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4108"
    },
    {
      "name": "CVE-2010-3864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3864"
    },
    {
      "name": "CVE-2011-0014",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0014"
    },
    {
      "name": "CVE-2012-2131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2131"
    }
  ],
  "links": [],
  "reference": "CERTA-2013-AVI-090",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2013-02-04T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eIBM InfoSphere Balanced Warehouse\u003c/span\u003e. Certaines\nd\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM InfoSphere Balanced Warehouse",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM swg21619837 du 31 janvier 2013",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21619837"
    }
  ]
}

CERTA-2011-AVI-073

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité dans OpenSSL permet à une personne malintentionnée de provoquer un déni de service à distance.

Description

Une vulnérabilité dans OpenSSL permet de provoquer un déni de service à distance en envoyant des messages spécialement conçus au serveur.

Cette faille ne concerne que les serveurs utilisant la fonction SSL_CTX_set_tlsext_status_cb(). Les versions 2.3.3 et suivantes du serveur Apache httpd sont notamment concernées.

Solution

Mettre à jour en version 1.0.0d ou en version 0.9.8r.

None

Impacted products

	Vendor	Product	Description
	OpenSSL	OpenSSL	OpenSSL versions 0.9.8h à 0.9.8q ;
	OpenSSL	OpenSSL	OpenSSL versions 1.0.0 à 1.0.0c.

References

Title

Publication Time

Tags

Avis de sécurité OpenSSL du 08 février 2011	None	vendor-advisory
Bulletin de sécurité Fedora FEDORA-2011-1273 du 10 février 2011 :	-	other
Bulletin de sécurité Fedora FEDORA-2011-1255 du 10 février 2011 :	-	other
Bulletin de sécurité Fedora FEDORA-2011-5876 du 23 avril 2011 (mingw32-openssl) :	-	other
Bulletin de sécurité Mandriva MDVSA-2011:028 du 15 février 2011 :	-	other
Bulletin de sécurité Ubuntu USN-1064-1 du 15 février 2011 :	-	other
Bulletin de sécurité Fedora FEDORA-2011-5865 du 23 avril 2011 (mingw32-openssl) :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "OpenSSL versions 0.9.8h \u00e0 0.9.8q ;",
      "product": {
        "name": "OpenSSL",
        "vendor": {
          "name": "OpenSSL",
          "scada": false
        }
      }
    },
    {
      "description": "OpenSSL versions 1.0.0 \u00e0 1.0.0c.",
      "product": {
        "name": "OpenSSL",
        "vendor": {
          "name": "OpenSSL",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 dans OpenSSL permet de provoquer un d\u00e9ni de service \u00e0\ndistance en envoyant des messages sp\u00e9cialement con\u00e7us au serveur.\n\nCette faille ne concerne que les serveurs utilisant la fonction\nSSL_CTX_set_tlsext_status_cb(). Les versions 2.3.3 et suivantes du\nserveur Apache httpd sont notamment concern\u00e9es.\n\n## Solution\n\nMettre \u00e0 jour en version 1.0.0d ou en version 0.9.8r.\n",
  "cves": [
    {
      "name": "CVE-2011-0014",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0014"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Fedora FEDORA-2011-1273 du 10 f\u00e9vrier    2011 :",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054007.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Fedora FEDORA-2011-1255 du 10 f\u00e9vrier    2011 :",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056102.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Fedora FEDORA-2011-5876 du 23 avril    2011 (mingw32-openssl) :",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059314.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mandriva MDVSA-2011:028 du 15 f\u00e9vrier    2011 :",
      "url": "http://www.mandriva.com/support/security/advisories/?name=MDVSA-2011:028"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-1064-1 du 15 f\u00e9vrier 2011 :",
      "url": "http://www.ubuntu.com/usn/usn-1064-1"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Fedora FEDORA-2011-5865 du 23 avril    2011 (mingw32-openssl) :",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059313.html"
    }
  ],
  "reference": "CERTA-2011-AVI-073",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-02-09T00:00:00.000000"
    },
    {
      "description": "ajout des r\u00e9f\u00e9rences aux bulletins Fedora, Mandriva et Ubuntu.",
      "revision_date": "2011-02-16T00:00:00.000000"
    },
    {
      "description": "ajout de la r\u00e9f\u00e9rence au bulletin Fedora (mingw32-openssl).",
      "revision_date": "2011-05-04T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans OpenSSL permet \u00e0 une personne malintentionn\u00e9e de\nprovoquer un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans OpenSSL",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Avis de s\u00e9curit\u00e9 OpenSSL du 08 f\u00e9vrier 2011",
      "url": "http://www.openssl.org/news/secadv_20110208.txt"
    }
  ]
}

CERTA-2011-AVI-242

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités, dont la plus critique permet l'exécution de code arbitraire à distance, ont été corrigées dans HP Insight Control pour Linux.

Description

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

HP Insight Control pour Linux versions antérieures à 6.3.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité HP c02794777 du 19 avril 2011

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eHP Insight Control pour Linux versions  ant\u00e9rieures \u00e0 6.3.\u003c/p\u003e",
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans HP Insight Control pour\nLinux; certaines correspondent \u00e0 des vuln\u00e9rabilit\u00e9s connues dans\nl\u0027impl\u00e9mentation de OpenSSL et OpenSSH, une autre n\u0027a pas \u00e9t\u00e9 divulgu\u00e9e.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-0539",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0539"
    },
    {
      "name": "CVE-2010-4180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4180"
    },
    {
      "name": "CVE-2010-3864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3864"
    },
    {
      "name": "CVE-2011-0014",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0014"
    },
    {
      "name": "CVE-2011-1535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1535"
    }
  ],
  "links": [],
  "reference": "CERTA-2011-AVI-242",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-04-21T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s, dont la plus critique permet l\u0027ex\u00e9cution de\ncode arbitraire \u00e0 distance, ont \u00e9t\u00e9 corrig\u00e9es dans HP Insight Control\npour Linux.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans HP Insight Control",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 HP c02794777 du 19 avril 2011",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2011-0014 (GCVE-0-2011-0014)

Description

Solution

Description

Solution

Description

Solution

Description

Solution

Description

Solution

Solution

Solution

Solution

Description

Solution

Description

Solution

Tags

Sightings

Nomenclature