ID
VAR-200911-0398
CVE
CVE-2009-3555
TITLE
SSL and TLS protocols renegotiation vulnerability
Trust: 0.8
DESCRIPTION
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) The protocol includes renegotiation A vulnerability exists in the function. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) Is a protocol that provides functions such as communication encryption and authentication. SSL and TLS The protocol includes renegotiation There are vulnerabilities due to functionality.A third party that can relay communication between the user and the server can insert arbitrary data at the beginning of the communication data under specific conditions. As a result, the attacker inserted HTTP The request may be sent to the server. ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Oracle Application Server Multiple Vulnerabilities SECUNIA ADVISORY ID: SA44293 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44293/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44293 RELEASE DATE: 2011-04-24 DISCUSS ADVISORY: http://secunia.com/advisories/44293/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44293/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44293 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Oracle Application Server, which can be exploited by malicious users and people to manipulate certain data. 1) An error exists in the C Oracle SSL API of the Oracle Security Service component and can be exploited to manipulate certain data. For more information see vulnerability #1: SA37291 2) An unspecified error in the Oracle HTTP Server component can be exploited to manipulate certain data. 3) An error exists in the Midtier Infrastructure of the Portal component and can be exploited to manipulate certain data. For more information see vulnerability #3: SA44246 4) An unspecified error in the Single Sign On component can be exploited by authenticated users to manipulate certain data. SOLUTION: Apply updates (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: It is currently unclear who reported these vulnerabilities as the Oracle Critical Patch Update for April 2011 only provides a bundled list of credits. ORIGINAL ADVISORY: Oracle: http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html#AppendixAS OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. The vulnerability exists in how the protocol handles session renegotiation and exposes users to a potential man-in-the-middle attack. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20091109-tls.shtml. Affected Products ================= Cisco is currently evaluating products for possible exposure to these TLS issues. Products will only be listed in the Vulnerable Products or Products Confirmed Not Vulnerable sections of this advisory when a final determination about product exposure is made. Products that are not listed in either of these two sections are still being evaluated. Vulnerable Products - ------------------- This section will be updated when more information is available. Products Confirmed Not Vulnerable - --------------------------------- The following products are confirmed not vulnerable: * Cisco AnyConnect VPN Client This section will be updated when more information is available. The vulnerability exists in how the protocol handles session renegotiation and exposes users to a potential man-in-the-middle attack. The following Cisco Bug IDs are being used to track potential exposure to the SSL and TLS issues. The bugs listed below do not confirm that a product is vulnerable, but rather that the product is under investigation by the appropriate product teams. Registered Cisco customers can view these bugs via Cisco's Bug Toolkit: http://www.cisco.com/pcgi-bin/Support/Bugtool/launch_bugtool.pl +------------------------------------------------------------+ | Product | Bug ID | |----------------------------+-------------------------------| | Cisco Adaptive Security | CSCtd01491 | | Device Manager (ASDM) | | |----------------------------+-------------------------------| | Cisco AON Software | CSCtd01646 | | | | |----------------------------+-------------------------------| | Cisco AON Healthcare for | CSCtd01652 | | HIPAA and ePrescription | | |----------------------------+-------------------------------| | Cisco Application and | CSCtd01529 | | Content Networking System | | | (ACNS) Software | | |----------------------------+-------------------------------| | Cisco Application | CSCtd01480 | | Networking Manager | | |----------------------------+-------------------------------| | Cisco ASA 5500 Series | CSCtd00697 | | Adaptive Security | | | Appliances | | |----------------------------+-------------------------------| | Cisco ASA Advanced | | | Inspection and Prevention | CSCtd01539 | | (AIP) Security Services | | | Module | | |----------------------------+-------------------------------| | Cisco AVS 3100 Series | CSCtd01566 | | Application Velocity | | | System | | |----------------------------+-------------------------------| | Cisco Catalyst 6500 Series | CSCtd06389 | | SSL Services Module | | |----------------------------+-------------------------------| | Firewall Services Module | CSCtd04061 | | FWSM | | |----------------------------+-------------------------------| | Cisco CSS 11000 Series | CSCtd01636 | | Content Services Switches | | |----------------------------+-------------------------------| | Cisco Unified SIP Phones | CSCtd01446 | | | | |----------------------------+-------------------------------| | Cisco Data Center Network | CSCtd02635 | | Manager | | |----------------------------+-------------------------------| | Cisco Data Mobility | CSCtd02642 | | Manager | | |----------------------------+-------------------------------| | Cisco Digital Media | CSCtd01703 | | Encoders | | |----------------------------+-------------------------------| | Cisco Digital Media | CSCtd01692 | | Manager | | |----------------------------+-------------------------------| | Cisco Digital Media | CSCtd01718 | | Players | | |----------------------------+-------------------------------| | Cisco Emergency Responder | CSCtd02650 | | | | |----------------------------+-------------------------------| | Cisco IOS Software | CSCtd00658 | | | | |----------------------------+-------------------------------| | Cisco IOS XE Software | CSCtd00658 | | | | |----------------------------+-------------------------------| | Cisco IOS XR Software | CSCtd02658 | | | | |----------------------------+-------------------------------| | Cisco IP Communicator | CSCtd02662 | | | | |----------------------------+-------------------------------| | CATOS | CSCtd00662 | | | | |----------------------------+-------------------------------| | Cisco IronPort Appliances | CSCtd02069 | | | | |----------------------------+-------------------------------| | Cisco Unified MeetingPlace | CSCtd02709 | | | | |----------------------------+-------------------------------| | Cisco NAC Appliance (Clean | CSCtd01453 | | Access) | | |----------------------------+-------------------------------| | Cisco NAC Guest Server | CSCtd01462 | | | | |----------------------------+-------------------------------| | Cisco NAC Profiler | CSCtd02716 | | | | |----------------------------+-------------------------------| | Cisco Network Analysis | CSCtd02729 | | Module Software (NAM) | | |----------------------------+-------------------------------| | Cisco Network Registrar | CSCtd02748 | | | | |----------------------------+-------------------------------| | Cisco ONS 15500 Series | CSCtd02769 | | | | |----------------------------+-------------------------------| | Cisco Physical Access | CSCtd02777 | | Gateways | | |----------------------------+-------------------------------| | Cisco Physical Access | CSCtd03912 | | Manager | | |----------------------------+-------------------------------| | Cisco Physical Security | CSCtd03920 | | ISM | | |----------------------------+-------------------------------| | Cisco QoS Device Manager | CSCtd03923 | | | | |----------------------------+-------------------------------| | Cisco Secure Access | CSCtd00725 | | Control Server (ACS) | | |----------------------------+-------------------------------| | Cisco Secure Desktop | CSCtd03928 | | | | |----------------------------+-------------------------------| | Cisco Secure Services | CSCtd03935 | | Client | | |----------------------------+-------------------------------| | Cisco Security Agent CSA | CSCtd02689 | | | | |----------------------------+-------------------------------| | Cisco Security Monitoring, | CSCtd02654 | | Analysis and Response | | | System (MARS) | | |----------------------------+-------------------------------| | Cisco Unified IP Phones | CSCtd04121 | | | | |----------------------------+-------------------------------| | Cisco Service Control | CSCtd04171 | | Subscriber Manager | | |----------------------------+-------------------------------| | Cisco TelePresence Manager | CSCtd01771 | | | | |----------------------------+-------------------------------| | Telepresence for Consumer | CSCtd01752 | | | | |----------------------------+-------------------------------| | Cisco TelePresence | CSCtd01742 | | Recording Server | | |----------------------------+-------------------------------| | Cisco Network Asset | CSCtd04198 | | Collector | | |----------------------------+-------------------------------| | Cisco Unified | CSCtd01282 | | Communications Manager | | | (CallManager) | | |----------------------------+-------------------------------| | Cisco Unified Business | CSCtd05731 | | Attendant Console | | |----------------------------+-------------------------------| | Cisco Unified Contact | CSCtd05790 | | Center Enterprise | | |----------------------------+-------------------------------| | Cisco Unified Contact | CSCtd05790 | | Center Express | | |----------------------------+-------------------------------| | Cisco Unified Contact | CSCtd05755 | | Center Management Portal | | |----------------------------+-------------------------------| | Cisco Unified Contact | CSCtd05790 | | Center Products | | |----------------------------+-------------------------------| | Cisco Unified Department | CSCtd05733 | | Attendant Console | | |----------------------------+-------------------------------| | Cisco Unified E-Mail | CSCtd05756 | | Interaction Manager | | |----------------------------+-------------------------------| | Cisco Unified Enterprise | CSCtd05735 | | Attendant Console | | |----------------------------+-------------------------------| | Cisco Unified Mobile | CSCtd05762 | | Communicator | | |----------------------------+-------------------------------| | Cisco Unified Mobility | CSCtd05786 | | | | |----------------------------+-------------------------------| | Cisco Unified Mobility | CSCtd05783 | | Advantage | | |----------------------------+-------------------------------| | Cisco Unified Operations | CSCtd05784 | | Manager | | |----------------------------+-------------------------------| | Cisco Unified Personal | CSCtd05759 | | Communicator | | |----------------------------+-------------------------------| | Cisco Unified Presence | CSCtd05791 | | | | |----------------------------+-------------------------------| | Cisco Unified Provisioning | CSCtd05777 | | Manager | | |----------------------------+-------------------------------| | Cisco Unified Quick | CSCtd05738 | | Connect | | |----------------------------+-------------------------------| | Cisco Unified Service | CSCtd05780 | | Monitor | | |----------------------------+-------------------------------| | Cisco Unified Service | CStCd05778 | | Statistics Manager | | |----------------------------+-------------------------------| | Cisco Unified SIP Proxy | CSCtd05765 | | | | |----------------------------+-------------------------------| | Cisco Unity | CSCtd02855 | | | | |----------------------------+-------------------------------| | Cisco NX-OS Software | CSCtd00699 and CSCtd00703 | | | | |----------------------------+-------------------------------| | Cisco Video Portal | CSCtd04097 | | | | |----------------------------+-------------------------------| | Cisco Video Surveillance | CSCtd02831 | | Media Server Software | | |----------------------------+-------------------------------| | Cisco Video Surveillance | CSCtd02780 | | Operations Manager | | | Software | | |----------------------------+-------------------------------| | Cisco Wide Area File | CSCtd04106 | | Services Software (WAFS) | | |----------------------------+-------------------------------| | Cisco Wireless Control | CSCtd01625 | | System | | |----------------------------+-------------------------------| | Cisco Wireless LAN | CSCtd01611 | | Controller (WLAN) | | |----------------------------+-------------------------------| | Cisco Wireless Location | CSCtd04115 | | Appliance | | |----------------------------+-------------------------------| | CiscoWorks Common Services | CSCtd01597 | | Software | | |----------------------------+-------------------------------| | CiscoWorks Wireless LAN | CSCtd04111 | | Solution Engine (WLSE) | | +------------------------------------------------------------+ This vulnerability has been assigned the Common Vulnerabilities and Exposures (CVE) identifier CVE-2009-3555. Vulnerability Scoring Details +---------------------------- Cisco has provided scores for the vulnerability in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss * TLS Renegotiation Vulnerability (all Cisco Bugs above) CVSS Base Score - 4.3 Access Vector - Network Access Complexity - Medium Authentication - None Confidentiality Impact - None Integrity Impact - Partial Availability Impact - None CVSS Temporal Score - 4.1 Exploitability - Functional Remediation Level - Unavailable Report Confidence - Confirmed Impact ====== This section will be updated when more information is available. Software Versions and Fixes =========================== This section will be updated to include fixed software versions for affected Cisco products as they become available. Workarounds =========== Workarounds are being investigated. This section will be updated when more information becomes available. Obtaining Fixed Software ======================== Cisco has released free software updates that address this vulnerability. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html, or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml. Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations - ------------------------------------------------- Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts - ----------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== This vulnerability was initially discovered by Marsh Ray and Steve Dispensa from PhoneFactor, Inc. Cisco is not aware of any malicious exploitation of this vulnerability. Proof-of-concept exploit code has been published for this vulnerability. Status of this Notice: INTERIM ============================== THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at: http://www.cisco.com/warp/public/707/cisco-sa-20091109-tls.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +------------------------------------------------------------+ | Revision 1.0 | 2009-November-9 | Initial public release | +------------------------------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html. This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psirt. +-------------------------------------------------------------------- Copyright 2008-2009 Cisco Systems, Inc. The vulnerabilities could be remotely exploited to create a Denial of Service (DoS), unauthorized access, unauthorized disclosure of information, or unauthorized modifications. HP Secure Web Server (SWS) for OpenVMS (based on Apache) V2.1-1 and earlier. Kit Name Location HP SWS V2.2 for OpenVMS Alpha and OpenVMS Integrity servers. A short term solution was released Sat Nov 07 2009 by the ASF team to mitigate these problems. Apache will now reject in-session renegotiation (CVE-2009-3555). Additionally the SNI patch was upgraded for 2009.0/MES5 and 2009.1. This update provides a solution to this vulnerability. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201006-18 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Oracle JRE/JDK: Multiple vulnerabilities Date: June 04, 2010 Bugs: #306579, #314531 ID: 201006-18 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== The Oracle JDK and JRE are vulnerable to multiple unspecified vulnerabilities. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-java/sun-jre-bin < 1.6.0.20 >= 1.6.0.20 2 dev-java/sun-jdk < 1.6.0.20 >= 1.6.0.20 3 app-emulation/emul-linux-x86-java < 1.6.0.20 >= 1.6.0.20 ------------------------------------------------------------------- 3 affected packages on all of their supported architectures. ------------------------------------------------------------------- Description =========== Multiple vulnerabilities have been reported in the Oracle Java implementation. Please review the CVE identifiers referenced below and the associated Oracle Critical Patch Update Advisory for details. Impact ====== A remote attacker could exploit these vulnerabilities to cause unspecified impact, possibly including remote execution of arbitrary code. Workaround ========== There is no known workaround at this time. Resolution ========== All Oracle JRE 1.6.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/sun-jre-bin-1.6.0.20" All Oracle JDK 1.6.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/sun-jdk-1.6.0.20" All users of the precompiled 32bit Oracle JRE 1.6.x should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-emulation/emul-linux-x86-java-1.6.0.20" All Oracle JRE 1.5.x, Oracle JDK 1.5.x, and precompiled 32bit Oracle JRE 1.5.x users are strongly advised to unmerge Java 1.5: # emerge --unmerge =app-emulation/emul-linux-x86-java-1.5* # emerge --unmerge =dev-java/sun-jre-bin-1.5* # emerge --unmerge =dev-java/sun-jdk-1.5* Gentoo is ceasing support for the 1.5 generation of the Oracle Java Platform in accordance with upstream. All 1.5 JRE versions are masked and will be removed shortly. All 1.5 JDK versions are marked as "build-only" and will be masked for removal shortly. Users are advised to change their default user and system Java implementation to an unaffected version. For example: # java-config --set-system-vm sun-jdk-1.6 For more information, please consult the Gentoo Linux Java documentation. References ========== [ 1 ] CVE-2009-3555 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 [ 2 ] CVE-2010-0082 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0082 [ 3 ] CVE-2010-0084 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0084 [ 4 ] CVE-2010-0085 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0085 [ 5 ] CVE-2010-0087 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0087 [ 6 ] CVE-2010-0088 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0088 [ 7 ] CVE-2010-0089 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0089 [ 8 ] CVE-2010-0090 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0090 [ 9 ] CVE-2010-0091 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0091 [ 10 ] CVE-2010-0092 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0092 [ 11 ] CVE-2010-0093 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0093 [ 12 ] CVE-2010-0094 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0094 [ 13 ] CVE-2010-0095 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0095 [ 14 ] CVE-2010-0837 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0837 [ 15 ] CVE-2010-0838 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0838 [ 16 ] CVE-2010-0839 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0839 [ 17 ] CVE-2010-0840 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0840 [ 18 ] CVE-2010-0841 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0841 [ 19 ] CVE-2010-0842 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0842 [ 20 ] CVE-2010-0843 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0843 [ 21 ] CVE-2010-0844 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0844 [ 22 ] CVE-2010-0845 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0845 [ 23 ] CVE-2010-0846 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0846 [ 24 ] CVE-2010-0847 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0847 [ 25 ] CVE-2010-0848 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0848 [ 26 ] CVE-2010-0849 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0849 [ 27 ] CVE-2010-0850 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0850 [ 28 ] CVE-2010-0886 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0886 [ 29 ] CVE-2010-0887 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0887 [ 30 ] Gentoo Linux Java documentation http://www.gentoo.org/doc/en/java.xml#doc_chap4 [ 31 ] Oracle Java SE and Java for Business Critical Patch Update Advisory - March 2010 http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201006-18.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2010 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . Corrected: 2009-12-01 02:59:22 UTC (RELENG_8, 8.0-STABLE) 2009-12-03 09:18:40 UTC (RELENG_8_0, 8.0-RELEASE-p1) 2009-12-01 03:00:16 UTC (RELENG_7, 7.2-STABLE) 2009-12-03 09:18:40 UTC (RELENG_7_2, 7.2-RELEASE-p5) 2009-12-03 09:18:40 UTC (RELENG_7_1, 7.1-RELEASE-p9) CVE Name: CVE-2009-4146, CVE-2009-4147 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:http://security.FreeBSD.org/>. Background The run-time link-editor, rtld, links dynamic executable with their needed libraries at run-time. It also allows users to explicitly load libraries via various LD_ environmental variables. II. Problem Description When running setuid programs rtld will normally remove potentially dangerous environment variables. Due to recent changes in FreeBSD environment variable handling code, a corrupt environment may result in attempts to unset environment variables failing. III. Impact An unprivileged user who can execute programs on a system can gain the privileges of any setuid program which he can run. On most systems configurations, this will allow a local attacker to execute code as the root user. IV. Workaround No workaround is available, but systems without untrusted local users, where all the untrusted local users are jailed superusers, and/or where untrusted users cannot execute arbitrary code (e.g., due to use of read only and noexec mount options) are not affected. Note that "untrusted local users" include users with the ability to upload and execute web scripts (CGI, PHP, Python, Perl etc.), as they may be able to exploit this issue. Solution Perform one of the following: 1) Upgrade your vulnerable system to 7-STABLE or 8-STABLE, or to the RELENG_8_0, RELENG_7_2, or RELENG_7_1 security branch dated after the correction date. 2) To patch your present system: The following patches have been verified to apply to FreeBSD 7.1, 7.2, and 8.0 systems. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 7.x] # fetch http://security.FreeBSD.org/patches/SA-09:16/rtld7.patch # fetch http://security.FreeBSD.org/patches/SA-09:16/rtld7.patch.asc [FreeBSD 8.0] # fetch http://security.FreeBSD.org/patches/SA-09:16/rtld.patch # fetch http://security.FreeBSD.org/patches/SA-09:16/rtld.patch.asc b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch # cd /usr/src/libexec/rtld-elf # make obj && make depend && make && make install NOTE: On the amd64 platform, the above procedure will not update the ld-elf32.so.1 (i386 compatibility) run-time link-editor (rtld). On amd64 systems where the i386 rtld are installed, the operating system should instead be recompiled as described in <URL:http://www.FreeBSD.org/handbook/makeworld.html> VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. CVS: Branch Revision Path - ------------------------------------------------------------------------- RELENG_7 src/libexec/rtld-elf/rtld.c 1.124.2.7 RELENG_7_2 src/UPDATING 1.507.2.23.2.8 src/sys/conf/newvers.sh 1.72.2.11.2.9 src/libexec/rtld-elf/rtld.c 1.124.2.4.2.2 RELENG_7_1 src/UPDATING 1.507.2.13.2.12 src/sys/conf/newvers.sh 1.72.2.9.2.13 src/libexec/rtld-elf/rtld.c 1.124.2.3.2.2 RELENG_8 src/libexec/rtld-elf/rtld.c 1.139.2.4 RELENG_8_0 src/UPDATING 1.632.2.7.2.4 src/sys/conf/newvers.sh 1.83.2.6.2.4 src/libexec/rtld-elf/rtld.c 1.139.2.2.2.2 - ------------------------------------------------------------------------- Subversion: Branch/path Revision - ------------------------------------------------------------------------- stable/7/ r199981 releng/7.2/ r200054 releng/7.1/ r200054 stable/8/ r199980 releng/8.0/ r200054 - ------------------------------------------------------------------------- VII. Such input strings represent valid numbers and can be contained in data supplied by an attacker over the network, leading to a denial-of-service attack. For the old stable distribution (lenny), this problem has been fixed in version 6b18-1.8.3-2~lenny1. Note that this update introduces an OpenJDK package based on the IcedTea release 1.8.3 into the old stable distribution. This addresses several dozen security vulnerabilities, most of which are only exploitable by malicious mobile code. A notable exception is CVE-2009-3555, the TLS renegotiation vulnerability. This update implements the protocol extension described in RFC 5746, addressing this issue. This update also includes a new version of Hotspot, the Java virtual machine, which increases the default heap size on machines with several GB of RAM. If you run several JVMs on the same machine, you might have to reduce the heap size by specifying a suitable -Xmx argument in the invocation of the "java" command. We recommend that you upgrade your openjdk-6 packages. =========================================================== Ubuntu Security Notice USN-927-4 June 29, 2010 nss vulnerability CVE-2009-3555 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: libnss3-1d 3.12.6-0ubuntu0.8.04.1 After a standard system upgrade you need to restart your session to effect the necessary changes. Details follow: USN-927-1 fixed vulnerabilities in nss in Ubuntu 9.10. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds support for the new new renegotiation extension and will use it when the server supports it. Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.6-0ubuntu0.8.04.1.diff.gz Size/MD5: 37346 6a94c48e52a5f2472f89c948c6121e87 http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.6-0ubuntu0.8.04.1.dsc Size/MD5: 1651 dac6db68fa9de3c92e12f272dc8526e5 http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.6.orig.tar.gz Size/MD5: 5947630 da42596665f226de5eb3ecfc1ec57cd1 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d_3.12.6-0ubuntu0.8.04.1_amd64.deb Size/MD5: 18658 08036515d5ef96b7f2b20912085616bb http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.8.04.1_amd64.deb Size/MD5: 3214690 7b7b6d770bbe831a6db15f3b075be48a http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.8.04.1_amd64.deb Size/MD5: 1181818 75d3627ffc4f26c7e51a3c9d8e6d841a http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.8.04.1_amd64.deb Size/MD5: 262768 7e1814225954057dc2df6226f822246f http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.8.04.1_amd64.deb Size/MD5: 313888 98ac46a0e05fd5b8bc17741e37a06a32 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d_3.12.6-0ubuntu0.8.04.1_i386.deb Size/MD5: 18632 e6f8e62eb98c1385d85ca9cbe49a7257 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.8.04.1_i386.deb Size/MD5: 3063554 40deebbe99b442e09452c2e6245b2f7b http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.8.04.1_i386.deb Size/MD5: 1073332 2583f6e4d6ba5e29bee7123035e5c7b1 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.8.04.1_i386.deb Size/MD5: 259996 4050c11d7aa41505102be2ebacb575d3 http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.8.04.1_i386.deb Size/MD5: 296448 55e5a681b812b6caf23c440b475f6fa1 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.12.6-0ubuntu0.8.04.1_lpia.deb Size/MD5: 18626 337d03cb5e7441c778f01de6f67436bf http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.8.04.1_lpia.deb Size/MD5: 3096098 20ea53d1c6c648d5bafca348d54b267e http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.8.04.1_lpia.deb Size/MD5: 1050356 8fb5698de23d546dd5cad816af7f8a88 http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.8.04.1_lpia.deb Size/MD5: 258850 156f07acae47a5f0ac63acdf5038d44f http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.8.04.1_lpia.deb Size/MD5: 293704 5b70600519c6130cf577c4f15f7f4350 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.12.6-0ubuntu0.8.04.1_powerpc.deb Size/MD5: 21098 9cf7367deb2f2f1c52a3f07ad2e6695a http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.8.04.1_powerpc.deb Size/MD5: 3179272 11c203af481503da1b1384ad7607d659 http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.8.04.1_powerpc.deb Size/MD5: 1179728 ff3634e2bddc7e23e7bc68eee1214950 http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.8.04.1_powerpc.deb Size/MD5: 261728 728c6e12354eed8bf813af0531dcd0ea http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.8.04.1_powerpc.deb Size/MD5: 326690 6319e7b0a414fe476e932f8d9312d93e sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.12.6-0ubuntu0.8.04.1_sparc.deb Size/MD5: 18726 68631257ee138b336776c77793e3771a http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.8.04.1_sparc.deb Size/MD5: 2887714 e36c0930f015a8470d08b42e322cf5ab http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.8.04.1_sparc.deb Size/MD5: 1055104 6a8d5cdde08302883ddc8ee689a22ae4 http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.8.04.1_sparc.deb Size/MD5: 256862 7c44db799ed6df870989b547569f20b8 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.8.04.1_sparc.deb Size/MD5: 301452 f88662f344801dbd5079740cdc970230 . A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client's session (for example, an HTTPS connection to a website). This could force the server to process an attacker's request as if authenticated using the victim's credentials. The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169 (CVE-2013-1619). _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1619 _______________________________________________________________________ Updated Packages: Mandriva Enterprise Server 5: 48dfde02cfa9c869bb97ec71252b8af7 mes5/i586/gnutls-2.4.1-2.8mdvmes5.2.i586.rpm 9f534885a90c121ddb4f911d85462a42 mes5/i586/libgnutls26-2.4.1-2.8mdvmes5.2.i586.rpm 746200c5109707c76a71060672bedfa7 mes5/i586/libgnutls-devel-2.4.1-2.8mdvmes5.2.i586.rpm 8c9bbb918f94a539d82ef057dc201bd2 mes5/SRPMS/gnutls-2.4.1-2.8mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: dce865b93f4a52aeae1686aed09136f3 mes5/x86_64/gnutls-2.4.1-2.8mdvmes5.2.x86_64.rpm 345540258af6fde7320c7b518c179509 mes5/x86_64/lib64gnutls26-2.4.1-2.8mdvmes5.2.x86_64.rpm b7c9a97fd0f01c52728fbdbc96b3ba55 mes5/x86_64/lib64gnutls-devel-2.4.1-2.8mdvmes5.2.x86_64.rpm 8c9bbb918f94a539d82ef057dc201bd2 mes5/SRPMS/gnutls-2.4.1-2.8mdvmes5.2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2010:076-1 http://www.mandriva.com/security/ _______________________________________________________________________ Package : openssl Date : April 19, 2010 Affected: 2009.0 _______________________________________________________________________ Problem Description: This update fixes several security issues in openssl: - The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection (CVE-2010-0740) - OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls which has unspecified impact and context-dependent attack vectors (CVE-2009-3245) - The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, could allow remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) (CVE-2010-0433) - Finally, this update provides support for secure renegotiation, preventing men-in-the-middle attacks (CVE-2009-3555). Packages for 2008.0 and 2009.0 are provided due to the Extended Maintenance Program for those products. Update: Packages for 2009.0 are provided due to the Extended Maintenance Program. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02273751 Version: 1 HPSBMA02547 SSRT100179 rev.1 - HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows, Remote Execution of Arbitrary Code and Other Vulnerabilities NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2010-07-12 Last Updated: 2010-07-12 Potential Security Impact: Remote execution of arbitrary code and other vulnerabilities Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified in HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows. The vulnerabilities could be exploited remotely to execute arbitrary code and other exploits. References: Adobe Flash Player CVE-2008-4546 CVE-2009-3793 CVE-2010-1297 CVE-2010-2160 CVE-2010-2161 CVE-2010-2162 CVE-2010-2163 CVE-2010-2164 CVE-2010-2165 CVE-2010-2166 CVE-2010-2167 CVE-2010-2169 CVE-2010-2170 CVE-2010-2171 CVE-2010-2172 CVE-2010-2173 CVE-2010-2174 CVE-2010-2175 CVE-2010-2176 CVE-2010-2177 CVE-2010-2178 CVE-2010-2179 CVE-2010-2180 CVE-2010-2181 CVE-2010-2182 CVE-2010-2183 CVE-2010-2184 CVE-2010-2185 CVE-2010-2186 CVE-2010-2187 CVE-2010-2188 CVE-2010-2189 Java Runtime Environment (JRE) CVE-2010-0082 CVE-2010-0084 CVE-2010-0085 CVE-2010-0087 CVE-2010-0088 CVE-2010-0089 CVE-2010-0090 CVE-2010-0091 CVE-2010-0092 CVE-2010-0093 CVE-2010-0094 CVE-2010-0095 CVE-2010-0837 CVE-2010-0838 CVE-2010-0839 CVE-2010-0840 CVE-2010-0841 CVE-2010-0842 CVE-2010-0843 CVE-2010-0844 CVE-2010-0845 CVE-2010-0846 CVE-2010-0847 CVE-2010-0848 CVE-2010-0849 CVE-2010-0850 TLS/SSL CVE-2009-3555 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows prior to v6.1. BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2008-4546 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 4.3 CVE-2009-3793 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-1297 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-2160 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-2161 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-2162 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-2163 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-2164 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-2165 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-2166 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-2167 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-2169 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-2170 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-2171 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-2172 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2010-2173 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-2174 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-2175 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-2176 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-2177 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-2178 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-2179 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2010-2180 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-2181 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-2182 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-2183 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-2184 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-2185 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-2186 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-2187 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-2188 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-2189 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-0082 (AV:N/AC:H/Au:N/C:P/I:P/A:P) 5.1 CVE-2010-0084 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2010-0085 (AV:N/AC:H/Au:N/C:P/I:P/A:P) 5.1 CVE-2010-0087 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0088 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2010-0089 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2010-0090 (AV:N/AC:M/Au:N/C:N/I:P/A:P) 5.8 CVE-2010-0091 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2010-0092 (AV:N/AC:H/Au:N/C:P/I:P/A:P) 5.1 CVE-2010-0093 (AV:N/AC:H/Au:N/C:P/I:P/A:P) 5.1 CVE-2010-0094 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0095 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2010-0837 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0838 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0839 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0840 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0841 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0842 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0843 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0844 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0845 (AV:N/AC:H/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0846 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0847 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0848 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0849 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0850 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3555 (AV:N/AC:L/Au:N/C:N/I:P/A:P) 6.4 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION Hp has provided HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows v6.1 or subsequent to resolve these vulnerabilities. The HP SIM v6.1 can be downloaded from http://www.hp.com/go/hpsim MANUAL ACTIONS: Yes - Update Update to HP SIM v6.1 or subsequent PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. AFFECTED VERSIONS HP-UX B.11.23 HP-UX B.11.31 ============= SysMgmtServer.MX-CMS SysMgmtServer.MX-CORE SysMgmtServer.MX-CORE-ARCH SysMgmtServer.MX-CORE-ARCH SysMgmtServer.MX-PORTAL SysMgmtServer.MX-REPO SysMgmtServer.MX-TOOLS action: update to HP SIM v6.1 or subsequent END AFFECTED VERSIONS HISTORY Version: 1 (rev.1) - 12 July 2010 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For further information, contact normal HP Services support channel. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches -check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems -verify your operating system selections are checked and save. To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections. To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do * The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ VMware Security Advisory Advisory ID: VMSA-2011-0003 Synopsis: Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX Issue date: 2011-02-10 Updated on: 2011-02-10 (initial release of advisory) CVE numbers: --- Apache Tomcat --- CVE-2009-2693 CVE-2009-2901 CVE-2009-2902 CVE-2009-3548 CVE-2010-2227 CVE-2010-1157 --- Apache Tomcat Manager --- CVE-2010-2928 --- cURL --- CVE-2010-0734 --- COS Kernel --- CVE-2010-1084 CVE-2010-2066 CVE-2010-2070 CVE-2010-2226 CVE-2010-2248 CVE-2010-2521 CVE-2010-2524 CVE-2010-0008 CVE-2010-0415 CVE-2010-0437 CVE-2009-4308 CVE-2010-0003 CVE-2010-0007 CVE-2010-0307 CVE-2010-1086 CVE-2010-0410 CVE-2010-0730 CVE-2010-1085 CVE-2010-0291 CVE-2010-0622 CVE-2010-1087 CVE-2010-1173 CVE-2010-1437 CVE-2010-1088 CVE-2010-1187 CVE-2010-1436 CVE-2010-1641 CVE-2010-3081 --- Microsoft SQL Express --- CVE-2008-5416 CVE-2008-0085 CVE-2008-0086 CVE-2008-0107 CVE-2008-0106 --- OpenSSL --- CVE-2010-0740 CVE-2010-0433 CVE-2010-3864 CVE-2010-2939 --- Oracle (Sun) JRE --- CVE-2009-3555 CVE-2010-0082 CVE-2010-0084 CVE-2010-0085 CVE-2010-0087 CVE-2010-0088 CVE-2010-0089 CVE-2010-0090 CVE-2010-0091 CVE-2010-0092 CVE-2010-0093 CVE-2010-0094 CVE-2010-0095 CVE-2010-0837 CVE-2010-0838 CVE-2010-0839 CVE-2010-0840 CVE-2010-0841 CVE-2010-0842 CVE-2010-0843 CVE-2010-0844 CVE-2010-0845 CVE-2010-0846 CVE-2010-0847 CVE-2010-0848 CVE-2010-0849 CVE-2010-0850 CVE-2010-0886 CVE-2010-3556 CVE-2010-3566 CVE-2010-3567 CVE-2010-3550 CVE-2010-3561 CVE-2010-3573 CVE-2010-3565 CVE-2010-3568 CVE-2010-3569 CVE-2010-1321 CVE-2010-3548 CVE-2010-3551 CVE-2010-3562 CVE-2010-3571 CVE-2010-3554 CVE-2010-3559 CVE-2010-3572 CVE-2010-3553 CVE-2010-3549 CVE-2010-3557 CVE-2010-3541 CVE-2010-3574 --- pam_krb5 --- CVE-2008-3825 CVE-2009-1384 - ------------------------------------------------------------------------ 1. Summary Update 1 for vCenter Server 4.1, vCenter Update Manager 4.1, vSphere Hypervisor (ESXi) 4.1, ESXi 4.1, addresses several security issues. 2. Relevant releases vCenter Server 4.1 without Update 1, vCenter Update Manager 4.1 without Update 1, ESXi 4.1 without patch ESXi410-201101201-SG, ESX 4.1 without patch ESX410-201101201-SG. 3. Problem Description a. vCenter Server and vCenter Update Manager update Microsoft SQL Server 2005 Express Edition to Service Pack 3 Microsoft SQL Server 2005 Express Edition (SQL Express) distributed with vCenter Server 4.1 Update 1 and vCenter Update Manager 4.1 Update 1 is upgraded from SQL Express Service Pack 2 to SQL Express Service Pack 3, to address multiple security issues that exist in the earlier releases of Microsoft SQL Express. Customers using other database solutions need not update for these issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-5416, CVE-2008-0085, CVE-2008-0086, CVE-2008-0107 and CVE-2008-0106 to the issues addressed in MS SQL Express Service Pack 3. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter 4.1 Windows Update 1 vCenter 4.0 Windows affected, patch pending VirtualCenter 2.5 Windows affected, no patch planned Update Manager 4.1 Windows Update 1 Update Manager 4.0 Windows affected, patch pending Update Manager 1.0 Windows affected, no patch planned hosted * any any not affected ESXi any ESXi not affected ESX any ESX not affected * Hosted products are VMware Workstation, Player, ACE, Fusion. b. vCenter Apache Tomcat Management Application Credential Disclosure The Apache Tomcat Manager application configuration file contains logon credentials that can be read by unprivileged local users. The issue is resolved by removing the Manager application in vCenter 4.1 Update 1. If vCenter 4.1 is updated to vCenter 4.1 Update 1 the logon credentials are not present in the configuration file after the update. VMware would like to thank Claudio Criscione of Secure Networking for reporting this issue to us. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2010-2928 to this issue. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter 4.1 Windows Update 1 vCenter 4.0 Windows not affected VirtualCenter 2.5 Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX any ESX not affected * hosted products are VMware Workstation, Player, ACE, Fusion. c. vCenter Server and ESX, Oracle (Sun) JRE is updated to version 1.6.0_21 Oracle (Sun) JRE update to version 1.6.0_21, which addresses multiple security issues that existed in earlier releases of Oracle (Sun) JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Oracle (Sun) JRE 1.6.0_19: CVE-2009-3555, CVE-2010-0082, CVE-2010-0084, CVE-2010-0085, CVE-2010-0087, CVE-2010-0088, CVE-2010-0089, CVE-2010-0090, CVE-2010-0091, CVE-2010-0092, CVE-2010-0093, CVE-2010-0094, CVE-2010-0095, CVE-2010-0837, CVE-2010-0838, CVE-2010-0839, CVE-2010-0840, CVE-2010-0841, CVE-2010-0842, CVE-2010-0843, CVE-2010-0844, CVE-2010-0845, CVE-2010-0846, CVE-2010-0847, CVE-2010-0848, CVE-2010-0849, CVE-2010-0850. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following name to the security issue fixed in Oracle (Sun) JRE 1.6.0_20: CVE-2010-0886. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter 4.1 Windows Update 1 vCenter 4.0 Windows not applicable ** VirtualCenter 2.5 Windows not applicable ** Update Manager 4.1 Windows not applicable ** Update Manager 4.0 Windows not applicable ** Update Manager 1.0 Windows not applicable ** hosted * any any not affected ESXi any ESXi not affected ESX 4.1 ESX ESX410-201101201-SG ESX 4.0 ESX not applicable ** ESX 3.5 ESX not applicable ** ESX 3.0.3 ESX not applicable ** * hosted products are VMware Workstation, Player, ACE, Fusion. ** this product uses the Oracle (Sun) JRE 1.5.0 family d. vCenter Update Manager Oracle (Sun) JRE is updated to version 1.5.0_26 Oracle (Sun) JRE update to version 1.5.0_26, which addresses multiple security issues that existed in earlier releases of Oracle (Sun) JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Oracle (Sun) JRE 1.5.0_26: CVE-2010-3556, CVE-2010-3566, CVE-2010-3567, CVE-2010-3550, CVE-2010-3561, CVE-2010-3573, CVE-2010-3565,CVE-2010-3568, CVE-2010-3569, CVE-2009-3555, CVE-2010-1321, CVE-2010-3548, CVE-2010-3551, CVE-2010-3562, CVE-2010-3571, CVE-2010-3554, CVE-2010-3559, CVE-2010-3572, CVE-2010-3553, CVE-2010-3549, CVE-2010-3557, CVE-2010-3541, CVE-2010-3574. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter 4.1 Windows not applicable ** vCenter 4.0 Windows affected, patch pending VirtualCenter 2.5 Windows affected, no patch planned Update Manager 4.1 Windows Update 1 Update Manager 4.0 Windows affected, patch pending Update Manager 1.0 Windows affected, no patch planned hosted * any any not affected ESXi any ESXi not affected ESX 4.1 ESX not applicable ** ESX 4.0 ESX affected, patch pending ESX 3.5 ESX affected, no patch planned ESX 3.0.3 ESX affected, no patch planned * hosted products are VMware Workstation, Player, ACE, Fusion. ** this product uses the Oracle (Sun) JRE 1.6.0 family e. vCenter Server and ESX Apache Tomcat updated to version 6.0.28 Apache Tomcat updated to version 6.0.28, which addresses multiple security issues that existed in earlier releases of Apache Tomcat The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.24: CVE-2009-2693, CVE-2009-2901, CVE-2009-2902,i and CVE-2009-3548. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.28: CVE-2010-2227, CVE-2010-1157. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter 4.1 Windows Update 1 vCenter 4.0 Windows affected, patch pending VirtualCenter 2.5 Windows not applicable ** hosted * any any not affected ESXi any ESXi not affected ESX 4.1 ESX ESX410-201101201-SG ESX 4.0 ESX affected, patch pending ESX 3.5 ESX not applicable ** ESX 3.0.3 ESX not applicable ** * hosted products are VMware Workstation, Player, ACE, Fusion. ** this product uses the Apache Tomcat 5.5 family f. vCenter Server third party component OpenSSL updated to version 0.9.8n The version of the OpenSSL library in vCenter Server is updated to 0.9.8n. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-0740 and CVE-2010-0433 to the issues addressed in this version of OpenSSL. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter 4.1 Windows Update 1 vCenter 4.0 Windows affected, patch pending VirtualCenter 2.5 Windows affected, no patch planned hosted * any any not applicable ESXi any ESXi not applicable ESX any ESX not applicable * hosted products are VMware Workstation, Player, ACE, Fusion. g. ESX third party component OpenSSL updated to version 0.9.8p The version of the ESX OpenSSL library is updated to 0.9.8p. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-3864 and CVE-2010-2939 to the issues addressed in this update. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not applicable hosted * any any not applicable ESXi 4.1 ESXi ESXi410-201101201-SG ESXi 4.0 ESXi affected, patch pending ESXi 3.5 ESXi affected, patch pending ESX 4.1 ESX ESX410-201101201-SG ESX 4.0 ESX affected, patch pending ESX 3.5 ESX affected, patch pending ESX 3.0.3 ESX affected, patch pending * hosted products are VMware Workstation, Player, ACE, Fusion. h. ESXi third party component cURL updated The version of cURL library in ESXi is updated. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-0734 to the issues addressed in this update. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not affected hosted * any any not affected ESXi 4.1 ESXi ESXi410-201101201-SG ESXi 4.0 ESXi affected, patch pending ESXi 3.5 ESXi affected, patch pending ESX any ESX not applicable * hosted products are VMware Workstation, Player, ACE, Fusion. i. ESX third party component pam_krb5 updated The version of pam_krb5 library is updated. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-3825 and CVE-2009-1384 to the issues addressed in the update. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.1 ESX ESX410-201101201-SG ESX 4.0 ESX not affected ESX 3.5 ESX not affected ESX 3.0.3 ESX not affected * hosted products are VMware Workstation, Player, ACE, Fusion. j. ESX third party update for Service Console kernel The Service Console kernel is updated to include kernel version 2.6.18-194.11.1. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-1084, CVE-2010-2066, CVE-2010-2070, CVE-2010-2226, CVE-2010-2248, CVE-2010-2521, CVE-2010-2524, CVE-2010-0008, CVE-2010-0415, CVE-2010-0437, CVE-2009-4308, CVE-2010-0003, CVE-2010-0007, CVE-2010-0307, CVE-2010-1086, CVE-2010-0410, CVE-2010-0730, CVE-2010-1085, CVE-2010-0291, CVE-2010-0622, CVE-2010-1087, CVE-2010-1173, CVE-2010-1437, CVE-2010-1088, CVE-2010-1187, CVE-2010-1436, CVE-2010-1641, and CVE-2010-3081 to the issues addressed in the update. Note: This update also addresses the 64-bit compatibility mode stack pointer underflow issue identified by CVE-2010-3081. This issue was patched in an ESX 4.1 patch prior to the release of ESX 4.1 Update 1. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.1 ESX ESX410-201101201-SG ESX 4.0 ESX affected, patch pending ESX 3.5 ESX not applicable ESX 3.0.3 ESX not applicable * hosted products are VMware Workstation, Player, ACE, Fusion. 4. Solution Please review the patch/release notes for your product and version and verify the checksum of your downloaded file. VMware vCenter Server 4.1 Update 1 and modules ---------------------------------------------- http://downloads.vmware.com/d/info/datacenter_downloads/vmware_vsphere_4/4_0 Release Notes: http://downloads.vmware.com/support/pubs/vs_pages/vsp_pubs_esx41_vc41.html File type: .iso md5sum: 729cf247aa5d33ceec431c86377eee1a sha1sum: c1e10a5fcbc1ae9d13348d43541d574c563d66f0 File type: .zip md5sum: fd1441bef48a153f2807f6823790e2f0 sha1sum: 31737a816ed1c08ab3a505fb6db2483f49ad7c19 VMware vSphere Client File type: .exe md5sum: cb6aa91ada1289575355d79e8c2a9f8e sha1sum: f9e3d8eb83196ae7c31aab554e344a46b722b1e4 ESXi 4.1 Installable Update 1 ----------------------------- http://downloads.vmware.com/d/info/datacenter_downloads/vmware_vsphere_4/4_0 Release Notes: http://downloads.vmware.com/support/vsphere4/doc/vsp_esxi41_u1_rel_notes.html http://kb.vmware.com/kb/1027919 File type: .iso MD5SUM: d68d6c2e040a87cd04cd18c04c22c998 SHA1SUM: bbaacc0d34503822c14f6ccfefb6a5b62d18ae64 ESXi 4.1 Update 1 (upgrade ZIP from ESXi 4.1) File type: .zip MD5SUM: 2f1e009c046b20042fae3b7ca42a840f SHA1SUM: 1c9c644012dec657a705ddd3d033cbfb87a1fab1 ESXi 4.1 Update 1 (upgrade ZIP from ESXi 4.0) File type: .zip MD5SUM: 67b924618d196dafaf268a7691bd1a0f SHA1SUM: 9d74b639e703259d9e49c0341158e0d4e45de516 ESXi 4.1 Update 1 (upgrade ZIP from ESXi 3.5) File type: .zip MD5SUM: a6024b9f6c6b7b2c629696afc6d07cf4 SHA1SUM: b3841de1a30617ac68d5a861882aa72de3a93488 VMware Tools CD image for Linux Guest OSes File type: .iso MD5SUM: dad66fa8ece1dd121c302f45444daa70 SHA1SUM: 56535a2cfa7799607356c6fd0a7d9f041da614af VMware vSphere Client File type: .exe MD5SUM: cb6aa91ada1289575355d79e8c2a9f8e SHA1SUM: f9e3d8eb83196ae7c31aab554e344a46b722b1e4 ESXi Installable Update 1 contains the following security bulletins: ESXi410-201101201-SG. ESX 4.1 Update 1 ---------------- http://downloads.vmware.com/d/info/datacenter_downloads/vmware_vsphere_4/4_0 Release Notes: http://downloads.vmware.com/support/vsphere4/doc/vsp_esx41_u1_rel_notes.html http://kb.vmware.com/kb/1029353 ESX 4.1 Update 1 (DVD ISO) File type: .iso md5sum: b9a275b419a20c7bedf31c0bf64f504e sha1sum: 2d85edcaca8218013585e1eab00bc80db6d96e11 ESX 4.1 Update 1 (upgrade ZIP from ESX 4.1) File type: .zip md5sum: 2d81a87e994aa2b329036f11d90b4c14 sha1sum: c2bfc0cf7ac03d24afd5049ddbd09a865aad1798 Pre-upgrade package for ESX 4.0 to ESX 4.1 Update 1 File type: .zip md5sum: 75f8cebfd55d8a81deb57c27def963c2 sha1sum: 889c15aa8008fe0e29439d0ab3468c2beb1c4fe2 ESX 4.1 Update 1 (upgrade ZIP from ESX 4.0) File type: .zip md5sum: 1dc9035cd10e7e60d27e7a7aef57b4c2 sha1sum: e6d3fb65d83a3e263d0f634a3572025854ff8922 VMware Tools CD image for Linux Guest OSes File type: .iso md5sum: dad66fa8ece1dd121c302f45444daa70 sha1sum: 56535a2cfa7799607356c6fd0a7d9f041da614af VMware vSphere Client File type: .exe md5sum: cb6aa91ada1289575355d79e8c2a9f8e sha1sum: f9e3d8eb83196ae7c31aab554e344a46b722b1e4 ESX410-Update01 contains the following security bulletins: ESX410-201101201-SG (COS kernel, pam_krb5, cURL, OpenSSL, Apache Tomcat, Oracle (Sun) JRE) | http://kb.vmware.com/kb/1027904 ESX410-201101226-SG (glibc) | http://kb.vmware.com/kb/1031330 ESX410-Update01 also contains the following non-security bulletins ESX410-201101211-UG, ESX410-201101213-UG, ESX410-201101215-UG, ESX410-201101202-UG, ESX410-201101203-UG, ESX410-201101204-UG, ESX410-201101206-UG, ESX410-201101207-UG, ESX410-201101208-UG, ESX410-201101214-UG, ESX410-201101216-UG, ESX410-201101217-UG, ESX410-201101218-UG, ESX410-201101219-UG, ESX410-201101220-UG, ESX410-201101221-UG, ESX410-201101222-UG, ESX410-201101225-UG. To install an individual bulletin use esxupdate with the -b option. 5. References CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5416 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0085 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0086 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0107 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0106 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2928 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0082 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0084 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0085 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0087 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0088 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0089 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0090 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0091 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0092 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0093 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0094 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0095 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0837 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0838 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0839 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0840 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0841 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0842 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0843 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0844 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0845 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0846 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0847 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0848 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0849 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0850 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0886 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2693 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2901 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2902 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3548 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2227 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1157 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0740 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0433 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3864 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2939 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0734 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3825 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1384 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1084 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2066 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2070 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2226 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2248 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2521 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2524 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0008 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0415 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0437 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4308 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0003 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0007 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0307 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1086 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0410 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0730 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1085 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0291 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0622 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1087 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1173 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1437 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1088 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1187 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1436 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1641 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3081 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3556 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3566 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3567 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3550 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3561 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3573 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3565 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3568 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3569 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1321 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3548 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3551 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3562 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3571 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3554 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3559 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3572 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3553 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3549 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3557 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3541 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3574 - ------------------------------------------------------------------------ 6. Change log 2011-02-10 VMSA-2011-0003 Initial security advisory in conjunction with the release of vCenter Server 4.1 Update 1, vCenter Update Manager 4.1 Update 1, ESXi 4.1 Update 1, and ESX 4.1 Update 1 on 2011-02-10. - ----------------------------------------------------------------------- 7. Contact E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: * security-announce at lists.vmware.com * bugtraq at securityfocus.com * full-disclosure at lists.grok.org.uk E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055 VMware Security Advisories http://www.vmware.com/security/advisories VMware security response policy http://www.vmware.com/support/policies/security_response.html General support life cycle policy http://www.vmware.com/support/policies/eos.html VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html Copyright 2011 VMware Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) iEYEARECAAYFAk1U1eoACgkQS2KysvBH1xm3swCfeh4sWvPOubDT1K7QlRj3SjW9 dxYAmwbNLMR9IG/rKZDYh9hqcf4IldCX =2pVj -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . Summary ESX 4.0 Console OS (COS) updates for NSS_db, OpenLDAP, cURL, sudo OpenSSL, GnuTLS, NSS and NSPR packages. Refer to section "End of Product Availability FAQs" at http://www.vmware.com/support/policies/lifecycle/vi/faq.html for details. Extended support for ESX 3.0.3 ends on 2011-12-10. Users should plan to upgrade to at least ESX 3.5 and preferably to the newest release available. These four updates are bundled together due to their mutual dependencies. ** Note: This patch also addresses non-security issues. See KB article 1023759 for details. ESX 4.0 ------- ESX400-201009001 Download link: http://bit.ly/adhjEu md5sum: 988c593b7a7abf0be5b72970ac64a369 sha1sum: 26d875955b01c19f4e56703216e135257c08836f http://kb.vmware.com/kb/1025321 ESX400-201009001 contains the following security bulletins: ESX400-201009407-SG (NSS_db) | http://kb.vmware.com/kb/1023763 ESX400-201009408-SG (OpenLDAP) | http://kb.vmware.com/kb/1023764 ESX400-201009409-SG (cURL) | http://kb.vmware.com/kb/1023765 ESX400-201009410-SG (sudo) | http://kb.vmware.com/kb/1023766 ESX400-201009401-SG (OpenSSL, GnuTLS, NSS) | http://kb.vmware.com/kb/1023759 And contains the following security bundles from VMSA-2010-0013.1: ESX400-201009402-SG (cpio) | http://kb.vmware.com/kb/1023760 ESX400-201009406-SG (tar) | http://kb.vmware.com/kb/1023762 ESX400-201009403-SG (krb5) | http://kb.vmware.com/kb/1023761 ESX400-201009411-SG (perl) | http://kb.vmware.com/kb/1023767 And also contains ESX400-201009412-BG a non-security critical update
Trust: 3.78
AFFECTED PRODUCTS
| vendor: | debian | model: | linux | scope: | eq | version: | 6.0 | Trust: 1.0 |
| vendor: | f5 | model: | nginx | scope: | gte | version: | 0.1.0 | Trust: 1.0 |
| vendor: | canonical | model: | ubuntu linux | scope: | eq | version: | 9.04 | Trust: 1.0 |
| vendor: | debian | model: | linux | scope: | eq | version: | 5.0 | Trust: 1.0 |
| vendor: | f5 | model: | nginx | scope: | lte | version: | 0.8.22 | Trust: 1.0 |
| vendor: | debian | model: | linux | scope: | eq | version: | 7.0 | Trust: 1.0 |
| vendor: | canonical | model: | ubuntu linux | scope: | eq | version: | 8.04 | Trust: 1.0 |
| vendor: | canonical | model: | ubuntu linux | scope: | eq | version: | 10.04 | Trust: 1.0 |
| vendor: | debian | model: | linux | scope: | eq | version: | 8.0 | Trust: 1.0 |
| vendor: | fedoraproject | model: | fedora | scope: | eq | version: | 12 | Trust: 1.0 |
| vendor: | canonical | model: | ubuntu linux | scope: | eq | version: | 9.10 | Trust: 1.0 |
| vendor: | canonical | model: | ubuntu linux | scope: | eq | version: | 10.10 | Trust: 1.0 |
| vendor: | debian | model: | linux | scope: | eq | version: | 4.0 | Trust: 1.0 |
| vendor: | fedoraproject | model: | fedora | scope: | eq | version: | 11 | Trust: 1.0 |
| vendor: | canonical | model: | ubuntu linux | scope: | eq | version: | 8.10 | Trust: 1.0 |
| vendor: | fedoraproject | model: | fedora | scope: | eq | version: | 14 | Trust: 1.0 |
| vendor: | mozilla | model: | nss | scope: | lte | version: | 3.12.4 | Trust: 1.0 |
| vendor: | gnu | model: | gnutls | scope: | lte | version: | 2.8.5 | Trust: 1.0 |
| vendor: | openssl | model: | openssl | scope: | eq | version: | 1.0 | Trust: 1.0 |
| vendor: | openssl | model: | openssl | scope: | lte | version: | 0.9.8k | Trust: 1.0 |
| vendor: | fedoraproject | model: | fedora | scope: | eq | version: | 13 | Trust: 1.0 |
| vendor: | apache | model: | http server | scope: | lte | version: | 2.2.14 | Trust: 1.0 |
| vendor: | barracuda | model: | - | scope: | - | version: | - | Trust: 0.8 |
| vendor: | debian gnu linux | model: | - | scope: | - | version: | - | Trust: 0.8 |
| vendor: | gnutls | model: | - | scope: | - | version: | - | Trust: 0.8 |
| vendor: | hewlett packard | model: | - | scope: | - | version: | - | Trust: 0.8 |
| vendor: | ibm | model: | - | scope: | - | version: | - | Trust: 0.8 |
| vendor: | mcafee | model: | - | scope: | - | version: | - | Trust: 0.8 |
| vendor: | sun microsystems | model: | - | scope: | - | version: | - | Trust: 0.8 |
| vendor: | apache | model: | http server | scope: | lt | version: | 2.2.15 | Trust: 0.8 |
| vendor: | apache | model: | http server | scope: | lt | version: | 2.3.6 | Trust: 0.8 |
| vendor: | ibm | model: | db2 | scope: | lt | version: | 9.1 fp9 | Trust: 0.8 |
| vendor: | ibm | model: | db2 | scope: | lt | version: | 9.5 fp6a | Trust: 0.8 |
| vendor: | ibm | model: | db2 | scope: | lt | version: | 9.7 fp2 | Trust: 0.8 |
| vendor: | ibm | model: | http server | scope: | eq | version: | 2.0.47.x | Trust: 0.8 |
| vendor: | ibm | model: | http server | scope: | eq | version: | 6.0.2 | Trust: 0.8 |
| vendor: | ibm | model: | http server | scope: | eq | version: | 6.1 | Trust: 0.8 |
| vendor: | ibm | model: | http server | scope: | eq | version: | 7.0 | Trust: 0.8 |
| vendor: | ibm | model: | sdk, | scope: | eq | version: | 1.4.2 | Trust: 0.8 |
| vendor: | ibm | model: | sdk, | scope: | eq | version: | 1.5 | Trust: 0.8 |
| vendor: | ibm | model: | websphere application server | scope: | eq | version: | 6.0.2 | Trust: 0.8 |
| vendor: | ibm | model: | websphere application server | scope: | eq | version: | 6.1 | Trust: 0.8 |
| vendor: | ibm | model: | websphere application server | scope: | eq | version: | 7.0 | Trust: 0.8 |
| vendor: | mozilla | model: | firefox | scope: | lt | version: | 3.5.9 | Trust: 0.8 |
| vendor: | mozilla | model: | firefox | scope: | lt | version: | 3.6.2 | Trust: 0.8 |
| vendor: | mozilla | model: | seamonkey | scope: | lt | version: | 2.0.4 | Trust: 0.8 |
| vendor: | mozilla | model: | thunderbird | scope: | lt | version: | 3.0.4 | Trust: 0.8 |
| vendor: | openoffice | model: | openoffice.org | scope: | eq | version: | 2.x | Trust: 0.8 |
| vendor: | openoffice | model: | openoffice.org | scope: | lt | version: | 3.2.1 | Trust: 0.8 |
| vendor: | openssl | model: | openssl | scope: | lt | version: | 0.9.8l | Trust: 0.8 |
| vendor: | proftpd | model: | proftpd | scope: | lt | version: | 1.3.2c | Trust: 0.8 |
| vendor: | vmware | model: | esx | scope: | eq | version: | 3.0.3 | Trust: 0.8 |
| vendor: | vmware | model: | esx | scope: | eq | version: | 3.5 | Trust: 0.8 |
| vendor: | vmware | model: | esx | scope: | eq | version: | 4.0 | Trust: 0.8 |
| vendor: | vmware | model: | esx | scope: | eq | version: | 4.1 | Trust: 0.8 |
| vendor: | vmware | model: | vcenter | scope: | eq | version: | 4.0 | Trust: 0.8 |
| vendor: | vmware | model: | vcenter | scope: | eq | version: | 4.1 | Trust: 0.8 |
| vendor: | vmware | model: | virtualcenter | scope: | eq | version: | 2.5 | Trust: 0.8 |
| vendor: | vmware | model: | vsphere update manager | scope: | eq | version: | 1.0 | Trust: 0.8 |
| vendor: | vmware | model: | vsphere update manager | scope: | eq | version: | 4.0 | Trust: 0.8 |
| vendor: | vmware | model: | vsphere update manager | scope: | eq | version: | 4.1 | Trust: 0.8 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | v10.5.8 | Trust: 0.8 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | v10.6.2 | Trust: 0.8 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | v10.6.3 | Trust: 0.8 |
| vendor: | apple | model: | mac os x server | scope: | eq | version: | v10.5.8 | Trust: 0.8 |
| vendor: | apple | model: | mac os x server | scope: | eq | version: | v10.6.2 | Trust: 0.8 |
| vendor: | apple | model: | mac os x server | scope: | eq | version: | v10.6.3 | Trust: 0.8 |
| vendor: | oracle | model: | opensolaris | scope: | - | version: | - | Trust: 0.8 |
| vendor: | oracle | model: | database | scope: | eq | version: | server 10.1.0.5 | Trust: 0.8 |
| vendor: | oracle | model: | database | scope: | eq | version: | server 10.2.0.3 | Trust: 0.8 |
| vendor: | oracle | model: | database | scope: | eq | version: | server 10.2.0.4 | Trust: 0.8 |
| vendor: | oracle | model: | database | scope: | eq | version: | server 10.2.0.5 | Trust: 0.8 |
| vendor: | oracle | model: | database | scope: | eq | version: | server 11.1.0.7 | Trust: 0.8 |
| vendor: | oracle | model: | database | scope: | eq | version: | server 11.2.0.1 | Trust: 0.8 |
| vendor: | oracle | model: | database | scope: | eq | version: | server 11.2.0.2 | Trust: 0.8 |
| vendor: | oracle | model: | fusion middleware | scope: | eq | version: | 10.0 mp2 | Trust: 0.8 |
| vendor: | oracle | model: | fusion middleware | scope: | eq | version: | 10.0.2 | Trust: 0.8 |
| vendor: | oracle | model: | fusion middleware | scope: | eq | version: | 10.1.2.3 | Trust: 0.8 |
| vendor: | oracle | model: | fusion middleware | scope: | eq | version: | 10.1.3.5 | Trust: 0.8 |
| vendor: | oracle | model: | fusion middleware | scope: | eq | version: | 10.1.4.0.1 | Trust: 0.8 |
| vendor: | oracle | model: | fusion middleware | scope: | eq | version: | 10.1.4.3 | Trust: 0.8 |
| vendor: | oracle | model: | fusion middleware | scope: | eq | version: | 10.3.2 | Trust: 0.8 |
| vendor: | oracle | model: | fusion middleware | scope: | eq | version: | 10.3.3 | Trust: 0.8 |
| vendor: | oracle | model: | fusion middleware | scope: | eq | version: | 11.1.1.2.0 | Trust: 0.8 |
| vendor: | oracle | model: | fusion middleware | scope: | eq | version: | 11.1.1.3.0 | Trust: 0.8 |
| vendor: | oracle | model: | fusion middleware | scope: | eq | version: | 7.0 sp7 | Trust: 0.8 |
| vendor: | oracle | model: | fusion middleware | scope: | eq | version: | 8.1 sp6 | Trust: 0.8 |
| vendor: | oracle | model: | fusion middleware | scope: | eq | version: | 8.1.6 | Trust: 0.8 |
| vendor: | oracle | model: | fusion middleware | scope: | eq | version: | 9.0 | Trust: 0.8 |
| vendor: | oracle | model: | fusion middleware | scope: | eq | version: | 9.1 | Trust: 0.8 |
| vendor: | oracle | model: | fusion middleware | scope: | eq | version: | 9.2 mp3 | Trust: 0.8 |
| vendor: | oracle | model: | fusion middleware | scope: | eq | version: | 9.2.3 | Trust: 0.8 |
| vendor: | oracle | model: | fusion middleware | scope: | eq | version: | 9.2.4 | Trust: 0.8 |
| vendor: | oracle | model: | solaris | scope: | eq | version: | 10 | Trust: 0.8 |
| vendor: | cybertrust | model: | asianux server | scope: | eq | version: | 3 (x86) | Trust: 0.8 |
| vendor: | cybertrust | model: | asianux server | scope: | eq | version: | 3 (x86-64) | Trust: 0.8 |
| vendor: | cybertrust | model: | asianux server | scope: | eq | version: | 3.0 | Trust: 0.8 |
| vendor: | cybertrust | model: | asianux server | scope: | eq | version: | 3.0 (x86-64) | Trust: 0.8 |
| vendor: | cybertrust | model: | asianux server | scope: | eq | version: | 4.0 | Trust: 0.8 |
| vendor: | cybertrust | model: | asianux server | scope: | eq | version: | 4.0 (x86-64) | Trust: 0.8 |
| vendor: | sybase | model: | sap sybase adaptive server enterprise | scope: | - | version: | - | Trust: 0.8 |
| vendor: | sun microsystems | model: | jdk | scope: | lte | version: | 5.0 update 25 | Trust: 0.8 |
| vendor: | sun microsystems | model: | jdk | scope: | lte | version: | 6 update 21 | Trust: 0.8 |
| vendor: | sun microsystems | model: | jre | scope: | lte | version: | 1.4.2_27 | Trust: 0.8 |
| vendor: | sun microsystems | model: | jre | scope: | lte | version: | 5.0 update 25 | Trust: 0.8 |
| vendor: | sun microsystems | model: | jre | scope: | lte | version: | 6 update 21 | Trust: 0.8 |
| vendor: | sun microsystems | model: | opensolaris | scope: | eq | version: | (sparc) | Trust: 0.8 |
| vendor: | sun microsystems | model: | opensolaris | scope: | eq | version: | (x86) | Trust: 0.8 |
| vendor: | sun microsystems | model: | sdk | scope: | lte | version: | 1.4.2_27 | Trust: 0.8 |
| vendor: | sun microsystems | model: | glassfish enterprise server | scope: | eq | version: | v2.1.1 | Trust: 0.8 |
| vendor: | sun microsystems | model: | java enterprise system | scope: | eq | version: | 2005q4 | Trust: 0.8 |
| vendor: | sun microsystems | model: | java enterprise system | scope: | eq | version: | 5 | Trust: 0.8 |
| vendor: | sun microsystems | model: | java system application server | scope: | eq | version: | 8.0 | Trust: 0.8 |
| vendor: | sun microsystems | model: | java system application server | scope: | eq | version: | 8.1 | Trust: 0.8 |
| vendor: | sun microsystems | model: | java system application server | scope: | eq | version: | 8.2 | Trust: 0.8 |
| vendor: | sun microsystems | model: | java system web proxy server | scope: | eq | version: | 4.0 - 4.0.12 | Trust: 0.8 |
| vendor: | sun microsystems | model: | java system web server | scope: | eq | version: | 6.1 | Trust: 0.8 |
| vendor: | sun microsystems | model: | java system web server | scope: | eq | version: | 7.0 | Trust: 0.8 |
| vendor: | sun microsystems | model: | solaris | scope: | eq | version: | 10 (sparc) | Trust: 0.8 |
| vendor: | sun microsystems | model: | solaris | scope: | eq | version: | 10 (x86) | Trust: 0.8 |
| vendor: | sun microsystems | model: | solaris | scope: | eq | version: | 8 (sparc) | Trust: 0.8 |
| vendor: | sun microsystems | model: | solaris | scope: | eq | version: | 8 (x86) | Trust: 0.8 |
| vendor: | sun microsystems | model: | solaris | scope: | eq | version: | 9 (sparc) | Trust: 0.8 |
| vendor: | sun microsystems | model: | solaris | scope: | eq | version: | 9 (x86) | Trust: 0.8 |
| vendor: | turbo linux | model: | turbolinux appliance server | scope: | eq | version: | 2.0 | Trust: 0.8 |
| vendor: | turbo linux | model: | turbolinux appliance server | scope: | eq | version: | 3.0 | Trust: 0.8 |
| vendor: | turbo linux | model: | turbolinux appliance server | scope: | eq | version: | 3.0 (x64) | Trust: 0.8 |
| vendor: | turbo linux | model: | turbolinux client | scope: | eq | version: | 2008 | Trust: 0.8 |
| vendor: | turbo linux | model: | turbolinux fuji | scope: | eq | version: | ( extended maintenance ) | Trust: 0.8 |
| vendor: | turbo linux | model: | turbolinux server | scope: | eq | version: | 10 ( extended maintenance ) | Trust: 0.8 |
| vendor: | turbo linux | model: | turbolinux server | scope: | eq | version: | 10 (x64) ( extended maintenance ) | Trust: 0.8 |
| vendor: | turbo linux | model: | turbolinux server | scope: | eq | version: | 11 | Trust: 0.8 |
| vendor: | turbo linux | model: | turbolinux server | scope: | eq | version: | 11 (x64) | Trust: 0.8 |
| vendor: | hewlett packard | model: | hp systems insight manager | scope: | lt | version: | 7.0 | Trust: 0.8 |
| vendor: | hewlett packard | model: | hp virtual connect | scope: | lt | version: | 8gb 24 port fiber channel module 3.00 (vc ( virtual connect ) 4.40 ) | Trust: 0.8 |
| vendor: | hewlett packard | model: | hp-ux | scope: | eq | version: | 11.11 | Trust: 0.8 |
| vendor: | hewlett packard | model: | hp-ux | scope: | eq | version: | 11.23 | Trust: 0.8 |
| vendor: | hewlett packard | model: | hp-ux | scope: | eq | version: | 11.31 | Trust: 0.8 |
| vendor: | hewlett packard | model: | hpe matrix operating environment | scope: | - | version: | - | Trust: 0.8 |
| vendor: | hewlett packard | model: | hpe systems insight manager | scope: | - | version: | - | Trust: 0.8 |
| vendor: | blue coat | model: | director | scope: | - | version: | - | Trust: 0.8 |
| vendor: | blue coat | model: | intelligencecenter | scope: | - | version: | - | Trust: 0.8 |
| vendor: | blue coat | model: | packetshaper | scope: | - | version: | - | Trust: 0.8 |
| vendor: | blue coat | model: | proxyav | scope: | - | version: | - | Trust: 0.8 |
| vendor: | blue coat | model: | proxyclient | scope: | - | version: | - | Trust: 0.8 |
| vendor: | blue coat | model: | reporter | scope: | - | version: | - | Trust: 0.8 |
| vendor: | blue coat | model: | proxysg | scope: | - | version: | - | Trust: 0.8 |
| vendor: | blue coat | model: | sgos | scope: | eq | version: | 4 | Trust: 0.8 |
| vendor: | blue coat | model: | sgos | scope: | eq | version: | 5 | Trust: 0.8 |
| vendor: | blue coat | model: | sgos | scope: | eq | version: | 6 | Trust: 0.8 |
| vendor: | microsoft | model: | windows 2000 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | microsoft | model: | windows 7 | scope: | eq | version: | (x32) | Trust: 0.8 |
| vendor: | microsoft | model: | windows 7 | scope: | eq | version: | (x64) | Trust: 0.8 |
| vendor: | microsoft | model: | windows server 2003 | scope: | eq | version: | none | Trust: 0.8 |
| vendor: | microsoft | model: | windows server 2003 | scope: | eq | version: | (itanium) | Trust: 0.8 |
| vendor: | microsoft | model: | windows server 2003 | scope: | eq | version: | (x64) | Trust: 0.8 |
| vendor: | microsoft | model: | windows server 2008 | scope: | eq | version: | (itanium) | Trust: 0.8 |
| vendor: | microsoft | model: | windows server 2008 | scope: | eq | version: | (x64) | Trust: 0.8 |
| vendor: | microsoft | model: | windows server 2008 | scope: | eq | version: | (x86) | Trust: 0.8 |
| vendor: | microsoft | model: | windows server 2008 | scope: | eq | version: | r2(itanium) | Trust: 0.8 |
| vendor: | microsoft | model: | windows server 2008 | scope: | eq | version: | r2(x64) | Trust: 0.8 |
| vendor: | microsoft | model: | windows vista | scope: | eq | version: | none | Trust: 0.8 |
| vendor: | microsoft | model: | windows vista | scope: | eq | version: | (x64) | Trust: 0.8 |
| vendor: | microsoft | model: | windows xp | scope: | eq | version: | (x64) | Trust: 0.8 |
| vendor: | microsoft | model: | windows xp | scope: | eq | version: | sp3 | Trust: 0.8 |
| vendor: | red hat | model: | enterprise linux | scope: | eq | version: | 3 (as) | Trust: 0.8 |
| vendor: | red hat | model: | enterprise linux | scope: | eq | version: | 3 (es) | Trust: 0.8 |
| vendor: | red hat | model: | enterprise linux | scope: | eq | version: | 3 (ws) | Trust: 0.8 |
| vendor: | red hat | model: | enterprise linux | scope: | eq | version: | 4 (as) | Trust: 0.8 |
| vendor: | red hat | model: | enterprise linux | scope: | eq | version: | 4 (es) | Trust: 0.8 |
| vendor: | red hat | model: | enterprise linux | scope: | eq | version: | 4 (ws) | Trust: 0.8 |
| vendor: | red hat | model: | enterprise linux | scope: | eq | version: | 4.8 (as) | Trust: 0.8 |
| vendor: | red hat | model: | enterprise linux | scope: | eq | version: | 4.8 (es) | Trust: 0.8 |
| vendor: | red hat | model: | enterprise linux | scope: | eq | version: | 5 (server) | Trust: 0.8 |
| vendor: | red hat | model: | enterprise linux desktop | scope: | eq | version: | 3.0 | Trust: 0.8 |
| vendor: | red hat | model: | enterprise linux desktop | scope: | eq | version: | 4.0 | Trust: 0.8 |
| vendor: | red hat | model: | enterprise linux desktop | scope: | eq | version: | 5.0 (client) | Trust: 0.8 |
| vendor: | red hat | model: | enterprise linux desktop | scope: | eq | version: | 6 | Trust: 0.8 |
| vendor: | red hat | model: | enterprise linux eus | scope: | eq | version: | 5.4.z (server) | Trust: 0.8 |
| vendor: | red hat | model: | enterprise linux extras | scope: | eq | version: | 3 extras | Trust: 0.8 |
| vendor: | red hat | model: | enterprise linux extras | scope: | eq | version: | 4 extras | Trust: 0.8 |
| vendor: | red hat | model: | enterprise linux extras | scope: | eq | version: | 4.7.z extras | Trust: 0.8 |
| vendor: | red hat | model: | enterprise linux extras | scope: | eq | version: | 4.8.z extras | Trust: 0.8 |
| vendor: | red hat | model: | enterprise linux hpc node | scope: | eq | version: | 6 | Trust: 0.8 |
| vendor: | red hat | model: | enterprise linux hpc node supplementary | scope: | eq | version: | 6 | Trust: 0.8 |
| vendor: | red hat | model: | enterprise linux server | scope: | eq | version: | 6 | Trust: 0.8 |
| vendor: | red hat | model: | enterprise linux server supplementary | scope: | eq | version: | 6 | Trust: 0.8 |
| vendor: | red hat | model: | enterprise linux workstation | scope: | eq | version: | 6 | Trust: 0.8 |
| vendor: | red hat | model: | enterprise linux workstation supplementary | scope: | eq | version: | 6 | Trust: 0.8 |
| vendor: | red hat | model: | rhel desktop supplementary | scope: | eq | version: | 5 (client) | Trust: 0.8 |
| vendor: | red hat | model: | rhel desktop supplementary | scope: | eq | version: | 6 | Trust: 0.8 |
| vendor: | red hat | model: | rhel desktop workstation | scope: | eq | version: | 5 (client) | Trust: 0.8 |
| vendor: | red hat | model: | rhel supplementary | scope: | eq | version: | 5 (server) | Trust: 0.8 |
| vendor: | red hat | model: | rhel supplementary eus | scope: | eq | version: | 5.2.z (server) | Trust: 0.8 |
| vendor: | red hat | model: | rhel supplementary eus | scope: | eq | version: | 5.3.z (server) | Trust: 0.8 |
| vendor: | red hat | model: | rhel supplementary eus | scope: | eq | version: | 5.4.z (server) | Trust: 0.8 |
| vendor: | nec | model: | csview | scope: | - | version: | - | Trust: 0.8 |
| vendor: | nec | model: | websam assetsuite | scope: | - | version: | - | Trust: 0.8 |
| vendor: | hitachi | model: | cosminexus application server | scope: | eq | version: | enterprise version 6 | Trust: 0.8 |
| vendor: | hitachi | model: | cosminexus application server | scope: | eq | version: | standard version 6 | Trust: 0.8 |
| vendor: | hitachi | model: | cosminexus application server | scope: | eq | version: | version 5 | Trust: 0.8 |
| vendor: | hitachi | model: | cosminexus client | scope: | eq | version: | version 6 | Trust: 0.8 |
| vendor: | hitachi | model: | cosminexus developer | scope: | eq | version: | light version 6 | Trust: 0.8 |
| vendor: | hitachi | model: | cosminexus developer | scope: | eq | version: | professional version 6 | Trust: 0.8 |
| vendor: | hitachi | model: | cosminexus developer | scope: | eq | version: | standard version 6 | Trust: 0.8 |
| vendor: | hitachi | model: | cosminexus developer | scope: | eq | version: | version 5 | Trust: 0.8 |
| vendor: | hitachi | model: | cosminexus developer's kit for java | scope: | - | version: | - | Trust: 0.8 |
| vendor: | hitachi | model: | cosminexus server | scope: | eq | version: | - standard edition version 4 | Trust: 0.8 |
| vendor: | hitachi | model: | cosminexus server | scope: | eq | version: | - web edition version 4 | Trust: 0.8 |
| vendor: | hitachi | model: | cosminexus studio | scope: | eq | version: | - standard edition version 4 | Trust: 0.8 |
| vendor: | hitachi | model: | cosminexus studio | scope: | eq | version: | - web edition version 4 | Trust: 0.8 |
| vendor: | hitachi | model: | cosminexus studio | scope: | eq | version: | version 5 | Trust: 0.8 |
| vendor: | hitachi | model: | developer's kit for java | scope: | - | version: | - | Trust: 0.8 |
| vendor: | hitachi | model: | web server | scope: | eq | version: | none | Trust: 0.8 |
| vendor: | hitachi | model: | web server | scope: | eq | version: | - security enhancement | Trust: 0.8 |
| vendor: | hitachi | model: | processing kit for xml | scope: | - | version: | - | Trust: 0.8 |
| vendor: | hitachi | model: | ucosminexus application server | scope: | eq | version: | enterprise | Trust: 0.8 |
| vendor: | hitachi | model: | ucosminexus application server | scope: | eq | version: | standard | Trust: 0.8 |
| vendor: | hitachi | model: | ucosminexus client | scope: | - | version: | - | Trust: 0.8 |
| vendor: | hitachi | model: | ucosminexus developer | scope: | eq | version: | light | Trust: 0.8 |
| vendor: | hitachi | model: | ucosminexus developer | scope: | eq | version: | professional | Trust: 0.8 |
| vendor: | hitachi | model: | ucosminexus developer | scope: | eq | version: | standard | Trust: 0.8 |
| vendor: | hitachi | model: | ucosminexus operator | scope: | - | version: | - | Trust: 0.8 |
| vendor: | hitachi | model: | ucosminexus portal framework | scope: | eq | version: | entry set | Trust: 0.8 |
| vendor: | hitachi | model: | ucosminexus service | scope: | eq | version: | architect | Trust: 0.8 |
| vendor: | hitachi | model: | ucosminexus service | scope: | eq | version: | platform | Trust: 0.8 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-295 | Trust: 1.1 |
| problemtype: | CWE-310 | Trust: 0.9 |
THREAT TYPE
remote
Trust: 0.2
TYPE
arbitrary
Trust: 0.4
CONFIGURATIONS
EXPLOIT AVAILABILITY
PATCH
| title: | Changes with Apache 2.2.15 | url: | http://www.apache.org/dist/httpd/CHANGES_2.2.15 | Trust: 0.8 |
| title: | Changes with Apache 2.3.6 | url: | http://www.apache.org/dist/httpd/CHANGES_2.3.6 | Trust: 0.8 |
| title: | HT4170 | url: | http://support.apple.com/kb/HT4170 | Trust: 0.8 |
| title: | HT4418 | url: | http://support.apple.com/kb/HT4418 | Trust: 0.8 |
| title: | HT4171 | url: | http://support.apple.com/kb/HT4171 | Trust: 0.8 |
| title: | HT4004 | url: | http://support.apple.com/kb/HT4004 | Trust: 0.8 |
| title: | HT4417 | url: | http://support.apple.com/kb/HT4417 | Trust: 0.8 |
| title: | HT4004 | url: | http://support.apple.com/kb/HT4004?viewlocale=ja_JP | Trust: 0.8 |
| title: | HT4417 | url: | http://support.apple.com/kb/HT4417?viewlocale=ja_JP | Trust: 0.8 |
| title: | HT4170 | url: | http://support.apple.com/kb/HT4170?viewlocale=ja_JP | Trust: 0.8 |
| title: | HT4418 | url: | http://support.apple.com/kb/HT4418?viewlocale=ja_JP | Trust: 0.8 |
| title: | HT4171 | url: | http://support.apple.com/kb/HT4171?viewlocale=ja_JP | Trust: 0.8 |
| title: | openssl097a-0.9.7a-9.AXS3.2 | url: | https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=1011 | Trust: 0.8 |
| title: | jdk-1.6.0_19 | url: | https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=1028 | Trust: 0.8 |
| title: | httpd-2.2.3-31.2.1AXS3 | url: | https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=774 | Trust: 0.8 |
| title: | nss-3.12.6-1.AXS3 and nspr-4.8.4-1.AXS3 | url: | https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=1012 | Trust: 0.8 |
| title: | gnutls-1.4.1-3.8.0.1.AXS3 | url: | https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=1013 | Trust: 0.8 |
| title: | jdk-1.6.0_22 | url: | https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=1285 | Trust: 0.8 |
| title: | openssl-0.9.8e-12.AXS3.6 | url: | https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=1014 | Trust: 0.8 |
| title: | 609365 | url: | http://search.sybase.com/kbx/changerequests?bug_id=609365 | Trust: 0.8 |
| title: | cisco-sa-20091109-tls | url: | http://www.cisco.com/warp/public/707/cisco-sa-20091109-tls.shtml | Trust: 0.8 |
| title: | cpujul2010.html | url: | http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2010.html | Trust: 0.8 |
| title: | javacpuoct2010-176258 | url: | http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html | Trust: 0.8 |
| title: | cpuapr2011-301950 | url: | http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html | Trust: 0.8 |
| title: | javacpumar2010 | url: | http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html | Trust: 0.8 |
| title: | HS10-030 | url: | http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS10-030/index.html | Trust: 0.8 |
| title: | HS10-010 | url: | http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS10-010/index.html | Trust: 0.8 |
| title: | HS11-006 | url: | http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-006/index.html | Trust: 0.8 |
| title: | HPSBHF03293 | url: | http://marc.info/?l=bugtraq&m=142660345230545&w=2 | Trust: 0.8 |
| title: | HPSBUX02517 | url: | http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02079216 | Trust: 0.8 |
| title: | HPSBUX02608 | url: | http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748 | Trust: 0.8 |
| title: | HPSBUX02498 | url: | http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01963123 | Trust: 0.8 |
| title: | HPSBMU02769 SSRT100846 | url: | http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03298151 | Trust: 0.8 |
| title: | HPSBUX02482 | url: | http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686 | Trust: 0.8 |
| title: | HPSBUX02524 | url: | http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02122104 | Trust: 0.8 |
| title: | HPSBMU03611 | url: | https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05150888 | Trust: 0.8 |
| title: | 7007033 | url: | http://www-01.ibm.com/support/docview.wss?uid=swg27007033#60239 | Trust: 0.8 |
| title: | 7014463 | url: | http://www-01.ibm.com/support/docview.wss?uid=swg27014463#7009 | Trust: 0.8 |
| title: | 7006876 | url: | http://www-01.ibm.com/support/docview.wss?uid=swg27006876#60239 | Trust: 0.8 |
| title: | 1426108 | url: | http://www-01.ibm.com/support/docview.wss?uid=swg21426108 | Trust: 0.8 |
| title: | 4909 | url: | http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4909 | Trust: 0.8 |
| title: | 7007951 | url: | http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg27007951#61029 | Trust: 0.8 |
| title: | 4025718 | url: | http://www-01.ibm.com/support/docview.wss?uid=swg24025718 | Trust: 0.8 |
| title: | 7008517 | url: | http://www-01.ibm.com/support/docview.wss?rs=177&uid=swg27008517#61029 | Trust: 0.8 |
| title: | 4025719 | url: | http://www-01.ibm.com/support/docview.wss?uid=swg24025719 | Trust: 0.8 |
| title: | 1444772 | url: | http://www-01.ibm.com/support/docview.wss?uid=swg21444772 | Trust: 0.8 |
| title: | 4025742 | url: | http://www-01.ibm.com/support/docview.wss?uid=swg24025742 | Trust: 0.8 |
| title: | 1412438 | url: | http://www-01.ibm.com/support/docview.wss?uid=swg21412438#2 | Trust: 0.8 |
| title: | IC68054 | url: | http://www-01.ibm.com/support/docview.wss?uid=swg1IC68054 | Trust: 0.8 |
| title: | 1293566 | url: | http://www-01.ibm.com/support/docview.wss?uid=swg21293566#6a | Trust: 0.8 |
| title: | 4025746 | url: | http://www-01.ibm.com/support/docview.wss?uid=swg24025746 | Trust: 0.8 |
| title: | 1432298 | url: | http://www-01.ibm.com/support/docview.wss?uid=swg21432298 | Trust: 0.8 |
| title: | PM10658 | url: | http://www-01.ibm.com/support/docview.wss?uid=swg1PM10658 | Trust: 0.8 |
| title: | 1413714 | url: | http://www-01.ibm.com/support/docview.wss?uid=swg21413714 | Trust: 0.8 |
| title: | 4025312 | url: | http://www-01.ibm.com/support/docview.wss?uid=swg24025312 | Trust: 0.8 |
| title: | 977377 | url: | http://www.microsoft.com/technet/security/advisory/977377.mspx | Trust: 0.8 |
| title: | MS10-049 | url: | http://www.microsoft.com/technet/security/bulletin/MS10-049.mspx | Trust: 0.8 |
| title: | 2043 | url: | http://www.miraclelinux.com/support/index.php?q=node/99&errata_id=2043 | Trust: 0.8 |
| title: | 2046 | url: | http://www.miraclelinux.com/support/index.php?q=node/99&errata_id=2046 | Trust: 0.8 |
| title: | 1819 | url: | http://www.miraclelinux.com/support/index.php?q=node/99&errata_id=1819 | Trust: 0.8 |
| title: | 2047 | url: | http://www.miraclelinux.com/support/index.php?q=node/99&errata_id=2047 | Trust: 0.8 |
| title: | 1820 | url: | http://www.miraclelinux.com/support/index.php?q=node/99&errata_id=1820 | Trust: 0.8 |
| title: | 2048 | url: | http://www.miraclelinux.com/support/index.php?q=node/99&errata_id=2048 | Trust: 0.8 |
| title: | MFSA 2010-22 | url: | http://www.mozilla.org/security/announce/2010/mfsa2010-22.html | Trust: 0.8 |
| title: | MFSA 2010-22 | url: | http://www.mozilla-japan.org/security/announce/2010/mfsa2010-22.html | Trust: 0.8 |
| title: | NV10-008 | url: | http://www.nec.co.jp/security-info/secinfo/nv10-008.html | Trust: 0.8 |
| title: | CVE-2009-3555 | url: | http://www.openoffice.org/security/cves/CVE-2009-3555.html | Trust: 0.8 |
| title: | secadv_20091111 | url: | http://www.openssl.org/news/secadv_20091111.txt | Trust: 0.8 |
| title: | RELEASE_NOTES-1.3.2c | url: | http://www.proftpd.org/docs/RELEASE_NOTES-1.3.2c | Trust: 0.8 |
| title: | RHSA-2010:0338 | url: | https://rhn.redhat.com/errata/RHSA-2010-0338.html | Trust: 0.8 |
| title: | RHSA-2010:0164 | url: | https://rhn.redhat.com/errata/RHSA-2010-0164.html | Trust: 0.8 |
| title: | RHSA-2010:0339 | url: | https://rhn.redhat.com/errata/RHSA-2010-0339.html | Trust: 0.8 |
| title: | RHSA-2010:0865 | url: | https://rhn.redhat.com/errata/RHSA-2010-0865.html | Trust: 0.8 |
| title: | RHSA-2010:0165 | url: | https://rhn.redhat.com/errata/RHSA-2010-0165.html | Trust: 0.8 |
| title: | RHSA-2010:0166 | url: | https://rhn.redhat.com/errata/RHSA-2010-0166.html | Trust: 0.8 |
| title: | RHSA-2010:0167 | url: | https://rhn.redhat.com/errata/RHSA-2010-0167.html | Trust: 0.8 |
| title: | RHSA-2010:0770 | url: | https://rhn.redhat.com/errata/RHSA-2010-0770.html | Trust: 0.8 |
| title: | RHSA-2010:0786 | url: | https://rhn.redhat.com/errata/RHSA-2010-0786.html | Trust: 0.8 |
| title: | RHSA-2010:0130 | url: | https://rhn.redhat.com/errata/RHSA-2010-0130.html | Trust: 0.8 |
| title: | RHSA-2010:0768 | url: | https://rhn.redhat.com/errata/RHSA-2010-0768.html | Trust: 0.8 |
| title: | RHSA-2010:0807 | url: | https://rhn.redhat.com/errata/RHSA-2010-0807.html | Trust: 0.8 |
| title: | RHSA-2010:0155 | url: | http://rhn.redhat.com/errata/RHSA-2010-0155.html | Trust: 0.8 |
| title: | RHSA-2009:1579 | url: | https://rhn.redhat.com/errata/RHSA-2009-1579.html | Trust: 0.8 |
| title: | RHSA-2010:0162 | url: | https://rhn.redhat.com/errata/RHSA-2010-0162.html | Trust: 0.8 |
| title: | RHSA-2009:1580 | url: | https://rhn.redhat.com/errata/RHSA-2009-1580.html | Trust: 0.8 |
| title: | RHSA-2010:0987 | url: | https://rhn.redhat.com/errata/RHSA-2010-0987.html | Trust: 0.8 |
| title: | RHSA-2010:0337 | url: | https://rhn.redhat.com/errata/RHSA-2010-0337.html | Trust: 0.8 |
| title: | RHSA-2010:0163 | url: | https://rhn.redhat.com/errata/RHSA-2010-0163.html | Trust: 0.8 |
| title: | SA44 | url: | https://kb.bluecoat.com/index?page=content&id=SA44 | Trust: 0.8 |
| title: | multiple_vulnerabilities_in_the_apache | url: | http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_the_apache | Trust: 0.8 |
| title: | Multiple Vulnerabilities in the Apache 2 HTTP Server Prior to 2.2.16 | url: | http://blogs.oracle.com/sunsecurity | Trust: 0.8 |
| title: | 273029 | url: | http://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1 | Trust: 0.8 |
| title: | 273350 | url: | http://sunsolve.sun.com/search/document.do?assetkey=1-66-273350-1 | Trust: 0.8 |
| title: | 274990 | url: | http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1 | Trust: 0.8 |
| title: | TLSA-2010-20 | url: | http://www.turbolinux.co.jp/security/2010/TLSA-2010-20j.txt | Trust: 0.8 |
| title: | TLSA-2010-42 | url: | http://www.turbolinux.co.jp/security/2010/TLSA-2010-42j.txt | Trust: 0.8 |
| title: | TLSA-2009-30 | url: | http://www.turbolinux.co.jp/security/2009/TLSA-2009-30j.txt | Trust: 0.8 |
| title: | TLSA-2009-32 | url: | http://www.turbolinux.co.jp/security/2009/TLSA-2009-32j.txt | Trust: 0.8 |
| title: | VMSA-2010-0019 | url: | http://www.vmware.com/security/advisories/VMSA-2010-0019.html | Trust: 0.8 |
| title: | VMSA-2011-0003 | url: | http://www.vmware.com/security/advisories/VMSA-2011-0003.html | Trust: 0.8 |
| title: | 100716_91 | url: | http://www.oracle.com/technology/global/jp/security/100716_91/top.html | Trust: 0.8 |
| title: | HS10-010 | url: | http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-010/index.html | Trust: 0.8 |
| title: | HS10-030 | url: | http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030 | Trust: 0.8 |
| title: | HS11-006 | url: | http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS11-006/index.html | Trust: 0.8 |
| title: | 977377 | url: | http://www.microsoft.com/japan/technet/security/advisory/977377.mspx | Trust: 0.8 |
| title: | MS10-049 | url: | http://www.microsoft.com/japan/technet/security/bulletin/ms10-049.mspx | Trust: 0.8 |
| title: | MS10-049e | url: | http://www.microsoft.com/japan/security/bulletins/MS10-049e.mspx | Trust: 0.8 |
| title: | TA10-222A | url: | http://software.fujitsu.com/jp/security/vulnerabilities/ta10-222a.html | Trust: 0.8 |
| title: | VU#120541 | url: | http://software.fujitsu.com/jp/security/vulnerabilities/vu120541.html | Trust: 0.8 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2009-3555 | Trust: 4.1 |
| db: | CERT/CC | id: | VU#120541 | Trust: 2.7 |
| db: | SECUNIA | id: | 38020 | Trust: 1.9 |
| db: | SECUNIA | id: | 39242 | Trust: 1.9 |
| db: | SECUNIA | id: | 39243 | Trust: 1.9 |
| db: | SECUNIA | id: | 37453 | Trust: 1.9 |
| db: | SECUNIA | id: | 40747 | Trust: 1.9 |
| db: | SECUNIA | id: | 39500 | Trust: 1.9 |
| db: | SECUNIA | id: | 39136 | Trust: 1.9 |
| db: | VUPEN | id: | ADV-2010-0086 | Trust: 1.9 |
| db: | VUPEN | id: | ADV-2009-3310 | Trust: 1.9 |
| db: | VUPEN | id: | ADV-2010-0982 | Trust: 1.9 |
| db: | VUPEN | id: | ADV-2010-3126 | Trust: 1.9 |
| db: | VUPEN | id: | ADV-2009-3313 | Trust: 1.9 |
| db: | VUPEN | id: | ADV-2010-3086 | Trust: 1.9 |
| db: | USCERT | id: | TA10-222A | Trust: 1.9 |
| db: | BID | id: | 36935 | Trust: 1.9 |
| db: | SECUNIA | id: | 38781 | Trust: 1.1 |
| db: | SECUNIA | id: | 42377 | Trust: 1.1 |
| db: | SECUNIA | id: | 37501 | Trust: 1.1 |
| db: | SECUNIA | id: | 39632 | Trust: 1.1 |
| db: | SECUNIA | id: | 37604 | Trust: 1.1 |
| db: | SECUNIA | id: | 41972 | Trust: 1.1 |
| db: | SECUNIA | id: | 43308 | Trust: 1.1 |
| db: | SECUNIA | id: | 38241 | Trust: 1.1 |
| db: | SECUNIA | id: | 37859 | Trust: 1.1 |
| db: | SECUNIA | id: | 40070 | Trust: 1.1 |
| db: | SECUNIA | id: | 41818 | Trust: 1.1 |
| db: | SECUNIA | id: | 39292 | Trust: 1.1 |
| db: | SECUNIA | id: | 42816 | Trust: 1.1 |
| db: | SECUNIA | id: | 42379 | Trust: 1.1 |
| db: | SECUNIA | id: | 39317 | Trust: 1.1 |
| db: | SECUNIA | id: | 42467 | Trust: 1.1 |
| db: | SECUNIA | id: | 37320 | Trust: 1.1 |
| db: | SECUNIA | id: | 37640 | Trust: 1.1 |
| db: | SECUNIA | id: | 37656 | Trust: 1.1 |
| db: | SECUNIA | id: | 37383 | Trust: 1.1 |
| db: | SECUNIA | id: | 42724 | Trust: 1.1 |
| db: | SECUNIA | id: | 38003 | Trust: 1.1 |
| db: | SECUNIA | id: | 44183 | Trust: 1.1 |
| db: | SECUNIA | id: | 42733 | Trust: 1.1 |
| db: | SECUNIA | id: | 38484 | Trust: 1.1 |
| db: | SECUNIA | id: | 40545 | Trust: 1.1 |
| db: | SECUNIA | id: | 40866 | Trust: 1.1 |
| db: | SECUNIA | id: | 38056 | Trust: 1.1 |
| db: | SECUNIA | id: | 39278 | Trust: 1.1 |
| db: | SECUNIA | id: | 42808 | Trust: 1.1 |
| db: | SECUNIA | id: | 37675 | Trust: 1.1 |
| db: | SECUNIA | id: | 39127 | Trust: 1.1 |
| db: | SECUNIA | id: | 39461 | Trust: 1.1 |
| db: | SECUNIA | id: | 39819 | Trust: 1.1 |
| db: | SECUNIA | id: | 41490 | Trust: 1.1 |
| db: | SECUNIA | id: | 39628 | Trust: 1.1 |
| db: | SECUNIA | id: | 44954 | Trust: 1.1 |
| db: | SECUNIA | id: | 48577 | Trust: 1.1 |
| db: | SECUNIA | id: | 42811 | Trust: 1.1 |
| db: | SECUNIA | id: | 37291 | Trust: 1.1 |
| db: | SECUNIA | id: | 41480 | Trust: 1.1 |
| db: | SECUNIA | id: | 37292 | Trust: 1.1 |
| db: | SECUNIA | id: | 37399 | Trust: 1.1 |
| db: | SECUNIA | id: | 39713 | Trust: 1.1 |
| db: | SECUNIA | id: | 38687 | Trust: 1.1 |
| db: | SECUNIA | id: | 37504 | Trust: 1.1 |
| db: | SECUNIA | id: | 41967 | Trust: 1.1 |
| db: | SECTRACK | id: | 1023217 | Trust: 1.1 |
| db: | SECTRACK | id: | 1023273 | Trust: 1.1 |
| db: | SECTRACK | id: | 1023274 | Trust: 1.1 |
| db: | SECTRACK | id: | 1023206 | Trust: 1.1 |
| db: | SECTRACK | id: | 1023272 | Trust: 1.1 |
| db: | SECTRACK | id: | 1023427 | Trust: 1.1 |
| db: | SECTRACK | id: | 1023218 | Trust: 1.1 |
| db: | SECTRACK | id: | 1023163 | Trust: 1.1 |
| db: | SECTRACK | id: | 1023214 | Trust: 1.1 |
| db: | SECTRACK | id: | 1023211 | Trust: 1.1 |
| db: | SECTRACK | id: | 1023219 | Trust: 1.1 |
| db: | SECTRACK | id: | 1023216 | Trust: 1.1 |
| db: | SECTRACK | id: | 1024789 | Trust: 1.1 |
| db: | SECTRACK | id: | 1023148 | Trust: 1.1 |
| db: | SECTRACK | id: | 1023213 | Trust: 1.1 |
| db: | SECTRACK | id: | 1023271 | Trust: 1.1 |
| db: | SECTRACK | id: | 1023243 | Trust: 1.1 |
| db: | SECTRACK | id: | 1023209 | Trust: 1.1 |
| db: | SECTRACK | id: | 1023215 | Trust: 1.1 |
| db: | SECTRACK | id: | 1023208 | Trust: 1.1 |
| db: | SECTRACK | id: | 1023411 | Trust: 1.1 |
| db: | SECTRACK | id: | 1023204 | Trust: 1.1 |
| db: | SECTRACK | id: | 1023224 | Trust: 1.1 |
| db: | SECTRACK | id: | 1023210 | Trust: 1.1 |
| db: | SECTRACK | id: | 1023207 | Trust: 1.1 |
| db: | SECTRACK | id: | 1023426 | Trust: 1.1 |
| db: | SECTRACK | id: | 1023428 | Trust: 1.1 |
| db: | SECTRACK | id: | 1023205 | Trust: 1.1 |
| db: | SECTRACK | id: | 1023275 | Trust: 1.1 |
| db: | SECTRACK | id: | 1023270 | Trust: 1.1 |
| db: | SECTRACK | id: | 1023212 | Trust: 1.1 |
| db: | VUPEN | id: | ADV-2010-2745 | Trust: 1.1 |
| db: | VUPEN | id: | ADV-2009-3353 | Trust: 1.1 |
| db: | VUPEN | id: | ADV-2010-3069 | Trust: 1.1 |
| db: | VUPEN | id: | ADV-2009-3354 | Trust: 1.1 |
| db: | VUPEN | id: | ADV-2009-3484 | Trust: 1.1 |
| db: | VUPEN | id: | ADV-2010-1793 | Trust: 1.1 |
| db: | VUPEN | id: | ADV-2011-0033 | Trust: 1.1 |
| db: | VUPEN | id: | ADV-2009-3220 | Trust: 1.1 |
| db: | VUPEN | id: | ADV-2010-2010 | Trust: 1.1 |
| db: | VUPEN | id: | ADV-2010-1639 | Trust: 1.1 |
| db: | VUPEN | id: | ADV-2010-1107 | Trust: 1.1 |
| db: | VUPEN | id: | ADV-2010-0916 | Trust: 1.1 |
| db: | VUPEN | id: | ADV-2009-3164 | Trust: 1.1 |
| db: | VUPEN | id: | ADV-2011-0032 | Trust: 1.1 |
| db: | VUPEN | id: | ADV-2011-0086 | Trust: 1.1 |
| db: | VUPEN | id: | ADV-2010-0748 | Trust: 1.1 |
| db: | VUPEN | id: | ADV-2010-1350 | Trust: 1.1 |
| db: | VUPEN | id: | ADV-2009-3521 | Trust: 1.1 |
| db: | VUPEN | id: | ADV-2010-0994 | Trust: 1.1 |
| db: | VUPEN | id: | ADV-2010-1191 | Trust: 1.1 |
| db: | VUPEN | id: | ADV-2010-0173 | Trust: 1.1 |
| db: | VUPEN | id: | ADV-2009-3587 | Trust: 1.1 |
| db: | VUPEN | id: | ADV-2010-0933 | Trust: 1.1 |
| db: | VUPEN | id: | ADV-2009-3205 | Trust: 1.1 |
| db: | VUPEN | id: | ADV-2010-1054 | Trust: 1.1 |
| db: | VUPEN | id: | ADV-2010-0848 | Trust: 1.1 |
| db: | VUPEN | id: | ADV-2010-1673 | Trust: 1.1 |
| db: | VUPEN | id: | ADV-2009-3165 | Trust: 1.1 |
| db: | OPENWALL | id: | OSS-SECURITY/2009/11/05/3 | Trust: 1.1 |
| db: | OPENWALL | id: | OSS-SECURITY/2009/11/07/3 | Trust: 1.1 |
| db: | OPENWALL | id: | OSS-SECURITY/2009/11/23/10 | Trust: 1.1 |
| db: | OPENWALL | id: | OSS-SECURITY/2009/11/05/5 | Trust: 1.1 |
| db: | OPENWALL | id: | OSS-SECURITY/2009/11/20/1 | Trust: 1.1 |
| db: | OPENWALL | id: | OSS-SECURITY/2009/11/06/3 | Trust: 1.1 |
| db: | OSVDB | id: | 65202 | Trust: 1.1 |
| db: | OSVDB | id: | 62210 | Trust: 1.1 |
| db: | OSVDB | id: | 60521 | Trust: 1.1 |
| db: | OSVDB | id: | 60972 | Trust: 1.1 |
| db: | HITACHI | id: | HS10-030 | Trust: 1.1 |
| db: | USCERT | id: | TA10-287A | Trust: 1.1 |
| db: | SECUNIA | id: | 44293 | Trust: 0.9 |
| db: | VUPEN | id: | ADV-2010-0212 | Trust: 0.8 |
| db: | VUPEN | id: | ADV-2010-0125 | Trust: 0.8 |
| db: | VUPEN | id: | ADV-2011-1039 | Trust: 0.8 |
| db: | VUPEN | id: | ADV-2010-1942 | Trust: 0.8 |
| db: | VUPEN | id: | ADV-2010-2046 | Trust: 0.8 |
| db: | VUPEN | id: | ADV-2010-0457 | Trust: 0.8 |
| db: | VUPEN | id: | ADV-2010-2660 | Trust: 0.8 |
| db: | VUPEN | id: | ADV-2010-1280 | Trust: 0.8 |
| db: | VUPEN | id: | ADV-2009-3393 | Trust: 0.8 |
| db: | SECUNIA | id: | 38608 | Trust: 0.8 |
| db: | SECUNIA | id: | 38728 | Trust: 0.8 |
| db: | SECUNIA | id: | 38338 | Trust: 0.8 |
| db: | SECUNIA | id: | 44260 | Trust: 0.8 |
| db: | SECUNIA | id: | 37566 | Trust: 0.8 |
| db: | SECUNIA | id: | 40879 | Trust: 0.8 |
| db: | SECUNIA | id: | 44292 | Trust: 0.8 |
| db: | USCERT | id: | SA10-222A | Trust: 0.8 |
| db: | JVNDB | id: | JVNDB-2009-002319 | Trust: 0.8 |
| db: | PACKETSTORM | id: | 82657 | Trust: 0.2 |
| db: | PACKETSTORM | id: | 91309 | Trust: 0.2 |
| db: | PACKETSTORM | id: | 83415 | Trust: 0.2 |
| db: | PACKETSTORM | id: | 92095 | Trust: 0.2 |
| db: | PACKETSTORM | id: | 120714 | Trust: 0.2 |
| db: | PACKETSTORM | id: | 82652 | Trust: 0.2 |
| db: | PACKETSTORM | id: | 88698 | Trust: 0.2 |
| db: | PACKETSTORM | id: | 90286 | Trust: 0.2 |
| db: | EXPLOIT-DB | id: | 10071 | Trust: 0.1 |
| db: | EXPLOIT-DB | id: | 10579 | Trust: 0.1 |
| db: | PACKETSTORM | id: | 82770 | Trust: 0.1 |
| db: | PACKETSTORM | id: | 130868 | Trust: 0.1 |
| db: | PACKETSTORM | id: | 83271 | Trust: 0.1 |
| db: | PACKETSTORM | id: | 90262 | Trust: 0.1 |
| db: | PACKETSTORM | id: | 88173 | Trust: 0.1 |
| db: | PACKETSTORM | id: | 120365 | Trust: 0.1 |
| db: | PACKETSTORM | id: | 106155 | Trust: 0.1 |
| db: | PACKETSTORM | id: | 111273 | Trust: 0.1 |
| db: | PACKETSTORM | id: | 83414 | Trust: 0.1 |
| db: | PACKETSTORM | id: | 88167 | Trust: 0.1 |
| db: | PACKETSTORM | id: | 124088 | Trust: 0.1 |
| db: | PACKETSTORM | id: | 94087 | Trust: 0.1 |
| db: | PACKETSTORM | id: | 97489 | Trust: 0.1 |
| db: | PACKETSTORM | id: | 131826 | Trust: 0.1 |
| db: | PACKETSTORM | id: | 95279 | Trust: 0.1 |
| db: | PACKETSTORM | id: | 137201 | Trust: 0.1 |
| db: | PACKETSTORM | id: | 102374 | Trust: 0.1 |
| db: | PACKETSTORM | id: | 106156 | Trust: 0.1 |
| db: | PACKETSTORM | id: | 89136 | Trust: 0.1 |
| db: | PACKETSTORM | id: | 92497 | Trust: 0.1 |
| db: | PACKETSTORM | id: | 88621 | Trust: 0.1 |
| db: | PACKETSTORM | id: | 94088 | Trust: 0.1 |
| db: | PACKETSTORM | id: | 89667 | Trust: 0.1 |
| db: | PACKETSTORM | id: | 84112 | Trust: 0.1 |
| db: | PACKETSTORM | id: | 127267 | Trust: 0.1 |
| db: | PACKETSTORM | id: | 84183 | Trust: 0.1 |
| db: | PACKETSTORM | id: | 86075 | Trust: 0.1 |
| db: | PACKETSTORM | id: | 114810 | Trust: 0.1 |
| db: | PACKETSTORM | id: | 88224 | Trust: 0.1 |
| db: | PACKETSTORM | id: | 123380 | Trust: 0.1 |
| db: | PACKETSTORM | id: | 84181 | Trust: 0.1 |
| db: | CNNVD | id: | CNNVD-200911-069 | Trust: 0.1 |
| db: | SEEBUG | id: | SSVID-67231 | Trust: 0.1 |
| db: | VULHUB | id: | VHN-41001 | Trust: 0.1 |
| db: | PACKETSTORM | id: | 98419 | Trust: 0.1 |
| db: | PACKETSTORM | id: | 100761 | Trust: 0.1 |
| db: | PACKETSTORM | id: | 101257 | Trust: 0.1 |
| db: | PACKETSTORM | id: | 94383 | Trust: 0.1 |
| db: | PACKETSTORM | id: | 98469 | Trust: 0.1 |
| db: | PACKETSTORM | id: | 91749 | Trust: 0.1 |
| db: | PACKETSTORM | id: | 111920 | Trust: 0.1 |
REFERENCES
| url: | http://extendedsubset.com/?p=8 | Trust: 1.9 |
| url: | http://www.links.org/?p=780 | Trust: 1.9 |
| url: | http://www.links.org/?p=786 | Trust: 1.9 |
| url: | http://www.links.org/?p=789 | Trust: 1.9 |
| url: | http://blogs.iss.net/archive/sslmitmiscsrf.html | Trust: 1.9 |
| url: | http://www.ietf.org/mail-archive/web/tls/current/msg03948.html | Trust: 1.9 |
| url: | https://bugzilla.redhat.com/show_bug.cgi?id=533125 | Trust: 1.9 |
| url: | https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt | Trust: 1.9 |
| url: | http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html | Trust: 1.9 |
| url: | http://www.securityfocus.com/bid/36935 | Trust: 1.9 |
| url: | http://secunia.com/advisories/37453 | Trust: 1.9 |
| url: | http://secunia.com/advisories/38020 | Trust: 1.9 |
| url: | http://secunia.com/advisories/39136 | Trust: 1.9 |
| url: | http://secunia.com/advisories/39242 | Trust: 1.9 |
| url: | http://secunia.com/advisories/39243 | Trust: 1.9 |
| url: | http://secunia.com/advisories/39500 | Trust: 1.9 |
| url: | http://secunia.com/advisories/40747 | Trust: 1.9 |
| url: | http://www.vupen.com/english/advisories/2009/3310 | Trust: 1.9 |
| url: | http://www.vupen.com/english/advisories/2009/3313 | Trust: 1.9 |
| url: | http://www.vupen.com/english/advisories/2010/0086 | Trust: 1.9 |
| url: | http://www.vupen.com/english/advisories/2010/0982 | Trust: 1.9 |
| url: | http://www.vupen.com/english/advisories/2010/3086 | Trust: 1.9 |
| url: | http://www.vupen.com/english/advisories/2010/3126 | Trust: 1.9 |
| url: | http://www.us-cert.gov/cas/techalerts/ta10-222a.html | Trust: 1.9 |
| url: | http://www.kb.cert.org/vuls/id/120541 | Trust: 1.9 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3555 | Trust: 1.4 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2009-3555 | Trust: 1.4 |
| url: | http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021653.1-1 | Trust: 1.1 |
| url: | http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021752.1-1 | Trust: 1.1 |
| url: | http://securitytracker.com/id?1023148 | Trust: 1.1 |
| url: | http://www.securitytracker.com/id?1023163 | Trust: 1.1 |
| url: | http://www.securitytracker.com/id?1023204 | Trust: 1.1 |
| url: | http://www.securitytracker.com/id?1023205 | Trust: 1.1 |
| url: | http://www.securitytracker.com/id?1023206 | Trust: 1.1 |
| url: | http://www.securitytracker.com/id?1023207 | Trust: 1.1 |
| url: | http://www.securitytracker.com/id?1023208 | Trust: 1.1 |
| url: | http://www.securitytracker.com/id?1023209 | Trust: 1.1 |
| url: | http://www.securitytracker.com/id?1023210 | Trust: 1.1 |
| url: | http://www.securitytracker.com/id?1023211 | Trust: 1.1 |
| url: | http://www.securitytracker.com/id?1023212 | Trust: 1.1 |
| url: | http://www.securitytracker.com/id?1023213 | Trust: 1.1 |
| url: | http://www.securitytracker.com/id?1023214 | Trust: 1.1 |
| url: | http://www.securitytracker.com/id?1023215 | Trust: 1.1 |
| url: | http://www.securitytracker.com/id?1023216 | Trust: 1.1 |
| url: | http://www.securitytracker.com/id?1023217 | Trust: 1.1 |
| url: | http://www.securitytracker.com/id?1023218 | Trust: 1.1 |
| url: | http://www.securitytracker.com/id?1023219 | Trust: 1.1 |
| url: | http://www.securitytracker.com/id?1023224 | Trust: 1.1 |
| url: | http://www.securitytracker.com/id?1023243 | Trust: 1.1 |
| url: | http://www.securitytracker.com/id?1023270 | Trust: 1.1 |
| url: | http://www.securitytracker.com/id?1023271 | Trust: 1.1 |
| url: | http://www.securitytracker.com/id?1023272 | Trust: 1.1 |
| url: | http://www.securitytracker.com/id?1023273 | Trust: 1.1 |
| url: | http://www.securitytracker.com/id?1023274 | Trust: 1.1 |
| url: | http://www.securitytracker.com/id?1023275 | Trust: 1.1 |
| url: | http://www.securitytracker.com/id?1023411 | Trust: 1.1 |
| url: | http://www.securitytracker.com/id?1023426 | Trust: 1.1 |
| url: | http://www.securitytracker.com/id?1023427 | Trust: 1.1 |
| url: | http://www.securitytracker.com/id?1023428 | Trust: 1.1 |
| url: | http://www.securitytracker.com/id?1024789 | Trust: 1.1 |
| url: | http://www.cisco.com/en/us/products/products_security_advisory09186a0080b01d1d.shtml | Trust: 1.1 |
| url: | http://seclists.org/fulldisclosure/2009/nov/139 | Trust: 1.1 |
| url: | http://www.securityfocus.com/archive/1/507952/100/0/threaded | Trust: 1.1 |
| url: | http://www.securityfocus.com/archive/1/508075/100/0/threaded | Trust: 1.1 |
| url: | http://www.securityfocus.com/archive/1/508130/100/0/threaded | Trust: 1.1 |
| url: | http://www.securityfocus.com/archive/1/515055/100/0/threaded | Trust: 1.1 |
| url: | http://www.securityfocus.com/archive/1/516397/100/0/threaded | Trust: 1.1 |
| url: | http://archives.neohapsis.com/archives/bugtraq/2013-11/0120.html | Trust: 1.1 |
| url: | http://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1 | Trust: 1.1 |
| url: | http://sunsolve.sun.com/search/document.do?assetkey=1-26-273350-1 | Trust: 1.1 |
| url: | http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1 | Trust: 1.1 |
| url: | http://secunia.com/advisories/37291 | Trust: 1.1 |
| url: | http://secunia.com/advisories/37292 | Trust: 1.1 |
| url: | http://secunia.com/advisories/37320 | Trust: 1.1 |
| url: | http://secunia.com/advisories/37383 | Trust: 1.1 |
| url: | http://secunia.com/advisories/37399 | Trust: 1.1 |
| url: | http://secunia.com/advisories/37501 | Trust: 1.1 |
| url: | http://secunia.com/advisories/37504 | Trust: 1.1 |
| url: | http://secunia.com/advisories/37604 | Trust: 1.1 |
| url: | http://secunia.com/advisories/37640 | Trust: 1.1 |
| url: | http://secunia.com/advisories/37656 | Trust: 1.1 |
| url: | http://secunia.com/advisories/37675 | Trust: 1.1 |
| url: | http://secunia.com/advisories/37859 | Trust: 1.1 |
| url: | http://secunia.com/advisories/38003 | Trust: 1.1 |
| url: | http://secunia.com/advisories/38056 | Trust: 1.1 |
| url: | http://secunia.com/advisories/38241 | Trust: 1.1 |
| url: | http://secunia.com/advisories/38484 | Trust: 1.1 |
| url: | http://secunia.com/advisories/38687 | Trust: 1.1 |
| url: | http://secunia.com/advisories/38781 | Trust: 1.1 |
| url: | http://secunia.com/advisories/39127 | Trust: 1.1 |
| url: | http://secunia.com/advisories/39278 | Trust: 1.1 |
| url: | http://secunia.com/advisories/39292 | Trust: 1.1 |
| url: | http://secunia.com/advisories/39317 | Trust: 1.1 |
| url: | http://secunia.com/advisories/39461 | Trust: 1.1 |
| url: | http://secunia.com/advisories/39628 | Trust: 1.1 |
| url: | http://secunia.com/advisories/39632 | Trust: 1.1 |
| url: | http://secunia.com/advisories/39713 | Trust: 1.1 |
| url: | http://secunia.com/advisories/39819 | Trust: 1.1 |
| url: | http://secunia.com/advisories/40070 | Trust: 1.1 |
| url: | http://secunia.com/advisories/40545 | Trust: 1.1 |
| url: | http://secunia.com/advisories/40866 | Trust: 1.1 |
| url: | http://secunia.com/advisories/41480 | Trust: 1.1 |
| url: | http://secunia.com/advisories/41490 | Trust: 1.1 |
| url: | http://secunia.com/advisories/41818 | Trust: 1.1 |
| url: | http://secunia.com/advisories/41967 | Trust: 1.1 |
| url: | http://secunia.com/advisories/41972 | Trust: 1.1 |
| url: | http://secunia.com/advisories/42377 | Trust: 1.1 |
| url: | http://secunia.com/advisories/42379 | Trust: 1.1 |
| url: | http://secunia.com/advisories/42467 | Trust: 1.1 |
| url: | http://secunia.com/advisories/42724 | Trust: 1.1 |
| url: | http://secunia.com/advisories/42733 | Trust: 1.1 |
| url: | http://secunia.com/advisories/42808 | Trust: 1.1 |
| url: | http://secunia.com/advisories/42811 | Trust: 1.1 |
| url: | http://secunia.com/advisories/42816 | Trust: 1.1 |
| url: | http://secunia.com/advisories/43308 | Trust: 1.1 |
| url: | http://secunia.com/advisories/44183 | Trust: 1.1 |
| url: | http://secunia.com/advisories/44954 | Trust: 1.1 |
| url: | http://secunia.com/advisories/48577 | Trust: 1.1 |
| url: | http://osvdb.org/60521 | Trust: 1.1 |
| url: | http://osvdb.org/60972 | Trust: 1.1 |
| url: | http://osvdb.org/62210 | Trust: 1.1 |
| url: | http://osvdb.org/65202 | Trust: 1.1 |
| url: | http://www.vupen.com/english/advisories/2009/3164 | Trust: 1.1 |
| url: | http://www.vupen.com/english/advisories/2009/3165 | Trust: 1.1 |
| url: | http://www.vupen.com/english/advisories/2009/3205 | Trust: 1.1 |
| url: | http://www.vupen.com/english/advisories/2009/3220 | Trust: 1.1 |
| url: | http://www.vupen.com/english/advisories/2009/3353 | Trust: 1.1 |
| url: | http://www.vupen.com/english/advisories/2009/3354 | Trust: 1.1 |
| url: | http://www.vupen.com/english/advisories/2009/3484 | Trust: 1.1 |
| url: | http://www.vupen.com/english/advisories/2009/3521 | Trust: 1.1 |
| url: | http://www.vupen.com/english/advisories/2009/3587 | Trust: 1.1 |
| url: | http://www.vupen.com/english/advisories/2010/0173 | Trust: 1.1 |
| url: | http://www.vupen.com/english/advisories/2010/0748 | Trust: 1.1 |
| url: | http://www.vupen.com/english/advisories/2010/0848 | Trust: 1.1 |
| url: | http://www.vupen.com/english/advisories/2010/0916 | Trust: 1.1 |
| url: | http://www.vupen.com/english/advisories/2010/0933 | Trust: 1.1 |
| url: | http://www.vupen.com/english/advisories/2010/0994 | Trust: 1.1 |
| url: | http://www.vupen.com/english/advisories/2010/1054 | Trust: 1.1 |
| url: | http://www.vupen.com/english/advisories/2010/1107 | Trust: 1.1 |
| url: | http://www.vupen.com/english/advisories/2010/1191 | Trust: 1.1 |
| url: | http://www.vupen.com/english/advisories/2010/1350 | Trust: 1.1 |
| url: | http://www.vupen.com/english/advisories/2010/1639 | Trust: 1.1 |
| url: | http://www.vupen.com/english/advisories/2010/1673 | Trust: 1.1 |
| url: | http://www.vupen.com/english/advisories/2010/1793 | Trust: 1.1 |
| url: | http://www.vupen.com/english/advisories/2010/2010 | Trust: 1.1 |
| url: | http://www.vupen.com/english/advisories/2010/2745 | Trust: 1.1 |
| url: | http://www.vupen.com/english/advisories/2010/3069 | Trust: 1.1 |
| url: | http://www.vupen.com/english/advisories/2011/0032 | Trust: 1.1 |
| url: | http://www.vupen.com/english/advisories/2011/0033 | Trust: 1.1 |
| url: | http://www.vupen.com/english/advisories/2011/0086 | Trust: 1.1 |
| url: | http://lists.apple.com/archives/security-announce/2010/jan/msg00000.html | Trust: 1.1 |
| url: | http://lists.apple.com/archives/security-announce/2010//may/msg00001.html | Trust: 1.1 |
| url: | http://lists.apple.com/archives/security-announce/2010//may/msg00002.html | Trust: 1.1 |
| url: | http://www.debian.org/security/2009/dsa-1934 | Trust: 1.1 |
| url: | http://www.debian.org/security/2011/dsa-2141 | Trust: 1.1 |
| url: | http://www.debian.org/security/2015/dsa-3253 | Trust: 1.1 |
| url: | https://www.redhat.com/archives/fedora-package-announce/2009-december/msg01029.html | Trust: 1.1 |
| url: | https://www.redhat.com/archives/fedora-package-announce/2009-december/msg01020.html | Trust: 1.1 |
| url: | https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00645.html | Trust: 1.1 |
| url: | https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00944.html | Trust: 1.1 |
| url: | https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00428.html | Trust: 1.1 |
| url: | https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00442.html | Trust: 1.1 |
| url: | https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00449.html | Trust: 1.1 |
| url: | https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00634.html | Trust: 1.1 |
| url: | http://lists.fedoraproject.org/pipermail/package-announce/2010-october/049702.html | Trust: 1.1 |
| url: | http://lists.fedoraproject.org/pipermail/package-announce/2010-october/049528.html | Trust: 1.1 |
| url: | http://lists.fedoraproject.org/pipermail/package-announce/2010-october/049455.html | Trust: 1.1 |
| url: | http://lists.fedoraproject.org/pipermail/package-announce/2010-april/039561.html | Trust: 1.1 |
| url: | http://lists.fedoraproject.org/pipermail/package-announce/2010-april/039957.html | Trust: 1.1 |
| url: | http://lists.fedoraproject.org/pipermail/package-announce/2010-may/040652.html | Trust: 1.1 |
| url: | http://security.gentoo.org/glsa/glsa-200912-01.xml | Trust: 1.1 |
| url: | http://security.gentoo.org/glsa/glsa-201203-22.xml | Trust: 1.1 |
| url: | http://security.gentoo.org/glsa/glsa-201406-32.xml | Trust: 1.1 |
| url: | http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c02436041 | Trust: 1.1 |
| url: | http://itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02273751 | Trust: 1.1 |
| url: | http://www.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02512995 | Trust: 1.1 |
| url: | http://www.securityfocus.com/archive/1/522176 | Trust: 1.1 |
| url: | http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01945686 | Trust: 1.1 |
| url: | http://www-01.ibm.com/support/docview.wss?uid=swg1ic67848 | Trust: 1.1 |
| url: | http://www-01.ibm.com/support/docview.wss?uid=swg1ic68054 | Trust: 1.1 |
| url: | http://www-01.ibm.com/support/docview.wss?uid=swg1ic68055 | Trust: 1.1 |
| url: | http://www.mandriva.com/security/advisories?name=mdvsa-2010:076 | Trust: 1.1 |
| url: | http://www.mandriva.com/security/advisories?name=mdvsa-2010:084 | Trust: 1.1 |
| url: | http://www.mandriva.com/security/advisories?name=mdvsa-2010:089 | Trust: 1.1 |
| url: | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-049 | Trust: 1.1 |
| url: | http://www-01.ibm.com/support/docview.wss?uid=swg1pm12247 | Trust: 1.1 |
| url: | http://www.redhat.com/support/errata/rhsa-2010-0119.html | Trust: 1.1 |
| url: | http://www.redhat.com/support/errata/rhsa-2010-0130.html | Trust: 1.1 |
| url: | http://www.redhat.com/support/errata/rhsa-2010-0155.html | Trust: 1.1 |
| url: | http://www.redhat.com/support/errata/rhsa-2010-0165.html | Trust: 1.1 |
| url: | http://www.redhat.com/support/errata/rhsa-2010-0167.html | Trust: 1.1 |
| url: | http://www.redhat.com/support/errata/rhsa-2010-0337.html | Trust: 1.1 |
| url: | http://www.redhat.com/support/errata/rhsa-2010-0338.html | Trust: 1.1 |
| url: | http://www.redhat.com/support/errata/rhsa-2010-0339.html | Trust: 1.1 |
| url: | http://www.redhat.com/support/errata/rhsa-2010-0768.html | Trust: 1.1 |
| url: | http://www.redhat.com/support/errata/rhsa-2010-0770.html | Trust: 1.1 |
| url: | http://www.redhat.com/support/errata/rhsa-2010-0786.html | Trust: 1.1 |
| url: | http://www.redhat.com/support/errata/rhsa-2010-0807.html | Trust: 1.1 |
| url: | http://www.redhat.com/support/errata/rhsa-2010-0865.html | Trust: 1.1 |
| url: | http://www.redhat.com/support/errata/rhsa-2010-0986.html | Trust: 1.1 |
| url: | http://www.redhat.com/support/errata/rhsa-2010-0987.html | Trust: 1.1 |
| url: | http://www.redhat.com/support/errata/rhsa-2011-0880.html | Trust: 1.1 |
| url: | http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.html | Trust: 1.1 |
| url: | http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html | Trust: 1.1 |
| url: | http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html | Trust: 1.1 |
| url: | http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html | Trust: 1.1 |
| url: | http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html | Trust: 1.1 |
| url: | http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html | Trust: 1.1 |
| url: | http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html | Trust: 1.1 |
| url: | http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html | Trust: 1.1 |
| url: | http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html | Trust: 1.1 |
| url: | http://www.us-cert.gov/cas/techalerts/ta10-287a.html | Trust: 1.1 |
| url: | http://www.ubuntu.com/usn/usn-1010-1 | Trust: 1.1 |
| url: | http://ubuntu.com/usn/usn-923-1 | Trust: 1.1 |
| url: | http://www.ubuntu.com/usn/usn-927-1 | Trust: 1.1 |
| url: | http://www.ubuntu.com/usn/usn-927-4 | Trust: 1.1 |
| url: | http://www.ubuntu.com/usn/usn-927-5 | Trust: 1.1 |
| url: | http://openbsd.org/errata45.html#010_openssl | Trust: 1.1 |
| url: | http://openbsd.org/errata46.html#004_openssl | Trust: 1.1 |
| url: | http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00029.html | Trust: 1.1 |
| url: | http://www.openwall.com/lists/oss-security/2009/11/05/3 | Trust: 1.1 |
| url: | http://www.openwall.com/lists/oss-security/2009/11/05/5 | Trust: 1.1 |
| url: | http://www.openwall.com/lists/oss-security/2009/11/06/3 | Trust: 1.1 |
| url: | http://www.openwall.com/lists/oss-security/2009/11/07/3 | Trust: 1.1 |
| url: | http://www.openwall.com/lists/oss-security/2009/11/20/1 | Trust: 1.1 |
| url: | http://www.openwall.com/lists/oss-security/2009/11/23/10 | Trust: 1.1 |
| url: | http://www.ietf.org/mail-archive/web/tls/current/msg03928.html | Trust: 1.1 |
| url: | https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3cdev.tomcat.apache.org%3e | Trust: 1.1 |
| url: | https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3cdev.tomcat.apache.org%3e | Trust: 1.1 |
| url: | https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3cdev.tomcat.apache.org%3e | Trust: 1.1 |
| url: | https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3cdev.tomcat.apache.org%3e | Trust: 1.1 |
| url: | http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html | Trust: 1.1 |
| url: | http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_during | Trust: 1.1 |
| url: | http://clicky.me/tlsvuln | Trust: 1.1 |
| url: | http://extendedsubset.com/renegotiating_tls.pdf | Trust: 1.1 |
| url: | http://kbase.redhat.com/faq/docs/doc-20491 | Trust: 1.1 |
| url: | http://support.apple.com/kb/ht4004 | Trust: 1.1 |
| url: | http://support.apple.com/kb/ht4170 | Trust: 1.1 |
| url: | http://support.apple.com/kb/ht4171 | Trust: 1.1 |
| url: | http://support.avaya.com/css/p8/documents/100070150 | Trust: 1.1 |
| url: | http://support.avaya.com/css/p8/documents/100081611 | Trust: 1.1 |
| url: | http://support.avaya.com/css/p8/documents/100114315 | Trust: 1.1 |
| url: | http://support.avaya.com/css/p8/documents/100114327 | Trust: 1.1 |
| url: | http://support.citrix.com/article/ctx123359 | Trust: 1.1 |
| url: | http://support.zeus.com/zws/media/docs/4.3/release_notes | Trust: 1.1 |
| url: | http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_released | Trust: 1.1 |
| url: | http://sysoev.ru/nginx/patch.cve-2009-3555.txt | Trust: 1.1 |
| url: | http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html | Trust: 1.1 |
| url: | http://wiki.rpath.com/advisories:rpsa-2009-0155 | Trust: 1.1 |
| url: | http://www-01.ibm.com/support/docview.wss?uid=swg21426108 | Trust: 1.1 |
| url: | http://www-01.ibm.com/support/docview.wss?uid=swg21432298 | Trust: 1.1 |
| url: | http://www-01.ibm.com/support/docview.wss?uid=swg24006386 | Trust: 1.1 |
| url: | http://www-01.ibm.com/support/docview.wss?uid=swg24025312 | Trust: 1.1 |
| url: | http://www.arubanetworks.com/support/alerts/aid-020810.txt | Trust: 1.1 |
| url: | http://www.betanews.com/article/1257452450 | Trust: 1.1 |
| url: | http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs10-030/index.html | Trust: 1.1 |
| url: | http://www.ingate.com/relnote.php?ver=481 | Trust: 1.1 |
| url: | http://www.mozilla.org/security/announce/2010/mfsa2010-22.html | Trust: 1.1 |
| url: | http://www.openoffice.org/security/cves/cve-2009-3555.html | Trust: 1.1 |
| url: | http://www.openssl.org/news/secadv_20091111.txt | Trust: 1.1 |
| url: | http://www.opera.com/docs/changelogs/unix/1060/ | Trust: 1.1 |
| url: | http://www.opera.com/support/search/view/944/ | Trust: 1.1 |
| url: | http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html | Trust: 1.1 |
| url: | http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html | Trust: 1.1 |
| url: | http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html | Trust: 1.1 |
| url: | http://www.proftpd.org/docs/release_notes-1.3.2c | Trust: 1.1 |
| url: | http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html | Trust: 1.1 |
| url: | http://www.tombom.co.uk/blog/?p=85 | Trust: 1.1 |
| url: | http://www.vmware.com/security/advisories/vmsa-2010-0019.html | Trust: 1.1 |
| url: | http://www.vmware.com/security/advisories/vmsa-2011-0003.html | Trust: 1.1 |
| url: | http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html | Trust: 1.1 |
| url: | http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html | Trust: 1.1 |
| url: | https://bugzilla.mozilla.org/show_bug.cgi?id=526689 | Trust: 1.1 |
| url: | https://bugzilla.mozilla.org/show_bug.cgi?id=545755 | Trust: 1.1 |
| url: | https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05150888 | Trust: 1.1 |
| url: | https://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html | Trust: 1.1 |
| url: | http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html | Trust: 1.1 |
| url: | https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10088 | Trust: 1.1 |
| url: | https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a11578 | Trust: 1.1 |
| url: | https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a11617 | Trust: 1.1 |
| url: | https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a7315 | Trust: 1.1 |
| url: | https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a7478 | Trust: 1.1 |
| url: | https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a7973 | Trust: 1.1 |
| url: | https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a8366 | Trust: 1.1 |
| url: | https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a8535 | Trust: 1.1 |
| url: | https://exchange.xforce.ibmcloud.com/vulnerabilities/54158 | Trust: 1.1 |
| url: | http://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2 | Trust: 1.1 |
| url: | http://marc.info/?l=bugtraq&m=127557596201693&w=2 | Trust: 1.0 |
| url: | http://marc.info/?l=bugtraq&m=130497311408250&w=2 | Trust: 1.0 |
| url: | http://marc.info/?l=bugtraq&m=133469267822771&w=2 | Trust: 1.0 |
| url: | https://kb.bluecoat.com/index?page=content&id=sa50 | Trust: 1.0 |
| url: | http://marc.info/?l=bugtraq&m=132077688910227&w=2 | Trust: 1.0 |
| url: | http://marc.info/?l=bugtraq&m=126150535619567&w=2 | Trust: 1.0 |
| url: | http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.597446 | Trust: 1.0 |
| url: | http://marc.info/?l=bugtraq&m=142660345230545&w=2 | Trust: 1.0 |
| url: | http://marc.info/?l=cryptography&m=125752275331877&w=2 | Trust: 1.0 |
| url: | http://marc.info/?l=bugtraq&m=127128920008563&w=2 | Trust: 1.0 |
| url: | http://marc.info/?l=bugtraq&m=134254866602253&w=2 | Trust: 1.0 |
| url: | http://www-1.ibm.com/support/search.wss?rs=0&q=pm00675&apar=only | Trust: 1.0 |
| url: | http://marc.info/?l=bugtraq&m=127419602507642&w=2 | Trust: 1.0 |
| url: | http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00014.html | Trust: 0.8 |
| url: | http://cvs.openssl.org/chngview?cn=18790 | Trust: 0.8 |
| url: | http://www.links.org/files/no-renegotiation-2.patch | Trust: 0.8 |
| url: | http://blog.zoller.lu/2009/11/new-sslv3-tls-vulnerability-mitm.html | Trust: 0.8 |
| url: | http://jvn.jp/cert/jvnvu120541 | Trust: 0.8 |
| url: | http://jvn.jp/cert/jvnvu490671 | Trust: 0.8 |
| url: | http://jvn.jp/tr/jvntr-2010-22 | Trust: 0.8 |
| url: | http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-3555 | Trust: 0.8 |
| url: | http://secunia.com/advisories/38338 | Trust: 0.8 |
| url: | http://secunia.com/advisories/38728 | Trust: 0.8 |
| url: | http://secunia.com/advisories/38608 | Trust: 0.8 |
| url: | http://secunia.com/advisories/44292 | Trust: 0.8 |
| url: | http://secunia.com/advisories/44293 | Trust: 0.8 |
| url: | http://secunia.com/advisories/40879 | Trust: 0.8 |
| url: | http://secunia.com/advisories/44260 | Trust: 0.8 |
| url: | http://secunia.com/advisories/37566 | Trust: 0.8 |
| url: | http://www.us-cert.gov/cas/alerts/sa10-222a.html | Trust: 0.8 |
| url: | http://www.vupen.com/english/advisories/2010/1280 | Trust: 0.8 |
| url: | http://www.vupen.com/english/advisories/2010/2660 | Trust: 0.8 |
| url: | http://www.vupen.com/english/advisories/2010/1942 | Trust: 0.8 |
| url: | http://www.vupen.com/english/advisories/2009/3393 | Trust: 0.8 |
| url: | http://www.vupen.com/english/advisories/2010/0125 | Trust: 0.8 |
| url: | http://www.vupen.com/english/advisories/2010/0212 | Trust: 0.8 |
| url: | http://www.vupen.com/english/advisories/2010/0457 | Trust: 0.8 |
| url: | http://www.vupen.com/english/advisories/2010/2046 | Trust: 0.8 |
| url: | http://www.vupen.com/english/advisories/2011/1039 | Trust: 0.8 |
| url: | http://secunia.com/ | Trust: 0.3 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2010-0085 | Trust: 0.3 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2010-0084 | Trust: 0.3 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2010-0091 | Trust: 0.3 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2010-0089 | Trust: 0.3 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2010-0093 | Trust: 0.3 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0433 | Trust: 0.3 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2010-0082 | Trust: 0.3 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2010-0088 | Trust: 0.3 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2010-0092 | Trust: 0.3 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2010-0094 | Trust: 0.3 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2010-0087 | Trust: 0.3 |
| url: | http://lists.grok.org.uk/full-disclosure-charter.html | Trust: 0.3 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2010-0095 | Trust: 0.3 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2010-0090 | Trust: 0.3 |
| url: | http://kb.vmware.com/kb/1055 | Trust: 0.2 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0095 | Trust: 0.2 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0092 | Trust: 0.2 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0093 | Trust: 0.2 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0088 | Trust: 0.2 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0838 | Trust: 0.2 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0837 | Trust: 0.2 |
| url: | http://www.vmware.com/support/policies/eos_vi.html | Trust: 0.2 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0091 | Trust: 0.2 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0841 | Trust: 0.2 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0840 | Trust: 0.2 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0842 | Trust: 0.2 |
| url: | http://www.vmware.com/support/policies/eos.html | Trust: 0.2 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0886 | Trust: 0.2 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0734 | Trust: 0.2 |
| url: | http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce | Trust: 0.2 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0094 | Trust: 0.2 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0850 | Trust: 0.2 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0839 | Trust: 0.2 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0090 | Trust: 0.2 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0849 | Trust: 0.2 |
| url: | http://www.vmware.com/support/policies/security_response.html | Trust: 0.2 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0084 | Trust: 0.2 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0847 | Trust: 0.2 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0740 | Trust: 0.2 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0082 | Trust: 0.2 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0844 | Trust: 0.2 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2009-3548 | Trust: 0.2 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0089 | Trust: 0.2 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2009-2902 | Trust: 0.2 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0087 | Trust: 0.2 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2009-2693 | Trust: 0.2 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0846 | Trust: 0.2 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0845 | Trust: 0.2 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0848 | Trust: 0.2 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0085 | Trust: 0.2 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2009-2901 | Trust: 0.2 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0843 | Trust: 0.2 |
| url: | http://h30046.www3.hp.com/subsignin.php | Trust: 0.2 |
| url: | http://www.itrc.hp.com/service/cki/secbullarchive.do | Trust: 0.2 |
| url: | http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na&langcode=useng&jumpid=in_sc-gen__driveritrc&topiccode=itrc | Trust: 0.2 |
| url: | http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.6.orig.tar.gz | Trust: 0.2 |
| url: | http://www.mandriva.com/security/ | Trust: 0.2 |
| url: | http://www.mandriva.com/security/advisories | Trust: 0.2 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2010-0838 | Trust: 0.2 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2010-0839 | Trust: 0.2 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2010-0837 | Trust: 0.2 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3245 | Trust: 0.2 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2009-3245 | Trust: 0.2 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2010-0433 | Trust: 0.2 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2010-4476 | Trust: 0.2 |
| url: | http://marc.info/?l=bugtraq&m=132077688910227&w=2 | Trust: 0.1 |
| url: | http://marc.info/?l=bugtraq&m=142660345230545&w=2 | Trust: 0.1 |
| url: | http://marc.info/?l=bugtraq&m=127419602507642&w=2 | Trust: 0.1 |
| url: | http://marc.info/?l=bugtraq&m=134254866602253&w=2 | Trust: 0.1 |
| url: | http://marc.info/?l=bugtraq&m=130497311408250&w=2 | Trust: 0.1 |
| url: | http://marc.info/?l=bugtraq&m=133469267822771&w=2 | Trust: 0.1 |
| url: | http://marc.info/?l=bugtraq&m=126150535619567&w=2 | Trust: 0.1 |
| url: | http://marc.info/?l=bugtraq&m=127128920008563&w=2 | Trust: 0.1 |
| url: | http://marc.info/?l=bugtraq&m=127557596201693&w=2 | Trust: 0.1 |
| url: | http://www-1.ibm.com/support/search.wss?rs=0&q=pm00675&apar=only | Trust: 0.1 |
| url: | http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.597446 | Trust: 0.1 |
| url: | http://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2 | Trust: 0.1 |
| url: | http://marc.info/?l=cryptography&m=125752275331877&w=2 | Trust: 0.1 |
| url: | https://kb.bluecoat.com/index?page=content&id=sa50 | Trust: 0.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3556 | Trust: 0.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0086 | Trust: 0.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1086 | Trust: 0.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0730 | Trust: 0.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1088 | Trust: 0.1 |
| url: | http://kb.vmware.com/kb/1027919 | Trust: 0.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2939 | Trust: 0.1 |
| url: | http://downloads.vmware.com/support/vsphere4/doc/vsp_esxi41_u1_rel_notes.html | Trust: 0.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3571 | Trust: 0.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0307 | Trust: 0.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3548 | Trust: 0.1 |
| url: | http://kb.vmware.com/kb/1031330 | Trust: 0.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3554 | Trust: 0.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3562 | Trust: 0.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3557 | Trust: 0.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3550 | Trust: 0.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0085 | Trust: 0.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1384 | Trust: 0.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3567 | Trust: 0.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2008-0086 | Trust: 0.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2010-0003 | Trust: 0.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3553 | Trust: 0.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0106 | Trust: 0.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2227 | Trust: 0.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2008-0107 | Trust: 0.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2902 | Trust: 0.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2901 | Trust: 0.1 |
| url: | http://downloads.vmware.com/support/vsphere4/doc/vsp_esx41_u1_rel_notes.html | Trust: 0.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1085 | Trust: 0.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0291 | Trust: 0.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2248 | Trust: 0.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0415 | Trust: 0.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3561 | Trust: 0.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3541 | Trust: 0.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3559 | Trust: 0.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3565 | Trust: 0.1 |
| url: | http://kb.vmware.com/kb/1027904 | Trust: 0.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0107 | Trust: 0.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3574 | Trust: 0.1 |
| url: | http://downloads.vmware.com/d/info/datacenter_downloads/vmware_vsphere_4/4_0 | Trust: 0.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1157 | Trust: 0.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0007 | Trust: 0.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2524 | Trust: 0.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1087 | Trust: 0.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0622 | Trust: 0.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2008-3825 | Trust: 0.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3573 | Trust: 0.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1084 | Trust: 0.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2008-5416 | Trust: 0.1 |
| url: | http://www.vmware.com/security/advisories | Trust: 0.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2009-1384 | Trust: 0.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2010-0008 | Trust: 0.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2070 | Trust: 0.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-4308 | Trust: 0.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3549 | Trust: 0.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3548 | Trust: 0.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2693 | Trust: 0.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2009-4308 | Trust: 0.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2010-0007 | Trust: 0.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3568 | Trust: 0.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-5416 | Trust: 0.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3864 | Trust: 0.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3825 | Trust: 0.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0410 | Trust: 0.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1321 | Trust: 0.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3572 | Trust: 0.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1437 | Trust: 0.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0003 | Trust: 0.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3566 | Trust: 0.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0437 | Trust: 0.1 |
| url: | http://downloads.vmware.com/support/pubs/vs_pages/vsp_pubs_esx41_vc41.html | Trust: 0.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2066 | Trust: 0.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1436 | Trust: 0.1 |
| url: | http://kb.vmware.com/kb/1029353 | Trust: 0.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2008-0085 | Trust: 0.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2226 | Trust: 0.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1173 | Trust: 0.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0008 | Trust: 0.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1641 | Trust: 0.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2928 | Trust: 0.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2008-0106 | Trust: 0.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1187 | Trust: 0.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2521 | Trust: 0.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3569 | Trust: 0.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3081 | Trust: 0.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3551 | Trust: 0.1 |
| url: | https://ca.secunia.com/?page=viewadvisory&vuln_id=44293 | Trust: 0.1 |
| url: | http://secunia.com/advisories/44293/ | Trust: 0.1 |
| url: | http://secunia.com/research/ | Trust: 0.1 |
| url: | http://secunia.com/products/corporate/evm/ | Trust: 0.1 |
| url: | http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html#appendixas | Trust: 0.1 |
| url: | http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ | Trust: 0.1 |
| url: | http://secunia.com/advisories/secunia_security_advisories/ | Trust: 0.1 |
| url: | http://secunia.com/vulnerability_scanning/personal/ | Trust: 0.1 |
| url: | http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org | Trust: 0.1 |
| url: | http://secunia.com/advisories/44293/#comments | Trust: 0.1 |
| url: | http://secunia.com/company/jobs/open_positions/reverse_engineer | Trust: 0.1 |
| url: | http://secunia.com/advisories/about_secunia_advisories/ | Trust: 0.1 |
| url: | http://www.cisco.com/en/us/products/products_security_vulnerability_policy.html. | Trust: 0.1 |
| url: | http://www.cisco.com/warp/public/707/cisco-sa-20091109-tls.shtml | Trust: 0.1 |
| url: | http://www.cisco.com/pcgi-bin/support/bugtool/launch_bugtool.pl | Trust: 0.1 |
| url: | http://www.cisco.com/en/us/support/tsd_cisco_worldwide_contacts.html | Trust: 0.1 |
| url: | http://www.cisco.com/warp/public/707/cisco-sa-20091109-tls.shtml. | Trust: 0.1 |
| url: | http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html | Trust: 0.1 |
| url: | http://www.cisco.com. | Trust: 0.1 |
| url: | http://www.cisco.com/go/psirt. | Trust: 0.1 |
| url: | http://www.cisco.com/en/us/docs/general/warranty/english/eu1ken_.html, | Trust: 0.1 |
| url: | http://www.cisco.com/public/sw-center/sw-usingswc.shtml. | Trust: 0.1 |
| url: | http://intellishield.cisco.com/security/alertmanager/cvss | Trust: 0.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2006-4339 | Trust: 0.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2002-0840 | Trust: 0.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2009-3293 | Trust: 0.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2004-0492 | Trust: 0.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2006-2937 | Trust: 0.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2009-3292 | Trust: 0.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2006-4343 | Trust: 0.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2006-3918 | Trust: 0.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2008-0005 | Trust: 0.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2010-0010 | Trust: 0.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2003-0542 | Trust: 0.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2006-3747 | Trust: 0.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2009-3291 | Trust: 0.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2002-0839 | Trust: 0.1 |
| url: | http://h71000.www7.hp.com/openvms/products/ips/apache/csws_php.html | Trust: 0.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2006-2940 | Trust: 0.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2005-3357 | Trust: 0.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2005-3352 | Trust: 0.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2006-3738 | Trust: 0.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2005-2491 | Trust: 0.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2007-5000 | Trust: 0.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2009-3095 | Trust: 0.1 |
| url: | http://h71000.www7.hp.com/openvms/products/ips/apache/csws.html | Trust: 0.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2007-6388 | Trust: 0.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2009-1891 | Trust: 0.1 |
| url: | http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.6-0ubuntu0.9.04.1.diff.gz | Trust: 0.1 |
| url: | http://www.canonical.com | Trust: 0.1 |
| url: | http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_i386.deb | Trust: 0.1 |
| url: | http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_amd64.deb | Trust: 0.1 |
| url: | http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_powerpc.deb | Trust: 0.1 |
| url: | http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_sparc.deb | Trust: 0.1 |
| url: | http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_lpia.deb | Trust: 0.1 |
| url: | http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_powerpc.deb | Trust: 0.1 |
| url: | http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_amd64.deb | Trust: 0.1 |
| url: | http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_i386.deb | Trust: 0.1 |
| url: | http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.6-0ubuntu0.9.04.1.dsc | Trust: 0.1 |
| url: | http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_sparc.deb | Trust: 0.1 |
| url: | http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_powerpc.deb | Trust: 0.1 |
| url: | http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_i386.deb | Trust: 0.1 |
| url: | http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_powerpc.deb | Trust: 0.1 |
| url: | http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_lpia.deb | Trust: 0.1 |
| url: | http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_i386.deb | Trust: 0.1 |
| url: | http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_amd64.deb | Trust: 0.1 |
| url: | http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_i386.deb | Trust: 0.1 |
| url: | http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_lpia.deb | Trust: 0.1 |
| url: | http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_sparc.deb | Trust: 0.1 |
| url: | http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_amd64.deb | Trust: 0.1 |
| url: | http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_sparc.deb | Trust: 0.1 |
| url: | http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_powerpc.deb | Trust: 0.1 |
| url: | http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_lpia.deb | Trust: 0.1 |
| url: | http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_amd64.deb | Trust: 0.1 |
| url: | http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_sparc.deb | Trust: 0.1 |
| url: | http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_lpia.deb | Trust: 0.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0887 | Trust: 0.1 |
| url: | http://www.gentoo.org/doc/en/java.xml#doc_chap4 | Trust: 0.1 |
| url: | http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html | Trust: 0.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2010-0841 | Trust: 0.1 |
| url: | http://creativecommons.org/licenses/by-sa/2.5 | Trust: 0.1 |
| url: | http://security.gentoo.org/ | Trust: 0.1 |
| url: | http://security.gentoo.org/glsa/glsa-201006-18.xml | Trust: 0.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2010-0840 | Trust: 0.1 |
| url: | https://bugs.gentoo.org. | Trust: 0.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3767 | Trust: 0.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1646 | Trust: 0.1 |
| url: | http://www.vmware.com/security/advisoiries | Trust: 0.1 |
| url: | http://kb.vmware.com/kb/1023763 | Trust: 0.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2010-0826 | Trust: 0.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2010-1646 | Trust: 0.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2009-2409 | Trust: 0.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2409 | Trust: 0.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2010-0734 | Trust: 0.1 |
| url: | http://kb.vmware.com/kb/1023761 | Trust: 0.1 |
| url: | http://www.vmware.com/security | Trust: 0.1 |
| url: | http://kb.vmware.com/kb/1023764 | Trust: 0.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2009-3767 | Trust: 0.1 |
| url: | http://kb.vmware.com/kb/1023767 | Trust: 0.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0826 | Trust: 0.1 |
| url: | http://kb.vmware.com/kb/1023759 | Trust: 0.1 |
| url: | http://bit.ly/adhjeu | Trust: 0.1 |
| url: | http://kb.vmware.com/kb/1023766 | Trust: 0.1 |
| url: | http://kb.vmware.com/kb/1023762 | Trust: 0.1 |
| url: | http://kb.vmware.com/kb/1025321 | Trust: 0.1 |
| url: | http://kb.vmware.com/kb/1023765 | Trust: 0.1 |
| url: | http://kb.vmware.com/kb/1023760 | Trust: 0.1 |
| url: | http://www.vmware.com/support/policies/lifecycle/vi/faq.html | Trust: 0.1 |
| url: | http://security.freebsd.org/patches/sa-09:16/rtld.patch.asc | Trust: 0.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-4146 | Trust: 0.1 |
| url: | http://security.freebsd.org/>. | Trust: 0.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-4147 | Trust: 0.1 |
| url: | http://security.freebsd.org/advisories/freebsd-sa-09:16.rtld.asc | Trust: 0.1 |
| url: | http://security.freebsd.org/patches/sa-09:16/rtld7.patch | Trust: 0.1 |
| url: | http://security.freebsd.org/patches/sa-09:16/rtld7.patch.asc | Trust: 0.1 |
| url: | http://security.freebsd.org/patches/sa-09:16/rtld.patch | Trust: 0.1 |
| url: | http://www.freebsd.org/handbook/makeworld.html> | Trust: 0.1 |
| url: | http://www.debian.org/security/faq | Trust: 0.1 |
| url: | http://www.debian.org/security/ | Trust: 0.1 |
| url: | http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.8.04.1_lpia.deb | Trust: 0.1 |
| url: | http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.8.04.1_powerpc.deb | Trust: 0.1 |
| url: | http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.8.04.1_powerpc.deb | Trust: 0.1 |
| url: | http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.6-0ubuntu0.8.04.1.diff.gz | Trust: 0.1 |
| url: | http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.8.04.1_amd64.deb | Trust: 0.1 |
| url: | http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.6-0ubuntu0.8.04.1.dsc | Trust: 0.1 |
| url: | http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.12.6-0ubuntu0.8.04.1_powerpc.deb | Trust: 0.1 |
| url: | http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.8.04.1_amd64.deb | Trust: 0.1 |
| url: | http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.8.04.1_sparc.deb | Trust: 0.1 |
| url: | http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.8.04.1_i386.deb | Trust: 0.1 |
| url: | http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.8.04.1_i386.deb | Trust: 0.1 |
| url: | http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d_3.12.6-0ubuntu0.8.04.1_i386.deb | Trust: 0.1 |
| url: | http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.8.04.1_amd64.deb | Trust: 0.1 |
| url: | http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.8.04.1_powerpc.deb | Trust: 0.1 |
| url: | http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.8.04.1_sparc.deb | Trust: 0.1 |
| url: | http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.8.04.1_sparc.deb | Trust: 0.1 |
| url: | http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.12.6-0ubuntu0.8.04.1_lpia.deb | Trust: 0.1 |
| url: | http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.8.04.1_i386.deb | Trust: 0.1 |
| url: | http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.12.6-0ubuntu0.8.04.1_sparc.deb | Trust: 0.1 |
| url: | http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d_3.12.6-0ubuntu0.8.04.1_amd64.deb | Trust: 0.1 |
| url: | http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.8.04.1_i386.deb | Trust: 0.1 |
| url: | http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.8.04.1_lpia.deb | Trust: 0.1 |
| url: | http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.8.04.1_lpia.deb | Trust: 0.1 |
| url: | http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.8.04.1_sparc.deb | Trust: 0.1 |
| url: | http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.8.04.1_amd64.deb | Trust: 0.1 |
| url: | http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.8.04.1_lpia.deb | Trust: 0.1 |
| url: | http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.8.04.1_powerpc.deb | Trust: 0.1 |
| url: | http://www.mandriva.com/en/support/security/ | Trust: 0.1 |
| url: | http://www.mandriva.com/en/support/security/advisories/ | Trust: 0.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2013-1619 | Trust: 0.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1619 | Trust: 0.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2010-0740 | Trust: 0.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2009-3793 | Trust: 0.1 |
| url: | https://www.hp.com/go/swa | Trust: 0.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2008-4546 | Trust: 0.1 |
| url: | http://www.hp.com/go/hpsim | Trust: 0.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2011-2204 | Trust: 0.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2009-0033 | Trust: 0.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2011-2526 | Trust: 0.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2011-3190 | Trust: 0.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2009-0580 | Trust: 0.1 |
| url: | http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/ | Trust: 0.1 |
| url: | http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins | Trust: 0.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2009-0781 | Trust: 0.1 |
| url: | http://h71000.www7.hp.com/openvms/products/ips/apache/csws_java.html | Trust: 0.1 |
| url: | https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c02964430 | Trust: 0.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2011-1184 | Trust: 0.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2010-1157 | Trust: 0.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2011-2729 | Trust: 0.1 |
CREDITS
Mandriva
Trust: 0.3
SOURCES
| db: | CERT/CC | id: | VU#120541 |
| db: | VULHUB | id: | VHN-41001 |
| db: | PACKETSTORM | id: | 98419 |
| db: | PACKETSTORM | id: | 100761 |
| db: | PACKETSTORM | id: | 82657 |
| db: | PACKETSTORM | id: | 101257 |
| db: | PACKETSTORM | id: | 92095 |
| db: | PACKETSTORM | id: | 82652 |
| db: | PACKETSTORM | id: | 90286 |
| db: | PACKETSTORM | id: | 94383 |
| db: | PACKETSTORM | id: | 83415 |
| db: | PACKETSTORM | id: | 98469 |
| db: | PACKETSTORM | id: | 91309 |
| db: | PACKETSTORM | id: | 120714 |
| db: | PACKETSTORM | id: | 88698 |
| db: | PACKETSTORM | id: | 91749 |
| db: | PACKETSTORM | id: | 111920 |
| db: | JVNDB | id: | JVNDB-2009-002319 |
| db: | NVD | id: | CVE-2009-3555 |
LAST UPDATE DATE
2026-03-13T21:43:00.186000+00:00
SOURCES UPDATE DATE
| db: | CERT/CC | id: | VU#120541 | date: | 2011-07-22T00:00:00 |
| db: | VULHUB | id: | VHN-41001 | date: | 2023-02-13T00:00:00 |
| db: | JVNDB | id: | JVNDB-2009-002319 | date: | 2016-09-08T00:00:00 |
| db: | NVD | id: | CVE-2009-3555 | date: | 2025-04-09T00:30:58.490 |
SOURCES RELEASE DATE
| db: | CERT/CC | id: | VU#120541 | date: | 2009-11-11T00:00:00 |
| db: | VULHUB | id: | VHN-41001 | date: | 2009-11-09T00:00:00 |
| db: | PACKETSTORM | id: | 98419 | date: | 2011-02-11T13:13:00 |
| db: | PACKETSTORM | id: | 100761 | date: | 2011-04-24T07:03:07 |
| db: | PACKETSTORM | id: | 82657 | date: | 2009-11-17T01:21:40 |
| db: | PACKETSTORM | id: | 101257 | date: | 2011-05-10T00:45:11 |
| db: | PACKETSTORM | id: | 92095 | date: | 2010-07-23T18:03:56 |
| db: | PACKETSTORM | id: | 82652 | date: | 2009-11-17T01:07:45 |
| db: | PACKETSTORM | id: | 90286 | date: | 2010-06-04T05:32:00 |
| db: | PACKETSTORM | id: | 94383 | date: | 2010-09-30T16:07:42 |
| db: | PACKETSTORM | id: | 83415 | date: | 2009-12-03T21:03:04 |
| db: | PACKETSTORM | id: | 98469 | date: | 2011-02-14T21:33:52 |
| db: | PACKETSTORM | id: | 91309 | date: | 2010-06-30T03:23:55 |
| db: | PACKETSTORM | id: | 120714 | date: | 2013-03-08T04:15:53 |
| db: | PACKETSTORM | id: | 88698 | date: | 2010-04-20T15:07:58 |
| db: | PACKETSTORM | id: | 91749 | date: | 2010-07-14T04:19:30 |
| db: | PACKETSTORM | id: | 111920 | date: | 2012-04-17T20:41:11 |
| db: | JVNDB | id: | JVNDB-2009-002319 | date: | 2009-12-14T00:00:00 |
| db: | NVD | id: | CVE-2009-3555 | date: | 2009-11-09T17:30:00.407 |