Details of VAR-200911-0398

ID

VAR-200911-0398

CVE

CVE-2009-3555

TITLE

SSL and TLS protocols renegotiation vulnerability

Trust: 0.8

sources: CERT/CC: VU#120541

DESCRIPTION

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. A vulnerability exists in SSL and TLS protocols that may allow attackers to execute an arbitrary HTTP transaction. The Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols are commonly used to provide authentication, encryption, integrity, and non-repudiation services to network applications such as HTTP, IMAP, POP3, LDAP. This could result in a situation where the attacker may be able to issue commands to the server that appear to be coming from a legitimate source. According to the Network Working Group:The server treats the client's initial TLS handshake as a renegotiation and thus believes that the initial data transmitted by the attacker is from the same entity as the subsequent client data.This issue affects SSL version 3.0 and newer and TLS version 1.0 and newer. OpenSSL Security Advisory [11-Nov-2009] ======================================= A potentially serious flaw in SSL and TLS has been worked around in OpenSSL 0.9.8l. Since many changes had occurred on the 0.9.8 branch without a public release it was decided to release 0.9.8l based on the last publicly tested release version 0.9.8k. Man-in-the-middle Renegotiation Attack ====================================== A man-in-the-middle (MitM) can intercept an SSL connection and instead make his own connection to the server. He can then send arbitrary data and trigger a renegotiation using the client's original connection data. From the server's point of view the client simply connected, sent data, renegotiated and continued. From the client's point of view he connects to the server normally. There is no indication at the SSL level that the attack occurred. There may be indications at the level of the protocol layered on top of SSL, for example, unexpected or pipelined responses. This attack can also be performed when the server requests a renegotiation - in this variant, the MitM would wait for the server's renegotiation request and at that point replay the clients original connection data. Once the original client connection data has been replayed, the MitM can no longer inject data, nor can he read the traffic over the SSL connection in either direction. Workaround ========== The workaround in 0.9.8l simply bans all renegotiation. Because of the nature of the attack, this is only an effective defence when deployed on servers. Upgraded clients will still be vulnerable. Servers that need renegotiation to function correctly obviously cannot deploy this fix without breakage. Severity ======== Because of the enormous difficulty of analysing every possible attack on every protocol that is layered on SSL, the OpenSSL Team classify this as a severe issue and recommend that everyone who does not rely on renegotiation deploy 0.9.8l as soon as possible. History ======= A small number of people knew about the problem in advance under NDA and a comprehensive fix was being developed. Unfortunately the issue was independently discovered and the details made public so a less than ideal brute force emergency fix had to be developed and released. We are working on incorporating this into 0.9.8m, which will also incorporate a number of other security and bug fixes. Because renegotiation is, in practice, rarely used we will not be rushing the production of 0.9.8m, but will instead test interoperability with other implementations, and ensure the stability of the other fixes before release. Also thanks to ICASI who managed the early coordination of this issue. References =========== CVE-2009-3555: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 TLS extension: https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt URL for this Security Advisory: https://www.openssl.org/news/secadv_20091111.txt . - The SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely resulting in disclosure of information. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Oracle Application Server Multiple Vulnerabilities SECUNIA ADVISORY ID: SA44293 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44293/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44293 RELEASE DATE: 2011-04-24 DISCUSS ADVISORY: http://secunia.com/advisories/44293/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44293/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44293 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Oracle Application Server, which can be exploited by malicious users and people to manipulate certain data. 1) An error exists in the C Oracle SSL API of the Oracle Security Service component and can be exploited to manipulate certain data. 3) An error exists in the Midtier Infrastructure of the Portal component and can be exploited to manipulate certain data. For more information see vulnerability #3: SA44246 4) An unspecified error in the Single Sign On component can be exploited by authenticated users to manipulate certain data. The vulnerabilities are reported in the following products: * Oracle Application Server 10g Release 2 version 10.1.2.3.0. * Oracle Application Server 10g Release 3 version 10.1.3.5.0. SOLUTION: Apply updates (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: It is currently unclear who reported these vulnerabilities as the Oracle Critical Patch Update for April 2011 only provides a bundled list of credits. This section will be updated when/if the original reporter provides more information. ORIGINAL ADVISORY: Oracle: http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html#AppendixAS OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201406-32 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: IcedTea JDK: Multiple vulnerabilities Date: June 29, 2014 Bugs: #312297, #330205, #340819, #346799, #352035, #353418, #354231, #355127, #370787, #387637, #404095, #421031, #429522, #433389, #438750, #442478, #457206, #458410, #461714, #466822, #477210, #489570, #508270 ID: 201406-32 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in the IcedTea JDK, the worst of which could lead to arbitrary code execution. Background ========== IcedTea is a distribution of the Java OpenJDK source code built with free build tools. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-java/icedtea-bin < 6.1.13.3 >= 6.1.13.3 Description =========== Multiple vulnerabilities have been discovered in the IcedTea JDK. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, bypass intended security policies, or have other unspecified impact. Resolution ========== All IcedTea JDK users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/icedtea-bin-6.1.13.3" References ========== [ 1 ] CVE-2009-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3555 [ 2 ] CVE-2010-2548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2548 [ 3 ] CVE-2010-2783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2783 [ 4 ] CVE-2010-3541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3541 [ 5 ] CVE-2010-3548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3548 [ 6 ] CVE-2010-3549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3549 [ 7 ] CVE-2010-3551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3551 [ 8 ] CVE-2010-3553 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3553 [ 9 ] CVE-2010-3554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3554 [ 10 ] CVE-2010-3557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3557 [ 11 ] CVE-2010-3561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3561 [ 12 ] CVE-2010-3562 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3562 [ 13 ] CVE-2010-3564 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3564 [ 14 ] CVE-2010-3565 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3565 [ 15 ] CVE-2010-3566 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3566 [ 16 ] CVE-2010-3567 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3567 [ 17 ] CVE-2010-3568 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3568 [ 18 ] CVE-2010-3569 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3569 [ 19 ] CVE-2010-3573 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3573 [ 20 ] CVE-2010-3574 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3574 [ 21 ] CVE-2010-3860 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3860 [ 22 ] CVE-2010-4351 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4351 [ 23 ] CVE-2010-4448 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4448 [ 24 ] CVE-2010-4450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4450 [ 25 ] CVE-2010-4465 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4465 [ 26 ] CVE-2010-4467 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4467 [ 27 ] CVE-2010-4469 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4469 [ 28 ] CVE-2010-4470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4470 [ 29 ] CVE-2010-4471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4471 [ 30 ] CVE-2010-4472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4472 [ 31 ] CVE-2010-4476 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4476 [ 32 ] CVE-2011-0025 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0025 [ 33 ] CVE-2011-0706 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0706 [ 34 ] CVE-2011-0815 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0815 [ 35 ] CVE-2011-0822 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0822 [ 36 ] CVE-2011-0862 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0862 [ 37 ] CVE-2011-0864 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0864 [ 38 ] CVE-2011-0865 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0865 [ 39 ] CVE-2011-0868 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0868 [ 40 ] CVE-2011-0869 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0869 [ 41 ] CVE-2011-0870 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0870 [ 42 ] CVE-2011-0871 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0871 [ 43 ] CVE-2011-0872 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0872 [ 44 ] CVE-2011-3389 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389 [ 45 ] CVE-2011-3521 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3521 [ 46 ] CVE-2011-3544 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3544 [ 47 ] CVE-2011-3547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3547 [ 48 ] CVE-2011-3548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3548 [ 49 ] CVE-2011-3551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3551 [ 50 ] CVE-2011-3552 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3552 [ 51 ] CVE-2011-3553 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3553 [ 52 ] CVE-2011-3554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3554 [ 53 ] CVE-2011-3556 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3556 [ 54 ] CVE-2011-3557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3557 [ 55 ] CVE-2011-3558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3558 [ 56 ] CVE-2011-3560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3560 [ 57 ] CVE-2011-3563 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3563 [ 58 ] CVE-2011-3571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3571 [ 59 ] CVE-2011-5035 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5035 [ 60 ] CVE-2012-0497 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0497 [ 61 ] CVE-2012-0501 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0501 [ 62 ] CVE-2012-0502 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0502 [ 63 ] CVE-2012-0503 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0503 [ 64 ] CVE-2012-0505 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0505 [ 65 ] CVE-2012-0506 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0506 [ 66 ] CVE-2012-0547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0547 [ 67 ] CVE-2012-1711 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1711 [ 68 ] CVE-2012-1713 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1713 [ 69 ] CVE-2012-1716 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1716 [ 70 ] CVE-2012-1717 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1717 [ 71 ] CVE-2012-1718 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1718 [ 72 ] CVE-2012-1719 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1719 [ 73 ] CVE-2012-1723 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1723 [ 74 ] CVE-2012-1724 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1724 [ 75 ] CVE-2012-1725 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1725 [ 76 ] CVE-2012-1726 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1726 [ 77 ] CVE-2012-3216 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3216 [ 78 ] CVE-2012-3422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3422 [ 79 ] CVE-2012-3423 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3423 [ 80 ] CVE-2012-4416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4416 [ 81 ] CVE-2012-4540 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4540 [ 82 ] CVE-2012-5068 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5068 [ 83 ] CVE-2012-5069 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5069 [ 84 ] CVE-2012-5070 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5070 [ 85 ] CVE-2012-5071 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5071 [ 86 ] CVE-2012-5072 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5072 [ 87 ] CVE-2012-5073 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5073 [ 88 ] CVE-2012-5074 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5074 [ 89 ] CVE-2012-5075 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5075 [ 90 ] CVE-2012-5076 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5076 [ 91 ] CVE-2012-5077 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5077 [ 92 ] CVE-2012-5081 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5081 [ 93 ] CVE-2012-5084 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5084 [ 94 ] CVE-2012-5085 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5085 [ 95 ] CVE-2012-5086 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5086 [ 96 ] CVE-2012-5087 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5087 [ 97 ] CVE-2012-5089 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5089 [ 98 ] CVE-2012-5979 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5979 [ 99 ] CVE-2013-0169 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0169 [ 100 ] CVE-2013-0401 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0401 [ 101 ] CVE-2013-0424 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0424 [ 102 ] CVE-2013-0425 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0425 [ 103 ] CVE-2013-0426 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0426 [ 104 ] CVE-2013-0427 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0427 [ 105 ] CVE-2013-0428 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0428 [ 106 ] CVE-2013-0429 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0429 [ 107 ] CVE-2013-0431 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0431 [ 108 ] CVE-2013-0432 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0432 [ 109 ] CVE-2013-0433 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0433 [ 110 ] CVE-2013-0434 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0434 [ 111 ] CVE-2013-0435 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0435 [ 112 ] CVE-2013-0440 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0440 [ 113 ] CVE-2013-0441 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0441 [ 114 ] CVE-2013-0442 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0442 [ 115 ] CVE-2013-0443 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0443 [ 116 ] CVE-2013-0444 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0444 [ 117 ] CVE-2013-0450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0450 [ 118 ] CVE-2013-0809 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0809 [ 119 ] CVE-2013-1475 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1475 [ 120 ] CVE-2013-1476 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1476 [ 121 ] CVE-2013-1478 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1478 [ 122 ] CVE-2013-1480 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1480 [ 123 ] CVE-2013-1484 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1484 [ 124 ] CVE-2013-1485 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1485 [ 125 ] CVE-2013-1486 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1486 [ 126 ] CVE-2013-1488 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1488 [ 127 ] CVE-2013-1493 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1493 [ 128 ] CVE-2013-1500 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1500 [ 129 ] CVE-2013-1518 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1518 [ 130 ] CVE-2013-1537 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1537 [ 131 ] CVE-2013-1557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1557 [ 132 ] CVE-2013-1569 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1569 [ 133 ] CVE-2013-1571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1571 [ 134 ] CVE-2013-2383 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2383 [ 135 ] CVE-2013-2384 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2384 [ 136 ] CVE-2013-2407 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2407 [ 137 ] CVE-2013-2412 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2412 [ 138 ] CVE-2013-2415 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2415 [ 139 ] CVE-2013-2417 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2417 [ 140 ] CVE-2013-2419 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2419 [ 141 ] CVE-2013-2420 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2420 [ 142 ] CVE-2013-2421 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2421 [ 143 ] CVE-2013-2422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2422 [ 144 ] CVE-2013-2423 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2423 [ 145 ] CVE-2013-2424 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2424 [ 146 ] CVE-2013-2426 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2426 [ 147 ] CVE-2013-2429 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2429 [ 148 ] CVE-2013-2430 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2430 [ 149 ] CVE-2013-2431 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2431 [ 150 ] CVE-2013-2436 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2436 [ 151 ] CVE-2013-2443 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2443 [ 152 ] CVE-2013-2444 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2444 [ 153 ] CVE-2013-2445 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2445 [ 154 ] CVE-2013-2446 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2446 [ 155 ] CVE-2013-2447 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2447 [ 156 ] CVE-2013-2448 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2448 [ 157 ] CVE-2013-2449 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2449 [ 158 ] CVE-2013-2450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2450 [ 159 ] CVE-2013-2451 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2451 [ 160 ] CVE-2013-2452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2452 [ 161 ] CVE-2013-2453 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2453 [ 162 ] CVE-2013-2454 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2454 [ 163 ] CVE-2013-2455 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2455 [ 164 ] CVE-2013-2456 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2456 [ 165 ] CVE-2013-2457 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2457 [ 166 ] CVE-2013-2458 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2458 [ 167 ] CVE-2013-2459 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2459 [ 168 ] CVE-2013-2460 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2460 [ 169 ] CVE-2013-2461 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2461 [ 170 ] CVE-2013-2463 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2463 [ 171 ] CVE-2013-2465 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2465 [ 172 ] CVE-2013-2469 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2469 [ 173 ] CVE-2013-2470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2470 [ 174 ] CVE-2013-2471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2471 [ 175 ] CVE-2013-2472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2472 [ 176 ] CVE-2013-2473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2473 [ 177 ] CVE-2013-3829 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3829 [ 178 ] CVE-2013-4002 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4002 [ 179 ] CVE-2013-5772 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5772 [ 180 ] CVE-2013-5774 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5774 [ 181 ] CVE-2013-5778 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5778 [ 182 ] CVE-2013-5780 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5780 [ 183 ] CVE-2013-5782 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5782 [ 184 ] CVE-2013-5783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5783 [ 185 ] CVE-2013-5784 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5784 [ 186 ] CVE-2013-5790 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5790 [ 187 ] CVE-2013-5797 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5797 [ 188 ] CVE-2013-5800 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5800 [ 189 ] CVE-2013-5802 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5802 [ 190 ] CVE-2013-5803 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5803 [ 191 ] CVE-2013-5804 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5804 [ 192 ] CVE-2013-5805 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5805 [ 193 ] CVE-2013-5806 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5806 [ 194 ] CVE-2013-5809 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5809 [ 195 ] CVE-2013-5814 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5814 [ 196 ] CVE-2013-5817 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5817 [ 197 ] CVE-2013-5820 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5820 [ 198 ] CVE-2013-5823 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5823 [ 199 ] CVE-2013-5825 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5825 [ 200 ] CVE-2013-5829 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5829 [ 201 ] CVE-2013-5830 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5830 [ 202 ] CVE-2013-5840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5840 [ 203 ] CVE-2013-5842 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5842 [ 204 ] CVE-2013-5849 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5849 [ 205 ] CVE-2013-5850 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5850 [ 206 ] CVE-2013-5851 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5851 [ 207 ] CVE-2013-6629 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6629 [ 208 ] CVE-2013-6954 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6954 [ 209 ] CVE-2014-0429 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0429 [ 210 ] CVE-2014-0446 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0446 [ 211 ] CVE-2014-0451 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0451 [ 212 ] CVE-2014-0452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0452 [ 213 ] CVE-2014-0453 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0453 [ 214 ] CVE-2014-0456 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0456 [ 215 ] CVE-2014-0457 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0457 [ 216 ] CVE-2014-0458 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0458 [ 217 ] CVE-2014-0459 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0459 [ 218 ] CVE-2014-0460 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0460 [ 219 ] CVE-2014-0461 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0461 [ 220 ] CVE-2014-1876 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1876 [ 221 ] CVE-2014-2397 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2397 [ 222 ] CVE-2014-2398 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2398 [ 223 ] CVE-2014-2403 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2403 [ 224 ] CVE-2014-2412 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2412 [ 225 ] CVE-2014-2414 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2414 [ 226 ] CVE-2014-2421 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2421 [ 227 ] CVE-2014-2423 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2423 [ 228 ] CVE-2014-2427 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2427 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201406-32.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Aruba Networks Security Advisory Title: TLS Protocol Session Renegotiation Security Vulnerability Aruba Advisory ID: AID-020810 Revision: 1.0 For Public Release on 02/08/2010 +---------------------------------------------------- SUMMARY This advisory addresses the renegotiation related vulnerability disclosed recently in Transport Layer Security protocol [1][2]. The only ArubaOS component that seems affected by this issue is the HTTPS WebUI administration interface. If a client browser (victim) is configured to authenticate to the WebUI over HTTPS using a client certificate, an attacker can potentially use the victim's credentials temporarily to execute arbitrary HTTP request for each initiation of an HTTPS session from the victim to the WebUI. This would happen without any HTTPS/TLS warnings to the victim. This condition can essentially be exploited by an attacker for command injection in beginning of a HTTPS session between the victim and the ArubaOS WebUI. ArubaOS itself does not initiate TLS renegotiation at any point and hence is only vulnerable to scenario where a client explicitly requests TLS renegotiation. Captive Portal users do not seem vulnerable to this issue unless somehow client certificates are being used to authenticate captive portal users. AFFECTED ArubaOS VERSIONS 2.5.6.x, 3.3.2.x, 3.3.3.x, 3.4.0.x, 3.4.1.x, RN 3.1.x, 3.3.2.x-FIPS, 2.4.8.x-FIPS CHECK IF YOU ARE VULNERABLE The only ArubaOS component that seems affected by this issue is the HTTPS WebUI administration interface. ArubaOS is vulnerable only if its configuration permits WebUI administration interface clients to connect using either username/password or client certificates. If only one of the two authentication method is allowed, this issue does not seem to apply. Check if the following line appears in your configuration: web-server mgmt-auth username/password certificate If the exact line does not appear in the configuration, this issue does not apply. DETAILS An industry wide vulnerability was discovered in TLS protocol's renegotiation feature, which allows a client and server who already have a TLS connection to negotiate new session parameters and generate new key material. Renegotiation is carried out in the existing TLS connection. However there is no cryptographic binding between the renegotiated TLS session and the original TLS session. An attacker who has established MITM between client and server may be able to take advantage of this and inject arbitrary data into the beginning of the application protocol stream protected by TLS. Specifically arbitrary HTTP requests can be injected in a HTTPS session where attacker (MITM) blocks HTTPS session initiation between client and server, establishes HTTPS session with the server itself, injects HTTP data and initiates TLS renegotiation with the server. Then attacker allows the renegotiation to occur between the client and the server. After successful HTTPS session establishment with the server, now the client sends its HTTP request along with its HTTP credentials (cookie) to the server. However due to format of attacker's injected HTTP data, the client's HTTP request is not processed, rather the attacker's HTTP request gets executed with credentials of the client. The attacker is not able to view the results of the injected HTTP request due to the fact that data between the client and the server is encrypted over HTTPS. ArubaOS itself does not initiate TLS renegotiation at any point. The only ArubaOS component that seems affected by this issue is the HTTPS WebUI administration interface. Pre-requisites for this attack : 1. The attacker must be able to establish a MITM between the client and the server (ArubaOS WebUI). 2. The attacker must be able to establish a successful HTTPS session with the server (ArubaOS WebUI) 3. ArubaOS must be configured to allow certificate based HTTPS authentication for WebUI clients (client certs). Captive Portal users do not seem vulnerable to this issue unless somehow client certificates are being used to authenticate captive portal users. CVSS v2 BASE METRIC SCORE: 6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P) WORKAROUNDS Aruba Networks recommends that all customers apply the appropriate patch(es) as soon as practical. However, in the event that a patch cannot immediately be applied, the following steps will help to mitigate the risk: - - - Disable certificate based HTTPS authentication (and only allow username-password based authentication) for WebUI clients. Client's username-password authentication POST request will prohibit attacker's injected HTTP data from executing with client's cookie. CLI command: web-server mgmt-auth username/password - - - Permit certificate based HTTPS authentication ONLY and disable username-password based authentication to WebUI. This will prohibit attacker from establishing a HTTPS session with ArubaOS (for MITM) without a valid client cert. CLI command: web-server mgmt-auth certificate Note: This step won't stop command injection from attackers who have valid client certificates but their assigned management role privileges are lower than that of the admin. This attack may allow them to run commands at higher privilege than what is permitted in their role. - - - Do not expose the Mobility Controller administrative interface to untrusted networks such as the Internet. SOLUTION Aruba Networks recommends that all customers apply the appropriate patch(es) as soon as practical. The following patches have the fix (any newer patch will also have the fix): - - - - 2.5.6.24 - - - - 3.3.2.23 - - - - 3.3.3.2 - - - - 3.4.0.7 - - - - 3.4.1.1 - - - - RN 3.1.4 Please contact Aruba support for obtaining patched FIPS releases. Please note: We highly recommend that you upgrade your Mobility Controller to the latest available patch on the Aruba support site corresponding to your currently installed release. REFERENCES [1] http://extendedsubset.com/?p=8 [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 +---------------------------------------------------- OBTAINING FIXED FIRMWARE Aruba customers can obtain the firmware on the support website: http://www.arubanetworks.com/support. Aruba Support contacts are as follows: 1-800-WiFiLAN (1-800-943-4526) (toll free from within North America) +1-408-754-1200 (toll call from anywhere in the world) e-mail: support(at)arubanetworks.com Please, do not contact either "wsirt(at)arubanetworks.com" or "security(at)arubanetworks.com" for software upgrades. EXPLOITATION AND PUBLIC ANNOUNCEMENTS This vulnerability will be announced at Aruba W.S.I.R.T. Advisory: http://www.arubanetworks.com/support/alerts/aid-020810.txt SecurityFocus Bugtraq http://www.securityfocus.com/archive/1 STATUS OF THIS NOTICE: Final Although Aruba Networks cannot guarantee the accuracy of all statements in this advisory, all of the facts have been checked to the best of our ability. Aruba Networks does not anticipate issuing updated versions of this advisory unless there is some material change in the facts. Should there be a significant change in the facts, Aruba Networks may update this advisory. A stand-alone copy or paraphrase of the text of this security advisory that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. DISTRIBUTION OF THIS ANNOUNCEMENT This advisory will be posted on Aruba's website at: http://www.arubanetworks.com/support/alerts/aid-020810.txt Future updates of this advisory, if any, will be placed on Aruba's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. REVISION HISTORY Revision 1.0 / 02-08-2010 / Initial release ARUBA WSIRT SECURITY PROCEDURES Complete information on reporting security vulnerabilities in Aruba Networks products, obtaining assistance with security incidents is available at http://www.arubanetworks.com/support/wsirt.php For reporting *NEW* Aruba Networks security issues, email can be sent to wsirt(at)arubanetworks.com or security(at)arubanetworks.com. For sensitive information we encourage the use of PGP encryption. Our public keys can be found at http://www.arubanetworks.com/support/wsirt.php (c) Copyright 2010 by Aruba Networks, Inc. This advisory may be redistributed freely after the release date given at the top of the text, provided that redistributed copies are complete and unmodified, including all date and version information. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAktwksYACgkQp6KijA4qefXErQCeKJW3YU3Nl7JY4+2Hp2zqM3bN bWAAoJWQT+yeWX2q+02hNEwHWQtGf1YP =CrHf -----END PGP SIGNATURE----- . HP Integrated Lights-Out 2 (iLO2) firmware versions 2.05 and earlier. HP Integrated Lights-Out 3 (iLO3) firmware versions 1.16 and earlier. The latest firmware and installation instructions are available from the HP Business Support Center: http://www.hp.com/go/bizsupport HP Integrated Lights-Out 2 (iLO2) Online ROM Flash Component for Linux and Windows v2.06 or subsequent. Summary ESX 3.x Console OS (COS) updates for samba, bzip2, and openssl packages. Relevant releases VMware ESX 3.5 without patches ESX350-201012408-SG, ESX350-201012409-SG, ESX350-201012401-SG Notes: Effective May 2010, VMware's patch and update release program during Extended Support will be continued with the condition that all subsequent patch and update releases will be based on the latest baseline release version as of May 2010 (i.e. ESX 3.0.3 Update 1, ESX 3.5 Update 5, and VirtualCenter 2.5 Update 6). Refer to section "End of Product Availability FAQs" at http://www.vmware.com/support/policies/lifecycle/vi/faq.html for details. Extended support for ESX 3.0.3 ends on 2011-12-10. Users should plan to upgrade to at least ESX 3.5 and preferably to the newest release available. Problem Description a. Service Console update for samba The service console package samba is updated to version 3.0.9-1.3E.18. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-3069 to this issue. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.1 ESX not applicable ESX 4.0 ESX not applicable ESX 3.5 ESX ESX350-201012408-SG ESX 3.0.3 ESX affected, patch pending * hosted products are VMware Workstation, Player, ACE, Server, Fusion. b. Service Console update for bzip2 The service console package bzip2 updated to version 1.0.2-14.EL3. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-0405 to this issue. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.1 ESX affected, patch pending ESX 4.0 ESX affected, patch pending ESX 3.5 ESX ESX350-201012409-SG ESX 3.0.3 ESX affected, patch pending * hosted products are VMware Workstation, Player, ACE, Server, Fusion. c. Service Console update for OpenSSL The service console package openssl updated to version 0.9.7a-33.26. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-0590, CVE-2009-2409 and CVE-2009-3555 to the issues addressed in this update. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.1 ESX not applicable ESX 4.0 ESX not applicable ESX 3.5 ESX ESX350-201012401-SG ESX 3.0.3 ESX affected, no patch planned * hosted products are VMware Workstation, Player, ACE, Server, Fusion. Solution Please review the patch/release notes for your product and version and verify the md5sum of your downloaded file. ESX 3.5 ------- Samba http://download3.vmware.com/software/vi/ESX350-201012408-SG.zip md5sum: 53a427d5d2213c51d57e8e8f7e3d544c http://kb.vmware.com/kb/1029999 bzip http://download3.vmware.com/software/vi/ESX350-201012409-SG.zip md5sum: 0a688d7153380fcb5d7ca0ac098e2d03 http://kb.vmware.com/kb/1030000 openssl http://download3.vmware.com/software/vi/ESX350-201012401-SG.zip md5sum: a8b1d9e4eabd14b6822bd1f8bf6dbf69 http://kb.vmware.com/kb/1029993 5. Contact E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: * security-announce at lists.vmware.com * bugtraq at securityfocus.com * full-disclosure at lists.grok.org.uk E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055 VMware Security Center http://www.vmware.com/security VMware Security Advisories http://www.vmware.com/security/advisories VMware security response policy http://www.vmware.com/support/policies/security_response.html General support life cycle policy http://www.vmware.com/support/policies/eos.html VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html Copyright 2010 VMware Inc. All rights reserved. References: CVE-2009-3245, CVE-2009-3555, CVE-2009-4355, CVE-2010-0433, CVE-2010-0740. The vulnerabilities are reported in versions prior to 3.2.1. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. Details follow: USN-927-1 fixed vulnerabilities in nss in Ubuntu 9.10. (CVE-2009-3555) It was discovered that Loader-constraint table, Policy/PolicyFile, Inflater/Deflater, drag/drop access, and deserialization did not correctly handle certain sensitive objects. If a user were tricked into running a specially crafted applet, private information could be leaked to a remote attacker, leading to a loss of privacy. (CVE-2010-0082, CVE-2010-0084, CVE-2010-0085, CVE-2010-0088, CVE-2010-0091, CVE-2010-0094) It was discovered that AtomicReferenceArray, System.arraycopy, InetAddress, and HashAttributeSet did not correctly handle certain situations. If a remote attacker could trigger specific error conditions, a Java application could crash, leading to a denial of service. (CVE-2010-0092, CVE-2010-0093, CVE-2010-0095, CVE-2010-0845) It was discovered that Pack200, CMM readMabCurveData, ImagingLib, and the AWT library did not correctly check buffer lengths. It was discovered that applets did not correctly handle certain trust chains. The vulnerabilities could be exploited remotely to execute arbitrary code and other exploits. HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows prior to v6.1. Service (DoS) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01945686 Version: 1 HPSBUX02482 SSRT090249 rev.1 - HP-UX Running OpenSSL, Remote Unauthorized Data Injection, Denial of Service (DoS) NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2009-11-25 Last Updated: 2009-11-25 Potential Security Impact: Remote unauthorized data injection, Denial of Service (DoS) Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP-UX OpenSSL. The vulnerability could be exploited remotely to inject unauthorized data or to create a Denial of Service (DoS). References: CVE-2009-3555 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, B.11.31 running OpenSSL before vA.00.09.08l. BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2009-3555 (AV:N/AC:L/Au:N/C:N/I:P/A:P) 6.4 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has provided upgrades to resolve this vulnerability. The upgrades are available from the following location. HOST ACCOUNT PASSWORD ftp.usa.hp.com sb02482 Secure12 HP-UX Release Depot name SHA-1 Hash B.11.11 PA (32 and 64) OpenSSL_A.00.09.08l.001_HP-UX_B.11.11_32+64.depot 2efb-e45e-78a7-17d0-11e9-5c10-3753-0585-6fde-36c4 B.11.23 (PA and IA) OpenSSL_A.00.09.08l.002_HP-UX_B.11.23_IA-PA.depot 2794-2f77-48a4-3316-a8b9-d213-7243-8e1b-7336-95a2 B.11.31 (PA and IA) OpenSSL_A.00.09.08l.003_HP-UX_B.11.31_IA-PA.depot 7be7-25a2-d3c4-0dce-761d-eba0-2782-8788-3bf8-02ca Note: OpenSSL vA.00.09.08l disables renegotiation. Although renegotiation is thought to be rarely used, applications should be tested to evaluate the impact of installing OpenSSL vA.00.09.08l. MANUAL ACTIONS: Yes - Update Install OpenSSL A.00.09.08l or subsequent PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant. AFFECTED VERSIONS HP-UX B.11.11 ================== openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN action: install revision A.00.09.08l.001 or subsequent HP-UX B.11.23 ================== openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-LIB.2 openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PRNG.2 openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-RUN.2 action: install revision A.00.09.08l.002 or subsequent HP-UX B.11.31 ================== openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-LIB.2 openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PRNG.2 openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-RUN.2 action: install revision A.00.09.08l.003 or subsequent END AFFECTED VERSIONS HISTORY Version:1 (rev.1) 25 November 2009 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For further information, contact normal HP Services support channel. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches -check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems -verify your operating system selections are checked and save. To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections. To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do * The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement." Copyright 2009 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. =========================================================== Ubuntu Security Notice USN-1010-1 October 28, 2010 openjdk-6, openjdk-6b18 vulnerabilities CVE-2009-3555, CVE-2010-3541, CVE-2010-3548, CVE-2010-3549, CVE-2010-3551, CVE-2010-3553, CVE-2010-3554, CVE-2010-3557, CVE-2010-3561, CVE-2010-3562, CVE-2010-3564, CVE-2010-3565, CVE-2010-3566, CVE-2010-3567, CVE-2010-3568, CVE-2010-3569, CVE-2010-3573, CVE-2010-3574 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 9.10 Ubuntu 10.04 LTS Ubuntu 10.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: icedtea6-plugin 6b18-1.8.2-4ubuntu1~8.04.1 openjdk-6-jdk 6b18-1.8.2-4ubuntu1~8.04.1 openjdk-6-jre 6b18-1.8.2-4ubuntu1~8.04.1 openjdk-6-jre-headless 6b18-1.8.2-4ubuntu1~8.04.1 Ubuntu 9.10: icedtea6-plugin 6b18-1.8.2-4ubuntu1~9.10.1 openjdk-6-jdk 6b18-1.8.2-4ubuntu1~9.10.1 openjdk-6-jre 6b18-1.8.2-4ubuntu1~9.10.1 openjdk-6-jre-headless 6b18-1.8.2-4ubuntu1~9.10.1 Ubuntu 10.04 LTS: icedtea6-plugin 6b18-1.8.2-4ubuntu2 openjdk-6-jdk 6b18-1.8.2-4ubuntu2 openjdk-6-jre 6b18-1.8.2-4ubuntu2 openjdk-6-jre-headless 6b18-1.8.2-4ubuntu2 Ubuntu 10.10: icedtea6-plugin 6b18-1.8.2-4ubuntu1 openjdk-6-jdk 6b18-1.8.2-4ubuntu1 openjdk-6-jre 6b18-1.8.2-4ubuntu1 openjdk-6-jre-headless 6b18-1.8.2-4ubuntu1 After a standard system update you need to restart any Java services, applications or applets to make all the necessary changes. Details follow: Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. USN-923-1 disabled SSL/TLS renegotiation by default; this update implements the TLS Renegotiation Indication Extension as defined in RFC 5746, and thus supports secure renegotiation between updated clients and servers. (CVE-2009-3555) It was discovered that the HttpURLConnection class did not validate request headers set by java applets, which could allow an attacker to trigger actions otherwise not allowed to HTTP clients. (CVE-2010-3541) It was discovered that JNDI could leak information that would allow an attacker to to access information about otherwise-protected internal network names. (CVE-2010-3548) It was discovered that HttpURLConnection improperly handled the "chunked" transfer encoding method, which could allow attackers to conduct HTTP response splitting attacks. (CVE-2010-3549) It was discovered that the NetworkInterface class improperly checked the network "connect" permissions for local network addresses. This could allow an attacker to read local network addresses. (CVE-2010-3551) It was discovered that UIDefault.ProxyLazyValue had unsafe reflection usage, allowing an attacker to create objects. (CVE-2010-3553) It was discovered that multiple flaws in the CORBA reflection implementation could allow an attacker to execute arbitrary code by misusing permissions granted to certain system objects. (CVE-2010-3554) It was discovered that unspecified flaws in the Swing library could allow untrusted applications to modify the behavior and state of certain JDK classes. (CVE-2010-3557) It was discovered that the privileged accept method of the ServerSocket class in the CORBA implementation allowed it to receive connections from any host, instead of just the host of the current connection. An attacker could use this flaw to bypass restrictions defined by network permissions. (CVE-2010-3561) It was discovered that there exists a double free in java's indexColorModel that could allow an attacker to cause an applet or application to crash, or possibly execute arbitrary code with the privilege of the user running the java applet or application. (CVE-2010-3562) It was discovered that the Kerberos implementation improperly checked AP-REQ requests, which could allow an attacker to cause a denial of service against the receiving JVM. (CVE-2010-3564) It was discovered that improper checks of unspecified image metadata in JPEGImageWriter.writeImage of the imageio API could allow an attacker to execute arbitrary code with the privileges of the user running a java applet or application. (CVE-2010-3565) It was discovered that an unspecified vulnerability in the ICC profile handling code could allow an attacker to execute arbitrary code with the privileges of the user running a java applet or application. (CVE-2010-3566) It was discovered that a miscalculation in the OpenType font rendering implementation would allow out-of-bounds memory access. (CVE-2010-3567) It was discovered that an unspecified race condition in the way objects were deserialized could allow an attacker to cause an applet or application to misuse the privileges of the user running the java applet or application. (CVE-2010-3568) It was discovered that the defaultReadObject of the Serialization API could be tricked into setting a volatile field multiple times. This could allow an attacker to execute arbitrary code with the privileges of the user running a java applet or application. (CVE-2010-3569) It was discovered that the HttpURLConnection class did not validate request headers set by java applets, which could allow an attacker to trigger actions otherwise not allowed to HTTP clients. (CVE-2010-3573) It was discovered that the HttpURLConnection class improperly checked whether the calling code was granted the "allowHttpTrace" permission, allowing an attacker to create HTTP TRACE requests. (CVE-2010-3574) Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6_6b18-1.8.2-4ubuntu1~8.04.1.diff.gz Size/MD5: 135586 3ae71988a36862ce27867d523c7e0ec7 http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6_6b18-1.8.2-4ubuntu1~8.04.1.dsc Size/MD5: 2466 0109ff8a5111bb4493a6e47d772092a6 http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6_6b18-1.8.2.orig.tar.gz Size/MD5: 68727489 413e3c8a80355b2c6215078467303f58 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-doc_6b18-1.8.2-4ubuntu1~8.04.1_all.deb Size/MD5: 19755780 65b0eb04a5af50ea9f3482518bf582e6 http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-lib_6b18-1.8.2-4ubuntu1~8.04.1_all.deb Size/MD5: 5661496 e1e071cf15c338a3dcd82a4aa4359f20 http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-source_6b18-1.8.2-4ubuntu1~8.04.1_all.deb Size/MD5: 26749920 71f229a65bfdf92d5212699094dc6ff9 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b18-1.8.2-4ubuntu1~8.04.1_amd64.deb Size/MD5: 86460 66e287acc1a4ba54d75dc7d0b6212878 http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-dbg_6b18-1.8.2-4ubuntu1~8.04.1_amd64.deb Size/MD5: 57825614 6343ea728cef27e27f9d68c83df40019 http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-demo_6b18-1.8.2-4ubuntu1~8.04.1_amd64.deb Size/MD5: 2361210 628df11e7f45298cb3b8b6bb50bbd170 http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jdk_6b18-1.8.2-4ubuntu1~8.04.1_amd64.deb Size/MD5: 10962050 0f1779b612e2caa1c8dacb204f28a7a8 http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-headless_6b18-1.8.2-4ubuntu1~8.04.1_amd64.deb Size/MD5: 25460526 85c96fcc8769e135d60e00f8e5690632 http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre_6b18-1.8.2-4ubuntu1~8.04.1_amd64.deb Size/MD5: 253918 aced66f96984c7188e3d0d0dea658254 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b18-1.8.2-4ubuntu1~8.04.1_i386.deb Size/MD5: 80470 89535a3dbb0896b5f4d252aeae44a400 http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-dbg_6b18-1.8.2-4ubuntu1~8.04.1_i386.deb Size/MD5: 126182692 1671a3cc88704f77933c04dd818642ae http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-demo_6b18-1.8.2-4ubuntu1~8.04.1_i386.deb Size/MD5: 2341182 c0a947f9955762c8634b817d8dcb6cd0 http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jdk_6b18-1.8.2-4ubuntu1~8.04.1_i386.deb Size/MD5: 10966052 6b94043956bd9131fdffcdbdbd765a7a http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-headless_6b18-1.8.2-4ubuntu1~8.04.1_i386.deb Size/MD5: 27284156 d230929b6e39055bc08bc105a1a7b1cc http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre_6b18-1.8.2-4ubuntu1~8.04.1_i386.deb Size/MD5: 240692 05f1130918ab3688cee31f8883929f95 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b18-1.8.2-4ubuntu1~8.04.1_lpia.deb Size/MD5: 82496 b51720a574f40b01cebcc03c18af3079 http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-dbg_6b18-1.8.2-4ubuntu1~8.04.1_lpia.deb Size/MD5: 126209760 f17e3f7e26d8bfbc2256fc972e840db1 http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-demo_6b18-1.8.2-4ubuntu1~8.04.1_lpia.deb Size/MD5: 2340616 e0eb51f44ad028ecf845f096e00504da http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jdk_6b18-1.8.2-4ubuntu1~8.04.1_lpia.deb Size/MD5: 10963228 10a1a6785472f141ea8b9d158dff2789 http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jre-headless_6b18-1.8.2-4ubuntu1~8.04.1_lpia.deb Size/MD5: 27276810 a32eb244cdfe3c5637331863ce6830b4 http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jre_6b18-1.8.2-4ubuntu1~8.04.1_lpia.deb Size/MD5: 240524 444fde4db3768af1725f6a4580e98e10 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b18-1.8.2-4ubuntu1~8.04.1_powerpc.deb Size/MD5: 88880 73f90df7175dcf2e8e9d26eb87e7eb99 http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-dbg_6b18-1.8.2-4ubuntu1~8.04.1_powerpc.deb Size/MD5: 41166884 a4eaa0bd6627ae61a49beb5c0a664897 http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-demo_6b18-1.8.2-4ubuntu1~8.04.1_powerpc.deb Size/MD5: 2399516 c629576b23baa32a5bf71e5536a0f2fd http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jdk_6b18-1.8.2-4ubuntu1~8.04.1_powerpc.deb Size/MD5: 8933216 dfd34a92a124cf1002f7ba2c431c9eb9 http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jre-headless_6b18-1.8.2-4ubuntu1~8.04.1_powerpc.deb Size/MD5: 23835452 c1e4df9ec2dfeed5e6212b698a7463df http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jre_6b18-1.8.2-4ubuntu1~8.04.1_powerpc.deb Size/MD5: 268410 1e0ccf90a8ae3ea7e0dbc0dfe8fdaf5f Updated packages for Ubuntu 9.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b18-1.8.2-4ubuntu1~9.10.1.diff.gz Size/MD5: 135674 1171639e5ed727c1a80362c97d25189a http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b18-1.8.2-4ubuntu1~9.10.1.dsc Size/MD5: 3043 e7ab8271e234b68f1b09096ebcba23c3 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b18-1.8.2.orig.tar.gz Size/MD5: 68727489 413e3c8a80355b2c6215078467303f58 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-doc_6b18-1.8.2-4ubuntu1~9.10.1_all.deb Size/MD5: 19755640 9d094756e91b2bcd3f68bd22c4253291 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-lib_6b18-1.8.2-4ubuntu1~9.10.1_all.deb Size/MD5: 5788882 528906c13322b8dd43132944de7a31db http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-source_6b18-1.8.2-4ubuntu1~9.10.1_all.deb Size/MD5: 26751572 5d90c57d9d7c2a4a287ec0f90bd9a1f9 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b18-1.8.2-4ubuntu1~9.10.1_amd64.deb Size/MD5: 377596 ac1108d73532e67f7f7c41a95603b4ae http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b18-1.8.2-4ubuntu1~9.10.1_amd64.deb Size/MD5: 83644 3554e332def256dbaf16d4bfeeed3741 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b18-1.8.2-4ubuntu1~9.10.1_amd64.deb Size/MD5: 104653652 88cf032f0866ebe8498c8054f4796578 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b18-1.8.2-4ubuntu1~9.10.1_amd64.deb Size/MD5: 2383778 710352a303ecc96af071071ed8c8ceea http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b18-1.8.2-4ubuntu1~9.10.1_amd64.deb Size/MD5: 11157690 31b2888fb540d9fdd7841fa467d4ff70 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b18-1.8.2-4ubuntu1~9.10.1_amd64.deb Size/MD5: 25523836 b9ccdb5eef46a11cc824313508bb1ccc http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b18-1.8.2-4ubuntu1~9.10.1_amd64.deb Size/MD5: 272506 7242a528594814b9ddc2c93e5814af20 http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b18-1.8.2-4ubuntu1~9.10.1_amd64.deb Size/MD5: 5421246 91e50b4539739c7cef99c6b81e0ca7c2 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b18-1.8.2-4ubuntu1~9.10.1_i386.deb Size/MD5: 345384 a0d5fd362e00e8d3acfc8f34fc68c416 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b18-1.8.2-4ubuntu1~9.10.1_i386.deb Size/MD5: 79224 a296415db11edafd48da8eec246dca03 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b18-1.8.2-4ubuntu1~9.10.1_i386.deb Size/MD5: 168922366 c75e2e4e19a148b2d2c2af2d22a3c91c http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b18-1.8.2-4ubuntu1~9.10.1_i386.deb Size/MD5: 2348922 b68a532c61d133fe2a0dc83d28d646d5 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b18-1.8.2-4ubuntu1~9.10.1_i386.deb Size/MD5: 10920294 1b2e094cac5360a085150c6c06c9880c http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b18-1.8.2-4ubuntu1~9.10.1_i386.deb Size/MD5: 27259892 941eaf3d4aed7cdbc0ddb963d1a7625e http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b18-1.8.2-4ubuntu1~9.10.1_i386.deb Size/MD5: 258086 869ea201bc123aec8eacc10cb84f8da6 http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b18-1.8.2-4ubuntu1~9.10.1_i386.deb Size/MD5: 4927606 e00e6c5b66a77255dce2ee5bbca17fbc lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b18-1.8.2-4ubuntu1~9.10.1_lpia.deb Size/MD5: 346554 d5168b2338ffe0f583bcea81895d2c0e http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b18-1.8.2-4ubuntu1~9.10.1_lpia.deb Size/MD5: 81886 80f1c7a2a0065dc112c9117f478e594c http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b18-1.8.2-4ubuntu1~9.10.1_lpia.deb Size/MD5: 169080714 1a818e649f10940483a68de3cef38053 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b18-1.8.2-4ubuntu1~9.10.1_lpia.deb Size/MD5: 2346128 cc430ab6af852714db8e7c4206a0fc25 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b18-1.8.2-4ubuntu1~9.10.1_lpia.deb Size/MD5: 10919552 dfb5071724c66bee9a8298575207df05 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b18-1.8.2-4ubuntu1~9.10.1_lpia.deb Size/MD5: 27304524 576f5aa3552e42876672e8730cd34467 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b18-1.8.2-4ubuntu1~9.10.1_lpia.deb Size/MD5: 254244 5b4668359fe32254c9f76c1f9d8718cc http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b18-1.8.2-4ubuntu1~9.10.1_lpia.deb Size/MD5: 4918792 ebc9e7694d2a6f1ca7ee4eebde7b3401 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b18-1.8.2-4ubuntu1~9.10.1_powerpc.deb Size/MD5: 366190 adf16d42bda00fa3202b81c12ed135f0 http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b18-1.8.2-4ubuntu1~9.10.1_powerpc.deb Size/MD5: 82942 eb4f84254cc1d065c05304ffc453da8d http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b18-1.8.2-4ubuntu1~9.10.1_powerpc.deb Size/MD5: 87511500 e5c46b9b4a4b8ea4444a6490b4962252 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b18-1.8.2-4ubuntu1~9.10.1_powerpc.deb Size/MD5: 2363812 c1e4245d923f42cb8c20dbac995ca677 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b18-1.8.2-4ubuntu1~9.10.1_powerpc.deb Size/MD5: 8871546 9a498efde1247a19b437ca80cb4c5a04 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b18-1.8.2-4ubuntu1~9.10.1_powerpc.deb Size/MD5: 23886082 a945c526247fcd4db66b69ecffdeb2c2 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b18-1.8.2-4ubuntu1~9.10.1_powerpc.deb Size/MD5: 277532 8d6ee031f6fe02667a9d6003c695b8e8 http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b18-1.8.2-4ubuntu1~9.10.1_powerpc.deb Size/MD5: 4746842 5dfde216d85312f3a5e22dcc67d42cae sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b18-1.8.2-4ubuntu1~9.10.1_sparc.deb Size/MD5: 79622 822b4116245df946903077d1c52ce499 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b18-1.8.2-4ubuntu1~9.10.1_sparc.deb Size/MD5: 125491074 cc8cd7a15a08f6fa696ed0612daa6188 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b18-1.8.2-4ubuntu1~9.10.1_sparc.deb Size/MD5: 2363090 acc768a146c60a42a4200765c2761400 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b18-1.8.2-4ubuntu1~9.10.1_sparc.deb Size/MD5: 10912448 4abd8741bdf1182ca5c8be2216a20ec6 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b18-1.8.2-4ubuntu1~9.10.1_sparc.deb Size/MD5: 27107652 45ea3696b4bb7b4c0408b6e6478a5dba http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b18-1.8.2-4ubuntu1~9.10.1_sparc.deb Size/MD5: 258346 c94e52925aa5f93331a31c8ccd6cc51b Updated packages for Ubuntu 10.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b18-1.8.2-4ubuntu2.diff.gz Size/MD5: 135754 65d8b4bdbc177e84604552cd846d77b1 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b18-1.8.2-4ubuntu2.dsc Size/MD5: 3070 31e61c20b2d9bf0fd2755567cb86a985 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b18-1.8.2.orig.tar.gz Size/MD5: 68727489 413e3c8a80355b2c6215078467303f58 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-doc_6b18-1.8.2-4ubuntu2_all.deb Size/MD5: 19756634 e87012a63ffdff1af949ca680d819024 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-lib_6b18-1.8.2-4ubuntu2_all.deb Size/MD5: 5776188 73335755c917fd549774ac05fe9ae79e http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-source_6b18-1.8.2-4ubuntu2_all.deb Size/MD5: 26751610 ad735399747e646b8d0ce4878cdc5b9a amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b18-1.8.2-4ubuntu2_amd64.deb Size/MD5: 375984 e39dbd2cd5854d54345d4b7b06166234 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b18-1.8.2-4ubuntu2_amd64.deb Size/MD5: 84120 61feb48ac0cf21dd2eda11783d201268 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b18-1.8.2-4ubuntu2_amd64.deb Size/MD5: 104352622 13e7e5dc02352e6d2d0a34244cd245da http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b18-1.8.2-4ubuntu2_amd64.deb Size/MD5: 2362282 577ce2392e3a302deb21b219ce9818b3 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b18-1.8.2-4ubuntu2_amd64.deb Size/MD5: 10930834 f3fd2d4fd323d8ef5a4ecdbf04bf68ce http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b18-1.8.2-4ubuntu2_amd64.deb Size/MD5: 25548006 4a57b587fef16ed39dd3524afd17d6fc http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b18-1.8.2-4ubuntu2_amd64.deb Size/MD5: 272606 b4f295db5117c2481dce1eab6720e959 http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b18-1.8.2-4ubuntu2_amd64.deb Size/MD5: 2097440 615063c47a103893cfbfe9fd66f3bc49 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b18-1.8.2-4ubuntu2_i386.deb Size/MD5: 345580 a9f4b3af4b35d84b2431465f2e39c652 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b18-1.8.2-4ubuntu2_i386.deb Size/MD5: 79584 a0554970f63cbd433e62bc9096ecb0f7 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b18-1.8.2-4ubuntu2_i386.deb Size/MD5: 168624244 1c584b5a99769f9081b66fc68d2f289d http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b18-1.8.2-4ubuntu2_i386.deb Size/MD5: 2349304 8fa85c3bdbc9c25238620f0925304671 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b18-1.8.2-4ubuntu2_i386.deb Size/MD5: 10927402 4922fc1a90ab8b3376d67a999e323e21 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b18-1.8.2-4ubuntu2_i386.deb Size/MD5: 27283760 64e7c7aadc850c297076276212e9f3d6 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b18-1.8.2-4ubuntu2_i386.deb Size/MD5: 258124 9d94f92d6a1f83fc8a9fbdcc3bd7be0a http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b18-1.8.2-4ubuntu2_i386.deb Size/MD5: 1785538 e4904ec1f63446b9d8fa2f104d24c74d powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b18-1.8.2-4ubuntu2_powerpc.deb Size/MD5: 366016 e733ae6c51da3151ae78c30c7f666f09 http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b18-1.8.2-4ubuntu2_powerpc.deb Size/MD5: 83626 23fc3d4efaf4077632aa52dbb929f645 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b18-1.8.2-4ubuntu2_powerpc.deb Size/MD5: 87247976 1c7e2f725e6096e101de5c1bd7e68e86 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b18-1.8.2-4ubuntu2_powerpc.deb Size/MD5: 2363890 f7eedc13d9500e08bb699f5d88c5123a http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b18-1.8.2-4ubuntu2_powerpc.deb Size/MD5: 8875852 851a292b0dcfafb69c28c2e95bd6ae31 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b18-1.8.2-4ubuntu2_powerpc.deb Size/MD5: 23890398 1c2d729f9f7077aaf0f2564f0aee2af8 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b18-1.8.2-4ubuntu2_powerpc.deb Size/MD5: 277458 4860d4e029266c00fb5994bfe7664d4b http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b18-1.8.2-4ubuntu2_powerpc.deb Size/MD5: 1916154 ec4e6ecb6c6ed793d177c34ae3e1129b sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b18-1.8.2-4ubuntu2_sparc.deb Size/MD5: 77756 a5b0aeef4ef21dd8f670737541b1b05e http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b18-1.8.2-4ubuntu2_sparc.deb Size/MD5: 125457728 862aa5dbf167e6d7a584f314f4c36c67 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b18-1.8.2-4ubuntu2_sparc.deb Size/MD5: 2363772 51b7f24736eb5d43f11eaff5c9945836 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b18-1.8.2-4ubuntu2_sparc.deb Size/MD5: 10949862 55f322ecdb2382249d1e669c4ab8f078 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b18-1.8.2-4ubuntu2_sparc.deb Size/MD5: 27039776 656aaefcf1530e54522bf60691a0c66e http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b18-1.8.2-4ubuntu2_sparc.deb Size/MD5: 258778 ab27c03547114c8852b7b7677e0c1fd4 Updated packages for Ubuntu 10.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b20-1.9.1-1ubuntu3.diff.gz Size/MD5: 135370 83cdf469757721d89c4c3fa49e22252c http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b20-1.9.1-1ubuntu3.dsc Size/MD5: 3029 82a33984ae8d5bde63e5580a2c4aae6f http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b20-1.9.1.orig.tar.gz Size/MD5: 61672998 05f27f8079d9e30a31fe5bcd84705fe9 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6b18/openjdk-6b18_6b18-1.8.2-4ubuntu1.diff.gz Size/MD5: 137851 b0e307a389b992cb6c2d1101460ba92a http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6b18/openjdk-6b18_6b18-1.8.2-4ubuntu1.dsc Size/MD5: 2985 9dbd071a98fa599f015a30f42d9a2a40 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6b18/openjdk-6b18_6b18-1.8.2.orig.tar.gz Size/MD5: 71591248 1011a983534e54cc059ab50b04d92c57 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-doc_6b20-1.9.1-1ubuntu3_all.deb Size/MD5: 19978052 fbb27721b0eb8cfa8d5de5e05841d162 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-lib_6b20-1.9.1-1ubuntu3_all.deb Size/MD5: 6155146 07a2e90014f8bc21398b201f1be4d742 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-source_6b20-1.9.1-1ubuntu3_all.deb Size/MD5: 26835562 5ea7d1b170a1e3a2f2565a8c2db42605 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b20-1.9.1-1ubuntu3_amd64.deb Size/MD5: 432850 160667a93e2c00e7dc3d0f19cb7d80b2 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b20-1.9.1-1ubuntu3_amd64.deb Size/MD5: 83386 0f926eced3d09115f7d141014ca3c31a http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b20-1.9.1-1ubuntu3_amd64.deb Size/MD5: 112945964 b753bac7f8b7a35a33e9e38b1e4e0ab3 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b20-1.9.1-1ubuntu3_amd64.deb Size/MD5: 2379922 2b4933ddc1c32b82406af60219e97c18 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b20-1.9.1-1ubuntu3_amd64.deb Size/MD5: 10965436 5545beef5ed4e4e40f0aa16b1a42da5e http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b20-1.9.1-1ubuntu3_amd64.deb Size/MD5: 25507696 0beb96691488a673e1b1352fe902c89a http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b20-1.9.1-1ubuntu3_amd64.deb Size/MD5: 266958 bb13ed961544089e795be06dc800da85 http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b20-1.9.1-1ubuntu3_amd64.deb Size/MD5: 2215626 a3293e8d50133f466e7726bdc7273680 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b20-1.9.1-1ubuntu3_i386.deb Size/MD5: 415868 279469932039d052718b746beefbb096 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b20-1.9.1-1ubuntu3_i386.deb Size/MD5: 78702 1499544487aaa98e856b647703a7ab83 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b20-1.9.1-1ubuntu3_i386.deb Size/MD5: 179616966 7623e3fbcfd64c57fb8d2d7e255d8aad http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b20-1.9.1-1ubuntu3_i386.deb Size/MD5: 2348354 2b98cd98e095e50c5492a722c9c7ba99 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b20-1.9.1-1ubuntu3_i386.deb Size/MD5: 10741114 88b21b6a59d2667dfbf3f58a44ff69c1 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b20-1.9.1-1ubuntu3_i386.deb Size/MD5: 27291046 acd1e396d25d29ba9a59d00ea7c91d23 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b20-1.9.1-1ubuntu3_i386.deb Size/MD5: 251300 d33344bb93a34cae1673cb7c533566cd http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b20-1.9.1-1ubuntu3_i386.deb Size/MD5: 1883488 4f2fd0a08726ef3c3b87d8eb75aa5cdd powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b20-1.9.1-1ubuntu3_powerpc.deb Size/MD5: 444244 10553b4cc81b3118e9c6aa34acebbf76 http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b20-1.9.1-1ubuntu3_powerpc.deb Size/MD5: 82772 b4574152841ad573019f87b45e8557f2 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b20-1.9.1-1ubuntu3_powerpc.deb Size/MD5: 97547350 6bf9459dfd625086b5f9db990208e4b6 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b20-1.9.1-1ubuntu3_powerpc.deb Size/MD5: 2363306 b9ff356350058183d075ece3b78f1053 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b20-1.9.1-1ubuntu3_powerpc.deb Size/MD5: 8669820 855a1ea5a794a400fb68dd3ee7310b99 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b20-1.9.1-1ubuntu3_powerpc.deb Size/MD5: 23872646 cbe5c87012d3a4406796a5b016a5f095 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b20-1.9.1-1ubuntu3_powerpc.deb Size/MD5: 270434 61d401aaf4839b696f21a8ba2b635f57 http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b20-1.9.1-1ubuntu3_powerpc.deb Size/MD5: 2020674 8d90fdae3a05f7854ff03c11fc5aab5f

Trust: 3.06

sources: NVD: CVE-2009-3555 // CERT/CC: VU#120541 // VULMON: CVE-2009-3555 // PACKETSTORM: 169645 // PACKETSTORM: 130868 // PACKETSTORM: 100761 // PACKETSTORM: 127267 // PACKETSTORM: 86075 // PACKETSTORM: 106754 // VULHUB: VHN-41001 // PACKETSTORM: 96463 // PACKETSTORM: 88387 // PACKETSTORM: 90344 // PACKETSTORM: 91309 // PACKETSTORM: 88173 // PACKETSTORM: 91749 // PACKETSTORM: 83271 // PACKETSTORM: 95279

AFFECTED PRODUCTS

vendor:	debian	model:	linux	scope:	eq	version:	6.0	Trust: 1.0
vendor:	f5	model:	nginx	scope:	gte	version:	0.1.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	9.04	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	5.0	Trust: 1.0
vendor:	f5	model:	nginx	scope:	lte	version:	0.8.22	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	7.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	8.04	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	10.04	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	8.0	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	12	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	9.10	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	10.10	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	4.0	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	11	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	8.10	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	14	Trust: 1.0
vendor:	mozilla	model:	nss	scope:	lte	version:	3.12.4	Trust: 1.0
vendor:	gnu	model:	gnutls	scope:	lte	version:	2.8.5	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	lte	version:	0.9.8k	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	13	Trust: 1.0
vendor:	apache	model:	http server	scope:	lte	version:	2.2.14	Trust: 1.0
vendor:	barracuda	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	debian gnu linux	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	gnutls	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	hewlett packard	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	mcafee	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	sun microsystems	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	openssl	model:	openssl	scope:	eq	version:	0.9.6f	Trust: 0.6
vendor:	openssl	model:	openssl	scope:	eq	version:	0.9.6g	Trust: 0.6
vendor:	microsoft	model:	iis	scope:	eq	version:	7.0	Trust: 0.6
vendor:	openssl	model:	openssl	scope:	eq	version:	0.9.6i	Trust: 0.6
vendor:	openssl	model:	openssl	scope:	eq	version:	0.9.6c	Trust: 0.6
vendor:	apache	model:	http server	scope:	eq	version:	2.0.32	Trust: 0.6
vendor:	openssl	model:	openssl	scope:	eq	version:	0.9.6h	Trust: 0.6

sources: CERT/CC: VU#120541 // CNNVD: CNNVD-200911-069 // NVD: CVE-2009-3555

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2009-3555
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2009-3555
value:	0
Trust: 0.8
CNNVD:	CNNVD-200911-069
value:	HIGH
Trust: 0.6
VULHUB:	VHN-41001
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2009-3555
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-41001
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#120541 // VULHUB: VHN-41001 // CNNVD: CNNVD-200911-069 // NVD: CVE-2009-3555

PROBLEMTYPE DATA

problemtype:	CWE-295	Trust: 1.1
problemtype:	CWE-310	Trust: 0.1

sources: VULHUB: VHN-41001 // NVD: CVE-2009-3555

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200911-069

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-200911-069

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-41001 // VULMON: CVE-2009-3555

PATCH

title:	Security Update for Windows XP (KB980436)	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=39675	Trust: 0.6
title:	Security Update for Windows Server 2003 for Itanium-based Systems (KB980436)	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=39679	Trust: 0.6
title:	Security Update for Windows Server 2008 x64 Edition (KB980436)	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=39683	Trust: 0.6
title:	Security Update for Windows Server 2008 R2 for Itanium-based Systems (KB980436)	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=39687	Trust: 0.6
title:	Security Update for Windows Server 2003 (KB980436)	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=39615	Trust: 0.6
title:	Security Update for Windows Vista for x64-based Systems (KB980436)	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=39619	Trust: 0.6
title:	Security Update for Windows 7 (KB980436)	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=39623	Trust: 0.6
title:	Security Update for Windows Server 2008 R2 x64 Edition (KB980436)	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=39626	Trust: 0.6
title:	Security Update for Windows Server 2003 x64 Edition (KB980436)	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=39678	Trust: 0.6
title:	Security Update for Windows Server 2008 (KB980436)	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=39682	Trust: 0.6
title:	Security Update for Windows 7 for x64-based Systems (KB980436)	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=39686	Trust: 0.6
title:	Security Update for Windows XP x64 Edition (KB980436)	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=39614	Trust: 0.6
title:	Security Update for Windows Vista (KB980436)	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=39618	Trust: 0.6
title:	Security Update for Windows Server 2008 for Itanium-based Systems (KB980436)	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=39622	Trust: 0.6
title:	Security Update for Windows Server 2003 (KB980436)	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=39677	Trust: 0.6
title:	Security Update for Windows Vista for x64-based Systems (KB980436)	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=39681	Trust: 0.6
title:	Security Update for Windows 7 (KB980436)	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=39685	Trust: 0.6
title:	Security Update for Windows XP (KB980436)	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=39613	Trust: 0.6
title:	Security Update for Windows Server 2003 for Itanium-based Systems (KB980436)	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=39617	Trust: 0.6
title:	Security Update for Windows Server 2008 x64 Edition (KB980436)	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=39621	Trust: 0.6
title:	Security Update for Windows Server 2008 R2 for Itanium-based Systems (KB980436)	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=39625	Trust: 0.6
title:	Security Update for Windows XP x64 Edition (KB980436)	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=39676	Trust: 0.6
title:	Security Update for Windows Vista (KB980436)	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=39680	Trust: 0.6
title:	Security Update for Windows Server 2008 for Itanium-based Systems (KB980436)	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=39684	Trust: 0.6
title:	Security Update for Windows Server 2008 R2 x64 Edition (KB980436)	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=39688	Trust: 0.6
title:	Security Update for Windows Server 2003 x64 Edition (KB980436)	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=39616	Trust: 0.6
title:	Security Update for Windows Server 2008 (KB980436)	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=39620	Trust: 0.6
title:	Security Update for Windows 7 for x64-based Systems (KB980436)	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=39624	Trust: 0.6
title:	Thunderbird Setup 3.1	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=4468	Trust: 0.6
title:	FirefoxChinaEdition 2010.7	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=4472	Trust: 0.6
title:	FirefoxChinaEdition 2010.7	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=4471	Trust: 0.6
title:	thunderbird-3.1	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=4470	Trust: 0.6
title:	Thunderbird 3.1	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=4469	Trust: 0.6
title:	FirefoxChinaEdition 2010.7	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=4473	Trust: 0.6
title:	Red Hat: Moderate: gnutls security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20100167 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: httpd and httpd22 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20100011 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: java-1.4.2-ibm security and bug fix update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20100155 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: openssl097a security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20100164 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: nss security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20100165 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: gnutls security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20100166 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: openssl security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20100162 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: openssl security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20100163 - Security Advisory	Trust: 0.1
title:	Red Hat: Low: JBoss Enterprise Web Server 1.0.1 update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20100119 - Security Advisory	Trust: 0.1
title:	Ubuntu Security Notice: nss vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-927-6	Trust: 0.1
title:	Ubuntu Security Notice: apache2 vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-990-2	Trust: 0.1
title:	Ubuntu Security Notice: nss vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-927-1	Trust: 0.1
title:	Ubuntu Security Notice: openssl vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-990-1	Trust: 0.1
title:	Ubuntu Security Notice: nss vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-927-4	Trust: 0.1
title:	Cisco: Transport Layer Security Renegotiation Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20091109-tls	Trust: 0.1
title:	Ubuntu Security Notice: apache2 vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-860-1	Trust: 0.1
title:	Red Hat: Moderate: java-1.5.0-ibm security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20100130 - Security Advisory	Trust: 0.1
title:	Cisco: Transport Layer Security Renegotiation Remote Man-in-the-Middle Attack Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=Cisco-SA-20091105-CVE-2009-3555	Trust: 0.1
title:	Debian CVElist Bug Report Logs: "slowloris" denial-of-service vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=5ed45f95901af77f1f752912d098b48e	Trust: 0.1
title:	Debian Security Advisories: DSA-2141-1 openssl -- SSL/TLS insecure renegotiation protocol design flaw	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=1c00cc4c6dbe7bb057db61e10ff97d6d	Trust: 0.1
title:	Debian Security Advisories: DSA-2626-1 lighttpd -- several issues	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=885d01db2c0276e75192acacb224a6e8	Trust: 0.1
title:	Debian CVElist Bug Report Logs: Not possible to disable SSLv3	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=cd46735759deed658e1e15bd89794f91	Trust: 0.1
title:	Debian Security Advisories: DSA-1934-1 apache2 -- multiple issues	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=a5a134c3483f034e2df5ced5ad7428ec	Trust: 0.1
title:	Debian Security Advisories: DSA-3253-1 pound -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=ad76a2fc91623114f1aaa478b7ecbe12	Trust: 0.1
title:	Debian CVElist Bug Report Logs: polarssl: CVE-2013-4623: Denial of Service through Certificate message during handshake	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=48a9651e9438ab2ad49c32956a8040ab	Trust: 0.1
title:	Mozilla: Mozilla Foundation Security Advisory 2010-22	url:	https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories&qid=2010-22	Trust: 0.1
title:	Debian CVElist Bug Report Logs: polarssl: CVE-2013-5914 CVE-2013-5915	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=3ea56f82629f8bb9aeeedb7aa86eb416	Trust: 0.1
title:	Symantec Security Advisories: SA44 : TLS/SSLv3 renegotiation (CVE-2009-3555)	url:	https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories&qid=92adf6d8db72928bb63961cc8473a936	Trust: 0.1
title:	Red Hat: Critical: java-1.4.2-ibm security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20100786 - Security Advisory	Trust: 0.1
title:	Debian CVElist Bug Report Logs: polarssl: CVE-2009-3555	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=d154eb6a1f821c737dadd179519e99ce	Trust: 0.1
title:	Red Hat: Important: java-1.6.0-openjdk security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20100339 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: java-1.6.0-openjdk security and bug fix update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20100768 - Security Advisory	Trust: 0.1
title:	Citrix Security Bulletins: Transport Layer Security Renegotiation Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins&qid=d26786915d99808385e93927bb7516fd	Trust: 0.1
title:	Citrix Security Bulletins: Vulnerability in Citrix Online Plug-ins and ICA Clients Could Result in SSL/TLS Certificate Spoofing	url:	https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins&qid=8a0ec21ac35be2b30e769ff0af90fa26	Trust: 0.1
title:	Red Hat: Critical: java-1.5.0-sun security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20100338 - Security Advisory	Trust: 0.1
title:	Red Hat: Critical: java-1.6.0-sun security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20100337 - Security Advisory	Trust: 0.1
title:	Red Hat: Critical: java-1.6.0-ibm security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20091694 - Security Advisory	Trust: 0.1
title:	Red Hat: Critical: java-1.6.0-sun security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20100770 - Security Advisory	Trust: 0.1
title:	VMware Security Advisories: VMware ESX third party updates for Service Console	url:	https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories&qid=d7005a2e6744b7e4f77d0105454de35d	Trust: 0.1
title:	Ubuntu Security Notice: openjdk-6 vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-923-1	Trust: 0.1
title:	VMware Security Advisories: VMware ESX third party updates for Service Console	url:	https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories&qid=d8e6425b0cb8b545dc1e50945dafb2c0	Trust: 0.1
title:	Ubuntu Security Notice: openjdk-6, openjdk-6b18 vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-1010-1	Trust: 0.1
title:	Symantec Security Advisories: SA50 : Multiple SSL/TLS vulnerabilities in Reporter	url:	https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories&qid=1e934b8269c86666c1ebc108ca0e3d35	Trust: 0.1
title:	Symantec Security Advisories: SA61 : Director multiple Apache vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories&qid=508649a9a651b4fb32a5cc0f1310d652	Trust: 0.1
title:	VMware Security Advisories:	url:	https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories&qid=ea953b0a91a1816979ec1d304d5e3d93	Trust: 0.1
title:	DPSSLClientProfile	url:	https://github.com/ADesprets/DPSSLClientProfile	Trust: 0.1
title:	letsencrypt-lighttpd	url:	https://github.com/galeone/letsencrypt-lighttpd	Trust: 0.1
title:	igrill-smoker	url:	https://github.com/kins-dev/igrill-smoker	Trust: 0.1
title:	hanase	url:	https://github.com/ekiojp/hanase	Trust: 0.1
title:	CVE-HOWTO	url:	https://github.com/RedHatProductSecurity/CVE-HOWTO	Trust: 0.1
title:	pulse-secure-vpn-mitm-research	url:	https://github.com/withdk/pulse-secure-vpn-mitm-research	Trust: 0.1
title:	pulse-secure-vpn-mitm-research	url:	https://github.com/withdk/pulse-secure-mitm-research	Trust: 0.1
title:	ReconScan	url:	https://github.com/GiJ03/ReconScan	Trust: 0.1
title:	ReconScan	url:	https://github.com/RoliSoft/ReconScan	Trust: 0.1
title:	test	url:	https://github.com/issdp/test	Trust: 0.1
title:	ReconScan	url:	https://github.com/kira1111/ReconScan	Trust: 0.1

sources: VULMON: CVE-2009-3555 // CNNVD: CNNVD-200911-069

EXTERNAL IDS

db:	NVD	id:	CVE-2009-3555	Trust: 3.9
db:	CERT/CC	id:	VU#120541	Trust: 2.6
db:	SECUNIA	id:	40070	Trust: 1.9
db:	SECUNIA	id:	38781	Trust: 1.7
db:	SECUNIA	id:	42377	Trust: 1.7
db:	SECUNIA	id:	37501	Trust: 1.7
db:	SECUNIA	id:	39632	Trust: 1.7
db:	SECUNIA	id:	37604	Trust: 1.7
db:	SECUNIA	id:	41972	Trust: 1.7
db:	SECUNIA	id:	43308	Trust: 1.7
db:	SECUNIA	id:	38241	Trust: 1.7
db:	SECUNIA	id:	37859	Trust: 1.7
db:	SECUNIA	id:	41818	Trust: 1.7
db:	SECUNIA	id:	39292	Trust: 1.7
db:	SECUNIA	id:	42816	Trust: 1.7
db:	SECUNIA	id:	42379	Trust: 1.7
db:	SECUNIA	id:	39317	Trust: 1.7
db:	SECUNIA	id:	38020	Trust: 1.7
db:	SECUNIA	id:	42467	Trust: 1.7
db:	SECUNIA	id:	37320	Trust: 1.7
db:	SECUNIA	id:	37640	Trust: 1.7
db:	SECUNIA	id:	37656	Trust: 1.7
db:	SECUNIA	id:	37383	Trust: 1.7
db:	SECUNIA	id:	42724	Trust: 1.7
db:	SECUNIA	id:	38003	Trust: 1.7
db:	SECUNIA	id:	44183	Trust: 1.7
db:	SECUNIA	id:	42733	Trust: 1.7
db:	SECUNIA	id:	38484	Trust: 1.7
db:	SECUNIA	id:	40545	Trust: 1.7
db:	SECUNIA	id:	40866	Trust: 1.7
db:	SECUNIA	id:	39242	Trust: 1.7
db:	SECUNIA	id:	38056	Trust: 1.7
db:	SECUNIA	id:	39278	Trust: 1.7
db:	SECUNIA	id:	39243	Trust: 1.7
db:	SECUNIA	id:	42808	Trust: 1.7
db:	SECUNIA	id:	37675	Trust: 1.7
db:	SECUNIA	id:	39127	Trust: 1.7
db:	SECUNIA	id:	39461	Trust: 1.7
db:	SECUNIA	id:	39819	Trust: 1.7
db:	SECUNIA	id:	37453	Trust: 1.7
db:	SECUNIA	id:	40747	Trust: 1.7
db:	SECUNIA	id:	41490	Trust: 1.7
db:	SECUNIA	id:	39628	Trust: 1.7
db:	SECUNIA	id:	44954	Trust: 1.7
db:	SECUNIA	id:	39500	Trust: 1.7
db:	SECUNIA	id:	48577	Trust: 1.7
db:	SECUNIA	id:	42811	Trust: 1.7
db:	SECUNIA	id:	37291	Trust: 1.7
db:	SECUNIA	id:	41480	Trust: 1.7
db:	SECUNIA	id:	37292	Trust: 1.7
db:	SECUNIA	id:	37399	Trust: 1.7
db:	SECUNIA	id:	39713	Trust: 1.7
db:	SECUNIA	id:	38687	Trust: 1.7
db:	SECUNIA	id:	37504	Trust: 1.7
db:	SECUNIA	id:	39136	Trust: 1.7
db:	SECUNIA	id:	41967	Trust: 1.7
db:	SECTRACK	id:	1023217	Trust: 1.7
db:	SECTRACK	id:	1023273	Trust: 1.7
db:	SECTRACK	id:	1023274	Trust: 1.7
db:	SECTRACK	id:	1023206	Trust: 1.7
db:	SECTRACK	id:	1023272	Trust: 1.7
db:	SECTRACK	id:	1023427	Trust: 1.7
db:	SECTRACK	id:	1023218	Trust: 1.7
db:	SECTRACK	id:	1023163	Trust: 1.7
db:	SECTRACK	id:	1023214	Trust: 1.7
db:	SECTRACK	id:	1023211	Trust: 1.7
db:	SECTRACK	id:	1023219	Trust: 1.7
db:	SECTRACK	id:	1023216	Trust: 1.7
db:	SECTRACK	id:	1024789	Trust: 1.7
db:	SECTRACK	id:	1023148	Trust: 1.7
db:	SECTRACK	id:	1023213	Trust: 1.7
db:	SECTRACK	id:	1023271	Trust: 1.7
db:	SECTRACK	id:	1023243	Trust: 1.7
db:	SECTRACK	id:	1023209	Trust: 1.7
db:	SECTRACK	id:	1023215	Trust: 1.7
db:	SECTRACK	id:	1023208	Trust: 1.7
db:	SECTRACK	id:	1023411	Trust: 1.7
db:	SECTRACK	id:	1023204	Trust: 1.7
db:	SECTRACK	id:	1023224	Trust: 1.7
db:	SECTRACK	id:	1023210	Trust: 1.7
db:	SECTRACK	id:	1023207	Trust: 1.7
db:	SECTRACK	id:	1023426	Trust: 1.7
db:	SECTRACK	id:	1023428	Trust: 1.7
db:	SECTRACK	id:	1023205	Trust: 1.7
db:	SECTRACK	id:	1023275	Trust: 1.7
db:	SECTRACK	id:	1023270	Trust: 1.7
db:	SECTRACK	id:	1023212	Trust: 1.7
db:	VUPEN	id:	ADV-2010-2745	Trust: 1.7
db:	VUPEN	id:	ADV-2009-3353	Trust: 1.7
db:	VUPEN	id:	ADV-2010-3069	Trust: 1.7
db:	VUPEN	id:	ADV-2010-0086	Trust: 1.7
db:	VUPEN	id:	ADV-2009-3354	Trust: 1.7
db:	VUPEN	id:	ADV-2009-3484	Trust: 1.7
db:	VUPEN	id:	ADV-2010-1793	Trust: 1.7
db:	VUPEN	id:	ADV-2009-3310	Trust: 1.7
db:	VUPEN	id:	ADV-2010-0982	Trust: 1.7
db:	VUPEN	id:	ADV-2011-0033	Trust: 1.7
db:	VUPEN	id:	ADV-2009-3220	Trust: 1.7
db:	VUPEN	id:	ADV-2010-2010	Trust: 1.7
db:	VUPEN	id:	ADV-2010-1639	Trust: 1.7
db:	VUPEN	id:	ADV-2010-1107	Trust: 1.7
db:	VUPEN	id:	ADV-2010-3126	Trust: 1.7
db:	VUPEN	id:	ADV-2010-0916	Trust: 1.7
db:	VUPEN	id:	ADV-2009-3164	Trust: 1.7
db:	VUPEN	id:	ADV-2011-0032	Trust: 1.7
db:	VUPEN	id:	ADV-2011-0086	Trust: 1.7
db:	VUPEN	id:	ADV-2009-3313	Trust: 1.7
db:	VUPEN	id:	ADV-2010-0748	Trust: 1.7
db:	VUPEN	id:	ADV-2010-1350	Trust: 1.7
db:	VUPEN	id:	ADV-2009-3521	Trust: 1.7
db:	VUPEN	id:	ADV-2010-0994	Trust: 1.7
db:	VUPEN	id:	ADV-2010-3086	Trust: 1.7
db:	VUPEN	id:	ADV-2010-1191	Trust: 1.7
db:	VUPEN	id:	ADV-2010-0173	Trust: 1.7
db:	VUPEN	id:	ADV-2009-3587	Trust: 1.7
db:	VUPEN	id:	ADV-2010-0933	Trust: 1.7
db:	VUPEN	id:	ADV-2009-3205	Trust: 1.7
db:	VUPEN	id:	ADV-2010-1054	Trust: 1.7
db:	VUPEN	id:	ADV-2010-0848	Trust: 1.7
db:	VUPEN	id:	ADV-2010-1673	Trust: 1.7
db:	VUPEN	id:	ADV-2009-3165	Trust: 1.7
db:	OPENWALL	id:	OSS-SECURITY/2009/11/05/3	Trust: 1.7
db:	OPENWALL	id:	OSS-SECURITY/2009/11/07/3	Trust: 1.7
db:	OPENWALL	id:	OSS-SECURITY/2009/11/23/10	Trust: 1.7
db:	OPENWALL	id:	OSS-SECURITY/2009/11/05/5	Trust: 1.7
db:	OPENWALL	id:	OSS-SECURITY/2009/11/20/1	Trust: 1.7
db:	OPENWALL	id:	OSS-SECURITY/2009/11/06/3	Trust: 1.7
db:	OSVDB	id:	65202	Trust: 1.7
db:	OSVDB	id:	62210	Trust: 1.7
db:	OSVDB	id:	60521	Trust: 1.7
db:	OSVDB	id:	60972	Trust: 1.7
db:	HITACHI	id:	HS10-030	Trust: 1.7
db:	USCERT	id:	TA10-222A	Trust: 1.7
db:	USCERT	id:	TA10-287A	Trust: 1.7
db:	BID	id:	36935	Trust: 1.7
db:	CNNVD	id:	CNNVD-200911-069	Trust: 0.7
db:	AUSCERT	id:	ESB-2022.2853	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.2561	Trust: 0.6
db:	JUNIPER	id:	JSA10939	Trust: 0.6
db:	ICS CERT	id:	ICSA-22-160-01	Trust: 0.6
db:	PACKETSTORM	id:	130868	Trust: 0.2
db:	PACKETSTORM	id:	83271	Trust: 0.2
db:	PACKETSTORM	id:	88173	Trust: 0.2
db:	PACKETSTORM	id:	91309	Trust: 0.2
db:	PACKETSTORM	id:	95279	Trust: 0.2
db:	PACKETSTORM	id:	127267	Trust: 0.2
db:	PACKETSTORM	id:	86075	Trust: 0.2
db:	EXPLOIT-DB	id:	10071	Trust: 0.1
db:	EXPLOIT-DB	id:	10579	Trust: 0.1
db:	PACKETSTORM	id:	82657	Trust: 0.1
db:	PACKETSTORM	id:	82770	Trust: 0.1
db:	PACKETSTORM	id:	90262	Trust: 0.1
db:	PACKETSTORM	id:	120365	Trust: 0.1
db:	PACKETSTORM	id:	106155	Trust: 0.1
db:	PACKETSTORM	id:	83415	Trust: 0.1
db:	PACKETSTORM	id:	111273	Trust: 0.1
db:	PACKETSTORM	id:	83414	Trust: 0.1
db:	PACKETSTORM	id:	92095	Trust: 0.1
db:	PACKETSTORM	id:	88167	Trust: 0.1
db:	PACKETSTORM	id:	124088	Trust: 0.1
db:	PACKETSTORM	id:	120714	Trust: 0.1
db:	PACKETSTORM	id:	82652	Trust: 0.1
db:	PACKETSTORM	id:	94087	Trust: 0.1
db:	PACKETSTORM	id:	97489	Trust: 0.1
db:	PACKETSTORM	id:	131826	Trust: 0.1
db:	PACKETSTORM	id:	137201	Trust: 0.1
db:	PACKETSTORM	id:	102374	Trust: 0.1
db:	PACKETSTORM	id:	106156	Trust: 0.1
db:	PACKETSTORM	id:	89136	Trust: 0.1
db:	PACKETSTORM	id:	92497	Trust: 0.1
db:	PACKETSTORM	id:	88621	Trust: 0.1
db:	PACKETSTORM	id:	94088	Trust: 0.1
db:	PACKETSTORM	id:	89667	Trust: 0.1
db:	PACKETSTORM	id:	88698	Trust: 0.1
db:	PACKETSTORM	id:	84112	Trust: 0.1
db:	PACKETSTORM	id:	90286	Trust: 0.1
db:	PACKETSTORM	id:	84183	Trust: 0.1
db:	PACKETSTORM	id:	114810	Trust: 0.1
db:	PACKETSTORM	id:	88224	Trust: 0.1
db:	PACKETSTORM	id:	123380	Trust: 0.1
db:	PACKETSTORM	id:	84181	Trust: 0.1
db:	SEEBUG	id:	SSVID-67231	Trust: 0.1
db:	VULHUB	id:	VHN-41001	Trust: 0.1
db:	VULMON	id:	CVE-2009-3555	Trust: 0.1
db:	PACKETSTORM	id:	169645	Trust: 0.1
db:	SECUNIA	id:	44293	Trust: 0.1
db:	PACKETSTORM	id:	100761	Trust: 0.1
db:	PACKETSTORM	id:	106754	Trust: 0.1
db:	PACKETSTORM	id:	96463	Trust: 0.1
db:	PACKETSTORM	id:	88387	Trust: 0.1
db:	PACKETSTORM	id:	90344	Trust: 0.1
db:	PACKETSTORM	id:	91749	Trust: 0.1

sources: CERT/CC: VU#120541 // VULHUB: VHN-41001 // VULMON: CVE-2009-3555 // PACKETSTORM: 169645 // PACKETSTORM: 130868 // PACKETSTORM: 100761 // PACKETSTORM: 127267 // PACKETSTORM: 86075 // PACKETSTORM: 106754 // PACKETSTORM: 95279 // PACKETSTORM: 96463 // PACKETSTORM: 88387 // PACKETSTORM: 90344 // PACKETSTORM: 91309 // PACKETSTORM: 88173 // PACKETSTORM: 91749 // PACKETSTORM: 83271 // CNNVD: CNNVD-200911-069 // NVD: CVE-2009-3555

REFERENCES

url:	http://extendedsubset.com/?p=8	Trust: 2.6
url:	https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt	Trust: 2.6
url:	http://www.links.org/?p=780	Trust: 2.5
url:	http://www.links.org/?p=786	Trust: 2.5
url:	http://www.links.org/?p=789	Trust: 2.5
url:	http://blogs.iss.net/archive/sslmitmiscsrf.html	Trust: 2.5
url:	http://www.ietf.org/mail-archive/web/tls/current/msg03948.html	Trust: 2.5
url:	https://bugzilla.redhat.com/show_bug.cgi?id=533125	Trust: 2.5
url:	http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html	Trust: 2.5
url:	http://www.securityfocus.com/bid/36935	Trust: 2.3
url:	http://www.debian.org/security/2009/dsa-1934	Trust: 2.3
url:	http://www.debian.org/security/2011/dsa-2141	Trust: 2.3
url:	http://www.debian.org/security/2015/dsa-3253	Trust: 2.3
url:	http://support.citrix.com/article/ctx123359	Trust: 2.3
url:	http://www.vmware.com/security/advisories/vmsa-2010-0019.html	Trust: 2.3
url:	http://www.vmware.com/security/advisories/vmsa-2011-0003.html	Trust: 2.3
url:	http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html	Trust: 2.3
url:	http://security.gentoo.org/glsa/glsa-201406-32.xml	Trust: 1.8
url:	http://www.kb.cert.org/vuls/id/120541	Trust: 1.8
url:	http://www.arubanetworks.com/support/alerts/aid-020810.txt	Trust: 1.8
url:	http://www.openoffice.org/security/cves/cve-2009-3555.html	Trust: 1.8
url:	http://www.openssl.org/news/secadv_20091111.txt	Trust: 1.8
url:	http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021653.1-1	Trust: 1.7
url:	http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021752.1-1	Trust: 1.7
url:	http://securitytracker.com/id?1023148	Trust: 1.7
url:	http://www.securitytracker.com/id?1023163	Trust: 1.7
url:	http://www.securitytracker.com/id?1023204	Trust: 1.7
url:	http://www.securitytracker.com/id?1023205	Trust: 1.7
url:	http://www.securitytracker.com/id?1023206	Trust: 1.7
url:	http://www.securitytracker.com/id?1023207	Trust: 1.7
url:	http://www.securitytracker.com/id?1023208	Trust: 1.7
url:	http://www.securitytracker.com/id?1023209	Trust: 1.7
url:	http://www.securitytracker.com/id?1023210	Trust: 1.7
url:	http://www.securitytracker.com/id?1023211	Trust: 1.7
url:	http://www.securitytracker.com/id?1023212	Trust: 1.7
url:	http://www.securitytracker.com/id?1023213	Trust: 1.7
url:	http://www.securitytracker.com/id?1023214	Trust: 1.7
url:	http://www.securitytracker.com/id?1023215	Trust: 1.7
url:	http://www.securitytracker.com/id?1023216	Trust: 1.7
url:	http://www.securitytracker.com/id?1023217	Trust: 1.7
url:	http://www.securitytracker.com/id?1023218	Trust: 1.7
url:	http://www.securitytracker.com/id?1023219	Trust: 1.7
url:	http://www.securitytracker.com/id?1023224	Trust: 1.7
url:	http://www.securitytracker.com/id?1023243	Trust: 1.7
url:	http://www.securitytracker.com/id?1023270	Trust: 1.7
url:	http://www.securitytracker.com/id?1023271	Trust: 1.7
url:	http://www.securitytracker.com/id?1023272	Trust: 1.7
url:	http://www.securitytracker.com/id?1023273	Trust: 1.7
url:	http://www.securitytracker.com/id?1023274	Trust: 1.7
url:	http://www.securitytracker.com/id?1023275	Trust: 1.7
url:	http://www.securitytracker.com/id?1023411	Trust: 1.7
url:	http://www.securitytracker.com/id?1023426	Trust: 1.7
url:	http://www.securitytracker.com/id?1023427	Trust: 1.7
url:	http://www.securitytracker.com/id?1023428	Trust: 1.7
url:	http://www.securitytracker.com/id?1024789	Trust: 1.7
url:	http://www.cisco.com/en/us/products/products_security_advisory09186a0080b01d1d.shtml	Trust: 1.7
url:	http://seclists.org/fulldisclosure/2009/nov/139	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/507952/100/0/threaded	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/508075/100/0/threaded	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/508130/100/0/threaded	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/515055/100/0/threaded	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/516397/100/0/threaded	Trust: 1.7
url:	http://archives.neohapsis.com/archives/bugtraq/2013-11/0120.html	Trust: 1.7
url:	http://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1	Trust: 1.7
url:	http://sunsolve.sun.com/search/document.do?assetkey=1-26-273350-1	Trust: 1.7
url:	http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1	Trust: 1.7
url:	http://secunia.com/advisories/37291	Trust: 1.7
url:	http://secunia.com/advisories/37292	Trust: 1.7
url:	http://secunia.com/advisories/37320	Trust: 1.7
url:	http://secunia.com/advisories/37383	Trust: 1.7
url:	http://secunia.com/advisories/37399	Trust: 1.7
url:	http://secunia.com/advisories/37453	Trust: 1.7
url:	http://secunia.com/advisories/37501	Trust: 1.7
url:	http://secunia.com/advisories/37504	Trust: 1.7
url:	http://secunia.com/advisories/37604	Trust: 1.7
url:	http://secunia.com/advisories/37640	Trust: 1.7
url:	http://secunia.com/advisories/37656	Trust: 1.7
url:	http://secunia.com/advisories/37675	Trust: 1.7
url:	http://secunia.com/advisories/37859	Trust: 1.7
url:	http://secunia.com/advisories/38003	Trust: 1.7
url:	http://secunia.com/advisories/38020	Trust: 1.7
url:	http://secunia.com/advisories/38056	Trust: 1.7
url:	http://secunia.com/advisories/38241	Trust: 1.7
url:	http://secunia.com/advisories/38484	Trust: 1.7
url:	http://secunia.com/advisories/38687	Trust: 1.7
url:	http://secunia.com/advisories/38781	Trust: 1.7
url:	http://secunia.com/advisories/39127	Trust: 1.7
url:	http://secunia.com/advisories/39136	Trust: 1.7
url:	http://secunia.com/advisories/39242	Trust: 1.7
url:	http://secunia.com/advisories/39243	Trust: 1.7
url:	http://secunia.com/advisories/39278	Trust: 1.7
url:	http://secunia.com/advisories/39292	Trust: 1.7
url:	http://secunia.com/advisories/39317	Trust: 1.7
url:	http://secunia.com/advisories/39461	Trust: 1.7
url:	http://secunia.com/advisories/39500	Trust: 1.7
url:	http://secunia.com/advisories/39628	Trust: 1.7
url:	http://secunia.com/advisories/39632	Trust: 1.7
url:	http://secunia.com/advisories/39713	Trust: 1.7
url:	http://secunia.com/advisories/39819	Trust: 1.7
url:	http://secunia.com/advisories/40070	Trust: 1.7
url:	http://secunia.com/advisories/40545	Trust: 1.7
url:	http://secunia.com/advisories/40747	Trust: 1.7
url:	http://secunia.com/advisories/40866	Trust: 1.7
url:	http://secunia.com/advisories/41480	Trust: 1.7
url:	http://secunia.com/advisories/41490	Trust: 1.7
url:	http://secunia.com/advisories/41818	Trust: 1.7
url:	http://secunia.com/advisories/41967	Trust: 1.7
url:	http://secunia.com/advisories/41972	Trust: 1.7
url:	http://secunia.com/advisories/42377	Trust: 1.7
url:	http://secunia.com/advisories/42379	Trust: 1.7
url:	http://secunia.com/advisories/42467	Trust: 1.7
url:	http://secunia.com/advisories/42724	Trust: 1.7
url:	http://secunia.com/advisories/42733	Trust: 1.7
url:	http://secunia.com/advisories/42808	Trust: 1.7
url:	http://secunia.com/advisories/42811	Trust: 1.7
url:	http://secunia.com/advisories/42816	Trust: 1.7
url:	http://secunia.com/advisories/43308	Trust: 1.7
url:	http://secunia.com/advisories/44183	Trust: 1.7
url:	http://secunia.com/advisories/44954	Trust: 1.7
url:	http://secunia.com/advisories/48577	Trust: 1.7
url:	http://osvdb.org/60521	Trust: 1.7
url:	http://osvdb.org/60972	Trust: 1.7
url:	http://osvdb.org/62210	Trust: 1.7
url:	http://osvdb.org/65202	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2009/3164	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2009/3165	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2009/3205	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2009/3220	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2009/3310	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2009/3313	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2009/3353	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2009/3354	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2009/3484	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2009/3521	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2009/3587	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2010/0086	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2010/0173	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2010/0748	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2010/0848	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2010/0916	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2010/0933	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2010/0982	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2010/0994	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2010/1054	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2010/1107	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2010/1191	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2010/1350	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2010/1639	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2010/1673	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2010/1793	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2010/2010	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2010/2745	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2010/3069	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2010/3086	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2010/3126	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2011/0032	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2011/0033	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2011/0086	Trust: 1.7
url:	http://lists.apple.com/archives/security-announce/2010/jan/msg00000.html	Trust: 1.7
url:	http://lists.apple.com/archives/security-announce/2010//may/msg00001.html	Trust: 1.7
url:	http://lists.apple.com/archives/security-announce/2010//may/msg00002.html	Trust: 1.7
url:	https://www.redhat.com/archives/fedora-package-announce/2009-december/msg01029.html	Trust: 1.7
url:	https://www.redhat.com/archives/fedora-package-announce/2009-december/msg01020.html	Trust: 1.7
url:	https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00645.html	Trust: 1.7
url:	https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00944.html	Trust: 1.7
url:	https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00428.html	Trust: 1.7
url:	https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00442.html	Trust: 1.7
url:	https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00449.html	Trust: 1.7
url:	https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00634.html	Trust: 1.7
url:	http://lists.fedoraproject.org/pipermail/package-announce/2010-october/049702.html	Trust: 1.7
url:	http://lists.fedoraproject.org/pipermail/package-announce/2010-october/049528.html	Trust: 1.7
url:	http://lists.fedoraproject.org/pipermail/package-announce/2010-october/049455.html	Trust: 1.7
url:	http://lists.fedoraproject.org/pipermail/package-announce/2010-april/039561.html	Trust: 1.7
url:	http://lists.fedoraproject.org/pipermail/package-announce/2010-april/039957.html	Trust: 1.7
url:	http://lists.fedoraproject.org/pipermail/package-announce/2010-may/040652.html	Trust: 1.7
url:	http://security.gentoo.org/glsa/glsa-200912-01.xml	Trust: 1.7
url:	http://security.gentoo.org/glsa/glsa-201203-22.xml	Trust: 1.7
url:	http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c02436041	Trust: 1.7
url:	http://itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02273751	Trust: 1.7
url:	http://www.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02512995	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/522176	Trust: 1.7
url:	http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01945686	Trust: 1.7
url:	http://www-01.ibm.com/support/docview.wss?uid=swg1ic67848	Trust: 1.7
url:	http://www-01.ibm.com/support/docview.wss?uid=swg1ic68054	Trust: 1.7
url:	http://www-01.ibm.com/support/docview.wss?uid=swg1ic68055	Trust: 1.7
url:	http://www.mandriva.com/security/advisories?name=mdvsa-2010:076	Trust: 1.7
url:	http://www.mandriva.com/security/advisories?name=mdvsa-2010:084	Trust: 1.7
url:	http://www.mandriva.com/security/advisories?name=mdvsa-2010:089	Trust: 1.7
url:	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-049	Trust: 1.7
url:	http://www-01.ibm.com/support/docview.wss?uid=swg1pm12247	Trust: 1.7
url:	http://www.redhat.com/support/errata/rhsa-2010-0119.html	Trust: 1.7
url:	http://www.redhat.com/support/errata/rhsa-2010-0130.html	Trust: 1.7
url:	http://www.redhat.com/support/errata/rhsa-2010-0155.html	Trust: 1.7
url:	http://www.redhat.com/support/errata/rhsa-2010-0165.html	Trust: 1.7
url:	http://www.redhat.com/support/errata/rhsa-2010-0167.html	Trust: 1.7
url:	http://www.redhat.com/support/errata/rhsa-2010-0337.html	Trust: 1.7
url:	http://www.redhat.com/support/errata/rhsa-2010-0338.html	Trust: 1.7
url:	http://www.redhat.com/support/errata/rhsa-2010-0339.html	Trust: 1.7
url:	http://www.redhat.com/support/errata/rhsa-2010-0768.html	Trust: 1.7
url:	http://www.redhat.com/support/errata/rhsa-2010-0770.html	Trust: 1.7
url:	http://www.redhat.com/support/errata/rhsa-2010-0786.html	Trust: 1.7
url:	http://www.redhat.com/support/errata/rhsa-2010-0807.html	Trust: 1.7
url:	http://www.redhat.com/support/errata/rhsa-2010-0865.html	Trust: 1.7
url:	http://www.redhat.com/support/errata/rhsa-2010-0986.html	Trust: 1.7
url:	http://www.redhat.com/support/errata/rhsa-2010-0987.html	Trust: 1.7
url:	http://www.redhat.com/support/errata/rhsa-2011-0880.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html	Trust: 1.7
url:	http://www.us-cert.gov/cas/techalerts/ta10-222a.html	Trust: 1.7
url:	http://www.us-cert.gov/cas/techalerts/ta10-287a.html	Trust: 1.7
url:	http://www.ubuntu.com/usn/usn-1010-1	Trust: 1.7
url:	http://ubuntu.com/usn/usn-923-1	Trust: 1.7
url:	http://www.ubuntu.com/usn/usn-927-1	Trust: 1.7
url:	http://www.ubuntu.com/usn/usn-927-4	Trust: 1.7
url:	http://www.ubuntu.com/usn/usn-927-5	Trust: 1.7
url:	http://openbsd.org/errata45.html#010_openssl	Trust: 1.7
url:	http://openbsd.org/errata46.html#004_openssl	Trust: 1.7
url:	http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00029.html	Trust: 1.7
url:	http://www.openwall.com/lists/oss-security/2009/11/05/3	Trust: 1.7
url:	http://www.openwall.com/lists/oss-security/2009/11/05/5	Trust: 1.7
url:	http://www.openwall.com/lists/oss-security/2009/11/06/3	Trust: 1.7
url:	http://www.openwall.com/lists/oss-security/2009/11/07/3	Trust: 1.7
url:	http://www.openwall.com/lists/oss-security/2009/11/20/1	Trust: 1.7
url:	http://www.openwall.com/lists/oss-security/2009/11/23/10	Trust: 1.7
url:	http://www.ietf.org/mail-archive/web/tls/current/msg03928.html	Trust: 1.7
url:	https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3cdev.tomcat.apache.org%3e	Trust: 1.7
url:	https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3cdev.tomcat.apache.org%3e	Trust: 1.7
url:	https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3cdev.tomcat.apache.org%3e	Trust: 1.7
url:	https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3cdev.tomcat.apache.org%3e	Trust: 1.7
url:	http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html	Trust: 1.7
url:	http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_during	Trust: 1.7
url:	http://clicky.me/tlsvuln	Trust: 1.7
url:	http://extendedsubset.com/renegotiating_tls.pdf	Trust: 1.7
url:	http://kbase.redhat.com/faq/docs/doc-20491	Trust: 1.7
url:	http://support.apple.com/kb/ht4004	Trust: 1.7
url:	http://support.apple.com/kb/ht4170	Trust: 1.7
url:	http://support.apple.com/kb/ht4171	Trust: 1.7
url:	http://support.avaya.com/css/p8/documents/100070150	Trust: 1.7
url:	http://support.avaya.com/css/p8/documents/100081611	Trust: 1.7
url:	http://support.avaya.com/css/p8/documents/100114315	Trust: 1.7
url:	http://support.avaya.com/css/p8/documents/100114327	Trust: 1.7
url:	http://support.zeus.com/zws/media/docs/4.3/release_notes	Trust: 1.7
url:	http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_released	Trust: 1.7
url:	http://sysoev.ru/nginx/patch.cve-2009-3555.txt	Trust: 1.7
url:	http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html	Trust: 1.7
url:	http://wiki.rpath.com/advisories:rpsa-2009-0155	Trust: 1.7
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21426108	Trust: 1.7
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21432298	Trust: 1.7
url:	http://www-01.ibm.com/support/docview.wss?uid=swg24006386	Trust: 1.7
url:	http://www-01.ibm.com/support/docview.wss?uid=swg24025312	Trust: 1.7
url:	http://www.betanews.com/article/1257452450	Trust: 1.7
url:	http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs10-030/index.html	Trust: 1.7
url:	http://www.ingate.com/relnote.php?ver=481	Trust: 1.7
url:	http://www.mozilla.org/security/announce/2010/mfsa2010-22.html	Trust: 1.7
url:	http://www.opera.com/docs/changelogs/unix/1060/	Trust: 1.7
url:	http://www.opera.com/support/search/view/944/	Trust: 1.7
url:	http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html	Trust: 1.7
url:	http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html	Trust: 1.7
url:	http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html	Trust: 1.7
url:	http://www.proftpd.org/docs/release_notes-1.3.2c	Trust: 1.7
url:	http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html	Trust: 1.7
url:	http://www.tombom.co.uk/blog/?p=85	Trust: 1.7
url:	http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html	Trust: 1.7
url:	https://bugzilla.mozilla.org/show_bug.cgi?id=526689	Trust: 1.7
url:	https://bugzilla.mozilla.org/show_bug.cgi?id=545755	Trust: 1.7
url:	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05150888	Trust: 1.7
url:	https://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html	Trust: 1.7
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10088	Trust: 1.7
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a11578	Trust: 1.7
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a11617	Trust: 1.7
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a7315	Trust: 1.7
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a7478	Trust: 1.7
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a7973	Trust: 1.7
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a8366	Trust: 1.7
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a8535	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/54158	Trust: 1.7
url:	http://www-1.ibm.com/support/search.wss?rs=0&q=pm00675&apar=only	Trust: 1.6
url:	http://marc.info/?l=bugtraq&m=130497311408250&w=2	Trust: 1.6
url:	http://marc.info/?l=bugtraq&m=142660345230545&w=2	Trust: 1.6
url:	http://marc.info/?l=bugtraq&m=127557596201693&w=2	Trust: 1.6
url:	http://marc.info/?l=cryptography&m=125752275331877&w=2	Trust: 1.6
url:	http://marc.info/?l=bugtraq&m=134254866602253&w=2	Trust: 1.6
url:	https://kb.bluecoat.com/index?page=content&id=sa50	Trust: 1.6
url:	http://marc.info/?l=bugtraq&m=127419602507642&w=2	Trust: 1.6
url:	http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.597446	Trust: 1.6
url:	http://marc.info/?l=bugtraq&m=132077688910227&w=2	Trust: 1.6
url:	http://marc.info/?l=bugtraq&m=127128920008563&w=2	Trust: 1.6
url:	http://marc.info/?l=bugtraq&m=126150535619567&w=2	Trust: 1.6
url:	http://marc.info/?l=bugtraq&m=133469267822771&w=2	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2009-3555	Trust: 1.2
url:	http://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2	Trust: 1.0
url:	http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00014.html	Trust: 0.8
url:	http://cvs.openssl.org/chngview?cn=18790	Trust: 0.8
url:	http://www.links.org/files/no-renegotiation-2.patch	Trust: 0.8
url:	http://blog.zoller.lu/2009/11/new-sslv3-tls-vulnerability-mitm.html	Trust: 0.8
url:	https://access.redhat.com/errata/rhsa-2009:1694	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2009:1580	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2010:0119	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2011:0880	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2009:1579	Trust: 0.6
url:	https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@%3cdev.tomcat.apache.org%3e	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2010:0440	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2010:0338	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2010:0339	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2010:0337	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2010:0155	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2009-3555	Trust: 0.6
url:	https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3cdev.tomcat.apache.org%3e	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2010:0807	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2010:0011	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2010:0130	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2010:0987	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2010:0865	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2010:0986	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2015:1591	Trust: 0.6
url:	https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2@%3cdev.tomcat.apache.org%3e	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2010:0166	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2010:0165	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2010:0167	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2010:0162	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2010:0164	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2010:0163	Trust: 0.6
url:	https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220@%3cdev.tomcat.apache.org%3e	Trust: 0.6
url:	httpd-announce&m=125755783724966&w=2	Trust: 0.6
url:	http://marc.info/?l=apache-	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2010:0786	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2010:0408	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2010:0768	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2010:0770	Trust: 0.6
url:	http://kb.juniper.net/infocenter/index?page=content&id=jsa10939	Trust: 0.6
url:	https://us-cert.cisa.gov/ics/advisories/icsa-22-160-01	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-have-been-identified-in-ibm-tivoli-netcool-omnibus-probe-for-network-node-manager-i-cve-2009-3555/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.2561/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.2853	Trust: 0.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3555	Trust: 0.3
url:	http://www.itrc.hp.com/service/cki/secbullarchive.do	Trust: 0.3
url:	http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na&langcode=useng&jumpid=in_sc-gen__driveritrc&topiccode=itrc	Trust: 0.3
url:	https://www.hp.com/go/swa	Trust: 0.3
url:	http://h30046.www3.hp.com/subsignin.php	Trust: 0.3
url:	http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins	Trust: 0.2
url:	http://secunia.com/products/corporate/evm/	Trust: 0.2
url:	http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/	Trust: 0.2
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.2
url:	http://secunia.com/vulnerability_scanning/personal/	Trust: 0.2
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.2
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2010-3562	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2010-3567	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2010-3568	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2010-3541	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2010-3566	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2010-3564	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2010-3554	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2010-3569	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2010-3573	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2010-3548	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2010-3549	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2010-3565	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2010-3574	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2010-3553	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2010-3561	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2010-3551	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2010-3557	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2010-0085	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2010-0084	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2010-0091	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2010-0093	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2010-0082	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2010-0088	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2010-0092	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2010-0094	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2010-0838	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2010-0837	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2010-0095	Trust: 0.2
url:	http://marc.info/?l=bugtraq&m=132077688910227&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=142660345230545&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=127419602507642&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=134254866602253&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=130497311408250&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=133469267822771&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=126150535619567&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=127128920008563&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=127557596201693&w=2	Trust: 0.1
url:	http://www-1.ibm.com/support/search.wss?rs=0&q=pm00675&apar=only	Trust: 0.1
url:	http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.597446	Trust: 0.1
url:	http://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2	Trust: 0.1
url:	http://marc.info/?l=cryptography&m=125752275331877&w=2	Trust: 0.1
url:	https://kb.bluecoat.com/index?page=content&id=sa50	Trust: 0.1
url:	https://github.com/adesprets/dpsslclientprofile	Trust: 0.1
url:	https://github.com/galeone/letsencrypt-lighttpd	Trust: 0.1
url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20091105-cve-2009-3555	Trust: 0.1
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=20886	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-3505	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-5139	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-3512	Trust: 0.1
url:	https://h20564.www2.hp.com/portal/site/hpsc/public/kb/	Trust: 0.1
url:	https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-3508	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-3510	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-3509	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-3507	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0195	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-3506	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0160	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-3511	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-3566	Trust: 0.1
url:	https://ca.secunia.com/?page=viewadvisory&vuln_id=44293	Trust: 0.1
url:	http://secunia.com/advisories/44293/	Trust: 0.1
url:	http://secunia.com/research/	Trust: 0.1
url:	http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html#appendixas	Trust: 0.1
url:	http://secunia.com/advisories/44293/#comments	Trust: 0.1
url:	http://secunia.com/company/jobs/open_positions/reverse_engineer	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-4470	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3574	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3423	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3548	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3565	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2469	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0864	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3553	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2443	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1717	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2412	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1716	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0505	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1518	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2419	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3557	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2414	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4450	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-3829	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5829	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5804	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1485	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5806	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5087	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2422	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0865	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4471	Trust: 0.1
url:	http://creativecommons.org/licenses/by-sa/2.5	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5075	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3557	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2426	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4002	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5084	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1711	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1478	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2461	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5820	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5979	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6954	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2470	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4476	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0547	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4540	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0429	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0441	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2451	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2459	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5823	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2421	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0870	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3554	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0862	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2460	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1713	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0706	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0434	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5784	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5830	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3561	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5800	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4467	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3567	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2456	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5803	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4465	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4472	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5086	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3556	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0425	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2383	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2423	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2447	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2452	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2445	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2450	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5778	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5780	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5073	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3568	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3548	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1493	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2446	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5069	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-5035	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3549	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1500	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3562	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3571	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3555	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0426	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0457	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5850	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-2783	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3573	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3552	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0451	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0459	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2423	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1876	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2384	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4469	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0431	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1557	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0458	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2548	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2453	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4448	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3521	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0401	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5085	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2407	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2421	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2429	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-4465	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3569	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2403	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5068	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-2548	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0871	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5071	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2398	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0432	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0815	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0444	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1475	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0497	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5774	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5782	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-4469	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1725	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5790	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5805	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3564	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5802	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5849	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1719	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0461	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0442	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2448	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2458	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0427	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2427	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5825	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0506	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1484	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2430	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3541	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2415	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0872	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3216	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0429	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1718	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5772	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-3860	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3422	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0433	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5074	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3554	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2454	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2444	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5072	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4470	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2436	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4416	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0822	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1537	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3551	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2449	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0503	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0025	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2457	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1476	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0169	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0424	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3563	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0809	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5077	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0435	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3544	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0456	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-4450	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1723	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1726	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0450	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1571	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-4467	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0460	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5081	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3547	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5840	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5851	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2465	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2431	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2473	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6629	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5783	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-4448	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2783	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2463	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3560	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2412	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5809	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1480	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4351	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2420	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0501	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0428	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0869	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2417	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2471	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3566	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3551	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2424	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5076	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5842	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2397	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0452	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3553	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1569	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1724	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3558	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5797	Trust: 0.1
url:	http://security.gentoo.org/	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5070	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1486	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2472	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0446	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0453	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3860	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1488	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0502	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0868	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0440	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0443	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3389	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5814	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5817	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-4351	Trust: 0.1
url:	https://bugs.gentoo.org.	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2455	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5089	Trust: 0.1
url:	http://www.arubanetworks.com/support.	Trust: 0.1
url:	http://enigmail.mozdev.org/	Trust: 0.1
url:	http://www.arubanetworks.com/support/wsirt.php	Trust: 0.1
url:	http://www.securityfocus.com/archive/1	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-4180	Trust: 0.1
url:	http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/	Trust: 0.1
url:	https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c02964430	Trust: 0.1
url:	http://www.hp.com/go/bizsupport	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2008-7270	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b18-1.8.2-4ubuntu2_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6b18/openjdk-6b18_6b18-1.8.2-4ubuntu1.diff.gz	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b20-1.9.1-1ubuntu3_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b18-1.8.2.orig.tar.gz	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b20-1.9.1-1ubuntu3_i386.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b18-1.8.2-4ubuntu1~9.10.1_powerpc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b18-1.8.2-4ubuntu2_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-headless_6b18-1.8.2-4ubuntu1~8.04.1_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b20-1.9.1-1ubuntu3_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-dbg_6b18-1.8.2-4ubuntu1~8.04.1_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b18-1.8.2-4ubuntu2_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b18-1.8.2-4ubuntu2_i386.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b18-1.8.2-4ubuntu2_powerpc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b18-1.8.2-4ubuntu1~9.10.1_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b18-1.8.2-4ubuntu2_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b18-1.8.2-4ubuntu1~9.10.1_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-headless_6b18-1.8.2-4ubuntu1~8.04.1_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jdk_6b18-1.8.2-4ubuntu1~8.04.1_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b18-1.8.2-4ubuntu1~9.10.1_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b20-1.9.1-1ubuntu3.dsc	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b18-1.8.2-4ubuntu1~9.10.1_amd64.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b18-1.8.2-4ubuntu1~9.10.1_powerpc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b18-1.8.2-4ubuntu1~9.10.1_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b18-1.8.2-4ubuntu1~9.10.1_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-lib_6b18-1.8.2-4ubuntu1~9.10.1_all.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b20-1.9.1-1ubuntu3_amd64.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b20-1.9.1-1ubuntu3_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b18-1.8.2-4ubuntu1~9.10.1_i386.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b18-1.8.2-4ubuntu1~9.10.1_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6_6b18-1.8.2-4ubuntu1~8.04.1.diff.gz	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b18-1.8.2-4ubuntu2_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-lib_6b18-1.8.2-4ubuntu1~8.04.1_all.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b18-1.8.2-4ubuntu1~9.10.1_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b20-1.9.1-1ubuntu3_i386.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b18-1.8.2-4ubuntu1~9.10.1_lpia.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-lib_6b18-1.8.2-4ubuntu2_all.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b18-1.8.2-4ubuntu2_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b20-1.9.1-1ubuntu3_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b18-1.8.2-4ubuntu1~9.10.1_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b20-1.9.1.orig.tar.gz	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b18-1.8.2-4ubuntu2_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6b18/openjdk-6b18_6b18-1.8.2-4ubuntu1.dsc	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b20-1.9.1-1ubuntu3_powerpc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b20-1.9.1-1ubuntu3_powerpc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-dbg_6b18-1.8.2-4ubuntu1~8.04.1_powerpc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b18-1.8.2-4ubuntu1~9.10.1_lpia.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b18-1.8.2-4ubuntu1~9.10.1_amd64.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b18-1.8.2-4ubuntu1~9.10.1_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-dbg_6b18-1.8.2-4ubuntu1~8.04.1_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b18-1.8.2-4ubuntu2.diff.gz	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-doc_6b20-1.9.1-1ubuntu3_all.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b18-1.8.2-4ubuntu2_powerpc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b18-1.8.2-4ubuntu1~9.10.1_lpia.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-demo_6b18-1.8.2-4ubuntu1~8.04.1_amd64.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b20-1.9.1-1ubuntu3_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b18-1.8.2-4ubuntu1~8.04.1_i386.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jre-headless_6b18-1.8.2-4ubuntu1~8.04.1_lpia.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b18-1.8.2-4ubuntu2_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre_6b18-1.8.2-4ubuntu1~8.04.1_amd64.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b18-1.8.2-4ubuntu1~9.10.1_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-doc_6b18-1.8.2-4ubuntu1~8.04.1_all.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b18-1.8.2-4ubuntu2_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b18-1.8.2-4ubuntu2_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b18-1.8.2-4ubuntu1~9.10.1_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b18-1.8.2-4ubuntu2_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-lib_6b20-1.9.1-1ubuntu3_all.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b18-1.8.2-4ubuntu2_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-source_6b20-1.9.1-1ubuntu3_all.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b18-1.8.2-4ubuntu1~9.10.1_lpia.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b20-1.9.1-1ubuntu3_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-source_6b18-1.8.2-4ubuntu1~9.10.1_all.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b18-1.8.2-4ubuntu1~9.10.1_powerpc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b18-1.8.2-4ubuntu1~9.10.1_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b20-1.9.1-1ubuntu3_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b20-1.9.1-1ubuntu3.diff.gz	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b20-1.9.1-1ubuntu3_amd64.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b18-1.8.2-4ubuntu2_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b20-1.9.1-1ubuntu3_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-source_6b18-1.8.2-4ubuntu2_all.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b18-1.8.2-4ubuntu1~9.10.1_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b18-1.8.2-4ubuntu2_i386.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jre_6b18-1.8.2-4ubuntu1~8.04.1_lpia.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b18-1.8.2-4ubuntu1~9.10.1_sparc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b18-1.8.2-4ubuntu2_powerpc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b18-1.8.2-4ubuntu1~9.10.1_lpia.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b18-1.8.2-4ubuntu1~9.10.1_lpia.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b18-1.8.2-4ubuntu2_i386.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b18-1.8.2-4ubuntu1~8.04.1_powerpc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b20-1.9.1-1ubuntu3_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-doc_6b18-1.8.2-4ubuntu1~9.10.1_all.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b18-1.8.2-4ubuntu2_amd64.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b18-1.8.2-4ubuntu2_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b18-1.8.2-4ubuntu2_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-doc_6b18-1.8.2-4ubuntu2_all.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b18-1.8.2-4ubuntu1~9.10.1_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b18-1.8.2-4ubuntu1~9.10.1_i386.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-demo_6b18-1.8.2-4ubuntu1~8.04.1_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b18-1.8.2-4ubuntu1~9.10.1_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b18-1.8.2-4ubuntu2_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b18-1.8.2-4ubuntu1~9.10.1_amd64.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b20-1.9.1-1ubuntu3_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre_6b18-1.8.2-4ubuntu1~8.04.1_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b18-1.8.2-4ubuntu2.dsc	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b20-1.9.1-1ubuntu3_amd64.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jre_6b18-1.8.2-4ubuntu1~8.04.1_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b20-1.9.1-1ubuntu3_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b18-1.8.2-4ubuntu1~9.10.1_i386.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b18-1.8.2-4ubuntu1~9.10.1_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b20-1.9.1-1ubuntu3_i386.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b18-1.8.2-4ubuntu1~8.04.1_lpia.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-dbg_6b18-1.8.2-4ubuntu1~8.04.1_lpia.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-demo_6b18-1.8.2-4ubuntu1~8.04.1_lpia.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jdk_6b18-1.8.2-4ubuntu1~8.04.1_i386.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b18-1.8.2-4ubuntu1~9.10.1_lpia.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6_6b18-1.8.2-4ubuntu1~8.04.1.dsc	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b18-1.8.2-4ubuntu2_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b18-1.8.2-4ubuntu2_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b20-1.9.1-1ubuntu3_amd64.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jdk_6b18-1.8.2-4ubuntu1~8.04.1_lpia.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b18-1.8.2-4ubuntu1~9.10.1_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-demo_6b18-1.8.2-4ubuntu1~8.04.1_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b18-1.8.2-4ubuntu1~9.10.1.dsc	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b20-1.9.1-1ubuntu3_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b18-1.8.2-4ubuntu2_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b18-1.8.2-4ubuntu2_i386.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b20-1.9.1-1ubuntu3_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b20-1.9.1-1ubuntu3_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6_6b18-1.8.2.orig.tar.gz	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b18-1.8.2-4ubuntu1~9.10.1_lpia.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b18-1.8.2-4ubuntu1~9.10.1.diff.gz	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b18-1.8.2-4ubuntu2_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b18-1.8.2-4ubuntu1~8.04.1_amd64.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b18-1.8.2-4ubuntu2_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b20-1.9.1-1ubuntu3_amd64.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b18-1.8.2-4ubuntu1~9.10.1_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6b18/openjdk-6b18_6b18-1.8.2.orig.tar.gz	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b18-1.8.2-4ubuntu1~9.10.1_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b18-1.8.2-4ubuntu1~9.10.1_amd64.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jre-headless_6b18-1.8.2-4ubuntu1~8.04.1_powerpc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jdk_6b18-1.8.2-4ubuntu1~8.04.1_powerpc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b18-1.8.2-4ubuntu2_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-source_6b18-1.8.2-4ubuntu1~8.04.1_all.deb	Trust: 0.1
url:	http://download3.vmware.com/software/vi/esx350-201012409-sg.zip	Trust: 0.1
url:	http://www.vmware.com/security/advisories	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2009-2409	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2409	Trust: 0.1
url:	http://download3.vmware.com/software/vi/esx350-201012408-sg.zip	Trust: 0.1
url:	http://www.vmware.com/security	Trust: 0.1
url:	http://kb.vmware.com/kb/1055	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3069	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2009-0590	Trust: 0.1
url:	http://download3.vmware.com/software/vi/esx350-201012401-sg.zip	Trust: 0.1
url:	http://www.vmware.com/support/policies/security_response.html	Trust: 0.1
url:	http://www.vmware.com/support/policies/eos.html	Trust: 0.1
url:	http://kb.vmware.com/kb/1030000	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0590	Trust: 0.1
url:	http://kb.vmware.com/kb/1029993	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-3069	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0405	Trust: 0.1
url:	http://kb.vmware.com/kb/1029999	Trust: 0.1
url:	http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-0405	Trust: 0.1
url:	http://www.vmware.com/support/policies/eos_vi.html	Trust: 0.1
url:	http://www.vmware.com/support/policies/lifecycle/vi/faq.html	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-0740	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-0433	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2009-4355	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2009-3245	Trust: 0.1
url:	http://www.openoffice.org/security/cves/cve-2010-0395.html	Trust: 0.1
url:	http://secunia.com/advisories/40070/#comments	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/corporate/webinars/	Trust: 0.1
url:	http://secunia.com/advisories/40070/	Trust: 0.1
url:	https://ca.secunia.com/?page=viewadvisory&vuln_id=40070	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.8.04.1_lpia.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.8.04.1_powerpc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.8.04.1_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.6-0ubuntu0.8.04.1.diff.gz	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.8.04.1_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.6-0ubuntu0.8.04.1.dsc	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.12.6-0ubuntu0.8.04.1_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.8.04.1_amd64.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.8.04.1_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.8.04.1_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.8.04.1_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d_3.12.6-0ubuntu0.8.04.1_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.8.04.1_amd64.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.8.04.1_powerpc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.8.04.1_sparc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.8.04.1_sparc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.12.6-0ubuntu0.8.04.1_lpia.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.8.04.1_i386.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.12.6-0ubuntu0.8.04.1_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d_3.12.6-0ubuntu0.8.04.1_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.8.04.1_i386.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.8.04.1_lpia.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.8.04.1_lpia.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.8.04.1_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.8.04.1_amd64.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.8.04.1_lpia.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.6.orig.tar.gz	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.8.04.1_powerpc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b16-1.6.1-3ubuntu3_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b16-1.6.1-3ubuntu3.dsc	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b12-0ubuntu6.7_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-headless_6b11-2ubuntu2.2_i386.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b16-1.6.1-3ubuntu3_sparc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-dbg_6b11-2ubuntu2.2_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-lib_6b12-0ubuntu6.7_all.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b12-0ubuntu6.7_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-source-files_6b12-0ubuntu6.7_all.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b14-1.4.1-0ubuntu13_amd64.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b14-1.4.1-0ubuntu13_lpia.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b16-1.6.1-3ubuntu3_lpia.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b12-0ubuntu6.7_amd64.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b14-1.4.1-0ubuntu13_powerpc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-demo_6b11-2ubuntu2.2_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b16-1.6.1-3ubuntu3_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b14-1.4.1-0ubuntu13_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b12-0ubuntu6.7_i386.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jre_6b11-2ubuntu2.2_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b16-1.6.1-3ubuntu3_amd64.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-dbg_6b11-2ubuntu2.2_lpia.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b16-1.6.1-3ubuntu3_amd64.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b16-1.6.1-3ubuntu3_lpia.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b16-1.6.1-3ubuntu3_lpia.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b16-1.6.1-3ubuntu3_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-demo_6b11-2ubuntu2.2_amd64.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b14-1.4.1-0ubuntu13_lpia.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b16-1.6.1-3ubuntu3_amd64.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b14-1.4.1-0ubuntu13_lpia.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b14-1.4.1-0ubuntu13_lpia.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b16-1.6.1-3ubuntu3_lpia.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jdk_6b11-2ubuntu2.2_i386.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b16-1.6.1-3ubuntu3_lpia.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b14-1.4.1-0ubuntu13_powerpc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b12-0ubuntu6.7_lpia.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b12-0ubuntu6.7_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b14-1.4.1-0ubuntu13_amd64.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jdk_6b11-2ubuntu2.2_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b12-0ubuntu6.7_i386.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b16-1.6.1-3ubuntu3_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-lib_6b11-2ubuntu2.2_all.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b14-1.4.1-0ubuntu13_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-dbg_6b11-2ubuntu2.2_i386.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b16-1.6.1-3ubuntu3_powerpc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jre-headless_6b11-2ubuntu2.2_sparc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b12-0ubuntu6.7_lpia.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b14-1.4.1-0ubuntu13_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b14-1.4.1-0ubuntu13_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b16-1.6.1-3ubuntu3_i386.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b16-1.6.1-3ubuntu3_powerpc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b14-1.4.1-0ubuntu13_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b12.orig.tar.gz	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b16-1.6.1-3ubuntu3_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-source_6b14-1.4.1-0ubuntu13_all.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b16-1.6.1-3ubuntu3_i386.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b12-0ubuntu6.7_lpia.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b14-1.4.1-0ubuntu13.diff.gz	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b14-1.4.1-0ubuntu13_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b14-1.4.1-0ubuntu13_amd64.deb	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-0840	Trust: 0.1
url:	http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jdk_6b11-2ubuntu2.2_lpia.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b14-1.4.1-0ubuntu13_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b14-1.4.1-0ubuntu13.dsc	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b16-1.6.1.orig.tar.gz	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-0848	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b12-0ubuntu6.7_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b16-1.6.1-3ubuntu3_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b12-0ubuntu6.7.dsc	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6_6b11.orig.tar.gz	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b16-1.6.1-3ubuntu3.diff.gz	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b14-1.4.1-0ubuntu13_powerpc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b14-1.4.1-0ubuntu13_lpia.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b14-1.4.1-0ubuntu13_lpia.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-source-files_6b14-1.4.1-0ubuntu13_all.deb	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-0845	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b12-0ubuntu6.7.diff.gz	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b16-1.6.1-3ubuntu3_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-doc_6b11-2ubuntu2.2_all.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre_6b11-2ubuntu2.2_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b16-1.6.1-3ubuntu3_i386.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b16-1.6.1-3ubuntu3_lpia.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b12-0ubuntu6.7_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b12-0ubuntu6.7_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6_6b11-2ubuntu2.2.diff.gz	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-doc_6b14-1.4.1-0ubuntu13_all.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b14-1.4.1-0ubuntu13_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-dbg_6b11-2ubuntu2.2_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-source_6b12-0ubuntu6.7_all.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-doc_6b16-1.6.1-3ubuntu3_all.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b12-0ubuntu6.7_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b12-0ubuntu6.7_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b16-1.6.1-3ubuntu3_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-lib_6b14-1.4.1-0ubuntu13_all.deb	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-0847	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b14-1.4.1-0ubuntu13_lpia.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b16-1.6.1-3ubuntu3_amd64.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b16-1.6.1-3ubuntu3_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre_6b11-2ubuntu2.2_i386.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b16-1.6.1-3ubuntu3_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b12-0ubuntu6.7_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b16-1.6.1-3ubuntu3_i386.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b16-1.6.1-3ubuntu3_sparc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-demo_6b11-2ubuntu2.2_lpia.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b16-1.6.1-3ubuntu3_sparc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b12-0ubuntu6.7_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b14-1.4.1.orig.tar.gz	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b12-0ubuntu6.7_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b16-1.6.1-3ubuntu3_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jdk_6b11-2ubuntu2.2_amd64.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b12-0ubuntu6.7_lpia.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-headless_6b11-2ubuntu2.2_amd64.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jre-headless_6b11-2ubuntu2.2_lpia.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b14-1.4.1-0ubuntu13_amd64.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b14-1.4.1-0ubuntu13_lpia.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b14-1.4.1-0ubuntu13_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6_6b11-2ubuntu2.2.dsc	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b14-1.4.1-0ubuntu13_amd64.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b12-0ubuntu6.7_lpia.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b16-1.6.1-3ubuntu3_amd64.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b16-1.6.1-3ubuntu3_powerpc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b12-0ubuntu6.7_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b14-1.4.1-0ubuntu13_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-source_6b16-1.6.1-3ubuntu3_all.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-lib_6b16-1.6.1-3ubuntu3_all.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b14-1.4.1-0ubuntu13_i386.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b12-0ubuntu6.7_lpia.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b16-1.6.1-3ubuntu3_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b12-0ubuntu6.7_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-doc_6b12-0ubuntu6.7_all.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b16-1.6.1-3ubuntu3_powerpc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b14-1.4.1-0ubuntu13_powerpc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jre_6b11-2ubuntu2.2_lpia.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b12-0ubuntu6.7_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b12-0ubuntu6.7_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b16-1.6.1-3ubuntu3_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b14-1.4.1-0ubuntu13_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-source_6b11-2ubuntu2.2_all.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b16-1.6.1-3ubuntu3_lpia.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b14-1.4.1-0ubuntu13_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-demo_6b11-2ubuntu2.2_i386.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b16-1.6.1-3ubuntu3_lpia.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b16-1.6.1-3ubuntu3_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b14-1.4.1-0ubuntu13_i386.deb	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-0087	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-0839	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-0089	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2009-3793	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2008-4546	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-0090	Trust: 0.1
url:	http://www.hp.com/go/hpsim	Trust: 0.1

CREDITS

Mitsubishi Electric reported these vulnerabilities to CISA.

Trust: 0.6

sources: CNNVD: CNNVD-200911-069

SOURCES

db:	CERT/CC	id:	VU#120541
db:	VULHUB	id:	VHN-41001
db:	VULMON	id:	CVE-2009-3555
db:	PACKETSTORM	id:	169645
db:	PACKETSTORM	id:	130868
db:	PACKETSTORM	id:	100761
db:	PACKETSTORM	id:	127267
db:	PACKETSTORM	id:	86075
db:	PACKETSTORM	id:	106754
db:	PACKETSTORM	id:	95279
db:	PACKETSTORM	id:	96463
db:	PACKETSTORM	id:	88387
db:	PACKETSTORM	id:	90344
db:	PACKETSTORM	id:	91309
db:	PACKETSTORM	id:	88173
db:	PACKETSTORM	id:	91749
db:	PACKETSTORM	id:	83271
db:	CNNVD	id:	CNNVD-200911-069
db:	NVD	id:	CVE-2009-3555

LAST UPDATE DATE

2026-04-17T22:47:35.375000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#120541	date:	2011-07-22T00:00:00
db:	VULHUB	id:	VHN-41001	date:	2023-02-13T00:00:00
db:	CNNVD	id:	CNNVD-200911-069	date:	2023-04-27T00:00:00
db:	NVD	id:	CVE-2009-3555	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#120541	date:	2009-11-11T00:00:00
db:	VULHUB	id:	VHN-41001	date:	2009-11-09T00:00:00
db:	PACKETSTORM	id:	169645	date:	2009-11-11T12:12:12
db:	PACKETSTORM	id:	130868	date:	2015-03-18T00:44:34
db:	PACKETSTORM	id:	100761	date:	2011-04-24T07:03:07
db:	PACKETSTORM	id:	127267	date:	2014-06-30T23:39:28
db:	PACKETSTORM	id:	86075	date:	2010-02-09T18:53:40
db:	PACKETSTORM	id:	106754	date:	2011-11-09T00:58:11
db:	PACKETSTORM	id:	95279	date:	2010-10-29T15:50:22
db:	PACKETSTORM	id:	96463	date:	2010-12-08T18:34:39
db:	PACKETSTORM	id:	88387	date:	2010-04-15T22:26:05
db:	PACKETSTORM	id:	90344	date:	2010-06-07T16:47:06
db:	PACKETSTORM	id:	91309	date:	2010-06-30T03:23:55
db:	PACKETSTORM	id:	88173	date:	2010-04-07T22:23:17
db:	PACKETSTORM	id:	91749	date:	2010-07-14T04:19:30
db:	PACKETSTORM	id:	83271	date:	2009-11-30T21:44:08
db:	CNNVD	id:	CNNVD-200911-069	date:	2009-11-09T00:00:00
db:	NVD	id:	CVE-2009-3555	date:	2009-11-09T17:30:00.407