Details of VAR-201410-1418

ID

VAR-201410-1418

CVE

CVE-2014-3566

TITLE

OpenSSL Used in and other products SSL Vulnerability in obtaining plaintext data in the protocol

Trust: 0.8

sources: JVNDB: JVNDB-2014-004670

DESCRIPTION

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. This vulnerability "POODLE" It is called.Man-in-the-middle attacks (man-in-the-middle attack) May get plain text data through padding oracle attacks. SSL protocol is the abbreviation of Secure Socket Layer protocol (Secure Socket Layer) developed by Netscape, which provides security and data integrity guarantee for Internet communication. There is a security vulnerability in the SSL protocol 3.0 version used in OpenSSL 1.0.1i and earlier versions. HP Storage Data Protector Cell Manager v8 before v8.13_206 and v9 before v9.03MMR running on HP-UX 11i, Windows Server 2008/2008R2/2012/2012R2, Redhat, CentOS, Oracle Linux, and SUSE Linux_x64. Relevant releases/architectures: RHOSE Node 2.0 - noarch 3. Description: OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. This flaw allows a man-in-the-middle (MITM) attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. Bugs fixed (https://bugzilla.redhat.com/): 1152789 - CVE-2014-3566 SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack 6. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.7.1-ibm security update Advisory ID: RHSA-2014:1880-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1880.html Issue date: 2014-11-20 CVE Names: CVE-2014-3065 CVE-2014-3566 CVE-2014-4288 CVE-2014-6456 CVE-2014-6457 CVE-2014-6458 CVE-2014-6476 CVE-2014-6492 CVE-2014-6493 CVE-2014-6502 CVE-2014-6503 CVE-2014-6506 CVE-2014-6511 CVE-2014-6512 CVE-2014-6515 CVE-2014-6527 CVE-2014-6531 CVE-2014-6532 CVE-2014-6558 ===================================================================== 1. Summary: Updated java-1.7.1-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 6 and 7 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client Supplementary (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Supplementary (v. 7) - x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 7) - x86_64 3. Description: IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2014-3065, CVE-2014-3566, CVE-2014-4288, CVE-2014-6456, CVE-2014-6457, CVE-2014-6458, CVE-2014-6476, CVE-2014-6492, CVE-2014-6493, CVE-2014-6502, CVE-2014-6503, CVE-2014-6506, CVE-2014-6511, CVE-2014-6512, CVE-2014-6515, CVE-2014-6527, CVE-2014-6531, CVE-2014-6532, CVE-2014-6558) The CVE-2014-6512 issue was discovered by Florian Weimer of Red Hat Product Security. Note: With this update, the IBM SDK now disables the SSL 3.0 protocol to address the CVE-2014-3566 issue (also known as POODLE). Refer to the IBM article linked to in the References section for additional details about this change and instructions on how to re-enable SSL 3.0 support if needed. All users of java-1.7.1-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 7R1 SR2 release. All running instances of IBM Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1071210 - CVE-2014-6512 OpenJDK: DatagramSocket connected socket missing source check (Libraries, 8039509) 1150155 - CVE-2014-6506 OpenJDK: insufficient permission checks when setting resource bundle on system logger (Libraries, 8041564) 1150651 - CVE-2014-6531 OpenJDK: insufficient ResourceBundle name check (Libraries, 8044274) 1150669 - CVE-2014-6502 OpenJDK: LogRecord use of incorrect CL when loading ResourceBundle (Libraries, 8042797) 1151046 - CVE-2014-6457 OpenJDK: Triple Handshake attack against TLS/SSL connections (JSSE, 8037066) 1151063 - CVE-2014-6558 OpenJDK: CipherInputStream incorrect exception handling (Security, 8037846) 1151517 - CVE-2014-6511 ICU: Layout Engine ContextualSubstitution missing boundary checks (JDK 2D, 8041540) 1152756 - CVE-2014-6532 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment) 1152757 - CVE-2014-6503 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment) 1152758 - CVE-2014-6456 Oracle JDK: unspecified vulnerability fixed in 7u71 and 8u25 (Deployment) 1152759 - CVE-2014-6492 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment) 1152760 - CVE-2014-6493 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment) 1152761 - CVE-2014-4288 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment) 1152763 - CVE-2014-6458 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment) 1152765 - CVE-2014-6476 Oracle JDK: unspecified vulnerability fixed in 7u71 and 8u25 (Deployment) 1152766 - CVE-2014-6515 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment) 1152767 - CVE-2014-6527 Oracle JDK: unspecified vulnerability fixed in 7u71 and 8u25 (Deployment) 1152789 - CVE-2014-3566 SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack 1162554 - CVE-2014-3065 IBM JDK: privilege escalation via shared class cache 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.7.1-ibm-1.7.1.2.0-1jpp.3.el6_6.i686.rpm java-1.7.1-ibm-demo-1.7.1.2.0-1jpp.3.el6_6.i686.rpm java-1.7.1-ibm-devel-1.7.1.2.0-1jpp.3.el6_6.i686.rpm java-1.7.1-ibm-jdbc-1.7.1.2.0-1jpp.3.el6_6.i686.rpm java-1.7.1-ibm-plugin-1.7.1.2.0-1jpp.3.el6_6.i686.rpm java-1.7.1-ibm-src-1.7.1.2.0-1jpp.3.el6_6.i686.rpm x86_64: java-1.7.1-ibm-1.7.1.2.0-1jpp.3.el6_6.i686.rpm java-1.7.1-ibm-1.7.1.2.0-1jpp.3.el6_6.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.2.0-1jpp.3.el6_6.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.2.0-1jpp.3.el6_6.i686.rpm java-1.7.1-ibm-devel-1.7.1.2.0-1jpp.3.el6_6.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.2.0-1jpp.3.el6_6.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.2.0-1jpp.3.el6_6.x86_64.rpm java-1.7.1-ibm-src-1.7.1.2.0-1jpp.3.el6_6.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.7.1-ibm-1.7.1.2.0-1jpp.3.el6_6.i686.rpm java-1.7.1-ibm-1.7.1.2.0-1jpp.3.el6_6.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.2.0-1jpp.3.el6_6.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.2.0-1jpp.3.el6_6.i686.rpm java-1.7.1-ibm-devel-1.7.1.2.0-1jpp.3.el6_6.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.2.0-1jpp.3.el6_6.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.2.0-1jpp.3.el6_6.x86_64.rpm java-1.7.1-ibm-src-1.7.1.2.0-1jpp.3.el6_6.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.7.1-ibm-1.7.1.2.0-1jpp.3.el6_6.i686.rpm java-1.7.1-ibm-demo-1.7.1.2.0-1jpp.3.el6_6.i686.rpm java-1.7.1-ibm-devel-1.7.1.2.0-1jpp.3.el6_6.i686.rpm java-1.7.1-ibm-jdbc-1.7.1.2.0-1jpp.3.el6_6.i686.rpm java-1.7.1-ibm-plugin-1.7.1.2.0-1jpp.3.el6_6.i686.rpm java-1.7.1-ibm-src-1.7.1.2.0-1jpp.3.el6_6.i686.rpm ppc64: java-1.7.1-ibm-1.7.1.2.0-1jpp.3.el6_6.ppc.rpm java-1.7.1-ibm-1.7.1.2.0-1jpp.3.el6_6.ppc64.rpm java-1.7.1-ibm-demo-1.7.1.2.0-1jpp.3.el6_6.ppc64.rpm java-1.7.1-ibm-devel-1.7.1.2.0-1jpp.3.el6_6.ppc.rpm java-1.7.1-ibm-devel-1.7.1.2.0-1jpp.3.el6_6.ppc64.rpm java-1.7.1-ibm-jdbc-1.7.1.2.0-1jpp.3.el6_6.ppc64.rpm java-1.7.1-ibm-plugin-1.7.1.2.0-1jpp.3.el6_6.ppc.rpm java-1.7.1-ibm-src-1.7.1.2.0-1jpp.3.el6_6.ppc64.rpm s390x: java-1.7.1-ibm-1.7.1.2.0-1jpp.3.el6_6.s390.rpm java-1.7.1-ibm-1.7.1.2.0-1jpp.3.el6_6.s390x.rpm java-1.7.1-ibm-demo-1.7.1.2.0-1jpp.3.el6_6.s390x.rpm java-1.7.1-ibm-devel-1.7.1.2.0-1jpp.3.el6_6.s390.rpm java-1.7.1-ibm-devel-1.7.1.2.0-1jpp.3.el6_6.s390x.rpm java-1.7.1-ibm-jdbc-1.7.1.2.0-1jpp.3.el6_6.s390x.rpm java-1.7.1-ibm-src-1.7.1.2.0-1jpp.3.el6_6.s390x.rpm x86_64: java-1.7.1-ibm-1.7.1.2.0-1jpp.3.el6_6.i686.rpm java-1.7.1-ibm-1.7.1.2.0-1jpp.3.el6_6.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.2.0-1jpp.3.el6_6.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.2.0-1jpp.3.el6_6.i686.rpm java-1.7.1-ibm-devel-1.7.1.2.0-1jpp.3.el6_6.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.2.0-1jpp.3.el6_6.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.2.0-1jpp.3.el6_6.x86_64.rpm java-1.7.1-ibm-src-1.7.1.2.0-1jpp.3.el6_6.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: java-1.7.1-ibm-1.7.1.2.0-1jpp.3.el6_6.i686.rpm java-1.7.1-ibm-demo-1.7.1.2.0-1jpp.3.el6_6.i686.rpm java-1.7.1-ibm-devel-1.7.1.2.0-1jpp.3.el6_6.i686.rpm java-1.7.1-ibm-jdbc-1.7.1.2.0-1jpp.3.el6_6.i686.rpm java-1.7.1-ibm-plugin-1.7.1.2.0-1jpp.3.el6_6.i686.rpm java-1.7.1-ibm-src-1.7.1.2.0-1jpp.3.el6_6.i686.rpm x86_64: java-1.7.1-ibm-1.7.1.2.0-1jpp.3.el6_6.i686.rpm java-1.7.1-ibm-1.7.1.2.0-1jpp.3.el6_6.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.2.0-1jpp.3.el6_6.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.2.0-1jpp.3.el6_6.i686.rpm java-1.7.1-ibm-devel-1.7.1.2.0-1jpp.3.el6_6.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.2.0-1jpp.3.el6_6.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.2.0-1jpp.3.el6_6.x86_64.rpm java-1.7.1-ibm-src-1.7.1.2.0-1jpp.3.el6_6.x86_64.rpm Red Hat Enterprise Linux Client Supplementary (v. 7): x86_64: java-1.7.1-ibm-1.7.1.2.0-1jpp.3.el7_0.i686.rpm java-1.7.1-ibm-1.7.1.2.0-1jpp.3.el7_0.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.2.0-1jpp.3.el7_0.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.2.0-1jpp.3.el7_0.i686.rpm java-1.7.1-ibm-devel-1.7.1.2.0-1jpp.3.el7_0.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.2.0-1jpp.3.el7_0.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.2.0-1jpp.3.el7_0.x86_64.rpm java-1.7.1-ibm-src-1.7.1.2.0-1jpp.3.el7_0.x86_64.rpm Red Hat Enterprise Linux ComputeNode Supplementary (v. 7): x86_64: java-1.7.1-ibm-1.7.1.2.0-1jpp.3.el7_0.i686.rpm java-1.7.1-ibm-1.7.1.2.0-1jpp.3.el7_0.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.2.0-1jpp.3.el7_0.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.2.0-1jpp.3.el7_0.i686.rpm java-1.7.1-ibm-devel-1.7.1.2.0-1jpp.3.el7_0.x86_64.rpm java-1.7.1-ibm-src-1.7.1.2.0-1jpp.3.el7_0.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 7): ppc64: java-1.7.1-ibm-1.7.1.2.0-1jpp.3.el7_0.ppc.rpm java-1.7.1-ibm-1.7.1.2.0-1jpp.3.el7_0.ppc64.rpm java-1.7.1-ibm-demo-1.7.1.2.0-1jpp.3.el7_0.ppc64.rpm java-1.7.1-ibm-devel-1.7.1.2.0-1jpp.3.el7_0.ppc.rpm java-1.7.1-ibm-devel-1.7.1.2.0-1jpp.3.el7_0.ppc64.rpm java-1.7.1-ibm-jdbc-1.7.1.2.0-1jpp.3.el7_0.ppc64.rpm java-1.7.1-ibm-plugin-1.7.1.2.0-1jpp.3.el7_0.ppc.rpm java-1.7.1-ibm-src-1.7.1.2.0-1jpp.3.el7_0.ppc64.rpm s390x: java-1.7.1-ibm-1.7.1.2.0-1jpp.3.el7_0.s390.rpm java-1.7.1-ibm-1.7.1.2.0-1jpp.3.el7_0.s390x.rpm java-1.7.1-ibm-demo-1.7.1.2.0-1jpp.3.el7_0.s390x.rpm java-1.7.1-ibm-devel-1.7.1.2.0-1jpp.3.el7_0.s390.rpm java-1.7.1-ibm-devel-1.7.1.2.0-1jpp.3.el7_0.s390x.rpm java-1.7.1-ibm-jdbc-1.7.1.2.0-1jpp.3.el7_0.s390x.rpm java-1.7.1-ibm-src-1.7.1.2.0-1jpp.3.el7_0.s390x.rpm x86_64: java-1.7.1-ibm-1.7.1.2.0-1jpp.3.el7_0.i686.rpm java-1.7.1-ibm-1.7.1.2.0-1jpp.3.el7_0.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.2.0-1jpp.3.el7_0.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.2.0-1jpp.3.el7_0.i686.rpm java-1.7.1-ibm-devel-1.7.1.2.0-1jpp.3.el7_0.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.2.0-1jpp.3.el7_0.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.2.0-1jpp.3.el7_0.x86_64.rpm java-1.7.1-ibm-src-1.7.1.2.0-1jpp.3.el7_0.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 7): x86_64: java-1.7.1-ibm-1.7.1.2.0-1jpp.3.el7_0.i686.rpm java-1.7.1-ibm-1.7.1.2.0-1jpp.3.el7_0.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.2.0-1jpp.3.el7_0.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.2.0-1jpp.3.el7_0.i686.rpm java-1.7.1-ibm-devel-1.7.1.2.0-1jpp.3.el7_0.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.2.0-1jpp.3.el7_0.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.2.0-1jpp.3.el7_0.x86_64.rpm java-1.7.1-ibm-src-1.7.1.2.0-1jpp.3.el7_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-3065 https://access.redhat.com/security/cve/CVE-2014-3566 https://access.redhat.com/security/cve/CVE-2014-4288 https://access.redhat.com/security/cve/CVE-2014-6456 https://access.redhat.com/security/cve/CVE-2014-6457 https://access.redhat.com/security/cve/CVE-2014-6458 https://access.redhat.com/security/cve/CVE-2014-6476 https://access.redhat.com/security/cve/CVE-2014-6492 https://access.redhat.com/security/cve/CVE-2014-6493 https://access.redhat.com/security/cve/CVE-2014-6502 https://access.redhat.com/security/cve/CVE-2014-6503 https://access.redhat.com/security/cve/CVE-2014-6506 https://access.redhat.com/security/cve/CVE-2014-6511 https://access.redhat.com/security/cve/CVE-2014-6512 https://access.redhat.com/security/cve/CVE-2014-6515 https://access.redhat.com/security/cve/CVE-2014-6527 https://access.redhat.com/security/cve/CVE-2014-6531 https://access.redhat.com/security/cve/CVE-2014-6532 https://access.redhat.com/security/cve/CVE-2014-6558 https://access.redhat.com/security/updates/classification/#critical https://www.ibm.com/developerworks/java/jdk/alerts/ https://www-01.ibm.com/support/docview.wss?uid=swg21688165 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUbh0WXlSAg2UNWIIRAi2fAKDExQmcZYqy6INJOtUbpQK5QrXWUgCgmnhC K/vkNngAOzoTqWX0yFnSTr0= =nHUV -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04583581 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04583581 Version: 1 HPSBUX03281 SSRT101968 rev.1 - HP-UX running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2015-03-10 Last Updated: 2015-03-10 Potential Security Impact: Remote unauthorized access, disclosure of information, and other vulnerabilities Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities. References: CVE-2014-3566 CVE-2014-6585 CVE-2014-6587 CVE-2014-6591 CVE-2014-6593 CVE-2014-6601 CVE-2015-0383 CVE-2015-0395 CVE-2015-0400 CVE-2015-0403 CVE-2015-0406 CVE-2015-0407 CVE-2015-0408 CVE-2015-4010 CVE-2015-0412 CVE-2015-0413 SSRT101968 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.23 and B.11.31 running HP JDK and JRE v7.0.11 and earlier. BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2014-3566 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2014-6585 (AV:N/AC:H/Au:N/C:P/I:N/A:N) 2.6 CVE-2014-6587 (AV:L/AC:L/Au:S/C:P/I:P/A:P) 4.3 CVE-2014-6591 (AV:N/AC:H/Au:N/C:P/I:N/A:N) 2.6 CVE-2014-6593 (AV:N/AC:H/Au:N/C:P/I:P/A:N) 4.0 CVE-2014-6601 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2015-0383 (AV:L/AC:M/Au:N/C:N/I:P/A:C) 5.4 CVE-2015-0395 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2015-0400 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2015-0403 (AV:L/AC:M/Au:N/C:C/I:C/A:C) 6.9 CVE-2015-0406 (AV:N/AC:M/Au:N/C:P/I:N/A:P) 5.8 CVE-2015-0407 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2015-0408 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2015-0410 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0412 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2 CVE-2015-0413 (AV:L/AC:M/Au:N/C:N/I:P/A:N) 1.9 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has provided the following Java version upgrade to resolve these vulnerabilities. The upgrade is available from the following location: http://www.hp.com/java OS Version Release Version HP-UX B.11.23, B.11.31 JDK and JRE v7.0.12 or subsequent MANUAL ACTIONS: Yes - Update For HP-UX 11i v2 and v3 update to Java v7.0.12 or subsequent PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant. AFFECTED VERSIONS HP-UX B.11.23 HP-UX B.11.31 =========== Jdk70.JDK70 Jdk70.JDK70-COM Jdk70.JDK70-IPF32 Jdk70.JDK70-IPF64 Jdk70.JDK70-DEMO Jre70.JRE70 Jre70.JRE70-COM Jre70.JRE70-COM-DOC Jre70.JRE70-IPF32 Jre70.JRE70-IPF32-HS Jre70.JRE70-IPF64 Jre70.JRE70-IPF64-HS action: install revision 1.7.0.12.00 or subsequent END AFFECTED VERSIONS HISTORY Version:1 (rev.1) - 10 March 2015 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. A second vulnerability could be exploited to cause a Denial of Service (Dos). The update is available from HPE Software Depot: https://h20392.www2.hpe.com/ portal/swdepot/displayProductInfo.do?productNumber=HPVPRhttps://www.hpe.com Note: HPE recommends customers using OV4VC 7.8.1 and earlier should upgrade to OV4VC 7.8.2. This addresses all SSL security vulnerabilities reported through March 28, 2016. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-10-16-3 OS X Server v4.0 OS X Server v4.0 is now available and addresses the following: BIND Available for: OS X Yosemite v10.10 or later Impact: Multiple vulnerabilities in BIND, the most serious of which may lead to a denial of service Description: Multiple vulnerabilities existed in BIND. These issues were addressed by updating BIND to version 9.9.2-P2 CVE-ID CVE-2013-3919 CVE-2013-4854 CVE-2014-0591 CoreCollaboration Available for: OS X Yosemite v10.10 or later Impact: A remote attacker may be able to execute arbitrary SQL queries Description: A SQL injection issue existed in Wiki Server. This issue was addressed through additional validation of SQL queries. CVE-ID CVE-2014-4424 : Sajjad Pourali (sajjad@securation.com) of CERT of Ferdowsi University of Mashhad CoreCollaboration Available for: OS X Yosemite v10.10 or later Impact: Visiting a maliciously crafted website may lead to a cross- site scripting attack Description: A cross-site scripting issue existed in Xcode Server. This issue was addressed through improved encoding of HTML output. CVE-ID CVE-2014-4406 : David Hoyt of Hoyt LLC CoreCollaboration Available for: OS X Yosemite v10.10 or later Impact: Multiple vulnerabilities in PostgreSQL, the most serious of which may lead to arbitrary code execution Description: Multiple vulnerabilities existed in PostgreSQL. These issues were addressed by updating PostgreSQL to version 9.2.7. CVE-ID CVE-2014-0060 CVE-2014-0061 CVE-2014-0062 CVE-2014-0063 CVE-2014-0064 CVE-2014-0065 CVE-2014-0066 Mail Service Available for: OS X Yosemite v10.10 or later Impact: Group SACL changes for Mail may not be respected until after a restart of the Mail service Description: SACL settings for Mail were cached and changes to the SACLs were not respected until after a restart of the Mail service. This issue was addressed by resetting the cache upon changes to the SACLs. CVE-ID CVE-2014-4446 : Craig Courtney Profile Manager Available for: OS X Yosemite v10.10 or later Impact: Multiple vulnerabilities in LibYAML, the most serious of which may lead to arbitrary code execution Description: Multiple vulnerabilities existed in LibYAML. These issues were addressed by switching from YAML to JSON as Profile Manager's internal serialization format. CVE-ID CVE-2013-4164 CVE-2013-6393 Profile Manager Available for: OS X Yosemite v10.10 or later Impact: A local user may obtain passwords after setting up or editing profiles in Profile Manager Description: In certain circumstances, setting up or editing profiles in Profile Manager may have logged passwords to a file. This issue was addressed through improved handling of credentials. CVE-ID CVE-2014-4447 : Mayo Jordanov Server Available for: OS X Yosemite v10.10 or later Impact: An attacker may be able to decrypt data protected by SSL Description: There are known attacks on the confidentiality of SSL 3.0 when a cipher suite uses a block cipher in CBC mode. An attacker could force the use of SSL 3.0, even when the server would support a better TLS version, by blocking TLS 1.0 and higher connection attempts. This issue was addressed by disabling SSL 3.0 support in Web Server, Calendar & Contacts Server, and Remote Administration. CVE-ID CVE-2014-3566 : Bodo Moeller, Thai Duong, and Krzysztof Kotowicz of Google Security Team ServerRuby Available for: OS X Yosemite v10.10 or later Impact: Running a Ruby script that handles untrusted YAML tags may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow issue existed in LibYAML's handling of YAML tags. This issue was addressed through additional validation of YAML tags. This issue does not affect systems prior to OS X Mavericks. CVE-ID CVE-2013-6393 OS X Server v4.0 may be obtained from the Mac App Store. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201606-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: claws-mail: Multiple Vulnerabilities Date: June 26, 2016 Bugs: #525588, #569010, #570692 ID: 201606-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in claws-mail, particularly in the default SSL implementation. Background ========== Claws Mail is a GTK based e-mail client. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 mail-client/claws-mail < 3.13.2 >= 3.13.2 Description =========== Multiple vulnerabilities have been discovered in claws-mail. Please review the CVE identifiers referenced below for details. Impact ====== An attacker could possibly intercept communications due to the default implementation of SSL 3.0. Workaround ========== There is no known workaround at this time. Resolution ========== All claws-mail users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=mail-client/claws-mail-3.13.2" References ========== [ 1 ] CVE-2014-3566 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3566 [ 2 ] CVE-2015-8614 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8614 [ 3 ] CVE-2015-8614 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8614 [ 4 ] CVE-2015-8708 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8708 [ 5 ] CVE-2015-8708 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8708 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201606-11 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . HP has released the following updates to resolve this vulnerability for HP Vertica products. Update to the latest VM image available at: https://my.vertica.com For customers using the AMI version of the HP Vertica Analytics platform, please install the latest image available at Amazon

Trust: 2.7

sources: NVD: CVE-2014-3566 // JVNDB: JVNDB-2014-004670 // VULHUB: VHN-71506 // VULMON: CVE-2014-3566 // PACKETSTORM: 133368 // PACKETSTORM: 132965 // PACKETSTORM: 133600 // PACKETSTORM: 129194 // PACKETSTORM: 130759 // PACKETSTORM: 130818 // PACKETSTORM: 136577 // PACKETSTORM: 128731 // PACKETSTORM: 137652 // PACKETSTORM: 132573

AFFECTED PRODUCTS

vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.0n	Trust: 1.6
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1	Trust: 1.6
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.0m	Trust: 1.6
vendor:	novell	model:	suse linux enterprise software development kit	scope:	eq	version:	11.0	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	0.9.8u	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	0.9.8o	Trust: 1.0
vendor:	opensuse	model:	opensuse	scope:	eq	version:	12.3	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	0.9.8w	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.0d	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1f	Trust: 1.0
vendor:	ibm	model:	vios	scope:	eq	version:	2.2.1.9	Trust: 1.0
vendor:	novell	model:	suse linux enterprise server	scope:	eq	version:	11.0	Trust: 1.0
vendor:	netbsd	model:	netbsd	scope:	eq	version:	6.0.5	Trust: 1.0
vendor:	redhat	model:	enterprise linux server supplementary	scope:	eq	version:	7.0	Trust: 1.0
vendor:	novell	model:	suse linux enterprise server	scope:	eq	version:	12.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux server	scope:	eq	version:	7.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux server supplementary	scope:	eq	version:	6.0	Trust: 1.0
vendor:	ibm	model:	aix	scope:	eq	version:	5.3	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	0.9.8x	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	21	Trust: 1.0
vendor:	redhat	model:	enterprise linux desktop supplementary	scope:	eq	version:	5.0	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	0.9.8	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	0.9.8za	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.0b	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	19	Trust: 1.0
vendor:	redhat	model:	enterprise linux server	scope:	eq	version:	6.0	Trust: 1.0
vendor:	opensuse	model:	opensuse	scope:	eq	version:	13.1	Trust: 1.0
vendor:	netbsd	model:	netbsd	scope:	eq	version:	6.0.1	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	0.9.8p	Trust: 1.0
vendor:	netbsd	model:	netbsd	scope:	eq	version:	5.1.2	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	8.0	Trust: 1.0
vendor:	ibm	model:	vios	scope:	eq	version:	2.2.1.0	Trust: 1.0
vendor:	oracle	model:	database	scope:	eq	version:	11.2.0.4	Trust: 1.0
vendor:	ibm	model:	vios	scope:	eq	version:	2.2.1.7	Trust: 1.0
vendor:	redhat	model:	enterprise linux	scope:	eq	version:	5	Trust: 1.0
vendor:	redhat	model:	enterprise linux workstation	scope:	eq	version:	7.0	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	0.9.8d	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1b	Trust: 1.0
vendor:	netbsd	model:	netbsd	scope:	eq	version:	6.0.4	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	0.9.8z	Trust: 1.0
vendor:	netbsd	model:	netbsd	scope:	eq	version:	6.1.5	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lte	version:	10.10.1	Trust: 1.0
vendor:	redhat	model:	enterprise linux workstation	scope:	eq	version:	6.0	Trust: 1.0
vendor:	netbsd	model:	netbsd	scope:	eq	version:	6.1	Trust: 1.0
vendor:	novell	model:	suse linux enterprise desktop	scope:	eq	version:	12.0	Trust: 1.0
vendor:	novell	model:	suse linux enterprise desktop	scope:	eq	version:	10.0	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	0.9.8v	Trust: 1.0
vendor:	netbsd	model:	netbsd	scope:	eq	version:	6.1.3	Trust: 1.0
vendor:	ibm	model:	vios	scope:	eq	version:	2.2.0.12	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1h	Trust: 1.0
vendor:	ibm	model:	vios	scope:	eq	version:	2.2.1.3	Trust: 1.0
vendor:	mageia	model:	mageia	scope:	eq	version:	3.0	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.0j	Trust: 1.0
vendor:	redhat	model:	enterprise linux desktop	scope:	eq	version:	7.0	Trust: 1.0
vendor:	ibm	model:	vios	scope:	eq	version:	2.2.2.5	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	0.9.8zb	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1e	Trust: 1.0
vendor:	ibm	model:	vios	scope:	eq	version:	2.2.1.4	Trust: 1.0
vendor:	netbsd	model:	netbsd	scope:	eq	version:	5.1	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	0.9.8e	Trust: 1.0
vendor:	ibm	model:	vios	scope:	eq	version:	2.2.0.11	Trust: 1.0
vendor:	netbsd	model:	netbsd	scope:	eq	version:	6.0.3	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	0.9.8q	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.0f	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1i	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	0.9.8f	Trust: 1.0
vendor:	ibm	model:	vios	scope:	eq	version:	2.2.0.10	Trust: 1.0
vendor:	netbsd	model:	netbsd	scope:	eq	version:	6.0	Trust: 1.0
vendor:	novell	model:	suse linux enterprise software development kit	scope:	eq	version:	12.0	Trust: 1.0
vendor:	ibm	model:	vios	scope:	eq	version:	2.2.1.5	Trust: 1.0
vendor:	ibm	model:	vios	scope:	eq	version:	2.2.2.3	Trust: 1.0
vendor:	redhat	model:	enterprise linux workstation supplementary	scope:	eq	version:	7.0	Trust: 1.0
vendor:	novell	model:	suse linux enterprise desktop	scope:	eq	version:	9.0	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	0.9.8g	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	0.9.8l	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.0e	Trust: 1.0
vendor:	ibm	model:	vios	scope:	eq	version:	2.2.3.0	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	0.9.8k	Trust: 1.0
vendor:	netbsd	model:	netbsd	scope:	eq	version:	5.1.4	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	7.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux workstation supplementary	scope:	eq	version:	6.0	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	0.9.8i	Trust: 1.0
vendor:	ibm	model:	vios	scope:	eq	version:	2.2.2.2	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.0k	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	0.9.8a	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1d	Trust: 1.0
vendor:	ibm	model:	vios	scope:	eq	version:	2.2.3.2	Trust: 1.0
vendor:	netbsd	model:	netbsd	scope:	eq	version:	6.0.6	Trust: 1.0
vendor:	redhat	model:	enterprise linux desktop supplementary	scope:	eq	version:	6.0	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1c	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	0.9.8r	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	0.9.8t	Trust: 1.0
vendor:	ibm	model:	vios	scope:	eq	version:	2.2.2.4	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.0g	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	0.9.8m	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1g	Trust: 1.0
vendor:	ibm	model:	vios	scope:	eq	version:	2.2.0.13	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	0.9.8n	Trust: 1.0
vendor:	redhat	model:	enterprise linux server supplementary	scope:	eq	version:	5.0	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	0.9.8j	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.0	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.0h	Trust: 1.0
vendor:	netbsd	model:	netbsd	scope:	eq	version:	6.1.4	Trust: 1.0
vendor:	ibm	model:	vios	scope:	eq	version:	2.2.3.4	Trust: 1.0
vendor:	netbsd	model:	netbsd	scope:	eq	version:	5.1.3	Trust: 1.0
vendor:	novell	model:	suse linux enterprise desktop	scope:	eq	version:	11.0	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	0.9.8c	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.0a	Trust: 1.0
vendor:	ibm	model:	vios	scope:	eq	version:	2.2.3.3	Trust: 1.0
vendor:	netbsd	model:	netbsd	scope:	eq	version:	5.2.1	Trust: 1.0
vendor:	mageia	model:	mageia	scope:	eq	version:	4.0	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	0.9.8b	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	0.9.8s	Trust: 1.0
vendor:	ibm	model:	vios	scope:	eq	version:	2.2.2.0	Trust: 1.0
vendor:	oracle	model:	database	scope:	eq	version:	12.1.0.2	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.0l	Trust: 1.0
vendor:	netbsd	model:	netbsd	scope:	eq	version:	5.2	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	0.9.8h	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	0.9.8y	Trust: 1.0
vendor:	ibm	model:	vios	scope:	eq	version:	2.2.1.1	Trust: 1.0
vendor:	ibm	model:	vios	scope:	eq	version:	2.2.1.6	Trust: 1.0
vendor:	ibm	model:	vios	scope:	eq	version:	2.2.3.1	Trust: 1.0
vendor:	ibm	model:	vios	scope:	eq	version:	2.2.1.8	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.0c	Trust: 1.0
vendor:	netbsd	model:	netbsd	scope:	eq	version:	6.1.2	Trust: 1.0
vendor:	ibm	model:	aix	scope:	eq	version:	6.1	Trust: 1.0
vendor:	redhat	model:	enterprise linux desktop	scope:	eq	version:	6.0	Trust: 1.0
vendor:	netbsd	model:	netbsd	scope:	eq	version:	5.2.2	Trust: 1.0
vendor:	netbsd	model:	netbsd	scope:	eq	version:	6.1.1	Trust: 1.0
vendor:	ibm	model:	aix	scope:	eq	version:	7.1	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.0i	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	20	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1a	Trust: 1.0
vendor:	ibm	model:	vios	scope:	eq	version:	2.2.2.1	Trust: 1.0
vendor:	netbsd	model:	netbsd	scope:	eq	version:	5.1.1	Trust: 1.0
vendor:	netbsd	model:	netbsd	scope:	eq	version:	6.0.2	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	lte	version:	1.0.1i	Trust: 0.8
vendor:	oracle	model:	jdk	scope:	lte	version:	5.0 update 75	Trust: 0.8
vendor:	oracle	model:	jdk	scope:	lte	version:	6 update 85	Trust: 0.8
vendor:	oracle	model:	jdk	scope:	lte	version:	7 update 72	Trust: 0.8
vendor:	oracle	model:	jdk	scope:	lte	version:	8 update 25	Trust: 0.8
vendor:	oracle	model:	jre	scope:	lte	version:	5.0 update 75	Trust: 0.8
vendor:	oracle	model:	jre	scope:	lte	version:	6 update 85	Trust: 0.8
vendor:	oracle	model:	jre	scope:	lte	version:	7 update 72	Trust: 0.8
vendor:	oracle	model:	jre	scope:	lte	version:	8 update 25	Trust: 0.8
vendor:	oracle	model:	enterprise manager	scope:	eq	version:	grid control of enterprise manager ops center 11.1.3	Trust: 0.8
vendor:	oracle	model:	enterprise manager	scope:	eq	version:	grid control of enterprise manager ops center 12.1.4	Trust: 0.8
vendor:	oracle	model:	java se	scope:	lte	version:	embedded 7 update 71	Trust: 0.8
vendor:	oracle	model:	java se	scope:	lte	version:	embedded 8 update 6	Trust: 0.8
vendor:	oracle	model:	jrockit	scope:	lte	version:	r27.8.4	Trust: 0.8
vendor:	oracle	model:	jrockit	scope:	lte	version:	r28.3.4	Trust: 0.8
vendor:	oracle	model:	solaris	scope:	eq	version:	11.2	Trust: 0.8
vendor:	oracle	model:	solaris cluster	scope:	eq	version:	4.2	Trust: 0.8
vendor:	oracle	model:	virtualization	scope:	eq	version:	of oracle secure global desktop 4.63	Trust: 0.8
vendor:	oracle	model:	virtualization	scope:	eq	version:	of oracle secure global desktop 4.71	Trust: 0.8
vendor:	oracle	model:	virtualization	scope:	eq	version:	of oracle secure global desktop 5.0	Trust: 0.8
vendor:	oracle	model:	virtualization	scope:	eq	version:	of oracle secure global desktop 5.1	Trust: 0.8
vendor:	oracle	model:	sparc enterprise m3000 server	scope:	-	version:	-	Trust: 0.8
vendor:	oracle	model:	sparc enterprise m4000 server	scope:	-	version:	-	Trust: 0.8
vendor:	oracle	model:	sparc enterprise m5000 server	scope:	-	version:	-	Trust: 0.8
vendor:	oracle	model:	sparc enterprise m8000 server	scope:	-	version:	-	Trust: 0.8
vendor:	oracle	model:	sparc enterprise m9000 server	scope:	-	version:	-	Trust: 0.8
vendor:	oracle	model:	xcp	scope:	lt	version:	1119 (sparc enterprise server )	Trust: 0.8
vendor:	oracle	model:	xcp	scope:	lt	version:	2240 (fujitsu m10-1	Trust: 0.8
vendor:	oracle	model:	xcp	scope:	eq	version:	m10-4	Trust: 0.8
vendor:	oracle	model:	xcp	scope:	eq	version:	m10-4s server )	Trust: 0.8
vendor:	sun microsystems	model:	jdk	scope:	lte	version:	5.0 update 33	Trust: 0.8
vendor:	sun microsystems	model:	jdk	scope:	lte	version:	6 update 21	Trust: 0.8
vendor:	sun microsystems	model:	jre	scope:	lte	version:	5.0 update 33	Trust: 0.8
vendor:	sun microsystems	model:	jre	scope:	lte	version:	6 update 21	Trust: 0.8

sources: CNNVD: CNNVD-201410-267 // JVNDB: JVNDB-2014-004670 // NVD: CVE-2014-3566

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-3566
value:	LOW
Trust: 1.0
NVD:	CVE-2014-3566
value:	LOW
Trust: 0.8
CNNVD:	CNNVD-201410-267
value:	LOW
Trust: 0.6
VULHUB:	VHN-71506
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2014-3566
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-3566
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-71506
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2014-3566
baseSeverity:	LOW
baseScore:	3.4
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.6
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2014-3566
baseSeverity:	LOW
baseScore:	3.1
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-71506 // VULMON: CVE-2014-3566 // CNNVD: CNNVD-201410-267 // JVNDB: JVNDB-2014-004670 // NVD: CVE-2014-3566

PROBLEMTYPE DATA

problemtype:

CWE-310

Trust: 1.9

sources: VULHUB: VHN-71506 // JVNDB: JVNDB-2014-004670 // NVD: CVE-2014-3566

THREAT TYPE

remote

Trust: 0.8

sources: PACKETSTORM: 130759 // PACKETSTORM: 136577 // CNNVD: CNNVD-201410-267

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201410-267

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-004670

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-71506

PATCH

title:	APPLE-SA-2015-09-16-2 Xcode 7.0	url:	http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html	Trust: 0.8
title:	APPLE-SA-2015-04-24-1 OS X Server v4.1	url:	http://lists.apple.com/archives/security-announce/2015/Apr/msg00006.html	Trust: 0.8
title:	APPLE-SA-2015-01-27-4 OS X 10.10.2 and Security Update 2015-001	url:	http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html	Trust: 0.8
title:	HT6529	url:	http://support.apple.com/kb/HT6529	Trust: 0.8
title:	HT204244	url:	http://support.apple.com/en-us/HT204244	Trust: 0.8
title:	HT6527	url:	http://support.apple.com/kb/HT6527	Trust: 0.8
title:	HT6542	url:	http://support.apple.com/kb/HT6542	Trust: 0.8
title:	HT204201	url:	http://support.apple.com/en-us/HT204201	Trust: 0.8
title:	HT6531	url:	http://support.apple.com/en-us/HT6531	Trust: 0.8
title:	HT6541	url:	http://support.apple.com/kb/HT6541	Trust: 0.8
title:	HT6536	url:	http://support.apple.com/kb/HT6536	Trust: 0.8
title:	HT205217	url:	https://support.apple.com/en-us/HT205217	Trust: 0.8
title:	HT6535	url:	http://support.apple.com/kb/HT6535	Trust: 0.8
title:	HT6536	url:	http://support.apple.com/kb/HT6536?viewlocale=ja_JP	Trust: 0.8
title:	HT6527	url:	http://support.apple.com/kb/HT6527?viewlocale=ja_JP	Trust: 0.8
title:	HT6529	url:	http://support.apple.com/ja-jp/HT6529	Trust: 0.8
title:	HT6541	url:	http://support.apple.com/kb/HT6541?viewlocale=ja_JP	Trust: 0.8
title:	HT204244	url:	http://support.apple.com/ja-jp/HT204244	Trust: 0.8
title:	HT6542	url:	http://support.apple.com/kb/HT6542?viewlocale=ja_JP	Trust: 0.8
title:	HT204201	url:	http://support.apple.com/ja-jp/HT204201	Trust: 0.8
title:	HT6531	url:	http://support.apple.com/ja-jp/HT6531	Trust: 0.8
title:	HT205217	url:	http://support.apple.com/ja-jp/HT205217	Trust: 0.8
title:	HT6535	url:	http://support.apple.com/kb/HT6535?viewlocale=ja_JP	Trust: 0.8
title:	How do I patch/workaround SSLv3 POODLE vulnerability (CVE-2014-3566)?	url:	http://askubuntu.com/questions/537196/how-do-i-patch-workaround-sslv3-poodle-vulnerability-cve-2014-3566	Trust: 0.8
title:	cisco-sa-20141015-poodle	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle	Trust: 0.8
title:	CTX200238	url:	http://support.citrix.com/article/CTX200238	Trust: 0.8
title:	CVE-2014-3566: Removing SSLv3 from BIG-IP	url:	https://devcentral.f5.com/articles/cve-2014-3566-removing-sslv3-from-big-ip	Trust: 0.8
title:	GNUTLS-SA-2014-4	url:	http://www.gnutls.org/security.html#GNUTLS-SA-2014-4	Trust: 0.8
title:	Docker Security Advisory [30 Oct 2014]	url:	https://groups.google.com/forum/#%21topic/docker-user/oYm0i3xShJU	Trust: 0.8
title:	This POODLE bites: exploiting the SSL 3.0 fallback	url:	http://googleonlinesecurity.blogspot.jp/2014/10/this-poodle-bites-exploiting-ssl-30.html	Trust: 0.8
title:	HS15-014	url:	http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS15-014/index.html	Trust: 0.8
title:	HS15-003	url:	http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS15-003/index.html	Trust: 0.8
title:	HPSBMU03214 SSRT101817	url:	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04510286	Trust: 0.8
title:	HPSBUX03273 SSRT101951	url:	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04580241	Trust: 0.8
title:	HPSBGN03222 SSRT101860	url:	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04518999	Trust: 0.8
title:	HPSBOV03227 SSRT101779	url:	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04533567	Trust: 0.8
title:	HPSBUX03162 SSRT101767	url:	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04492722	Trust: 0.8
title:	HPSBGN03233	url:	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04540692 (IDはHPSBGN03233のみ）	Trust: 0.8
title:	HPSBMU03152 SSRT101778	url:	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04486577	Trust: 0.8
title:	HPSBGN03237 SSRT101854	url:	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04553458	Trust: 0.8
title:	HPSBHF03156 SSRT101777	url:	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04487990	Trust: 0.8
title:	HPSBGN03251 SSRT101899	url:	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04562179	Trust: 0.8
title:	HPSBGN03252 SSRT101896	url:	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04565853	Trust: 0.8
title:	HPSBGN03209 SSRT101837	url:	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04509419	Trust: 0.8
title:	HPSBGN03253 SSRT101897	url:	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04565855	Trust: 0.8
title:	HPSBGN03202 SSRT101842	url:	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04507568	Trust: 0.8
title:	HPSBGN03203 SSRT101841	url:	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04507636	Trust: 0.8
title:	HPSBGN03205 SSRT101854	url:	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04510081	Trust: 0.8
title:	HPSBGN03254 SSRT101898	url:	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04565856	Trust: 0.8
title:	HPSBGN03201 SSRT101832	url:	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04507535	Trust: 0.8
title:	HPSBGN03208 SSRT101838	url:	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04516572	Trust: 0.8
title:	HPSBMU03221 SSRT101849	url:	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04518605	Trust: 0.8
title:	AIX OpenSSL Patch to mitigate CVE-2014-3566	url:	http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc	Trust: 0.8
title:	1688283	url:	http://www-01.ibm.com/support/docview.wss?uid=swg21688283	Trust: 0.8
title:	1687173	url:	http://www-01.ibm.com/support/docview.wss?uid=swg21687173	Trust: 0.8
title:	1688165	url:	https://www-01.ibm.com/support/docview.wss?uid=swg21688165	Trust: 0.8
title:	1687845	url:	http://www-01.ibm.com/support/docview.wss?uid=swg21687845	Trust: 0.8
title:	T1021431	url:	http://www-01.ibm.com/support/docview.wss?uid=isg3T1021431	Trust: 0.8
title:	T1021439	url:	http://www-01.ibm.com/support/docview.wss?uid=isg3T1021439	Trust: 0.8
title:	1686997	url:	http://www-01.ibm.com/support/docview.wss?uid=swg21686997	Trust: 0.8
title:	1690640	url:	http://www-01.ibm.com/support/docview.wss?uid=swg21690640	Trust: 0.8
title:	1687172	url:	http://www-01.ibm.com/support/docview.wss?uid=swg21687172	Trust: 0.8
title:	1687611	url:	www-01.ibm.com/support/docview.wss?uid=swg21687611	Trust: 0.8
title:	1687238	url:	http://www-01.ibm.com/support/docview.wss?uid=swg21687238	Trust: 0.8
title:	1687416	url:	http://www-01.ibm.com/support/docview.wss?uid=swg21687416	Trust: 0.8
title:	1689055	url:	http://www-01.ibm.com/support/docview.wss?uid=swg21689055	Trust: 0.8
title:	1688683	url:	http://www-01.ibm.com/support/docview.wss?uid=swg21688683	Trust: 0.8
title:	MOVEit DMZ Release Notes Version 8.2	url:	http://docs.ipswitch.com/MOVEit/DMZ82/ReleaseNotes/MOVEitReleaseNotes82.pdf	Trust: 0.8
title:	Node v0.10.33 (Stable)	url:	http://blog.nodejs.org/2014/10/23/node-v0-10-33-stable/	Trust: 0.8
title:	アライドテレシス株式会社からの情報	url:	http://jvn.jp/vu/JVNVU98283300/522154/index.html	Trust: 0.8
title:	Bug 1076983	url:	https://bugzilla.mozilla.org/show_bug.cgi?id=1076983	Trust: 0.8
title:	SSL 3.0 の POODLE 脆弱性への対応について	url:	http://www.mozilla.jp/blog/entry/10433/	Trust: 0.8
title:	The POODLE Attack and the End of SSL 3.0	url:	https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/	Trust: 0.8
title:	Security/Server Side TLS	url:	https://wiki.mozilla.org/Security/Server_Side_TLS	Trust: 0.8
title:	NV15-005	url:	http://jpn.nec.com/security-info/secinfo/nv15-005.html	Trust: 0.8
title:	AV14-004	url:	http://jpn.nec.com/security-info/av14-004.html	Trust: 0.8
title:	This POODLE bites: exploiting the SSL 3.0 fallback	url:	https://www.openssl.org/~bodo/ssl-poodle.pdf	Trust: 0.8
title:	[15 Oct 2014]	url:	https://www.openssl.org/news/secadv_20141015.txt	Trust: 0.8
title:	The POODLE weakness in the SSL protocol (CVE-2014-3566)	url:	https://www.suse.com/support/kb/doc.php?id=7015773	Trust: 0.8
title:	"Poodle" Vulnerability - CVE-2014-3566	url:	http://www.oracle.com/technetwork/topics/security/poodlecve-2014-3566-2339408.html	Trust: 0.8
title:	Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices	url:	http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html	Trust: 0.8
title:	Oracle Critical Patch Update Advisory - April 2015	url:	http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html	Trust: 0.8
title:	Text Form of Oracle Critical Patch Update - April 2015 Risk Matrices	url:	http://www.oracle.com/technetwork/topics/security/cpuapr2015verbose-2365613.html	Trust: 0.8
title:	Oracle Critical Patch Update Advisory - April 2016	url:	http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html	Trust: 0.8
title:	Oracle Critical Patch Update CVSS V2 Risk Matrices - April 2016	url:	http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html	Trust: 0.8
title:	Text Form of Oracle Critical Patch Update - April 2016 Risk Matrices	url:	http://www.oracle.com/technetwork/topics/security/cpuapr2016verbose-2881709.html	Trust: 0.8
title:	Oracle Critical Patch Update Advisory - January 2015	url:	http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html	Trust: 0.8
title:	Oracle Critical Patch Update Advisory - July 2016	url:	http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html	Trust: 0.8
title:	Text Form of Oracle Critical Patch Update - January 2015 Risk Matrices	url:	http://www.oracle.com/technetwork/topics/security/cpujan2015verbose-1972976.html	Trust: 0.8
title:	Oracle Third Party Bulletin - January 2015	url:	http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html	Trust: 0.8
title:	Oracle Solaris Third Party Bulletin - April 2015	url:	http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html	Trust: 0.8
title:	Oracle Solaris Third Party Bulletin - July 2015	url:	http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html	Trust: 0.8
title:	Oracle Solaris Third Party Bulletin - October 2015	url:	http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html	Trust: 0.8
title:	Bug 1152789	url:	https://bugzilla.redhat.com/show_bug.cgi?id=1152789	Trust: 0.8
title:	POODLE: SSLv3 vulnerability (CVE-2014-3566)	url:	https://access.redhat.com/articles/1232123	Trust: 0.8
title:	RHSA-2015:0080	url:	https://rhn.redhat.com/errata/RHSA-2015-0080.html	Trust: 0.8
title:	RHSA-2014:1920	url:	http://rhn.redhat.com/errata/RHSA-2014-1920.html	Trust: 0.8
title:	Red Hat CVE Database (CVE-2014-3566)	url:	https://access.redhat.com/security/cve/cve-2014-3566	Trust: 0.8
title:	RHSA-2015:0068	url:	http://rhn.redhat.com/errata/RHSA-2015:0068.html	Trust: 0.8
title:	RHSA-2015:0079	url:	http://rhn.redhat.com/errata/RHSA-2015:0079.html	Trust: 0.8
title:	RHSA-2015:0085	url:	http://rhn.redhat.com/errata/RHSA-2015:0085.html	Trust: 0.8
title:	RHSA-2014:1876	url:	http://rhn.redhat.com/errata/RHSA-2014-1876.html	Trust: 0.8
title:	RHSA-2014:1652	url:	https://rhn.redhat.com/errata/RHSA-2014-1652.html	Trust: 0.8
title:	RHSA-2015:0086	url:	http://rhn.redhat.com/errata/RHSA-2015:0086.html	Trust: 0.8
title:	RHSA-2014:1877	url:	http://rhn.redhat.com/errata/RHSA-2014-1877.html	Trust: 0.8
title:	RHSA-2014:1653	url:	https://rhn.redhat.com/errata/RHSA-2014-1653.html	Trust: 0.8
title:	RHSA-2014:1948	url:	https://rhn.redhat.com/errata/RHSA-2014-1948.html	Trust: 0.8
title:	RHSA-2015:0698	url:	http://rhn.redhat.com/errata/RHSA-2015:0698.html	Trust: 0.8
title:	RHSA-2014:1880	url:	http://rhn.redhat.com/errata/RHSA-2014-1880.html	Trust: 0.8
title:	RHSA-2014:1692	url:	https://rhn.redhat.com/errata/RHSA-2014-1692.html	Trust: 0.8
title:	RHSA-2014:1881	url:	http://rhn.redhat.com/errata/RHSA-2014-1881.html	Trust: 0.8
title:	RHSA-2015:0264	url:	http://rhn.redhat.com/errata/RHSA-2015-0264.html	Trust: 0.8
title:	RHSA-2014:1882	url:	http://rhn.redhat.com/errata/RHSA-2014-1882.html	Trust: 0.8
title:	「SSLv3プロトコルに暗号化データを解読される脆弱性」および「メモリリークによるサービス運用妨害 (DoS) の脆弱性」について	url:	http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN98283300.html	Trust: 0.8
title:	SA83	url:	https://bto.bluecoat.com/security-advisory/sa83	Trust: 0.8
title:	January 2015 Critical Patch Update Released	url:	https://blogs.oracle.com/security/entry/january_2015_critical_patch_update	Trust: 0.8
title:	July 2016 Critical Patch Update Released	url:	https://blogs.oracle.com/security/entry/july_2016_critical_patch_update	Trust: 0.8
title:	Security changes in Opera 25; the poodle attacks	url:	http://blogs.opera.com/security/2014/10/security-changes-opera-25-poodle-attacks/	Trust: 0.8
title:	April 2015 Critical Patch Update Released	url:	https://blogs.oracle.com/security/entry/april_2015_critical_patch_update	Trust: 0.8
title:	April 2016 Critical Patch Update Released	url:	https://blogs.oracle.com/security/entry/april_2016_critical_patch_update	Trust: 0.8
title:	Multiple vulnerabilities in OpenSSL	url:	https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6	Trust: 0.8
title:	Statement on SSL POODLE Security Vulnerability	url:	http://www.huawei.com/en/security/psirt/security-bulletins/security-notices/hw-374833.htm	Trust: 0.8
title:	3009008 (Vulnerability in SSL 3.0 Could Allow Information Disclosure)	url:	https://technet.microsoft.com/library/security/3009008.aspx	Trust: 0.8
title:	Vulnerabilities resolved in TRITON APX Version 8.0	url:	http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0	Trust: 0.8
title:	Splunk Enterprise versions 6.0.7 and 5.0.11 address three vulnerabilities	url:	http://www.splunk.com/view/SP-CAAANST	Trust: 0.8
title:	Security Advisory 3009008 released	url:	http://blogs.technet.com/b/msrc/archive/2014/10/14/security-advisory-3009008-released.aspx	Trust: 0.8
title:	CVE-2014-3566	url:	http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3566.html	Trust: 0.8
title:	SSL 3.0の脆弱性(CVE-2014-3566)による影響について	url:	http://www.hitachi.co.jp/products/it/server/security/info/vulnerable/ssl_cve-2014-3566.html	Trust: 0.8
title:	SSLv3 プロトコルに暗号化データを解読される脆弱性(POODLE 攻撃)	url:	http://www.seil.jp/support/security/a01490.html	Trust: 0.8
title:	cisco-sa-20141015-poodle	url:	http://www.cisco.com/cisco/web/support/JP/112/1126/1126348_cisco-sa-20141015-poodle-j.html	Trust: 0.8
title:	マイクロソフトセキュリティアドバイザリ 3009008 — SSL 3.0 の脆弱性により、情報漏えいが起こる	url:	https://technet.microsoft.com/ja-jp/library/security/3009008	Trust: 0.8
title:	HS15-003	url:	http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS15-003/index.html	Trust: 0.8
title:	HS15-014	url:	http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS15-014/index.html	Trust: 0.8
title:	SSLv3プロトコルに暗号化データを解読される脆弱性(POODLE攻撃)	url:	http://buffalo.jp/support_s/s20141023.html	Trust: 0.8
title:	TLSA-2014-11	url:	http://www.turbolinux.co.jp/security/2014/TLSA-2014-11j.html	Trust: 0.8
title:	TLSA-2015-5	url:	http://www.turbolinux.co.jp/security/2015/TLSA-2015-5j.html	Trust: 0.8
title:	「SSLv3 プロトコルに暗号化データを解読される脆弱性（POODLE攻撃）」への富士通製品の対応について	url:	http://software.fujitsu.com/jp/security/vulnerabilities/cve2014-3566.html	Trust: 0.8
title:	Oracle Corporation Javaプラグインの脆弱性に関するお知らせ	url:	http://www.fmworld.net/biz/common/oracle/20150122.html	Trust: 0.8
title:	InterstageやSystemwalker関連製品：TLS1.0実装におけるセキュリティ脆弱性の問題	url:	http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_systemwalker_tls_201501.html	Trust: 0.8
title:	SSL3.0 Fixing measures for the encryption protocol information disclosure vulnerability	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=97711	Trust: 0.6
title:	Debian Security Advisories: DSA-3489-1 lighttpd -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=dcb828f6dad683ea0da76b6c62cde0ea	Trust: 0.1
title:	HP: SUPPORT COMMUNICATION- SECURITY BULLETIN HPSBPI03360 rev.5 - HP LaserJet Printers and MFPs, HP OfficeJet Printers and MFPs, and HP JetDirect Networking cards using OpenSSL, Remote Disclosure of Information	url:	https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=4545b8bd124b33fa1434a34c59003fd5	Trust: 0.1
title:	HP: HPSBPI03360 rev.5 - HP LaserJet Printers and MFPs, HP OfficeJet Printers and MFPs, and HP JetDirect Networking cards using OpenSSL, Remote Disclosure of Information	url:	https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=HPSBPI03360	Trust: 0.1
title:	Debian CVElist Bug Report Logs: Not possible to disable SSLv3	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=cd46735759deed658e1e15bd89794f91	Trust: 0.1
title:	Amazon Linux AMI: ALAS-2014-426	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2014-426	Trust: 0.1
title:	Red Hat: CVE-2014-3566	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2014-3566	Trust: 0.1
title:	Amazon Linux AMI: ALAS-2014-429	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2014-429	Trust: 0.1
title:	HP: SUPPORT COMMUNICATION- SECURITY BULLETIN HPSBPI03360 rev.5 - HP LaserJet Printers and MFPs, HP OfficeJet Printers and MFPs, and HP JetDirect Networking cards using OpenSSL, Remote Disclosure of Information	url:	https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=9e10ca91834a4f14416f4e75e776c6b6	Trust: 0.1
title:	Red Hat: Important: java-1.6.0-openjdk security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20150085 - Security Advisory	Trust: 0.1
title:	Red Hat: Critical: java-1.7.0-openjdk security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20150067 - Security Advisory	Trust: 0.1
title:	Debian Security Advisories: DSA-3253-1 pound -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=ad76a2fc91623114f1aaa478b7ecbe12	Trust: 0.1
title:	Red Hat: Important: java-1.7.0-openjdk security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20150068 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: java-1.8.0-openjdk security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20150069 - Security Advisory	Trust: 0.1
title:	Red Hat: Critical: java-1.7.0-oracle security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20150079 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: java-1.6.0-sun security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20150086 - Security Advisory	Trust: 0.1
title:	Debian Security Advisories: DSA-3053-1 openssl -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=89bdef3607a7448566a930eca0e94cb3	Trust: 0.1
title:	Symantec Security Advisories: SA83 : SSL v3 Poodle Attack	url:	https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories&qid=3703d1b5dc42da47d311d20afe00de22	Trust: 0.1
title:	Red Hat: Critical: java-1.8.0-oracle security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20150080 - Security Advisory	Trust: 0.1
title:	Cisco: SSL-TLS Implementations Cipher Block Chaining Padding Information Disclosure Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=Cisco-SA-20141211-CVE-2014-8730	Trust: 0.1
title:	Debian CVElist Bug Report Logs: asterisk: CVE-2014-9374	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=5ec9c01ff2551bc64f61573dcb290621	Trust: 0.1
title:	Citrix Security Bulletins: CVE-2014-3566 - Citrix Security Advisory for SSLv3 Protocol Flaw	url:	https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins&qid=510bf83b7458a7704870eecdfadf5704	Trust: 0.1
title:	Debian CVElist Bug Report Logs: CVE-2014-8418 CVE-2014-8412 CVE-2014-8414 CVE-2014-8417	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=ea75db152315222e9fc0490c8b65fb98	Trust: 0.1
title:	Tenable Security Advisories: [R6] SSLv3 Protocol Vulnerability Affects Tenable Products (POODLE)	url:	https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2014-09	Trust: 0.1
title:	Ubuntu Security Notice: openjdk-7 vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-2487-1	Trust: 0.1
title:	Debian Security Advisories: DSA-3144-1 openjdk-7 -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=d750da8121d006282839ec576885794b	Trust: 0.1
title:	Red Hat: Low: Red Hat Satellite IBM Java Runtime security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20150264 - Security Advisory	Trust: 0.1
title:	Debian Security Advisories: DSA-3147-1 openjdk-6 -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=f0587b999035ec3e03b0795bc92b0a31	Trust: 0.1
title:	Ubuntu Security Notice: openjdk-6 vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-2486-1	Trust: 0.1
title:	Amazon Linux AMI: ALAS-2015-480	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2015-480	Trust: 0.1
title:	Amazon Linux AMI: ALAS-2015-471	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2015-471	Trust: 0.1
title:	Huawei Security Advisories: Huawei PSIRT: Technical Analysis Report Regarding Finite State Supply Chain Assessment	url:	https://vulmon.com/vendoradvisory?qidtp=huawei_security_advisories&qid=73885f997edba4cefdd6ba9030e87bdc	Trust: 0.1
title:	mangy-beast	url:	https://github.com/ashmastaflash/mangy-beast	Trust: 0.1
title:	BASH_froggPoodler	url:	https://github.com/FroggDev/BASH_froggPoodler	Trust: 0.1
title:	lacework-kaholo-autoremediation	url:	https://github.com/automatecloud/lacework-kaholo-autoremediation	Trust: 0.1
title:	bouncer	url:	https://github.com/ggrandes/bouncer	Trust: 0.1
title:	voipnowpatches	url:	https://github.com/4psa/voipnowpatches	Trust: 0.1
title:	ric13351	url:	https://github.com/bjayesh/ric13351	Trust: 0.1
title:	squeeze-lighttpd-poodle	url:	https://github.com/matjohns/squeeze-lighttpd-poodle	Trust: 0.1
title:	poodle_check	url:	https://github.com/rameezts/poodle_check	Trust: 0.1
title:	poodle_protector	url:	https://github.com/stdevel/poodle_protector	Trust: 0.1
title:	bouncer	url:	https://github.com/TechPorter20/bouncer	Trust: 0.1
title:	aws_poodle_fix	url:	https://github.com/rvaralda/aws_poodle_fix	Trust: 0.1
title:	dnsmanagerpatches	url:	https://github.com/4psa/dnsmanagerpatches	Trust: 0.1
title:	-	url:	https://github.com/Wanderwille/13.01	Trust: 0.1

sources: VULMON: CVE-2014-3566 // CNNVD: CNNVD-201410-267 // JVNDB: JVNDB-2014-004670

EXTERNAL IDS

db:	NVD	id:	CVE-2014-3566	Trust: 3.6
db:	ICS CERT	id:	ICSMA-18-058-02	Trust: 2.5
db:	USCERT	id:	TA14-290A	Trust: 2.5
db:	CERT/CC	id:	VU#577193	Trust: 2.5
db:	SECUNIA	id:	61130	Trust: 1.7
db:	SECUNIA	id:	61995	Trust: 1.7
db:	SECUNIA	id:	60792	Trust: 1.7
db:	SECUNIA	id:	61019	Trust: 1.7
db:	SECUNIA	id:	61316	Trust: 1.7
db:	SECUNIA	id:	61827	Trust: 1.7
db:	SECUNIA	id:	61782	Trust: 1.7
db:	SECUNIA	id:	60056	Trust: 1.7
db:	SECUNIA	id:	61810	Trust: 1.7
db:	SECUNIA	id:	61819	Trust: 1.7
db:	SECUNIA	id:	61825	Trust: 1.7
db:	SECUNIA	id:	60206	Trust: 1.7
db:	SECUNIA	id:	61303	Trust: 1.7
db:	SECUNIA	id:	61359	Trust: 1.7
db:	SECUNIA	id:	61345	Trust: 1.7
db:	SECUNIA	id:	59627	Trust: 1.7
db:	SECUNIA	id:	60859	Trust: 1.7
db:	SECUNIA	id:	61926	Trust: 1.7
db:	SECTRACK	id:	1031120	Trust: 1.7
db:	SECTRACK	id:	1031106	Trust: 1.7
db:	SECTRACK	id:	1031124	Trust: 1.7
db:	SECTRACK	id:	1031091	Trust: 1.7
db:	SECTRACK	id:	1031095	Trust: 1.7
db:	SECTRACK	id:	1031088	Trust: 1.7
db:	SECTRACK	id:	1031093	Trust: 1.7
db:	SECTRACK	id:	1031105	Trust: 1.7
db:	SECTRACK	id:	1031094	Trust: 1.7
db:	SECTRACK	id:	1031087	Trust: 1.7
db:	SECTRACK	id:	1031090	Trust: 1.7
db:	SECTRACK	id:	1031107	Trust: 1.7
db:	SECTRACK	id:	1031132	Trust: 1.7
db:	SECTRACK	id:	1031085	Trust: 1.7
db:	SECTRACK	id:	1031039	Trust: 1.7
db:	SECTRACK	id:	1031096	Trust: 1.7
db:	SECTRACK	id:	1031131	Trust: 1.7
db:	SECTRACK	id:	1031029	Trust: 1.7
db:	SECTRACK	id:	1031123	Trust: 1.7
db:	SECTRACK	id:	1031086	Trust: 1.7
db:	SECTRACK	id:	1031130	Trust: 1.7
db:	SECTRACK	id:	1031092	Trust: 1.7
db:	SECTRACK	id:	1031089	Trust: 1.7
db:	MCAFEE	id:	SB10091	Trust: 1.7
db:	MCAFEE	id:	SB10104	Trust: 1.7
db:	MCAFEE	id:	SB10090	Trust: 1.7
db:	JUNIPER	id:	JSA10705	Trust: 1.7
db:	BID	id:	70574	Trust: 1.7
db:	JVN	id:	JVNVU98283300	Trust: 0.8
db:	JVN	id:	JVNVU99970459	Trust: 0.8
db:	JVN	id:	JVNVU96447236	Trust: 0.8
db:	JVN	id:	JVNVU97537282	Trust: 0.8
db:	JVNDB	id:	JVNDB-2014-004670	Trust: 0.8
db:	CNNVD	id:	CNNVD-201410-267	Trust: 0.7
db:	AUSCERT	id:	ESB-2022.0696	Trust: 0.6
db:	LENOVO	id:	LEN-24443	Trust: 0.6
db:	PACKETSTORM	id:	132573	Trust: 0.2
db:	PACKETSTORM	id:	130759	Trust: 0.2
db:	PACKETSTORM	id:	136577	Trust: 0.2
db:	PACKETSTORM	id:	137652	Trust: 0.2
db:	PACKETSTORM	id:	133368	Trust: 0.2
db:	PACKETSTORM	id:	132965	Trust: 0.2
db:	PACKETSTORM	id:	130818	Trust: 0.2
db:	PACKETSTORM	id:	133600	Trust: 0.2
db:	PACKETSTORM	id:	131009	Trust: 0.1
db:	PACKETSTORM	id:	130184	Trust: 0.1
db:	PACKETSTORM	id:	131051	Trust: 0.1
db:	PACKETSTORM	id:	128838	Trust: 0.1
db:	PACKETSTORM	id:	130217	Trust: 0.1
db:	PACKETSTORM	id:	130296	Trust: 0.1
db:	PACKETSTORM	id:	129150	Trust: 0.1
db:	PACKETSTORM	id:	132084	Trust: 0.1
db:	PACKETSTORM	id:	131354	Trust: 0.1
db:	PACKETSTORM	id:	128969	Trust: 0.1
db:	PACKETSTORM	id:	132469	Trust: 0.1
db:	PACKETSTORM	id:	128669	Trust: 0.1
db:	PACKETSTORM	id:	128866	Trust: 0.1
db:	PACKETSTORM	id:	129265	Trust: 0.1
db:	PACKETSTORM	id:	129217	Trust: 0.1
db:	PACKETSTORM	id:	136599	Trust: 0.1
db:	PACKETSTORM	id:	133640	Trust: 0.1
db:	PACKETSTORM	id:	129263	Trust: 0.1
db:	PACKETSTORM	id:	128921	Trust: 0.1
db:	PACKETSTORM	id:	129614	Trust: 0.1
db:	PACKETSTORM	id:	131011	Trust: 0.1
db:	PACKETSTORM	id:	129065	Trust: 0.1
db:	PACKETSTORM	id:	139063	Trust: 0.1
db:	PACKETSTORM	id:	129266	Trust: 0.1
db:	PACKETSTORM	id:	128863	Trust: 0.1
db:	PACKETSTORM	id:	130332	Trust: 0.1
db:	PACKETSTORM	id:	128730	Trust: 0.1
db:	PACKETSTORM	id:	130298	Trust: 0.1
db:	PACKETSTORM	id:	131690	Trust: 0.1
db:	PACKETSTORM	id:	128770	Trust: 0.1
db:	PACKETSTORM	id:	130125	Trust: 0.1
db:	PACKETSTORM	id:	132641	Trust: 0.1
db:	PACKETSTORM	id:	128732	Trust: 0.1
db:	PACKETSTORM	id:	128733	Trust: 0.1
db:	PACKETSTORM	id:	130816	Trust: 0.1
db:	PACKETSTORM	id:	129528	Trust: 0.1
db:	PACKETSTORM	id:	130052	Trust: 0.1
db:	PACKETSTORM	id:	129294	Trust: 0.1
db:	PACKETSTORM	id:	132470	Trust: 0.1
db:	PACKETSTORM	id:	133836	Trust: 0.1
db:	PACKETSTORM	id:	129242	Trust: 0.1
db:	PACKETSTORM	id:	129401	Trust: 0.1
db:	PACKETSTORM	id:	130304	Trust: 0.1
db:	PACKETSTORM	id:	130334	Trust: 0.1
db:	PACKETSTORM	id:	130549	Trust: 0.1
db:	PACKETSTORM	id:	129427	Trust: 0.1
db:	PACKETSTORM	id:	130085	Trust: 0.1
db:	PACKETSTORM	id:	131008	Trust: 0.1
db:	PACKETSTORM	id:	129071	Trust: 0.1
db:	PACKETSTORM	id:	130046	Trust: 0.1
db:	PACKETSTORM	id:	135908	Trust: 0.1
db:	PACKETSTORM	id:	130086	Trust: 0.1
db:	PACKETSTORM	id:	128769	Trust: 0.1
db:	PACKETSTORM	id:	130141	Trust: 0.1
db:	PACKETSTORM	id:	131535	Trust: 0.1
db:	PACKETSTORM	id:	130181	Trust: 0.1
db:	PACKETSTORM	id:	132942	Trust: 0.1
db:	PACKETSTORM	id:	130070	Trust: 0.1
db:	PACKETSTORM	id:	129318	Trust: 0.1
db:	PACKETSTORM	id:	131790	Trust: 0.1
db:	PACKETSTORM	id:	130817	Trust: 0.1
db:	PACKETSTORM	id:	128771	Trust: 0.1
db:	PACKETSTORM	id:	130050	Trust: 0.1
db:	PACKETSTORM	id:	130072	Trust: 0.1
db:	PACKETSTORM	id:	129120	Trust: 0.1
db:	PACKETSTORM	id:	129426	Trust: 0.1
db:	SEEBUG	id:	SSVID-92692	Trust: 0.1
db:	VULHUB	id:	VHN-71506	Trust: 0.1
db:	VULMON	id:	CVE-2014-3566	Trust: 0.1
db:	PACKETSTORM	id:	129194	Trust: 0.1
db:	PACKETSTORM	id:	128731	Trust: 0.1

sources: VULHUB: VHN-71506 // VULMON: CVE-2014-3566 // PACKETSTORM: 133368 // PACKETSTORM: 132965 // PACKETSTORM: 133600 // PACKETSTORM: 129194 // PACKETSTORM: 130759 // PACKETSTORM: 130818 // PACKETSTORM: 136577 // PACKETSTORM: 128731 // PACKETSTORM: 137652 // PACKETSTORM: 132573 // CNNVD: CNNVD-201410-267 // JVNDB: JVNDB-2014-004670 // NVD: CVE-2014-3566

REFERENCES

url:	http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html	Trust: 2.5
url:	http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html	Trust: 2.5
url:	http://www.securityfocus.com/archive/1/533747	Trust: 2.5
url:	http://www.securityfocus.com/archive/1/533746	Trust: 2.5
url:	http://www.us-cert.gov/ncas/alerts/ta14-290a	Trust: 2.5
url:	http://www.kb.cert.org/vuls/id/577193	Trust: 2.5
url:	http://advisories.mageia.org/mgasa-2014-0416.html	Trust: 2.5
url:	http://downloads.asterisk.org/pub/security/ast-2014-011.html	Trust: 2.5
url:	http://support.citrix.com/article/ctx200238	Trust: 2.3
url:	https://security.gentoo.org/glsa/201606-11	Trust: 1.8
url:	http://rhn.redhat.com/errata/rhsa-2014-1880.html	Trust: 1.8
url:	http://rhn.redhat.com/errata/rhsa-2015-1546.html	Trust: 1.8
url:	https://www-01.ibm.com/support/docview.wss?uid=swg21688165	Trust: 1.8
url:	http://www.securitytracker.com/id/1031029	Trust: 1.7
url:	http://www.securitytracker.com/id/1031039	Trust: 1.7
url:	http://www.securitytracker.com/id/1031085	Trust: 1.7
url:	http://www.securitytracker.com/id/1031086	Trust: 1.7
url:	http://www.securitytracker.com/id/1031087	Trust: 1.7
url:	http://www.securitytracker.com/id/1031088	Trust: 1.7
url:	http://www.securitytracker.com/id/1031089	Trust: 1.7
url:	http://www.securitytracker.com/id/1031090	Trust: 1.7
url:	http://www.securitytracker.com/id/1031091	Trust: 1.7
url:	http://www.securitytracker.com/id/1031092	Trust: 1.7
url:	http://www.securitytracker.com/id/1031093	Trust: 1.7
url:	http://www.securitytracker.com/id/1031094	Trust: 1.7
url:	http://www.securitytracker.com/id/1031095	Trust: 1.7
url:	http://www.securitytracker.com/id/1031096	Trust: 1.7
url:	http://www.securitytracker.com/id/1031105	Trust: 1.7
url:	http://www.securitytracker.com/id/1031106	Trust: 1.7
url:	http://www.securitytracker.com/id/1031107	Trust: 1.7
url:	http://www.securitytracker.com/id/1031120	Trust: 1.7
url:	http://www.securitytracker.com/id/1031123	Trust: 1.7
url:	http://www.securitytracker.com/id/1031124	Trust: 1.7
url:	http://www.securitytracker.com/id/1031130	Trust: 1.7
url:	http://www.securitytracker.com/id/1031131	Trust: 1.7
url:	http://www.securitytracker.com/id/1031132	Trust: 1.7
url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20141015-poodle	Trust: 1.7
url:	http://secunia.com/advisories/59627	Trust: 1.7
url:	http://secunia.com/advisories/60056	Trust: 1.7
url:	http://secunia.com/advisories/60206	Trust: 1.7
url:	http://secunia.com/advisories/60792	Trust: 1.7
url:	http://secunia.com/advisories/60859	Trust: 1.7
url:	http://secunia.com/advisories/61019	Trust: 1.7
url:	http://secunia.com/advisories/61130	Trust: 1.7
url:	http://secunia.com/advisories/61303	Trust: 1.7
url:	http://secunia.com/advisories/61316	Trust: 1.7
url:	http://secunia.com/advisories/61345	Trust: 1.7
url:	http://secunia.com/advisories/61359	Trust: 1.7
url:	http://secunia.com/advisories/61782	Trust: 1.7
url:	http://secunia.com/advisories/61810	Trust: 1.7
url:	http://secunia.com/advisories/61819	Trust: 1.7
url:	http://secunia.com/advisories/61825	Trust: 1.7
url:	http://secunia.com/advisories/61827	Trust: 1.7
url:	http://secunia.com/advisories/61926	Trust: 1.7
url:	http://secunia.com/advisories/61995	Trust: 1.7
url:	http://www.securityfocus.com/bid/70574	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/533724/100/0/threaded	Trust: 1.7
url:	http://lists.apple.com/archives/security-announce/2015/jan/msg00003.html	Trust: 1.7
url:	http://lists.apple.com/archives/security-announce/2015/sep/msg00002.html	Trust: 1.7
url:	http://www.debian.org/security/2014/dsa-3053	Trust: 1.7
url:	http://www.debian.org/security/2015/dsa-3144	Trust: 1.7
url:	http://www.debian.org/security/2015/dsa-3147	Trust: 1.7
url:	http://www.debian.org/security/2015/dsa-3253	Trust: 1.7
url:	http://www.debian.org/security/2016/dsa-3489	Trust: 1.7
url:	http://lists.fedoraproject.org/pipermail/package-announce/2014-november/142330.html	Trust: 1.7
url:	http://lists.fedoraproject.org/pipermail/package-announce/2014-october/141158.html	Trust: 1.7
url:	http://lists.fedoraproject.org/pipermail/package-announce/2014-october/141114.html	Trust: 1.7
url:	http://lists.fedoraproject.org/pipermail/package-announce/2015-october/169374.html	Trust: 1.7
url:	http://lists.fedoraproject.org/pipermail/package-announce/2015-october/169361.html	Trust: 1.7
url:	https://security.gentoo.org/glsa/201507-14	Trust: 1.7
url:	http://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04583581	Trust: 1.7
url:	http://www.mandriva.com/security/advisories?name=mdvsa-2014:203	Trust: 1.7
url:	http://www.mandriva.com/security/advisories?name=mdvsa-2015:062	Trust: 1.7
url:	http://rhn.redhat.com/errata/rhsa-2014-1652.html	Trust: 1.7
url:	http://rhn.redhat.com/errata/rhsa-2014-1653.html	Trust: 1.7
url:	http://rhn.redhat.com/errata/rhsa-2014-1692.html	Trust: 1.7
url:	http://rhn.redhat.com/errata/rhsa-2014-1876.html	Trust: 1.7
url:	http://rhn.redhat.com/errata/rhsa-2014-1877.html	Trust: 1.7
url:	http://rhn.redhat.com/errata/rhsa-2014-1881.html	Trust: 1.7
url:	http://rhn.redhat.com/errata/rhsa-2014-1882.html	Trust: 1.7
url:	http://rhn.redhat.com/errata/rhsa-2014-1920.html	Trust: 1.7
url:	http://rhn.redhat.com/errata/rhsa-2014-1948.html	Trust: 1.7
url:	http://rhn.redhat.com/errata/rhsa-2015-0068.html	Trust: 1.7
url:	http://rhn.redhat.com/errata/rhsa-2015-0079.html	Trust: 1.7
url:	http://rhn.redhat.com/errata/rhsa-2015-0080.html	Trust: 1.7
url:	http://rhn.redhat.com/errata/rhsa-2015-0085.html	Trust: 1.7
url:	http://rhn.redhat.com/errata/rhsa-2015-0086.html	Trust: 1.7
url:	http://rhn.redhat.com/errata/rhsa-2015-0264.html	Trust: 1.7
url:	http://rhn.redhat.com/errata/rhsa-2015-0698.html	Trust: 1.7
url:	http://rhn.redhat.com/errata/rhsa-2015-1545.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00003.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00021.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00002.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00027.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00018.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00066.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00000.html	Trust: 1.7
url:	http://www.ubuntu.com/usn/usn-2486-1	Trust: 1.7
url:	http://www.ubuntu.com/usn/usn-2487-1	Trust: 1.7
url:	https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3ccommits.cxf.apache.org%3e	Trust: 1.7
url:	https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3ccommits.cxf.apache.org%3e	Trust: 1.7
url:	https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3ccommits.cxf.apache.org%3e	Trust: 1.7
url:	https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3ccommits.cxf.apache.org%3e	Trust: 1.7
url:	https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3ccommits.cxf.apache.org%3e	Trust: 1.7
url:	https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3ccommits.cxf.apache.org%3e	Trust: 1.7
url:	http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc	Trust: 1.7
url:	http://askubuntu.com/questions/537196/how-do-i-patch-workaround-sslv3-poodle-vulnerability-cve-2014-3566	Trust: 1.7
url:	http://blog.cryptographyengineering.com/2014/10/attack-of-week-poodle.html	Trust: 1.7
url:	http://blog.nodejs.org/2014/10/23/node-v0-10-33-stable/	Trust: 1.7
url:	http://blogs.technet.com/b/msrc/archive/2014/10/14/security-advisory-3009008-released.aspx	Trust: 1.7
url:	http://docs.ipswitch.com/moveit/dmz82/releasenotes/moveitreleasenotes82.pdf	Trust: 1.7
url:	http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html	Trust: 1.7
url:	http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04779034	Trust: 1.7
url:	http://people.canonical.com/~ubuntu-security/cve/2014/cve-2014-3566.html	Trust: 1.7
url:	http://support.apple.com/ht204244	Trust: 1.7
url:	http://www-01.ibm.com/support/docview.wss?uid=isg3t1021431	Trust: 1.7
url:	http://www-01.ibm.com/support/docview.wss?uid=isg3t1021439	Trust: 1.7
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21686997	Trust: 1.7
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21687172	Trust: 1.7
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21687611	Trust: 1.7
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21688283	Trust: 1.7
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21692299	Trust: 1.7
url:	http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html	Trust: 1.7
url:	http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html	Trust: 1.7
url:	http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html	Trust: 1.7
url:	http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html	Trust: 1.7
url:	http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html	Trust: 1.7
url:	http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html	Trust: 1.7
url:	http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html	Trust: 1.7
url:	http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html	Trust: 1.7
url:	http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html	Trust: 1.7
url:	http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html	Trust: 1.7
url:	http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html	Trust: 1.7
url:	http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html	Trust: 1.7
url:	http://www.vmware.com/security/advisories/vmsa-2015-0003.html	Trust: 1.7
url:	http://www.websense.com/support/article/kbarticle/vulnerabilities-resolved-in-triton-apx-version-8-0	Trust: 1.7
url:	http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-405500.htm	Trust: 1.7
url:	https://access.redhat.com/articles/1232123	Trust: 1.7
url:	https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/	Trust: 1.7
url:	https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6	Trust: 1.7
url:	https://bto.bluecoat.com/security-advisory/sa83	Trust: 1.7
url:	https://bugzilla.mozilla.org/show_bug.cgi?id=1076983	Trust: 1.7
url:	https://bugzilla.redhat.com/show_bug.cgi?id=1152789	Trust: 1.7
url:	https://devcentral.f5.com/articles/cve-2014-3566-removing-sslv3-from-big-ip	Trust: 1.7
url:	https://github.com/mpgn/poodle-poc	Trust: 1.7
url:	https://groups.google.com/forum/#%21topic/docker-user/oym0i3xshju	Trust: 1.7
url:	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04819635	Trust: 1.7
url:	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05068681	Trust: 1.7
url:	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05157667	Trust: 1.7
url:	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05301946	Trust: 1.7
url:	https://ics-cert.us-cert.gov/advisories/icsma-18-058-02	Trust: 1.7
url:	https://puppet.com/security/cve/poodle-sslv3-vulnerability	Trust: 1.7
url:	https://security.netapp.com/advisory/ntap-20141015-0001/	Trust: 1.7
url:	https://support.apple.com/ht205217	Trust: 1.7
url:	https://support.apple.com/kb/ht6527	Trust: 1.7
url:	https://support.apple.com/kb/ht6529	Trust: 1.7
url:	https://support.apple.com/kb/ht6531	Trust: 1.7
url:	https://support.apple.com/kb/ht6535	Trust: 1.7
url:	https://support.apple.com/kb/ht6536	Trust: 1.7
url:	https://support.apple.com/kb/ht6541	Trust: 1.7
url:	https://support.apple.com/kb/ht6542	Trust: 1.7
url:	https://support.citrix.com/article/ctx216642	Trust: 1.7
url:	https://support.lenovo.com/product_security/poodle	Trust: 1.7
url:	https://support.lenovo.com/us/en/product_security/poodle	Trust: 1.7
url:	https://technet.microsoft.com/library/security/3009008.aspx	Trust: 1.7
url:	https://www.arista.com/en/support/advisories-notices/security-advisories/1015-security-advisory-7	Trust: 1.7
url:	https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html	Trust: 1.7
url:	https://www.dfranke.us/posts/2014-10-14-how-poodle-happened.html	Trust: 1.7
url:	https://www.elastic.co/blog/logstash-1-4-3-released	Trust: 1.7
url:	https://www.imperialviolet.org/2014/10/14/poodle.html	Trust: 1.7
url:	https://www.openssl.org/news/secadv_20141015.txt	Trust: 1.7
url:	https://www.openssl.org/~bodo/ssl-poodle.pdf	Trust: 1.7
url:	https://www.suse.com/support/kb/doc.php?id=7015773	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00001.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html	Trust: 1.7
url:	http://marc.info/?l=bugtraq&m=141814011518700&w=2	Trust: 1.6
url:	http://marc.info/?l=openssl-dev&m=141333049205629&w=2	Trust: 1.6
url:	http://marc.info/?l=bugtraq&m=143290522027658&w=2	Trust: 1.6
url:	http://marc.info/?l=bugtraq&m=143290371927178&w=2	Trust: 1.6
url:	http://marc.info/?l=bugtraq&m=141879378918327&w=2	Trust: 1.6
url:	http://marc.info/?l=bugtraq&m=142624590206005&w=2	Trust: 1.6
url:	http://marc.info/?l=bugtraq&m=143290437727362&w=2	Trust: 1.6
url:	http://marc.info/?l=bugtraq&m=142350196615714&w=2	Trust: 1.6
url:	http://marc.info/?l=bugtraq&m=141703183219781&w=2	Trust: 1.6
url:	http://marc.info/?l=bugtraq&m=141577350823734&w=2	Trust: 1.6
url:	http://marc.info/?l=bugtraq&m=142118135300698&w=2	Trust: 1.6
url:	http://marc.info/?l=bugtraq&m=142791032306609&w=2	Trust: 1.6
url:	http://marc.info/?l=bugtraq&m=141813976718456&w=2	Trust: 1.6
url:	http://marc.info/?l=bugtraq&m=141620103726640&w=2	Trust: 1.6
url:	http://marc.info/?l=bugtraq&m=142660345230545&w=2	Trust: 1.6
url:	http://marc.info/?l=bugtraq&m=142350743917559&w=2	Trust: 1.6
url:	http://marc.info/?l=bugtraq&m=143558137709884&w=2	Trust: 1.6
url:	http://marc.info/?l=bugtraq&m=142607790919348&w=2	Trust: 1.6
url:	http://marc.info/?l=bugtraq&m=143628269912142&w=2	Trust: 1.6
url:	http://marc.info/?l=bugtraq&m=142804214608580&w=2	Trust: 1.6
url:	http://marc.info/?l=bugtraq&m=142354438527235&w=2	Trust: 1.6
url:	http://marc.info/?l=bugtraq&m=142624619906067&w=2	Trust: 1.6
url:	http://marc.info/?l=bugtraq&m=142296755107581&w=2	Trust: 1.6
url:	http://marc.info/?l=bugtraq&m=144101915224472&w=2	Trust: 1.6
url:	http://marc.info/?l=bugtraq&m=143039249603103&w=2	Trust: 1.6
url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10104	Trust: 1.6
url:	http://marc.info/?l=bugtraq&m=142496355704097&w=2	Trust: 1.6
url:	http://marc.info/?l=bugtraq&m=142721830231196&w=2	Trust: 1.6
url:	http://marc.info/?l=bugtraq&m=143101048219218&w=2	Trust: 1.6
url:	http://marc.info/?l=bugtraq&m=142357976805598&w=2	Trust: 1.6
url:	http://marc.info/?l=bugtraq&m=142740155824959&w=2	Trust: 1.6
url:	http://marc.info/?l=bugtraq&m=141450973807288&w=2	Trust: 1.6
url:	http://marc.info/?l=bugtraq&m=143558192010071&w=2	Trust: 1.6
url:	http://marc.info/?l=bugtraq&m=141697676231104&w=2	Trust: 1.6
url:	http://marc.info/?l=bugtraq&m=144251162130364&w=2	Trust: 1.6
url:	http://marc.info/?l=bugtraq&m=141628688425177&w=2	Trust: 1.6
url:	http://marc.info/?l=bugtraq&m=142495837901899&w=2	Trust: 1.6
url:	http://marc.info/?l=bugtraq&m=141576815022399&w=2	Trust: 1.6
url:	http://marc.info/?l=bugtraq&m=141697638231025&w=2	Trust: 1.6
url:	http://marc.info/?l=bugtraq&m=141577087123040&w=2	Trust: 1.6
url:	http://marc.info/?l=bugtraq&m=142962817202793&w=2	Trust: 1.6
url:	http://marc.info/?l=bugtraq&m=145983526810210&w=2	Trust: 1.6
url:	http://marc.info/?l=bugtraq&m=144294141001552&w=2	Trust: 1.6
url:	http://marc.info/?l=bugtraq&m=142805027510172&w=2	Trust: 1.6
url:	http://marc.info/?l=bugtraq&m=141715130023061&w=2	Trust: 1.6
url:	http://marc.info/?l=bugtraq&m=141450452204552&w=2	Trust: 1.6
url:	http://marc.info/?l=bugtraq&m=143290583027876&w=2	Trust: 1.6
url:	http://kb.juniper.net/infocenter/index?page=content&id=jsa10705	Trust: 1.6
url:	http://marc.info/?l=bugtraq&m=141775427104070&w=2	Trust: 1.6
url:	http://marc.info/?l=bugtraq&m=142546741516006&w=2	Trust: 1.6
url:	http://marc.info/?l=bugtraq&m=142350298616097&w=2	Trust: 1.6
url:	http://marc.info/?l=bugtraq&m=142624679706236&w=2	Trust: 1.6
url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10090	Trust: 1.6
url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10091	Trust: 1.6
url:	http://marc.info/?l=bugtraq&m=141694355519663&w=2	Trust: 1.6
url:	http://marc.info/?l=bugtraq&m=142103967620673&w=2	Trust: 1.6
url:	http://marc.info/?l=bugtraq&m=142624719706349&w=2	Trust: 1.6
url:	http://marc.info/?l=bugtraq&m=141477196830952&w=2	Trust: 1.6
url:	http://marc.info/?l=bugtraq&m=142721887231400&w=2	Trust: 1.6
url:	ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2014-015.txt.asc	Trust: 1.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-3566	Trust: 1.0
url:	http://marc.info/?l=bugtraq&m=142624619906067	Trust: 1.0
url:	https://templatelab.com/ssl-poodle/	Trust: 1.0
url:	https://access.redhat.com/security/cve/cve-2014-3566	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3566	Trust: 0.8
url:	https://www.us-cert.gov/ics/advisories/icsma-18-058-02	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu97537282/index.html	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu96447236/index.html	Trust: 0.8
url:	http://jvn.jp/ta/jvnta98308086/index.html	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu98283300/index.html	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu99970459/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3566	Trust: 0.8
url:	http://www.circl.lu/pub/tr-28/	Trust: 0.8
url:	https://www.imperialviolet.org/2014/12/08/poodleagain.html	Trust: 0.8
url:	https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00	Trust: 0.8
url:	http://www.aratana.jp/security/detail.php?id=11	Trust: 0.8
url:	https://groups.google.com/forum/#!topic/docker-user/oym0i3xshju	Trust: 0.6
url:	https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3ccommits.cxf.apache.org%3e	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2015:0085	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2015:0086	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2014:1920	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2015:0079	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2015:0080	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2015:0069	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2015:0067	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2015:0068	Trust: 0.6
url:	https://access.redhat.com/errata/rhba-2014:1857	Trust: 0.6
url:	https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3ccommits.cxf.apache.org%3e	Trust: 0.6
url:	https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3ccommits.cxf.apache.org%3e	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2015:0264	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2015:0012	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2015:0010	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2015:0011	Trust: 0.6
url:	https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3ccommits.cxf.apache.org%3e	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2014:1880	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2014:1882	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2014:1881	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2014:1877	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2014:1876	Trust: 0.6
url:	https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3ccommits.cxf.apache.org%3e	Trust: 0.6
url:	https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3ccommits.cxf.apache.org%3e	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2015:1545	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2015:1546	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-datacap-taskmaster-capture-is-affected-by-vulnerable-to-appscans-sslv3-client-hello-with-cbc-cipher-suites-that-contain-tls_fallback_scsv-3/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.0696	Trust: 0.6
url:	https://support.lenovo.com/us/en/solutions/len-24443	Trust: 0.6
url:	https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/	Trust: 0.5
url:	http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins	Trust: 0.5
url:	https://h20564.www2.hp.com/portal/site/hpsc/public/kb/	Trust: 0.3
url:	https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/	Trust: 0.2
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.2
url:	https://bugzilla.redhat.com/):	Trust: 0.2
url:	https://access.redhat.com/security/team/key/	Trust: 0.2
url:	https://access.redhat.com/articles/11258	Trust: 0.2
url:	https://access.redhat.com/security/team/contact/	Trust: 0.2
url:	http://marc.info/?l=bugtraq&m=141577350823734&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=141576815022399&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=141620103726640&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=141697638231025&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=141703183219781&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=141697676231104&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=141775427104070&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=141814011518700&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=141715130023061&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=141813976718456&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=142118135300698&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=142296755107581&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=142354438527235&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=142350743917559&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=142350196615714&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=142350298616097&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=142357976805598&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=142962817202793&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=143290371927178&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=144294141001552&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=145983526810210&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=141450973807288&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=142721887231400&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=142660345230545&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=142804214608580&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=141450452204552&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=141628688425177&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=141577087123040&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=141694355519663&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=141879378918327&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=143290583027876&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=143628269912142&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=143039249603103&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=142624619906067&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=142495837901899&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=143290522027658&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=142624719706349&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=143290437727362&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=142624590206005&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=142624679706236&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=142740155824959&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=142721830231196&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=142791032306609&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=144101915224472&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=142103967620673&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=143558137709884&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=143558192010071&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=142805027510172&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=142546741516006&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=144251162130364&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=141477196830952&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=143101048219218&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=142496355704097&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=142624619906067	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=142607790919348&w=2	Trust: 0.1
url:	http://marc.info/?l=openssl-dev&m=141333049205629&w=2	Trust: 0.1
url:	http://kb.juniper.net/infocenter/index?page=content&id=jsa10705	Trust: 0.1
url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10090	Trust: 0.1
url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10091	Trust: 0.1
url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10104	Trust: 0.1
url:	https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetsea	Trust: 0.1
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2014-6531	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2014-6532	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6511	Trust: 0.1
url:	https://access.redhat.com/security/updates/classification/#critical	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6558	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2014-6457	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-3065	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2014-6493	Trust: 0.1
url:	https://www.ibm.com/developerworks/java/jdk/alerts/	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2014-4288	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2014-6503	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-4288	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6532	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6457	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2014-6512	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6531	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2014-6511	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2014-3065	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2014-6458	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6527	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6502	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6493	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6503	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2014-6492	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2014-6502	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6476	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6506	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2014-6558	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2014-6476	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6515	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2014-6506	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2014-6456	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2014-6515	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6456	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2014-6527	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6458	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6492	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6512	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-0403	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-0407	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-0406	Trust: 0.1
url:	http://www.hp.com/java	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6593	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6585	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6587	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6591	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-0410	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4010	Trust: 0.1
url:	https://www.hp.com/go/swa	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-0408	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-0412	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-0413	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-0400	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-0383	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6601	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-0395	Trust: 0.1
url:	http://www.hp.com/swpublishing/mtx-2557aa7dc1654cf6b547c1a9e4	Trust: 0.1
url:	http://www.hp.com/swpublishing/mtx-7b23e47d5d9b420b94bd1323eb	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-5139	Trust: 0.1
url:	https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n	Trust: 0.1
url:	http://www.hpe.com/support/security_bulletin_archive	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2842	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-0800	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-0705	Trust: 0.1
url:	https://www.hpe.com	Trust: 0.1
url:	https://h20392.www2.hpe.com/	Trust: 0.1
url:	http://www.hpe.com/support/subscriber_choice	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-0799	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0064	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-6393	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0063	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0061	Trust: 0.1
url:	http://support.apple.com/kb/ht1222	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-4406	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-4854	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0591	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0066	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0062	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-4164	Trust: 0.1
url:	https://www.apple.com/support/security/pgp/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0060	Trust: 0.1
url:	http://gpgtools.org	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-3919	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-4424	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0065	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-4446	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-4447	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-8708	Trust: 0.1
url:	http://creativecommons.org/licenses/by-sa/2.5	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-8614	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8708	Trust: 0.1
url:	https://security.gentoo.org/	Trust: 0.1
url:	https://bugs.gentoo.org.	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3566	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8614	Trust: 0.1
url:	https://my.vertica.com	Trust: 0.1

sources: VULHUB: VHN-71506 // PACKETSTORM: 133368 // PACKETSTORM: 132965 // PACKETSTORM: 133600 // PACKETSTORM: 129194 // PACKETSTORM: 130759 // PACKETSTORM: 130818 // PACKETSTORM: 136577 // PACKETSTORM: 128731 // PACKETSTORM: 137652 // PACKETSTORM: 132573 // CNNVD: CNNVD-201410-267 // JVNDB: JVNDB-2014-004670 // NVD: CVE-2014-3566

CREDITS

Trust: 0.6

sources: PACKETSTORM: 133368 // PACKETSTORM: 133600 // PACKETSTORM: 130759 // PACKETSTORM: 130818 // PACKETSTORM: 136577 // PACKETSTORM: 132573

SOURCES

db:	VULHUB	id:	VHN-71506
db:	VULMON	id:	CVE-2014-3566
db:	PACKETSTORM	id:	133368
db:	PACKETSTORM	id:	132965
db:	PACKETSTORM	id:	133600
db:	PACKETSTORM	id:	129194
db:	PACKETSTORM	id:	130759
db:	PACKETSTORM	id:	130818
db:	PACKETSTORM	id:	136577
db:	PACKETSTORM	id:	128731
db:	PACKETSTORM	id:	137652
db:	PACKETSTORM	id:	132573
db:	CNNVD	id:	CNNVD-201410-267
db:	JVNDB	id:	JVNDB-2014-004670
db:	NVD	id:	CVE-2014-3566

LAST UPDATE DATE

2026-04-18T22:53:38.342000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-71506	date:	2023-02-13T00:00:00
db:	VULMON	id:	CVE-2014-3566	date:	2023-09-12T00:00:00
db:	CNNVD	id:	CNNVD-201410-267	date:	2023-04-12T00:00:00
db:	JVNDB	id:	JVNDB-2014-004670	date:	2019-07-10T00:00:00
db:	NVD	id:	CVE-2014-3566	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-71506	date:	2014-10-15T00:00:00
db:	VULMON	id:	CVE-2014-3566	date:	2014-10-15T00:00:00
db:	PACKETSTORM	id:	133368	date:	2015-08-28T19:02:22
db:	PACKETSTORM	id:	132965	date:	2015-08-05T13:32:00
db:	PACKETSTORM	id:	133600	date:	2015-09-19T14:20:37
db:	PACKETSTORM	id:	129194	date:	2014-11-21T00:48:49
db:	PACKETSTORM	id:	130759	date:	2015-03-11T16:04:36
db:	PACKETSTORM	id:	130818	date:	2015-03-13T17:11:21
db:	PACKETSTORM	id:	136577	date:	2016-04-06T13:28:14
db:	PACKETSTORM	id:	128731	date:	2014-10-17T15:07:38
db:	PACKETSTORM	id:	137652	date:	2016-06-26T11:11:00
db:	PACKETSTORM	id:	132573	date:	2015-07-07T15:38:33
db:	CNNVD	id:	CNNVD-201410-267	date:	2014-10-15T00:00:00
db:	JVNDB	id:	JVNDB-2014-004670	date:	2014-10-16T00:00:00
db:	NVD	id:	CVE-2014-3566	date:	2014-10-15T00:55:02.137