Details of VAR-201606-0477

ID

VAR-201606-0477

CVE

CVE-2016-2178

TITLE

OpenSSL of crypto/dsa/dsa_ossl.c of dsa_sign_setup In function DSA Vulnerability to obtain a private key

Trust: 0.8

sources: JVNDB: JVNDB-2016-003305

DESCRIPTION

The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack. OpenSSL is prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information. This may aid in further attacks. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: openssl security update Advisory ID: RHSA-2016:1940-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1940.html Issue date: 2016-09-27 CVE Names: CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 CVE-2016-2180 CVE-2016-2181 CVE-2016-2182 CVE-2016-6302 CVE-2016-6304 CVE-2016-6306 ===================================================================== 1. Summary: An update for openssl is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es): * A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiation. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it enabled OCSP stapling support. (CVE-2016-6304) * It was discovered that OpenSSL did not always use constant time operations when computing Digital Signature Algorithm (DSA) signatures. (CVE-2016-2178) * It was discovered that the Datagram TLS (DTLS) implementation could fail to release memory in certain cases. A malicious DTLS client could cause a DTLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory. (CVE-2016-2179) * A flaw was found in the Datagram TLS (DTLS) replay protection implementation in OpenSSL. A remote attacker could possibly use this flaw to make a DTLS server using OpenSSL to reject further packets sent from a DTLS client over an established DTLS connection. (CVE-2016-2181) * An out of bounds write flaw was discovered in the OpenSSL BN_bn2dec() function. An attacker able to make an application using OpenSSL to process a large BIGNUM could cause the application to crash or, possibly, execute arbitrary code. (CVE-2016-2182) * A flaw was found in the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183) This update mitigates the CVE-2016-2183 issue by lowering priority of DES cipher suites so they are not preferred over cipher suites using AES. For compatibility reasons, DES cipher suites remain enabled by default and included in the set of cipher suites identified by the HIGH cipher string. Future updates may move them to MEDIUM or not enable them by default. * An integer underflow flaw leading to a buffer over-read was found in the way OpenSSL parsed TLS session tickets. A remote attacker could use this flaw to crash a TLS server using OpenSSL if it used SHA-512 as HMAC for session tickets. (CVE-2016-6302) * Multiple integer overflow flaws were found in the way OpenSSL performed pointer arithmetic. A remote attacker could possibly use these flaws to cause a TLS/SSL server or client using OpenSSL to crash. (CVE-2016-2177) * An out of bounds read flaw was found in the way OpenSSL formatted Public Key Infrastructure Time-Stamp Protocol data for printing. An attacker could possibly cause an application using OpenSSL to crash if it printed time stamp data from the attacker. (CVE-2016-2180) * Multiple out of bounds read flaws were found in the way OpenSSL handled certain TLS/SSL protocol handshake messages. A remote attacker could possibly use these flaws to crash a TLS/SSL server or client using OpenSSL. (CVE-2016-6306) Red Hat would like to thank the OpenSSL project for reporting CVE-2016-6304 and CVE-2016-6306 and OpenVPN for reporting CVE-2016-2183. Upstream acknowledges Shi Lei (Gear Team of Qihoo 360 Inc.) as the original reporter of CVE-2016-6304 and CVE-2016-6306; and Karthikeyan Bhargavan (Inria) and GaA<<tan Leurent (Inria) as the original reporters of CVE-2016-2183. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. 5. Bugs fixed (https://bugzilla.redhat.com/): 1341705 - CVE-2016-2177 openssl: Possible integer overflow vulnerabilities in codebase 1343400 - CVE-2016-2178 openssl: Non-constant time codepath followed for certain operations in DSA implementation 1359615 - CVE-2016-2180 OpenSSL: OOB read in TS_OBJ_print_bio() 1367340 - CVE-2016-2182 openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec() 1369113 - CVE-2016-2181 openssl: DTLS replay protection bypass allows DoS against DTLS connection 1369383 - CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32) 1369504 - CVE-2016-2179 openssl: DTLS memory exhaustion DoS when messages are not removed from fragment buffer 1369855 - CVE-2016-6302 openssl: Insufficient TLS session ticket HMAC length checks 1377594 - CVE-2016-6306 openssl: certificate message OOB reads 1377600 - CVE-2016-6304 openssl: OCSP Status Request extension unbounded memory growth 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: openssl-1.0.1e-48.el6_8.3.src.rpm i386: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm x86_64: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-perl-1.0.1e-48.el6_8.3.i686.rpm openssl-static-1.0.1e-48.el6_8.3.i686.rpm x86_64: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-static-1.0.1e-48.el6_8.3.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: openssl-1.0.1e-48.el6_8.3.src.rpm x86_64: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-static-1.0.1e-48.el6_8.3.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: openssl-1.0.1e-48.el6_8.3.src.rpm i386: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm ppc64: openssl-1.0.1e-48.el6_8.3.ppc.rpm openssl-1.0.1e-48.el6_8.3.ppc64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.ppc.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.ppc64.rpm openssl-devel-1.0.1e-48.el6_8.3.ppc.rpm openssl-devel-1.0.1e-48.el6_8.3.ppc64.rpm s390x: openssl-1.0.1e-48.el6_8.3.s390.rpm openssl-1.0.1e-48.el6_8.3.s390x.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.s390.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.s390x.rpm openssl-devel-1.0.1e-48.el6_8.3.s390.rpm openssl-devel-1.0.1e-48.el6_8.3.s390x.rpm x86_64: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-perl-1.0.1e-48.el6_8.3.i686.rpm openssl-static-1.0.1e-48.el6_8.3.i686.rpm ppc64: openssl-debuginfo-1.0.1e-48.el6_8.3.ppc64.rpm openssl-perl-1.0.1e-48.el6_8.3.ppc64.rpm openssl-static-1.0.1e-48.el6_8.3.ppc64.rpm s390x: openssl-debuginfo-1.0.1e-48.el6_8.3.s390x.rpm openssl-perl-1.0.1e-48.el6_8.3.s390x.rpm openssl-static-1.0.1e-48.el6_8.3.s390x.rpm x86_64: openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-static-1.0.1e-48.el6_8.3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: openssl-1.0.1e-48.el6_8.3.src.rpm i386: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm x86_64: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-perl-1.0.1e-48.el6_8.3.i686.rpm openssl-static-1.0.1e-48.el6_8.3.i686.rpm x86_64: openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-static-1.0.1e-48.el6_8.3.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: openssl-1.0.1e-51.el7_2.7.src.rpm x86_64: openssl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.7.i686.rpm openssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.7.i686.rpm openssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-static-1.0.1e-51.el7_2.7.i686.rpm openssl-static-1.0.1e-51.el7_2.7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: openssl-1.0.1e-51.el7_2.7.src.rpm x86_64: openssl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.7.i686.rpm openssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.7.i686.rpm openssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-static-1.0.1e-51.el7_2.7.i686.rpm openssl-static-1.0.1e-51.el7_2.7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: openssl-1.0.1e-51.el7_2.7.src.rpm ppc64: openssl-1.0.1e-51.el7_2.7.ppc64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.ppc.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.ppc64.rpm openssl-devel-1.0.1e-51.el7_2.7.ppc.rpm openssl-devel-1.0.1e-51.el7_2.7.ppc64.rpm openssl-libs-1.0.1e-51.el7_2.7.ppc.rpm openssl-libs-1.0.1e-51.el7_2.7.ppc64.rpm ppc64le: openssl-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-devel-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-libs-1.0.1e-51.el7_2.7.ppc64le.rpm s390x: openssl-1.0.1e-51.el7_2.7.s390x.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.s390.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.s390x.rpm openssl-devel-1.0.1e-51.el7_2.7.s390.rpm openssl-devel-1.0.1e-51.el7_2.7.s390x.rpm openssl-libs-1.0.1e-51.el7_2.7.s390.rpm openssl-libs-1.0.1e-51.el7_2.7.s390x.rpm x86_64: openssl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.7.i686.rpm openssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.7.i686.rpm openssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: openssl-debuginfo-1.0.1e-51.el7_2.7.ppc.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.ppc64.rpm openssl-perl-1.0.1e-51.el7_2.7.ppc64.rpm openssl-static-1.0.1e-51.el7_2.7.ppc.rpm openssl-static-1.0.1e-51.el7_2.7.ppc64.rpm ppc64le: openssl-debuginfo-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-perl-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-static-1.0.1e-51.el7_2.7.ppc64le.rpm s390x: openssl-debuginfo-1.0.1e-51.el7_2.7.s390.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.s390x.rpm openssl-perl-1.0.1e-51.el7_2.7.s390x.rpm openssl-static-1.0.1e-51.el7_2.7.s390.rpm openssl-static-1.0.1e-51.el7_2.7.s390x.rpm x86_64: openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-static-1.0.1e-51.el7_2.7.i686.rpm openssl-static-1.0.1e-51.el7_2.7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: openssl-1.0.1e-51.el7_2.7.src.rpm x86_64: openssl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.7.i686.rpm openssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.7.i686.rpm openssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-static-1.0.1e-51.el7_2.7.i686.rpm openssl-static-1.0.1e-51.el7_2.7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-2177 https://access.redhat.com/security/cve/CVE-2016-2178 https://access.redhat.com/security/cve/CVE-2016-2179 https://access.redhat.com/security/cve/CVE-2016-2180 https://access.redhat.com/security/cve/CVE-2016-2181 https://access.redhat.com/security/cve/CVE-2016-2182 https://access.redhat.com/security/cve/CVE-2016-6302 https://access.redhat.com/security/cve/CVE-2016-6304 https://access.redhat.com/security/cve/CVE-2016-6306 https://access.redhat.com/security/updates/classification/#important https://www.openssl.org/news/secadv/20160922.txt 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFX6nnFXlSAg2UNWIIRAqklAJ9uGMit/wxZ0CfuGjR7Vi2+AjmGMwCfTpEI xpTW7ApBLmKhVjs49DGYouI= =4VgY -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Summary: An update is now available for JBoss Core Services on RHEL 7. Description: This release adds the new Apache HTTP Server 2.4.23 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.6 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release. (CVE-2016-2108) * It was found that the length checks prior to writing to the target buffer for creating a virtual host mapping rule did not take account of the length of the virtual host name, creating the potential for a buffer overflow. (CVE-2016-2177) * It was discovered that specifying configuration with a JVMRoute path longer than 80 characters will cause segmentation fault leading to a server crash. (CVE-2016-4459) * An error was found in protocol parsing logic of mod_cluster load balancer Apache HTTP Server modules. After installing the updated packages, the httpd daemon will be restarted automatically. Additional information can be found at https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/ CVE-2016-2178 Cesar Pereida, Billy Brumley and Yuval Yarom discovered a timing leak in the DSA code. CVE-2016-2179 / CVE-2016-2181 Quan Luo and the OCAP audit team discovered denial of service vulnerabilities in DTLS. For the stable distribution (jessie), these problems have been fixed in version 1.0.1t-1+deb8u4. For the unstable distribution (sid), these problems will be fixed soon. We recommend that you upgrade your openssl packages. Of these 14 vulnerabilities, the OpenSSL Software Foundation classifies one as aCritical Severity,a one as aModerate Severity,a and the other 12 as aLow Severity.a Subsequently, on September 26, the OpenSSL Software Foundation released an additional advisory that describes two new vulnerabilities. These vulnerabilities affect the OpenSSL versions that were released to address the vulnerabilities disclosed in the previous advisory. One of the new vulnerabilities was rated as aHigh Severitya and the other as aModerate Severity.a Of the 16 released vulnerabilities: Fourteen track issues that could result in a denial of service (DoS) condition One (CVE-2016-2183, aka SWEET32) tracks an implementation of a Birthday attack against Transport Layer Security (TLS) block ciphers that use a 64-bit block size that could result in loss of confidentiality One (CVE-2016-2178) is a timing side-channel attack that, in specific circumstances, could allow an attacker to derive the private DSA key that belongs to another user or service running on the same system Five of the 16 vulnerabilities affect exclusively the recently released OpenSSL versions that belong to the 1.1.0 code train, which has not yet been integrated into any Cisco product. Description: Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. For further information, see the knowledge base article linked to in the References section. The JBoss server process must be restarted for the update to take effect. ========================================================================== Ubuntu Security Notice USN-3087-2 September 23, 2016 openssl regression ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: USN-3087-1 introduced a regression in OpenSSL. The fix for CVE-2016-2182 was incomplete and caused a regression when parsing certificates. This update fixes the problem. We apologize for the inconvenience. This issue has only been addressed in Ubuntu 16.04 LTS in this update. (CVE-2016-2178) Quan Luo discovered that OpenSSL did not properly restrict the lifetime of queue entries in the DTLS implementation. (CVE-2016-2181) Shi Lei discovered that OpenSSL incorrectly validated division results. (CVE-2016-2182) Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. (CVE-2016-2183) Shi Lei discovered that OpenSSL incorrectly handled certain ticket lengths. (CVE-2016-6303) Shi Lei discovered that OpenSSL incorrectly performed certain message length checks. (CVE-2016-6306) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: libssl1.0.0 1.0.2g-1ubuntu4.5 Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.21 Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.38 After a standard system update you need to reboot your computer to make all the necessary changes

Trust: 2.61

sources: NVD: CVE-2016-2178 // JVNDB: JVNDB-2016-003305 // BID: 91081 // VULMON: CVE-2016-2178 // PACKETSTORM: 138870 // PACKETSTORM: 140717 // PACKETSTORM: 138817 // PACKETSTORM: 138889 // PACKETSTORM: 138820 // PACKETSTORM: 143181 // PACKETSTORM: 138826

AFFECTED PRODUCTS

vendor:	oracle	model:	linux	scope:	eq	version:	5	Trust: 1.8
vendor:	oracle	model:	linux	scope:	eq	version:	6	Trust: 1.8
vendor:	oracle	model:	linux	scope:	eq	version:	7	Trust: 1.8
vendor:	oracle	model:	solaris	scope:	eq	version:	10	Trust: 1.8
vendor:	oracle	model:	solaris	scope:	eq	version:	11.3	Trust: 1.8
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.2d	Trust: 1.6
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.2c	Trust: 1.6
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.2e	Trust: 1.6
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.2f	Trust: 1.6
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.2h	Trust: 1.6
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.2g	Trust: 1.6
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1p	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1f	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	gte	version:	0.10.0	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1l	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1d	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	gte	version:	5.0.0	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1c	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1g	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.2	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1n	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1s	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.2b	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1q	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	lt	version:	0.10.47	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	8.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	12.04	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1t	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	gte	version:	4.0.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	16.04	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1b	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	14.04	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	lt	version:	0.12.16	Trust: 1.0
vendor:	suse	model:	linux enterprise	scope:	eq	version:	12.0	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	gte	version:	0.12.0	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	gte	version:	4.2.0	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1h	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	lt	version:	4.6.0	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	lte	version:	4.1.2	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1j	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	lt	version:	6.7.0	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1o	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1e	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1a	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1i	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1r	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1k	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.2a	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1m	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	lte	version:	1.0.2h	Trust: 0.8
vendor:	suse	model:	linux enterprise module for web scripting	scope:	eq	version:	12	Trust: 0.8
vendor:	nec	model:	capssuite	scope:	eq	version:	v3.0 to v4.0	Trust: 0.8
vendor:	nec	model:	enterpriseidentitymanager	scope:	-	version:	-	Trust: 0.8
vendor:	nec	model:	esmpro/serveragentservice	scope:	eq	version:	(linux edition )	Trust: 0.8
vendor:	nec	model:	express5800	scope:	eq	version:	sg3600 all series	Trust: 0.8
vendor:	nec	model:	ix1000 series	scope:	-	version:	-	Trust: 0.8
vendor:	nec	model:	ix2000 series	scope:	-	version:	-	Trust: 0.8
vendor:	nec	model:	ix3000 series	scope:	-	version:	-	Trust: 0.8
vendor:	nec	model:	secureware/pki application development kit	scope:	eq	version:	ver3.2	Trust: 0.8
vendor:	nec	model:	webotx application server	scope:	eq	version:	enterprise v8.2 to v9.4	Trust: 0.8
vendor:	nec	model:	webotx application server	scope:	eq	version:	express v8.2 to v9.4	Trust: 0.8
vendor:	nec	model:	webotx application server	scope:	eq	version:	foundation v8.2 to v8.5	Trust: 0.8
vendor:	nec	model:	webotx application server	scope:	eq	version:	standard v8.2 to v9.4	Trust: 0.8
vendor:	nec	model:	webotx enterprise service bus	scope:	eq	version:	v8.2 to v8.5	Trust: 0.8
vendor:	nec	model:	webotx portal	scope:	eq	version:	v8.2 to v9.1	Trust: 0.8
vendor:	cisco	model:	stealthwatch udp director	scope:	eq	version:	0	Trust: 0.6
vendor:	cisco	model:	paging server	scope:	eq	version:	0	Trust: 0.6
vendor:	cisco	model:	content security management appliance	scope:	eq	version:	0	Trust: 0.6
vendor:	cisco	model:	cloud web security	scope:	eq	version:	0	Trust: 0.6
vendor:	oracle	model:	vm virtualbox	scope:	eq	version:	5.0.26	Trust: 0.3
vendor:	oracle	model:	vm virtualbox	scope:	eq	version:	5.0.22	Trust: 0.3
vendor:	oracle	model:	vm virtualbox	scope:	eq	version:	5.0.16	Trust: 0.3
vendor:	oracle	model:	vm virtualbox	scope:	eq	version:	5.0.14	Trust: 0.3
vendor:	oracle	model:	vm virtualbox	scope:	eq	version:	5.0.13	Trust: 0.3
vendor:	oracle	model:	vm virtualbox	scope:	eq	version:	5.0.12	Trust: 0.3
vendor:	oracle	model:	vm virtualbox	scope:	eq	version:	5.0.11	Trust: 0.3
vendor:	oracle	model:	vm virtualbox	scope:	eq	version:	5.0.10	Trust: 0.3
vendor:	oracle	model:	vm virtualbox	scope:	eq	version:	5.0.9	Trust: 0.3
vendor:	oracle	model:	vm virtualbox	scope:	eq	version:	5.0.8	Trust: 0.3
vendor:	oracle	model:	vm virtualbox	scope:	eq	version:	5.0.18	Trust: 0.3
vendor:	oracle	model:	vm virtualbox	scope:	eq	version:	5.0	Trust: 0.3
vendor:	oracle	model:	transportation management	scope:	eq	version:	6.2	Trust: 0.3
vendor:	oracle	model:	transportation management	scope:	eq	version:	6.1	Trust: 0.3
vendor:	oracle	model:	secure global desktop	scope:	eq	version:	5.3	Trust: 0.3
vendor:	oracle	model:	secure global desktop	scope:	eq	version:	5.2	Trust: 0.3
vendor:	oracle	model:	secure global desktop	scope:	eq	version:	4.71	Trust: 0.3
vendor:	oracle	model:	peoplesoft enterprise peopletools	scope:	eq	version:	8.55	Trust: 0.3
vendor:	oracle	model:	peoplesoft enterprise peopletools	scope:	eq	version:	8.54	Trust: 0.3
vendor:	oracle	model:	oss support tools	scope:	eq	version:	8.9.15.9.8	Trust: 0.3
vendor:	oracle	model:	oss support tools	scope:	eq	version:	8.8.15.7.15	Trust: 0.3
vendor:	oracle	model:	mysql workbench	scope:	eq	version:	6.3.8	Trust: 0.3
vendor:	oracle	model:	mysql workbench	scope:	eq	version:	6.1.5	Trust: 0.3
vendor:	oracle	model:	mysql workbench	scope:	eq	version:	6.1.4	Trust: 0.3
vendor:	oracle	model:	mysql enterprise monitor	scope:	eq	version:	3.3.0.1098	Trust: 0.3
vendor:	oracle	model:	mysql enterprise monitor	scope:	eq	version:	3.2.4.1102	Trust: 0.3
vendor:	oracle	model:	mysql enterprise monitor	scope:	eq	version:	3.1.4.7895	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.7.15	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.7.14	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.7.13	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.7.12	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.7.9	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.7.8	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.7.7	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.7.6	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.7.5	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.7.4	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.7.3	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.7.2	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.6.33	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.6.32	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.6.31	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.6.30	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.6.28	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.6.27	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.6.26	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.6.25	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.6.24	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.6.23	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.6.22	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.6.21	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.6.17	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.6.12	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.6.11	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.6.10	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.6.9	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.6.6	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.6	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.7.11	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.7.10	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.6.8	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.6.7	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.6.5	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.6.4	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.6.29	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.6.20	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.6.2	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.6.19	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.6.18	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.6.16	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.6.15	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.6.14	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.6.13	Trust: 0.3
vendor:	oracle	model:	jd edwards enterpriseone tools	scope:	eq	version:	9.2.1.1	Trust: 0.3
vendor:	oracle	model:	enterprise manager ops center	scope:	eq	version:	12.3.2	Trust: 0.3
vendor:	oracle	model:	enterprise manager ops center	scope:	eq	version:	12.2.2	Trust: 0.3
vendor:	oracle	model:	enterprise manager ops center	scope:	eq	version:	12.1.4	Trust: 0.3
vendor:	oracle	model:	enterprise manager base platform	scope:	eq	version:	12.1	Trust: 0.3
vendor:	oracle	model:	enterprise manager base platform	scope:	eq	version:	13.2.0.0	Trust: 0.3
vendor:	oracle	model:	enterprise manager base platform	scope:	eq	version:	13.1.0.0	Trust: 0.3
vendor:	oracle	model:	enterprise linux	scope:	eq	version:	5	Trust: 0.3
vendor:	oracle	model:	communications network charging and control	scope:	eq	version:	5.0.2.0	Trust: 0.3
vendor:	oracle	model:	communications network charging and control	scope:	eq	version:	5.0.1.0	Trust: 0.3
vendor:	oracle	model:	communications network charging and control	scope:	eq	version:	5.0.0.2	Trust: 0.3
vendor:	oracle	model:	communications network charging and control	scope:	eq	version:	5.0.0.1	Trust: 0.3
vendor:	oracle	model:	communications network charging and control	scope:	eq	version:	4.4.1.5.0	Trust: 0.3
vendor:	oracle	model:	commerce guided search	scope:	eq	version:	6.5.2	Trust: 0.3
vendor:	oracle	model:	commerce guided search	scope:	eq	version:	6.5.1	Trust: 0.3
vendor:	oracle	model:	commerce guided search	scope:	eq	version:	6.5	Trust: 0.3
vendor:	oracle	model:	commerce guided search	scope:	eq	version:	6.3	Trust: 0.3
vendor:	oracle	model:	commerce guided search	scope:	eq	version:	6.2.2	Trust: 0.3
vendor:	oracle	model:	commerce guided search	scope:	eq	version:	6.4.1.2	Trust: 0.3
vendor:	oracle	model:	commerce experience manager	scope:	eq	version:	6.5.2	Trust: 0.3
vendor:	oracle	model:	commerce experience manager	scope:	eq	version:	6.5.1	Trust: 0.3
vendor:	oracle	model:	commerce experience manager	scope:	eq	version:	6.5	Trust: 0.3
vendor:	oracle	model:	commerce experience manager	scope:	eq	version:	6.3	Trust: 0.3
vendor:	oracle	model:	commerce experience manager	scope:	eq	version:	6.2.2	Trust: 0.3
vendor:	oracle	model:	commerce experience manager	scope:	eq	version:	6.4.1.2	Trust: 0.3
vendor:	oracle	model:	business intelligence enterprise edition	scope:	eq	version:	12.2.1.3.0	Trust: 0.3
vendor:	oracle	model:	business intelligence enterprise edition	scope:	eq	version:	12.2.1.2.0	Trust: 0.3
vendor:	oracle	model:	business intelligence enterprise edition	scope:	eq	version:	11.1.1.9.0	Trust: 0.3
vendor:	oracle	model:	business intelligence enterprise edition	scope:	eq	version:	11.1.1.7.0	Trust: 0.3
vendor:	oracle	model:	api gateway	scope:	eq	version:	11.1.2.4.0	Trust: 0.3
vendor:	oracle	model:	access manager	scope:	eq	version:	10.1.4.3.0	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.0h	scope:	eq	version:	0	Trust: 0.3
vendor:	openssl	model:	project openssl 0.9.8u	scope:	eq	version:	0	Trust: 0.3
vendor:	openssl	model:	project openssl	scope:	eq	version:	1.0.11	Trust: 0.3
vendor:	openssl	model:	project openssl	scope:	eq	version:	1.0.2	Trust: 0.3
vendor:	openssl	model:	project openssl	scope:	eq	version:	1.0	Trust: 0.3
vendor:	openssl	model:	project openssl k	scope:	eq	version:	0.9.8	Trust: 0.3
vendor:	openssl	model:	project openssl j	scope:	eq	version:	0.9.8	Trust: 0.3
vendor:	openssl	model:	project openssl i	scope:	eq	version:	0.9.8	Trust: 0.3
vendor:	openssl	model:	project openssl h	scope:	eq	version:	0.9.8	Trust: 0.3
vendor:	openssl	model:	project openssl e	scope:	eq	version:	0.9.8	Trust: 0.3
vendor:	openssl	model:	project openssl d	scope:	eq	version:	0.9.8	Trust: 0.3
vendor:	openssl	model:	project openssl c	scope:	eq	version:	0.9.8	Trust: 0.3
vendor:	openssl	model:	project openssl b	scope:	eq	version:	0.9.8	Trust: 0.3
vendor:	openssl	model:	project openssl a	scope:	eq	version:	0.9.8	Trust: 0.3
vendor:	openssl	model:	project openssl	scope:	eq	version:	0.9.8	Trust: 0.3
vendor:	openssl	model:	project openssl m	scope:	eq	version:	0.9.7	Trust: 0.3
vendor:	openssl	model:	project openssl l	scope:	eq	version:	0.9.7	Trust: 0.3
vendor:	openssl	model:	project openssl k	scope:	eq	version:	0.9.7	Trust: 0.3
vendor:	openssl	model:	project openssl j	scope:	eq	version:	0.9.7	Trust: 0.3
vendor:	openssl	model:	project openssl i	scope:	eq	version:	0.9.7	Trust: 0.3
vendor:	openssl	model:	project openssl h	scope:	eq	version:	0.9.7	Trust: 0.3
vendor:	openssl	model:	project openssl g	scope:	eq	version:	0.9.7	Trust: 0.3
vendor:	openssl	model:	project openssl f	scope:	eq	version:	0.9.7	Trust: 0.3
vendor:	openssl	model:	project openssl e	scope:	eq	version:	0.9.7	Trust: 0.3
vendor:	openssl	model:	project openssl d	scope:	eq	version:	0.9.7	Trust: 0.3
vendor:	openssl	model:	project openssl c	scope:	eq	version:	0.9.7	Trust: 0.3
vendor:	openssl	model:	project openssl b	scope:	eq	version:	0.9.7	Trust: 0.3
vendor:	openssl	model:	project openssl a	scope:	eq	version:	0.9.7	Trust: 0.3
vendor:	openssl	model:	project openssl	scope:	eq	version:	0.9.7	Trust: 0.3
vendor:	openssl	model:	project openssl m	scope:	eq	version:	0.9.6	Trust: 0.3
vendor:	openssl	model:	project openssl l	scope:	eq	version:	0.9.6	Trust: 0.3
vendor:	openssl	model:	project openssl k	scope:	eq	version:	0.9.6	Trust: 0.3
vendor:	openssl	model:	project openssl j	scope:	eq	version:	0.9.6	Trust: 0.3
vendor:	openssl	model:	project openssl i	scope:	eq	version:	0.9.6	Trust: 0.3
vendor:	openssl	model:	project openssl h	scope:	eq	version:	0.9.6	Trust: 0.3
vendor:	openssl	model:	project openssl g	scope:	eq	version:	0.9.6	Trust: 0.3
vendor:	openssl	model:	project openssl f	scope:	eq	version:	0.9.6	Trust: 0.3
vendor:	openssl	model:	project openssl e	scope:	eq	version:	0.9.6	Trust: 0.3
vendor:	openssl	model:	project openssl d	scope:	eq	version:	0.9.6	Trust: 0.3
vendor:	openssl	model:	project openssl c	scope:	eq	version:	0.9.6	Trust: 0.3
vendor:	openssl	model:	project openssl b	scope:	eq	version:	0.9.6	Trust: 0.3
vendor:	openssl	model:	project openssl a	scope:	eq	version:	0.9.6	Trust: 0.3
vendor:	openssl	model:	project openssl	scope:	eq	version:	0.9.6	Trust: 0.3
vendor:	openssl	model:	project openssl	scope:	eq	version:	0.9.5	Trust: 0.3
vendor:	openssl	model:	project openssl	scope:	eq	version:	0.9.4	Trust: 0.3
vendor:	openssl	model:	project openssl	scope:	eq	version:	0.9.3	Trust: 0.3
vendor:	openssl	model:	project openssl b	scope:	eq	version:	0.9.2	Trust: 0.3
vendor:	openssl	model:	project openssl c	scope:	eq	version:	0.9.1	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.2h	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.2g	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.2f	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.2e	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.2d	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.2c	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.2b	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.2a	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.1t	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.1s	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.1r	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.1q	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.1p	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.1o	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.1n	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.1m	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.1l	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.1k	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.1j	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.1i	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.1h	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.1g	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.1f	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.1e	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.1d	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.1c	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.1b	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.1a	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl	scope:	eq	version:	1.0.1	Trust: 0.3
vendor:	openssl	model:	project openssl	scope:	eq	version:	1.0.0x	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.0t	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.0s	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.0r	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.0q	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.0p	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.0o	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.0n	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.0m	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.0l	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.0k	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.0j	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.0i	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.0g	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.0f	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.0e	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.0d	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.0c	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.0b	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.0a	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 0.9.8zh	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 0.9.8zg	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 0.9.8zf	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 0.9.8ze	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 0.9.8zd	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 0.9.8zc	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 0.9.8zb	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 0.9.8za	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 0.9.8y	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl	scope:	eq	version:	0.9.8x	Trust: 0.3
vendor:	openssl	model:	project openssl 0.9.8w	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 0.9.8t	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 0.9.8s	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 0.9.8r	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 0.9.8q	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 0.9.8p	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 0.9.8o	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 0.9.8n	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 0.9.8m	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 0.9.8l	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 0.9.8g	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 0.9.8f	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl	scope:	eq	version:	0.9.8.	Trust: 0.3
vendor:	openssl	model:	project openssl f	scope:	eq	version:	0.9.8	Trust: 0.3
vendor:	openssl	model:	project openssl	scope:	eq	version:	0.9.8v	Trust: 0.3
vendor:	mcafee	model:	email gateway	scope:	eq	version:	7.6.405	Trust: 0.3
vendor:	mcafee	model:	email gateway	scope:	eq	version:	7.6.404	Trust: 0.3
vendor:	mcafee	model:	email gateway	scope:	eq	version:	7.6.403	Trust: 0.3
vendor:	mcafee	model:	email gateway	scope:	eq	version:	7.6.402	Trust: 0.3
vendor:	mcafee	model:	email gateway	scope:	eq	version:	7.6.401	Trust: 0.3
vendor:	mcafee	model:	email gateway	scope:	eq	version:	7.6.400	Trust: 0.3
vendor:	mcafee	model:	email gateway	scope:	eq	version:	7.6.4	Trust: 0.3
vendor:	mcafee	model:	email gateway	scope:	eq	version:	7.6.3	Trust: 0.3
vendor:	mcafee	model:	email gateway 7.6.405h1165239	scope:	-	version:	-	Trust: 0.3
vendor:	mcafee	model:	email gateway 7.6.405h1157986	scope:	-	version:	-	Trust: 0.3
vendor:	mcafee	model:	email gateway	scope:	eq	version:	7.6.3.2	Trust: 0.3
vendor:	mcafee	model:	email gateway	scope:	eq	version:	7.6.3.1	Trust: 0.3
vendor:	mcafee	model:	email gateway 7.6.2h968406	scope:	-	version:	-	Trust: 0.3
vendor:	mcafee	model:	email gateway	scope:	eq	version:	7.6.1	Trust: 0.3
vendor:	mcafee	model:	email gateway	scope:	eq	version:	7.6	Trust: 0.3
vendor:	ibm	model:	worklight enterprise edition	scope:	eq	version:	6.1.0.2	Trust: 0.3
vendor:	ibm	model:	worklight enterprise edition	scope:	eq	version:	6.1.0.1	Trust: 0.3
vendor:	ibm	model:	worklight enterprise edition	scope:	eq	version:	6.1.0.0	Trust: 0.3
vendor:	ibm	model:	worklight consumer edition	scope:	eq	version:	6.1.0.2	Trust: 0.3
vendor:	ibm	model:	worklight consumer edition	scope:	eq	version:	6.1.0.1	Trust: 0.3
vendor:	ibm	model:	worklight consumer edition	scope:	eq	version:	6.1.0.0	Trust: 0.3
vendor:	ibm	model:	vios	scope:	eq	version:	2.2	Trust: 0.3
vendor:	ibm	model:	tivoli provisioning manager for os deployment build	scope:	eq	version:	5.1.151.05	Trust: 0.3
vendor:	ibm	model:	tivoli provisioning manager for os deployment intirim fix	scope:	eq	version:	5.133	Trust: 0.3
vendor:	ibm	model:	tivoli provisioning manager for os deployment	scope:	eq	version:	5.1.3	Trust: 0.3
vendor:	ibm	model:	tivoli provisioning manager for os deployment	scope:	eq	version:	5.1.116	Trust: 0.3
vendor:	ibm	model:	tivoli provisioning manager for os deployment	scope:	eq	version:	5.1	Trust: 0.3
vendor:	ibm	model:	tivoli provisioning manager for os deployment build	scope:	eq	version:	7.1.1.20280.6	Trust: 0.3
vendor:	ibm	model:	tivoli provisioning manager for os deployment	scope:	eq	version:	7.1.1.19	Trust: 0.3
vendor:	ibm	model:	tivoli provisioning manager for os deployment	scope:	eq	version:	7.1.1	Trust: 0.3
vendor:	ibm	model:	tivoli provisioning manager for os deployment 5.1.fix pack	scope:	eq	version:	3	Trust: 0.3
vendor:	ibm	model:	tivoli provisioning manager for os deployment build	scope:	eq	version:	5.1.1051.07	Trust: 0.3
vendor:	ibm	model:	tivoli provisioning manager for os deployment	scope:	eq	version:	5.1.0.2	Trust: 0.3
vendor:	ibm	model:	tivoli provisioning manager for images system edition	scope:	eq	version:	x7.1.1.0	Trust: 0.3
vendor:	ibm	model:	tivoli provisioning manager for images build	scope:	eq	version:	7.1.1.20280.6	Trust: 0.3
vendor:	ibm	model:	tivoli provisioning manager for images	scope:	eq	version:	7.1.1.19	Trust: 0.3
vendor:	ibm	model:	tivoli provisioning manager for images	scope:	eq	version:	7.1.1.0	Trust: 0.3
vendor:	ibm	model:	tealeaf customer experience on cloud network capture add-on	scope:	eq	version:	16.1.01	Trust: 0.3
vendor:	ibm	model:	tealeaf customer experience	scope:	eq	version:	9.0.2	Trust: 0.3
vendor:	ibm	model:	tealeaf customer experience	scope:	eq	version:	9.0	Trust: 0.3
vendor:	ibm	model:	tealeaf customer experience	scope:	eq	version:	8.6	Trust: 0.3
vendor:	ibm	model:	tealeaf customer experience	scope:	eq	version:	8.0	Trust: 0.3
vendor:	ibm	model:	storwize unified	scope:	eq	version:	v70001.6.1.0	Trust: 0.3
vendor:	ibm	model:	storwize unified	scope:	eq	version:	v70001.6.0.1	Trust: 0.3
vendor:	ibm	model:	storwize unified	scope:	eq	version:	v70001.6.0.0	Trust: 0.3
vendor:	ibm	model:	storwize unified	scope:	eq	version:	v70001.5.2.4	Trust: 0.3
vendor:	ibm	model:	storwize unified	scope:	eq	version:	v70001.5.2.3	Trust: 0.3
vendor:	ibm	model:	storwize unified	scope:	eq	version:	v70001.5.2.2	Trust: 0.3
vendor:	ibm	model:	storwize unified	scope:	eq	version:	v70001.5.2.1	Trust: 0.3
vendor:	ibm	model:	storwize unified	scope:	eq	version:	v70001.5.2.0	Trust: 0.3
vendor:	ibm	model:	storwize unified	scope:	eq	version:	v70001.5.1.3	Trust: 0.3
vendor:	ibm	model:	storwize unified	scope:	eq	version:	v70001.5.1.0	Trust: 0.3
vendor:	ibm	model:	storwize unified	scope:	eq	version:	v70001.5.0.2	Trust: 0.3
vendor:	ibm	model:	storwize unified	scope:	eq	version:	v70001.5.0.1	Trust: 0.3
vendor:	ibm	model:	storwize unified	scope:	eq	version:	v70001.5.0.0	Trust: 0.3
vendor:	ibm	model:	storediq	scope:	eq	version:	7.6	Trust: 0.3
vendor:	ibm	model:	sterling connect:express for unix	scope:	eq	version:	1.5.0.9	Trust: 0.3
vendor:	ibm	model:	sterling connect:express for unix	scope:	eq	version:	1.5.0.13	Trust: 0.3
vendor:	ibm	model:	sterling connect:express for unix	scope:	eq	version:	1.5.0.12	Trust: 0.3
vendor:	ibm	model:	sterling connect:express for unix	scope:	eq	version:	1.5.0.11	Trust: 0.3
vendor:	ibm	model:	sterling connect:express for unix	scope:	eq	version:	1.5.0	Trust: 0.3
vendor:	ibm	model:	sterling connect:express for unix	scope:	eq	version:	1.4.6	Trust: 0.3
vendor:	ibm	model:	sterling connect:express for unix	scope:	eq	version:	1.4	Trust: 0.3
vendor:	ibm	model:	sonas	scope:	eq	version:	1.5.2.4	Trust: 0.3
vendor:	ibm	model:	sonas	scope:	eq	version:	1.5.2.3	Trust: 0.3
vendor:	ibm	model:	sonas	scope:	eq	version:	1.5.2.2	Trust: 0.3
vendor:	ibm	model:	sonas	scope:	eq	version:	1.5.2.1	Trust: 0.3
vendor:	ibm	model:	sonas	scope:	eq	version:	1.5.2.0	Trust: 0.3
vendor:	ibm	model:	sonas	scope:	eq	version:	1.5.1.3	Trust: 0.3
vendor:	ibm	model:	sonas	scope:	eq	version:	1.5.1.0	Trust: 0.3
vendor:	ibm	model:	sonas	scope:	eq	version:	1.5.0.2	Trust: 0.3
vendor:	ibm	model:	sonas	scope:	eq	version:	1.5.0.1	Trust: 0.3
vendor:	ibm	model:	sonas	scope:	eq	version:	1.5.0.0	Trust: 0.3
vendor:	ibm	model:	smartcloud entry	scope:	eq	version:	3.2	Trust: 0.3
vendor:	ibm	model:	smartcloud entry	scope:	eq	version:	2.2	Trust: 0.3
vendor:	ibm	model:	smartcloud entry appliance fp	scope:	eq	version:	3.2.0.4	Trust: 0.3
vendor:	ibm	model:	smartcloud entry appliance fp	scope:	eq	version:	3.1.0.4	Trust: 0.3
vendor:	ibm	model:	smartcloud entry	scope:	eq	version:	3.1	Trust: 0.3
vendor:	ibm	model:	smartcloud entry appliance fi	scope:	eq	version:	2.4.0.4	Trust: 0.3
vendor:	ibm	model:	smartcloud entry	scope:	eq	version:	2.4.0	Trust: 0.3
vendor:	ibm	model:	smartcloud entry appliance fi	scope:	eq	version:	2.3.0.4	Trust: 0.3
vendor:	ibm	model:	smartcloud entry	scope:	eq	version:	2.3.0	Trust: 0.3
vendor:	ibm	model:	smartcloud entry appliance fi	scope:	eq	version:	2.2.0.4	Trust: 0.3
vendor:	ibm	model:	service delivery manager	scope:	eq	version:	7.2.4	Trust: 0.3
vendor:	ibm	model:	service delivery manager	scope:	eq	version:	7.2.3	Trust: 0.3
vendor:	ibm	model:	service delivery manager	scope:	eq	version:	7.2.2	Trust: 0.3
vendor:	ibm	model:	service delivery manager	scope:	eq	version:	7.2.1	Trust: 0.3
vendor:	ibm	model:	security virtual server protection for vmware	scope:	eq	version:	1.1.1	Trust: 0.3
vendor:	ibm	model:	security virtual server protection for vmware	scope:	eq	version:	1.1.0.1	Trust: 0.3
vendor:	ibm	model:	security virtual server protection for vmware	scope:	eq	version:	1.1	Trust: 0.3
vendor:	ibm	model:	security network protection	scope:	eq	version:	5.3.3	Trust: 0.3
vendor:	ibm	model:	security network protection	scope:	eq	version:	5.3.2	Trust: 0.3
vendor:	ibm	model:	security network protection	scope:	eq	version:	5.3.1	Trust: 0.3
vendor:	ibm	model:	security network protection	scope:	eq	version:	5.3.2.4	Trust: 0.3
vendor:	ibm	model:	security network protection	scope:	eq	version:	5.3.2.3	Trust: 0.3
vendor:	ibm	model:	security network protection	scope:	eq	version:	5.3.2.2	Trust: 0.3
vendor:	ibm	model:	security network protection	scope:	eq	version:	5.3.2.1	Trust: 0.3
vendor:	ibm	model:	security network protection	scope:	eq	version:	5.3.1.9	Trust: 0.3
vendor:	ibm	model:	security network protection	scope:	eq	version:	5.3.1.8	Trust: 0.3
vendor:	ibm	model:	security network protection	scope:	eq	version:	5.3.1.6	Trust: 0.3
vendor:	ibm	model:	security network protection	scope:	eq	version:	5.3.1.5	Trust: 0.3
vendor:	ibm	model:	security network protection	scope:	eq	version:	5.3.1.4	Trust: 0.3
vendor:	ibm	model:	security network protection	scope:	eq	version:	5.3.1.3	Trust: 0.3
vendor:	ibm	model:	security network protection	scope:	eq	version:	5.3.1.2	Trust: 0.3
vendor:	ibm	model:	security network protection	scope:	eq	version:	5.3.1.10	Trust: 0.3
vendor:	ibm	model:	security network protection	scope:	eq	version:	5.3.1.1	Trust: 0.3
vendor:	ibm	model:	security guardium	scope:	eq	version:	10.0.1	Trust: 0.3
vendor:	ibm	model:	security guardium	scope:	eq	version:	10.1.2	Trust: 0.3
vendor:	ibm	model:	security guardium	scope:	eq	version:	10.1	Trust: 0.3
vendor:	ibm	model:	security guardium	scope:	eq	version:	10.0	Trust: 0.3
vendor:	ibm	model:	sdk for node.js	scope:	eq	version:	6.6.0.0	Trust: 0.3
vendor:	ibm	model:	sdk for node.js	scope:	eq	version:	6.2.0.0	Trust: 0.3
vendor:	ibm	model:	sdk for node.js	scope:	eq	version:	6.1.0.0	Trust: 0.3
vendor:	ibm	model:	sdk for node.js	scope:	eq	version:	6.0.0.0	Trust: 0.3
vendor:	ibm	model:	sdk for node.js	scope:	eq	version:	4.5.0.0	Trust: 0.3
vendor:	ibm	model:	sdk for node.js	scope:	eq	version:	4.4.6.0	Trust: 0.3
vendor:	ibm	model:	sdk for node.js	scope:	eq	version:	4.4.5.0	Trust: 0.3
vendor:	ibm	model:	sdk for node.js	scope:	eq	version:	4.4.4.0	Trust: 0.3
vendor:	ibm	model:	sdk for node.js	scope:	eq	version:	4.4.3.0	Trust: 0.3
vendor:	ibm	model:	sdk for node.js	scope:	eq	version:	4.4.2.0	Trust: 0.3
vendor:	ibm	model:	sdk for node.js	scope:	eq	version:	4.4.1.0	Trust: 0.3
vendor:	ibm	model:	sdk for node.js	scope:	eq	version:	4.4.0.0	Trust: 0.3
vendor:	ibm	model:	sdk for node.js	scope:	eq	version:	4.3.2.0	Trust: 0.3
vendor:	ibm	model:	sdk for node.js	scope:	eq	version:	4.3.1.0	Trust: 0.3
vendor:	ibm	model:	sdk for node.js	scope:	eq	version:	1.2.0.9	Trust: 0.3
vendor:	ibm	model:	sdk for node.js	scope:	eq	version:	1.2.0.8	Trust: 0.3
vendor:	ibm	model:	sdk for node.js	scope:	eq	version:	1.2.0.4	Trust: 0.3
vendor:	ibm	model:	sdk for node.js	scope:	eq	version:	1.2.0.3	Trust: 0.3
vendor:	ibm	model:	sdk for node.js	scope:	eq	version:	1.2.0.2	Trust: 0.3
vendor:	ibm	model:	sdk for node.js	scope:	eq	version:	1.2.0.14	Trust: 0.3
vendor:	ibm	model:	sdk for node.js	scope:	eq	version:	1.2.0.13	Trust: 0.3
vendor:	ibm	model:	sdk for node.js	scope:	eq	version:	1.2.0.12	Trust: 0.3
vendor:	ibm	model:	sdk for node.js	scope:	eq	version:	1.2.0.11	Trust: 0.3
vendor:	ibm	model:	sdk for node.js	scope:	eq	version:	1.2.0.10	Trust: 0.3
vendor:	ibm	model:	sdk for node.js	scope:	eq	version:	1.2.0.1	Trust: 0.3
vendor:	ibm	model:	sdk for node.js	scope:	eq	version:	1.1.1.3	Trust: 0.3
vendor:	ibm	model:	sdk for node.js	scope:	eq	version:	1.1.1.2	Trust: 0.3
vendor:	ibm	model:	sdk for node.js	scope:	eq	version:	1.1.1.1	Trust: 0.3
vendor:	ibm	model:	sdk for node.js	scope:	eq	version:	1.1.1.0	Trust: 0.3
vendor:	ibm	model:	sdk for node.js	scope:	eq	version:	1.1.0.9	Trust: 0.3
vendor:	ibm	model:	sdk for node.js	scope:	eq	version:	1.1.0.7	Trust: 0.3
vendor:	ibm	model:	sdk for node.js	scope:	eq	version:	1.1.0.6	Trust: 0.3
vendor:	ibm	model:	sdk for node.js	scope:	eq	version:	1.1.0.5	Trust: 0.3
vendor:	ibm	model:	sdk for node.js	scope:	eq	version:	1.1.0.3	Trust: 0.3
vendor:	ibm	model:	sdk for node.js	scope:	eq	version:	1.1.0.21	Trust: 0.3
vendor:	ibm	model:	sdk for node.js	scope:	eq	version:	1.1.0.20	Trust: 0.3
vendor:	ibm	model:	sdk for node.js	scope:	eq	version:	1.1.0.2	Trust: 0.3
vendor:	ibm	model:	sdk for node.js	scope:	eq	version:	1.1.0.19	Trust: 0.3
vendor:	ibm	model:	sdk for node.js	scope:	eq	version:	1.1.0.18	Trust: 0.3
vendor:	ibm	model:	sdk for node.js	scope:	eq	version:	1.1.0.15	Trust: 0.3
vendor:	ibm	model:	sdk for node.js	scope:	eq	version:	1.1.0.14	Trust: 0.3
vendor:	ibm	model:	sdk for node.js	scope:	eq	version:	1.1.0.13	Trust: 0.3
vendor:	ibm	model:	sdk for node.js	scope:	eq	version:	1.1.0.12	Trust: 0.3
vendor:	ibm	model:	sdk for node.js	scope:	eq	version:	1.1	Trust: 0.3
vendor:	ibm	model:	rrdi	scope:	eq	version:	5.0.2	Trust: 0.3
vendor:	ibm	model:	rrdi	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	ibm	model:	rrdi	scope:	eq	version:	2.0.6	Trust: 0.3
vendor:	ibm	model:	rrdi	scope:	eq	version:	2.0.5	Trust: 0.3
vendor:	ibm	model:	rrdi	scope:	eq	version:	2.0.4	Trust: 0.3
vendor:	ibm	model:	rrdi	scope:	eq	version:	2.0.3	Trust: 0.3
vendor:	ibm	model:	rrdi	scope:	eq	version:	2.0.1	Trust: 0.3
vendor:	ibm	model:	rrdi	scope:	eq	version:	5.0	Trust: 0.3
vendor:	ibm	model:	rrdi	scope:	eq	version:	2.0	Trust: 0.3
vendor:	ibm	model:	rational insight	scope:	eq	version:	1.1.13	Trust: 0.3
vendor:	ibm	model:	rational insight	scope:	eq	version:	1.1.12	Trust: 0.3
vendor:	ibm	model:	rational insight	scope:	eq	version:	1.1.11	Trust: 0.3
vendor:	ibm	model:	rational insight	scope:	eq	version:	1.1.1	Trust: 0.3
vendor:	ibm	model:	rational insight	scope:	eq	version:	1.1.1.7	Trust: 0.3
vendor:	ibm	model:	rational insight	scope:	eq	version:	1.1.1.6	Trust: 0.3
vendor:	ibm	model:	rational insight	scope:	eq	version:	1.1.1.5	Trust: 0.3
vendor:	ibm	model:	rational insight	scope:	eq	version:	1.1.1.4	Trust: 0.3
vendor:	ibm	model:	rational insight	scope:	eq	version:	1.1	Trust: 0.3
vendor:	ibm	model:	rational application developer for websphere software	scope:	eq	version:	9.5	Trust: 0.3
vendor:	ibm	model:	rational application developer for websphere software	scope:	eq	version:	9.1	Trust: 0.3
vendor:	ibm	model:	powerkvm	scope:	eq	version:	3.1	Trust: 0.3
vendor:	ibm	model:	powerkvm	scope:	eq	version:	2.1	Trust: 0.3
vendor:	ibm	model:	openssh for gpfs	scope:	eq	version:	3.5	Trust: 0.3
vendor:	ibm	model:	mobilefirst platform foundation	scope:	eq	version:	8.0.0.0	Trust: 0.3
vendor:	ibm	model:	mobilefirst platform foundation	scope:	eq	version:	7.1.0.0	Trust: 0.3
vendor:	ibm	model:	mobilefirst platform foundation	scope:	eq	version:	7.0.0.0	Trust: 0.3
vendor:	ibm	model:	mobilefirst platform foundation	scope:	eq	version:	6.3.0.0	Trust: 0.3
vendor:	ibm	model:	lotus protector for mail security	scope:	eq	version:	2.8.3.0	Trust: 0.3
vendor:	ibm	model:	i	scope:	eq	version:	7.3	Trust: 0.3
vendor:	ibm	model:	i	scope:	eq	version:	7.2	Trust: 0.3
vendor:	ibm	model:	i	scope:	eq	version:	7.1	Trust: 0.3
vendor:	ibm	model:	flex system manager	scope:	eq	version:	1.3.20	Trust: 0.3
vendor:	ibm	model:	flex system manager	scope:	eq	version:	1.3.4.0	Trust: 0.3
vendor:	ibm	model:	flex system manager	scope:	eq	version:	1.3.3.0	Trust: 0.3
vendor:	ibm	model:	cognos metrics manager	scope:	eq	version:	10.2.2	Trust: 0.3
vendor:	ibm	model:	cognos metrics manager	scope:	eq	version:	10.2.1	Trust: 0.3
vendor:	ibm	model:	cognos metrics manager	scope:	eq	version:	10.1.1	Trust: 0.3
vendor:	ibm	model:	cognos metrics manager	scope:	eq	version:	10.2	Trust: 0.3
vendor:	ibm	model:	cognos business intelligence server	scope:	eq	version:	10.2.2	Trust: 0.3
vendor:	ibm	model:	cognos business intelligence server	scope:	eq	version:	10.2.11	Trust: 0.3
vendor:	ibm	model:	cognos business intelligence server	scope:	eq	version:	10.2.1	Trust: 0.3
vendor:	ibm	model:	cognos business intelligence server	scope:	eq	version:	10.1.1	Trust: 0.3
vendor:	ibm	model:	cognos business intelligence server	scope:	eq	version:	10.2	Trust: 0.3
vendor:	ibm	model:	bigfix remote control	scope:	eq	version:	9.1.2	Trust: 0.3
vendor:	ibm	model:	api management	scope:	eq	version:	4.0	Trust: 0.3
vendor:	ibm	model:	api connect	scope:	eq	version:	5.0	Trust: 0.3
vendor:	ibm	model:	aix	scope:	eq	version:	7.2	Trust: 0.3
vendor:	ibm	model:	aix	scope:	eq	version:	7.1	Trust: 0.3
vendor:	ibm	model:	aix	scope:	eq	version:	6.1	Trust: 0.3
vendor:	ibm	model:	aix	scope:	eq	version:	5.3	Trust: 0.3
vendor:	cisco	model:	wide area application services	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	webex node for mcs	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	webex meetings server ssl gateway	scope:	eq	version:	-0	Trust: 0.3
vendor:	cisco	model:	webex meetings server multimedia platform	scope:	eq	version:	-0	Trust: 0.3
vendor:	cisco	model:	webex meetings server	scope:	eq	version:	2.0	Trust: 0.3
vendor:	cisco	model:	webex meetings server	scope:	eq	version:	1.0	Trust: 0.3
vendor:	cisco	model:	webex meetings for windows phone	scope:	eq	version:	80	Trust: 0.3
vendor:	cisco	model:	webex meetings for blackberry	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	webex meetings for android	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	webex meetings client on-premises	scope:	eq	version:	-0	Trust: 0.3
vendor:	cisco	model:	webex meetings client hosted	scope:	eq	version:	-0	Trust: 0.3
vendor:	cisco	model:	webex meeting center	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	webex business suite	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	web security appliance	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	visual quality experience tools server	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	visual quality experience server	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	virtualization experience media edition	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	virtual security gateway for microsoft hyper-v	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	virtual security gateway	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	videoscape control suite	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	videoscape anyres live	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	video surveillance ptz ip cameras	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	video surveillance media server	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	video surveillance series ip cameras	scope:	eq	version:	70000	Trust: 0.3
vendor:	cisco	model:	video surveillance series ip cameras	scope:	eq	version:	60000	Trust: 0.3
vendor:	cisco	model:	video surveillance 4300e and 4500e high-definition ip cameras	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	video surveillance series high-definition ip cameras	scope:	eq	version:	40000	Trust: 0.3
vendor:	cisco	model:	video surveillance series ip cameras	scope:	eq	version:	30000	Trust: 0.3
vendor:	cisco	model:	video distribution suite for internet streaming	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	universal small cell iuh	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	universal small cell cloudbase factory recovery root filesystem	scope:	eq	version:	2.99.4	Trust: 0.3
vendor:	cisco	model:	universal small cell cloudbase factory recovery root filesystem	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	universal small cell series	scope:	eq	version:	70003.4.2.0	Trust: 0.3
vendor:	cisco	model:	universal small cell series	scope:	eq	version:	50003.4.2.0	Trust: 0.3
vendor:	cisco	model:	universal small cell series	scope:	eq	version:	50000	Trust: 0.3
vendor:	cisco	model:	unity express	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	unity connection	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	unified workforce optimization quality management solution	scope:	eq	version:	-0	Trust: 0.3
vendor:	cisco	model:	unified workforce optimization	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	unified wireless ip phone	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	unified sip proxy software	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	unified sip proxy	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	unified meetingplace	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	unified ip phone	scope:	eq	version:	99710	Trust: 0.3
vendor:	cisco	model:	unified ip phone	scope:	eq	version:	99510	Trust: 0.3
vendor:	cisco	model:	unified ip phone	scope:	eq	version:	89610	Trust: 0.3
vendor:	cisco	model:	unified ip phone	scope:	eq	version:	89450	Trust: 0.3
vendor:	cisco	model:	unified ip conference phone for third-party call control	scope:	eq	version:	88310	Trust: 0.3
vendor:	cisco	model:	unified ip conference phone	scope:	eq	version:	88310	Trust: 0.3
vendor:	cisco	model:	unified ip series phones	scope:	eq	version:	79000	Trust: 0.3
vendor:	cisco	model:	unified ip phone	scope:	eq	version:	69450	Trust: 0.3
vendor:	cisco	model:	unified ip phone	scope:	eq	version:	69010	Trust: 0.3
vendor:	cisco	model:	unified intelligent contact management enterprise	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	unified intelligence center	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	unified contact center express	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	unified contact center enterprise live data server	scope:	eq	version:	-0	Trust: 0.3
vendor:	cisco	model:	unified contact center enterprise	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	unified communications manager session management edition	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	unified communications manager im & presence service (formerly c	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	unified communications domain manager	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	unified attendant console standard	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	unified attendant console premium edition	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	unified attendant console enterprise edition	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	unified attendant console department edition	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	unified attendant console business edition	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	unified attendant console advanced	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	unified attendant console	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	ucs standalone c-series rack server integrated management cont	scope:	eq	version:	-0	Trust: 0.3
vendor:	cisco	model:	ucs manager	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	ucs director	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	ucs central software	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	ucs b-series blade servers	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	ucs series and series fabric interconnects	scope:	eq	version:	620063000	Trust: 0.3
vendor:	cisco	model:	uc integration for microsoft lync	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	telepresence video communication server	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	telepresence tx9000 series	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	telepresence system tx1310	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	telepresence system ex series	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	telepresence system	scope:	eq	version:	500-370	Trust: 0.3
vendor:	cisco	model:	telepresence system	scope:	eq	version:	500-320	Trust: 0.3
vendor:	cisco	model:	telepresence system series	scope:	eq	version:	30000	Trust: 0.3
vendor:	cisco	model:	telepresence system	scope:	eq	version:	30000	Trust: 0.3
vendor:	cisco	model:	telepresence system	scope:	eq	version:	13000	Trust: 0.3
vendor:	cisco	model:	telepresence system	scope:	eq	version:	11000	Trust: 0.3
vendor:	cisco	model:	telepresence system	scope:	eq	version:	10000	Trust: 0.3
vendor:	cisco	model:	telepresence system tx9000	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	telepresence system	scope:	eq	version:	500-37	Trust: 0.3
vendor:	cisco	model:	telepresence system	scope:	eq	version:	500-32	Trust: 0.3
vendor:	cisco	model:	telepresence system	scope:	eq	version:	1100	Trust: 0.3
vendor:	cisco	model:	telepresence sx series	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	telepresence supervisor mse	scope:	eq	version:	80500	Trust: 0.3
vendor:	cisco	model:	telepresence server on virtual machine	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	telepresence server on multiparty media	scope:	eq	version:	8200	Trust: 0.3
vendor:	cisco	model:	telepresence server on multiparty media and	scope:	eq	version:	3103200	Trust: 0.3
vendor:	cisco	model:	telepresence server and mse	scope:	eq	version:	701087100	Trust: 0.3
vendor:	cisco	model:	telepresence serial gateway series	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	telepresence profile series	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	telepresence mx series	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	telepresence mcu	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	telepresence isdn link	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	telepresence isdn gateway mse	scope:	eq	version:	83210	Trust: 0.3
vendor:	cisco	model:	telepresence isdn gateway	scope:	eq	version:	32410	Trust: 0.3
vendor:	cisco	model:	telepresence integrator c series	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	telepresence content server	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	telepresence conductor	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	tapi service provider	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	tandberg codian mse	scope:	eq	version:	83200	Trust: 0.3
vendor:	cisco	model:	tandberg codian isdn gateway	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	stealthwatch management console	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	stealthwatch identity	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	stealthwatch flowcollector sflow	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	stealthwatch flowcollector netflow	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	spa525g 5-line ip phone	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	spa51x ip phones	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	spa232d multi-line dect analog telephone adapter	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	spa122 analog telephone adapter with router	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	spa112 2-port phone adapter	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	socialminer	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	smart net total care local collector appliance	scope:	eq	version:	-0	Trust: 0.3
vendor:	cisco	model:	smart care	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	small business spa500 series ip phones	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	small business spa300 series ip phones	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	small business series managed switches	scope:	eq	version:	3000	Trust: 0.3
vendor:	cisco	model:	small business series	scope:	eq	version:	3000	Trust: 0.3
vendor:	cisco	model:	show and share	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	services provisioning platform	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	security manager	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	secure access control system	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	registered envelope service	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	proactive network operations center	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	prime performance manager	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	prime optical for service providers	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	prime optical	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	prime network services controller	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	prime network	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	prime license manager	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	prime lan management solution	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	prime ip express	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	prime infrastructure plug and play standalone gateway	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	prime data center network manager	scope:	eq	version:	-	Trust: 0.3
vendor:	cisco	model:	prime collaboration provisioning	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	prime collaboration deployment	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	prime collaboration assurance	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	prime access registrar	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	physical access gateways	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	partner support service	scope:	eq	version:	1.0	Trust: 0.3
vendor:	cisco	model:	packaged contact center enterprise	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	ons series multiservice provisioning platforms	scope:	eq	version:	154540	Trust: 0.3
vendor:	cisco	model:	onepk all-in-one vm	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	onepk all-in-one virtual machine	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	one portal	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	nexus series switches standalone nx-os mode	scope:	eq	version:	9000-0	Trust: 0.3
vendor:	cisco	model:	nexus series fabric switches aci mode	scope:	eq	version:	9000-0	Trust: 0.3
vendor:	cisco	model:	nexus series switches	scope:	eq	version:	70000	Trust: 0.3
vendor:	cisco	model:	nexus series switches	scope:	eq	version:	60000	Trust: 0.3
vendor:	cisco	model:	nexus series switches	scope:	eq	version:	50000	Trust: 0.3
vendor:	cisco	model:	nexus series blade switches	scope:	eq	version:	40000	Trust: 0.3
vendor:	cisco	model:	nexus series switches	scope:	eq	version:	30000	Trust: 0.3
vendor:	cisco	model:	nexus series switches	scope:	eq	version:	1000v0	Trust: 0.3
vendor:	cisco	model:	nexus intercloud for vmware	scope:	eq	version:	1000v0	Trust: 0.3
vendor:	cisco	model:	nexus intercloud	scope:	eq	version:	1000v0	Trust: 0.3
vendor:	cisco	model:	network performance analysis	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	network analysis module	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	netflow generation appliance	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	nac guest server	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	nac appliance clean access server	scope:	eq	version:	-0	Trust: 0.3
vendor:	cisco	model:	nac appliance clean access manager	scope:	eq	version:	-0	Trust: 0.3
vendor:	cisco	model:	mxe series media experience engines	scope:	eq	version:	35000	Trust: 0.3
vendor:	cisco	model:	multicast manager	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	mobility services engine	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	mediasense	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	media services interface	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	mds series multilayer switches	scope:	eq	version:	90000	Trust: 0.3
vendor:	cisco	model:	management appliance	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	lancope stealthwatch flowcollector sflow	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	lancope stealthwatch flowcollector netflow	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	jabber software development kit	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	jabber guest	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	jabber for windows	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	jabber for mac	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	jabber for iphone and ipad	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	jabber for android	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	jabber client framework components	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	jabber	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	ironport email security appliance	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	ip interoperability and collaboration system	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	ip series phones vpn feature	scope:	eq	version:	8800-0	Trust: 0.3
vendor:	cisco	model:	ip series phones	scope:	eq	version:	78000	Trust: 0.3
vendor:	cisco	model:	ios xr software	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	intrusion prevention system solutions	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	intracer	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	intelligent automation for cloud	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	identity services engine	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	hosted collaboration mediation fulfillment	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	firesight system software	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	expressway series	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	enterprise content delivery system	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	emergency responder	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	emergency responder	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	email security appliance	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	edge digital media player	scope:	eq	version:	3400	Trust: 0.3
vendor:	cisco	model:	edge digital media player	scope:	eq	version:	3000	Trust: 0.3
vendor:	cisco	model:	dx series ip phones	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	content security appliance update servers	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	connected grid routers	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	connected analytics for collaboration	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	configuration professional	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	computer telephony integration object server	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	common services platform collector	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	cloupia unified infrastructure controller	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	cloud object storage	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	clean access manager	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	broadband access center telco and wireless	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	ata series analog terminal adaptors	scope:	eq	version:	1900	Trust: 0.3
vendor:	cisco	model:	ata analog telephone adaptor	scope:	eq	version:	1870	Trust: 0.3
vendor:	cisco	model:	asr series	scope:	eq	version:	50000	Trust: 0.3
vendor:	cisco	model:	asa next-generation firewall services	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	application policy infrastructure controller	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	application networking manager	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	application and content networking system	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client for windows	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client for mac os	scope:	eq	version:	x0	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client for linux	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client for ios	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client for desktop platforms	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client for android	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	aironet series access points	scope:	eq	version:	27000	Trust: 0.3
vendor:	cisco	model:	agent for openflow	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	agent desktop for cisco unified contact center express	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	agent desktop	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	ace30 application control engine module	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	ace application control engine	scope:	eq	version:	47100	Trust: 0.3
vendor:	cisco	model:	industrial router	scope:	eq	version:	9100	Trust: 0.3
vendor:	cisco	model:	series stackable managed switches	scope:	eq	version:	5000	Trust: 0.3
vendor:	cisco	model:	series stackable	scope:	eq	version:	5000	Trust: 0.3
vendor:	cisco	model:	series digital media players	scope:	eq	version:	44000	Trust: 0.3
vendor:	cisco	model:	series digital media players	scope:	eq	version:	43000	Trust: 0.3
vendor:	cisco	model:	series smart plus switches	scope:	eq	version:	2200	Trust: 0.3
vendor:	centos	model:	centos	scope:	eq	version:	7	Trust: 0.3
vendor:	bluecoat	model:	x-series xos	scope:	eq	version:	9.7	Trust: 0.3
vendor:	bluecoat	model:	x-series xos	scope:	eq	version:	11.0	Trust: 0.3
vendor:	bluecoat	model:	x-series xos	scope:	eq	version:	10.0	Trust: 0.3
vendor:	bluecoat	model:	ssl visibility	scope:	eq	version:	3.9	Trust: 0.3
vendor:	bluecoat	model:	ssl visibility 3.8.4fc	scope:	-	version:	-	Trust: 0.3
vendor:	bluecoat	model:	policycenter s-series	scope:	eq	version:	1.1	Trust: 0.3
vendor:	bluecoat	model:	policycenter	scope:	eq	version:	9.2	Trust: 0.3
vendor:	bluecoat	model:	packetshaper s-series	scope:	eq	version:	11.6	Trust: 0.3
vendor:	bluecoat	model:	packetshaper s-series	scope:	eq	version:	11.5	Trust: 0.3
vendor:	bluecoat	model:	packetshaper s-series	scope:	eq	version:	11.4	Trust: 0.3
vendor:	bluecoat	model:	packetshaper s-series	scope:	eq	version:	11.3	Trust: 0.3
vendor:	bluecoat	model:	packetshaper s-series	scope:	eq	version:	11.2	Trust: 0.3
vendor:	bluecoat	model:	packetshaper	scope:	eq	version:	9.2	Trust: 0.3
vendor:	bluecoat	model:	norman shark scada protection	scope:	eq	version:	5.3	Trust: 0.3
vendor:	bluecoat	model:	norman shark network protection	scope:	eq	version:	5.3	Trust: 0.3
vendor:	bluecoat	model:	norman shark industrial control system protection	scope:	eq	version:	5.3	Trust: 0.3
vendor:	bluecoat	model:	management center	scope:	eq	version:	1.7	Trust: 0.3
vendor:	bluecoat	model:	malware analysis appliance	scope:	eq	version:	4.2	Trust: 0.3
vendor:	oracle	model:	vm virtualbox	scope:	ne	version:	5.1.8	Trust: 0.3
vendor:	oracle	model:	vm virtualbox	scope:	ne	version:	5.0.28	Trust: 0.3
vendor:	oracle	model:	oss support tools	scope:	ne	version:	8.15.17.3.14	Trust: 0.3
vendor:	mcafee	model:	email gateway	scope:	ne	version:	7.6.406-3402.103	Trust: 0.3
vendor:	ibm	model:	tivoli provisioning manager for os deployment build	scope:	ne	version:	5.1.1051.08	Trust: 0.3
vendor:	ibm	model:	tivoli provisioning manager for os deployment build	scope:	ne	version:	7.1.1.20290.1	Trust: 0.3
vendor:	ibm	model:	tivoli provisioning manager for images build	scope:	ne	version:	7.1.1.20290.1	Trust: 0.3
vendor:	ibm	model:	sterling connect:express for unix ifix	scope:	ne	version:	1.5.0.13150-13	Trust: 0.3
vendor:	ibm	model:	sonas	scope:	ne	version:	1.5.2.5	Trust: 0.3
vendor:	ibm	model:	security network protection	scope:	ne	version:	5.3.3.1	Trust: 0.3
vendor:	ibm	model:	security network protection	scope:	ne	version:	5.3.2.5	Trust: 0.3
vendor:	ibm	model:	security network protection	scope:	ne	version:	5.3.1.11	Trust: 0.3
vendor:	ibm	model:	sdk for node.js	scope:	ne	version:	6.7.0.0	Trust: 0.3
vendor:	ibm	model:	sdk for node.js	scope:	ne	version:	4.6.0.0	Trust: 0.3
vendor:	ibm	model:	sdk for node.js	scope:	ne	version:	1.2.0.15	Trust: 0.3
vendor:	ibm	model:	sdk for node.js	scope:	ne	version:	1.1.1.4	Trust: 0.3
vendor:	ibm	model:	powerkvm update	scope:	ne	version:	3.1.0.23	Trust: 0.3
vendor:	ibm	model:	powerkvm update	scope:	ne	version:	2.1.1.3-6513	Trust: 0.3
vendor:	ibm	model:	bigfix remote control	scope:	ne	version:	9.1.3	Trust: 0.3
vendor:	cisco	model:	wireless lan controller	scope:	ne	version:	8.4	Trust: 0.3
vendor:	cisco	model:	webex meetings server	scope:	ne	version:	2.6.1.30	Trust: 0.3
vendor:	cisco	model:	webex meetings for windows phone	scope:	ne	version:	82.8	Trust: 0.3
vendor:	cisco	model:	webex meetings client on-premises t32	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	webex meetings client hosted t32	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	webex centers t32	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	virtualization experience media edition	scope:	ne	version:	11.8	Trust: 0.3
vendor:	cisco	model:	virtual security gateway	scope:	ne	version:	2.1.6	Trust: 0.3
vendor:	cisco	model:	videoscape anyres live	scope:	ne	version:	9.7.2	Trust: 0.3
vendor:	cisco	model:	video surveillance ptz ip cameras	scope:	ne	version:	2.9	Trust: 0.3
vendor:	cisco	model:	video surveillance series ip cameras	scope:	ne	version:	70002.9	Trust: 0.3
vendor:	cisco	model:	video surveillance series ip cameras	scope:	ne	version:	60002.9	Trust: 0.3
vendor:	cisco	model:	video surveillance 4300e and 4500e high-definition ip cameras	scope:	ne	version:	2.9	Trust: 0.3
vendor:	cisco	model:	video surveillance series high-definition ip cameras	scope:	ne	version:	40002.9	Trust: 0.3
vendor:	cisco	model:	video surveillance series ip cameras	scope:	ne	version:	30002.9	Trust: 0.3
vendor:	cisco	model:	video distribution suite for internet streaming	scope:	ne	version:	4.003(002)	Trust: 0.3
vendor:	cisco	model:	universal small cell iuh	scope:	ne	version:	3.17.3	Trust: 0.3
vendor:	cisco	model:	universal small cell cloudbase factory recovery root filesystem	scope:	ne	version:	3.17.3	Trust: 0.3
vendor:	cisco	model:	universal small cell series	scope:	ne	version:	70003.5.12.23	Trust: 0.3
vendor:	cisco	model:	universal small cell series	scope:	ne	version:	50003.5.12.23	Trust: 0.3
vendor:	cisco	model:	unity express	scope:	ne	version:	10	Trust: 0.3
vendor:	cisco	model:	unified workforce optimization quality management solution 11.5 su1	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	unified sip proxy software	scope:	ne	version:	10	Trust: 0.3
vendor:	cisco	model:	unified meetingplace 8.6mr1	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	unified ip conference phone for third-party call control 9.3 sr3	scope:	ne	version:	8831	Trust: 0.3
vendor:	cisco	model:	unified ip conference phone 10.3.1sr4	scope:	ne	version:	8831	Trust: 0.3
vendor:	cisco	model:	unified ip phone 9.3 sr3	scope:	ne	version:	6901	Trust: 0.3
vendor:	cisco	model:	unified intelligent contact management enterprise	scope:	ne	version:	11.6.1	Trust: 0.3
vendor:	cisco	model:	unified intelligence center	scope:	ne	version:	11.6(1)	Trust: 0.3
vendor:	cisco	model:	unified contact center express	scope:	ne	version:	11.6	Trust: 0.3
vendor:	cisco	model:	unified contact center enterprise	scope:	ne	version:	11.6.1	Trust: 0.3
vendor:	cisco	model:	ucs standalone c-series rack server integrated management cont	scope:	ne	version:	-3.0	Trust: 0.3
vendor:	cisco	model:	ucs b-series blade servers	scope:	ne	version:	3.1.3	Trust: 0.3
vendor:	cisco	model:	uc integration for microsoft lync	scope:	ne	version:	11.6.3	Trust: 0.3
vendor:	cisco	model:	telepresence video communication server	scope:	ne	version:	x8.8.3	Trust: 0.3
vendor:	cisco	model:	telepresence tx9000 series	scope:	ne	version:	6.1	Trust: 0.3
vendor:	cisco	model:	telepresence system tx1310	scope:	ne	version:	6.1	Trust: 0.3
vendor:	cisco	model:	telepresence system ex series tc7.3.7	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	telepresence system ex series ce8.2.2	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	telepresence system	scope:	ne	version:	500-376.1	Trust: 0.3
vendor:	cisco	model:	telepresence system	scope:	ne	version:	500-326.1	Trust: 0.3
vendor:	cisco	model:	telepresence system series	scope:	ne	version:	30006.1	Trust: 0.3
vendor:	cisco	model:	telepresence system	scope:	ne	version:	13006.1	Trust: 0.3
vendor:	cisco	model:	telepresence system	scope:	ne	version:	11006.1	Trust: 0.3
vendor:	cisco	model:	telepresence system	scope:	ne	version:	10006.1	Trust: 0.3
vendor:	cisco	model:	telepresence sx series tc7.3.7	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	telepresence sx series ce8.2.2	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	telepresence server on multiparty media	scope:	ne	version:	8204.4	Trust: 0.3
vendor:	cisco	model:	telepresence server on multiparty media and	scope:	ne	version:	3103204.4	Trust: 0.3
vendor:	cisco	model:	telepresence server and mse	scope:	ne	version:	701087104.4	Trust: 0.3
vendor:	cisco	model:	telepresence profile series tc7.3.7	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	telepresence profile series ce8.2.2	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	telepresence mx series tc7.3.7	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	telepresence mx series ce8.2.2	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	telepresence mcu	scope:	ne	version:	4.5(1.89)	Trust: 0.3
vendor:	cisco	model:	telepresence integrator c series tc7.3.7	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	telepresence integrator c series ce8.2.2	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	spa232d multi-line dect analog telephone adapter	scope:	ne	version:	1.4.2	Trust: 0.3
vendor:	cisco	model:	spa122 analog telephone adapter with router	scope:	ne	version:	1.4.2	Trust: 0.3
vendor:	cisco	model:	spa112 2-port phone adapter	scope:	ne	version:	1.4.2	Trust: 0.3
vendor:	cisco	model:	services provisioning platform sfp1.1	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	security manager	scope:	ne	version:	4.13	Trust: 0.3
vendor:	cisco	model:	secure access control system	scope:	ne	version:	5.8.0.32.8	Trust: 0.3
vendor:	cisco	model:	secure access control system	scope:	ne	version:	5.8.0.32.7	Trust: 0.3
vendor:	cisco	model:	prime performance manager sp1611	scope:	ne	version:	1.7	Trust: 0.3
vendor:	cisco	model:	prime network services controller 1.01u	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	prime network registrar	scope:	ne	version:	8.3.5	Trust: 0.3
vendor:	cisco	model:	prime network registrar	scope:	ne	version:	9.0	Trust: 0.3
vendor:	cisco	model:	prime network	scope:	ne	version:	431	Trust: 0.3
vendor:	cisco	model:	prime infrastructure	scope:	ne	version:	3.2	Trust: 0.3
vendor:	cisco	model:	prime collaboration provisioning	scope:	ne	version:	11.6	Trust: 0.3
vendor:	cisco	model:	prime collaboration assurance	scope:	ne	version:	11.6	Trust: 0.3
vendor:	cisco	model:	ons series multiservice provisioning platforms	scope:	ne	version:	1545410.7	Trust: 0.3
vendor:	cisco	model:	nexus series switches standalone nx-os mode 7.0 i5	scope:	ne	version:	9000-	Trust: 0.3
vendor:	cisco	model:	nexus series fabric switches aci mode	scope:	ne	version:	9000-0	Trust: 0.3
vendor:	cisco	model:	nexus series switches	scope:	ne	version:	70006.2.19	Trust: 0.3
vendor:	cisco	model:	nexus series switches 5.2.8	scope:	ne	version:	7000	Trust: 0.3
vendor:	cisco	model:	nexus series switches	scope:	ne	version:	60006.2.19	Trust: 0.3
vendor:	cisco	model:	nexus series switches 5.2.8	scope:	ne	version:	6000	Trust: 0.3
vendor:	cisco	model:	nexus series switches	scope:	ne	version:	50006.2.19	Trust: 0.3
vendor:	cisco	model:	nexus series switches 5.2.8	scope:	ne	version:	5000	Trust: 0.3
vendor:	cisco	model:	nexus series blade switches 4.1 e1	scope:	ne	version:	4000	Trust: 0.3
vendor:	cisco	model:	nexus series switches 5.2 sv3	scope:	ne	version:	1000v	Trust: 0.3
vendor:	cisco	model:	network analysis module	scope:	ne	version:	6.2(2)	Trust: 0.3
vendor:	cisco	model:	network analysis module 6.2	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	netflow generation appliance	scope:	ne	version:	1.1(1)	Trust: 0.3
vendor:	cisco	model:	mds series multilayer switches	scope:	ne	version:	90006.2.19	Trust: 0.3
vendor:	cisco	model:	mds series multilayer switches 5.2.8	scope:	ne	version:	9000	Trust: 0.3
vendor:	cisco	model:	jabber software development kit	scope:	ne	version:	11.8	Trust: 0.3
vendor:	cisco	model:	jabber guest	scope:	ne	version:	11	Trust: 0.3
vendor:	cisco	model:	jabber for windows	scope:	ne	version:	11.8	Trust: 0.3
vendor:	cisco	model:	jabber for mac	scope:	ne	version:	11.8	Trust: 0.3
vendor:	cisco	model:	jabber for iphone and ipad	scope:	ne	version:	11.8	Trust: 0.3
vendor:	cisco	model:	jabber for android	scope:	ne	version:	11.8	Trust: 0.3
vendor:	cisco	model:	jabber client framework components	scope:	ne	version:	11.8	Trust: 0.3
vendor:	cisco	model:	ip interoperability and collaboration system	scope:	ne	version:	5.0(1)	Trust: 0.3
vendor:	cisco	model:	ios and cisco ios xe software	scope:	ne	version:	16.4	Trust: 0.3
vendor:	cisco	model:	ios and cisco ios xe software	scope:	ne	version:	16.3	Trust: 0.3
vendor:	cisco	model:	ios and cisco ios xe software	scope:	ne	version:	16.2	Trust: 0.3
vendor:	cisco	model:	ios and cisco ios xe software	scope:	ne	version:	16.1	Trust: 0.3
vendor:	cisco	model:	ios and cisco ios xe software	scope:	ne	version:	15.5(3)	Trust: 0.3
vendor:	cisco	model:	firesight system software	scope:	ne	version:	6.1.0.1	Trust: 0.3
vendor:	cisco	model:	firesight system software	scope:	ne	version:	6.0.1.3	Trust: 0.3
vendor:	cisco	model:	firesight system software	scope:	ne	version:	5.4.1.9	Trust: 0.3
vendor:	cisco	model:	firesight system software	scope:	ne	version:	5.4.0.10	Trust: 0.3
vendor:	cisco	model:	expressway series	scope:	ne	version:	x8.8.3	Trust: 0.3
vendor:	cisco	model:	enterprise content delivery system	scope:	ne	version:	2.6.9	Trust: 0.3
vendor:	cisco	model:	email security appliance	scope:	ne	version:	10.0.1	Trust: 0.3
vendor:	cisco	model:	edge digital media player 1.2rb1.0.3	scope:	ne	version:	340	Trust: 0.3
vendor:	cisco	model:	edge digital media player 1.6rb5	scope:	ne	version:	300	Trust: 0.3
vendor:	cisco	model:	digital media manager 5.4.1 rb4	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	digital media manager 5.3.6 rb3	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	dcm series d9900 digital content manager	scope:	ne	version:	0	Trust: 0.3
vendor:	cisco	model:	content security management appliance	scope:	ne	version:	6.1.140	Trust: 0.3
vendor:	cisco	model:	connected grid routers	scope:	ne	version:	15.8.9	Trust: 0.3
vendor:	cisco	model:	connected grid routers	scope:	ne	version:	7.3	Trust: 0.3
vendor:	cisco	model:	computer telephony integration object server	scope:	ne	version:	11.6.1	Trust: 0.3
vendor:	cisco	model:	common services platform collector	scope:	ne	version:	1.11	Trust: 0.3
vendor:	cisco	model:	ata series analog terminal adaptors	scope:	ne	version:	1901.3	Trust: 0.3
vendor:	cisco	model:	asr series	scope:	ne	version:	500021.2	Trust: 0.3
vendor:	cisco	model:	asa next-generation firewall services	scope:	ne	version:	2.1.2	Trust: 0.3
vendor:	cisco	model:	application policy infrastructure controller	scope:	ne	version:	2.2(1)	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client for windows	scope:	ne	version:	4.0.7	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client for mac os	scope:	ne	version:	x4.0.7	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client for linux	scope:	ne	version:	4.0.7	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client for ios	scope:	ne	version:	4.0.7	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client for desktop platforms	scope:	ne	version:	4.3.4	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client for desktop platforms	scope:	ne	version:	4.4	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client for android	scope:	ne	version:	4.0.7	Trust: 0.3
vendor:	cisco	model:	aironet series access points	scope:	ne	version:	270016.4	Trust: 0.3
vendor:	cisco	model:	aironet series access points	scope:	ne	version:	270016.3	Trust: 0.3
vendor:	cisco	model:	aironet series access points	scope:	ne	version:	270016.2	Trust: 0.3
vendor:	cisco	model:	aironet series access points	scope:	ne	version:	270016.1	Trust: 0.3
vendor:	cisco	model:	aironet series access points	scope:	ne	version:	270015.5(3)	Trust: 0.3
vendor:	cisco	model:	industrial router 1.2.1rb4	scope:	ne	version:	910	Trust: 0.3
vendor:	cisco	model:	series digital media players 5.4.1 rb4	scope:	ne	version:	4400	Trust: 0.3
vendor:	cisco	model:	series digital media players 5.3.6 rb3	scope:	ne	version:	4400	Trust: 0.3
vendor:	cisco	model:	series digital media players 5.4.1 rb4	scope:	ne	version:	4300	Trust: 0.3
vendor:	cisco	model:	series digital media players 5.3.6 rb3	scope:	ne	version:	4300	Trust: 0.3

sources: BID: 91081 // CNNVD: CNNVD-201606-265 // JVNDB: JVNDB-2016-003305 // NVD: CVE-2016-2178

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-2178
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2016-2178
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201606-265
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2016-2178
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2016-2178
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

nvd@nist.gov:	CVE-2016-2178
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2016-2178
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2016-2178 // CNNVD: CNNVD-201606-265 // JVNDB: JVNDB-2016-003305 // NVD: CVE-2016-2178

PROBLEMTYPE DATA

problemtype:	CWE-203	Trust: 1.0
problemtype:	CWE-200	Trust: 0.8

sources: JVNDB: JVNDB-2016-003305 // NVD: CVE-2016-2178

THREAT TYPE

local

Trust: 0.9

sources: BID: 91081 // CNNVD: CNNVD-201606-265

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201606-265

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-003305

PATCH

title:	cisco-sa-20160927-openssl	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-openssl	Trust: 0.8
title:	HPSBGN03658	url:	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448	Trust: 0.8
title:	1995039	url:	http://www-01.ibm.com/support/docview.wss?uid=swg21995039	Trust: 0.8
title:	NV17-001	url:	http://jpn.nec.com/security-info/secinfo/nv17-001.html	Trust: 0.8
title:	OpenSSL 1.0.2 Series Release Notes	url:	https://www.openssl.org/news/openssl-1.0.2-notes.html	Trust: 0.8
title:	OpenSSL 1.0.1 Series Release Notes	url:	https://www.openssl.org/news/openssl-1.0.1-notes.html	Trust: 0.8
title:	Security updates for all active release lines, September 2016	url:	https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/	Trust: 0.8
title:	Fix DSA, preserve BN_FLG_CONSTTIME	url:	https://git.openssl.org/?p=openssl.git;a=commit;h=399944622df7bd81af62e67ea967c470534090e2	Trust: 0.8
title:	SUSE-SU-2016:2470	url:	https://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html	Trust: 0.8
title:	Oracle Critical Patch Update Advisory - October 2016	url:	http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html	Trust: 0.8
title:	Oracle Linux Bulletin - October 2016	url:	http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html	Trust: 0.8
title:	Oracle VM Server for x86 Bulletin - October 2016	url:	http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html	Trust: 0.8
title:	Oracle Solaris Third Party Bulletin - April 2016	url:	http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html	Trust: 0.8
title:	Bug 1343400	url:	https://bugzilla.redhat.com/show_bug.cgi?id=1343400	Trust: 0.8
title:	SA132	url:	https://bto.bluecoat.com/security-advisory/sa132	Trust: 0.8
title:	SA40312	url:	https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312	Trust: 0.8
title:	JSA10759	url:	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759	Trust: 0.8
title:	Splunk Enterprise 6.4.5 addresses multiple vulnerabilities	url:	http://www.splunk.com/view/SP-CAAAPUE	Trust: 0.8
title:	Splunk Enterprise 6.5.1 addresses multiple OpenSSL vulnerabilities	url:	http://www.splunk.com/view/SP-CAAAPSV	Trust: 0.8
title:	TNS-2016-16	url:	https://www.tenable.com/security/tns-2016-16	Trust: 0.8
title:	TLSA-2016-17	url:	http://www.turbolinux.co.jp/security/2016/TLSA-2016-17j.html	Trust: 0.8
title:	OpenSSL DSA Security vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=62222	Trust: 0.6
title:	Red Hat: Important: Red Hat JBoss Enterprise Application Platform 6.4.16 natives update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20171659 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Enterprise Application Platform 6.4.16 natives update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20171658 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Release on RHEL 7	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20170194 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Release on RHEL 6	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20170193 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: openssl security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20161940 - Security Advisory	Trust: 0.1
title:	Red Hat: CVE-2016-2178	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2016-2178	Trust: 0.1
title:	Arch Linux Issues:	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2016-2178	Trust: 0.1
title:	Ubuntu Security Notice: openssl vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3087-1	Trust: 0.1
title:	Ubuntu Security Notice: openssl regression	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3087-2	Trust: 0.1
title:	Amazon Linux AMI: ALAS-2016-755	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2016-755	Trust: 0.1
title:	Arch Linux Advisories: [ASA-201609-23] openssl: multiple issues	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201609-23	Trust: 0.1
title:	Arch Linux Advisories: [ASA-201609-24] lib32-openssl: multiple issues	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201609-24	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Core Services Apache HTTP 2.4.23 Release	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20162957 - Security Advisory	Trust: 0.1
title:	IBM: IBM Security Bulletin: Fabric OS firmware for Brocade 8Gb SAN Switch Module for BladeCenter is affected by vulnerabilities in OpenSSL and OpenSSH	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=b7f5b1e7edcafce07f28205855d4db49	Trust: 0.1
title:	Oracle: Oracle Critical Patch Update Advisory - January 2017	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=69e9536e77203a3c76b24dd89f4f9300	Trust: 0.1
title:	Tenable Security Advisories: [R7] Nessus 6.9 Fixes Multiple Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2016-16	Trust: 0.1
title:	Symantec Security Advisories: SA132 : OpenSSL Vulnerabilities 22-Sep-2016 and 26-Sep-2016	url:	https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories&qid=1e6dcaf5dac6ef96a7d917a8c1393040	Trust: 0.1
title:	Cisco: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20160927-openssl	Trust: 0.1
title:	Oracle: Oracle Critical Patch Update Advisory - October 2016	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=05aabe19d38058b7814ef5514aab4c0c	Trust: 0.1
title:	Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2016	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=ac5af5dd99788925425f5747ec672707	Trust: 0.1
title:	Tenable Security Advisories: [R3] PVS 5.2.0 Fixes Multiple Third-party Library Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2016-20	Trust: 0.1
title:	Tenable Security Advisories: [R2] LCE 4.8.2 Fixes Multiple Third-party Library Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2016-21	Trust: 0.1
title:	Oracle: Oracle Critical Patch Update Advisory - July 2017	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=2f446a7e1ea263c0c3a365776c6713f2	Trust: 0.1
title:	Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2017	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=a31bff03e9909229fd67996884614fdf	Trust: 0.1
title:	Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2016	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=976a4da35d55283870dbb31b88a6c655	Trust: 0.1
title:	Oracle: Oracle Critical Patch Update Advisory - January 2018	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=e2a7f287e9acc8c64ab3df71130bc64d	Trust: 0.1
title:	Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2018	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=586e6062440cdd312211d748e028164e	Trust: 0.1
title:	Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - October 2016	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins&qid=21c0efa2643d707e2f50a501209eb75c	Trust: 0.1
title:	Oracle Linux Bulletins: Oracle Linux Bulletin - October 2016	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins&qid=13f3551b67d913fba90df4b2c0dae0bf	Trust: 0.1
title:	Oracle: Oracle Critical Patch Update Advisory - April 2018	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=4019ca77f50c7a34e4d97833e6f3321e	Trust: 0.1
title:	Oracle: Oracle Critical Patch Update Advisory - April 2017	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=143b3fb255063c81571469eaa3cf0a87	Trust: 0.1
title:	Oracle: Oracle Critical Patch Update Advisory - October 2017	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=523d3f220a64ff01dd95e064bd37566a	Trust: 0.1
title:	-	url:	https://github.com/Live-Hack-CVE/CVE-2016-2178	Trust: 0.1
title:	alpine-cvecheck	url:	https://github.com/tomwillfixit/alpine-cvecheck	Trust: 0.1

sources: VULMON: CVE-2016-2178 // CNNVD: CNNVD-201606-265 // JVNDB: JVNDB-2016-003305

EXTERNAL IDS

db:	NVD	id:	CVE-2016-2178	Trust: 3.5
db:	BID	id:	91081	Trust: 2.0
db:	MCAFEE	id:	SB10215	Trust: 1.7
db:	OPENWALL	id:	OSS-SECURITY/2016/06/08/6	Trust: 1.7
db:	OPENWALL	id:	OSS-SECURITY/2016/06/08/7	Trust: 1.7
db:	OPENWALL	id:	OSS-SECURITY/2016/06/08/5	Trust: 1.7
db:	OPENWALL	id:	OSS-SECURITY/2016/06/09/8	Trust: 1.7
db:	OPENWALL	id:	OSS-SECURITY/2016/06/08/2	Trust: 1.7
db:	OPENWALL	id:	OSS-SECURITY/2016/06/08/12	Trust: 1.7
db:	OPENWALL	id:	OSS-SECURITY/2016/06/08/8	Trust: 1.7
db:	OPENWALL	id:	OSS-SECURITY/2016/06/08/11	Trust: 1.7
db:	OPENWALL	id:	OSS-SECURITY/2016/06/09/2	Trust: 1.7
db:	OPENWALL	id:	OSS-SECURITY/2016/06/08/10	Trust: 1.7
db:	OPENWALL	id:	OSS-SECURITY/2016/06/08/4	Trust: 1.7
db:	TENABLE	id:	TNS-2016-16	Trust: 1.7
db:	TENABLE	id:	TNS-2016-21	Trust: 1.7
db:	TENABLE	id:	TNS-2016-20	Trust: 1.7
db:	JUNIPER	id:	JSA10759	Trust: 1.7
db:	SECTRACK	id:	1036054	Trust: 1.7
db:	PULSESECURE	id:	SA40312	Trust: 1.7
db:	SIEMENS	id:	SSA-412672	Trust: 1.7
db:	JVN	id:	JVNVU98667810	Trust: 0.8
db:	JVNDB	id:	JVNDB-2016-003305	Trust: 0.8
db:	AUSCERT	id:	ESB-2022.0696	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.2148	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4645	Trust: 0.6
db:	CNNVD	id:	CNNVD-201606-265	Trust: 0.6
db:	ICS CERT	id:	ICSA-22-349-21	Trust: 0.1
db:	VULMON	id:	CVE-2016-2178	Trust: 0.1
db:	PACKETSTORM	id:	138870	Trust: 0.1
db:	PACKETSTORM	id:	140717	Trust: 0.1
db:	PACKETSTORM	id:	138817	Trust: 0.1
db:	PACKETSTORM	id:	138889	Trust: 0.1
db:	PACKETSTORM	id:	138820	Trust: 0.1
db:	PACKETSTORM	id:	143181	Trust: 0.1
db:	PACKETSTORM	id:	138826	Trust: 0.1

sources: VULMON: CVE-2016-2178 // BID: 91081 // PACKETSTORM: 138870 // PACKETSTORM: 140717 // PACKETSTORM: 138817 // PACKETSTORM: 138889 // PACKETSTORM: 138820 // PACKETSTORM: 143181 // PACKETSTORM: 138826 // CNNVD: CNNVD-201606-265 // JVNDB: JVNDB-2016-003305 // NVD: CVE-2016-2178

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160927-openssl	Trust: 2.7
url:	https://bugzilla.redhat.com/show_bug.cgi?id=1343400	Trust: 2.0
url:	http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html	Trust: 2.0
url:	https://bto.bluecoat.com/security-advisory/sa132	Trust: 2.0
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21995039	Trust: 2.0
url:	http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html	Trust: 2.0
url:	http://www.ubuntu.com/usn/usn-3087-1	Trust: 1.9
url:	https://access.redhat.com/errata/rhsa-2017:1658	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2017:0194	Trust: 1.8
url:	http://rhn.redhat.com/errata/rhsa-2016-1940.html	Trust: 1.8
url:	http://www.ubuntu.com/usn/usn-3087-2	Trust: 1.8
url:	http://eprint.iacr.org/2016/594.pdf	Trust: 1.7
url:	http://www.openwall.com/lists/oss-security/2016/06/09/8	Trust: 1.7
url:	http://www.openwall.com/lists/oss-security/2016/06/08/2	Trust: 1.7
url:	http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html	Trust: 1.7
url:	https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/	Trust: 1.7
url:	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05302448	Trust: 1.7
url:	http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html	Trust: 1.7
url:	http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html	Trust: 1.7
url:	http://www.securityfocus.com/bid/91081	Trust: 1.7
url:	http://www.securitytracker.com/id/1036054	Trust: 1.7
url:	http://www.splunk.com/view/sp-caaapue	Trust: 1.7
url:	http://www.splunk.com/view/sp-caaapsv	Trust: 1.7
url:	https://security.gentoo.org/glsa/201612-16	Trust: 1.7
url:	https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40312	Trust: 1.7
url:	http://kb.juniper.net/infocenter/index?page=content&id=jsa10759	Trust: 1.7
url:	https://www.tenable.com/security/tns-2016-16	Trust: 1.7
url:	http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html	Trust: 1.7
url:	http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html	Trust: 1.7
url:	https://www.tenable.com/security/tns-2016-21	Trust: 1.7
url:	https://www.tenable.com/security/tns-2016-20	Trust: 1.7
url:	https://security.freebsd.org/advisories/freebsd-sa-16:26.openssl.asc	Trust: 1.7
url:	https://access.redhat.com/errata/rhsa-2017:0193	Trust: 1.7
url:	http://rhn.redhat.com/errata/rhsa-2017-1659.html	Trust: 1.7
url:	http://rhn.redhat.com/errata/rhsa-2016-2957.html	Trust: 1.7
url:	http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html	Trust: 1.7
url:	https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf03856en_us	Trust: 1.7
url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10215	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html	Trust: 1.7
url:	http://www.debian.org/security/2016/dsa-3673	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html	Trust: 1.7
url:	https://support.f5.com/csp/article/k53084033	Trust: 1.7
url:	https://support.hpe.com/hpsc/doc/public/display?doclocale=en&docid=emr_na-hpesbhf03856en_us	Trust: 1.7
url:	http://www.openwall.com/lists/oss-security/2016/06/08/12	Trust: 1.7
url:	http://www.openwall.com/lists/oss-security/2016/06/08/11	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html	Trust: 1.7
url:	http://www.openwall.com/lists/oss-security/2016/06/08/10	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html	Trust: 1.7
url:	http://www.openwall.com/lists/oss-security/2016/06/08/6	Trust: 1.7
url:	http://www.openwall.com/lists/oss-security/2016/06/08/5	Trust: 1.7
url:	http://www.openwall.com/lists/oss-security/2016/06/08/4	Trust: 1.7
url:	https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html	Trust: 1.7
url:	http://www.openwall.com/lists/oss-security/2016/06/08/8	Trust: 1.7
url:	http://www.openwall.com/lists/oss-security/2016/06/08/7	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html	Trust: 1.7
url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html	Trust: 1.7
url:	http://seclists.org/fulldisclosure/2017/jul/31	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html	Trust: 1.7
url:	https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-c05302448	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html	Trust: 1.7
url:	http://www.openwall.com/lists/oss-security/2016/06/09/2	Trust: 1.7
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf	Trust: 1.7
url:	https://git.openssl.org/?p=openssl.git%3ba=commit%3bh=399944622df7bd81af62e67ea967c470534090e2	Trust: 1.1
url:	https://git.openssl.org/?p=openssl.git;a=commit;h=399944622df7bd81af62e67ea967c470534090e2	Trust: 0.9
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2178	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu98667810/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2178	Trust: 0.8
url:	http://www.bizmobile.co.jp/news_02.php?id=4069&nc=1	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2178	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2177	Trust: 0.6
url:	https://www.openssl.org/news/vulnerabilities.html#y2017	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-201914246-1.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.0696	Trust: 0.6
url:	http://www.ibm.com/support/docview.wss?uid=ibm10887855	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4645/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.2148/	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2016-6304	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2182	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2016-6302	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2179	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2181	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2016-6306	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2180	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2183	Trust: 0.4
url:	http://openssl.org/	Trust: 0.3
url:	http://eprint.iacr.org/2016/594	Trust: 0.3
url:	http://aix.software.ibm.com/aix/efixes/security/openssl_advisory21.asc	Trust: 0.3
url:	https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-openssl-affect-ibm-worklight-and-ibm-mobilefirst-platform-foundation-2/	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=isg3t1024394	Trust: 0.3
url:	http://www.ibm.com/support/docview.wss?uid=isg3t1024401	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=isg3t1024507	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=isg3t1024648	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=nas8n1021643	Trust: 0.3
url:	http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html	Trust: 0.3
url:	http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html	Trust: 0.3
url:	https://kc.mcafee.com/resources/sites/mcafee/content/live/product_documentation/27000/pd27128/en_us/meg_7_6_406_3402_103_release_notes_en_us.pdf	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21995935	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21991896	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21994870	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=ssg1s1009586	Trust: 0.3
url:	http://www.ibm.com/support/docview.wss?uid=ssg1s1009648	Trust: 0.3
url:	https://www-01.ibm.com/support/docview.wss?uid=swg21985392	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21991724	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21992348	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21992427	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21992681	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21992898	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21993061	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21993856	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21993875	Trust: 0.3
url:	http://www.ibm.com/support/docview.wss?uid=swg21994534	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21994861	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21995392	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21995393	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21995691	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg2c1000242	Trust: 0.3
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.3
url:	https://access.redhat.com/articles/11258	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2016-2177	Trust: 0.3
url:	https://access.redhat.com/security/team/contact/	Trust: 0.3
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.3
url:	https://bugzilla.redhat.com/):	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2016-2178	Trust: 0.3
url:	https://access.redhat.com/security/team/key/	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-6303	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2016-6304	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/203.html	Trust: 0.1
url:	https://github.com/live-hack-cve/cve-2016-2178	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2017:1659	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://usn.ubuntu.com/3087-1/	Trust: 0.1
url:	https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21	Trust: 0.1
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=49001	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-2180	Trust: 0.1
url:	https://www.openssl.org/news/secadv/20160922.txt	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-6306	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-2181	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-2179	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-2182	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-6302	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4459	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-4459	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2108	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-8612	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-6808	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-6808	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-8612	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-2108	Trust: 0.1
url:	https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/	Trust: 0.1
url:	https://www.debian.org/security/faq	Trust: 0.1
url:	https://www.debian.org/security/	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.37	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.20	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.4	Trust: 0.1
url:	https://access.redhat.com/articles/2688611	Trust: 0.1
url:	https://access.redhat.com/solutions/222023	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-8610	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-8610	Trust: 0.1
url:	https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/	Trust: 0.1
url:	https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform&downloadtype=securitypatches&version=6.4	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.21	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.38	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.5	Trust: 0.1
url:	https://launchpad.net/bugs/1626883	Trust: 0.1

CREDITS

Guido Vranken,The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.

Trust: 0.6

sources: CNNVD: CNNVD-201606-265

SOURCES

db:	VULMON	id:	CVE-2016-2178
db:	BID	id:	91081
db:	PACKETSTORM	id:	138870
db:	PACKETSTORM	id:	140717
db:	PACKETSTORM	id:	138817
db:	PACKETSTORM	id:	138889
db:	PACKETSTORM	id:	138820
db:	PACKETSTORM	id:	143181
db:	PACKETSTORM	id:	138826
db:	CNNVD	id:	CNNVD-201606-265
db:	JVNDB	id:	JVNDB-2016-003305
db:	NVD	id:	CVE-2016-2178

LAST UPDATE DATE

2026-02-08T20:23:02.896000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2016-2178	date:	2023-11-07T00:00:00
db:	BID	id:	91081	date:	2018-02-05T14:00:00
db:	CNNVD	id:	CNNVD-201606-265	date:	2022-12-14T00:00:00
db:	JVNDB	id:	JVNDB-2016-003305	date:	2017-10-03T00:00:00
db:	NVD	id:	CVE-2016-2178	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2016-2178	date:	2016-06-20T00:00:00
db:	BID	id:	91081	date:	2016-06-08T00:00:00
db:	PACKETSTORM	id:	138870	date:	2016-09-27T19:32:00
db:	PACKETSTORM	id:	140717	date:	2017-01-25T21:53:32
db:	PACKETSTORM	id:	138817	date:	2016-09-22T22:22:00
db:	PACKETSTORM	id:	138889	date:	2016-09-28T23:24:00
db:	PACKETSTORM	id:	138820	date:	2016-09-22T22:25:00
db:	PACKETSTORM	id:	143181	date:	2017-06-28T22:37:00
db:	PACKETSTORM	id:	138826	date:	2016-09-23T19:19:00
db:	CNNVD	id:	CNNVD-201606-265	date:	2016-06-13T00:00:00
db:	JVNDB	id:	JVNDB-2016-003305	date:	2016-06-22T00:00:00
db:	NVD	id:	CVE-2016-2178	date:	2016-06-20T01:59:03.023