Details of VAR-201609-0347

ID

VAR-201609-0347

CVE

CVE-2016-6302

TITLE

OpenSSL of ssl/t1_lib.c of tls_decrypt_ticket Denial of service in function (DoS) Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-004781

DESCRIPTION

The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short. OpenSSL is prone to denial-of-service vulnerability. An attacker may exploit this issue to cause a denial-of-service condition. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: openssl security update Advisory ID: RHSA-2016:1940-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1940.html Issue date: 2016-09-27 CVE Names: CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 CVE-2016-2180 CVE-2016-2181 CVE-2016-2182 CVE-2016-6302 CVE-2016-6304 CVE-2016-6306 ===================================================================== 1. Summary: An update for openssl is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es): * A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiation. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it enabled OCSP stapling support. (CVE-2016-6304) * It was discovered that OpenSSL did not always use constant time operations when computing Digital Signature Algorithm (DSA) signatures. A local attacker could possibly use this flaw to obtain a private DSA key belonging to another user or service running on the same system. (CVE-2016-2178) * It was discovered that the Datagram TLS (DTLS) implementation could fail to release memory in certain cases. A malicious DTLS client could cause a DTLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory. (CVE-2016-2179) * A flaw was found in the Datagram TLS (DTLS) replay protection implementation in OpenSSL. A remote attacker could possibly use this flaw to make a DTLS server using OpenSSL to reject further packets sent from a DTLS client over an established DTLS connection. (CVE-2016-2181) * An out of bounds write flaw was discovered in the OpenSSL BN_bn2dec() function. An attacker able to make an application using OpenSSL to process a large BIGNUM could cause the application to crash or, possibly, execute arbitrary code. (CVE-2016-2182) * A flaw was found in the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183) This update mitigates the CVE-2016-2183 issue by lowering priority of DES cipher suites so they are not preferred over cipher suites using AES. For compatibility reasons, DES cipher suites remain enabled by default and included in the set of cipher suites identified by the HIGH cipher string. Future updates may move them to MEDIUM or not enable them by default. * An integer underflow flaw leading to a buffer over-read was found in the way OpenSSL parsed TLS session tickets. A remote attacker could use this flaw to crash a TLS server using OpenSSL if it used SHA-512 as HMAC for session tickets. (CVE-2016-6302) * Multiple integer overflow flaws were found in the way OpenSSL performed pointer arithmetic. A remote attacker could possibly use these flaws to cause a TLS/SSL server or client using OpenSSL to crash. (CVE-2016-2177) * An out of bounds read flaw was found in the way OpenSSL formatted Public Key Infrastructure Time-Stamp Protocol data for printing. An attacker could possibly cause an application using OpenSSL to crash if it printed time stamp data from the attacker. (CVE-2016-2180) * Multiple out of bounds read flaws were found in the way OpenSSL handled certain TLS/SSL protocol handshake messages. A remote attacker could possibly use these flaws to crash a TLS/SSL server or client using OpenSSL. (CVE-2016-6306) Red Hat would like to thank the OpenSSL project for reporting CVE-2016-6304 and CVE-2016-6306 and OpenVPN for reporting CVE-2016-2183. Upstream acknowledges Shi Lei (Gear Team of Qihoo 360 Inc.) as the original reporter of CVE-2016-6304 and CVE-2016-6306; and Karthikeyan Bhargavan (Inria) and GaA<<tan Leurent (Inria) as the original reporters of CVE-2016-2183. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. 5. Bugs fixed (https://bugzilla.redhat.com/): 1341705 - CVE-2016-2177 openssl: Possible integer overflow vulnerabilities in codebase 1343400 - CVE-2016-2178 openssl: Non-constant time codepath followed for certain operations in DSA implementation 1359615 - CVE-2016-2180 OpenSSL: OOB read in TS_OBJ_print_bio() 1367340 - CVE-2016-2182 openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec() 1369113 - CVE-2016-2181 openssl: DTLS replay protection bypass allows DoS against DTLS connection 1369383 - CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32) 1369504 - CVE-2016-2179 openssl: DTLS memory exhaustion DoS when messages are not removed from fragment buffer 1369855 - CVE-2016-6302 openssl: Insufficient TLS session ticket HMAC length checks 1377594 - CVE-2016-6306 openssl: certificate message OOB reads 1377600 - CVE-2016-6304 openssl: OCSP Status Request extension unbounded memory growth 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: openssl-1.0.1e-48.el6_8.3.src.rpm i386: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm x86_64: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-perl-1.0.1e-48.el6_8.3.i686.rpm openssl-static-1.0.1e-48.el6_8.3.i686.rpm x86_64: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-static-1.0.1e-48.el6_8.3.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: openssl-1.0.1e-48.el6_8.3.src.rpm x86_64: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-static-1.0.1e-48.el6_8.3.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: openssl-1.0.1e-48.el6_8.3.src.rpm i386: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm ppc64: openssl-1.0.1e-48.el6_8.3.ppc.rpm openssl-1.0.1e-48.el6_8.3.ppc64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.ppc.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.ppc64.rpm openssl-devel-1.0.1e-48.el6_8.3.ppc.rpm openssl-devel-1.0.1e-48.el6_8.3.ppc64.rpm s390x: openssl-1.0.1e-48.el6_8.3.s390.rpm openssl-1.0.1e-48.el6_8.3.s390x.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.s390.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.s390x.rpm openssl-devel-1.0.1e-48.el6_8.3.s390.rpm openssl-devel-1.0.1e-48.el6_8.3.s390x.rpm x86_64: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-perl-1.0.1e-48.el6_8.3.i686.rpm openssl-static-1.0.1e-48.el6_8.3.i686.rpm ppc64: openssl-debuginfo-1.0.1e-48.el6_8.3.ppc64.rpm openssl-perl-1.0.1e-48.el6_8.3.ppc64.rpm openssl-static-1.0.1e-48.el6_8.3.ppc64.rpm s390x: openssl-debuginfo-1.0.1e-48.el6_8.3.s390x.rpm openssl-perl-1.0.1e-48.el6_8.3.s390x.rpm openssl-static-1.0.1e-48.el6_8.3.s390x.rpm x86_64: openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-static-1.0.1e-48.el6_8.3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: openssl-1.0.1e-48.el6_8.3.src.rpm i386: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm x86_64: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-perl-1.0.1e-48.el6_8.3.i686.rpm openssl-static-1.0.1e-48.el6_8.3.i686.rpm x86_64: openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-static-1.0.1e-48.el6_8.3.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: openssl-1.0.1e-51.el7_2.7.src.rpm x86_64: openssl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.7.i686.rpm openssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.7.i686.rpm openssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-static-1.0.1e-51.el7_2.7.i686.rpm openssl-static-1.0.1e-51.el7_2.7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: openssl-1.0.1e-51.el7_2.7.src.rpm x86_64: openssl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.7.i686.rpm openssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.7.i686.rpm openssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-static-1.0.1e-51.el7_2.7.i686.rpm openssl-static-1.0.1e-51.el7_2.7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: openssl-1.0.1e-51.el7_2.7.src.rpm ppc64: openssl-1.0.1e-51.el7_2.7.ppc64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.ppc.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.ppc64.rpm openssl-devel-1.0.1e-51.el7_2.7.ppc.rpm openssl-devel-1.0.1e-51.el7_2.7.ppc64.rpm openssl-libs-1.0.1e-51.el7_2.7.ppc.rpm openssl-libs-1.0.1e-51.el7_2.7.ppc64.rpm ppc64le: openssl-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-devel-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-libs-1.0.1e-51.el7_2.7.ppc64le.rpm s390x: openssl-1.0.1e-51.el7_2.7.s390x.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.s390.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.s390x.rpm openssl-devel-1.0.1e-51.el7_2.7.s390.rpm openssl-devel-1.0.1e-51.el7_2.7.s390x.rpm openssl-libs-1.0.1e-51.el7_2.7.s390.rpm openssl-libs-1.0.1e-51.el7_2.7.s390x.rpm x86_64: openssl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.7.i686.rpm openssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.7.i686.rpm openssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: openssl-debuginfo-1.0.1e-51.el7_2.7.ppc.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.ppc64.rpm openssl-perl-1.0.1e-51.el7_2.7.ppc64.rpm openssl-static-1.0.1e-51.el7_2.7.ppc.rpm openssl-static-1.0.1e-51.el7_2.7.ppc64.rpm ppc64le: openssl-debuginfo-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-perl-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-static-1.0.1e-51.el7_2.7.ppc64le.rpm s390x: openssl-debuginfo-1.0.1e-51.el7_2.7.s390.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.s390x.rpm openssl-perl-1.0.1e-51.el7_2.7.s390x.rpm openssl-static-1.0.1e-51.el7_2.7.s390.rpm openssl-static-1.0.1e-51.el7_2.7.s390x.rpm x86_64: openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-static-1.0.1e-51.el7_2.7.i686.rpm openssl-static-1.0.1e-51.el7_2.7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: openssl-1.0.1e-51.el7_2.7.src.rpm x86_64: openssl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.7.i686.rpm openssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.7.i686.rpm openssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-static-1.0.1e-51.el7_2.7.i686.rpm openssl-static-1.0.1e-51.el7_2.7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-2177 https://access.redhat.com/security/cve/CVE-2016-2178 https://access.redhat.com/security/cve/CVE-2016-2179 https://access.redhat.com/security/cve/CVE-2016-2180 https://access.redhat.com/security/cve/CVE-2016-2181 https://access.redhat.com/security/cve/CVE-2016-2182 https://access.redhat.com/security/cve/CVE-2016-6302 https://access.redhat.com/security/cve/CVE-2016-6304 https://access.redhat.com/security/cve/CVE-2016-6306 https://access.redhat.com/security/updates/classification/#important https://www.openssl.org/news/secadv/20160922.txt 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFX6nnFXlSAg2UNWIIRAqklAJ9uGMit/wxZ0CfuGjR7Vi2+AjmGMwCfTpEI xpTW7ApBLmKhVjs49DGYouI= =4VgY -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Solution: The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files). After installing the updated packages, the httpd daemon will be restarted automatically. Additional information can be found at https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/ CVE-2016-2178 Cesar Pereida, Billy Brumley and Yuval Yarom discovered a timing leak in the DSA code. CVE-2016-2179 / CVE-2016-2181 Quan Luo and the OCAP audit team discovered denial of service vulnerabilities in DTLS. For the stable distribution (jessie), these problems have been fixed in version 1.0.1t-1+deb8u4. For the unstable distribution (sid), these problems will be fixed soon. We recommend that you upgrade your openssl packages. ========================================================================== Ubuntu Security Notice USN-3087-1 September 22, 2016 openssl vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: Several security issues were fixed in OpenSSL. This issue has only been addressed in Ubuntu 16.04 LTS in this update. (CVE-2016-2178) Quan Luo discovered that OpenSSL did not properly restrict the lifetime of queue entries in the DTLS implementation. (CVE-2016-2181) Shi Lei discovered that OpenSSL incorrectly validated division results. (CVE-2016-2182) Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. (CVE-2016-2183) Shi Lei discovered that OpenSSL incorrectly handled certain ticket lengths. (CVE-2016-6303) Shi Lei discovered that OpenSSL incorrectly performed certain message length checks. (CVE-2016-6306) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: libssl1.0.0 1.0.2g-1ubuntu4.4 Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.20 Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.37 After a standard system update you need to reboot your computer to make all the necessary changes. Description: This release adds the new Apache HTTP Server 2.4.29 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.23, and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes, enhancements and component upgrades included in this release. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. JIRA issues fixed (https://issues.jboss.org/): JBCS-373 - Errata for httpd 2.4.29 GA RHEL 7 7

Trust: 2.52

sources: NVD: CVE-2016-6302 // JVNDB: JVNDB-2016-004781 // BID: 92628 // VULMON: CVE-2016-6302 // PACKETSTORM: 138870 // PACKETSTORM: 148521 // PACKETSTORM: 148525 // PACKETSTORM: 138817 // PACKETSTORM: 138820 // PACKETSTORM: 148524

AFFECTED PRODUCTS

vendor:	oracle	model:	solaris	scope:	eq	version:	10	Trust: 2.1
vendor:	oracle	model:	solaris	scope:	eq	version:	11.3	Trust: 2.1
vendor:	oracle	model:	linux	scope:	eq	version:	6	Trust: 1.8
vendor:	oracle	model:	linux	scope:	eq	version:	7	Trust: 1.8
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1e	Trust: 1.6
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1h	Trust: 1.6
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1b	Trust: 1.6
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1d	Trust: 1.6
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1g	Trust: 1.6
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1	Trust: 1.6
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1c	Trust: 1.6
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1i	Trust: 1.6
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1a	Trust: 1.6
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1f	Trust: 1.6
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1p	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1l	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.2h	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1j	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.2d	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1o	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.2	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1s	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.2b	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.2c	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1q	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1t	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.2e	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1r	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.2f	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1k	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.2g	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1n	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.2a	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1m	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	lt	version:	1.1.0	Trust: 0.8
vendor:	nec	model:	capssuite	scope:	eq	version:	v3.0 to v4.0	Trust: 0.8
vendor:	nec	model:	enterpriseidentitymanager	scope:	-	version:	-	Trust: 0.8
vendor:	nec	model:	esmpro/serveragentservice	scope:	eq	version:	(linux edition )	Trust: 0.8
vendor:	nec	model:	express5800	scope:	eq	version:	sg3600 all series	Trust: 0.8
vendor:	nec	model:	ix1000 series	scope:	-	version:	-	Trust: 0.8
vendor:	nec	model:	ix2000 series	scope:	-	version:	-	Trust: 0.8
vendor:	nec	model:	ix3000 series	scope:	-	version:	-	Trust: 0.8
vendor:	nec	model:	secureware/pki application development kit	scope:	eq	version:	ver3.2	Trust: 0.8
vendor:	nec	model:	webotx application server	scope:	eq	version:	enterprise v8.2 to v9.4	Trust: 0.8
vendor:	nec	model:	webotx application server	scope:	eq	version:	express v8.2 to v9.4	Trust: 0.8
vendor:	nec	model:	webotx application server	scope:	eq	version:	foundation v8.2 to v8.5	Trust: 0.8
vendor:	nec	model:	webotx application server	scope:	eq	version:	standard v8.2 to v9.4	Trust: 0.8
vendor:	nec	model:	webotx enterprise service bus	scope:	eq	version:	v8.2 to v8.5	Trust: 0.8
vendor:	nec	model:	webotx portal	scope:	eq	version:	v8.2 to v9.1	Trust: 0.8
vendor:	cisco	model:	paging server	scope:	eq	version:	0	Trust: 0.6
vendor:	ibm	model:	tivoli storage productivity center	scope:	eq	version:	5.2.10	Trust: 0.3
vendor:	cisco	model:	webex centers t32	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	video surveillance series ip cameras	scope:	eq	version:	30000	Trust: 0.3
vendor:	ibm	model:	sterling connect:express for unix ifix	scope:	ne	version:	1.5.0.13150-13	Trust: 0.3
vendor:	cisco	model:	clean access manager	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	nexus series blade switches 4.1 e1	scope:	ne	version:	4000	Trust: 0.3
vendor:	ibm	model:	sterling connect:express for unix	scope:	eq	version:	1.5.0.9	Trust: 0.3
vendor:	cisco	model:	telepresence content server	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	proactive network operations center	scope:	eq	version:	0	Trust: 0.3
vendor:	oracle	model:	commerce guided search	scope:	eq	version:	6.5	Trust: 0.3
vendor:	mcafee	model:	email gateway	scope:	eq	version:	7.6	Trust: 0.3
vendor:	cisco	model:	unified ip phone	scope:	eq	version:	69010	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client for linux	scope:	ne	version:	4.0.7	Trust: 0.3
vendor:	cisco	model:	ucs central software	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	video surveillance media server	scope:	eq	version:	0	Trust: 0.3
vendor:	ibm	model:	sterling connect:express for unix	scope:	eq	version:	1.5.0.13	Trust: 0.3
vendor:	cisco	model:	stealthwatch management console	scope:	eq	version:	0	Trust: 0.3
vendor:	ibm	model:	tivoli provisioning manager for os deployment 5.1.fix pack	scope:	eq	version:	3	Trust: 0.3
vendor:	cisco	model:	ios and cisco ios xe software	scope:	ne	version:	16.2	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client for android	scope:	ne	version:	4.0.7	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.6.5	Trust: 0.3
vendor:	cisco	model:	jabber software development kit	scope:	ne	version:	11.8	Trust: 0.3
vendor:	cisco	model:	computer telephony integration object server	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	unified workforce optimization	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	industrial router 1.2.1rb4	scope:	ne	version:	910	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.6	Trust: 0.3
vendor:	ibm	model:	powerkvm	scope:	eq	version:	3.1	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.7.14	Trust: 0.3
vendor:	cisco	model:	ip interoperability and collaboration system	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	asr series	scope:	eq	version:	50000	Trust: 0.3
vendor:	cisco	model:	edge digital media player	scope:	eq	version:	3400	Trust: 0.3
vendor:	cisco	model:	nexus series switches standalone nx-os mode	scope:	eq	version:	9000-0	Trust: 0.3
vendor:	cisco	model:	unified contact center enterprise	scope:	eq	version:	0	Trust: 0.3
vendor:	ibm	model:	security network protection	scope:	ne	version:	5.3.3.1	Trust: 0.3
vendor:	cisco	model:	nexus series switches standalone nx-os mode 7.0 i5	scope:	ne	version:	9000-	Trust: 0.3
vendor:	oracle	model:	vm virtualbox	scope:	eq	version:	5.0.11	Trust: 0.3
vendor:	cisco	model:	nexus series switches 5.2.8	scope:	ne	version:	7000	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client for desktop platforms	scope:	eq	version:	0	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.6.26	Trust: 0.3
vendor:	ibm	model:	cognos business intelligence server	scope:	eq	version:	10.1.1	Trust: 0.3
vendor:	ibm	model:	smartcloud entry appliance fi	scope:	eq	version:	2.2.0.4	Trust: 0.3
vendor:	cisco	model:	jabber guest	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	prime license manager	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	video surveillance ptz ip cameras	scope:	ne	version:	2.9	Trust: 0.3
vendor:	cisco	model:	series digital media players 5.3.6 rb3	scope:	ne	version:	4300	Trust: 0.3
vendor:	cisco	model:	stealthwatch flowcollector sflow	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	web security appliance	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	visual quality experience server	scope:	eq	version:	0	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.7.11	Trust: 0.3
vendor:	oracle	model:	commerce guided search	scope:	eq	version:	6.2.2	Trust: 0.3
vendor:	cisco	model:	video surveillance series ip cameras	scope:	ne	version:	60002.9	Trust: 0.3
vendor:	cisco	model:	content security management appliance	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	prime collaboration provisioning	scope:	ne	version:	11.6	Trust: 0.3
vendor:	cisco	model:	agent for openflow	scope:	eq	version:	0	Trust: 0.3
vendor:	oracle	model:	commerce experience manager	scope:	eq	version:	6.3	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client for desktop platforms	scope:	ne	version:	4.4	Trust: 0.3
vendor:	mcafee	model:	email gateway	scope:	eq	version:	7.6.2	Trust: 0.3
vendor:	oracle	model:	vm virtualbox	scope:	eq	version:	5.0.8	Trust: 0.3
vendor:	cisco	model:	ons series multiservice provisioning platforms	scope:	eq	version:	154540	Trust: 0.3
vendor:	ibm	model:	rational insight	scope:	eq	version:	1.1.1	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.6.15	Trust: 0.3
vendor:	cisco	model:	telepresence sx series ce8.2.2	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	prime collaboration assurance	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	asa next-generation firewall services	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	email security appliance	scope:	ne	version:	10.0.1	Trust: 0.3
vendor:	cisco	model:	telepresence server on multiparty media	scope:	eq	version:	8200	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.7.9	Trust: 0.3
vendor:	cisco	model:	unified communications manager im & presence service (formerly c	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	ios and cisco ios xe software	scope:	ne	version:	16.3	Trust: 0.3
vendor:	cisco	model:	webex meetings for blackberry	scope:	eq	version:	0	Trust: 0.3
vendor:	ibm	model:	security network protection	scope:	eq	version:	5.3.1.5	Trust: 0.3
vendor:	cisco	model:	wide area application services	scope:	eq	version:	0	Trust: 0.3
vendor:	ibm	model:	security virtual server protection for vmware	scope:	eq	version:	1.1.0.1	Trust: 0.3
vendor:	cisco	model:	firesight system software	scope:	ne	version:	6.0.1.3	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client for mac os	scope:	ne	version:	x4.0.7	Trust: 0.3
vendor:	cisco	model:	common services platform collector	scope:	ne	version:	1.11	Trust: 0.3
vendor:	ibm	model:	cognos business intelligence server	scope:	eq	version:	10.2.1	Trust: 0.3
vendor:	cisco	model:	partner support service	scope:	eq	version:	1.0	Trust: 0.3
vendor:	cisco	model:	media services interface	scope:	eq	version:	0	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.6.9	Trust: 0.3
vendor:	cisco	model:	cloud web security	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	prime collaboration assurance	scope:	ne	version:	11.6	Trust: 0.3
vendor:	cisco	model:	jabber for iphone and ipad	scope:	eq	version:	0	Trust: 0.3
vendor:	oracle	model:	vm virtualbox	scope:	eq	version:	5.0	Trust: 0.3
vendor:	mcafee	model:	email gateway 7.6.2h968406	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unified attendant console advanced	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	common services platform collector	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client for windows	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	telepresence mx series ce8.2.2	scope:	ne	version:	-	Trust: 0.3
vendor:	ibm	model:	tivoli provisioning manager for os deployment	scope:	eq	version:	5.1	Trust: 0.3
vendor:	ibm	model:	spectrum control	scope:	eq	version:	5.2.8	Trust: 0.3
vendor:	cisco	model:	webex meetings client on-premises	scope:	eq	version:	-0	Trust: 0.3
vendor:	cisco	model:	unified intelligence center	scope:	ne	version:	11.6(1)	Trust: 0.3
vendor:	cisco	model:	services provisioning platform	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	ucs b-series blade servers	scope:	ne	version:	3.1.3	Trust: 0.3
vendor:	cisco	model:	nac appliance clean access manager	scope:	eq	version:	-0	Trust: 0.3
vendor:	ibm	model:	sterling connect:express for unix	scope:	eq	version:	1.4.6	Trust: 0.3
vendor:	cisco	model:	telepresence system	scope:	eq	version:	10000	Trust: 0.3
vendor:	ibm	model:	aix	scope:	eq	version:	7.2	Trust: 0.3
vendor:	ibm	model:	tivoli provisioning manager for os deployment build	scope:	ne	version:	7.1.1.20290.1	Trust: 0.3
vendor:	cisco	model:	jabber for android	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	asa next-generation firewall services	scope:	ne	version:	2.1.2	Trust: 0.3
vendor:	ibm	model:	mobilefirst platform foundation	scope:	eq	version:	6.3.0.0	Trust: 0.3
vendor:	mcafee	model:	email gateway	scope:	eq	version:	7.6.405	Trust: 0.3
vendor:	cisco	model:	unified attendant console premium edition	scope:	eq	version:	0	Trust: 0.3
vendor:	oracle	model:	api gateway	scope:	eq	version:	11.1.2.4.0	Trust: 0.3
vendor:	oracle	model:	commerce experience manager	scope:	eq	version:	6.5	Trust: 0.3
vendor:	cisco	model:	services provisioning platform sfp1.1	scope:	ne	version:	-	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.6.8	Trust: 0.3
vendor:	cisco	model:	mediasense	scope:	eq	version:	0	Trust: 0.3
vendor:	oracle	model:	mysql workbench	scope:	eq	version:	6.1.5	Trust: 0.3
vendor:	cisco	model:	video surveillance series high-definition ip cameras	scope:	eq	version:	40000	Trust: 0.3
vendor:	cisco	model:	jabber for android	scope:	ne	version:	11.8	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client for desktop platforms	scope:	ne	version:	4.3.4	Trust: 0.3
vendor:	cisco	model:	series digital media players 5.3.6 rb3	scope:	ne	version:	4400	Trust: 0.3
vendor:	cisco	model:	video surveillance series ip cameras	scope:	ne	version:	30002.9	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.6.20	Trust: 0.3
vendor:	oracle	model:	mysql workbench	scope:	eq	version:	6.3.8	Trust: 0.3
vendor:	ibm	model:	cognos metrics manager	scope:	eq	version:	10.2	Trust: 0.3
vendor:	cisco	model:	stealthwatch identity	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	aironet series access points	scope:	ne	version:	270016.2	Trust: 0.3
vendor:	cisco	model:	application policy infrastructure controller	scope:	ne	version:	2.2(1)	Trust: 0.3
vendor:	ibm	model:	tivoli storage productivity center	scope:	eq	version:	5.2.2	Trust: 0.3
vendor:	cisco	model:	aironet series access points	scope:	ne	version:	270016.1	Trust: 0.3
vendor:	cisco	model:	unified workforce optimization quality management solution 11.5 su1	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	show and share	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	telepresence system ex series tc7.3.7	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	universal small cell iuh	scope:	eq	version:	0	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.6.2	Trust: 0.3
vendor:	ibm	model:	rrdi	scope:	eq	version:	2.0.5	Trust: 0.3
vendor:	ibm	model:	tivoli provisioning manager for images	scope:	eq	version:	7.1.1.19	Trust: 0.3
vendor:	cisco	model:	ucs director	scope:	eq	version:	0	Trust: 0.3
vendor:	ibm	model:	tivoli provisioning manager for images build	scope:	eq	version:	7.1.1.20280.6	Trust: 0.3
vendor:	cisco	model:	jabber client framework components	scope:	ne	version:	11.8	Trust: 0.3
vendor:	cisco	model:	telepresence isdn link	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	telepresence profile series tc7.3.7	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	webex meetings client on-premises t32	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	dcm series d9900 digital content manager	scope:	ne	version:	0	Trust: 0.3
vendor:	cisco	model:	nexus series switches	scope:	ne	version:	70006.2.19	Trust: 0.3
vendor:	oracle	model:	commerce guided search	scope:	eq	version:	6.5.1	Trust: 0.3
vendor:	cisco	model:	unified attendant console business edition	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	aironet series access points	scope:	ne	version:	270016.4	Trust: 0.3
vendor:	ibm	model:	powerkvm	scope:	eq	version:	2.1	Trust: 0.3
vendor:	cisco	model:	mds series multilayer switches	scope:	eq	version:	90000	Trust: 0.3
vendor:	cisco	model:	prime network services controller 1.01u	scope:	ne	version:	-	Trust: 0.3
vendor:	oracle	model:	oss support tools	scope:	eq	version:	8.9.15.9.8	Trust: 0.3
vendor:	cisco	model:	firesight system software	scope:	ne	version:	5.4.0.10	Trust: 0.3
vendor:	ibm	model:	worklight consumer edition	scope:	eq	version:	6.1.0.0	Trust: 0.3
vendor:	cisco	model:	universal small cell series	scope:	eq	version:	50000	Trust: 0.3
vendor:	cisco	model:	nexus series switches 5.2 sv3	scope:	ne	version:	1000v	Trust: 0.3
vendor:	cisco	model:	telepresence system tx1310	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	unified communications domain manager	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	telepresence server on multiparty media and	scope:	ne	version:	3103204.4	Trust: 0.3
vendor:	ibm	model:	rrdi	scope:	eq	version:	5.0.2	Trust: 0.3
vendor:	ibm	model:	rational insight	scope:	eq	version:	1.1.1.4	Trust: 0.3
vendor:	ibm	model:	tivoli provisioning manager for os deployment build	scope:	ne	version:	5.1.1051.08	Trust: 0.3
vendor:	ibm	model:	security network protection	scope:	eq	version:	5.3.1.10	Trust: 0.3
vendor:	cisco	model:	nac guest server	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	enterprise content delivery system	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	email security appliance	scope:	eq	version:	0	Trust: 0.3
vendor:	ibm	model:	security network protection	scope:	eq	version:	5.3.1	Trust: 0.3
vendor:	ibm	model:	cognos business intelligence server	scope:	eq	version:	10.2.11	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client for linux	scope:	eq	version:	0	Trust: 0.3
vendor:	ibm	model:	security network protection	scope:	eq	version:	5.3.1.1	Trust: 0.3
vendor:	cisco	model:	telepresence system ex series	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	prime collaboration deployment	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	webex business suite	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	dx series ip phones	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	ios and cisco ios xe software	scope:	ne	version:	15.5(3)	Trust: 0.3
vendor:	oracle	model:	vm virtualbox	scope:	eq	version:	5.0.18	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client for android	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	nexus series blade switches	scope:	eq	version:	40000	Trust: 0.3
vendor:	ibm	model:	sterling connect:express for unix	scope:	eq	version:	1.5.0.11	Trust: 0.3
vendor:	cisco	model:	telepresence system	scope:	ne	version:	500-376.1	Trust: 0.3
vendor:	cisco	model:	jabber for windows	scope:	ne	version:	11.8	Trust: 0.3
vendor:	cisco	model:	telepresence profile series ce8.2.2	scope:	ne	version:	-	Trust: 0.3
vendor:	oracle	model:	enterprise manager base platform	scope:	eq	version:	13.1.0.0	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.6.10	Trust: 0.3
vendor:	cisco	model:	ace30 application control engine module	scope:	eq	version:	0	Trust: 0.3
vendor:	oracle	model:	vm virtualbox	scope:	ne	version:	5.0.28	Trust: 0.3
vendor:	cisco	model:	edge digital media player 1.6rb5	scope:	ne	version:	300	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.7.12	Trust: 0.3
vendor:	cisco	model:	unified ip phone	scope:	eq	version:	69450	Trust: 0.3
vendor:	cisco	model:	telepresence isdn gateway mse	scope:	eq	version:	83210	Trust: 0.3
vendor:	cisco	model:	wireless lan controller	scope:	ne	version:	8.4	Trust: 0.3
vendor:	cisco	model:	jabber software development kit	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	uc integration for microsoft lync	scope:	ne	version:	11.6.3	Trust: 0.3
vendor:	cisco	model:	unified contact center enterprise	scope:	ne	version:	11.6.1	Trust: 0.3
vendor:	mcafee	model:	email gateway	scope:	eq	version:	7.6.404	Trust: 0.3
vendor:	cisco	model:	telepresence system tx1310	scope:	ne	version:	6.1	Trust: 0.3
vendor:	cisco	model:	spa112 2-port phone adapter	scope:	ne	version:	1.4.2	Trust: 0.3
vendor:	ibm	model:	tivoli provisioning manager for os deployment build	scope:	eq	version:	5.1.151.05	Trust: 0.3
vendor:	cisco	model:	connected grid routers	scope:	ne	version:	7.3	Trust: 0.3
vendor:	oracle	model:	commerce experience manager	scope:	eq	version:	6.4.1.2	Trust: 0.3
vendor:	ibm	model:	i	scope:	eq	version:	7.3	Trust: 0.3
vendor:	oracle	model:	enterprise manager base platform	scope:	eq	version:	12.1	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.6.33	Trust: 0.3
vendor:	cisco	model:	telepresence mx series tc7.3.7	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ip interoperability and collaboration system	scope:	ne	version:	5.0(1)	Trust: 0.3
vendor:	cisco	model:	spa122 analog telephone adapter with router	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	universal small cell series	scope:	ne	version:	50003.5.12.23	Trust: 0.3
vendor:	cisco	model:	universal small cell series	scope:	eq	version:	50003.4.2.0	Trust: 0.3
vendor:	cisco	model:	connected grid routers	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	uc integration for microsoft lync	scope:	eq	version:	0	Trust: 0.3
vendor:	ibm	model:	security guardium	scope:	eq	version:	10.0.1	Trust: 0.3
vendor:	ibm	model:	openssh for gpfs for windows	scope:	eq	version:	3.5	Trust: 0.3
vendor:	mcafee	model:	email gateway	scope:	eq	version:	7.6.401	Trust: 0.3
vendor:	ibm	model:	security network protection	scope:	eq	version:	5.3.1.8	Trust: 0.3
vendor:	cisco	model:	unity express	scope:	eq	version:	0	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.6.7	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.6.21	Trust: 0.3
vendor:	cisco	model:	telepresence system	scope:	eq	version:	13000	Trust: 0.3
vendor:	ibm	model:	worklight enterprise edition	scope:	eq	version:	6.1.0.0	Trust: 0.3
vendor:	ibm	model:	tivoli provisioning manager for images	scope:	eq	version:	7.1.1.0	Trust: 0.3
vendor:	cisco	model:	tandberg codian isdn gateway	scope:	eq	version:	0	Trust: 0.3
vendor:	mcafee	model:	email gateway 7.6.405h1165239	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	jabber guest	scope:	ne	version:	11	Trust: 0.3
vendor:	oracle	model:	vm virtualbox	scope:	eq	version:	5.0.9	Trust: 0.3
vendor:	oracle	model:	business intelligence enterprise edition	scope:	eq	version:	11.1.1.9.0	Trust: 0.3
vendor:	cisco	model:	digital media manager 5.3.6 rb3	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	series digital media players	scope:	eq	version:	44000	Trust: 0.3
vendor:	cisco	model:	ata series analog terminal adaptors	scope:	ne	version:	1901.3	Trust: 0.3
vendor:	cisco	model:	prime network services controller	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	ata series analog terminal adaptors	scope:	eq	version:	1900	Trust: 0.3
vendor:	cisco	model:	asr series	scope:	ne	version:	500021.2	Trust: 0.3
vendor:	cisco	model:	ons series multiservice provisioning platforms	scope:	ne	version:	1545410.7	Trust: 0.3
vendor:	ibm	model:	sterling connect:express for unix	scope:	eq	version:	1.5.0.12	Trust: 0.3
vendor:	cisco	model:	telepresence system series	scope:	eq	version:	30000	Trust: 0.3
vendor:	ibm	model:	cognos metrics manager	scope:	eq	version:	10.1.1	Trust: 0.3
vendor:	ibm	model:	tivoli provisioning manager for os deployment	scope:	eq	version:	7.1.1.19	Trust: 0.3
vendor:	ibm	model:	security network protection	scope:	eq	version:	5.3.2.3	Trust: 0.3
vendor:	ibm	model:	worklight consumer edition	scope:	eq	version:	6.1.0.2	Trust: 0.3
vendor:	cisco	model:	hosted collaboration mediation fulfillment	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	unified communications manager session management edition	scope:	eq	version:	0	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.6.19	Trust: 0.3
vendor:	ibm	model:	smartcloud entry	scope:	eq	version:	2.4.0	Trust: 0.3
vendor:	ibm	model:	security guardium	scope:	eq	version:	10.1.2	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.6.25	Trust: 0.3
vendor:	ibm	model:	mobilefirst platform foundation	scope:	eq	version:	7.1.0.0	Trust: 0.3
vendor:	cisco	model:	webex meetings server multimedia platform	scope:	eq	version:	-0	Trust: 0.3
vendor:	cisco	model:	unified ip conference phone 10.3.1sr4	scope:	ne	version:	8831	Trust: 0.3
vendor:	cisco	model:	nexus series switches	scope:	eq	version:	70000	Trust: 0.3
vendor:	ibm	model:	rational insight	scope:	eq	version:	1.1.1.7	Trust: 0.3
vendor:	cisco	model:	prime network registrar	scope:	ne	version:	8.3.5	Trust: 0.3
vendor:	cisco	model:	series stackable managed switches	scope:	eq	version:	5000	Trust: 0.3
vendor:	cisco	model:	prime access registrar	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	unified intelligent contact management enterprise	scope:	ne	version:	11.6.1	Trust: 0.3
vendor:	cisco	model:	stealthwatch flowcollector netflow	scope:	eq	version:	0	Trust: 0.3
vendor:	mcafee	model:	email gateway	scope:	eq	version:	7.6.3.2	Trust: 0.3
vendor:	cisco	model:	ucs manager	scope:	eq	version:	0	Trust: 0.3
vendor:	ibm	model:	rrdi	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.6.11	Trust: 0.3
vendor:	cisco	model:	webex meetings server	scope:	eq	version:	1.0	Trust: 0.3
vendor:	cisco	model:	network analysis module	scope:	ne	version:	6.2(2)	Trust: 0.3
vendor:	cisco	model:	video surveillance 4300e and 4500e high-definition ip cameras	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	unified attendant console department edition	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	ip series phones	scope:	eq	version:	78000	Trust: 0.3
vendor:	cisco	model:	aironet series access points	scope:	eq	version:	27000	Trust: 0.3
vendor:	cisco	model:	onepk all-in-one virtual machine	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	industrial router	scope:	eq	version:	9100	Trust: 0.3
vendor:	mcafee	model:	email gateway	scope:	eq	version:	7.6.1	Trust: 0.3
vendor:	ibm	model:	tivoli storage productivity center	scope:	eq	version:	5.2	Trust: 0.3
vendor:	cisco	model:	unified intelligence center	scope:	eq	version:	0	Trust: 0.3
vendor:	ibm	model:	security network protection	scope:	eq	version:	5.3.2	Trust: 0.3
vendor:	ibm	model:	aix	scope:	eq	version:	6.1	Trust: 0.3
vendor:	cisco	model:	video distribution suite for internet streaming	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	telepresence system	scope:	ne	version:	13006.1	Trust: 0.3
vendor:	ibm	model:	tivoli storage productivity center	scope:	eq	version:	5.2.7.1	Trust: 0.3
vendor:	ibm	model:	tivoli provisioning manager for os deployment	scope:	eq	version:	5.1.116	Trust: 0.3
vendor:	cisco	model:	cloupia unified infrastructure controller	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	nexus series switches	scope:	eq	version:	50000	Trust: 0.3
vendor:	cisco	model:	telepresence system	scope:	ne	version:	11006.1	Trust: 0.3
vendor:	cisco	model:	agent desktop for cisco unified contact center express	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	packaged contact center enterprise	scope:	eq	version:	0	Trust: 0.3
vendor:	ibm	model:	mobilefirst platform foundation	scope:	eq	version:	8.0.0.0	Trust: 0.3
vendor:	ibm	model:	smartcloud entry	scope:	eq	version:	3.1	Trust: 0.3
vendor:	cisco	model:	video surveillance series ip cameras	scope:	eq	version:	70000	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance	scope:	eq	version:	0	Trust: 0.3
vendor:	oracle	model:	secure global desktop	scope:	eq	version:	5.2	Trust: 0.3
vendor:	cisco	model:	telepresence sx series tc7.3.7	scope:	ne	version:	-	Trust: 0.3
vendor:	ibm	model:	cognos metrics manager	scope:	eq	version:	10.2.1	Trust: 0.3
vendor:	ibm	model:	tivoli storage productivity center	scope:	eq	version:	5.2.5	Trust: 0.3
vendor:	cisco	model:	nac appliance clean access server	scope:	eq	version:	-0	Trust: 0.3
vendor:	cisco	model:	video surveillance series ip cameras	scope:	eq	version:	60000	Trust: 0.3
vendor:	cisco	model:	firesight system software	scope:	ne	version:	6.1.0.1	Trust: 0.3
vendor:	cisco	model:	webex meetings for windows phone	scope:	eq	version:	80	Trust: 0.3
vendor:	cisco	model:	spa232d multi-line dect analog telephone adapter	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	prime optical for service providers	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	smart care	scope:	eq	version:	0	Trust: 0.3
vendor:	ibm	model:	security network protection	scope:	ne	version:	5.3.1.11	Trust: 0.3
vendor:	cisco	model:	edge digital media player 1.2rb1.0.3	scope:	ne	version:	340	Trust: 0.3
vendor:	cisco	model:	universal small cell cloudbase factory recovery root filesystem	scope:	eq	version:	2.99.4	Trust: 0.3
vendor:	cisco	model:	network performance analysis	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	nexus series switches	scope:	ne	version:	60006.2.19	Trust: 0.3
vendor:	cisco	model:	unified ip conference phone for third-party call control	scope:	eq	version:	88310	Trust: 0.3
vendor:	ibm	model:	rrdi	scope:	eq	version:	5.0	Trust: 0.3
vendor:	cisco	model:	webex meetings for windows phone	scope:	ne	version:	82.8	Trust: 0.3
vendor:	ibm	model:	security guardium	scope:	eq	version:	10.1	Trust: 0.3
vendor:	ibm	model:	spectrum control	scope:	eq	version:	5.2.10	Trust: 0.3
vendor:	cisco	model:	universal small cell cloudbase factory recovery root filesystem	scope:	eq	version:	0	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.7.7	Trust: 0.3
vendor:	ibm	model:	smartcloud entry	scope:	eq	version:	2.3.0	Trust: 0.3
vendor:	cisco	model:	secure access control system	scope:	ne	version:	5.8.0.32.7	Trust: 0.3
vendor:	cisco	model:	telepresence integrator c series ce8.2.2	scope:	ne	version:	-	Trust: 0.3
vendor:	ibm	model:	tivoli provisioning manager for os deployment intirim fix	scope:	eq	version:	5.133	Trust: 0.3
vendor:	oracle	model:	secure global desktop	scope:	eq	version:	5.3	Trust: 0.3
vendor:	ibm	model:	cognos business intelligence server	scope:	eq	version:	10.2.2	Trust: 0.3
vendor:	cisco	model:	webex meetings client hosted	scope:	eq	version:	-0	Trust: 0.3
vendor:	ibm	model:	rational insight	scope:	eq	version:	1.1.13	Trust: 0.3
vendor:	cisco	model:	content security management appliance	scope:	ne	version:	6.1.140	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.7.8	Trust: 0.3
vendor:	ibm	model:	security virtual server protection for vmware	scope:	eq	version:	1.1	Trust: 0.3
vendor:	ibm	model:	rrdi	scope:	eq	version:	2.0	Trust: 0.3
vendor:	cisco	model:	stealthwatch udp director	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	nexus series switches 5.2.8	scope:	ne	version:	6000	Trust: 0.3
vendor:	cisco	model:	intrusion prevention system solutions	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	unified ip conference phone	scope:	eq	version:	88310	Trust: 0.3
vendor:	ibm	model:	security network protection	scope:	eq	version:	5.3.2.1	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.6.14	Trust: 0.3
vendor:	ibm	model:	smartcloud entry appliance fp	scope:	eq	version:	3.1.0.4	Trust: 0.3
vendor:	cisco	model:	jabber client framework components	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	prime ip express	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	unified sip proxy software	scope:	ne	version:	10	Trust: 0.3
vendor:	ibm	model:	tivoli storage productivity center	scope:	eq	version:	5.2.4	Trust: 0.3
vendor:	ibm	model:	aix	scope:	eq	version:	5.3	Trust: 0.3
vendor:	oracle	model:	mysql workbench	scope:	eq	version:	6.1.4	Trust: 0.3
vendor:	cisco	model:	security manager	scope:	eq	version:	0	Trust: 0.3
vendor:	openssl	model:	project openssl	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	netflow generation appliance	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	jabber for mac	scope:	ne	version:	11.8	Trust: 0.3
vendor:	mcafee	model:	email gateway	scope:	eq	version:	7.6.403	Trust: 0.3
vendor:	cisco	model:	unified sip proxy software	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	unified ip phone	scope:	eq	version:	99510	Trust: 0.3
vendor:	cisco	model:	unified ip phone	scope:	eq	version:	89450	Trust: 0.3
vendor:	cisco	model:	telepresence supervisor mse	scope:	eq	version:	80500	Trust: 0.3
vendor:	ibm	model:	tivoli provisioning manager for os deployment build	scope:	eq	version:	7.1.1.20280.6	Trust: 0.3
vendor:	cisco	model:	telepresence server and mse	scope:	ne	version:	701087104.4	Trust: 0.3
vendor:	oracle	model:	vm virtualbox	scope:	eq	version:	5.0.10	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.6.6	Trust: 0.3
vendor:	ibm	model:	rational insight	scope:	eq	version:	1.1.12	Trust: 0.3
vendor:	cisco	model:	ucs series and series fabric interconnects	scope:	eq	version:	620063000	Trust: 0.3
vendor:	oracle	model:	commerce experience manager	scope:	eq	version:	6.2.2	Trust: 0.3
vendor:	cisco	model:	webex meeting center	scope:	eq	version:	0	Trust: 0.3
vendor:	ibm	model:	rational insight	scope:	eq	version:	1.1.11	Trust: 0.3
vendor:	ibm	model:	rrdi	scope:	eq	version:	2.0.4	Trust: 0.3
vendor:	ibm	model:	lotus protector for mail security	scope:	eq	version:	2.8.3.0	Trust: 0.3
vendor:	cisco	model:	netflow generation appliance	scope:	ne	version:	1.1(1)	Trust: 0.3
vendor:	oracle	model:	vm virtualbox	scope:	eq	version:	5.0.13	Trust: 0.3
vendor:	oracle	model:	commerce guided search	scope:	eq	version:	6.5.2	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.7.6	Trust: 0.3
vendor:	ibm	model:	security network protection	scope:	eq	version:	5.3.2.2	Trust: 0.3
vendor:	oracle	model:	secure global desktop	scope:	eq	version:	4.71	Trust: 0.3
vendor:	cisco	model:	socialminer	scope:	eq	version:	0	Trust: 0.3
vendor:	ibm	model:	powerkvm update	scope:	ne	version:	2.1.1.3-6513	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.6.28	Trust: 0.3
vendor:	cisco	model:	webex meetings server	scope:	eq	version:	2.0	Trust: 0.3
vendor:	cisco	model:	spa112 2-port phone adapter	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	video surveillance series high-definition ip cameras	scope:	ne	version:	40002.9	Trust: 0.3
vendor:	cisco	model:	intracer	scope:	eq	version:	0	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.6.29	Trust: 0.3
vendor:	ibm	model:	tivoli provisioning manager for os deployment build	scope:	eq	version:	5.1.1051.07	Trust: 0.3
vendor:	ibm	model:	rrdi	scope:	eq	version:	2.0.3	Trust: 0.3
vendor:	cisco	model:	jabber for windows	scope:	eq	version:	0	Trust: 0.3
vendor:	oracle	model:	oss support tools	scope:	eq	version:	8.8.15.7.15	Trust: 0.3
vendor:	oracle	model:	business intelligence enterprise edition	scope:	eq	version:	12.2.1.3.0	Trust: 0.3
vendor:	cisco	model:	prime infrastructure	scope:	ne	version:	3.2	Trust: 0.3
vendor:	cisco	model:	telepresence video communication server	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	video surveillance 4300e and 4500e high-definition ip cameras	scope:	ne	version:	2.9	Trust: 0.3
vendor:	ibm	model:	powerkvm update	scope:	ne	version:	3.1.0.23	Trust: 0.3
vendor:	cisco	model:	computer telephony integration object server	scope:	ne	version:	11.6.1	Trust: 0.3
vendor:	cisco	model:	telepresence system	scope:	eq	version:	11000	Trust: 0.3
vendor:	centos	model:	centos	scope:	eq	version:	7	Trust: 0.3
vendor:	cisco	model:	telepresence sx series	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	telepresence server on multiparty media and	scope:	eq	version:	3103200	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.6.24	Trust: 0.3
vendor:	cisco	model:	content security appliance update servers	scope:	eq	version:	0	Trust: 0.3
vendor:	ibm	model:	rational insight	scope:	eq	version:	1.1	Trust: 0.3
vendor:	cisco	model:	videoscape anyres live	scope:	ne	version:	9.7.2	Trust: 0.3
vendor:	cisco	model:	unified ip phone	scope:	eq	version:	99710	Trust: 0.3
vendor:	ibm	model:	security network protection	scope:	eq	version:	5.3.1.6	Trust: 0.3
vendor:	ibm	model:	security guardium	scope:	eq	version:	10.0	Trust: 0.3
vendor:	ibm	model:	tivoli provisioning manager for os deployment	scope:	eq	version:	5.1.0.2	Trust: 0.3
vendor:	mcafee	model:	email gateway	scope:	eq	version:	7.6.4	Trust: 0.3
vendor:	cisco	model:	firesight system software	scope:	ne	version:	5.4.1.9	Trust: 0.3
vendor:	cisco	model:	universal small cell iuh	scope:	ne	version:	3.17.3	Trust: 0.3
vendor:	cisco	model:	ata analog telephone adaptor	scope:	eq	version:	1870	Trust: 0.3
vendor:	ibm	model:	tivoli storage productivity center	scope:	eq	version:	5.2.1.1	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.7.2	Trust: 0.3
vendor:	cisco	model:	ios and cisco ios xe software	scope:	ne	version:	16.4	Trust: 0.3
vendor:	cisco	model:	telepresence system	scope:	ne	version:	500-326.1	Trust: 0.3
vendor:	cisco	model:	unity express	scope:	ne	version:	10	Trust: 0.3
vendor:	cisco	model:	expressway series	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	virtualization experience media edition	scope:	ne	version:	11.8	Trust: 0.3
vendor:	oracle	model:	vm virtualbox	scope:	ne	version:	5.1.8	Trust: 0.3
vendor:	cisco	model:	small business series managed switches	scope:	eq	version:	3000	Trust: 0.3
vendor:	mcafee	model:	email gateway	scope:	eq	version:	7.6.3.1	Trust: 0.3
vendor:	ibm	model:	rrdi	scope:	eq	version:	2.0.6	Trust: 0.3
vendor:	cisco	model:	telepresence system	scope:	ne	version:	10006.1	Trust: 0.3
vendor:	cisco	model:	telepresence isdn gateway	scope:	eq	version:	32410	Trust: 0.3
vendor:	cisco	model:	telepresence mcu	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	edge digital media player	scope:	eq	version:	3000	Trust: 0.3
vendor:	cisco	model:	series smart plus switches	scope:	eq	version:	2200	Trust: 0.3
vendor:	ibm	model:	smartcloud entry	scope:	eq	version:	3.2	Trust: 0.3
vendor:	ibm	model:	smartcloud entry appliance fi	scope:	eq	version:	2.4.0.4	Trust: 0.3
vendor:	cisco	model:	nexus series switches	scope:	eq	version:	1000v0	Trust: 0.3
vendor:	ibm	model:	tivoli storage productivity center	scope:	eq	version:	5.2.5.1	Trust: 0.3
vendor:	ibm	model:	rational insight	scope:	eq	version:	1.1.1.6	Trust: 0.3
vendor:	cisco	model:	virtual security gateway	scope:	eq	version:	0	Trust: 0.3
vendor:	oracle	model:	access manager	scope:	eq	version:	10.1.4.3.0	Trust: 0.3
vendor:	ibm	model:	rational insight	scope:	eq	version:	1.1.1.5	Trust: 0.3
vendor:	cisco	model:	telepresence tx9000 series	scope:	eq	version:	0	Trust: 0.3
vendor:	ibm	model:	smartcloud entry appliance fp	scope:	eq	version:	3.2.0.4	Trust: 0.3
vendor:	cisco	model:	series digital media players	scope:	eq	version:	43000	Trust: 0.3
vendor:	cisco	model:	telepresence system series	scope:	ne	version:	30006.1	Trust: 0.3
vendor:	cisco	model:	universal small cell series	scope:	eq	version:	70003.4.2.0	Trust: 0.3
vendor:	cisco	model:	unity connection	scope:	eq	version:	0	Trust: 0.3
vendor:	ibm	model:	security network protection	scope:	eq	version:	5.3.1.4	Trust: 0.3
vendor:	cisco	model:	security manager	scope:	ne	version:	4.13	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.6.12	Trust: 0.3
vendor:	cisco	model:	ucs b-series blade servers	scope:	eq	version:	0	Trust: 0.3
vendor:	ibm	model:	vios	scope:	eq	version:	2.2	Trust: 0.3
vendor:	cisco	model:	ucs standalone c-series rack server integrated management cont	scope:	eq	version:	-0	Trust: 0.3
vendor:	ibm	model:	security network protection	scope:	ne	version:	5.3.2.5	Trust: 0.3
vendor:	cisco	model:	telepresence integrator c series	scope:	eq	version:	0	Trust: 0.3
vendor:	ibm	model:	spectrum control	scope:	eq	version:	5.2.9	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.6.32	Trust: 0.3
vendor:	cisco	model:	enterprise content delivery system	scope:	ne	version:	2.6.9	Trust: 0.3
vendor:	cisco	model:	nexus series switches	scope:	eq	version:	60000	Trust: 0.3
vendor:	oracle	model:	commerce experience manager	scope:	eq	version:	6.5.1	Trust: 0.3
vendor:	cisco	model:	mds series multilayer switches 5.2.8	scope:	ne	version:	9000	Trust: 0.3
vendor:	cisco	model:	series digital media players 5.4.1 rb4	scope:	ne	version:	4300	Trust: 0.3
vendor:	cisco	model:	ucs standalone c-series rack server integrated management cont	scope:	ne	version:	-3.0	Trust: 0.3
vendor:	cisco	model:	ios and cisco ios xe software	scope:	ne	version:	16.1	Trust: 0.3
vendor:	cisco	model:	prime network	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	telepresence tx9000 series	scope:	ne	version:	6.1	Trust: 0.3
vendor:	cisco	model:	prime performance manager	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	smart net total care local collector appliance	scope:	eq	version:	-0	Trust: 0.3
vendor:	cisco	model:	prime collaboration provisioning	scope:	eq	version:	0	Trust: 0.3
vendor:	ibm	model:	tivoli storage productivity center	scope:	eq	version:	5.2.12	Trust: 0.3
vendor:	cisco	model:	connected grid routers	scope:	ne	version:	15.8.9	Trust: 0.3
vendor:	cisco	model:	network analysis module	scope:	eq	version:	0	Trust: 0.3
vendor:	oracle	model:	commerce experience manager	scope:	eq	version:	6.5.2	Trust: 0.3
vendor:	cisco	model:	nexus series fabric switches aci mode	scope:	eq	version:	9000-0	Trust: 0.3
vendor:	cisco	model:	prime performance manager sp1611	scope:	ne	version:	1.7	Trust: 0.3
vendor:	ibm	model:	worklight consumer edition	scope:	eq	version:	6.1.0.1	Trust: 0.3
vendor:	oracle	model:	vm virtualbox	scope:	eq	version:	5.0.12	Trust: 0.3
vendor:	oracle	model:	vm virtualbox	scope:	eq	version:	5.0.22	Trust: 0.3
vendor:	cisco	model:	unified ip phone 9.3 sr3	scope:	ne	version:	6901	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.6.23	Trust: 0.3
vendor:	oracle	model:	vm virtualbox	scope:	eq	version:	5.0.16	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.7.10	Trust: 0.3
vendor:	cisco	model:	telepresence server and mse	scope:	eq	version:	701087100	Trust: 0.3
vendor:	cisco	model:	mds series multilayer switches	scope:	ne	version:	90006.2.19	Trust: 0.3
vendor:	cisco	model:	aironet series access points	scope:	ne	version:	270015.5(3)	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.6.30	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.6.4	Trust: 0.3
vendor:	ibm	model:	spectrum control	scope:	eq	version:	5.2.11	Trust: 0.3
vendor:	cisco	model:	telepresence server on virtual machine	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	webex meetings for android	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	nexus series switches 5.2.8	scope:	ne	version:	5000	Trust: 0.3
vendor:	cisco	model:	digital media manager 5.4.1 rb4	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	unified workforce optimization quality management solution	scope:	eq	version:	-0	Trust: 0.3
vendor:	cisco	model:	telepresence integrator c series tc7.3.7	scope:	ne	version:	-	Trust: 0.3
vendor:	ibm	model:	tivoli provisioning manager for os deployment	scope:	eq	version:	5.1.3	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.6.13	Trust: 0.3
vendor:	cisco	model:	spa122 analog telephone adapter with router	scope:	ne	version:	1.4.2	Trust: 0.3
vendor:	cisco	model:	cloud object storage	scope:	eq	version:	0	Trust: 0.3
vendor:	ibm	model:	sterling connect:express for unix	scope:	eq	version:	1.4	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.7.5	Trust: 0.3
vendor:	ibm	model:	rrdi	scope:	eq	version:	2.0.1	Trust: 0.3
vendor:	ibm	model:	worklight enterprise edition	scope:	eq	version:	6.1.0.2	Trust: 0.3
vendor:	oracle	model:	vm virtualbox	scope:	eq	version:	5.0.14	Trust: 0.3
vendor:	mcafee	model:	email gateway	scope:	eq	version:	7.6.3	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.7.4	Trust: 0.3
vendor:	cisco	model:	unified intelligent contact management enterprise	scope:	eq	version:	0	Trust: 0.3
vendor:	ibm	model:	security network protection	scope:	eq	version:	5.3.2.4	Trust: 0.3
vendor:	cisco	model:	application and content networking system	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client for ios	scope:	eq	version:	0	Trust: 0.3
vendor:	oracle	model:	business intelligence enterprise edition	scope:	eq	version:	11.1.1.7.0	Trust: 0.3
vendor:	cisco	model:	ace application control engine	scope:	eq	version:	47100	Trust: 0.3
vendor:	oracle	model:	oss support tools	scope:	ne	version:	8.15.17.3.14	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client for mac os	scope:	eq	version:	x0	Trust: 0.3
vendor:	oracle	model:	business intelligence enterprise edition	scope:	eq	version:	12.2.1.2.0	Trust: 0.3
vendor:	oracle	model:	commerce guided search	scope:	eq	version:	6.4.1.2	Trust: 0.3
vendor:	ibm	model:	tivoli provisioning manager for images build	scope:	ne	version:	7.1.1.20290.1	Trust: 0.3
vendor:	cisco	model:	prime infrastructure plug and play standalone gateway	scope:	eq	version:	0	Trust: 0.3
vendor:	ibm	model:	security network protection	scope:	eq	version:	5.3.1.2	Trust: 0.3
vendor:	cisco	model:	virtual security gateway	scope:	ne	version:	2.1.6	Trust: 0.3
vendor:	cisco	model:	nexus series switches	scope:	ne	version:	50006.2.19	Trust: 0.3
vendor:	cisco	model:	telepresence conductor	scope:	eq	version:	0	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.7.3	Trust: 0.3
vendor:	cisco	model:	application policy infrastructure controller	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	jabber for mac	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	jabber for iphone and ipad	scope:	ne	version:	11.8	Trust: 0.3
vendor:	cisco	model:	prime network registrar	scope:	ne	version:	9.0	Trust: 0.3
vendor:	ibm	model:	security network protection	scope:	eq	version:	5.3.3	Trust: 0.3
vendor:	ibm	model:	cognos metrics manager	scope:	eq	version:	10.2.2	Trust: 0.3
vendor:	ibm	model:	i	scope:	eq	version:	7.1	Trust: 0.3
vendor:	ibm	model:	worklight enterprise edition	scope:	eq	version:	6.1.0.1	Trust: 0.3
vendor:	cisco	model:	telepresence video communication server	scope:	ne	version:	x8.8.3	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.6.16	Trust: 0.3
vendor:	ibm	model:	tivoli storage productivity center	scope:	eq	version:	5.2.4.1	Trust: 0.3
vendor:	cisco	model:	series digital media players 5.4.1 rb4	scope:	ne	version:	4400	Trust: 0.3
vendor:	ibm	model:	sterling connect:express for unix	scope:	eq	version:	1.5.0	Trust: 0.3
vendor:	cisco	model:	multicast manager	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	aironet series access points	scope:	ne	version:	270016.3	Trust: 0.3
vendor:	ibm	model:	cognos business intelligence server	scope:	eq	version:	10.2	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client for ios	scope:	ne	version:	4.0.7	Trust: 0.3
vendor:	cisco	model:	secure access control system	scope:	ne	version:	5.8.0.32.8	Trust: 0.3
vendor:	cisco	model:	webex node for mcs	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	telepresence mcu	scope:	ne	version:	4.5(1.89)	Trust: 0.3
vendor:	cisco	model:	management appliance	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client for windows	scope:	ne	version:	4.0.7	Trust: 0.3
vendor:	cisco	model:	videoscape anyres live	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	video surveillance ptz ip cameras	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	video distribution suite for internet streaming	scope:	ne	version:	4.003(002)	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.6.31	Trust: 0.3
vendor:	cisco	model:	telepresence serial gateway series	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	telepresence server on multiparty media	scope:	ne	version:	8204.4	Trust: 0.3
vendor:	ibm	model:	i	scope:	eq	version:	7.2	Trust: 0.3
vendor:	ibm	model:	tivoli storage productivity center	scope:	eq	version:	5.2.3	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.7.13	Trust: 0.3
vendor:	mcafee	model:	email gateway	scope:	eq	version:	7.6.400	Trust: 0.3
vendor:	cisco	model:	unified ip phone	scope:	eq	version:	89610	Trust: 0.3
vendor:	cisco	model:	expressway series	scope:	ne	version:	x8.8.3	Trust: 0.3
vendor:	oracle	model:	commerce guided search	scope:	eq	version:	6.3	Trust: 0.3
vendor:	cisco	model:	prime network	scope:	ne	version:	431	Trust: 0.3
vendor:	ibm	model:	aix	scope:	eq	version:	7.1	Trust: 0.3
vendor:	cisco	model:	telepresence system	scope:	eq	version:	500-320	Trust: 0.3
vendor:	cisco	model:	unified attendant console enterprise edition	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	unified contact center express	scope:	eq	version:	0	Trust: 0.3
vendor:	oracle	model:	vm virtualbox	scope:	eq	version:	5.0.26	Trust: 0.3
vendor:	ibm	model:	tivoli provisioning manager for os deployment	scope:	eq	version:	7.1.1	Trust: 0.3
vendor:	cisco	model:	network analysis module 6.2	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	telepresence system ex series ce8.2.2	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	prime data center network manager	scope:	eq	version:	-	Trust: 0.3
vendor:	cisco	model:	mxe series media experience engines	scope:	eq	version:	35000	Trust: 0.3
vendor:	cisco	model:	universal small cell cloudbase factory recovery root filesystem	scope:	ne	version:	3.17.3	Trust: 0.3
vendor:	cisco	model:	videoscape control suite	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	tandberg codian mse	scope:	eq	version:	83200	Trust: 0.3
vendor:	cisco	model:	ip series phones vpn feature	scope:	eq	version:	8800-0	Trust: 0.3
vendor:	ibm	model:	mobilefirst platform foundation	scope:	eq	version:	7.0.0.0	Trust: 0.3
vendor:	ibm	model:	security network protection	scope:	eq	version:	5.3.1.9	Trust: 0.3
vendor:	ibm	model:	security network protection	scope:	eq	version:	5.3.1.3	Trust: 0.3
vendor:	ibm	model:	smartcloud entry	scope:	eq	version:	2.2	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.6.27	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.6.17	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.6.18	Trust: 0.3
vendor:	oracle	model:	enterprise manager base platform	scope:	eq	version:	13.2.0.0	Trust: 0.3
vendor:	cisco	model:	unified meetingplace 8.6mr1	scope:	ne	version:	-	Trust: 0.3
vendor:	mcafee	model:	email gateway	scope:	ne	version:	7.6.406-3402.103	Trust: 0.3
vendor:	cisco	model:	telepresence mx series	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	tapi service provider	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	video surveillance series ip cameras	scope:	ne	version:	70002.9	Trust: 0.3
vendor:	cisco	model:	telepresence system	scope:	eq	version:	500-370	Trust: 0.3
vendor:	cisco	model:	spa525g 5-line ip phone	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	telepresence profile series	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	secure access control system	scope:	eq	version:	0	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.6.22	Trust: 0.3
vendor:	cisco	model:	unified ip conference phone for third-party call control 9.3 sr3	scope:	ne	version:	8831	Trust: 0.3
vendor:	cisco	model:	unified ip series phones	scope:	eq	version:	79000	Trust: 0.3
vendor:	cisco	model:	spa232d multi-line dect analog telephone adapter	scope:	ne	version:	1.4.2	Trust: 0.3
vendor:	cisco	model:	nexus series fabric switches aci mode	scope:	ne	version:	9000-0	Trust: 0.3
vendor:	ibm	model:	tivoli storage productivity center	scope:	eq	version:	5.2.6	Trust: 0.3
vendor:	cisco	model:	visual quality experience tools server	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	virtualization experience media edition	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	emergency responder	scope:	eq	version:	0	Trust: 0.3
vendor:	mcafee	model:	email gateway 7.6.405h1157986	scope:	-	version:	-	Trust: 0.3
vendor:	ibm	model:	tivoli storage productivity center	scope:	eq	version:	5.2.7	Trust: 0.3
vendor:	cisco	model:	registered envelope service	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	universal small cell series	scope:	ne	version:	70003.5.12.23	Trust: 0.3
vendor:	cisco	model:	firesight system software	scope:	eq	version:	0	Trust: 0.3
vendor:	ibm	model:	smartcloud entry appliance fi	scope:	eq	version:	2.3.0.4	Trust: 0.3
vendor:	cisco	model:	webex meetings client hosted t32	scope:	ne	version:	-	Trust: 0.3
vendor:	oracle	model:	mysql	scope:	eq	version:	5.7.15	Trust: 0.3
vendor:	cisco	model:	unified meetingplace	scope:	eq	version:	0	Trust: 0.3
vendor:	ibm	model:	security virtual server protection for vmware	scope:	eq	version:	1.1.1	Trust: 0.3
vendor:	cisco	model:	unified contact center express	scope:	ne	version:	11.6	Trust: 0.3
vendor:	cisco	model:	webex meetings server	scope:	ne	version:	2.6.1.30	Trust: 0.3
vendor:	ibm	model:	tivoli provisioning manager for images system edition	scope:	eq	version:	x7.1.1.0	Trust: 0.3
vendor:	mcafee	model:	email gateway	scope:	eq	version:	7.6.402	Trust: 0.3

sources: BID: 92628 // JVNDB: JVNDB-2016-004781 // CNNVD: CNNVD-201608-449 // NVD: CVE-2016-6302

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-6302
value:	HIGH
Trust: 1.0
NVD:	CVE-2016-6302
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201608-449
value:	HIGH
Trust: 0.6
VULMON:	CVE-2016-6302
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-6302
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

nvd@nist.gov:	CVE-2016-6302
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULMON: CVE-2016-6302 // JVNDB: JVNDB-2016-004781 // CNNVD: CNNVD-201608-449 // NVD: CVE-2016-6302

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2016-004781 // NVD: CVE-2016-6302

THREAT TYPE

remote

Trust: 1.0

sources: PACKETSTORM: 138870 // PACKETSTORM: 148525 // PACKETSTORM: 138820 // PACKETSTORM: 148524 // CNNVD: CNNVD-201608-449

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201608-449

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-004781

PATCH

title:	cisco-sa-20160927-openssl	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-openssl	Trust: 0.8
title:	1995039	url:	http://www-01.ibm.com/support/docview.wss?uid=swg21995039	Trust: 0.8
title:	NV17-001	url:	http://jpn.nec.com/security-info/secinfo/nv17-001.html	Trust: 0.8
title:	OpenSSL 1.0.1 Series Release Notes	url:	https://www.openssl.org/news/openssl-1.0.1-notes.html	Trust: 0.8
title:	OpenSSL 1.0.2 Series Release Notes	url:	https://www.openssl.org/news/openssl-1.0.2-notes.html	Trust: 0.8
title:	Sanity check ticket length.	url:	https://git.openssl.org/?p=openssl.git;a=commit;h=e97763c92c655dcf4af2860b3abd2bc4c8a267f9	Trust: 0.8
title:	Oracle Critical Patch Update Advisory - October 2016	url:	http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html	Trust: 0.8
title:	Oracle Linux Bulletin - October 2016	url:	http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html	Trust: 0.8
title:	Oracle Solaris Third Party Bulletin - October 2016	url:	http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html	Trust: 0.8
title:	Oracle VM Server for x86 Bulletin - October 2016	url:	http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html	Trust: 0.8
title:	SA40312	url:	https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312	Trust: 0.8
title:	SA132	url:	https://bto.bluecoat.com/security-advisory/sa132	Trust: 0.8
title:	JSA10759	url:	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759	Trust: 0.8
title:	Splunk Enterprise 6.4.5 addresses multiple vulnerabilities	url:	http://www.splunk.com/view/SP-CAAAPUE	Trust: 0.8
title:	Splunk Enterprise 6.5.1 addresses multiple OpenSSL vulnerabilities	url:	http://www.splunk.com/view/SP-CAAAPSV	Trust: 0.8
title:	TNS-2016-16	url:	https://www.tenable.com/security/tns-2016-16	Trust: 0.8
title:	OpenSSL Remediation measures for denial of service vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=63772	Trust: 0.6
title:	Red Hat: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20182187 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 RHEL 7 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20182185 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: openssl security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20161940 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 RHEL 6 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20182186 - Security Advisory	Trust: 0.1
title:	Red Hat: CVE-2016-6302	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2016-6302	Trust: 0.1
title:	Arch Linux Issues:	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2016-6302	Trust: 0.1
title:	Ubuntu Security Notice: openssl regression	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3087-2	Trust: 0.1
title:	Ubuntu Security Notice: openssl vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3087-1	Trust: 0.1
title:	Amazon Linux AMI: ALAS-2016-755	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2016-755	Trust: 0.1
title:	Arch Linux Advisories: [ASA-201609-23] openssl: multiple issues	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201609-23	Trust: 0.1
title:	Arch Linux Advisories: [ASA-201609-24] lib32-openssl: multiple issues	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201609-24	Trust: 0.1
title:	IBM: IBM Security Bulletin: Fabric OS firmware for Brocade 8Gb SAN Switch Module for BladeCenter is affected by vulnerabilities in OpenSSL and OpenSSH	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=b7f5b1e7edcafce07f28205855d4db49	Trust: 0.1
title:	Oracle: Oracle Critical Patch Update Advisory - January 2017	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=69e9536e77203a3c76b24dd89f4f9300	Trust: 0.1
title:	Tenable Security Advisories: [R7] Nessus 6.9 Fixes Multiple Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2016-16	Trust: 0.1
title:	Symantec Security Advisories: SA132 : OpenSSL Vulnerabilities 22-Sep-2016 and 26-Sep-2016	url:	https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories&qid=1e6dcaf5dac6ef96a7d917a8c1393040	Trust: 0.1
title:	Cisco: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20160927-openssl	Trust: 0.1
title:	Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2017	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=a31bff03e9909229fd67996884614fdf	Trust: 0.1
title:	Oracle: Oracle Critical Patch Update Advisory - October 2016	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=05aabe19d38058b7814ef5514aab4c0c	Trust: 0.1
title:	Tenable Security Advisories: [R3] PVS 5.2.0 Fixes Multiple Third-party Library Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2016-20	Trust: 0.1
title:	Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2018	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=586e6062440cdd312211d748e028164e	Trust: 0.1
title:	Tenable Security Advisories: [R2] LCE 4.8.2 Fixes Multiple Third-party Library Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2016-21	Trust: 0.1
title:	Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2016	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=6839c4d3fd328571c675c335d58b5591	Trust: 0.1
title:	Oracle: Oracle Critical Patch Update Advisory - July 2017	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=2f446a7e1ea263c0c3a365776c6713f2	Trust: 0.1
title:	Forcepoint Security Advisories: CVE-2016-2180 to -2183, -6302 to -6309, -2179, -7052 OpenSSL Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=forcepoint_security_advisories&qid=a9dd8a175d084c7432b7ad47715ac50c	Trust: 0.1
title:	Oracle: Oracle Critical Patch Update Advisory - January 2018	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=e2a7f287e9acc8c64ab3df71130bc64d	Trust: 0.1
title:	Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - October 2016	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins&qid=21c0efa2643d707e2f50a501209eb75c	Trust: 0.1
title:	Oracle Linux Bulletins: Oracle Linux Bulletin - October 2016	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins&qid=13f3551b67d913fba90df4b2c0dae0bf	Trust: 0.1
title:	Oracle: Oracle Critical Patch Update Advisory - April 2018	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=4019ca77f50c7a34e4d97833e6f3321e	Trust: 0.1
title:	Oracle: Oracle Critical Patch Update Advisory - April 2017	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=143b3fb255063c81571469eaa3cf0a87	Trust: 0.1
title:	Oracle: Oracle Critical Patch Update Advisory - October 2017	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=523d3f220a64ff01dd95e064bd37566a	Trust: 0.1
title:	-	url:	https://github.com/Live-Hack-CVE/CVE-2016-6302	Trust: 0.1
title:	-	url:	https://github.com/holmes-py/reports-summary	Trust: 0.1
title:	rhsecapi	url:	https://github.com/RedHatOfficial/rhsecapi	Trust: 0.1
title:	alpine-cvecheck	url:	https://github.com/tomwillfixit/alpine-cvecheck	Trust: 0.1
title:	cve-pylib	url:	https://github.com/RedHatProductSecurity/cve-pylib	Trust: 0.1
title:	-	url:	https://github.com/imhunterand/hackerone-publicy-disclosed	Trust: 0.1

sources: VULMON: CVE-2016-6302 // JVNDB: JVNDB-2016-004781 // CNNVD: CNNVD-201608-449

EXTERNAL IDS

db:	NVD	id:	CVE-2016-6302	Trust: 3.4
db:	BID	id:	92628	Trust: 2.0
db:	SECTRACK	id:	1036885	Trust: 1.7
db:	TENABLE	id:	TNS-2016-16	Trust: 1.7
db:	TENABLE	id:	TNS-2016-21	Trust: 1.7
db:	TENABLE	id:	TNS-2016-20	Trust: 1.7
db:	PULSESECURE	id:	SA40312	Trust: 1.7
db:	SIEMENS	id:	SSA-412672	Trust: 1.7
db:	JUNIPER	id:	JSA10759	Trust: 1.7
db:	JVN	id:	JVNVU98667810	Trust: 0.8
db:	JVNDB	id:	JVNDB-2016-004781	Trust: 0.8
db:	AUSCERT	id:	ESB-2022.0696	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.2148	Trust: 0.6
db:	CNNVD	id:	CNNVD-201608-449	Trust: 0.6
db:	ICS CERT	id:	ICSA-22-349-21	Trust: 0.1
db:	VULMON	id:	CVE-2016-6302	Trust: 0.1
db:	PACKETSTORM	id:	138870	Trust: 0.1
db:	PACKETSTORM	id:	148521	Trust: 0.1
db:	PACKETSTORM	id:	148525	Trust: 0.1
db:	PACKETSTORM	id:	138817	Trust: 0.1
db:	PACKETSTORM	id:	138820	Trust: 0.1
db:	PACKETSTORM	id:	148524	Trust: 0.1

sources: VULMON: CVE-2016-6302 // BID: 92628 // PACKETSTORM: 138870 // PACKETSTORM: 148521 // PACKETSTORM: 148525 // PACKETSTORM: 138817 // PACKETSTORM: 138820 // PACKETSTORM: 148524 // JVNDB: JVNDB-2016-004781 // CNNVD: CNNVD-201608-449 // NVD: CVE-2016-6302

REFERENCES

url:	http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html	Trust: 2.0
url:	http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html	Trust: 2.0
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21995039	Trust: 2.0
url:	http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html	Trust: 2.0
url:	http://www.securityfocus.com/bid/92628	Trust: 1.8
url:	http://rhn.redhat.com/errata/rhsa-2016-1940.html	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2018:2187	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2018:2186	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2018:2185	Trust: 1.8
url:	http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html	Trust: 1.7
url:	http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html	Trust: 1.7
url:	http://www.splunk.com/view/sp-caaapue	Trust: 1.7
url:	http://www.splunk.com/view/sp-caaapsv	Trust: 1.7
url:	https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40312	Trust: 1.7
url:	https://bto.bluecoat.com/security-advisory/sa132	Trust: 1.7
url:	http://kb.juniper.net/infocenter/index?page=content&id=jsa10759	Trust: 1.7
url:	https://www.tenable.com/security/tns-2016-16	Trust: 1.7
url:	http://www.securitytracker.com/id/1036885	Trust: 1.7
url:	http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html	Trust: 1.7
url:	http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html	Trust: 1.7
url:	https://www.tenable.com/security/tns-2016-21	Trust: 1.7
url:	https://www.tenable.com/security/tns-2016-20	Trust: 1.7
url:	https://security.freebsd.org/advisories/freebsd-sa-16:26.openssl.asc	Trust: 1.7
url:	http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html	Trust: 1.7
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf	Trust: 1.7
url:	https://git.openssl.org/?p=openssl.git%3ba=commit%3bh=e97763c92c655dcf4af2860b3abd2bc4c8a267f9	Trust: 1.1
url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160927-openssl	Trust: 0.9
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6302	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu98667810/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6302	Trust: 0.8
url:	http://www.bizmobile.co.jp/news_02.php?id=4069&nc=1	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2182	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2016-6302	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2016-6306	Trust: 0.6
url:	https://git.openssl.org/?p=openssl.git;a=commit;h=e97763c92c655dcf4af2860b3abd2bc4c8a267f9	Trust: 0.6
url:	https://www.openssl.org/news/vulnerabilities.html#y2017	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.0696	Trust: 0.6
url:	http://www.ibm.com/support/docview.wss?uid=ibm10887855	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.2148/	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2016-6306	Trust: 0.4
url:	https://access.redhat.com/security/team/contact/	Trust: 0.4
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.4
url:	https://bugzilla.redhat.com/):	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2016-2182	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2016-6302	Trust: 0.4
url:	https://github.com/openssl/openssl/commit/1bbe48ab149893a78bf99c8eb8895c928900a16f	Trust: 0.3
url:	http://openssl.org/	Trust: 0.3
url:	https://bugzilla.redhat.com/show_bug.cgi?id=1369855	Trust: 0.3
url:	http://aix.software.ibm.com/aix/efixes/security/openssl_advisory21.asc	Trust: 0.3
url:	https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-openssl-affect-ibm-worklight-and-ibm-mobilefirst-platform-foundation-2/	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=isg3t1024394	Trust: 0.3
url:	http://www.ibm.com/support/docview.wss?uid=isg3t1024401	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=isg3t1024648	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=nas8n1021643	Trust: 0.3
url:	http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html	Trust: 0.3
url:	https://kc.mcafee.com/resources/sites/mcafee/content/live/product_documentation/27000/pd27128/en_us/meg_7_6_406_3402_103_release_notes_en_us.pdf	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21991724	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21992348	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21992898	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21993061	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21993856	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21993875	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21995129	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21995392	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21995393	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21995691	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2178	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2179	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2177	Trust: 0.3
url:	https://access.redhat.com/articles/11258	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2181	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-6304	Trust: 0.3
url:	https://access.redhat.com/security/team/key/	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2180	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2017-3731	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-7055	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2017-3738	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2017-3731	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2017-3737	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2017-3732	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2017-3738	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2017-3732	Trust: 0.3
url:	https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.29/	Trust: 0.3
url:	https://access.redhat.com/security/updates/classification/#moderate	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2016-7055	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2017-3737	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2017-3736	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2017-3736	Trust: 0.3
url:	https://issues.jboss.org/):	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-6303	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2183	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/20.html	Trust: 0.1
url:	https://github.com/live-hack-cve/cve-2016-6302	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://usn.ubuntu.com/3087-2/	Trust: 0.1
url:	https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21	Trust: 0.1
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=49001	Trust: 0.1
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-2180	Trust: 0.1
url:	https://www.openssl.org/news/secadv/20160922.txt	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-2177	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-2181	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-6304	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-2179	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-2178	Trust: 0.1
url:	https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/	Trust: 0.1
url:	https://www.debian.org/security/faq	Trust: 0.1
url:	https://www.debian.org/security/	Trust: 0.1
url:	http://www.ubuntu.com/usn/usn-3087-1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.37	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.20	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.4	Trust: 0.1

CREDITS

Shi Lei.,The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.

Trust: 0.6

sources: CNNVD: CNNVD-201608-449

SOURCES

db:	VULMON	id:	CVE-2016-6302
db:	BID	id:	92628
db:	PACKETSTORM	id:	138870
db:	PACKETSTORM	id:	148521
db:	PACKETSTORM	id:	148525
db:	PACKETSTORM	id:	138817
db:	PACKETSTORM	id:	138820
db:	PACKETSTORM	id:	148524
db:	JVNDB	id:	JVNDB-2016-004781
db:	CNNVD	id:	CNNVD-201608-449
db:	NVD	id:	CVE-2016-6302

LAST UPDATE DATE

2025-06-26T20:59:29.543000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2016-6302	date:	2023-11-07T00:00:00
db:	BID	id:	92628	date:	2018-02-05T15:00:00
db:	JVNDB	id:	JVNDB-2016-004781	date:	2017-10-03T00:00:00
db:	CNNVD	id:	CNNVD-201608-449	date:	2022-12-14T00:00:00
db:	NVD	id:	CVE-2016-6302	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2016-6302	date:	2016-09-16T00:00:00
db:	BID	id:	92628	date:	2016-08-24T00:00:00
db:	PACKETSTORM	id:	138870	date:	2016-09-27T19:32:00
db:	PACKETSTORM	id:	148521	date:	2018-07-12T21:45:18
db:	PACKETSTORM	id:	148525	date:	2018-07-12T21:48:57
db:	PACKETSTORM	id:	138817	date:	2016-09-22T22:22:00
db:	PACKETSTORM	id:	138820	date:	2016-09-22T22:25:00
db:	PACKETSTORM	id:	148524	date:	2018-07-12T21:48:49
db:	JVNDB	id:	JVNDB-2016-004781	date:	2016-09-21T00:00:00
db:	CNNVD	id:	CNNVD-201608-449	date:	2016-08-25T00:00:00
db:	NVD	id:	CVE-2016-6302	date:	2016-09-16T05:59:12.003