Details of VAR-201711-0923

ID

VAR-201711-0923

CVE

CVE-2017-3736

TITLE

OpenSSL Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2017-010189

DESCRIPTION

There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen. OpenSSL is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. Versions prior to OpenSSL 1.1.0g and 1.0.2m are vulnerable. OpenSSL Security Advisory [27 Mar 2018] ======================================== Constructed ASN.1 types with a recursive definition could exceed the stack (CVE-2018-0739) ========================================================================================== Severity: Moderate Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. OpenSSL 1.1.0 users should upgrade to 1.1.0h OpenSSL 1.0.2 users should upgrade to 1.0.2o This issue was reported to OpenSSL on 4th January 2018 by the OSS-fuzz project. The fix was developed by Matt Caswell of the OpenSSL development team. Incorrect CRYPTO_memcmp on HP-UX PA-RISC (CVE-2018-0733) ======================================================== Severity: Moderate Because of an implementation bug the PA-RISC CRYPTO_memcmp function is effectively reduced to only comparing the least significant bit of each byte. This allows an attacker to forge messages that would be considered as authenticated in an amount of tries lower than that guaranteed by the security claims of the scheme. The module can only be compiled by the HP-UX assembler, so that only HP-UX PA-RISC targets are affected. OpenSSL 1.1.0 users should upgrade to 1.1.0h This issue was reported to OpenSSL on 2nd March 2018 by Peter Waltenberg (IBM). The fix was developed by Andy Polyakov of the OpenSSL development team. Due to the low severity no fix was released at that time for OpenSSL 1.1.0. Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732 and CVE-2015-3193. OpenSSL 1.1.0 users should upgrade to 1.1.0h OpenSSL 1.0.2 users should upgrade to 1.0.2n This issue was reported to OpenSSL on 22nd November 2017 by David Benjamin (Google). The issue was originally found via the OSS-Fuzz project. The fix was developed by Andy Polyakov of the OpenSSL development team. References ========== URL for this Security Advisory: https://www.openssl.org/news/secadv/20180327.txt Note: the online version of the advisory may be updated with additional details over time. For details of OpenSSL severity classifications please see: https://www.openssl.org/policies/secpolicy.html . Solution: The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files). After installing the updated packages, the httpd daemon will be restarted automatically. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openssl security and bug fix update Advisory ID: RHSA-2018:0998-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:0998 Issue date: 2018-04-10 CVE Names: CVE-2017-3736 CVE-2017-3737 CVE-2017-3738 ===================================================================== 1. Summary: An update for openssl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x 3. Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es): * openssl: bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736) * openssl: Read/write after SSL object in error state (CVE-2017-3737) * openssl: rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.5 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. 5. Package List: Red Hat Enterprise Linux Client (v. 7): Source: openssl-1.0.2k-12.el7.src.rpm x86_64: openssl-1.0.2k-12.el7.x86_64.rpm openssl-debuginfo-1.0.2k-12.el7.i686.rpm openssl-debuginfo-1.0.2k-12.el7.x86_64.rpm openssl-libs-1.0.2k-12.el7.i686.rpm openssl-libs-1.0.2k-12.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: openssl-debuginfo-1.0.2k-12.el7.i686.rpm openssl-debuginfo-1.0.2k-12.el7.x86_64.rpm openssl-devel-1.0.2k-12.el7.i686.rpm openssl-devel-1.0.2k-12.el7.x86_64.rpm openssl-perl-1.0.2k-12.el7.x86_64.rpm openssl-static-1.0.2k-12.el7.i686.rpm openssl-static-1.0.2k-12.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: openssl-1.0.2k-12.el7.src.rpm x86_64: openssl-1.0.2k-12.el7.x86_64.rpm openssl-debuginfo-1.0.2k-12.el7.i686.rpm openssl-debuginfo-1.0.2k-12.el7.x86_64.rpm openssl-libs-1.0.2k-12.el7.i686.rpm openssl-libs-1.0.2k-12.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: openssl-debuginfo-1.0.2k-12.el7.i686.rpm openssl-debuginfo-1.0.2k-12.el7.x86_64.rpm openssl-devel-1.0.2k-12.el7.i686.rpm openssl-devel-1.0.2k-12.el7.x86_64.rpm openssl-perl-1.0.2k-12.el7.x86_64.rpm openssl-static-1.0.2k-12.el7.i686.rpm openssl-static-1.0.2k-12.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: openssl-1.0.2k-12.el7.src.rpm ppc64: openssl-1.0.2k-12.el7.ppc64.rpm openssl-debuginfo-1.0.2k-12.el7.ppc.rpm openssl-debuginfo-1.0.2k-12.el7.ppc64.rpm openssl-devel-1.0.2k-12.el7.ppc.rpm openssl-devel-1.0.2k-12.el7.ppc64.rpm openssl-libs-1.0.2k-12.el7.ppc.rpm openssl-libs-1.0.2k-12.el7.ppc64.rpm ppc64le: openssl-1.0.2k-12.el7.ppc64le.rpm openssl-debuginfo-1.0.2k-12.el7.ppc64le.rpm openssl-devel-1.0.2k-12.el7.ppc64le.rpm openssl-libs-1.0.2k-12.el7.ppc64le.rpm s390x: openssl-1.0.2k-12.el7.s390x.rpm openssl-debuginfo-1.0.2k-12.el7.s390.rpm openssl-debuginfo-1.0.2k-12.el7.s390x.rpm openssl-devel-1.0.2k-12.el7.s390.rpm openssl-devel-1.0.2k-12.el7.s390x.rpm openssl-libs-1.0.2k-12.el7.s390.rpm openssl-libs-1.0.2k-12.el7.s390x.rpm x86_64: openssl-1.0.2k-12.el7.x86_64.rpm openssl-debuginfo-1.0.2k-12.el7.i686.rpm openssl-debuginfo-1.0.2k-12.el7.x86_64.rpm openssl-devel-1.0.2k-12.el7.i686.rpm openssl-devel-1.0.2k-12.el7.x86_64.rpm openssl-libs-1.0.2k-12.el7.i686.rpm openssl-libs-1.0.2k-12.el7.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7): Source: openssl-1.0.2k-12.el7.src.rpm aarch64: openssl-1.0.2k-12.el7.aarch64.rpm openssl-debuginfo-1.0.2k-12.el7.aarch64.rpm openssl-devel-1.0.2k-12.el7.aarch64.rpm openssl-libs-1.0.2k-12.el7.aarch64.rpm ppc64le: openssl-1.0.2k-12.el7.ppc64le.rpm openssl-debuginfo-1.0.2k-12.el7.ppc64le.rpm openssl-devel-1.0.2k-12.el7.ppc64le.rpm openssl-libs-1.0.2k-12.el7.ppc64le.rpm s390x: openssl-1.0.2k-12.el7.s390x.rpm openssl-debuginfo-1.0.2k-12.el7.s390.rpm openssl-debuginfo-1.0.2k-12.el7.s390x.rpm openssl-devel-1.0.2k-12.el7.s390.rpm openssl-devel-1.0.2k-12.el7.s390x.rpm openssl-libs-1.0.2k-12.el7.s390.rpm openssl-libs-1.0.2k-12.el7.s390x.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7): aarch64: openssl-debuginfo-1.0.2k-12.el7.aarch64.rpm openssl-perl-1.0.2k-12.el7.aarch64.rpm openssl-static-1.0.2k-12.el7.aarch64.rpm ppc64le: openssl-debuginfo-1.0.2k-12.el7.ppc64le.rpm openssl-perl-1.0.2k-12.el7.ppc64le.rpm openssl-static-1.0.2k-12.el7.ppc64le.rpm s390x: openssl-debuginfo-1.0.2k-12.el7.s390.rpm openssl-debuginfo-1.0.2k-12.el7.s390x.rpm openssl-perl-1.0.2k-12.el7.s390x.rpm openssl-static-1.0.2k-12.el7.s390.rpm openssl-static-1.0.2k-12.el7.s390x.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: openssl-debuginfo-1.0.2k-12.el7.ppc.rpm openssl-debuginfo-1.0.2k-12.el7.ppc64.rpm openssl-perl-1.0.2k-12.el7.ppc64.rpm openssl-static-1.0.2k-12.el7.ppc.rpm openssl-static-1.0.2k-12.el7.ppc64.rpm ppc64le: openssl-debuginfo-1.0.2k-12.el7.ppc64le.rpm openssl-perl-1.0.2k-12.el7.ppc64le.rpm openssl-static-1.0.2k-12.el7.ppc64le.rpm s390x: openssl-debuginfo-1.0.2k-12.el7.s390.rpm openssl-debuginfo-1.0.2k-12.el7.s390x.rpm openssl-perl-1.0.2k-12.el7.s390x.rpm openssl-static-1.0.2k-12.el7.s390.rpm openssl-static-1.0.2k-12.el7.s390x.rpm x86_64: openssl-debuginfo-1.0.2k-12.el7.i686.rpm openssl-debuginfo-1.0.2k-12.el7.x86_64.rpm openssl-perl-1.0.2k-12.el7.x86_64.rpm openssl-static-1.0.2k-12.el7.i686.rpm openssl-static-1.0.2k-12.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: openssl-1.0.2k-12.el7.src.rpm x86_64: openssl-1.0.2k-12.el7.x86_64.rpm openssl-debuginfo-1.0.2k-12.el7.i686.rpm openssl-debuginfo-1.0.2k-12.el7.x86_64.rpm openssl-devel-1.0.2k-12.el7.i686.rpm openssl-devel-1.0.2k-12.el7.x86_64.rpm openssl-libs-1.0.2k-12.el7.i686.rpm openssl-libs-1.0.2k-12.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: openssl-debuginfo-1.0.2k-12.el7.i686.rpm openssl-debuginfo-1.0.2k-12.el7.x86_64.rpm openssl-perl-1.0.2k-12.el7.x86_64.rpm openssl-static-1.0.2k-12.el7.i686.rpm openssl-static-1.0.2k-12.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-3736 https://access.redhat.com/security/cve/CVE-2017-3737 https://access.redhat.com/security/cve/CVE-2017-3738 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-US/red_hat_enterprise_linux/7/html/7.5_release_notes/index.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFazHmPXlSAg2UNWIIRAqu6AKDErP0kbrPwLuGhT0FWhHa/Os9K1gCfRI4r j0HnnUq1AsYgW3JsOqRcuTk= =hlqc -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Description: This release adds the new Apache HTTP Server 2.4.29 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.23, and includes bug fixes and enhancements. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. JIRA issues fixed (https://issues.jboss.org/): JBCS-373 - Errata for httpd 2.4.29 GA RHEL 7 7. ========================================================================== Ubuntu Security Notice USN-3475-1 November 06, 2017 openssl vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 17.10 - Ubuntu 17.04 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Several security issues were fixed in OpenSSL. While unlikely, a remote attacker could possibly use this issue to recover private keys. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 16.10 and Ubuntu 17.04. (CVE-2017-3736) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 17.10: libssl1.0.0 1.0.2g-1ubuntu13.2 Ubuntu 17.04: libssl1.0.0 1.0.2g-1ubuntu11.3 Ubuntu 16.04 LTS: libssl1.0.0 1.0.2g-1ubuntu4.9 Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.23 After a standard system update you need to reboot your computer to make all the necessary changes. 7) - x86_64 3. Description: IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP20. Upstream acknowledges Adam Langley (Google/BoringSSL) as the original reporter of CVE-2016-0705. Bugs fixed (https://bugzilla.redhat.com/): 1310596 - CVE-2016-0705 OpenSSL: Double-free in DSA code 1416856 - CVE-2017-3732 openssl: BN_mod_exp may produce incorrect results on x86_64 1509169 - CVE-2017-3736 openssl: bn_sqrx8x_internal carry bug on x86_64 1600925 - CVE-2018-2952 OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547) 1602145 - CVE-2018-2973 Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (JSSE) 1602146 - CVE-2018-2940 Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (Libraries) 1618767 - CVE-2018-12539 IBM JDK: privilege escalation via insufficiently restricted access to Attach API 1618869 - CVE-2018-1656 IBM JDK: path traversal flaw in the Diagnostic Tooling Framework 1618871 - CVE-2018-1517 IBM JDK: DoS in the java.math component 6. 6) - i386, x86_64 3

Trust: 2.7

sources: NVD: CVE-2017-3736 // JVNDB: JVNDB-2017-010189 // BID: 101666 // VULMON: CVE-2017-3736 // PACKETSTORM: 169626 // PACKETSTORM: 148521 // PACKETSTORM: 148525 // PACKETSTORM: 147117 // PACKETSTORM: 148524 // PACKETSTORM: 144899 // PACKETSTORM: 149110 // PACKETSTORM: 149130

AFFECTED PRODUCTS

vendor:	openssl	model:	openssl	scope:	lt	version:	1.1.0g	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	gte	version:	1.1.0	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	lt	version:	1.0.2m	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	gte	version:	1.0.2	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.1.0g	Trust: 0.8
vendor:	openssl	model:	openssl	scope:	lt	version:	1.1.0	Trust: 0.8
vendor:	hitachi	model:	compute systems manager	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	infrastructure analytics advisor	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	jp1/performance management	scope:	eq	version:	- web console	Trust: 0.8
vendor:	hitachi	model:	jp1/automatic job management system 3	scope:	eq	version:	- web console (windows	Trust: 0.8
vendor:	hitachi	model:	automation director	scope:	eq	version:	( domestic version )	Trust: 0.8
vendor:	hitachi	model:	global link manager	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	jp1/automatic job management system 3	scope:	eq	version:	linux)	Trust: 0.8
vendor:	hitachi	model:	jp1/automatic operation	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	ucosminexus application server	scope:	eq	version:	none	Trust: 0.8
vendor:	hitachi	model:	device manager	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	jp1/it desktop management	scope:	eq	version:	2 - smart device manager	Trust: 0.8
vendor:	hitachi	model:	configuration manager	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	ucosminexus primary server	scope:	eq	version:	base	Trust: 0.8
vendor:	hitachi	model:	ucosminexus service platform	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	tuning manager	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	jp1/operations analytics	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	cosminexus http server	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	jp1/snmp system observer	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	ucosminexus application server	scope:	eq	version:	-r	Trust: 0.8
vendor:	hitachi	model:	ucosminexus service architect	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	tiered storage manager	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	automation director	scope:	eq	version:	( overseas edition )	Trust: 0.8
vendor:	hitachi	model:	replication manager	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	ucosminexus developer	scope:	-	version:	-	Trust: 0.8
vendor:	openssl	model:	openssl	scope:	eq	version:	1.1.0d	Trust: 0.6
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.2k	Trust: 0.6
vendor:	openssl	model:	openssl	scope:	eq	version:	1.1.0c	Trust: 0.6
vendor:	openssl	model:	openssl	scope:	eq	version:	1.1.0e	Trust: 0.6
vendor:	openssl	model:	openssl	scope:	eq	version:	1.1.0b	Trust: 0.6
vendor:	openssl	model:	openssl	scope:	eq	version:	1.1.0a	Trust: 0.6
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.2l	Trust: 0.6
vendor:	openssl	model:	openssl	scope:	eq	version:	1.1.0	Trust: 0.6
vendor:	openssl	model:	openssl	scope:	eq	version:	1.1.0f	Trust: 0.6
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.2j	Trust: 0.6
vendor:	bluecoat	model:	unified agent	scope:	eq	version:	4.8	Trust: 0.3
vendor:	bluecoat	model:	intelligencecenter data collector	scope:	eq	version:	3.3	Trust: 0.3
vendor:	oracle	model:	jd edwards world security a9.4	scope:	-	version:	-	Trust: 0.3
vendor:	oracle	model:	mysql enterprise monitor	scope:	eq	version:	3.3.6.3293	Trust: 0.3
vendor:	openssl	model:	project openssl 1.1.0b	scope:	-	version:	-	Trust: 0.3
vendor:	oracle	model:	linux	scope:	eq	version:	7.0	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.2e	scope:	-	version:	-	Trust: 0.3
vendor:	mcafee	model:	web gateway	scope:	eq	version:	7.7.2.6	Trust: 0.3
vendor:	oracle	model:	mysql enterprise monitor	scope:	eq	version:	4.0.0.5135	Trust: 0.3
vendor:	oracle	model:	mysql enterprise monitor	scope:	eq	version:	3.4.4.4226	Trust: 0.3
vendor:	bluecoat	model:	unified agent	scope:	eq	version:	4.6	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.2i	scope:	-	version:	-	Trust: 0.3
vendor:	oracle	model:	communications eagle	scope:	eq	version:	46.5	Trust: 0.3
vendor:	ibm	model:	db2	scope:	eq	version:	9.7	Trust: 0.3
vendor:	oracle	model:	mysql connectors	scope:	eq	version:	5.1.30	Trust: 0.3
vendor:	openssl	model:	project openssl 1.1.0f	scope:	-	version:	-	Trust: 0.3
vendor:	mcafee	model:	web gateway	scope:	eq	version:	7.7.2.3	Trust: 0.3
vendor:	oracle	model:	secure global desktop	scope:	eq	version:	5.3	Trust: 0.3
vendor:	mcafee	model:	web gateway	scope:	eq	version:	7.6.2.1	Trust: 0.3
vendor:	mcafee	model:	web gateway	scope:	eq	version:	7.6.2.0	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.2g	scope:	-	version:	-	Trust: 0.3
vendor:	oracle	model:	mysql enterprise monitor	scope:	eq	version:	3.0.20	Trust: 0.3
vendor:	bluecoat	model:	advanced secure gateway	scope:	eq	version:	6.6	Trust: 0.3
vendor:	redhat	model:	jboss core services	scope:	eq	version:	1	Trust: 0.3
vendor:	bluecoat	model:	unified agent	scope:	eq	version:	4.9	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.2h	scope:	-	version:	-	Trust: 0.3
vendor:	bluecoat	model:	security analytics	scope:	eq	version:	7.3	Trust: 0.3
vendor:	oracle	model:	vm virtualbox	scope:	eq	version:	5.1.14	Trust: 0.3
vendor:	bluecoat	model:	proxysg	scope:	eq	version:	6.7	Trust: 0.3
vendor:	redhat	model:	jboss eap	scope:	eq	version:	6	Trust: 0.3
vendor:	oracle	model:	vm virtualbox	scope:	eq	version:	5.1.10	Trust: 0.3
vendor:	oracle	model:	mysql enterprise monitor	scope:	eq	version:	3.3.0.1098	Trust: 0.3
vendor:	oracle	model:	mysql enterprise monitor	scope:	eq	version:	3.2.1182	Trust: 0.3
vendor:	openssl	model:	project openssl 1.1.0g	scope:	ne	version:	-	Trust: 0.3
vendor:	bluecoat	model:	proxyav	scope:	eq	version:	3.5	Trust: 0.3
vendor:	oracle	model:	mysql enterprise monitor	scope:	eq	version:	3.1.4.7895	Trust: 0.3
vendor:	bluecoat	model:	intelligencecenter	scope:	eq	version:	3.3	Trust: 0.3
vendor:	oracle	model:	vm virtualbox	scope:	eq	version:	5.2	Trust: 0.3
vendor:	oracle	model:	mysql enterprise monitor	scope:	eq	version:	3.0.10	Trust: 0.3
vendor:	openssl	model:	project openssl 1.1.0e	scope:	-	version:	-	Trust: 0.3
vendor:	oracle	model:	mysql connectors	scope:	eq	version:	5.3.9	Trust: 0.3
vendor:	mcafee	model:	web gateway	scope:	eq	version:	7.6.2.17	Trust: 0.3
vendor:	oracle	model:	mysql enterprise monitor	scope:	eq	version:	3.3.4.3247	Trust: 0.3
vendor:	ibm	model:	db2	scope:	eq	version:	9.8	Trust: 0.3
vendor:	bluecoat	model:	advanced secure gateway	scope:	eq	version:	6.7	Trust: 0.3
vendor:	oracle	model:	mysql enterprise monitor	scope:	eq	version:	3.4.2.4181	Trust: 0.3
vendor:	oracle	model:	vm virtualbox	scope:	eq	version:	5.2.2	Trust: 0.3
vendor:	oracle	model:	mysql enterprise monitor	scope:	eq	version:	3.0.25	Trust: 0.3
vendor:	bluecoat	model:	security analytics	scope:	eq	version:	7.2	Trust: 0.3
vendor:	oracle	model:	mysql enterprise monitor	scope:	eq	version:	3.2.5.1141	Trust: 0.3
vendor:	oracle	model:	mysql enterprise monitor	scope:	eq	version:	3.4.1	Trust: 0.3
vendor:	bluecoat	model:	android mobile agent	scope:	eq	version:	1.3	Trust: 0.3
vendor:	mcafee	model:	web gateway	scope:	eq	version:	7.6.2.2	Trust: 0.3
vendor:	oracle	model:	mysql enterprise monitor	scope:	eq	version:	3.2.1.1049	Trust: 0.3
vendor:	oracle	model:	mysql enterprise monitor	scope:	eq	version:	3.3.2.1162	Trust: 0.3
vendor:	mcafee	model:	web gateway	scope:	eq	version:	7.7	Trust: 0.3
vendor:	mcafee	model:	web gateway	scope:	eq	version:	7.6.2.15	Trust: 0.3
vendor:	bluecoat	model:	proxysg	scope:	eq	version:	6.5	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.2a	scope:	-	version:	-	Trust: 0.3
vendor:	oracle	model:	vm virtualbox	scope:	eq	version:	5.1.32	Trust: 0.3
vendor:	bluecoat	model:	director	scope:	eq	version:	6.1	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.2m	scope:	ne	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.2j	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.2f	scope:	-	version:	-	Trust: 0.3
vendor:	oracle	model:	communications eagle	scope:	eq	version:	46.7	Trust: 0.3
vendor:	oracle	model:	mysql enterprise monitor	scope:	eq	version:	3.0.9	Trust: 0.3
vendor:	openssl	model:	project openssl 1.1.0c	scope:	-	version:	-	Trust: 0.3
vendor:	oracle	model:	jd edwards world security a9.3	scope:	-	version:	-	Trust: 0.3
vendor:	ibm	model:	db2	scope:	eq	version:	10.1	Trust: 0.3
vendor:	redhat	model:	enterprise linux	scope:	eq	version:	7	Trust: 0.3
vendor:	oracle	model:	mysql enterprise monitor	scope:	eq	version:	3.0.22	Trust: 0.3
vendor:	oracle	model:	mysql enterprise monitor	scope:	eq	version:	3.1.6.8003	Trust: 0.3
vendor:	openssl	model:	project openssl	scope:	eq	version:	1.1	Trust: 0.3
vendor:	oracle	model:	mysql enterprise monitor	scope:	eq	version:	3.3.3.1199	Trust: 0.3
vendor:	mcafee	model:	web gateway	scope:	eq	version:	7.6.2.14	Trust: 0.3
vendor:	oracle	model:	vm virtualbox	scope:	eq	version:	5.1.16	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.2c	scope:	-	version:	-	Trust: 0.3
vendor:	oracle	model:	communications eagle	scope:	eq	version:	46.6	Trust: 0.3
vendor:	oracle	model:	vm virtualbox	scope:	eq	version:	5.1.24	Trust: 0.3
vendor:	oracle	model:	mysql enterprise monitor	scope:	eq	version:	3.2.7.1204	Trust: 0.3
vendor:	oracle	model:	vm virtualbox	scope:	eq	version:	5.2.4	Trust: 0.3
vendor:	openssl	model:	project openssl	scope:	eq	version:	1.0.2	Trust: 0.3
vendor:	bluecoat	model:	proxysg	scope:	eq	version:	6.6	Trust: 0.3
vendor:	oracle	model:	mysql connectors	scope:	eq	version:	5.3.7	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.2d	scope:	-	version:	-	Trust: 0.3
vendor:	mcafee	model:	web gateway	scope:	eq	version:	7.6.2.4	Trust: 0.3
vendor:	oracle	model:	mysql connectors	scope:	eq	version:	5.1.34	Trust: 0.3
vendor:	oracle	model:	mysql connectors	scope:	eq	version:	5.1.40	Trust: 0.3
vendor:	redhat	model:	jboss ews	scope:	eq	version:	2	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.2b	scope:	-	version:	-	Trust: 0.3
vendor:	mcafee	model:	web gateway	scope:	ne	version:	7.7.2.7	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.2l	scope:	-	version:	-	Trust: 0.3
vendor:	oracle	model:	mysql enterprise monitor	scope:	eq	version:	3.2.8.2223	Trust: 0.3
vendor:	ibm	model:	db2	scope:	eq	version:	10.5	Trust: 0.3
vendor:	oracle	model:	mysql connectors	scope:	eq	version:	5.1.41	Trust: 0.3
vendor:	mcafee	model:	web gateway	scope:	eq	version:	7.6.2.3	Trust: 0.3
vendor:	oracle	model:	mysql enterprise monitor	scope:	eq	version:	3.2.4.1102	Trust: 0.3
vendor:	oracle	model:	e-business suite	scope:	eq	version:	12.1.3	Trust: 0.3
vendor:	mcafee	model:	web gateway	scope:	eq	version:	7.8.0.1	Trust: 0.3
vendor:	oracle	model:	vm virtualbox	scope:	eq	version:	5.1.20	Trust: 0.3
vendor:	mcafee	model:	web gateway	scope:	eq	version:	7.7.2.2	Trust: 0.3
vendor:	openssl	model:	project openssl 1.1.0a	scope:	-	version:	-	Trust: 0.3
vendor:	oracle	model:	mysql enterprise monitor	scope:	eq	version:	3.0.8	Trust: 0.3
vendor:	openssl	model:	project openssl 1.1.0d	scope:	-	version:	-	Trust: 0.3
vendor:	oracle	model:	mysql enterprise monitor	scope:	eq	version:	3.0	Trust: 0.3
vendor:	bluecoat	model:	bcaaa	scope:	eq	version:	6.1	Trust: 0.3
vendor:	oracle	model:	mysql connectors	scope:	eq	version:	5.1.33	Trust: 0.3
vendor:	bluecoat	model:	unified agent	scope:	eq	version:	4.7	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.2k	scope:	-	version:	-	Trust: 0.3
vendor:	bluecoat	model:	reporter	scope:	eq	version:	9.5	Trust: 0.3
vendor:	mcafee	model:	web gateway	scope:	ne	version:	7.8.0.2	Trust: 0.3
vendor:	oracle	model:	mysql enterprise monitor	scope:	eq	version:	3.1.2	Trust: 0.3
vendor:	oracle	model:	vm virtualbox	scope:	eq	version:	5.1.8	Trust: 0.3
vendor:	mcafee	model:	web gateway	scope:	eq	version:	7.8	Trust: 0.3
vendor:	oracle	model:	mysql enterprise monitor	scope:	eq	version:	3.1.3.7856	Trust: 0.3
vendor:	oracle	model:	mysql enterprise monitor	scope:	eq	version:	3.1.5.7958	Trust: 0.3
vendor:	ibm	model:	db2	scope:	eq	version:	11.1	Trust: 0.3
vendor:	oracle	model:	vm virtualbox	scope:	eq	version:	5.1.30	Trust: 0.3
vendor:	oracle	model:	mysql enterprise monitor	scope:	eq	version:	3.4.0	Trust: 0.3
vendor:	oracle	model:	mysql enterprise monitor	scope:	eq	version:	3.0.18	Trust: 0.3
vendor:	oracle	model:	mysql enterprise monitor	scope:	eq	version:	3.0.4	Trust: 0.3
vendor:	oracle	model:	jd edwards world security a9.3.1	scope:	-	version:	-	Trust: 0.3

sources: BID: 101666 // JVNDB: JVNDB-2017-010189 // CNNVD: CNNVD-201711-066 // NVD: CVE-2017-3736

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-3736
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-3736
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201711-066
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2017-3736
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-3736
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

nvd@nist.gov:	CVE-2017-3736
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULMON: CVE-2017-3736 // JVNDB: JVNDB-2017-010189 // CNNVD: CNNVD-201711-066 // NVD: CVE-2017-3736

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.8

sources: JVNDB: JVNDB-2017-010189 // NVD: CVE-2017-3736

THREAT TYPE

remote

Trust: 0.9

sources: PACKETSTORM: 148525 // PACKETSTORM: 148524 // PACKETSTORM: 144899 // CNNVD: CNNVD-201711-066

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201711-066

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-010189

PATCH

title:	hitachi-sec-2018-106	url:	http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2018-106/index.html	Trust: 0.8
title:	hitachi-sec-2018-124	url:	http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2018-124/index.html	Trust: 0.8
title:	hitachi-sec-2019-105	url:	http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2019-105/index.html	Trust: 0.8
title:	NTAP-20171107-0002	url:	https://security.netapp.com/advisory/ntap-20171107-0002/	Trust: 0.8
title:	bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)	url:	https://www.openssl.org/news/secadv/20171102.txt	Trust: 0.8
title:	TNS-2017-14	url:	https://www.tenable.com/security/tns-2017-14	Trust: 0.8
title:	hitachi-sec-2018-106	url:	http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2018-106/index.html	Trust: 0.8
title:	hitachi-sec-2018-124	url:	http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2018-124/index.html	Trust: 0.8
title:	hitachi-sec-2019-105	url:	http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2019-105/index.html	Trust: 0.8
title:	OpenSSL Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76120	Trust: 0.6
title:	Red Hat: Moderate: openssl security and bug fix update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20180998 - Security Advisory	Trust: 0.1
title:	Ubuntu Security Notice: openssl vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3475-1	Trust: 0.1
title:	Debian Security Advisories: DSA-4017-1 openssl1.0 -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=c59b0b63bafaa6def9e5da50acf68ca8	Trust: 0.1
title:	Red Hat: Important: java-1.8.0-ibm security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20182575 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 RHEL 7 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20182185 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 RHEL 6 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20182186 - Security Advisory	Trust: 0.1
title:	Debian Security Advisories: DSA-4018-1 openssl -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=ac7ab332aa094dcdde4da9f7cb2a19f1	Trust: 0.1
title:	Red Hat: Important: java-1.8.0-ibm security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20182568 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: java-1.8.0-ibm security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20182713 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20182187 - Security Advisory	Trust: 0.1
title:	Red Hat: CVE-2017-3736	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2017-3736	Trust: 0.1
title:	Arch Linux Issues:	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2017-3736	Trust: 0.1
title:	Amazon Linux AMI: ALAS-2018-1016	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2018-1016	Trust: 0.1
title:	Symantec Security Advisories: SA157: OpenSSL Vulnerabilities 28-Aug-2017 and 2-Nov-2017	url:	https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories&qid=7d613a491eb4632d0bd09811cbeaee1e	Trust: 0.1
title:	Arch Linux Advisories: [ASA-201712-9] openssl-1.0: multiple issues	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201712-9	Trust: 0.1
title:	Arch Linux Advisories: [ASA-201711-14] openssl: multiple issues	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201711-14	Trust: 0.1
title:	Arch Linux Advisories: [ASA-201711-15] lib32-openssl: multiple issues	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201711-15	Trust: 0.1
title:	IBM: IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect Operations Center and Client Management Service (CVE-2016-0705, CVE-2017-3732, CVE-2017-3736, CVE-2018-1656, CVE-2018-12539)	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=3d9ab13c871ea2142681c7977b25c5ff	Trust: 0.1
title:	Hitachi Security Advisories: Multiple Vulnerabilities in JP1	url:	https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories&qid=hitachi-sec-2019-105	Trust: 0.1
title:	Arch Linux Advisories: [ASA-201712-11] lib32-openssl-1.0: multiple issues	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201712-11	Trust: 0.1
title:	IBM: IBM Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU – Jul 2018 – Includes Oracle Jul 2018 CPU affects DB2 Recovery Expert for Linux, Unix and Windows	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=af4ddb95056d65a4af347aec0f652f0e	Trust: 0.1
title:	Tenable Security Advisories: [R1] Nessus 6.11.3 Fixes Multiple Third-party Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2017-15	Trust: 0.1
title:	Amazon Linux 2: ALAS2-2018-1004	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2018-1004	Trust: 0.1
title:	IBM: IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cognos Planning	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=62ef85c9034c17315b7d0a712483c5ea	Trust: 0.1
title:	Tenable Security Advisories: [R1] SecurityCenter 5.6.0.1 Fixes Multiple Third-party Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2017-14	Trust: 0.1
title:	IBM: IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Reporting for Development Intelligence	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=03b0267d78cd8ac1bbb43afc737474f0	Trust: 0.1
title:	IBM: IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM InfoSphere Information Server	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=63bbfc68418161b36080acd59a541d45	Trust: 0.1
title:	IBM: IBM Security Bulletin: IBM Cognos Controller 2019Q2 Security Updater: Multiple vulnerabilities have been identified in IBM Cognos Controller	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=38227211accce022b0a3d9b56a974186	Trust: 0.1
title:	Oracle: Oracle Critical Patch Update Advisory - July 2018	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=5f8c525f1408011628af1792207b2099	Trust: 0.1
title:	Oracle: Oracle Critical Patch Update Advisory - April 2018	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=4019ca77f50c7a34e4d97833e6f3321e	Trust: 0.1
title:	Oracle: Oracle Critical Patch Update Advisory - January 2019	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=f655264a6935505d167bbf45f409a57b	Trust: 0.1
title:	Oracle: Oracle Critical Patch Update Advisory - October 2018	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=81c63752a6f26433af2128b2e8c02385	Trust: 0.1
title:	Oracle Linux Bulletins: Oracle Linux Bulletin - April 2018	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins&qid=ae57a14ec914f60b7203332a77613077	Trust: 0.1
title:	IBM: IBM Security Bulletin: Multiple Security Vulnerabilities have been fixed in IBM Security Privileged Identity Manager Appliance.	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=f5bb2b180c7c77e5a02747a1f31830d9	Trust: 0.1
title:	Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2018	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=72fe5ebf222112c8481815fd7cefc7af	Trust: 0.1
title:	Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2018	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=525e4e31765e47b9e53b24e880af9d6e	Trust: 0.1
title:	IBM: IBM Security Bulletin: IBM Security Privileged Identity Manager is affected by multiple vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=dd8c9d5928cc3b1ac8c35b4b24703e38	Trust: 0.1
title:	Oracle: Oracle Critical Patch Update Advisory - January 2018	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=e2a7f287e9acc8c64ab3df71130bc64d	Trust: 0.1
title:	IBM: Security Bulletin: Multiple vulnerabilities in IBM Java affect IBM Netezza Analytics for NPS	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=c36fc403a4c2c6439b732d2fca738f58	Trust: 0.1
title:	cp4s-car-schema	url:	https://github.com/IBM/cp4s-car-schema	Trust: 0.1
title:	core-kit	url:	https://github.com/funtoo/core-kit	Trust: 0.1

sources: VULMON: CVE-2017-3736 // JVNDB: JVNDB-2017-010189 // CNNVD: CNNVD-201711-066

EXTERNAL IDS

db:	NVD	id:	CVE-2017-3736	Trust: 3.6
db:	BID	id:	101666	Trust: 2.0
db:	TENABLE	id:	TNS-2017-15	Trust: 1.7
db:	TENABLE	id:	TNS-2017-14	Trust: 1.7
db:	SECTRACK	id:	1039727	Trust: 1.7
db:	MCAFEE	id:	SB10211	Trust: 0.9
db:	JVNDB	id:	JVNDB-2017-010189	Trust: 0.8
db:	AUSCERT	id:	ESB-2019.1089	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4645	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4748	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.0258.3	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.0696	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.1613	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.1415	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.0733	Trust: 0.6
db:	CNNVD	id:	CNNVD-201711-066	Trust: 0.6
db:	VULMON	id:	CVE-2017-3736	Trust: 0.1
db:	PACKETSTORM	id:	169626	Trust: 0.1
db:	PACKETSTORM	id:	148521	Trust: 0.1
db:	PACKETSTORM	id:	148525	Trust: 0.1
db:	PACKETSTORM	id:	147117	Trust: 0.1
db:	PACKETSTORM	id:	148524	Trust: 0.1
db:	PACKETSTORM	id:	144899	Trust: 0.1
db:	PACKETSTORM	id:	149110	Trust: 0.1
db:	PACKETSTORM	id:	149130	Trust: 0.1

sources: VULMON: CVE-2017-3736 // BID: 101666 // PACKETSTORM: 169626 // PACKETSTORM: 148521 // PACKETSTORM: 148525 // PACKETSTORM: 147117 // PACKETSTORM: 148524 // PACKETSTORM: 144899 // PACKETSTORM: 149110 // PACKETSTORM: 149130 // JVNDB: JVNDB-2017-010189 // CNNVD: CNNVD-201711-066 // NVD: CVE-2017-3736

REFERENCES

url:	http://www.securityfocus.com/bid/101666	Trust: 2.4
url:	https://www.openssl.org/news/secadv/20171102.txt	Trust: 2.0
url:	http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html	Trust: 2.0
url:	http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html	Trust: 2.0
url:	https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html	Trust: 2.0
url:	https://access.redhat.com/errata/rhsa-2018:0998	Trust: 1.9
url:	https://access.redhat.com/errata/rhsa-2018:2187	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2018:2186	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2018:2185	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2018:2568	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2018:2575	Trust: 1.8
url:	http://www.securitytracker.com/id/1039727	Trust: 1.7
url:	https://www.debian.org/security/2017/dsa-4018	Trust: 1.7
url:	https://www.debian.org/security/2017/dsa-4017	Trust: 1.7
url:	https://security.netapp.com/advisory/ntap-20171107-0002/	Trust: 1.7
url:	https://www.tenable.com/security/tns-2017-14	Trust: 1.7
url:	https://security.freebsd.org/advisories/freebsd-sa-17:11.openssl.asc	Trust: 1.7
url:	https://www.tenable.com/security/tns-2017-15	Trust: 1.7
url:	https://security.gentoo.org/glsa/201712-03	Trust: 1.7
url:	https://security.netapp.com/advisory/ntap-20180117-0002/	Trust: 1.7
url:	https://github.com/openssl/openssl/commit/4443cf7aa0099e5ce615c18cee249fff77fb0871	Trust: 1.7
url:	http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html	Trust: 1.7
url:	https://access.redhat.com/errata/rhsa-2018:2713	Trust: 1.7
url:	https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbst03881en_us	Trust: 1.7
url:	http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html	Trust: 1.7
url:	https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html	Trust: 1.7
url:	https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2017-3736	Trust: 1.6
url:	https://access.redhat.com/security/cve/cve-2017-3736	Trust: 1.5
url:	https://github.com/openssl/openssl/commit/668a709a8d7ea374ee72ad2d43ac72ec60a80eee	Trust: 0.9
url:	https://bugzilla.redhat.com/show_bug.cgi?id=1509169	Trust: 0.9
url:	http://openssl.org/	Trust: 0.9
url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10211	Trust: 0.9
url:	https://www.oracle.com/technetwork/topics/security/linuxbulletinapr2018-4431087.html	Trust: 0.9
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21984819	Trust: 0.9
url:	https://www.symantec.com/security-center/network-protection-security-advisories/sa157	Trust: 0.9
url:	https://www-01.ibm.com/support/docview.wss?uid=ssg1s1012049	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3736	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-3732	Trust: 0.6
url:	https://access.redhat.com/security/team/contact/	Trust: 0.6
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.6
url:	https://bugzilla.redhat.com/):	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-201914246-1.html	Trust: 0.6
url:	http://www.ibm.com/support/docview.wss?uid=ibm10715641	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.0696	Trust: 0.6
url:	https://www-01.ibm.com/support/docview.wss?uid=ibm10882734	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/76710	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4748/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4645/	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1138588	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-affect-ibm-netezza-analytics/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-affect-ibm-netezza-analytics-for-nps/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-jre-8-0-1-1-affect-ibm-netezza-platform-software-clients/	Trust: 0.6
url:	http://www.ibm.com/support/docview.wss?uid=ibm10882292	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/80494	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/79678	Trust: 0.6
url:	http://www.ibm.com/support/docview.wss?uid=ibm10734877	Trust: 0.6
url:	http://www.ibm.com/support/docview.wss?uid=ibm10879093	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/78218	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/74714	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2017-3738	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2017-3732	Trust: 0.5
url:	https://access.redhat.com/articles/11258	Trust: 0.5
url:	https://access.redhat.com/security/team/key/	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2017-3737	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2017-3738	Trust: 0.4
url:	https://access.redhat.com/security/updates/classification/#moderate	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2017-3737	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2182	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2017-3731	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-7055	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-6302	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2017-3731	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2016-6306	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-6306	Trust: 0.3
url:	https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.29/	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2016-2182	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2016-7055	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2016-6302	Trust: 0.3
url:	https://issues.jboss.org/):	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-2940	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2018-2952	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2018-12539	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-0705	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2016-0705	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2018-2973	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2018-1656	Trust: 0.2
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2018-2940	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2018-1517	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-1517	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-2952	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-1656	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-2973	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-12539	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/200.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://usn.ubuntu.com/3475-1/	Trust: 0.1
url:	https://tools.cisco.com/security/center/viewalert.x?alertid=57518	Trust: 0.1
url:	https://www.openssl.org/policies/secpolicy.html	Trust: 0.1
url:	https://www.openssl.org/news/secadv/20180327.txt	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-0701	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3193	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0739	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0733	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.5_release_notes/index.html	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.9	Trust: 0.1
url:	https://www.ubuntu.com/usn/usn-3475-1	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-3735	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.23	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu11.3	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu13.2	Trust: 0.1

CREDITS

OSS-Fuzz

Trust: 0.9

sources: BID: 101666 // CNNVD: CNNVD-201711-066

SOURCES

db:	VULMON	id:	CVE-2017-3736
db:	BID	id:	101666
db:	PACKETSTORM	id:	169626
db:	PACKETSTORM	id:	148521
db:	PACKETSTORM	id:	148525
db:	PACKETSTORM	id:	147117
db:	PACKETSTORM	id:	148524
db:	PACKETSTORM	id:	144899
db:	PACKETSTORM	id:	149110
db:	PACKETSTORM	id:	149130
db:	JVNDB	id:	JVNDB-2017-010189
db:	CNNVD	id:	CNNVD-201711-066
db:	NVD	id:	CVE-2017-3736

LAST UPDATE DATE

2025-08-11T20:00:40.970000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2017-3736	date:	2019-04-23T00:00:00
db:	BID	id:	101666	date:	2019-07-17T09:00:00
db:	JVNDB	id:	JVNDB-2017-010189	date:	2019-08-01T00:00:00
db:	CNNVD	id:	CNNVD-201711-066	date:	2022-02-18T00:00:00
db:	NVD	id:	CVE-2017-3736	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2017-3736	date:	2017-11-02T00:00:00
db:	BID	id:	101666	date:	2017-11-02T00:00:00
db:	PACKETSTORM	id:	169626	date:	2018-03-27T12:12:12
db:	PACKETSTORM	id:	148521	date:	2018-07-12T21:45:18
db:	PACKETSTORM	id:	148525	date:	2018-07-12T21:48:57
db:	PACKETSTORM	id:	147117	date:	2018-04-11T01:25:17
db:	PACKETSTORM	id:	148524	date:	2018-07-12T21:48:49
db:	PACKETSTORM	id:	144899	date:	2017-11-06T22:24:00
db:	PACKETSTORM	id:	149110	date:	2018-08-28T16:46:26
db:	PACKETSTORM	id:	149130	date:	2018-08-29T00:28:49
db:	JVNDB	id:	JVNDB-2017-010189	date:	2017-12-07T00:00:00
db:	CNNVD	id:	CNNVD-201711-066	date:	2017-11-09T00:00:00
db:	NVD	id:	CVE-2017-3736	date:	2017-11-02T17:29:00.243