Vulnerabilities > CVE-2009-3555 - Improper Certificate Validation vulnerability in multiple products
Summary
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Creating a Rogue Certificate Authority Certificate An attacker exploits a weakness in the MD5 hash algorithm (weak collision resistance) to generate a certificate signing request (CSR) that contains collision blocks in the "to be signed" part. The attacker specially crafts two different, but valid X.509 certificates that when hashed with the MD5 algorithm would yield the same value. The attacker then sends the CSR for one of the certificates to the Certification Authority which uses the MD5 hashing algorithm. That request is completely valid and the Certificate Authority issues an X.509 certificate to the attacker which is signed with its private key. An attacker then takes that signed blob and inserts it into another X.509 certificate that the attacker generated. Due to the MD5 collision, both certificates, though different, hash to the same value and so the signed blob works just as well in the second certificate. The net effect is that the attackers' second X.509 certificate, which the Certification Authority has never seen, is now signed and validated by that Certification Authority. To make the attack more interesting, the second certificate could be not just a regular certificate, but rather itself a signing certificate. Thus the attacker is able to start their own Certification Authority that is anchored in its root of trust in the legitimate Certification Authority that has signed the attackers' first X.509 certificate. If the original Certificate Authority was accepted by default by browsers, so will now the Certificate Authority set up by the attacker and of course any certificates that it signs. So the attacker is now able to generate any SSL certificates to impersonate any web server, and the user's browser will not issue any warning to the victim. This can be used to compromise HTTPS communications and other types of systems where PKI and X.509 certificates may be used (e.g., VPN, IPSec) .
Exploit-Db
description TLS Renegotiation Vulnerability PoC Exploit. CVE-2009-3555. Remote exploits for multiple platform id EDB-ID:10579 last seen 2016-02-01 modified 2009-12-21 published 2009-12-21 reporter RedTeam Pentesting source https://www.exploit-db.com/download/10579/ title TLS Renegotiation Vulnerability PoC description Mozilla NSS NULL Character CA SSL Certificate Validation Security Bypass Vulnerability. CVE-2009-3555. Remote exploits for multiple platform id EDB-ID:10071 last seen 2016-02-01 modified 2009-11-10 published 2009-11-10 reporter Dan Kaminsky source https://www.exploit-db.com/download/10071/ title Mozilla NSS NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
Msbulletin
bulletin_id | MS10-049 |
bulletin_url | |
date | 2010-08-10T00:00:00 |
impact | Remote Code Execution |
knowledgebase_id | 980436 |
knowledgebase_url | |
severity | Critical |
title | Vulnerabilities in SChannel could allow Remote Code Execution |
Nessus
NASL family Windows NASL id HP_SYSTEMS_INSIGHT_MANAGER_700_MULTIPLE_VULNS.NASL description The version of HP Systems Insight Manager installed on the remote Windows host is affected by vulnerabilities in the following components : - TLS and SSL protocols - Apache Tomcat - Java - Flash Player - BlazeDS/GraniteDS - Adobe LiveCycle - Adobe Flex SDK - Systems Insight Manager last seen 2020-06-01 modified 2020-06-02 plugin id 59684 published 2012-06-15 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/59684 title HP Systems Insight Manager < 7.0 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(59684); script_version("1.19"); script_cvs_date("Date: 2018/11/15 20:50:27"); script_cve_id( "CVE-2009-3555", "CVE-2010-2227", "CVE-2010-4470", "CVE-2010-4476", "CVE-2011-0611", "CVE-2011-0786", "CVE-2011-0788", "CVE-2011-0802", "CVE-2011-0814", "CVE-2011-0815", "CVE-2011-0817", "CVE-2011-0862", "CVE-2011-0863", "CVE-2011-0864", "CVE-2011-0865", "CVE-2011-0866", "CVE-2011-0867", "CVE-2011-0868", "CVE-2011-0869", "CVE-2011-0871", "CVE-2011-0872", "CVE-2011-0873", "CVE-2011-2092", "CVE-2011-2093", "CVE-2011-2130", "CVE-2011-2134", "CVE-2011-2135", "CVE-2011-2136", "CVE-2011-2137", "CVE-2011-2138", "CVE-2011-2139", "CVE-2011-2140", "CVE-2011-2414", "CVE-2011-2415", "CVE-2011-2416", "CVE-2011-2417", "CVE-2011-2425", "CVE-2011-2426", "CVE-2011-2427", "CVE-2011-2428", "CVE-2011-2429", "CVE-2011-2430", "CVE-2011-2444", "CVE-2011-2445", "CVE-2011-2450", "CVE-2011-2451", "CVE-2011-2452", "CVE-2011-2453", "CVE-2011-2454", "CVE-2011-2455", "CVE-2011-2456", "CVE-2011-2457", "CVE-2011-2458", "CVE-2011-2459", "CVE-2011-2460", "CVE-2011-2461", "CVE-2011-3556", "CVE-2011-3557", "CVE-2011-3558", "CVE-2012-1995", "CVE-2012-1996", "CVE-2012-1997", "CVE-2012-1998", "CVE-2012-1999" ); script_bugtraq_id( 36935, 41544, 42817, 46091, 46387, 47314, 48133, 48134, 48135, 48136, 48137, 48138, 48139, 48140, 48141, 48142, 48143, 48144, 48145, 48146, 48147, 48148, 48149, 48267, 48279, 49073, 49074, 49075, 49076, 49077, 49079, 49080, 49081, 49082, 49083, 49084, 49085, 49086, 49710, 49714, 49715, 49716, 49717, 49718, 50618, 50619, 50620, 50621, 50622, 50623, 50624, 50625, 50626, 50627, 50628, 50629, 50869, 53315 ); script_xref(name:"HP", value:"HPSBMU02769"); script_xref(name:"HP", value:"SSRT100846"); script_xref(name:"HP", value:"SSRT100093"); script_xref(name:"HP", value:"SSRT090028"); script_xref(name:"HP", value:"SSRT100110"); script_xref(name:"HP", value:"SSRT100373"); script_xref(name:"HP", value:"SSRT100426"); script_xref(name:"HP", value:"SSRT100514"); script_xref(name:"HP", value:"SSRT100562"); script_xref(name:"HP", value:"SSRT100639"); script_xref(name:"HP", value:"SSRT100702"); script_xref(name:"HP", value:"SSRT100819"); script_name(english:"HP Systems Insight Manager < 7.0 Multiple Vulnerabilities"); script_summary(english:"Checks the version of HP Systems Insight Manager."); script_set_attribute(attribute:"synopsis", value: "The remote Windows host contains software that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of HP Systems Insight Manager installed on the remote Windows host is affected by vulnerabilities in the following components : - TLS and SSL protocols - Apache Tomcat - Java - Flash Player - BlazeDS/GraniteDS - Adobe LiveCycle - Adobe Flex SDK - Systems Insight Manager"); script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?72e42ec4"); script_set_attribute(attribute:"solution", value:"Upgrade to HP Systems Insight Manager 7.0 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Java RMI Server Insecure Default Configuration Java Code Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_cwe_id(310); script_set_attribute(attribute:"vuln_publication_date", value:"2009/11/09"); script_set_attribute(attribute:"patch_publication_date", value:"2012/04/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/06/15"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:hp:systems_insight_manager"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc."); script_dependencies("hp_systems_insight_manager_installed.nasl"); script_require_keys("installed_sw/HP Systems Insight Manager"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("install_func.inc"); include("misc_func.inc"); app_name = "HP Systems Insight Manager"; get_install_count(app_name:app_name, exit_if_zero:TRUE); install = get_single_install(app_name:app_name); path = install['path']; version = install['version']; if (version =~ '^(([A-Z]\\.)?0[0-5]\\.|([A-C]\\.)?0[0-6]\\.[0-9\\.]+)') { set_kb_item(name:'www/0/XSS', value:TRUE); set_kb_item(name:'www/0/XSRF', value:TRUE); port = get_kb_item('SMB/transport'); if (!port) port = 445; if (report_verbosity > 0) { report = '\n Path : ' + path + '\n Installed version : ' + version + '\n Fixed version : C.07.00.00.00' + '\n'; security_hole(port:port, extra:report); } else security_hole(port); } else audit(AUDIT_INST_PATH_NOT_VULN, app_name, version, path);
NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2010-0167.NASL description Updated gnutls packages that fix two security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handled session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client last seen 2020-06-01 modified 2020-06-02 plugin id 45366 published 2010-03-29 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/45366 title CentOS 4 : gnutls (CESA-2010:0167) NASL family SuSE Local Security Checks NASL id SUSE_11_4_COMPAT-OPENSSL097G-110721.NASL description This update adds openssl patches since 2007 for : - CVE-2008-5077 - CVE-2009-0590 - CVE-2009-0789 - CVE-2009-3555 - CVE-2010-4180 last seen 2020-06-01 modified 2020-06-02 plugin id 75802 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75802 title openSUSE Security Update : compat-openssl097g (openSUSE-SU-2011:0845-1) NASL family SuSE Local Security Checks NASL id SUSE_JAVA-1_4_2-IBM-7231.NASL description IBM Java 1.4.2 was updated to SR13 FP6 to fix various bugs and security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 51339 published 2010-12-17 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/51339 title SuSE 10 Security Update : IBM Java 1.4.2 (ZYPP Patch Number 7231) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-923-1.NASL description Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user last seen 2020-06-01 modified 2020-06-02 plugin id 45474 published 2010-04-09 reporter Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/45474 title Ubuntu 8.04 LTS / 8.10 / 9.04 / 9.10 : openjdk-6 vulnerabilities (USN-923-1) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2010-0339.NASL description Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE) contains the software and tools that users need to run applications written using the Java programming language. A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handle session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client last seen 2020-06-01 modified 2020-06-02 plugin id 46295 published 2010-05-11 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/46295 title RHEL 5 : java-1.6.0-openjdk (RHSA-2010:0339) NASL family Scientific Linux Local Security Checks NASL id SL_20100331_JAVA__JDK_1_6_0__ON_SL4_X.NASL description CVE-2009-3555 TLS: MITM attacks via session renegotiation CVE-2010-0082 OpenJDK Loader-constraint table allows arrays instead of only the base-classes (6626217) CVE-2010-0084 OpenJDK Policy/PolicyFile leak dynamic ProtectionDomains. (6633872) CVE-2010-0085 OpenJDK File TOCTOU deserialization vulnerability (6736390) CVE-2010-0088 OpenJDK Inflater/Deflater clone issues (6745393) CVE-2010-0091 OpenJDK Unsigned applet can retrieve the dragged information before drop action occurs(6887703) CVE-2010-0092 OpenJDK AtomicReferenceArray causes SIGSEGV -> SEGV_MAPERR error (6888149) CVE-2010-0093 OpenJDK System.arraycopy unable to reference elements beyond Integer.MAX_VALUE bytes (6892265) CVE-2010-0094 OpenJDK Deserialization of RMIConnectionImpl objects should enforce stricter checks (6893947) CVE-2010-0095 OpenJDK Subclasses of InetAddress may incorrectly interpret network addresses (6893954) CVE-2010-0845 OpenJDK No ClassCastException for HashAttributeSet constructors if run with -Xcomp (6894807) CVE-2010-0838 OpenJDK CMM readMabCurveData Buffer Overflow Vulnerability (6899653) CVE-2010-0837 OpenJDK JAR last seen 2020-06-01 modified 2020-06-02 plugin id 60777 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60777 title Scientific Linux Security Update : java (jdk 1.6.0) on SL4.x, SL5.x i386/x86_64 NASL family SuSE Local Security Checks NASL id SUSE_11_GNUTLS-101206.NASL description The SSL-renegotiation last seen 2020-06-01 modified 2020-06-02 plugin id 51198 published 2010-12-16 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/51198 title SuSE 11 / 11.1 Security Update : GnuTLS (SAT Patch Numbers 3650 / 3651) NASL family SuSE Local Security Checks NASL id SUSE_11_1_JAVA-1_6_0-OPENJDK-100428.NASL description java-1_6_0-openjdk version 1.7.3 fixes serveral security issues : - CVE-2010-0837: JAR last seen 2020-06-01 modified 2020-06-02 plugin id 46189 published 2010-04-30 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/46189 title openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2010:0182-1) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2009-295.NASL description A vulnerability was discovered and corrected in apache : Apache is affected by SSL injection or man-in-the-middle attacks due to a design flaw in the SSL and/or TLS protocols. A short term solution was released Sat Nov 07 2009 by the ASF team to mitigate these problems. Apache will now reject in-session renegotiation (CVE-2009-3555). Additionally the SNI patch was upgraded for 2009.0/MES5 and 2009.1. This update provides a solution to this vulnerability. last seen 2020-06-01 modified 2020-06-02 plugin id 42429 published 2009-11-09 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/42429 title Mandriva Linux Security Advisory : apache (MDVSA-2009:295) NASL family SuSE Local Security Checks NASL id SUSE_11_LIBOPENSSL-DEVEL-100331.NASL description This update adds support for RFC5746 TLS renegotiations to address vulnerabilities tracked as (CVE-2009-3555). It also fixes a mishandling of OOM conditions in bn_wexpand. (CVE-2009-3245) Installation notes This update is provided as RPM packages that can easily be installed onto a running system by using this command : rpm -Fvh libopenssl-devel.rpm libopenssl0_9_8.rpm libopenssl0_9_8-32bit.rpm libopenssl0_9_8-x86.rpm openssl.rpm openssl-debuginfo.rpm openssl-debugsource.rpm openssl-doc.rpm last seen 2020-06-01 modified 2020-06-02 plugin id 50937 published 2010-12-02 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/50937 title SuSE 11 Security Update : OpenSSL (SAT Patch Number 2214) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-927-4.NASL description USN-927-1 fixed vulnerabilities in nss in Ubuntu 9.10. This update provides the corresponding updates for Ubuntu 8.04 LTS. Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user last seen 2020-06-01 modified 2020-06-02 plugin id 47159 published 2010-06-30 reporter Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47159 title Ubuntu 8.04 LTS : nss vulnerability (USN-927-4) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2010-076.NASL description This update fixes several security issues in openssl : - The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection (CVE-2010-0740) - OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls which has unspecified impact and context-dependent attack vectors (CVE-2009-3245) - The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, could allow remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) (CVE-2010-0433) - Finally, this update provides support for secure renegotiation, preventing men-in-the-middle attacks (CVE-2009-3555). Packages for 2008.0 and 2009.0 are provided due to the Extended Maintenance Program for those products. Update : Packages for 2009.0 are provided due to the Extended Maintenance Program. last seen 2020-06-01 modified 2020-06-02 plugin id 45563 published 2010-04-19 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/45563 title Mandriva Linux Security Advisory : openssl (MDVSA-2010:076-1) NASL family SuSE Local Security Checks NASL id SUSE9_12606.NASL description This update adds support for RFC5746 TLS renegotiations to address vulnerabilities tracked as (CVE-2009-3555). It also fixes a mishandling of OOM conditions in bn_wexpand. (CVE-2009-3245) last seen 2020-06-01 modified 2020-06-02 plugin id 45401 published 2010-04-02 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/45401 title SuSE9 Security Update : OpenSSL (YOU Patch Number 12606) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2010-0165.NASL description Updated nss packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSLv2, SSLv3, TLS, and other security standards. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. These facilities include threads, thread synchronization, normal file and network I/O, interval timing, calendar time, basic memory management (malloc and free), and shared library linking. A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handled session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client last seen 2020-06-01 modified 2020-06-02 plugin id 46276 published 2010-05-11 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/46276 title RHEL 4 / 5 : nss (RHSA-2010:0165) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-990-2.NASL description USN-860-1 introduced a partial workaround to Apache that disabled client initiated TLS renegotiation in order to mitigate CVE-2009-3555. USN-990-1 introduced the new RFC5746 renegotiation extension in openssl, and completely resolves the issue. After updating openssl, an Apache server will allow both patched and unpatched web browsers to connect, but unpatched browsers will not be able to renegotiate. This update introduces the new SSLInsecureRenegotiation directive for Apache that may be used to re-enable insecure renegotiations with unpatched web browsers. For more information, please refer to: http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslinsecurerenegotia tion Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user last seen 2020-06-01 modified 2020-06-02 plugin id 49644 published 2010-09-22 reporter Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/49644 title Ubuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : apache2 vulnerability (USN-990-2) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-990-1.NASL description Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user last seen 2020-06-01 modified 2020-06-02 plugin id 49643 published 2010-09-22 reporter Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/49643 title Ubuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : openssl vulnerability (USN-990-1) NASL family Web Servers NASL id OPENSSL_0_9_8M.NASL description According to its banner, the remote web server uses a version of OpenSSL older than 0.9.8m. Such versions have the following vulnerabilities : - Session renegotiations are not handled properly, which could be exploited to insert arbitrary plaintext by a man-in-the-middle. (CVE-2009-3555) - The library does not check for a NULL return value from calls to the bn_wexpand() function, which has unspecified impact. (CVE-2009-3245) - A memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c allows remote attackers to cause a denial of service via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function. (CVE-2008-1678, CVE-2009-4355) For this vulnerability to be exploitable, compression must be enabled in OpenSSL for SSL/TLS connections. last seen 2020-06-01 modified 2020-06-02 plugin id 45039 published 2010-03-11 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/45039 title OpenSSL < 0.9.8m Multiple Vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_11_2_JAVA-1_6_0-SUN-101019.NASL description Sun Java 1.6.0 was updated to Security Update U22. The release notes for this release are on: http://www.oracle.com/technetwork/java/javase/6u22releasenotes-176121. html Security advisory page for this update: http://www.oracle.com/technetwork/topics/security/javacpuoct2010-17625 8.html Following CVEs are tracked by the update: CVE-2010-3556 CVE-2010-3562 CVE-2010-3565 CVE-2010-3566 CVE-2010-3567 CVE-2010-3571 CVE-2010-3554 CVE-2010-3563 CVE-2010-3568 CVE-2010-3569 CVE-2010-3558 CVE-2010-3552 CVE-2010-3559 CVE-2010-3572 CVE-2010-3553 CVE-2010-3555 CVE-2010-3550 CVE-2010-3570 CVE-2010-3561 CVE-2009-3555 CVE-2010-1321 CVE-2010-3549 CVE-2010-3557 CVE-2010-3541 CVE-2010-3573 CVE-2010-3574 CVE-2010-3548 CVE-2010-3551 CVE-2010-3560 last seen 2020-06-01 modified 2020-06-02 plugin id 50299 published 2010-10-22 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/50299 title openSUSE Security Update : java-1_6_0-sun (openSUSE-SU-2010:0754-1) NASL family Fedora Local Security Checks NASL id FEDORA_2009-12782.NASL description - Fri Dec 4 2009 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.7.64-1 - update to 0.7.64 - Thu Oct 29 2009 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.7.63-1 - update to 0.7.63 - Mon Sep 14 2009 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.7.62-1 - update to 0.7.62 - fixes CVE-2009-2629 - Sun Aug 2 2009 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.7.61-1 - update to new stable 0.7.61 - remove third-party module Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 43034 published 2009-12-08 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/43034 title Fedora 11 : nginx-0.7.64-1.fc11 (2009-12782) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2010-0167.NASL description From Red Hat Security Advisory 2010:0167 : Updated gnutls packages that fix two security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handled session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client last seen 2020-06-01 modified 2020-06-02 plugin id 68021 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68021 title Oracle Linux 4 : gnutls (ELSA-2010-0167) NASL family MacOS X Local Security Checks NASL id MACOSX_JAVA_10_6_UPDATE3.NASL description The remote Mac OS X host is running a version of Java for Mac OS X 10.6 that is missing Update 3. The remote version of this software contains several security vulnerabilities, including some that may allow untrusted Java applets or applications to obtain elevated privileges and lead to execution of arbitrary code with the privileges of the current user outside the Java sandbox. last seen 2020-03-18 modified 2010-10-20 plugin id 50073 published 2010-10-20 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/50073 title Mac OS X : Java for Mac OS X 10.6 Update 3 NASL family Scientific Linux Local Security Checks NASL id SL_20100325_OPENSSL_ON_SL3_X.NASL description A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handled session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client last seen 2020-06-01 modified 2020-06-02 plugin id 60758 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60758 title Scientific Linux Security Update : openssl on SL3.x, SL4.x i386/x86_64 NASL family Solaris Local Security Checks NASL id SOLARIS10_125437-22.NASL description Oracle iPlanet Web Server 7.0.12 Solaris: Update Release patch. Date this patch was last updated by Sun : Aug/19/11 last seen 2020-06-01 modified 2020-06-02 plugin id 107431 published 2018-03-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107431 title Solaris 10 (sparc) : 125437-22 NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_128641-30.NASL description Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 9.2.4, 10.0.2, 10.3.5, 10.3.6 and 12.1.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. last seen 2020-06-01 modified 2020-06-02 plugin id 107968 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107968 title Solaris 10 (x86) : 128641-30 NASL family Scientific Linux Local Security Checks NASL id SL_20101110_JAVA_1_6_0_OPENJDK_ON_SL6_X.NASL description defaultReadObject of the Serialization API could be tricked into setting a volatile field multiple times, which could allow a remote attacker to execute arbitrary code with the privileges of the user running the applet or application. (CVE-2010-3569) Race condition in the way objects were deserialized could allow an untrusted applet or application to misuse the privileges of the user running the applet or application. (CVE-2010-3568) Miscalculation in the OpenType font rendering implementation caused out-of-bounds memory access, which could allow remote attackers to execute code with the privileges of the user running the java process. (CVE-2010-3567) JPEGImageWriter.writeImage in the imageio API improperly checked certain image metadata, which could allow a remote attacker to execute arbitrary code in the context of the user running the applet or application. (CVE-2010-3565) Double free in IndexColorModel could cause an untrusted applet or application to crash or, possibly, execute arbitrary code with the privileges of the user running the applet or application. (CVE-2010-3562) The privileged accept method of the ServerSocket class in the Common Object Request Broker Architecture (CORBA) implementation in OpenJDK allowed it to receive connections from any host, instead of just the host of the current connection. An attacker could use this flaw to bypass restrictions defined by network permissions. (CVE-2010-3561) Flaws in the Swing library could allow an untrusted application to modify the behavior and state of certain JDK classes. (CVE-2010-3557) Flaws in the CORBA implementation could allow an attacker to execute arbitrary code by misusing permissions granted to certain system objects. (CVE-2010-3554) UIDefault.ProxyLazyValue had unsafe reflection usage, allowing untrusted callers to create objects via ProxyLazyValue values. (CVE-2010-3553) HttpURLConnection improperly handled the last seen 2020-06-01 modified 2020-06-02 plugin id 60892 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60892 title Scientific Linux Security Update : java-1.6.0-openjdk on SL6.x i386/x86_64 NASL family SuSE Local Security Checks NASL id SUSE_11_1_FIREFOX35UPGRADE-100407.NASL description This patch updates Mozilla Firefox from the 3.0 stable branch to the 3.5.9 release. It includes also following security fixes: MFSA 2010-16: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. References Martijn Wargers, Josh Soref, and Jesse Ruderman reported crashes in the browser engine that affected Firefox 3.5 and Firefox 3.6. (CVE-2010-0173) Jesse Ruderman and Ehsan Akhgari reported crashes that affected all supported versions of the browser engine. (CVE-2010-0174) MFSA 2010-17 / CVE-2010-0175: Security researcher regenrecht reported via TippingPoint last seen 2020-06-01 modified 2020-06-02 plugin id 45525 published 2010-04-14 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/45525 title openSUSE Security Update : firefox35upgrade (firefox35upgrade-2262) NASL family SuSE Local Security Checks NASL id SUSE_11_JAVA-1_4_2-IBM-100510.NASL description IBM Java 1.4.2 was updated to Version U13 FP 4 iFixes, to fix the SSL renegotiation flaw reported via CVE-2009-3555. Also, SAP installer related bugs have been fixed. last seen 2020-06-01 modified 2020-06-02 plugin id 51604 published 2011-01-21 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/51604 title SuSE 11 / 11.1 Security Update : IBM Java 1.4.2 (SAT Patch Numbers 2413 / 2483) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_9CCFEE393C3B11DF9EDC000F20797EDE.NASL description Mozilla Project reports : MFSA 2010-24 XMLDocument::load() doesn last seen 2020-06-01 modified 2020-06-02 plugin id 45382 published 2010-03-31 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/45382 title FreeBSD : mozilla -- multiple vulnerabilities (9ccfee39-3c3b-11df-9edc-000f20797ede) NASL family SuSE Local Security Checks NASL id SUSE_11_2_MOZILLATHUNDERBIRD-100406.NASL description Mozilla Thunderbird was updated to version 3.0.4 fixing lots of bugs and security issues. Following security issues were fixed: MFSA 2010-16: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. References Martijn Wargers, Josh Soref, and Jesse Ruderman reported crashes in the browser engine that affected Firefox 3.5 and Firefox 3.6. (CVE-2010-0173) Jesse Ruderman and Ehsan Akhgari reported crashes that affected all supported versions of the browser engine. (CVE-2010-0174) MFSA 2010-17 / CVE-2010-0175: Security researcher regenrecht reported via TippingPoint last seen 2020-06-01 modified 2020-06-02 plugin id 45495 published 2010-04-13 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/45495 title openSUSE Security Update : MozillaThunderbird (openSUSE-SU-2010:0102-2) NASL family SuSE Local Security Checks NASL id SUSE_11_1_MOZILLA-XULRUNNER190-100407.NASL description This patch updates Mozilla XULRunner 3.0 engine the 1.9.0.19 release. It includes also following security fixes: MFSA 2010-16: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. References Martijn Wargers, Josh Soref, and Jesse Ruderman reported crashes in the browser engine that affected Firefox 3.5 and Firefox 3.6. (CVE-2010-0173) Jesse Ruderman and Ehsan Akhgari reported crashes that affected all supported versions of the browser engine. (CVE-2010-0174) MFSA 2010-17 / CVE-2010-0175: Security researcher regenrecht reported via TippingPoint last seen 2020-06-01 modified 2020-06-02 plugin id 45526 published 2010-04-14 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/45526 title openSUSE Security Update : mozilla-xulrunner190 (mozilla-xulrunner190-2261) NASL family SuSE Local Security Checks NASL id SUSE_11_0_FIREFOX35UPGRADE-100407.NASL description This patch updates Mozilla Firefox from the 3.0 stable branch to the 3.5.9 release. It includes also following security fixes: MFSA 2010-16: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. References Martijn Wargers, Josh Soref, and Jesse Ruderman reported crashes in the browser engine that affected Firefox 3.5 and Firefox 3.6. (CVE-2010-0173) Jesse Ruderman and Ehsan Akhgari reported crashes that affected all supported versions of the browser engine. (CVE-2010-0174) MFSA 2010-17 / CVE-2010-0175: Security researcher regenrecht reported via TippingPoint last seen 2020-06-01 modified 2020-06-02 plugin id 45522 published 2010-04-14 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/45522 title openSUSE Security Update : firefox35upgrade (firefox35upgrade-2262) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1010-1.NASL description Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user last seen 2020-06-01 modified 2020-06-02 plugin id 50410 published 2010-10-29 reporter Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/50410 title Ubuntu 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : openjdk-6, openjdk-6b18 vulnerabilities (USN-1010-1) NASL family Solaris Local Security Checks NASL id SOLARIS10_125437.NASL description Oracle iPlanet Web Server 7.0.12 Solaris: Update Release patch. Date this patch was last updated by Sun : Aug/19/11 This plugin has been deprecated and either replaced with individual 125437 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 26988 published 2007-10-12 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=26988 title Solaris 10 (sparc) : 125437-22 (deprecated) NASL family Fedora Local Security Checks NASL id FEDORA_2009-12750.NASL description - Fri Dec 4 2009 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.7.64-1 - Update to new stable 0.7.64 - Thu Oct 29 2009 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.7.63-1 - Update to new stable 0.7.63 - reinstate zlib dependency Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 43032 published 2009-12-08 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/43032 title Fedora 12 : nginx-0.7.64-1.fc12 (2009-12750) NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2010-001.NASL description The remote host is running a version of Mac OS X 10.6 or 10.5 that does not have Security Update 2010-001 applied. This security update contains fixes for the following products : - CoreAudio - CUPS - Flash Player plug-in - ImageIO - Image RAW - OpenSSL last seen 2020-06-01 modified 2020-06-02 plugin id 44095 published 2010-01-20 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/44095 title Mac OS X Multiple Vulnerabilities (Security Update 2010-001) NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0020_OPENSSL098E.NASL description The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has openssl098e packages installed that are affected by multiple vulnerabilities: - OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. (CVE-2006-2937) - OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) public exponent or (2) public modulus values in X.509 certificates that require extra time to process when using RSA signature verification. (CVE-2006-2940) - Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers. (CVE-2006-3738) - OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1. (CVE-2006-4339) - The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference. (CVE-2006-4343) - The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys. (CVE-2007-3108) - Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f allows remote attackers to execute arbitrary code via unspecified vectors. (CVE-2007-4995) - Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible. (CVE-2007-5135) - OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys. (CVE-2008-5077) - The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length. (CVE-2009-0590) - The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of future epoch DTLS records that are buffered in a queue, aka DTLS record buffer limitation bug. (CVE-2009-1377) - Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka DTLS fragment handling memory leak. (CVE-2009-1378) - Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS packet, as demonstrated by a packet from a server that uses a crafted server certificate. (CVE-2009-1379) - ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello. (CVE-2009-1386) - The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of- sequence DTLS handshake message, related to a fragment bug. (CVE-2009-1387) - The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large. (CVE-2009-2409) - OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, which has unspecified impact and context-dependent attack vectors. (CVE-2009-3245) - The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post- renegotiation context, related to a plaintext injection attack, aka the Project Mogul issue. (CVE-2009-3555) - Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678. (CVE-2009-4355) - The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot. (CVE-2010-0433) - The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. (CVE-2012-2110) - The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the- middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a CRIME attack. (CVE-2012-4929) - OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key. (CVE-2013-0166) - The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side- channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the Lucky Thirteen issue. (CVE-2013-0169) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 127177 published 2019-08-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127177 title NewStart CGSL CORE 5.04 / MAIN 5.04 : openssl098e Multiple Vulnerabilities (NS-SA-2019-0020) NASL family SuSE Local Security Checks NASL id SUSE_COMPAT-OPENSSL097G-7645.NASL description This update adds openssl patches since 2007 for : - CVE-2009-0590 - CVE-2008-5077 - CVE-2009-0789 - CVE-2009-3555 - CVE-2010-4180 last seen 2020-06-01 modified 2020-06-02 plugin id 57170 published 2011-12-13 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57170 title SuSE 10 Security Update : compat-openssl097g (ZYPP Patch Number 7645) NASL family Solaris Local Security Checks NASL id SOLARIS9_128640.NASL description Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 9.2.4, 10.0.2, 10.3.5, 10.3.6 and 12.1.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. last seen 2020-06-01 modified 2020-06-02 plugin id 35419 published 2009-01-19 reporter This script is Copyright (C) 2009-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/35419 title Solaris 9 (sparc) : 128640-30 NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2010-0786.NASL description Updated java-1.4.2-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The IBM 1.4.2 SR13-FP6 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. These vulnerabilities are summarized on the IBM last seen 2020-06-01 modified 2020-06-02 plugin id 50078 published 2010-10-21 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/50078 title RHEL 3 / 4 / 5 : java-1.4.2-ibm (RHSA-2010:0786) NASL family SuSE Local Security Checks NASL id SUSE_11_0_MOZILLA-XULRUNNER190-100407.NASL description This patch updates Mozilla XULRunner 3.0 engine the 1.9.0.19 release. It includes also following security fixes: MFSA 2010-16: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. References Martijn Wargers, Josh Soref, and Jesse Ruderman reported crashes in the browser engine that affected Firefox 3.5 and Firefox 3.6. (CVE-2010-0173) Jesse Ruderman and Ehsan Akhgari reported crashes that affected all supported versions of the browser engine. (CVE-2010-0174) MFSA 2010-17 / CVE-2010-0175: Security researcher regenrecht reported via TippingPoint last seen 2020-06-01 modified 2020-06-02 plugin id 45523 published 2010-04-14 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/45523 title openSUSE Security Update : mozilla-xulrunner190 (mozilla-xulrunner190-2261) NASL family SuSE Local Security Checks NASL id SUSE_11_COMPAT-OPENSSL097G-091113.NASL description The TLS/SSLv3 protocol as implemented in openssl prior to this update was not able to associate data to a renegotiated connection. This allowed man-in-the-middle attackers to inject HTTP requests in a HTTPS session without being noticed. For example Apache last seen 2020-06-01 modified 2020-06-02 plugin id 42829 published 2009-11-17 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42829 title SuSE 11 Security Update : OpenSSL (SAT Patch Number 1544) NASL family SuSE Local Security Checks NASL id SUSE_11_MOZILLAFIREFOX-100407.NASL description Mozilla Firefox was updated to version 3.5.9 fixing lots of bugs and security issues. The following security issues were fixed : - Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2010-16) References Martijn Wargers, Josh Soref, and Jesse Ruderman reported crashes in the browser engine that affected Firefox 3.5 and Firefox 3.6. (CVE-2010-0173) Jesse Ruderman and Ehsan Akhgari reported crashes that affected all supported versions of the browser engine. (CVE-2010-0174) - Security researcher regenrecht reported via TippingPoint last seen 2020-06-01 modified 2020-06-02 plugin id 52686 published 2011-03-17 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/52686 title SuSE 11 Security Update : MozillaFirefox, MozillaFirefox-branding-upstream, etc (SAT Patch Number 2254) NASL family SuSE Local Security Checks NASL id SUSE_11_LIBOPENSSL-DEVEL-091112.NASL description The TLS/SSLv3 protocol as implemented in openssl prior to this update was not able to associate data to a renegotiated connection. This allowed man-in-the-middle attackers to inject HTTP requests in a HTTPS session without being noticed. For example Apache last seen 2020-06-01 modified 2020-06-02 plugin id 42830 published 2009-11-17 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42830 title SuSE 11 Security Update : libopenssl (SAT Patch Number 1540) NASL family SuSE Local Security Checks NASL id SUSE_11_1_LIBOPENSSL-DEVEL-091112.NASL description The TLS/SSLv3 protocol as implemented in openssl prior to this update was not able to associate data to a renegotiated connection. This allowed man-in-the-middle attackers to inject HTTP requests in a HTTPS session without being noticed. For example Apache last seen 2020-06-01 modified 2020-06-02 plugin id 42854 published 2009-11-19 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42854 title openSUSE Security Update : libopenssl-devel (libopenssl-devel-1554) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2010-0165.NASL description Updated nss packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSLv2, SSLv3, TLS, and other security standards. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. These facilities include threads, thread synchronization, normal file and network I/O, interval timing, calendar time, basic memory management (malloc and free), and shared library linking. A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handled session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client last seen 2020-06-01 modified 2020-06-02 plugin id 45364 published 2010-03-29 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/45364 title CentOS 4 / 5 : nss (CESA-2010:0165) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2009-1580.NASL description Updated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handle session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client last seen 2020-06-01 modified 2020-06-02 plugin id 42470 published 2009-11-12 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/42470 title RHEL 4 : httpd (RHSA-2009:1580) NASL family Databases NASL id DB2_97FP2.NASL description According to its version, the installation of IBM DB2 9.7 running on the remote host is affected by one or more of the following issues : - The last seen 2020-06-01 modified 2020-06-02 plugin id 46766 published 2010-06-01 reporter This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/46766 title IBM DB2 9.7 < Fix Pack 2 Multiple Vulnerabilities NASL family Web Servers NASL id APACHE_2_2_15.NASL description According to its banner, the version of Apache 2.2.x running on the remote host is prior to 2.2.15. It is, therefore, potentially affected by multiple vulnerabilities : - A TLS renegotiation prefix injection attack is possible. (CVE-2009-3555) - The last seen 2020-06-01 modified 2020-06-02 plugin id 45004 published 2010-10-20 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/45004 title Apache 2.2.x < 2.2.15 Multiple Vulnerabilities NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2626.NASL description Several vulnerabilities were discovered in the TLS/SSL protocol. This update addresses these protocol vulnerabilities in lighttpd. - CVE-2009-3555 Marsh Ray, Steve Dispensa, and Martin Rex discovered that the TLS and SSLv3 protocols do not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions. This issue is solved in lighttpd by disabling client initiated renegotiation by default. Those users that do actually need such renegotiations, can reenable them via the new last seen 2020-03-17 modified 2013-02-18 plugin id 64662 published 2013-02-18 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/64662 title Debian DSA-2626-1 : lighttpd - several issues NASL family SuSE Local Security Checks NASL id SUSE_JAVA-1_6_0-IBM-7312.NASL description IBM Java 6 SR9 was released, fixing a lot of security issues. IBM JDK Alerts can also be found on this page: http://www.ibm.com/developerworks/java/jdk/alerts/ last seen 2020-06-01 modified 2020-06-02 plugin id 51750 published 2011-01-27 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/51750 title SuSE 10 Security Update : IBM Java 6 SR9 (ZYPP Patch Number 7312) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2010-0162.NASL description From Red Hat Security Advisory 2010:0162 : Updated openssl packages that fix several security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was discovered that OpenSSL did not always check the return value of the bn_wexpand() function. An attacker able to trigger a memory allocation failure in that function could cause an application using the OpenSSL library to crash or, possibly, execute arbitrary code. (CVE-2009-3245) A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handled session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client last seen 2020-06-01 modified 2020-06-02 plugin id 68016 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68016 title Oracle Linux 5 : openssl (ELSA-2010-0162) NASL family SuSE Local Security Checks NASL id SUSE9_12659.NASL description This update brings IBM Java 5 to Service Release 12 Fixpack 2. It fixes quite a large number of security problems and other bugs. The security issues are tracked by the following CVE ids : - CVE-2010-1321 CVE-2010-3541 CVE-2010-3548 CVE-2010-3549 CVE-2010-3550 CVE-2010-3551 CVE-2010-3556 CVE-2010-3559 CVE-2010-3562 CVE-2010-3565 CVE-2010-3566 CVE-2010-3568 CVE-2010-3569 CVE-2010-3572 CVE-2010-3573 CVE-2010-3574. (CVE-2009-3555) last seen 2020-06-01 modified 2020-06-02 plugin id 50854 published 2010-12-01 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/50854 title SuSE9 Security Update : IBM Java 5 JRE and SDK (YOU Patch Number 12659) NASL family SuSE Local Security Checks NASL id SUSE_MOZILLA-NSPR-6977.NASL description Mozilla NSS was updated to version 3.12.6. This fixes all currently known issues in mozilla-nss, and also implements the new TLS/SSL renegotiation handling. (CVE-2009-3555) last seen 2020-06-01 modified 2020-06-02 plugin id 45499 published 2010-04-13 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/45499 title SuSE 10 Security Update : Mozilla NSS (ZYPP Patch Number 6977) NASL family SuSE Local Security Checks NASL id SUSE_11_1_COMPAT-OPENSSL097G-091113.NASL description The TLS/SSLv3 protocol as implemented in openssl prior to this update was not able to associate data to a renegotiated connection. This allowed man-in-the-middle attackers to inject HTTP requests in a HTTPS session without being noticed. For example Apache last seen 2020-06-01 modified 2020-06-02 plugin id 42838 published 2009-11-18 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42838 title openSUSE Security Update : compat-openssl097g (compat-openssl097g-1548) NASL family SuSE Local Security Checks NASL id SUSE_MOZILLA-NSS-6978.NASL description Mozilla NSS was updated to version 3.12.6. This fixes all currently known issues in mozilla-nss, and also implements the new TLS/SSL renegotiation handling. (CVE-2009-3555) last seen 2020-06-01 modified 2020-06-02 plugin id 49896 published 2010-10-11 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/49896 title SuSE 10 Security Update : Mozilla NSS (ZYPP Patch Number 6978) NASL family Scientific Linux Local Security Checks NASL id SL_20101013_JAVA_1_6_0_OPENJDK_ON_SL5_X.NASL description defaultReadObject of the Serialization API could be tricked into setting a volatile field multiple times, which could allow a remote attacker to execute arbitrary code with the privileges of the user running the applet or application. (CVE-2010-3569) Race condition in the way objects were deserialized could allow an untrusted applet or application to misuse the privileges of the user running the applet or application. (CVE-2010-3568) Miscalculation in the OpenType font rendering implementation caused out-of-bounds memory access, which could allow remote attackers to execute code with the privileges of the user running the java process. (CVE-2010-3567) JPEGImageWriter.writeImage in the imageio API improperly checked certain image metadata, which could allow a remote attacker to execute arbitrary code in the context of the user running the applet or application. (CVE-2010-3565) Double free in IndexColorModel could cause an untrusted applet or application to crash or, possibly, execute arbitrary code with the privileges of the user running the applet or application. (CVE-2010-3562) The privileged accept method of the ServerSocket class in the Common Object Request Broker Architecture (CORBA) implementation in OpenJDK allowed it to receive connections from any host, instead of just the host of the current connection. An attacker could use this flaw to bypass restrictions defined by network permissions. (CVE-2010-3561) Flaws in the Swing library could allow an untrusted application to modify the behavior and state of certain JDK classes. (CVE-2010-3557) Flaws in the CORBA implementation could allow an attacker to execute arbitrary code by misusing permissions granted to certain system objects. (CVE-2010-3554) UIDefault.ProxyLazyValue had unsafe reflection usage, allowing untrusted callers to create objects via ProxyLazyValue values. (CVE-2010-3553) HttpURLConnection improperly handled the last seen 2020-06-01 modified 2020-06-02 plugin id 60868 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60868 title Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x i386/x86_64 NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3253.NASL description Pound, a HTTP reverse proxy and load balancer, had several issues related to vulnerabilities in the Secure Sockets Layer (SSL) protocol. For Debian 7 (wheezy) this update adds a missing part to make it actually possible to disable client-initiated renegotiation and disables it by default (CVE-2009-3555 ). TLS compression is disabled (CVE-2012-4929 ), although this is normally already disabled by the OpenSSL system library. Finally it adds the ability to disable the SSLv3 protocol (CVE-2014-3566 ) entirely via the new last seen 2020-06-01 modified 2020-06-02 plugin id 83306 published 2015-05-11 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/83306 title Debian DSA-3253-1 : pound - security update (POODLE) NASL family Databases NASL id DB2_9FP9.NASL description According to its version, the installation of IBM DB2 9.1 running on the remote host is affected by one or more of the following issues : - The last seen 2020-06-01 modified 2020-06-02 plugin id 46173 published 2010-04-28 reporter This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/46173 title IBM DB2 9.1 < Fix Pack 9 Multiple Vulnerabilities NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201206-18.NASL description The remote host is affected by the vulnerability described in GLSA-201206-18 (GnuTLS: Multiple vulnerabilities) Multiple vulnerabilities have been found in GnuTLS: An error in libgnutls does not properly sanitize last seen 2020-06-01 modified 2020-06-02 plugin id 59671 published 2012-06-25 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/59671 title GLSA-201206-18 : GnuTLS: Multiple vulnerabilities NASL family MacOS X Local Security Checks NASL id MACOSX_JAVA_10_5_UPDATE8.NASL description The remote Mac OS X host is running a version of Java for Mac OS X 10.5 that is missing Update 8. The remote version of this software contains several security vulnerabilities, including some that may allow untrusted Java applets or applications to obtain elevated privileges and lead to execution of arbitrary code with the privileges of the current user outside the Java sandbox. last seen 2020-03-18 modified 2010-10-20 plugin id 50072 published 2010-10-20 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/50072 title Mac OS X : Java for Mac OS X 10.5 Update 8 NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200912-01.NASL description The remote host is affected by the vulnerability described in GLSA-200912-01 (OpenSSL: Multiple vulnerabilities) Multiple vulnerabilities have been reported in OpenSSL: Marsh Ray of PhoneFactor and Martin Rex of SAP independently reported that the TLS protocol does not properly handle session renegotiation requests (CVE-2009-3555). The MD2 hash algorithm is no longer considered to be cryptographically strong, as demonstrated by Dan Kaminsky. Certificates using this algorithm are no longer accepted (CVE-2009-2409). Daniel Mentz and Robin Seggelmann reported the following vulnerabilities related to DTLS: A use-after-free flaw (CVE-2009-1379) and a NULL pointer dereference (CVE-2009-1387) in the dtls1_retrieve_buffered_fragment() function in src/d1_both.c, multiple memory leaks in the dtls1_process_out_of_seq_message() function in src/d1_both.c (CVE-2009-1378), and a processing error related to a large amount of DTLS records with a future epoch in the dtls1_buffer_record() function in ssl/d1_pkt.c (CVE-2009-1377). Impact : A remote unauthenticated attacker, acting as a Man in the Middle, could inject arbitrary plain text into a TLS session, possibly leading to the ability to send requests as if authenticated as the victim. A remote attacker could furthermore send specially crafted DTLS packages to a service using OpenSSL for DTLS support, possibly resulting in a Denial of Service. Also, a remote attacker might be able to create rogue certificates, facilitated by a MD2 collision. NOTE: The amount of computation needed for this attack is still very large. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 42968 published 2009-12-02 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42968 title GLSA-200912-01 : OpenSSL: Multiple vulnerabilities NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201309-15.NASL description The remote host is affected by the vulnerability described in GLSA-201309-15 (ProFTPD: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in ProFTPD. Please review the CVE identifiers referenced below for details. Impact : A context-dependent attacker could possibly execute arbitrary code with the privileges of the process, perform man-in-the-middle attacks to spoof arbitrary SSL servers, cause a Denial of Service condition, or read and modify arbitrary files. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 70111 published 2013-09-25 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/70111 title GLSA-201309-15 : ProFTPD: Multiple vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_11_MOZILLAFIREFOX-100406.NASL description Mozilla Firefox was updated to version 3.5.9 fixing lots of bugs and security issues. The following security issues were fixed : - Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2010-16) References Martijn Wargers, Josh Soref, and Jesse Ruderman reported crashes in the browser engine that affected Firefox 3.5 and Firefox 3.6. (CVE-2010-0173) Jesse Ruderman and Ehsan Akhgari reported crashes that affected all supported versions of the browser engine. (CVE-2010-0174) - Security researcher regenrecht reported via TippingPoint last seen 2020-06-01 modified 2020-06-02 plugin id 50872 published 2010-12-02 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/50872 title SuSE 11 Security Update : MozillaFirefox, MozillaFirefox-branding-upstream, etc (SAT Patch Number 2254) NASL family Fedora Local Security Checks NASL id FEDORA_2010-6039.NASL description Add latest security patches. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 47411 published 2010-07-01 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47411 title Fedora 11 : java-1.6.0-openjdk-1.6.0.0-34.b17.fc11 (2010-6039) NASL family SuSE Local Security Checks NASL id SUSE_11_2_GNUTLS-101206.NASL description This update fixes the safe renegotiation testing code which was missing in the previous update for CVE-2009-3555. last seen 2020-06-01 modified 2020-06-02 plugin id 53729 published 2011-05-05 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/53729 title openSUSE Security Update : gnutls (openSUSE-SU-2010:1025-2) NASL family SuSE Local Security Checks NASL id SUSE_JAVA-1_4_2-IBM-7036.NASL description IBM Java 1.4.2 was updated to version U13 FP 4 iFixes to fix the SSL renegotiation flaw reported as CVE-2009-3555, as well as SAP installer related bugs. last seen 2020-06-01 modified 2020-06-02 plugin id 59119 published 2012-05-17 reporter This script is Copyright (C) 2012-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/59119 title SuSE 10 Security Update : IBM Java 1.4.2 (ZYPP Patch Number 7036) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2010-0865.NASL description Updated java-1.6.0-openjdk packages that fix several security issues and two bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. defaultReadObject of the Serialization API could be tricked into setting a volatile field multiple times, which could allow a remote attacker to execute arbitrary code with the privileges of the user running the applet or application. (CVE-2010-3569) Race condition in the way objects were deserialized could allow an untrusted applet or application to misuse the privileges of the user running the applet or application. (CVE-2010-3568) Miscalculation in the OpenType font rendering implementation caused out-of-bounds memory access, which could allow remote attackers to execute code with the privileges of the user running the java process. (CVE-2010-3567) JPEGImageWriter.writeImage in the imageio API improperly checked certain image metadata, which could allow a remote attacker to execute arbitrary code in the context of the user running the applet or application. (CVE-2010-3565) Double free in IndexColorModel could cause an untrusted applet or application to crash or, possibly, execute arbitrary code with the privileges of the user running the applet or application. (CVE-2010-3562) The privileged accept method of the ServerSocket class in the Common Object Request Broker Architecture (CORBA) implementation in OpenJDK allowed it to receive connections from any host, instead of just the host of the current connection. An attacker could use this flaw to bypass restrictions defined by network permissions. (CVE-2010-3561) Flaws in the Swing library could allow an untrusted application to modify the behavior and state of certain JDK classes. (CVE-2010-3557) Flaws in the CORBA implementation could allow an attacker to execute arbitrary code by misusing permissions granted to certain system objects. (CVE-2010-3554) UIDefault.ProxyLazyValue had unsafe reflection usage, allowing untrusted callers to create objects via ProxyLazyValue values. (CVE-2010-3553) HttpURLConnection improperly handled the last seen 2020-06-01 modified 2020-06-02 plugin id 50637 published 2010-11-18 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/50637 title RHEL 6 : java-1.6.0-openjdk (RHSA-2010:0865) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2010-0166.NASL description Updated gnutls packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handled session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client last seen 2020-06-01 modified 2020-06-02 plugin id 46277 published 2010-05-11 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/46277 title RHEL 5 : gnutls (RHSA-2010:0166) NASL family Windows NASL id OPENOFFICE_321.NASL description The version of Oracle OpenOffice.org installed on the remote host is prior to 3.2.1. It is, therefore, affected by several issues : - There is a TLS/SSL renegotiation vulnerability in the included third-party OpenSSL library. (CVE-2009-3555) - There is a python scripting vulnerability that could lead to undesired code execution when using the OpenOffice scripting IDE. (CVE-2010-0395) last seen 2020-06-01 modified 2020-06-02 plugin id 46814 published 2010-06-07 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/46814 title Oracle OpenOffice.org < 3.2.1 Multiple Vulnerabilities NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201311-13.NASL description The remote host is affected by the vulnerability described in GLSA-201311-13 (OpenVPN: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in OpenVPN. Please review the CVE identifiers referenced below for details. Impact : A remote attacker may be able to recover plaintext from an encrypted communication. Another vulnerability could allow remote attacker perform a Man-in-the-Middle attack. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 70997 published 2013-11-21 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/70997 title GLSA-201311-13 : OpenVPN: Multiple vulnerabilities NASL family MacOS X Local Security Checks NASL id MACOSX_JAVA_10_5_UPDATE7.NASL description The remote Mac OS X host is running a version of Java for Mac OS X 10.5 that is missing Update 7. The remote version of this software contains several security vulnerabilities, including some that may allow untrusted Java applets to obtain elevated privileges and lead to execution of arbitrary code with the privileges of the current user. last seen 2020-03-18 modified 2010-05-19 plugin id 46673 published 2010-05-19 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/46673 title Mac OS X : Java for Mac OS X 10.5 Update 7 NASL family SuSE Local Security Checks NASL id SUSE_MOZILLA-XULRUNNER190-6976.NASL description Mozilla XULRunner was updated to version 1.9.0.19 fixing lots of bugs and security issues. The following security issues were fixed : - Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2010-16) References Martijn Wargers, Josh Soref, and Jesse Ruderman reported crashes in the browser engine that affected Firefox 3.5 and Firefox 3.6. (CVE-2010-0173) Jesse Ruderman and Ehsan Akhgari reported crashes that affected all supported versions of the browser engine. (CVE-2010-0174) - Security researcher regenrecht reported via TippingPoint last seen 2020-06-01 modified 2020-06-02 plugin id 45500 published 2010-04-13 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/45500 title SuSE 10 Security Update : Mozilla XULRunner (ZYPP Patch Number 6976) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2010-0339.NASL description Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE) contains the software and tools that users need to run applications written using the Java programming language. A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handle session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client last seen 2020-06-01 modified 2020-06-02 plugin id 46873 published 2010-06-14 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/46873 title CentOS 5 : java-1.6.0-openjdk (CESA-2010:0339) NASL family SuSE Local Security Checks NASL id SUSE_11_2_GNUTLS-101025.NASL description The SSL-renegotiation last seen 2020-06-01 modified 2020-06-02 plugin id 53728 published 2011-05-05 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/53728 title openSUSE Security Update : gnutls (openSUSE-SU-2010:1025-1) NASL family SuSE Local Security Checks NASL id SUSE_11_LIBFREEBL3-100406.NASL description Mozilla NSS was updated to version 3.12.6. This fixes all currently known issues in mozilla-nss, and also implements the new TLS/SSL renegotiation handling. (CVE-2009-3555) last seen 2020-06-01 modified 2020-06-02 plugin id 50930 published 2010-12-02 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/50930 title SuSE 11 Security Update : Mozilla (SAT Patch Number 2239) NASL family Fedora Local Security Checks NASL id FEDORA_2010-3905.NASL description Update to NSS 3.12.6 The primary feature of NSS 3.12.6 is support for the TLS Renegotiation Indication Extension, RFC 5746. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 47330 published 2010-07-01 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47330 title Fedora 11 : nss-3.12.6-1.2.fc11 (2010-3905) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2010-0337.NASL description Updated java-1.6.0-sun packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. This update fixes several vulnerabilities in the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. Further information about these flaws can be found on the last seen 2020-06-01 modified 2020-06-02 plugin id 46293 published 2010-05-11 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/46293 title RHEL 4 / 5 : java-1.6.0-sun (RHSA-2010:0337) NASL family Web Servers NASL id NGINX_0_7_64.NASL description According to the self-reported version in its response header, the version of nginx hosted on the remote web server is less than 0.7.64 or 0.8.x prior to 0.8.23. It is, therefore, affected by multiple vulnerabilities as noted in the vendor advisory. last seen 2020-05-09 modified 2018-03-09 plugin id 107262 published 2018-03-09 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107262 title nginx < 0.7.64 / 0.8.x < 0.8.23 Multiple Vulnerabilities NASL family Windows NASL id MOZILLA_THUNDERBIRD_304.NASL description The installed version of Thunderbird is earlier than 3.0.4. Such versions are potentially affected by the following security issues : - Multiple crashes can result in arbitrary code execution. (MFSA 2010-16) - A select event handler for XUL tree items can be called after the item is deleted. (MFSA 2010-17) - An error exists in the way last seen 2020-06-01 modified 2020-06-02 plugin id 45394 published 2010-03-31 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/45394 title Mozilla Thunderbird < 3.0.4 Multiple Vulnerabilities NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2009-1579.NASL description Updated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handle session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client last seen 2020-06-01 modified 2020-06-02 plugin id 42469 published 2009-11-12 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/42469 title RHEL 3 / 5 : httpd (RHSA-2009:1579) NASL family Fedora Local Security Checks NASL id FEDORA_2010-1127.NASL description Update to 3.12.5 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 47232 published 2010-07-01 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47232 title Fedora 12 : nss-3.12.5-8.fc12 (2010-1127) NASL family VMware ESX Local Security Checks NASL id VMWARE_VMSA-2011-0003.NASL description a. vCenter Server and vCenter Update Manager update Microsoft SQL Server 2005 Express Edition to Service Pack 3 Microsoft SQL Server 2005 Express Edition (SQL Express) distributed with vCenter Server 4.1 Update 1 and vCenter Update Manager 4.1 Update 1 is upgraded from SQL Express Service Pack 2 to SQL Express Service Pack 3, to address multiple security issues that exist in the earlier releases of Microsoft SQL Express. Customers using other database solutions need not update for these issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-5416, CVE-2008-0085, CVE-2008-0086, CVE-2008-0107 and CVE-2008-0106 to the issues addressed in MS SQL Express Service Pack 3. b. vCenter Apache Tomcat Management Application Credential Disclosure The Apache Tomcat Manager application configuration file contains logon credentials that can be read by unprivileged local users. The issue is resolved by removing the Manager application in vCenter 4.1 Update 1. If vCenter 4.1 is updated to vCenter 4.1 Update 1 the logon credentials are not present in the configuration file after the update. VMware would like to thank Claudio Criscione of Secure Networking for reporting this issue to us. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2010-2928 to this issue. c. vCenter Server and ESX, Oracle (Sun) JRE is updated to version 1.6.0_21 Oracle (Sun) JRE update to version 1.6.0_21, which addresses multiple security issues that existed in earlier releases of Oracle (Sun) JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Oracle (Sun) JRE 1.6.0_19: CVE-2009-3555, CVE-2010-0082, CVE-2010-0084, CVE-2010-0085, CVE-2010-0087, CVE-2010-0088, CVE-2010-0089, CVE-2010-0090, CVE-2010-0091, CVE-2010-0092, CVE-2010-0093, CVE-2010-0094, CVE-2010-0095, CVE-2010-0837, CVE-2010-0838, CVE-2010-0839, CVE-2010-0840, CVE-2010-0841, CVE-2010-0842, CVE-2010-0843, CVE-2010-0844, CVE-2010-0845, CVE-2010-0846, CVE-2010-0847, CVE-2010-0848, CVE-2010-0849, CVE-2010-0850. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following name to the security issue fixed in Oracle (Sun) JRE 1.6.0_20: CVE-2010-0886. d. vCenter Update Manager Oracle (Sun) JRE is updated to version 1.5.0_26 Oracle (Sun) JRE update to version 1.5.0_26, which addresses multiple security issues that existed in earlier releases of Oracle (Sun) JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Oracle (Sun) JRE 1.5.0_26: CVE-2010-3556, CVE-2010-3566, CVE-2010-3567, CVE-2010-3550, CVE-2010-3561, CVE-2010-3573, CVE-2010-3565,CVE-2010-3568, CVE-2010-3569, CVE-2009-3555, CVE-2010-1321, CVE-2010-3548, CVE-2010-3551, CVE-2010-3562, CVE-2010-3571, CVE-2010-3554, CVE-2010-3559, CVE-2010-3572, CVE-2010-3553, CVE-2010-3549, CVE-2010-3557, CVE-2010-3541, CVE-2010-3574. e. vCenter Server and ESX Apache Tomcat updated to version 6.0.28 Apache Tomcat updated to version 6.0.28, which addresses multiple security issues that existed in earlier releases of Apache Tomcat The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.24: CVE-2009-2693, CVE-2009-2901, CVE-2009-2902,i and CVE-2009-3548. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.28: CVE-2010-2227, CVE-2010-1157. f. vCenter Server third-party component OpenSSL updated to version 0.9.8n The version of the OpenSSL library in vCenter Server is updated to 0.9.8n. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-0740 and CVE-2010-0433 to the issues addressed in this version of OpenSSL. g. ESX third-party component OpenSSL updated to version 0.9.8p The version of the ESX OpenSSL library is updated to 0.9.8p. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-3864 and CVE-2010-2939 to the issues addressed in this update. h. ESXi third-party component cURL updated The version of cURL library in ESXi is updated. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-0734 to the issues addressed in this update. i. ESX third-party component pam_krb5 updated The version of pam_krb5 library is updated. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-3825 and CVE-2009-1384 to the issues addressed in the update. j. ESX third-party update for Service Console kernel The Service Console kernel is updated to include kernel version 2.6.18-194.11.1. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-1084, CVE-2010-2066, CVE-2010-2070, CVE-2010-2226, CVE-2010-2248, CVE-2010-2521, CVE-2010-2524, CVE-2010-0008, CVE-2010-0415, CVE-2010-0437, CVE-2009-4308, CVE-2010-0003, CVE-2010-0007, CVE-2010-0307, CVE-2010-1086, CVE-2010-0410, CVE-2010-0730, CVE-2010-1085, CVE-2010-0291, CVE-2010-0622, CVE-2010-1087, CVE-2010-1173, CVE-2010-1437, CVE-2010-1088, CVE-2010-1187, CVE-2010-1436, CVE-2010-1641, and CVE-2010-3081 to the issues addressed in the update. Notes : - The update also addresses the 64-bit compatibility mode stack pointer underflow issue identified by CVE-2010-3081. This issue was patched in an ESX 4.1 patch prior to the release of ESX 4.1 Update 1 and in a previous ESX 4.0 patch release. - The update also addresses CVE-2010-2240 for ESX 4.0. last seen 2020-06-01 modified 2020-06-02 plugin id 51971 published 2011-02-14 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/51971 title VMSA-2011-0003 : Third-party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX NASL family SuSE Local Security Checks NASL id SUSE_JAVA-1_5_0-IBM-7205.NASL description This update brings IBM Java 5 to Service Release 12 Fixpack 2. It fixes quite a large number of security problems and other bugs. The security issues are tracked by the following CVE ids: CVE-2009-3555 / CVE-2010-1321 / CVE-2010-3541 / CVE-2010-3548 / CVE-2010-3549 / CVE-2010-3550 / CVE-2010-3551 / CVE-2010-3556 / CVE-2010-3559 / CVE-2010-3562 / CVE-2010-3565 / CVE-2010-3566 / CVE-2010-3568 / CVE-2010-3569 / CVE-2010-3572 / CVE-2010-3573 / CVE-2010-3574 last seen 2020-06-01 modified 2020-06-02 plugin id 50968 published 2010-12-02 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/50968 title SuSE 10 Security Update : IBM Java 5 (ZYPP Patch Number 7205) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2010-0333.NASL description Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. Several use-after-free flaws were found in SeaMonkey. Visiting a web page containing malicious content could result in SeaMonkey executing arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-0175, CVE-2010-0176, CVE-2010-0177) Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-0174) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 46292 published 2010-05-11 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/46292 title RHEL 3 / 4 : seamonkey (RHSA-2010:0333) NASL family Scientific Linux Local Security Checks NASL id SL_20100325_NSS_ON_SL4_X.NASL description CVE-2009-3555 TLS: MITM attacks via session renegotiation A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handled session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client last seen 2020-06-01 modified 2020-06-02 plugin id 60755 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60755 title Scientific Linux Security Update : nss on SL4.x, SL5.x i386/x86_64 NASL family SuSE Local Security Checks NASL id SUSE9_12550.NASL description The TLS/SSLv3 protocol as implemented in openssl prior to this update was not able to associate data to a renegotiated connection. This allowed man-in-the-middle attackers to inject HTTP requests in a HTTPS session without being noticed. For example Apache last seen 2020-06-01 modified 2020-06-02 plugin id 42836 published 2009-11-18 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42836 title SuSE9 Security Update : OpenSSL (YOU Patch Number 12550) NASL family SuSE Local Security Checks NASL id SUSE_OPENSSL-6943.NASL description This update adds support for RFC5746 TLS renegotiations to address vulnerabilities tracked as (CVE-2009-3555). It also fixes a mishandling of OOM conditions in bn_wexpand. (CVE-2009-3245) last seen 2020-06-01 modified 2020-06-02 plugin id 45385 published 2010-03-31 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/45385 title SuSE 10 Security Update : OpenSSL (ZYPP Patch Number 6943) NASL family SuSE Local Security Checks NASL id SUSE_11_0_LIBFREEBL3-100407.NASL description Mozilla NSS was updated to version 3.12.6. This fixes all currently known issues in mozilla-nss, and also implements the new TLS/SSL renegotiation handling (CVE-2009-3555). last seen 2020-06-01 modified 2020-06-02 plugin id 45492 published 2010-04-13 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/45492 title openSUSE Security Update : libfreebl3 (openSUSE-SU-2010:0100-1) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2010-0164.NASL description Updated openssl097a packages that fix a security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handled session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client last seen 2020-06-01 modified 2020-06-02 plugin id 46275 published 2010-05-11 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/46275 title RHEL 5 : openssl097a (RHSA-2010:0164) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-927-6.NASL description USN-927-1 fixed vulnerabilities in NSS on Ubuntu 9.10. This update provides the corresponding updates for Ubuntu 9.04. Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user last seen 2020-06-01 modified 2020-06-02 plugin id 47821 published 2010-07-26 reporter Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47821 title Ubuntu 9.04 : nss vulnerability (USN-927-6) NASL family Fedora Local Security Checks NASL id FEDORA_2010-8742.NASL description This update fixes multiple bugs and security issues. It especially adds support for RFC5746. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 47509 published 2010-07-01 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47509 title Fedora 12 : openssl-1.0.0-4.fc12 (2010-8742) NASL family SuSE Local Security Checks NASL id SUSE_11_1_MOZILLAFIREFOX-BRANDING-OPENSUSE-100413.NASL description This patch updates the openSUSE Mozilla Branding to version 3.5. last seen 2020-06-01 modified 2020-06-02 plugin id 45524 published 2010-04-14 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/45524 title openSUSE Security Update : MozillaFirefox-branding-openSUSE (MozillaFirefox-branding-openSUSE-2281) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2010-0768.NASL description From Red Hat Security Advisory 2010:0768 : Updated java-1.6.0-openjdk packages that fix several security issues and two bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. defaultReadObject of the Serialization API could be tricked into setting a volatile field multiple times, which could allow a remote attacker to execute arbitrary code with the privileges of the user running the applet or application. (CVE-2010-3569) Race condition in the way objects were deserialized could allow an untrusted applet or application to misuse the privileges of the user running the applet or application. (CVE-2010-3568) Miscalculation in the OpenType font rendering implementation caused out-of-bounds memory access, which could allow remote attackers to execute code with the privileges of the user running the java process. (CVE-2010-3567) JPEGImageWriter.writeImage in the imageio API improperly checked certain image metadata, which could allow a remote attacker to execute arbitrary code in the context of the user running the applet or application. (CVE-2010-3565) Double free in IndexColorModel could cause an untrusted applet or application to crash or, possibly, execute arbitrary code with the privileges of the user running the applet or application. (CVE-2010-3562) The privileged accept method of the ServerSocket class in the Common Object Request Broker Architecture (CORBA) implementation in OpenJDK allowed it to receive connections from any host, instead of just the host of the current connection. An attacker could use this flaw to bypass restrictions defined by network permissions. (CVE-2010-3561) Flaws in the Swing library could allow an untrusted application to modify the behavior and state of certain JDK classes. (CVE-2010-3557) Flaws in the CORBA implementation could allow an attacker to execute arbitrary code by misusing permissions granted to certain system objects. (CVE-2010-3554) UIDefault.ProxyLazyValue had unsafe reflection usage, allowing untrusted callers to create objects via ProxyLazyValue values. (CVE-2010-3553) HttpURLConnection improperly handled the last seen 2020-06-01 modified 2020-06-02 plugin id 68117 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68117 title Oracle Linux 5 : java-1.6.0-openjdk (ELSA-2010-0768) NASL family Windows NASL id ORACLE_JAVA_CPU_OCT_2010.NASL description The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 6 Update 22 / 5.0 Update 26 / 1.4.2_28. Such versions are potentially affected by security issue in the following components : - CORBA - Deployment - Deployment Toolkit - Java 2D - Java Web Start - JNDI - JRE - JSSE - Kerberos - Networking - New Java Plug-in - Sound - Swing last seen 2020-06-01 modified 2020-06-02 plugin id 49996 published 2010-10-15 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/49996 title Oracle Java SE Multiple Vulnerabilities (October 2010 CPU) NASL family Solaris Local Security Checks NASL id SOLARIS10_143140-04.NASL description SunOS 5.10: ssh patch. Date this patch was last updated by Sun : Jun/18/10 last seen 2020-06-01 modified 2020-06-02 plugin id 107539 published 2018-03-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107539 title Solaris 10 (sparc) : 143140-04 NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2010-0162.NASL description Updated openssl packages that fix several security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was discovered that OpenSSL did not always check the return value of the bn_wexpand() function. An attacker able to trigger a memory allocation failure in that function could cause an application using the OpenSSL library to crash or, possibly, execute arbitrary code. (CVE-2009-3245) A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handled session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client last seen 2020-06-01 modified 2020-06-02 plugin id 45362 published 2010-03-29 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/45362 title CentOS 5 : openssl (CESA-2010:0162) NASL family Fedora Local Security Checks NASL id FEDORA_2010-16294.NASL description - Thu Oct 7 2010 Jiri Vanek <jvanek at redhat.com> -1:1.6.0-43.1.8.2 - Imports icedtea6-1.8.2 - changed Release versioning from openjdkver to icedteaver - Resolves: rhbz#533125 - Resolves: rhbz#639876 - Resolves: rhbz#639880 - Resolves: rhbz#639897 - Resolves: rhbz#639904 - Resolves: rhbz#639909 - Resolves: rhbz#639914 - Resolves: rhbz#639920 - Resolves: rhbz#639922 - Resolves: rhbz#639925 - Resolves: rhbz#639951 - Resolves: rhbz#6622002 - Resolves: rhbz#6623943 - Resolves: rhbz#6925672 - Resolves: rhbz#6952017 - Resolves: rhbz#6952603 - Resolves: rhbz#6961084 - Resolves: rhbz#6963285 - Resolves: rhbz#6980004 - Resolves: rhbz#6981426 - Resolves: rhbz#6990437 - Mon Jul 26 2010 Martin Matejovic <mmatejov at redhat.com> -1:1.6.0-42.b18 - Imports icedtea6-1.8.1 - Removed: java-1.6.0-openjdk-plugin.patch - Resolves: rhbz#616893 - Resolves: rhbz#616895 - Mon Jun 14 2010 Martin Matejovic <mmatejov at redhat.com> -1:1.6.0.-41.b18 - Fixed plugin update to IcedTeaPlugin.so - Fixed plugin cpu usage issue - Fixed plugin rewrites ? in URL - Added java-1.6.0-openjdk-plugin.patch - Resovles: rhbz#598353 - Resolves: rhbz#592553 - Resolves: rhbz#602906 - Fri Jun 11 2010 Martin Matejovic <mmatejov at redhat.com> - 1:1.6.0-40.b18 - Rebuild - Tue Jun 8 2010 Martin Matejovic <mmatejov at redhat.com> - 1:1.6.0-39.b18 - Added icedtea6-1.8 - Added openjdk b18 - Added visualvm_122 - Added netbeans-profiler-visualvm_release68_1.tar.gz - Added jdk6-jaf-2009_10_27.zip as SOURCE9 - Added jdk6-jaxp-2009_10_13.zip as SOURCE10 - Added jdk6-jaxws-2009_10_27.zip as SOURCE11 - Added java-1.6.0-openjdk-visualvm-update.patch - Removed java-1.6.0-openjdk-securitypatches-20100323.patch - Removed java-1.6.0-openjdk-linux-globals.patch - Removed java-1.6.0-openjdk-memory-barriers.patch - Resolved: rhbz#595191 - Resovles: rhbz#596850 - Resolves: rhbz#597134 - Resolves: rhbz#580432 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 50035 published 2010-10-20 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/50035 title Fedora 13 : java-1.6.0-openjdk-1.6.0.0-43.1.8.2.fc13 (2010-16294) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2010-0333.NASL description From Red Hat Security Advisory 2010:0333 : Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. Several use-after-free flaws were found in SeaMonkey. Visiting a web page containing malicious content could result in SeaMonkey executing arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-0175, CVE-2010-0176, CVE-2010-0177) Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-0174) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 68027 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68027 title Oracle Linux 3 / 4 : seamonkey (ELSA-2010-0333) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2010-0130.NASL description Updated java-1.5.0-ibm packages that fix a security issue are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handle session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client last seen 2020-06-01 modified 2020-06-02 plugin id 44974 published 2010-03-04 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/44974 title RHEL 4 / 5 : java-1.5.0-ibm (RHSA-2010:0130) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2010-0339.NASL description From Red Hat Security Advisory 2010:0339 : Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE) contains the software and tools that users need to run applications written using the Java programming language. A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handle session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client last seen 2020-06-01 modified 2020-06-02 plugin id 68028 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68028 title Oracle Linux 5 : java-1.6.0-openjdk (ELSA-2010-0339) NASL family SuSE Local Security Checks NASL id SUSE_11_0_JAVA-1_6_0-OPENJDK-100428.NASL description java-1_6_0-openjdk version 1.7.3 fixes serveral security issues : - CVE-2010-0837: JAR last seen 2020-06-01 modified 2020-06-02 plugin id 46187 published 2010-04-30 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/46187 title openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2010:0182-1) NASL family SuSE Local Security Checks NASL id SUSE_11_1_LIBOPENSSL-DEVEL-100331.NASL description This openssl update adds support for RFC5746 TLS renegotiations to address vulnerabilities tracked as (CVE-2009-3555). It also fixes a mishandling of OOM conditions in bn_wexpand (CVE-2009-3245). last seen 2020-06-01 modified 2020-06-02 plugin id 45460 published 2010-04-09 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/45460 title openSUSE Security Update : libopenssl-devel (libopenssl-devel-2232) NASL family Fedora Local Security Checks NASL id FEDORA_2009-12968.NASL description Update to 3.12.5 This update fixes the following security flaw: CVE-2009-3555 TLS: MITM attacks via session renegotiation Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 43092 published 2009-12-10 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/43092 title Fedora 12 : nss-util-3.12.5-1.fc12.1 (2009-12968) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2010-0165.NASL description From Red Hat Security Advisory 2010:0165 : Updated nss packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSLv2, SSLv3, TLS, and other security standards. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. These facilities include threads, thread synchronization, normal file and network I/O, interval timing, calendar time, basic memory management (malloc and free), and shared library linking. A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handled session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client last seen 2020-06-01 modified 2020-06-02 plugin id 68019 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68019 title Oracle Linux 4 / 5 : nss (ELSA-2010-0165) NASL family Fedora Local Security Checks NASL id FEDORA_2009-12604.NASL description This update contains the latest stable release of Apache httpd. Three security fixes are included, along with several minor bug fixes. A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handle session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client last seen 2020-06-01 modified 2020-06-02 plugin id 43090 published 2009-12-10 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/43090 title Fedora 10 : httpd-2.2.14-1.fc10 (2009-12604) NASL family SuSE Local Security Checks NASL id SUSE9_12658.NASL description IBM Java 1.4.2 was updated to SR13 FP6 to fix various bugs and security issues. Following CVEs are tracked for this update: CVE-2009-3555 CVE-2010-3541 CVE-2010-3548 CVE-2010-3549 CVE-2010-3551 CVE-2010-3553 CVE-2010-3556 CVE-2010-3557 CVE-2010-3562 CVE-2010-3565 CVE-2010-3568 CVE-2010-3569 CVE-2010-3571 CVE-2010-3572 last seen 2020-06-01 modified 2020-06-02 plugin id 51338 published 2010-12-17 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/51338 title SuSE9 Security Update : IBM Java2 JRE and SDK (YOU Patch Number 12658) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2010-0162.NASL description Updated openssl packages that fix several security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was discovered that OpenSSL did not always check the return value of the bn_wexpand() function. An attacker able to trigger a memory allocation failure in that function could cause an application using the OpenSSL library to crash or, possibly, execute arbitrary code. (CVE-2009-3245) A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handled session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client last seen 2020-06-01 modified 2020-06-02 plugin id 46273 published 2010-05-11 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/46273 title RHEL 5 : openssl (RHSA-2010:0162) NASL family Misc. NASL id ORACLE_JAVA_CPU_MAR_2010_UNIX.NASL description The version of Oracle (formerly Sun) Java Runtime Environment (JRE) installed on the remote host is earlier than 6 Update 19 / 5.0 Update 24 / 1.4.2_26. Such versions are potentially affected by security issues in the following components : - ImageIO - Java 2D - JRE - Java Web Start, Java Plug-in - Pack200 - Sound - JSSE - HotSpot Server last seen 2020-06-01 modified 2020-06-02 plugin id 64842 published 2013-02-22 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/64842 title Oracle Java SE Multiple Vulnerabilities (March 2010 CPU) (Unix) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2011-0880.NASL description Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Network Satellite 5.4.1 for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Network Satellite 5.4.1. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment. Detailed vulnerability descriptions are linked from the IBM last seen 2020-06-01 modified 2020-06-02 plugin id 63983 published 2013-01-24 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/63983 title RHEL 5 : IBM Java Runtime (RHSA-2011:0880) NASL family Web Servers NASL id HPSMH_6_2_0_12.NASL description According to its self-reported version number, the HP System Management Homepage install on the remote host is earlier than 6.2. Such versions are reportedly affected by the following vulnerabilities : - Session renegotiations are not handled properly, which could be exploited to insert arbitrary plaintext in a man-in-the-middle attack. (CVE-2009-3555) - An attacker may be able to upload files using a POST request with last seen 2020-06-01 modified 2020-06-02 plugin id 49272 published 2010-09-17 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/49272 title HP System Management Homepage < 6.2 Multiple Vulnerabilities NASL family Databases NASL id DB2_95FP6.NASL description According to its version, the installation of IBM DB2 9.5 running on the remote host is prior to 9.5 Fix Pack 6. It is, therefore, affected by one or more of the following issues : - The Install component on Linux, UNIX, and Windows enforces an unintended limit on password length, which makes it easier for attackers to obtain access via a brute-force attack. (IC62856) - The Security component logs AUDIT events by using a USERID and an AUTHID value corresponding to the instance owner, instead of a USERID and an AUTHID value corresponding to the logged-in user account, which makes it easier for remote, authenticated users to execute Audit administration commands without discovery. (IC65184) - A privilege escalation vulnerability exists in the DB2STST program (on Linux and Unix platforms only). (IC65703) - A malicious user could use the DB2DART program to overwrite files owned by the instance owner. (IC65756) - The scalar function REPEAT contains a buffer overflow that a malicious user with a valid database connection could manipulate, causing the DB2 server to trap. (IC65933) - The Net Search Extender implementation in the Text Search component does not properly handle an alphanumeric Fuzzy search, which could allow a remote, authenticated user to consume memory or even hang the system via the last seen 2020-06-01 modified 2020-06-02 plugin id 49120 published 2010-09-07 reporter This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/49120 title IBM DB2 9.5 < Fix Pack 6a Multiple Vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_11_0_JAVA-1_6_0-SUN-100331.NASL description Sun Java 6 was updated to Update 19, fixing a large number of security issues. CVE-2009-3555 CVE-2010-0082 CVE-2010-0084 CVE-2010-0085 CVE-2010-0087 CVE-2010-0088 CVE-2010-0089 CVE-2010-0090 CVE-2010-0091 CVE-2010-0092 CVE-2010-0093 CVE-2010-0094 CVE-2010-0095 CVE-2010-0837 CVE-2010-0838 CVE-2010-0839 CVE-2010-0840 CVE-2010-0841 CVE-2010-0842 CVE-2010-0843 CVE-2010-0844 CVE-2010-0845 CVE-2010-0846 CVE-2010-0847 CVE-2010-0848 CVE-2010-0849 CVE-2010-0850 last seen 2020-06-01 modified 2020-06-02 plugin id 45454 published 2010-04-09 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/45454 title openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-2228) NASL family SuSE Local Security Checks NASL id SUSE_11_2_LIBOPENSSL-DEVEL-100401.NASL description This openssl update adds support for RFC5746 TLS renegotiations to address vulnerabilities tracked as (CVE-2009-3555). It also fixes a mishandling of OOM conditions in bn_wexpand (CVE-2009-3245). last seen 2020-06-01 modified 2020-06-02 plugin id 45466 published 2010-04-09 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/45466 title openSUSE Security Update : libopenssl-devel (libopenssl-devel-2232) NASL family SuSE Local Security Checks NASL id SUSE_11_2_COMPAT-OPENSSL097G-091113.NASL description The TLS/SSLv3 protocol as implemented in openssl prior to this update was not able to associate data to a renegotiated connection. This allowed man-in-the-middle attackers to inject HTTP requests in a HTTPS session without being noticed. For example Apache last seen 2020-06-01 modified 2020-06-02 plugin id 42839 published 2009-11-18 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42839 title openSUSE Security Update : compat-openssl097g (compat-openssl097g-1548) NASL family SuSE Local Security Checks NASL id SUSE_11_2_LIBOPENSSL-DEVEL-091113.NASL description The TLS/SSLv3 protocol as implemented in openssl prior to this update was not able to associate data to a renegotiated connection. This allowed man-in-the-middle attackers to inject HTTP requests in a HTTPS session without being noticed. For example Apache last seen 2020-06-01 modified 2020-06-02 plugin id 42856 published 2009-11-19 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42856 title SuSE 11.2 Security Update: libopenssl-devel (2009-11-13) NASL family Fedora Local Security Checks NASL id FEDORA_2009-12229.NASL description Update to 1.1.18, implementing a mitigation for CVE-2009-3555. http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html http://marc.info/?l=tomcat-dev&m=125900987921402&w=2 http://marc.info/?l =tomcat-dev&m=125874793414940&w=2 http://marc.info/?l=tomcat- user&m=125874793614950&w=2 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 43327 published 2009-12-18 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/43327 title Fedora 12 : tomcat-native-1.1.18-1.fc12 (2009-12229) NASL family SuSE Local Security Checks NASL id SUSE_MOZILLAFIREFOX-6970.NASL description Mozilla Firefox was updated to version 3.5.9 fixing lots of bugs and security issues. The following security issues were fixed : - Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2010-16) References Martijn Wargers, Josh Soref, and Jesse Ruderman reported crashes in the browser engine that affected Firefox 3.5 and Firefox 3.6. (CVE-2010-0173) Jesse Ruderman and Ehsan Akhgari reported crashes that affected all supported versions of the browser engine. (CVE-2010-0174) - Security researcher regenrecht reported via TippingPoint last seen 2020-06-01 modified 2020-06-02 plugin id 45498 published 2010-04-13 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/45498 title SuSE 10 Security Update : MozillaFirefox, MozillaFirefox-branding-upstream, MozillaFirefox-translations, mozilla-xulrunner191, mozilla-xulrunner191-devel, mozilla-xulrunner191-gnomevfs, mozilla-xulrunner191-translations, python-xpcom191 (ZYPP Patch Number 6970) NASL family SuSE Local Security Checks NASL id SUSE_11_JAVA-1_6_0-SUN-100331.NASL description Sun Java 6 was updated to Update 19, fixing a large number of security issues: CVE-2009-3555 / CVE-2010-0082 / CVE-2010-0084 / CVE-2010-0085 / CVE-2010-0087 / CVE-2010-0088 / CVE-2010-0089 / CVE-2010-0090 / CVE-2010-0091 / CVE-2010-0092 / CVE-2010-0093 / CVE-2010-0094 / CVE-2010-0095 / CVE-2010-0837 / CVE-2010-0838 / CVE-2010-0839 / CVE-2010-0840 / CVE-2010-0841 / CVE-2010-0842 / CVE-2010-0843 / CVE-2010-0844 / CVE-2010-0845 / CVE-2010-0846 / CVE-2010-0847 / CVE-2010-0848 / CVE-2010-0849 / CVE-2010-0850. last seen 2020-06-01 modified 2020-06-02 plugin id 50917 published 2010-12-02 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/50917 title SuSE 11 Security Update : Sun Java 6 (SAT Patch Number 2225) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2010-069.NASL description A vulnerability has been found and corrected in nss : The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a plaintext injection attack, aka the Project Mogul issue (CVE-2009-3555). Additionally the NSPR package has been upgraded to 4.8.4 that brings numerous upstream fixes. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. This update provides the latest versions of NSS and NSPR libraries and for which NSS is not vulnerable to this attack. last seen 2020-06-01 modified 2020-06-02 plugin id 45449 published 2010-04-09 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/45449 title Mandriva Linux Security Advisory : nss (MDVSA-2010:069) NASL family SuSE Local Security Checks NASL id SUSE9_12621.NASL description IBM Java 1.4.2 was updated to Version U13 FP 4 iFixes, to fix the SSL renegotiation flaw reported as CVE-2009-3555, and also SAP installer related bugs. last seen 2020-06-01 modified 2020-06-02 plugin id 46863 published 2010-06-11 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/46863 title SuSE9 Security Update : IBM Java 1.4.2 (YOU Patch Number 12621) NASL family Fedora Local Security Checks NASL id FEDORA_2009-12305.NASL description Update to 1.1.18, implementing a mitigation for CVE-2009-3555. http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html http://marc.info/?l=tomcat-dev&m=125900987921402&w=2 http://marc.info/?l =tomcat-dev&m=125874793414940&w=2 http://marc.info/?l=tomcat- user&m=125874793614950&w=2 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 43328 published 2009-12-18 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/43328 title Fedora 11 : tomcat-native-1.1.18-1.fc11 (2009-12305) NASL family SuSE Local Security Checks NASL id SUSE_11_1_GNUTLS-101025.NASL description The SSL-renegotiation last seen 2020-06-01 modified 2020-06-02 plugin id 53660 published 2011-05-05 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/53660 title openSUSE Security Update : gnutls (openSUSE-SU-2010:1025-1) NASL family AIX Local Security Checks NASL id AIX_SSL_ADVISORY.NASL description The version of OpenSSL running on the remote host is affected by the following vulnerabilities : - A vulnerability in the way SSL and TLS protocols allow renegotiation requests may allow an attacker to inject plaintext into an application protocol stream. This could result in a situation where the attacker may be able to issue commands to the server that appear to be coming from a legitimate source. - A remote, unauthenticated attacker may be able to inject an arbitrary amount of chosen plaintext into the beginning of the application protocol stream. This could allow an attacker to issue HTTP requests or take action impersonating the user, among other consequences. Please note that the recommended fixes will disable all session renegotiation. last seen 2020-06-01 modified 2020-06-02 plugin id 73566 published 2014-04-16 reporter This script is Copyright (C) 2014-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/73566 title AIX OpenSSL Advisory : ssl_advisory.asc NASL family SuSE Local Security Checks NASL id SUSE_11_JAVA-1_6_0-SUN-101019.NASL description Sun Java 1.6.0 was updated to Security Update U22. The release notes for this release are on: http://www.oracle.com/technetwork/java/javase/6u22releasenotes-176121. html Security advisory page for this update: http://www.oracle.com/technetwork/topics/security/javacpuoct2010-17625 8.html last seen 2020-06-01 modified 2020-06-02 plugin id 50919 published 2010-12-02 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/50919 title SuSE 11 / 11.1 Security Update : Java 1.6.0 (SAT Patch Numbers 3347 / 3349) NASL family Fedora Local Security Checks NASL id FEDORA_2010-5942.NASL description The Apache HTTP Server Project is proud to announce the release of version 2.2.15 of the Apache HTTP Server ( last seen 2020-06-01 modified 2020-06-02 plugin id 47408 published 2010-07-01 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/47408 title Fedora 13 : httpd-2.2.15-1.fc13 (2010-5942) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2010-0167.NASL description Updated gnutls packages that fix two security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handled session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client last seen 2020-06-01 modified 2020-06-02 plugin id 46278 published 2010-05-11 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/46278 title RHEL 4 : gnutls (RHSA-2010:0167) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-400.NASL description This update fixes certain known vulnerabilities in pound in squeeze-lts by backporting the version in wheezy. CVE-2009-3555 The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a last seen 2020-03-17 modified 2016-01-25 plugin id 88107 published 2016-01-25 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/88107 title Debian DLA-400-1 : pound security update (BEAST) (POODLE) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201006-18.NASL description The remote host is affected by the vulnerability described in GLSA-201006-18 (Oracle JRE/JDK: Multiple vulnerabilities) Multiple vulnerabilities have been reported in the Oracle Java implementation. Please review the CVE identifiers referenced below and the associated Oracle Critical Patch Update Advisory for details. Impact : A remote attacker could exploit these vulnerabilities to cause unspecified impact, possibly including remote execution of arbitrary code. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 46807 published 2010-06-04 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/46807 title GLSA-201006-18 : Oracle JRE/JDK: Multiple vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_11_COMPAT-OPENSSL097G-110721.NASL description This update adds openssl patches since 2007 for : - CVE-2009-0590 - CVE-2008-5077 - CVE-2009-0789 - CVE-2009-3555 - CVE-2010-4180 last seen 2020-06-01 modified 2020-06-02 plugin id 55711 published 2011-07-28 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/55711 title SuSE 11.1 Security Update : compat-openssl097g (SAT Patch Number 4913) NASL family SuSE Local Security Checks NASL id SUSE_JAVA-1_6_0-SUN-7204.NASL description Sun Java 1.6.0 was updated to Security Update U22. The release notes for this release are on: http://www.oracle.com/technetwork/java/javase/6u22releasenotes-176121. html Security advisory page for this update: http://www.oracle.com/technetwork/topics/security/javacpuoct2010-17625 8.html Following CVEs are tracked for this update: CVE-2010-3556 / CVE-2010-3562 / CVE-2010-3565 / CVE-2010-3566 / CVE-2010-3567 / CVE-2010-3571 / CVE-2010-3554 / CVE-2010-3563 / CVE-2010-3568 / CVE-2010-3569 / CVE-2010-3558 / CVE-2010-3552 / CVE-2010-3559 / CVE-2010-3572 / CVE-2010-3553 / CVE-2010-3555 / CVE-2010-3550 / CVE-2010-3570 / CVE-2010-3561 / CVE-2009-3555 / CVE-2010-1321 / CVE-2010-3549 / CVE-2010-3557 / CVE-2010-3541 / CVE-2010-3573 / CVE-2010-3574 / CVE-2010-3548 / CVE-2010-3551 / CVE-2010-3560 last seen 2020-06-01 modified 2020-06-02 plugin id 51751 published 2011-01-27 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/51751 title SuSE 10 Security Update : Sun Java 1.6.0 (ZYPP Patch Number 7204) NASL family Scientific Linux Local Security Checks NASL id SL_20100331_JAVA_1_6_0_OPENJDK_ON_SL5_X.NASL description A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handle session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client last seen 2020-06-01 modified 2020-06-02 plugin id 60776 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60776 title Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x i386/x86_64 NASL family Solaris Local Security Checks NASL id SOLARIS10_145102-01.NASL description SunOS 5.10: wanboot patch. Date this patch was last updated by Sun : Jun/18/10 last seen 2020-06-01 modified 2020-06-02 plugin id 107577 published 2018-03-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107577 title Solaris 10 (sparc) : 145102-01 NASL family SuSE Local Security Checks NASL id SUSE9_12705.NASL description The SSL-renegotiation last seen 2020-06-01 modified 2020-06-02 plugin id 53618 published 2011-05-02 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/53618 title SuSE9 Security Update : GnuTLS (YOU Patch Number 12705) NASL family SuSE Local Security Checks NASL id SUSE_11_1_JAVA-1_6_0-SUN-100331.NASL description Sun Java 6 was updated to Update 19, fixing a large number of security issues. CVE-2009-3555 CVE-2010-0082 CVE-2010-0084 CVE-2010-0085 CVE-2010-0087 CVE-2010-0088 CVE-2010-0089 CVE-2010-0090 CVE-2010-0091 CVE-2010-0092 CVE-2010-0093 CVE-2010-0094 CVE-2010-0095 CVE-2010-0837 CVE-2010-0838 CVE-2010-0839 CVE-2010-0840 CVE-2010-0841 CVE-2010-0842 CVE-2010-0843 CVE-2010-0844 CVE-2010-0845 CVE-2010-0846 CVE-2010-0847 CVE-2010-0848 CVE-2010-0849 CVE-2010-0850 last seen 2020-06-01 modified 2020-06-02 plugin id 45459 published 2010-04-09 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/45459 title openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-2228) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2010-0987.NASL description Updated java-1.6.0-ibm packages that fix several security issues and two bugs are now available for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The IBM 1.6.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment. Detailed vulnerability descriptions are linked from the IBM last seen 2020-06-01 modified 2020-06-02 plugin id 51197 published 2010-12-16 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/51197 title RHEL 4 / 5 / 6 : java-1.6.0-ibm (RHSA-2010:0987) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2009-1580.NASL description From Red Hat Security Advisory 2009:1580 : Updated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handle session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client last seen 2020-06-01 modified 2020-06-02 plugin id 67959 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67959 title Oracle Linux 4 : httpd (ELSA-2009-1580) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1934.NASL description A design flaw has been found in the TLS and SSL protocol that allows an attacker to inject arbitrary content at the beginning of a TLS/SSL connection. The attack is related to the way how TLS and SSL handle session renegotiations. CVE-2009-3555 has been assigned to this vulnerability. As a partial mitigation against this attack, this apache2 update disables client-initiated renegotiations. This should fix the vulnerability for the majority of Apache configurations in use. NOTE: This is not a complete fix for the problem. The attack is still possible in configurations where the server initiates the renegotiation. This is the case for the following configurations (the information in the changelog of the updated packages is slightly inaccurate) : - The last seen 2020-06-01 modified 2020-06-02 plugin id 44799 published 2010-02-24 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/44799 title Debian DSA-1934-1 : apache2 - multiple issues NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2010-067-01.NASL description New httpd packages are available for Slackware 12.0, 12.1, 12.2, 13.0, and -current to fix security issues. mod_ssl: A partial fix for the TLS renegotiation prefix injection attack by rejecting any client-initiated renegotiations. mod_proxy_ajp: Respond with HTTP_BAD_REQUEST when the body is not sent when request headers indicate a request body is incoming; not a case of HTTP_INTERNAL_SERVER_ERROR. mod_isapi: Do not unload an isapi .dll module until the request processing is completed, avoiding orphaned callback pointers. [This is the most serious flaw, but does not affect Linux systems] last seen 2020-06-01 modified 2020-06-02 plugin id 45007 published 2010-03-09 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/45007 title Slackware 12.0 / 12.1 / 12.2 / 13.0 / current : httpd (SSA:2010-067-01) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2010-0163.NASL description From Red Hat Security Advisory 2010:0163 : Updated openssl packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handled session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client last seen 2020-06-01 modified 2020-06-02 plugin id 68017 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68017 title Oracle Linux 3 / 4 : openssl (ELSA-2010-0163) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2014-0008.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - fix for CVE-2014-0224 - SSL/TLS MITM vulnerability - replace expired GlobalSign Root CA certificate in ca-bundle.crt - fix for CVE-2013-0169 - SSL/TLS CBC timing attack (#907589) - fix for CVE-2013-0166 - DoS in OCSP signatures checking (#908052) - enable compression only if explicitly asked for or OPENSSL_DEFAULT_ZLIB environment variable is set (fixes CVE-2012-4929 #857051) - use __secure_getenv everywhere instead of getenv (#839735) - fix for CVE-2012-2333 - improper checking for record length in DTLS (#820686) - fix for CVE-2012-2110 - memory corruption in asn1_d2i_read_bio (#814185) - fix problem with the SGC restart patch that might terminate handshake incorrectly - fix for CVE-2012-0884 - MMA weakness in CMS and PKCS#7 code (#802725) - fix for CVE-2012-1165 - NULL read dereference on bad MIME headers (#802489) - fix for CVE-2011-4108 & CVE-2012-0050 - DTLS plaintext recovery vulnerability and additional DTLS fixes (#771770) - fix for CVE-2011-4109 - double free in policy checks (#771771) - fix for CVE-2011-4576 - uninitialized SSL 3.0 padding (#771775) - fix for CVE-2011-4619 - SGC restart DoS attack (#771780) - add known answer test for SHA2 algorithms (#740866) - make default private key length in certificate Makefile 2048 bits (can be changed with PRIVATE_KEY_BITS setting) (#745410) - fix incorrect return value in parse_yesno (#726593) - added DigiCert CA certificates to ca-bundle (#735819) - added a new section about error states to README.FIPS (#628976) - add missing DH_check_pub_key call when DH key is computed (#698175) - presort list of ciphers available in SSL (#688901) - accept connection in s_server even if getaddrinfo fails (#561260) - point to openssl dgst for list of supported digests (#608639) - fix handling of future TLS versions (#599112) - added VeriSign Class 3 Public Primary Certification Authority - G5 and StartCom Certification Authority certs to ca-bundle (#675671, #617856) - upstream fixes for the CHIL engine (#622003, #671484) - add SHA-2 hashes in SSL_library_init (#676384) - fix CVE-2010-4180 - completely disable code for SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG (#659462) - fix CVE-2009-3245 - add missing bn_wexpand return checks (#570924) - fix CVE-2010-0433 - do not pass NULL princ to krb5_kt_get_entry which in the RHEL-5 and newer versions will crash in such case (#569774) - fix CVE-2009-3555 - support the safe renegotiation extension and do not allow legacy renegotiation on the server by default (#533125) - fix CVE-2009-2409 - drop MD2 algorithm from EVP tables (#510197) - fix CVE-2009-4355 - do not leak memory when CRYPTO_cleanup_all_ex_data is called prematurely by application (#546707) last seen 2020-06-01 modified 2020-06-02 plugin id 79532 published 2014-11-26 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79532 title OracleVM 3.2 : onpenssl (OVMSA-2014-0008) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201110-05.NASL description The remote host is affected by the vulnerability described in GLSA-201110-05 (GnuTLS: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in GnuTLS. Please review the CVE identifiers referenced below for details. Impact : An attacker could perform man-in-the-middle attacks to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority or to inject an arbitrary amount of chosen plaintext into the beginning of the application protocol stream, allowing for further exploitation. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 56458 published 2011-10-12 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56458 title GLSA-201110-05 : GnuTLS: Multiple vulnerabilities NASL family Solaris Local Security Checks NASL id SOLARIS9_X86_128641.NASL description Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 9.2.4, 10.0.2, 10.3.5, 10.3.6 and 12.1.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. last seen 2020-06-01 modified 2020-06-02 plugin id 35421 published 2009-01-19 reporter This script is Copyright (C) 2009-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/35421 title Solaris 9 (x86) : 128641-30 NASL family SuSE Local Security Checks NASL id SUSE_COMPAT-OPENSSL097G-7644.NASL description This update adds openssl patches since 2007 for : - CVE-2009-0590 - CVE-2008-5077 - CVE-2009-0789 - CVE-2009-3555 - CVE-2010-4180 last seen 2020-06-01 modified 2020-06-02 plugin id 55715 published 2011-07-28 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/55715 title SuSE 10 Security Update : compat-openssl097g (ZYPP Patch Number 7644) NASL family Scientific Linux Local Security Checks NASL id SL_20091111_HTTPD_ON_SL3_X.NASL description CVE-2009-1891 httpd: possible temporary DoS (CPU consumption) in mod_deflate CVE-2009-3094 httpd: NULL pointer defer in mod_proxy_ftp caused by crafted EPSV and PASV reply CVE-2009-3095 httpd: mod_proxy_ftp FTP command injection via Authorization HTTP header CVE-2009-3555 TLS: MITM attacks via session renegotiation A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handle session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client last seen 2020-06-01 modified 2020-06-02 plugin id 60695 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60695 title Scientific Linux Security Update : httpd on SL3.x, SL4.x, SL5.x i386/x86_64 NASL family Misc. NASL id VMWARE_VMSA-2011-0003_REMOTE.NASL description The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party components and libraries : - Apache Tomcat - Apache Tomcat Manager - cURL - Java Runtime Environment (JRE) - Kernel - Microsoft SQL Express - OpenSSL - pam_krb5 last seen 2020-06-01 modified 2020-06-02 plugin id 89674 published 2016-03-04 reporter This script is Copyright (C) 2016-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/89674 title VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0003) (remote check) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2010-0768.NASL description Updated java-1.6.0-openjdk packages that fix several security issues and two bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. defaultReadObject of the Serialization API could be tricked into setting a volatile field multiple times, which could allow a remote attacker to execute arbitrary code with the privileges of the user running the applet or application. (CVE-2010-3569) Race condition in the way objects were deserialized could allow an untrusted applet or application to misuse the privileges of the user running the applet or application. (CVE-2010-3568) Miscalculation in the OpenType font rendering implementation caused out-of-bounds memory access, which could allow remote attackers to execute code with the privileges of the user running the java process. (CVE-2010-3567) JPEGImageWriter.writeImage in the imageio API improperly checked certain image metadata, which could allow a remote attacker to execute arbitrary code in the context of the user running the applet or application. (CVE-2010-3565) Double free in IndexColorModel could cause an untrusted applet or application to crash or, possibly, execute arbitrary code with the privileges of the user running the applet or application. (CVE-2010-3562) The privileged accept method of the ServerSocket class in the Common Object Request Broker Architecture (CORBA) implementation in OpenJDK allowed it to receive connections from any host, instead of just the host of the current connection. An attacker could use this flaw to bypass restrictions defined by network permissions. (CVE-2010-3561) Flaws in the Swing library could allow an untrusted application to modify the behavior and state of certain JDK classes. (CVE-2010-3557) Flaws in the CORBA implementation could allow an attacker to execute arbitrary code by misusing permissions granted to certain system objects. (CVE-2010-3554) UIDefault.ProxyLazyValue had unsafe reflection usage, allowing untrusted callers to create objects via ProxyLazyValue values. (CVE-2010-3553) HttpURLConnection improperly handled the last seen 2020-06-01 modified 2020-06-02 plugin id 50003 published 2010-10-18 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/50003 title CentOS 5 : java-1.6.0-openjdk (CESA-2010:0768) NASL family F5 Networks Local Security Checks NASL id F5_BIGIP_SOL10737.NASL description The remote BIG-IP device is missing a patch required by a security advisory. last seen 2020-06-01 modified 2020-06-02 plugin id 78123 published 2014-10-10 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78123 title F5 Networks BIG-IP : SSL Renegotiation vulnerability (SOL10737) NASL family SuSE Local Security Checks NASL id SUSE_11_1_GNUTLS-101206.NASL description This update fixes the safe renegotiation testing code which was missing in the previous update for CVE-2009-3555. last seen 2020-06-01 modified 2020-06-02 plugin id 53661 published 2011-05-05 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/53661 title openSUSE Security Update : gnutls (openSUSE-SU-2010:1025-2) NASL family Fedora Local Security Checks NASL id FEDORA_2009-13250.NASL description This update addresses CVE-2009-3555 (SSL/TLS renegotiation vulnerability), mitigating the problem by refusing all client-initiated SSL/TLS session renegotiations. This update to the latest maintenance release also fixes a number of bugs recorded in the proftpd bug tracker: - SSL/TLS renegotiation vulnerability (CVE-2009-3555, bug 3324) - Failed database transaction can cause mod_quotatab to loop (bug 3228) - Segfault in mod_wrap (bug 3332) - <Directory> sections can have <Limit> problems (bug 3337) - mod_wrap2 segfaults when a valid user retries the USER command (bug 3341) - mod_auth_file handles last seen 2020-06-01 modified 2020-06-02 plugin id 43604 published 2009-12-28 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/43604 title Fedora 12 : proftpd-1.3.2c-1.fc12 (2009-13250) NASL family Fedora Local Security Checks NASL id FEDORA_2010-6279.NASL description Add latest security updates. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 47426 published 2010-07-01 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47426 title Fedora 13 : java-1.6.0-openjdk-1.6.0.0-37.b17.fc13 (2010-6279) NASL family Firewalls NASL id FORTIOS_FG-IR-17-137.NASL description The version of Fortinet FortiOS running on the remote device is 5.2.x or prior, 5.4.x prior to 5.4.6, or 5.6.x prior to 5.6.1. It is, therefore, affected by a MITM vulnerability in SSL Deep-Inspection due to insecure TLS renegotiation. last seen 2020-06-01 modified 2020-06-02 plugin id 104656 published 2017-11-17 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/104656 title Fortinet FortiOS < 5.2 / 5.4.x < 5.4.6 / 5.6.x < 5.6.1 SSL / TLS Renegotiation Handshakes MitM Plaintext Data Injection (FG-IR-17-137) NASL family Fedora Local Security Checks NASL id FEDORA_2010-16240.NASL description - Thu Oct 7 2010 Jiri Vanek <jvanek at redhat.com> -1:1.6.0-41.1.8.2 - Imports icedtea6-1.8.2 - changed Release versioning from openjdkver to icedteaver - Resolves: rhbz#533125 - Resolves: rhbz#639876 - Resolves: rhbz#639880 - Resolves: rhbz#639897 - Resolves: rhbz#639904 - Resolves: rhbz#639909 - Resolves: rhbz#639914 - Resolves: rhbz#639920 - Resolves: rhbz#639922 - Resolves: rhbz#639925 - Resolves: rhbz#639951 - Resolves: rhbz#6622002 - Resolves: rhbz#6623943 - Resolves: rhbz#6925672 - Resolves: rhbz#6952017 - Resolves: rhbz#6952603 - Resolves: rhbz#6961084 - Resolves: rhbz#6963285 - Resolves: rhbz#6980004 - Resolves: rhbz#6981426 - Resolves: rhbz#6990437 - Mon Jul 26 2010 Martin Matejovic <mmatejov at redhat.com> -1:1.6.0-40.b18 - Imports icedtea6-1.8.1 - Removed: java-1.6.0-openjdk-plugin.patch - Resolves: rhbz#616893 - Resolves: rhbz#616895 - Mon Jun 14 2010 Martin Matejovic <mmatejov at redhat.com> -1:1.6.0.-39.b18 - Fixed plugin update to IcedTeaPlugin.so - Fixed plugin cpu usage issue - Fixed plugin rewrites ? in URL - Added java-1.6.0-openjdk-plugin.patch - Resovles: rhbz#598353 - Resolves: rhbz#592553 - Resolves: rhbz#602906 - Tue Apr 20 2010 Martin Matejovic <mmatejov at redhat.com> - 1:1.6.0-38.b18 - Added icedtea6-1.8 - Added openjdk b18 - Added jdk6-jaf-2009_10_27.zip as SOURCE9 - Added jdk6-jaxp-2009_10_13.zip as SOURCE10 - Added jdk6-jaxws-2009_10_27.zip as SOURCE11 - Removed java-1.6.0-openjdk-securitypatches-20100323.patch - Removed java-1.6.0-openjdk-linux-globals.patch - Removed java-1.6.0-openjdk-memory-barriers.patch - Removed java-1.6.0-openjdk-pulse-audio-libs.patch - Enabled NPPlugin - Tue Mar 30 2010 Martin Matejovic <mmatejov at redhat.com> - 1:1.6.0-37.b17 - Added java-1.6.0-openjdk-securitypatches-20100323.patch [plus 62 lines in the Changelog] Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 50295 published 2010-10-22 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/50295 title Fedora 12 : java-1.6.0-openjdk-1.6.0.0-41.1.8.2.fc12 (2010-16240) NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0118_HTTPD.NASL description The remote NewStart CGSL host, running version MAIN 4.05, has httpd packages installed that are affected by multiple vulnerabilities: - Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte. (CVE-2005-1268) - The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a Transfer-Encoding: chunked header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka HTTP Request Smuggling. (CVE-2005-2088) - ssl_engine_kernel.c in mod_ssl before 2.8.24, when using SSLVerifyClient optional in the global virtual host configuration, does not properly enforce SSLVerifyClient require in a per-location context, which allows remote attackers to bypass intended access restrictions. (CVE-2005-2700) - The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field. (CVE-2005-2728) - Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps. (CVE-2005-3352) - mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference. (CVE-2005-3357) - The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post- renegotiation context, related to a plaintext injection attack, aka the Project Mogul issue. (CVE-2009-3555) - The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path. (CVE-2010-1452) - fs/ext4/extents.c in the Linux kernel before 3.0 does not mark a modified extent as dirty in certain cases of extent splitting, which allows local users to cause a denial of service (system crash) via vectors involving ext4 umount and mount operations. (CVE-2011-3638) - It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that interpreted those characters differently, a remote attacker could possibly use this flaw to inject data into HTTP responses, resulting in proxy cache poisoning. (CVE-2016-8743) - It was discovered that the use of httpd last seen 2020-06-01 modified 2020-06-02 plugin id 127360 published 2019-08-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127360 title NewStart CGSL MAIN 4.05 : httpd Multiple Vulnerabilities (NS-SA-2019-0118) NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_141525-10.NASL description SunOS 5.10_x86: ssh and openssl patch. Date this patch was last updated by Sun : Jun/18/10 last seen 2020-06-01 modified 2020-06-02 plugin id 108025 published 2018-03-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108025 title Solaris 10 (x86) : 141525-10 NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1547.NASL description According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A NULL pointer dereference flaw was found in OpenSSL last seen 2020-06-01 modified 2020-06-02 plugin id 125000 published 2019-05-14 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125000 title EulerOS Virtualization 3.0.1.0 : openssl (EulerOS-SA-2019-1547) NASL family Scientific Linux Local Security Checks NASL id SL_20101014_JAVA__JDK_1_6_0__ON_SL4_X.NASL description This update fixes several vulnerabilities in the Java 6 Software Development Kit. Further information about these flaws can be found on the last seen 2020-06-01 modified 2020-06-02 plugin id 60869 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60869 title Scientific Linux Security Update : java (jdk 1.6.0) on SL4.x, SL5.x i386/x86_64 NASL family SuSE Local Security Checks NASL id SUSE_JAVA-1_5_0-IBM-7077.NASL description This update of IBM Java 1.5.0 to SR11 FP2 to fixes the following security issues : - Various unspecified and undocumented vulnerabilities that allows remote attackers to affect confidentiality, integrity and availability via various unknown vectors. (CVE-2010-0084 / CVE-2010-0085 / CVE-2010-0087 / CVE-2010-0088 / CVE-2010-0089 / CVE-2010-0091 / CVE-2010-0092 / CVE-2010-0095 / CVE-2010-0837 / CVE-2010-0839) - Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18 and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is due to missing privilege checks during deserialization of RMIConnectionImpl objects, which allows remote attackers to call system-level Java functions via the class loader of a constructor that is being deserialized. (CVE-2010-0094) - Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a stack-based buffer overflow using an untrusted size value in the readMabCurveData function in the CMM module of the JVM. (CVE-2010-0838) - Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to improper checks when executing privileged methods in the Java Runtime Environment (JRE), which allows attackers to execute arbitrary code via (1) an untrusted object that extends the trusted class but has not modified a certain method, or (2) last seen 2020-06-01 modified 2020-06-02 plugin id 49864 published 2010-10-11 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/49864 title SuSE 10 Security Update : IBM Java 1.5.0 (ZYPP Patch Number 7077) NASL family SuSE Local Security Checks NASL id SUSE_11_2_JAVA-1_6_0-OPENJDK-101103.NASL description Icedtea included in java-1_6_0-openjdk was updated to version 1.7.5/1.8.2/1.9.1 to fix several security issues : - S6914943, CVE-2009-3555: TLS: MITM attacks via session renegotiation - S6559775, CVE-2010-3568: OpenJDK Deserialization Race condition - S6891766, CVE-2010-3554: OpenJDK corba reflection vulnerabilities - S6925710, CVE-2010-3562: OpenJDK IndexColorModel double-free - S6938813, CVE-2010-3557: OpenJDK Swing mutable static - S6957564, CVE-2010-3548: OpenJDK DNS server IP address information leak - S6958060, CVE-2010-3564: OpenJDK kerberos vulnerability - S6963023, CVE-2010-3565: OpenJDK JPEG writeImage remote code execution - S6963489, CVE-2010-3566: OpenJDK ICC Profile remote code execution - S6966692, CVE-2010-3569: OpenJDK Serialization inconsistencies - S6622002, CVE-2010-3553: UIDefault.ProxyLazyValue has unsafe reflection usage - S6925672, CVE-2010-3561: Privileged ServerSocket.accept allows receiving connections from any host - S6952017, CVE-2010-3549: HttpURLConnection chunked encoding issue (Http request splitting) - S6952603, CVE-2010-3551: NetworkInterface reveals local network address to untrusted code - S6961084, CVE-2010-3541: limit setting of some request headers in HttpURLConnection - S6963285, CVE-2010-3567: Crash in ICU Opentype layout engine due to mismatch in character counts - S6980004, CVE-2010-3573: limit HTTP request cookie headers in HttpURLConnection - S6981426, CVE-2010-3574: limit use of TRACE method in HttpURLConnection last seen 2020-06-01 modified 2020-06-02 plugin id 53731 published 2011-05-05 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/53731 title openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2010:0957-1) NASL family SuSE Local Security Checks NASL id SUSE_11_1_JAVA-1_6_0-SUN-101019.NASL description Sun Java 1.6.0 was updated to Security Update U22. The release notes for this release are on: http://www.oracle.com/technetwork/java/javase/6u22releasenotes-176121. html Security advisory page for this update: http://www.oracle.com/technetwork/topics/security/javacpuoct2010-17625 8.html Following CVEs are tracked by the update: CVE-2010-3556 CVE-2010-3562 CVE-2010-3565 CVE-2010-3566 CVE-2010-3567 CVE-2010-3571 CVE-2010-3554 CVE-2010-3563 CVE-2010-3568 CVE-2010-3569 CVE-2010-3558 CVE-2010-3552 CVE-2010-3559 CVE-2010-3572 CVE-2010-3553 CVE-2010-3555 CVE-2010-3550 CVE-2010-3570 CVE-2010-3561 CVE-2009-3555 CVE-2010-1321 CVE-2010-3549 CVE-2010-3557 CVE-2010-3541 CVE-2010-3573 CVE-2010-3574 CVE-2010-3548 CVE-2010-3551 CVE-2010-3560 last seen 2020-06-01 modified 2020-06-02 plugin id 50298 published 2010-10-22 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/50298 title openSUSE Security Update : java-1_6_0-sun (openSUSE-SU-2010:0754-1) NASL family Misc. NASL id ORACLE_JAVA_CPU_OCT_2010_UNIX.NASL description The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 6 Update 22 / 5.0 Update 26 / 1.4.2_28. Such versions are potentially affected by security issue in the following components : - CORBA - Deployment - Deployment Toolkit - Java 2D - Java Web Start - JNDI - JRE - JSSE - Kerberos - Networking - New Java Plug-in - Sound - Swing last seen 2020-06-01 modified 2020-06-02 plugin id 64843 published 2013-02-22 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/64843 title Oracle Java SE Multiple Vulnerabilities (October 2010 CPU) (Unix) NASL family VMware ESX Local Security Checks NASL id VMWARE_VMSA-2010-0019.NASL description a. Service Console update for samba The service console package samba is updated to version 3.0.9-1.3E.18. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-3069 to this issue. b. Service Console update for bzip2 The service console package bzip2 is updated to version 1.0.2-14.EL3 in ESX 3.x and version 1.0.3-6 in ESX 4.x. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-0405 to this issue. c. Service Console update for OpenSSL The service console package openssl updated to version 0.9.7a-33.26. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-0590, CVE-2009-2409 and CVE-2009-3555 to the issues addressed in this update. last seen 2020-06-01 modified 2020-06-02 plugin id 51077 published 2010-12-08 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/51077 title VMSA-2010-0019 : VMware ESX third-party updates for Service Console NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2010-070.NASL description Security issues were identified and fixed in firefox : Security researcher regenrecht reported (via TippingPoint last seen 2020-06-01 modified 2020-06-02 plugin id 45520 published 2010-04-14 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/45520 title Mandriva Linux Security Advisory : firefox (MDVSA-2010:070-1) NASL family Fedora Local Security Checks NASL id FEDORA_2010-6131.NASL description The Apache HTTP Server Project is proud to announce the release of version 2.2.15 of the Apache HTTP Server ( last seen 2020-06-01 modified 2020-06-02 plugin id 47417 published 2010-07-01 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/47417 title Fedora 11 : httpd-2.2.15-1.fc11.1 (2010-6131) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2009-1579.NASL description Updated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handle session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client last seen 2020-06-01 modified 2020-06-02 plugin id 67073 published 2013-06-29 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67073 title CentOS 3 / 5 : httpd (CESA-2009:1579) NASL family VMware ESX Local Security Checks NASL id VMWARE_VMSA-2010-0015.NASL description a. Service Console update for NSS_db The service console package NSS_db is updated to version nss_db-2.2-35.4.el5_5. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-0826 to this issue. b. Service Console update for OpenLDAP The service console package OpenLDAP updated to version 2.3.43-12.el5. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-3767 to this issue. c. Service Console update for cURL The service console packages for cURL updated to version 7.15.5-9.el5. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-0734 to this issue. d. Service Console update for sudo The service console package sudo updated to version 1.7.2p1-7.el5_5. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-1646 to this issue. e. Service Console update for OpenSSL, GnuTLS, NSS and NSPR Service Console updates for OpenSSL to version 097a-0.9.7a-9.el5_4.2 and version 0.9.8e-12.el5_4.6, GnuTLS to version 1.4.1-3.el5_4.8, and NSS to version 3.12.6-1.3235.vmw and NSPR to version 4.8.4-1.3235.vmw. These four updates are bundled together due to their mutual dependencies. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-3555, CVE-2009-2409, CVE-2009-3245 and CVE-2010-0433 to the issues addressed in this update. last seen 2020-06-01 modified 2020-06-02 plugin id 49703 published 2010-10-04 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/49703 title VMSA-2010-0015 : VMware ESX third-party updates for Service Console NASL family SuSE Local Security Checks NASL id SUSE_11_3_GNUTLS-101025.NASL description The SSL-renegotiation last seen 2020-06-01 modified 2020-06-02 plugin id 75521 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75521 title openSUSE Security Update : gnutls (openSUSE-SU-2010:1025-1) NASL family SuSE Local Security Checks NASL id SUSE_MOZILLAFIREFOX-6979.NASL description Mozilla Firefox was updated to version 3.5.9 fixing lots of bugs and security issues. The following security issues were fixed : - Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2010-16) References Martijn Wargers, Josh Soref, and Jesse Ruderman reported crashes in the browser engine that affected Firefox 3.5 and Firefox 3.6. (CVE-2010-0173) Jesse Ruderman and Ehsan Akhgari reported crashes that affected all supported versions of the browser engine. (CVE-2010-0174) - Security researcher regenrecht reported via TippingPoint last seen 2020-06-01 modified 2020-06-02 plugin id 49892 published 2010-10-11 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/49892 title SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 6979) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2009-337.NASL description A vulnerability has been identified and corrected in proftpd : The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a plaintext injection attack, aka the Project Mogul issue (CVE-2009-3555). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. This update fixes this vulnerability. last seen 2020-06-01 modified 2020-06-02 plugin id 43393 published 2009-12-23 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/43393 title Mandriva Linux Security Advisory : proftpd (MDVSA-2009:337) NASL family Scientific Linux Local Security Checks NASL id SL_20100325_OPENSSL097A_ON_SL5_X.NASL description CVE-2009-3555 TLS: MITM attacks via session renegotiation A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handled session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client last seen 2020-06-01 modified 2020-06-02 plugin id 60757 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60757 title Scientific Linux Security Update : openssl097a on SL5.x i386/x86_64 NASL family Solaris Local Security Checks NASL id SOLARIS9_125437.NASL description Oracle iPlanet Web Server 7.0.12 Solaris: Update Release patch. Date this patch was last updated by Sun : Aug/19/11 last seen 2020-06-01 modified 2020-06-02 plugin id 27023 published 2007-10-12 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27023 title Solaris 9 (sparc) : 125437-22 NASL family Windows : Microsoft Bulletins NASL id SMB_NT_MS10-049.NASL description The remote Windows host is running a version of the Secure Channel (SChannel) security package that is affected by one or more of the following vulnerabilities : - The SChannel authentication component allows a client to renegotiate the connection after the initial handshake, which could be abused to inject information into an encrypted connection, effectively sending traffic spoofing an authenticated client. (CVE-2009-3555) - The way that SChannel validates a certificate request message sent by a server could lead to a denial of service or even allow execution of arbitrary code if an attacker can trick a user on the affected system into connecting to malicious web server over SSL or TLS. (CVE-2010-2566) last seen 2020-06-01 modified 2020-06-02 plugin id 48286 published 2010-08-11 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/48286 title MS10-049: Vulnerabilities in SChannel could allow Remote Code Execution (980436) NASL family Windows NASL id ORACLE_JAVA_CPU_MAR_2010.NASL description The version of Oracle (formerly Sun) Java Runtime Environment (JRE) installed on the remote host is earlier than 6 Update 19 / 5.0 Update 24 / 1.4.2_26. Such versions are potentially affected by security issues in the following components : - ImageIO - Java 2D - JRE - Java Web Start, Java Plug-in - Pack200 - Sound - JSSE - HotSpot Server last seen 2020-06-01 modified 2020-06-02 plugin id 45379 published 2010-03-30 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/45379 title Oracle Java SE Multiple Vulnerabilities (March 2010 CPU) NASL family Solaris Local Security Checks NASL id SOLARIS9_X86_125438.NASL description Oracle iPlanet Web Server 7.0.12 Solaris_x86: Update Release patch. Date this patch was last updated by Sun : Aug/26/11 last seen 2020-06-01 modified 2020-06-02 plugin id 27039 published 2007-10-12 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27039 title Solaris 9 (x86) : 125438-22 NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2010-0163.NASL description Updated openssl packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handled session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client last seen 2020-06-01 modified 2020-06-02 plugin id 46274 published 2010-05-11 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/46274 title RHEL 3 / 4 : openssl (RHSA-2010:0163) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2010-0333.NASL description Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. Several use-after-free flaws were found in SeaMonkey. Visiting a web page containing malicious content could result in SeaMonkey executing arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-0175, CVE-2010-0176, CVE-2010-0177) Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-0174) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 45444 published 2010-04-09 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/45444 title CentOS 3 / 4 : seamonkey (CESA-2010:0333) NASL family Web Servers NASL id HPSMH_6_1_0_102.NASL description According to the web server banner, the version of HP System Management Homepage (SMH) running on the remote host is potentially affected by the following vulnerabilities : - Session renegotiations are not handled properly, which could be exploited to insert arbitrary plaintext by a man-in-the-middle. (CVE-2009-3555) - An unspecified vulnerability in version 2.0.18 of the Namazu component, used by the Windows version of SMH. last seen 2020-06-01 modified 2020-06-02 plugin id 46677 published 2010-05-19 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/46677 title HP System Management Homepage < 6.1.0.102 / 6.1.0-103 Multiple Vulnerabilities NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2010-0155.NASL description Updated java-1.4.2-ibm packages that fix one security issue and a bug are now available for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 Supplementary. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The IBM 1.4.2 SR13-FP4 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handle session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client last seen 2020-06-01 modified 2020-06-02 plugin id 46272 published 2010-05-11 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/46272 title RHEL 3 / 4 / 5 : java-1.4.2-ibm (RHSA-2010:0155) NASL family SuSE Local Security Checks NASL id SUSE_11_0_LIBOPENSSL-DEVEL-091112.NASL description The TLS/SSLv3 protocol as implemented in openssl prior to this update was not able to associate data to a renegotiated connection. This allowed man-in-the-middle attackers to inject HTTP requests in a HTTPS session without being noticed. For example Apache last seen 2020-06-01 modified 2020-06-02 plugin id 42852 published 2009-11-19 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42852 title openSUSE Security Update : libopenssl-devel (libopenssl-devel-1554) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2014-0007.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - fix for CVE-2014-0224 - SSL/TLS MITM vulnerability - replace expired GlobalSign Root CA certificate in ca-bundle.crt - fix for CVE-2013-0169 - SSL/TLS CBC timing attack (#907589) - fix for CVE-2013-0166 - DoS in OCSP signatures checking (#908052) - enable compression only if explicitly asked for or OPENSSL_DEFAULT_ZLIB environment variable is set (fixes CVE-2012-4929 #857051) - use __secure_getenv everywhere instead of getenv (#839735) - fix for CVE-2012-2333 - improper checking for record length in DTLS (#820686) - fix for CVE-2012-2110 - memory corruption in asn1_d2i_read_bio (#814185) - fix problem with the SGC restart patch that might terminate handshake incorrectly - fix for CVE-2012-0884 - MMA weakness in CMS and PKCS#7 code (#802725) - fix for CVE-2012-1165 - NULL read dereference on bad MIME headers (#802489) - fix for CVE-2011-4108 & CVE-2012-0050 - DTLS plaintext recovery vulnerability and additional DTLS fixes (#771770) - fix for CVE-2011-4109 - double free in policy checks (#771771) - fix for CVE-2011-4576 - uninitialized SSL 3.0 padding (#771775) - fix for CVE-2011-4619 - SGC restart DoS attack (#771780) - add known answer test for SHA2 algorithms (#740866) - make default private key length in certificate Makefile 2048 bits (can be changed with PRIVATE_KEY_BITS setting) (#745410) - fix incorrect return value in parse_yesno (#726593) - added DigiCert CA certificates to ca-bundle (#735819) - added a new section about error states to README.FIPS (#628976) - add missing DH_check_pub_key call when DH key is computed (#698175) - presort list of ciphers available in SSL (#688901) - accept connection in s_server even if getaddrinfo fails (#561260) - point to openssl dgst for list of supported digests (#608639) - fix handling of future TLS versions (#599112) - added VeriSign Class 3 Public Primary Certification Authority - G5 and StartCom Certification Authority certs to ca-bundle (#675671, #617856) - upstream fixes for the CHIL engine (#622003, #671484) - add SHA-2 hashes in SSL_library_init (#676384) - fix CVE-2010-4180 - completely disable code for SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG (#659462) - fix CVE-2009-3245 - add missing bn_wexpand return checks (#570924) - fix CVE-2010-0433 - do not pass NULL princ to krb5_kt_get_entry which in the RHEL-5 and newer versions will crash in such case (#569774) - fix CVE-2009-3555 - support the safe renegotiation extension and do not allow legacy renegotiation on the server by default (#533125) - fix CVE-2009-2409 - drop MD2 algorithm from EVP tables (#510197) - fix CVE-2009-4355 - do not leak memory when CRYPTO_cleanup_all_ex_data is called prematurely by application (#546707) last seen 2020-06-01 modified 2020-06-02 plugin id 79531 published 2014-11-26 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79531 title OracleVM 2.2 : openssl (OVMSA-2014-0007) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2010-0807.NASL description Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. Detailed vulnerability descriptions are linked from the IBM last seen 2020-06-01 modified 2020-06-02 plugin id 50360 published 2010-10-28 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/50360 title RHEL 4 / 5 : java-1.5.0-ibm (RHSA-2010:0807) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2009-323.NASL description Multiple vulnerabilities has been found and corrected in apache : Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm (CVE-2008-1678). Note that this security issue does not really apply as zlib compression is not enabled in the openssl build provided by Mandriva, but apache is patched to address this issue anyway (conserns 2008.1 only). mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request (CVE-2009-1191). Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via wildcards in a pathname in an FTP URI (CVE-2008-2939). Note that this security issue was initially addressed with MDVSA-2008:195 but the patch fixing the issue was added but not applied in 2009.0. The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file (CVE-2009-1195). The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests (CVE-2009-1890). Fix a potential Denial-of-Service attack against mod_deflate or other modules, by forcing the server to consume CPU time in compressing a large file after a client disconnects (CVE-2009-1891). The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command (CVE-2009-3094). The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes (CVE-2009-3095). Apache is affected by SSL injection or man-in-the-middle attacks due to a design flaw in the SSL and/or TLS protocols. A short term solution was released Sat Nov 07 2009 by the ASF team to mitigate these problems. Apache will now reject in-session renegotiation (CVE-2009-3555). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers This update provides a solution to these vulnerabilities. last seen 2020-06-01 modified 2020-06-02 plugin id 43042 published 2009-12-08 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/43042 title Mandriva Linux Security Advisory : apache (MDVSA-2009:323) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2009-1580.NASL description Updated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handle session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client last seen 2020-06-01 modified 2020-06-02 plugin id 67074 published 2013-06-29 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67074 title CentOS 4 : httpd (CESA-2009:1580) NASL family SuSE Local Security Checks NASL id SUSE_11_1_JAVA-1_6_0-OPENJDK-101103.NASL description Icedtea included in java-1_6_0-openjdk was updated to version 1.7.5/1.8.2/1.9.1 to fix several security issues : - S6914943, CVE-2009-3555: TLS: MITM attacks via session renegotiation - S6559775, CVE-2010-3568: OpenJDK Deserialization Race condition - S6891766, CVE-2010-3554: OpenJDK corba reflection vulnerabilities - S6925710, CVE-2010-3562: OpenJDK IndexColorModel double-free - S6938813, CVE-2010-3557: OpenJDK Swing mutable static - S6957564, CVE-2010-3548: OpenJDK DNS server IP address information leak - S6958060, CVE-2010-3564: OpenJDK kerberos vulnerability - S6963023, CVE-2010-3565: OpenJDK JPEG writeImage remote code execution - S6963489, CVE-2010-3566: OpenJDK ICC Profile remote code execution - S6966692, CVE-2010-3569: OpenJDK Serialization inconsistencies - S6622002, CVE-2010-3553: UIDefault.ProxyLazyValue has unsafe reflection usage - S6925672, CVE-2010-3561: Privileged ServerSocket.accept allows receiving connections from any host - S6952017, CVE-2010-3549: HttpURLConnection chunked encoding issue (Http request splitting) - S6952603, CVE-2010-3551: NetworkInterface reveals local network address to untrusted code - S6961084, CVE-2010-3541: limit setting of some request headers in HttpURLConnection - S6963285, CVE-2010-3567: Crash in ICU Opentype layout engine due to mismatch in character counts - S6980004, CVE-2010-3573: limit HTTP request cookie headers in HttpURLConnection - S6981426, CVE-2010-3574: limit use of TRACE method in HttpURLConnection last seen 2020-06-01 modified 2020-06-02 plugin id 53662 published 2011-05-05 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/53662 title openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2010:0957-1) NASL family Fedora Local Security Checks NASL id FEDORA_2009-12775.NASL description - Fri Dec 4 2009 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.7.64-1 - update to 0.7.64 - Thu Oct 29 2009 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.7.63-1 - update to 0.7.63 - Mon Sep 14 2009 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.7.62-1 - update to 0.7.62 - fixes CVE-2009-2629 - Sun Aug 2 2009 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.7.61-1 - update to new stable 0.7.61 - remove third-party module - Sat Apr 11 2009 Jeremy Hinegardner <jeremy at hinegardner dot org> 0.6.36-1 - update to 0.6.36 - Wed Feb 25 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.6.35-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild - Thu Feb 19 2009 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.6.35-2 - rebuild - Thu Feb 19 2009 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.6.35-1 - update to 0.6.35 - Sat Jan 17 2009 Tomas Mraz <tmraz at redhat.com> - 0.6.34-2 - rebuild with new openssl - Tue Dec 30 2008 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.6.34-1 - update to 0.6.34 - Thu Dec 4 2008 Michael Schwendt <mschwendt at fedoraproject.org> - 0.6.33-2 - Fix inclusion of /usr/share/nginx tree => no unowned directories. - Sun Nov 23 2008 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.6.33-1 - update to 0.6.33 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 43033 published 2009-12-08 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/43033 title Fedora 10 : nginx-0.7.64-1.fc10 (2009-12775) NASL family Solaris Local Security Checks NASL id SOLARIS10_128640-30.NASL description Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 9.2.4, 10.0.2, 10.3.5, 10.3.6 and 12.1.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. last seen 2020-06-01 modified 2020-06-02 plugin id 107469 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107469 title Solaris 10 (sparc) : 128640-30 NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2010-0166.NASL description Updated gnutls packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handled session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client last seen 2020-06-01 modified 2020-06-02 plugin id 45365 published 2010-03-29 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/45365 title CentOS 5 : gnutls (CESA-2010:0166) NASL family Solaris Local Security Checks NASL id SOLARIS8_125437.NASL description Oracle iPlanet Web Server 7.0.12 Solaris: Update Release patch. Date this patch was last updated by Sun : Aug/19/11 last seen 2020-06-01 modified 2020-06-02 plugin id 27010 published 2007-10-12 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27010 title Solaris 8 (sparc) : 125437-22 NASL family SuSE Local Security Checks NASL id SUSE_11_MOZILLA-XULRUNNER190-100407.NASL description Mozilla XULRunner was updated to version 1.9.0.19 fixing lots of bugs and security issues. The following security issues were fixed : - Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2010-16) References Martijn Wargers, Josh Soref, and Jesse Ruderman reported crashes in the browser engine that affected Firefox 3.5 and Firefox 3.6. (CVE-2010-0173) Jesse Ruderman and Ehsan Akhgari reported crashes that affected all supported versions of the browser engine. (CVE-2010-0174) - Security researcher regenrecht reported via TippingPoint last seen 2020-06-01 modified 2020-06-02 plugin id 52688 published 2011-03-17 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/52688 title SuSE 11 Security Update : Mozilla XULrunner (SAT Patch Number 2255) NASL family SuSE Local Security Checks NASL id SUSE_11_2_LIBFREEBL3-100406.NASL description Mozilla NSS was updated to version 3.12.6. This fixes all currently known issues in mozilla-nss, and also implements the new TLS/SSL renegotiation handling (CVE-2009-3555). last seen 2020-06-01 modified 2020-06-02 plugin id 45496 published 2010-04-13 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/45496 title openSUSE Security Update : libfreebl3 (openSUSE-SU-2010:0100-1) NASL family Fedora Local Security Checks NASL id FEDORA_2010-9487.NASL description Add implementation of the safe renegotiation extension to fix the CVE-2009-3555 security vulnerability. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 47537 published 2010-07-01 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/47537 title Fedora 12 : gnutls-2.8.6-2.fc12 (2010-9487) NASL family SuSE Local Security Checks NASL id SUSE_OPENSSL-6654.NASL description The TLS/SSLv3 protocol as implemented in openssl prior to this update was not able to associate data to a renegotiated connection. This allowed man-in-the-middle attackers to inject HTTP requests in a HTTPS session without being noticed. For example Apache last seen 2020-06-01 modified 2020-06-02 plugin id 42841 published 2009-11-18 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42841 title SuSE 10 Security Update : OpenSSL (ZYPP Patch Number 6654) NASL family Scientific Linux Local Security Checks NASL id SL_20100325_OPENSSL_ON_SL5_X.NASL description CVE-2009-3555 TLS: MITM attacks via session renegotiation CVE-2010-0433 openssl: crash caused by a missing krb5_sname_to_principal() return value check CVE-2009-3245 openssl: missing bn_wexpand return value checks It was discovered that OpenSSL did not always check the return value of the bn_wexpand() function. An attacker able to trigger a memory allocation failure in that function could cause an application using the OpenSSL library to crash or, possibly, execute arbitrary code. (CVE-2009-3245) A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handled session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client last seen 2020-06-01 modified 2020-06-02 plugin id 60759 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60759 title Scientific Linux Security Update : openssl on SL5.x i386/x86_64 NASL family Fedora Local Security Checks NASL id FEDORA_2010-3929.NASL description Update to NSS 3.12.6 The primary feature of NSS 3.12.6 is support for the TLS Renegotiation Indication Extension, RFC 5746. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 47331 published 2010-07-01 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47331 title Fedora 13 : nss-3.12.6-1.2.fc13 (2010-3929) NASL family Fedora Local Security Checks NASL id FEDORA_2010-5357.NASL description Update to upstream version 0.9.8n fixing multiple security issues: CVE-2009-3555, CVE-2009-3245, CVE-2009-4355, and CVE-2010-0433. Refer to upstream CHANGES file for the detailed list of changes since version 0.9.8k : - http://cvs.openssl.org/fileview?f=openssl/CHANGES&v=1.12 38.2.193 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 47385 published 2010-07-01 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47385 title Fedora 11 : openssl-0.9.8n-1.fc11 (2010-5357) NASL family Fedora Local Security Checks NASL id FEDORA_2010-16312.NASL description - Bug #533125 - CVE-2009-3555 TLS: MITM attacks via session renegotiation - Bug #642202 - CVE-2010-3541 CVE-2010-3573 OpenJDK HttpURLConnection allows arbitrary request headers (6961084,6980004) - Bug #639909 - CVE-2010-3548 OpenJDK DNS server IP address information leak (6957564) - Bug #642180 - CVE-2010-3549 OpenJDK HttpURLConnection request splitting (6952017) - Bug #642187 - CVE-2010-3551 OpenJDK local network address disclosure (6952603) - Bug #642167 - CVE-2010-3553 OpenJDK Swing unsafe reflection usage (6622002) - Bug #639880 - CVE-2010-3554 CVE-2010-3561 OpenJDK corba reflection vulnerabilities (6891766,6925672) - Bug #639904 - CVE-2010-3557 OpenJDK Swing mutable static (6938813) - Bug #639897 - CVE-2010-3562 OpenJDK IndexColorModel double-free (6925710) - Bug #639914 - CVE-2010-3564 OpenJDK kerberos vulnerability (6958060) - Bug #639920 - CVE-2010-3565 OpenJDK JPEG writeImage remote code execution (6963023) - Bug #642197 - CVE-2010-3567 OpenJDK ICU Opentype layout engine crash (6963285) - Bug #639876 - CVE-2010-3568 OpenJDK Deserialization Race condition (6559775) - Bug #639925 - CVE-2010-3569 OpenJDK Serialization inconsistencies (6966692) - Bug #642215 - CVE-2010-3574 OpenJDK HttpURLConnection incomplete TRACE permission check (6981426) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 50007 published 2010-10-18 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/50007 title Fedora 14 : java-1.6.0-openjdk-1.6.0.0-44.1.9.1.fc14 (2010-16312) NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_125438.NASL description Oracle iPlanet Web Server 7.0.12 Solaris_x86: Update Release patch. Date this patch was last updated by Sun : Aug/26/11 This plugin has been deprecated and either replaced with individual 125438 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 27000 published 2007-10-12 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=27000 title Solaris 10 (x86) : 125438-22 (deprecated) NASL family VMware ESX Local Security Checks NASL id VMWARE_VMSA-2010-0019_REMOTE.NASL description The remote VMware ESX host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party components and libraries : - bzip2 - Network Security Services (NSS) Library - OpenSSL - Samba last seen 2020-06-01 modified 2020-06-02 plugin id 89745 published 2016-03-08 reporter This script is Copyright (C) 2016-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/89745 title VMware ESX Multiple Vulnerabilities (VMSA-2010-0019) (remote check) NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0033_OPENSSL.NASL description The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has openssl packages installed that are affected by multiple vulnerabilities: - OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an error state mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. OpenSSL version 1.0.2b-1.0.2m are affected. Fixed in OpenSSL 1.0.2n. OpenSSL 1.1.0 is not affected. (CVE-2017-3737) - There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732 and CVE-2015-3193. OpenSSL version 1.0.2-1.0.2m and 1.1.0-1.1.0g are affected. Fixed in OpenSSL 1.0.2n. Due to the low severity of this issue we are not issuing a new release of OpenSSL 1.1.0 at this time. The fix will be included in OpenSSL 1.1.0h when it becomes available. The fix is also available in commit e502cc86d in the OpenSSL git repository. (CVE-2017-3738) - There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen. (CVE-2017-3736) - OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. (CVE-2006-2937) - OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) public exponent or (2) public modulus values in X.509 certificates that require extra time to process when using RSA signature verification. (CVE-2006-2940) - Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers. (CVE-2006-3738) - OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1. (CVE-2006-4339) - The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference. (CVE-2006-4343) - The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys. (CVE-2007-3108) - Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f allows remote attackers to execute arbitrary code via unspecified vectors. (CVE-2007-4995) - Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible. (CVE-2007-5135) - Double free vulnerability in OpenSSL 0.9.8f and 0.9.8g, when the TLS server name extensions are enabled, allows remote attackers to cause a denial of service (crash) via a malformed Client Hello packet. NOTE: some of these details are obtained from third party information. (CVE-2008-0891) - OpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a denial of service (crash) via a TLS handshake that omits the Server Key Exchange message and uses particular cipher suites, which triggers a NULL pointer dereference. (CVE-2008-1672) - The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of future epoch DTLS records that are buffered in a queue, aka DTLS record buffer limitation bug. (CVE-2009-1377) - Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka DTLS fragment handling memory leak. (CVE-2009-1378) - Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS packet, as demonstrated by a packet from a server that uses a crafted server certificate. (CVE-2009-1379) - The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post- renegotiation context, related to a plaintext injection attack, aka the Project Mogul issue. (CVE-2009-3555) - Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678. (CVE-2009-4355) - The Cryptographic Message Syntax (CMS) implementation in crypto/cms/cms_asn1.c in OpenSSL before 0.9.8o and 1.x before 1.0.0a does not properly handle structures that contain OriginatorInfo, which allows context-dependent attackers to modify invalid memory locations or conduct double-free attacks, and possibly execute arbitrary code, via unspecified vectors. (CVE-2010-0742) - RSA verification recovery in the EVP_PKEY_verify_recover function in OpenSSL 1.x before 1.0.0a, as used by pkeyutl and possibly other applications, returns uninitialized memory upon failure, which might allow context-dependent attackers to bypass intended key requirements or obtain sensitive information via unspecified vectors. NOTE: some of these details are obtained from third party information. (CVE-2010-1633) - Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi- threading and internal caching are enabled on a TLS server, might allow remote attackers to execute arbitrary code via client data that triggers a heap- based buffer overflow, related to (1) the TLS server name extension and (2) elliptic curve cryptography. (CVE-2010-3864) - OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier. (CVE-2010-4180) - ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows remote attackers to cause a denial of service (crash), and possibly obtain sensitive information in applications that use OpenSSL, via a malformed ClientHello handshake message that triggers an out-of-bounds memory access, aka OCSP stapling vulnerability. (CVE-2011-0014) - crypto/x509/x509_vfy.c in OpenSSL 1.0.x before 1.0.0e does not initialize certain structure members, which makes it easier for remote attackers to bypass CRL validation by using a nextUpdate value corresponding to a time in the past. (CVE-2011-3207) - OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, which allows remote attackers to cause a denial of service (crash) via unspecified vectors related to an out-of-bounds read. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4108. (CVE-2012-0050) - The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. (CVE-2012-2110) - The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Next Protocol Negotiation record in a TLS handshake. (CVE-2013-4353) - The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service (daemon crash) via crafted traffic from a TLS 1.2 client. (CVE-2013-6449) - The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context and cause a denial of service (application crash) by interfering with packet delivery, related to ssl/d1_both.c and ssl/t1_enc.c. (CVE-2013-6450) - An information disclosure flaw was found in the way OpenSSL handled TLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server could send a specially crafted TLS or DTLS Heartbeat packet to disclose a limited portion of memory per request from a connected client or server. Note that the disclosed portions of memory could potentially include sensitive information such as private keys. (CVE-2014-0160) - A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. This flaw allows a man-in-the-middle (MITM) attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. (CVE-2014-3566) - A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 127201 published 2019-08-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127201 title NewStart CGSL CORE 5.04 / MAIN 5.04 : openssl Multiple Vulnerabilities (NS-SA-2019-0033) NASL family Fedora Local Security Checks NASL id FEDORA_2009-12747.NASL description This update contains the latest stable release of Apache httpd. Three security fixes are included, along with several minor bug fixes. A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handle session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client last seen 2020-06-01 modified 2020-06-02 plugin id 47168 published 2010-07-01 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47168 title Fedora 11 : httpd-2.2.14-1.fc11 (2009-12747) NASL family SuSE Local Security Checks NASL id SUSE_11_3_COMPAT-OPENSSL097G-110721.NASL description This update adds openssl patches since 2007 for : - CVE-2008-5077 - CVE-2009-0590 - CVE-2009-0789 - CVE-2009-3555 - CVE-2010-4180 last seen 2020-06-01 modified 2020-06-02 plugin id 75453 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75453 title openSUSE Security Update : compat-openssl097g (openSUSE-SU-2011:0845-1) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2010-0768.NASL description Updated java-1.6.0-openjdk packages that fix several security issues and two bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. defaultReadObject of the Serialization API could be tricked into setting a volatile field multiple times, which could allow a remote attacker to execute arbitrary code with the privileges of the user running the applet or application. (CVE-2010-3569) Race condition in the way objects were deserialized could allow an untrusted applet or application to misuse the privileges of the user running the applet or application. (CVE-2010-3568) Miscalculation in the OpenType font rendering implementation caused out-of-bounds memory access, which could allow remote attackers to execute code with the privileges of the user running the java process. (CVE-2010-3567) JPEGImageWriter.writeImage in the imageio API improperly checked certain image metadata, which could allow a remote attacker to execute arbitrary code in the context of the user running the applet or application. (CVE-2010-3565) Double free in IndexColorModel could cause an untrusted applet or application to crash or, possibly, execute arbitrary code with the privileges of the user running the applet or application. (CVE-2010-3562) The privileged accept method of the ServerSocket class in the Common Object Request Broker Architecture (CORBA) implementation in OpenJDK allowed it to receive connections from any host, instead of just the host of the current connection. An attacker could use this flaw to bypass restrictions defined by network permissions. (CVE-2010-3561) Flaws in the Swing library could allow an untrusted application to modify the behavior and state of certain JDK classes. (CVE-2010-3557) Flaws in the CORBA implementation could allow an attacker to execute arbitrary code by misusing permissions granted to certain system objects. (CVE-2010-3554) UIDefault.ProxyLazyValue had unsafe reflection usage, allowing untrusted callers to create objects via ProxyLazyValue values. (CVE-2010-3553) HttpURLConnection improperly handled the last seen 2020-06-01 modified 2020-06-02 plugin id 49974 published 2010-10-14 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/49974 title RHEL 5 : java-1.6.0-openjdk (RHSA-2010:0768) NASL family SuSE Local Security Checks NASL id SUSE_COMPAT-OPENSSL097G-6656.NASL description The TLS/SSLv3 protocol as implemented in openssl prior to this update was not able to associate data to a renegotiated connection. This allowed man-in-the-middle attackers to inject HTTP requests in a HTTPS session without being noticed. For example Apache last seen 2020-06-01 modified 2020-06-02 plugin id 42840 published 2009-11-18 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42840 title SuSE 10 Security Update : OpenSSL (ZYPP Patch Number 6656) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2010-0338.NASL description The java-1.5.0-sun packages as shipped in Red Hat Enterprise Linux 4 Extras and 5 Supplementary contain security flaws and should not be used. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The Sun 1.5.0 Java release includes the Sun Java 5 Runtime Environment and the Sun Java 5 Software Development Kit. The java-1.5.0-sun packages are vulnerable to a number of security flaws and should no longer be used. (CVE-2009-3555, CVE-2010-0082, CVE-2010-0084, CVE-2010-0085, CVE-2010-0087, CVE-2010-0088, CVE-2010-0089, CVE-2010-0091, CVE-2010-0092, CVE-2010-0093, CVE-2010-0094, CVE-2010-0095, CVE-2010-0837, CVE-2010-0838, CVE-2010-0839, CVE-2010-0840, CVE-2010-0841, CVE-2010-0842, CVE-2010-0843, CVE-2010-0844, CVE-2010-0845, CVE-2010-0846, CVE-2010-0847, CVE-2010-0848, CVE-2010-0849) The Sun Java SE Release family 5.0 reached its End of Service Life on November 3, 2009. The RHSA-2009:1571 update provided the final publicly available update of version 5.0 (Update 22). Users interested in continuing to receive critical fixes for Sun Java SE 5.0 should contact Oracle : http://www.sun.com/software/javaforbusiness/index.jsp An alternative to Sun Java SE 5.0 is the Java 2 Technology Edition of the IBM Developer Kit for Linux, which is available from the Extras and Supplementary channels on the Red Hat Network. Applications capable of using the Java 6 runtime can be migrated to Java 6 on: OpenJDK (java-1.6.0-openjdk), an open source JDK included in Red Hat Enterprise Linux 5, since 5.3; the IBM JDK, java-1.6.0-ibm; or the Sun JDK, java-1.6.0-sun. This update removes the java-1.5.0-sun packages as they have reached their End of Service Life. last seen 2020-06-01 modified 2020-06-02 plugin id 46294 published 2010-05-11 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/46294 title RHEL 4 / 5 : java-1.5.0-sun (RHSA-2010:0338) NASL family SuSE Local Security Checks NASL id SUSE_11_3_GNUTLS-101206.NASL description This update fixes the safe renegotiation testing code which was missing in the previous update for CVE-2009-3555. last seen 2020-06-01 modified 2020-06-02 plugin id 75522 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75522 title openSUSE Security Update : gnutls (openSUSE-SU-2010:1025-2) NASL family SuSE Local Security Checks NASL id SUSE_11_JAVA-1_6_0-IBM-101220.NASL description IBM Java 6 SR9 was released which fixes a lot of security issues. IBM JDK Alerts can also be found on this page: http://www.ibm.com/developerworks/java/jdk/alerts/ last seen 2020-06-01 modified 2020-06-02 plugin id 51667 published 2011-01-25 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/51667 title SuSE 11.1 Security Update : IBM Java 6 (SAT Patch Number 3724) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2010-0770.NASL description Updated java-1.6.0-sun packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. This update fixes several vulnerabilities in the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. Further information about these flaws can be found on the last seen 2020-06-01 modified 2020-06-02 plugin id 49990 published 2010-10-15 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/49990 title RHEL 4 / 5 : java-1.6.0-sun (RHSA-2010:0770) NASL family Solaris Local Security Checks NASL id SOLARIS10_128640.NASL description Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 9.2.4, 10.0.2, 10.3.5, 10.3.6 and 12.1.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. This plugin has been deprecated and either replaced with individual 128640 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 35409 published 2009-01-19 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=35409 title Solaris 10 (sparc) : 128640-30 (deprecated) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201406-32.NASL description The remote host is affected by the vulnerability described in GLSA-201406-32 (IcedTea JDK: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in the IcedTea JDK. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, bypass intended security policies, or have other unspecified impact. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 76303 published 2014-06-30 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76303 title GLSA-201406-32 : IcedTea JDK: Multiple vulnerabilities (BEAST) (ROBOT) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201301-01.NASL description The remote host is affected by the vulnerability described in GLSA-201301-01 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, bypass restrictions and protection mechanisms, force file downloads, conduct XML injection attacks, conduct XSS attacks, bypass the Same Origin Policy, spoof URL’s for phishing attacks, trigger a vertical scroll, spoof the location bar, spoof an SSL indicator, modify the browser’s font, conduct clickjacking attacks, or have other unspecified impact. A local attacker could gain escalated privileges, obtain sensitive information, or replace an arbitrary downloaded file. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 63402 published 2013-01-08 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63402 title GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST) NASL family Windows NASL id MOZILLA_FIREFOX_362.NASL description The installed version of Firefox 3.6.x is earlier than 3.6.2. Such versions are potentially affected by multiple security issues : - The WOFF decoder contains an integer overflow in a font decompression routine. (MFSA 2010-08) - Deleted image frames are reused when handling last seen 2020-06-01 modified 2020-06-02 plugin id 45133 published 2010-03-23 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/45133 title Firefox 3.6.x < 3.6.2 Multiple Vulnerabilities NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2010-0164.NASL description From Red Hat Security Advisory 2010:0164 : Updated openssl097a packages that fix a security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handled session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client last seen 2020-06-01 modified 2020-06-02 plugin id 68018 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68018 title Oracle Linux 5 : openssl097a (ELSA-2010-0164) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-927-1.NASL description Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user last seen 2020-06-01 modified 2020-06-02 plugin id 45485 published 2010-04-12 reporter Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/45485 title Ubuntu 9.10 : nss vulnerability (USN-927-1) NASL family SuSE Local Security Checks NASL id SUSE_11_1_LIBFREEBL3-100407.NASL description Mozilla NSS was updated to version 3.12.6. This fixes all currently known issues in mozilla-nss, and also implements the new TLS/SSL renegotiation handling (CVE-2009-3555). last seen 2020-06-01 modified 2020-06-02 plugin id 45494 published 2010-04-13 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/45494 title openSUSE Security Update : libfreebl3 (openSUSE-SU-2010:0100-1) NASL family SuSE Local Security Checks NASL id SUSE_OPENSSL-6944.NASL description This update adds support for RFC5746 TLS renegotiations to address vulnerabilities tracked as (CVE-2009-3555). It also fixes a mishandling of OOM conditions in bn_wexpand. (CVE-2009-3245) last seen 2020-06-01 modified 2020-06-02 plugin id 49909 published 2010-10-11 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/49909 title SuSE 10 Security Update : OpenSSL (ZYPP Patch Number 6944) NASL family Fedora Local Security Checks NASL id FEDORA_2010-9518.NASL description Add implementation of the safe renegotiation extension to fix the CVE-2009-3555 security vulnerability. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 47539 published 2010-07-01 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47539 title Fedora 13 : gnutls-2.8.6-2.fc13 (2010-9518) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2010-0163.NASL description Updated openssl packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handled session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client last seen 2020-06-01 modified 2020-06-02 plugin id 45346 published 2010-03-26 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/45346 title CentOS 3 / 4 : openssl (CESA-2010:0163) NASL family Databases NASL id ORACLE_RDBMS_CPU_APR_2011.NASL description The remote Oracle database server is missing the April 2011 Critical Patch Update (CPU) and therefore is potentially affected by security issues in the following components : - Oracle Warehouse Builder (CVE-2011-0792, CVE-2011-0799) - Oracle Security Service (CVE-2009-3555) - Application Service Level Management (CVE-2011-0787) - Network Foundation (CVE-2011-0806) - Oracle Help (CVE-2011-0785) - UIX (CVE-2011-0805) - Database Vault (CVE-2011-0793, CVE-2011-0804) last seen 2020-06-02 modified 2011-05-13 plugin id 53897 published 2011-05-13 reporter This script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/53897 title Oracle Database Multiple Vulnerabilities (April 2011 CPU) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2009-1694.NASL description Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. The IBM 1.6.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. These vulnerabilities are summarized on the IBM last seen 2020-06-01 modified 2020-06-02 plugin id 43597 published 2009-12-27 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/43597 title RHEL 4 / 5 : java-1.6.0-ibm (RHSA-2009:1694) NASL family SuSE Local Security Checks NASL id SUSE_MOZILLA-XULRUNNER190-6971.NASL description Mozilla XULRunner was updated to version 1.9.0.19 fixing lots of bugs and security issues. The following security issues were fixed : - Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2010-16) References Martijn Wargers, Josh Soref, and Jesse Ruderman reported crashes in the browser engine that affected Firefox 3.5 and Firefox 3.6. (CVE-2010-0173) Jesse Ruderman and Ehsan Akhgari reported crashes that affected all supported versions of the browser engine. (CVE-2010-0174) - Security researcher regenrecht reported via TippingPoint last seen 2020-06-01 modified 2020-06-02 plugin id 49901 published 2010-10-11 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/49901 title SuSE 10 Security Update : Mozilla XULrunner (ZYPP Patch Number 6971) NASL family SuSE Local Security Checks NASL id SUSE_11_MOZILLA-XULRUNNER190-100406.NASL description Mozilla XULRunner was updated to version 1.9.0.19 fixing lots of bugs and security issues. The following security issues were fixed : - Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2010-16) References Martijn Wargers, Josh Soref, and Jesse Ruderman reported crashes in the browser engine that affected Firefox 3.5 and Firefox 3.6. (CVE-2010-0173) Jesse Ruderman and Ehsan Akhgari reported crashes that affected all supported versions of the browser engine. (CVE-2010-0174) - Security researcher regenrecht reported via TippingPoint last seen 2020-06-01 modified 2020-06-02 plugin id 50950 published 2010-12-02 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/50950 title SuSE 11 Security Update : Mozilla XULrunner (SAT Patch Number 2255) NASL family SuSE Local Security Checks NASL id SUSE_11_2_SEAMONKEY-100406.NASL description Mozilla SeaMonkey was updated to version 2.0.4 fixing lots of bugs and security issues. Following security issues were fixed: MFSA 2010-16: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. References Martijn Wargers, Josh Soref, and Jesse Ruderman reported crashes in the browser engine that affected Firefox 3.5 and Firefox 3.6. (CVE-2010-0173) Jesse Ruderman and Ehsan Akhgari reported crashes that affected all supported versions of the browser engine. (CVE-2010-0174) MFSA 2010-17 / CVE-2010-0175: Security researcher regenrecht reported via TippingPoint last seen 2020-06-01 modified 2020-06-02 plugin id 45497 published 2010-04-13 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/45497 title openSUSE Security Update : seamonkey (openSUSE-SU-2010:0102-1) NASL family Scientific Linux Local Security Checks NASL id SL_20100325_GNUTLS_ON_SL4_X.NASL description CVE-2009-3555 TLS: MITM attacks via session renegotiation CVE-2010-0731 gnutls: gnutls_x509_crt_get_serial incorrect serial decoding from ASN1 (BE64) [GNUTLS-SA-2010-1] A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handled session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client last seen 2020-06-01 modified 2020-06-02 plugin id 60752 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60752 title Scientific Linux Security Update : gnutls on SL4.x, SL5.x i386/x86_64 NASL family SuSE Local Security Checks NASL id SUSE_11_2_JAVA-1_6_0-SUN-100331.NASL description Sun Java 6 was updated to Update 19, fixing a large number of security issues. CVE-2009-3555 CVE-2010-0082 CVE-2010-0084 CVE-2010-0085 CVE-2010-0087 CVE-2010-0088 CVE-2010-0089 CVE-2010-0090 CVE-2010-0091 CVE-2010-0092 CVE-2010-0093 CVE-2010-0094 CVE-2010-0095 CVE-2010-0837 CVE-2010-0838 CVE-2010-0839 CVE-2010-0840 CVE-2010-0841 CVE-2010-0842 CVE-2010-0843 CVE-2010-0844 CVE-2010-0845 CVE-2010-0846 CVE-2010-0847 CVE-2010-0848 CVE-2010-0849 CVE-2010-0850 last seen 2020-06-01 modified 2020-06-02 plugin id 45465 published 2010-04-09 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/45465 title openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-2228) NASL family Fedora Local Security Checks NASL id FEDORA_2009-13236.NASL description This update addresses CVE-2009-3555 (SSL/TLS renegotiation vulnerability), mitigating the problem by refusing all client-initiated SSL/TLS session renegotiations. This update to the latest maintenance release also fixes a number of bugs recorded in the proftpd bug tracker: - SSL/TLS renegotiation vulnerability (CVE-2009-3555, bug 3324) - Failed database transaction can cause mod_quotatab to loop (bug 3228) - Segfault in mod_wrap (bug 3332) - <Directory> sections can have <Limit> problems (bug 3337) - mod_wrap2 segfaults when a valid user retries the USER command (bug 3341) - mod_auth_file handles last seen 2020-06-01 modified 2020-06-02 plugin id 43603 published 2009-12-28 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/43603 title Fedora 11 : proftpd-1.3.2c-1.fc11 (2009-13236) NASL family SuSE Local Security Checks NASL id SUSE_OPENSSL-6655.NASL description The TLS/SSLv3 protocol as implemented in openssl prior to this update was not able to associate data to a renegotiated connection. This allowed man-in-the-middle attackers to inject HTTP requests in a HTTPS session without being noticed. For example Apache last seen 2020-06-01 modified 2020-06-02 plugin id 49908 published 2010-10-11 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/49908 title SuSE 10 Security Update : OpenSSL (ZYPP Patch Number 6655) NASL family SuSE Local Security Checks NASL id SUSE_11_3_JAVA-1_6_0-OPENJDK-101103.NASL description Icedtea included in java-1_6_0-openjdk was updated to version 1.7.5/1.8.2/1.9.1 to fix several security issues : - S6914943, CVE-2009-3555: TLS: MITM attacks via session renegotiation - S6559775, CVE-2010-3568: OpenJDK Deserialization Race condition - S6891766, CVE-2010-3554: OpenJDK corba reflection vulnerabilities - S6925710, CVE-2010-3562: OpenJDK IndexColorModel double-free - S6938813, CVE-2010-3557: OpenJDK Swing mutable static - S6957564, CVE-2010-3548: OpenJDK DNS server IP address information leak - S6958060, CVE-2010-3564: OpenJDK kerberos vulnerability - S6963023, CVE-2010-3565: OpenJDK JPEG writeImage remote code execution - S6963489, CVE-2010-3566: OpenJDK ICC Profile remote code execution - S6966692, CVE-2010-3569: OpenJDK Serialization inconsistencies - S6622002, CVE-2010-3553: UIDefault.ProxyLazyValue has unsafe reflection usage - S6925672, CVE-2010-3561: Privileged ServerSocket.accept allows receiving connections from any host - S6952017, CVE-2010-3549: HttpURLConnection chunked encoding issue (Http request splitting) - S6952603, CVE-2010-3551: NetworkInterface reveals local network address to untrusted code - S6961084, CVE-2010-3541: limit setting of some request headers in HttpURLConnection - S6963285, CVE-2010-3567: Crash in ICU Opentype layout engine due to mismatch in character counts - S6980004, CVE-2010-3573: limit HTTP request cookie headers in HttpURLConnection - S6981426, CVE-2010-3574: limit use of TRACE method in HttpURLConnection last seen 2020-06-01 modified 2020-06-02 plugin id 75534 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75534 title openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2010:0957-1) NASL family VMware ESX Local Security Checks NASL id VMWARE_VMSA-2010-0015_REMOTE.NASL description The remote VMware ESX host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party components and libraries : - Berkeley DB NSS module - cURL / libcURL - GnuTLS - Network Security Services (NSS) Library - OpenLDAP - OpenSSL - OpenSSL Kerberos - sudo last seen 2020-06-01 modified 2020-06-02 plugin id 89742 published 2016-03-08 reporter This script is Copyright (C) 2016-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/89742 title VMware ESX Multiple Vulnerabilities (VMSA-2010-0015) (remote check) NASL family Web Servers NASL id APACHE_2_0_64.NASL description According to its banner, the version of Apache 2.0.x running on the remote host is prior to 2.0.64. It is, therefore, affected by the following vulnerabilities : - An unspecified error exists in the handling of requests without a path segment. (CVE-2010-1452) - Several modules, including last seen 2020-06-01 modified 2020-06-02 plugin id 50069 published 2010-10-20 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/50069 title Apache 2.0.x < 2.0.64 Multiple Vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_11_2_MOZILLAFIREFOX-100412.NASL description This patch updates Mozilla Firefox to the 3.5.9 release. It includes the following security fixes: MFSA 2010-16: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. References Martijn Wargers, Josh Soref, and Jesse Ruderman reported crashes in the browser engine that affected Firefox 3.5 and Firefox 3.6. (CVE-2010-0173) Jesse Ruderman and Ehsan Akhgari reported crashes that affected all supported versions of the browser engine. (CVE-2010-0174) MFSA 2010-17 / CVE-2010-0175: Security researcher regenrecht reported via TippingPoint last seen 2020-06-01 modified 2020-06-02 plugin id 45527 published 2010-04-14 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/45527 title openSUSE Security Update : MozillaFirefox (openSUSE-SU-2010:0102-3) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201203-22.NASL description The remote host is affected by the vulnerability described in GLSA-201203-22 (nginx: Multiple vulnerabilities) Multiple vulnerabilities have been found in nginx: The TLS protocol does not properly handle session renegotiation requests (CVE-2009-3555). The last seen 2020-06-01 modified 2020-06-02 plugin id 59614 published 2012-06-21 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/59614 title GLSA-201203-22 : nginx: Multiple vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE9_12623.NASL description This update of IBM Java 1.5.0 to SR11 FP2 to fixes the following security issues : - Various unspecified and undocumented vulnerabilities that allows remote attackers to affect confidentiality, integrity and availability via various unknown vectors. (CVE-2010-0084, CVE-2010-0085, CVE-2010-0087, CVE-2010-0088, CVE-2010-0089, CVE-2010-0091, CVE-2010-0092, CVE-2010-0095, CVE-2010-0837, CVE-2010-0839) - Unspecified vulnerability that allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is due to missing privilege checks during deserialization of RMIConnectionImpl objects, which allows remote attackers to call system-level Java functions via the class loader of a constructor that is being deserialized. (CVE-2010-0094) - Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a stack-based buffer overflow using an untrusted size value in the readMabCurveData function in the CMM module of the JVM. (CVE-2010-0838) - Unspecified vulnerability that allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to improper checks when executing privileged methods in the Java Runtime Environment (JRE), which allows attackers to execute arbitrary code via (1) an untrusted object that extends the trusted class but has not modified a certain method, or (2) last seen 2020-06-01 modified 2020-06-02 plugin id 47617 published 2010-07-07 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/47617 title SuSE9 Security Update : IBM Java 1.5.0 (YOU Patch Number 12623) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2009-320-01.NASL description New openssl packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0, and -current to fix a security issue. last seen 2020-06-01 modified 2020-06-02 plugin id 42826 published 2009-11-17 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42826 title Slackware 11.0 / 12.0 / 12.1 / 12.2 / 13.0 / current : openssl (SSA:2009-320-01) NASL family SuSE Local Security Checks NASL id SUSE_GNUTLS-7299.NASL description The SSL-renegotiation last seen 2020-06-01 modified 2020-06-02 plugin id 51748 published 2011-01-27 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/51748 title SuSE 10 Security Update : GnuTLS (ZYPP Patch Number 7299) NASL family MacOS X Local Security Checks NASL id MACOSX_JAVA_10_6_UPDATE2.NASL description The remote Mac OS X host is running a version of Java for Mac OS X 10.6 that is missing Update 2. The remote version of this software contains several security vulnerabilities, including some that may allow untrusted Java applets to obtain elevated privileges and lead to execution of arbitrary code with the privileges of the current user. last seen 2020-03-18 modified 2010-05-19 plugin id 46674 published 2010-05-19 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/46674 title Mac OS X : Java for Mac OS X 10.6 Update 2 NASL family SuSE Local Security Checks NASL id SUSE_11_2_JAVA-1_6_0-OPENJDK-100412.NASL description java-1_6_0-openjdk version 1.7.3 fixes serveral security issues : - CVE-2010-0837: JAR last seen 2020-06-01 modified 2020-06-02 plugin id 46191 published 2010-04-30 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/46191 title openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2010:0182-1) NASL family Fedora Local Security Checks NASL id FEDORA_2010-3956.NASL description Update to NSS 3.12.6 The primary feature of NSS 3.12.6 is support for the TLS Renegotiation Indication Extension, RFC 5746. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 47332 published 2010-07-01 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47332 title Fedora 12 : nss-3.12.6-1.2.fc12 (2010-3956) NASL family SuSE Local Security Checks NASL id SUSE_COMPAT-OPENSSL097G-6657.NASL description The TLS/SSLv3 protocol as implemented in openssl prior to this update was not able to associate data to a renegotiated connection. This allowed man-in-the-middle attackers to inject HTTP requests in a HTTPS session without being noticed. For example Apache last seen 2020-06-01 modified 2020-06-02 plugin id 49839 published 2010-10-11 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/49839 title SuSE 10 Security Update : OpenSSL (ZYPP Patch Number 6657) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2009-1579.NASL description From Red Hat Security Advisory 2009:1579 : Updated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handle session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client last seen 2020-06-01 modified 2020-06-02 plugin id 67958 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67958 title Oracle Linux 3 / 5 : httpd (ELSA-2009-1579) NASL family Windows NASL id OPERA_1050.NASL description The version of Opera installed on the remote host is earlier than 10.50. Such versions are potentially affected by multiple issues : - An error in the TLS protocol when handling session re-negotiations may allow man-in-the-middle attacks. (944) - Widget properties may be exposed to third-party domains in some cases, possibly resulting in the leak of widget information or configuration options for the widget. (959) last seen 2020-06-01 modified 2020-06-02 plugin id 44960 published 2010-03-02 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/44960 title Opera < 10.50 Multiple Vulnerabilities NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2010-084.NASL description Multiple Java OpenJDK security vulnerabilities has been identified and fixed : - TLS: MITM attacks via session renegotiation (CVE-2009-3555). - Loader-constraint table allows arrays instead of only the b ase-classes (CVE-2010-0082). - Policy/PolicyFile leak dynamic ProtectionDomains. (CVE-2010-0084). - File TOCTOU deserialization vulnerability (CVE-2010-0085). - Inflater/Deflater clone issues (CVE-2010-0088). - Unsigned applet can retrieve the dragged information before drop action occurs (CVE-2010-0091). - AtomicReferenceArray causes SIGSEGV -> SEGV_MAPERR error (CVE-2010-0092). - System.arraycopy unable to reference elements beyond Integer.MAX_VALUE bytes (CVE-2010-0093). - Deserialization of RMIConnectionImpl objects should enforce stricter checks (CVE-2010-0094). - Subclasses of InetAddress may incorrectly interpret network addresses (CVE-2010-0095). - JAR unpack200 must verify input parameters (CVE-2010-0837). - CMM readMabCurveData Buffer Overflow Vulnerability (CVE-2010-0838). - Applet Trusted Methods Chaining Privilege Escalation Vulnerability (CVE-2010-0840). - No ClassCastException for HashAttributeSet constructors if run with -Xcomp (CVE-2010-0845) - ImagingLib arbitrary code execution vulnerability (CVE-2010-0847). - AWT Library Invalid Index Vulnerability (CVE-2010-0848). Additional security issues that was fixed with IcedTea6 1.6.2 : - deprecate MD2 in SSL cert validation (CVE-2009-2409). - ICC_Profile file existence detection information leak (CVE-2009-3728). - JRE AWT setDifflCM stack overflow (CVE-2009-3869). - JRE AWT setBytePixels heap overflow (CVE-2009-3871). - JPEG Image Writer quantization problem (CVE-2009-3873). - ImageI/O JPEG heap overflow (CVE-2009-3874). - MessageDigest.isEqual introduces timing attack vulnerabilities (CVE-2009-3875). - OpenJDK ASN.1/DER input stream parser denial of service (CVE-2009-3876, CVE-2009-3877) - GraphicsConfiguration information leak (CVE-2009-3879). - UI logging information leakage (CVE-2009-3880). - resurrected classloaders can still have children (CVE-2009-3881). - Numerous static security flaws in Swing (findbugs) (CVE-2009-3882). - Mutable statics in Windows PL&F (findbugs) (CVE-2009-3883). - zoneinfo file existence information leak (CVE-2009-3884). - BMP parsing DoS with UNC ICC links (CVE-2009-3885). Additionally Paulo Cesar Pereira de Andrade (pcpa) at Mandriva found and fixed a bug in IcedTea6 1.8 that is also applied to the provided packages : - plugin/icedteanp/IcedTeaNPPlugin.cc (plugin_filter_environment): Increment malloc size by one to account for NULL terminator. Bug# 474. Packages for 2009.0 are provided due to the Extended Maintenance Program. last seen 2020-06-01 modified 2020-06-02 plugin id 46176 published 2010-04-29 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/46176 title Mandriva Linux Security Advisory : java-1.6.0-openjdk (MDVSA-2010:084) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2141.NASL description DSA-2141 consists of three individual parts, which can be viewed in the mailing list archive: DSA 2141-1 (openssl), DSA 2141-2 (nss), DSA 2141-3 (apache2), and DSA 2141-4 (lighttpd). This page only covers the first part, openssl. - CVE-2009-3555 Marsh Ray, Steve Dispensa, and Martin Rex discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user last seen 2020-03-17 modified 2011-01-10 plugin id 51440 published 2011-01-10 reporter This script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/51440 title Debian DSA-2141-1 : openssl - SSL/TLS insecure renegotiation protocol design flaw NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_128641.NASL description Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 9.2.4, 10.0.2, 10.3.5, 10.3.6 and 12.1.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. This plugin has been deprecated and either replaced with individual 128641 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 35415 published 2009-01-19 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=35415 title Solaris 10 (x86) : 128641-30 (deprecated) NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_125438-22.NASL description Oracle iPlanet Web Server 7.0.12 Solaris_x86: Update Release patch. Date this patch was last updated by Sun : Aug/26/11 last seen 2020-06-01 modified 2020-06-02 plugin id 107932 published 2018-03-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107932 title Solaris 10 (x86) : 125438-22 NASL family SuSE Local Security Checks NASL id SUSE_11_3_JAVA-1_6_0-SUN-101019.NASL description Sun Java 1.6.0 was updated to Security Update U22. The release notes for this release are on: http://www.oracle.com/technetwork/java/javase/6u22releasenotes-176121. html Security advisory page for this update: http://www.oracle.com/technetwork/topics/security/javacpuoct2010-17625 8.html Following CVEs are tracked by the update: CVE-2010-3556 CVE-2010-3562 CVE-2010-3565 CVE-2010-3566 CVE-2010-3567 CVE-2010-3571 CVE-2010-3554 CVE-2010-3563 CVE-2010-3568 CVE-2010-3569 CVE-2010-3558 CVE-2010-3552 CVE-2010-3559 CVE-2010-3572 CVE-2010-3553 CVE-2010-3555 CVE-2010-3550 CVE-2010-3570 CVE-2010-3561 CVE-2009-3555 CVE-2010-1321 CVE-2010-3549 CVE-2010-3557 CVE-2010-3541 CVE-2010-3573 CVE-2010-3574 CVE-2010-3548 CVE-2010-3551 CVE-2010-3560 last seen 2020-06-01 modified 2020-06-02 plugin id 75540 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75540 title openSUSE Security Update : java-1_6_0-sun (openSUSE-SU-2010:0754-1) NASL family Web Servers NASL id IIS_7_PCI.NASL description According to the HTTP server banner the remote server is IIS 7.0. The server may be vulnerable to a number of vulnerabilities including a couple of remote code execution vulnerabilities. last seen 2020-06-01 modified 2020-06-02 plugin id 108808 published 2018-04-03 reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108808 title Microsoft IIS 7.0 Vulnerabilities (uncredentialed) (PCI/DSS) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2010-0166.NASL description From Red Hat Security Advisory 2010:0166 : Updated gnutls packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handled session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client last seen 2020-06-01 modified 2020-06-02 plugin id 68020 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68020 title Oracle Linux 5 : gnutls (ELSA-2010-0166) NASL family Windows NASL id SEAMONKEY_204.NASL description The installed version of SeaMonkey is earlier than 2.0.4. Such versions are potentially affected by the following security issues : - Multiple crashes can result in arbitrary code execution. (MFSA 2010-16) - A select event handler for XUL tree items can be called after the item is deleted. (MFSA 2010-17) - An error exists in the way last seen 2020-06-01 modified 2020-06-02 plugin id 45395 published 2010-03-31 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/45395 title SeaMonkey < 2.0.4 Multiple Vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_11_0_COMPAT-OPENSSL097G-091113.NASL description The TLS/SSLv3 protocol as implemented in openssl prior to this update was not able to associate data to a renegotiated connection. This allowed man-in-the-middle attackers to inject HTTP requests in a HTTPS session without being noticed. For example Apache last seen 2020-06-01 modified 2020-06-02 plugin id 42837 published 2009-11-18 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42837 title openSUSE Security Update : compat-openssl097g (compat-openssl097g-1548) NASL family Fedora Local Security Checks NASL id FEDORA_2010-6025.NASL description Add latest security updates. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 47410 published 2010-07-01 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47410 title Fedora 12 : java-1.6.0-openjdk-1.6.0.0-37.b17.fc12 (2010-6025) NASL family General NASL id SSL_RENEGOTIATION.NASL description The remote service encrypts traffic using TLS / SSL but allows a client to insecurely renegotiate the connection after the initial handshake. An unauthenticated, remote attacker may be able to leverage this issue to inject an arbitrary amount of plaintext into the beginning of the application protocol stream, which could facilitate man-in-the-middle attacks if the service assumes that the sessions before and after renegotiation are from the same last seen 2019-10-28 modified 2009-11-24 plugin id 42880 published 2009-11-24 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42880 title SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2010-0164.NASL description Updated openssl097a packages that fix a security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handled session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client last seen 2020-06-01 modified 2020-06-02 plugin id 45363 published 2010-03-29 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/45363 title CentOS 5 : openssl097a (CESA-2010:0164) NASL family Windows NASL id MOZILLA_FIREFOX_359.NASL description The installed version of Firefox is earlier than 3.5.9. Such versions are potentially affected by the following security issues : - Multiple crashes can result in arbitrary code execution. (MFSA 2010-16) - A select event handler for XUL tree items can be called after the item is deleted. (MFSA 2010-17) - An error exists in the way last seen 2020-06-01 modified 2020-06-02 plugin id 45393 published 2010-03-31 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/45393 title Firefox < 3.5.9 Multiple Vulnerabilities NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-860-1.NASL description Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user last seen 2020-06-01 modified 2020-06-02 plugin id 42858 published 2009-11-19 reporter Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/42858 title Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : apache2 vulnerabilities (USN-860-1) NASL family Fedora Local Security Checks NASL id FEDORA_2009-12606.NASL description This update contains the latest stable release of Apache httpd. Three security fixes are included, along with several minor bug fixes. A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handle session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client last seen 2020-06-01 modified 2020-06-02 plugin id 43329 published 2009-12-18 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/43329 title Fedora 12 : httpd-2.2.14-1.fc12 (2009-12606) NASL family SuSE Local Security Checks NASL id SUSE_11_JAVA-1_4_2-IBM-101112.NASL description IBM Java 1.4.2 was updated to SR13 FP6 to fix various bugs and security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 51605 published 2011-01-21 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/51605 title SuSE 11.1 Security Update : IBM Java 1.4.2 (SAT Patch Number 3528)
Oval
accepted 2013-04-29T04:01:28.016-04:00 class vulnerability contributors name Aharon Chernin organization SCAP.com, LLC name Dragos Prisaca organization G2, Inc.
definition_extensions comment The operating system installed on the system is Red Hat Enterprise Linux 3 oval oval:org.mitre.oval:def:11782 comment CentOS Linux 3.x oval oval:org.mitre.oval:def:16651 comment The operating system installed on the system is Red Hat Enterprise Linux 4 oval oval:org.mitre.oval:def:11831 comment CentOS Linux 4.x oval oval:org.mitre.oval:def:16636 comment Oracle Linux 4.x oval oval:org.mitre.oval:def:15990 comment The operating system installed on the system is Red Hat Enterprise Linux 5 oval oval:org.mitre.oval:def:11414 comment The operating system installed on the system is CentOS Linux 5.x oval oval:org.mitre.oval:def:15802 comment Oracle Linux 5.x oval oval:org.mitre.oval:def:15459
description attack, aka the "Project Mogul" issue. family unix id oval:org.mitre.oval:def:10088 status accepted submitted 2010-07-09T03:56:16-04:00 title aka the "Project Mogul" issue. version 28 accepted 2010-09-13T04:00:12.331-04:00 class vulnerability contributors name Chandan M C organization Hewlett-Packard definition_extensions comment Solaris 10 (SPARC) is installed oval oval:org.mitre.oval:def:1440 comment Solaris 10 (SPARC) is installed oval oval:org.mitre.oval:def:1440 comment Solaris 10 (x86) is installed oval oval:org.mitre.oval:def:1926
description The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. family unix id oval:org.mitre.oval:def:11578 status accepted submitted 2010-08-04T16:24:18.000-05:00 title Security Vulnerability in the Transport Layer Security (TLS) and Secure Sockets Layer 3.0 (SSLv3) Protocols Involving Handshake Renegotiation Affects OpenSSL version 37 accepted 2011-01-10T04:00:05.606-05:00 class vulnerability contributors name Yamini Mohan R organization Hewlett-Packard definition_extensions comment IBM AIX 5.3 is installed oval oval:org.mitre.oval:def:5325 comment IBM AIX 5.3 is installed oval oval:org.mitre.oval:def:5325 comment IBM AIX 5.2 is installed oval oval:org.mitre.oval:def:5189
description The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. family unix id oval:org.mitre.oval:def:11617 status accepted submitted 2010-11-30T15:08:26.000-05:00 title AIX OpenSSL session renegotiation vulnerability version 45 accepted 2014-10-06T04:04:26.964-04:00 class vulnerability contributors name J. Daniel Brown organization DTCC name Dragos Prisaca organization Symantec Corporation name Sergey Artykhov organization ALTX-SOFT name Sergey Artykhov organization ALTX-SOFT name Shane Shaffer organization G2, Inc. name Maria Mikhno organization ALTX-SOFT name Richard Helbing organization baramundi software name Evgeniy Pavlov organization ALTX-SOFT name Evgeniy Pavlov organization ALTX-SOFT name Maria Mikhno organization ALTX-SOFT name Evgeniy Pavlov organization ALTX-SOFT name Evgeniy Pavlov organization ALTX-SOFT name Evgeniy Pavlov organization ALTX-SOFT name Evgeniy Pavlov organization ALTX-SOFT
definition_extensions comment Mozilla Firefox Mainline release is installed oval oval:org.mitre.oval:def:22259 comment Mozilla Seamonkey is installed oval oval:org.mitre.oval:def:6372 comment Mozilla Thunderbird Mainline release is installed oval oval:org.mitre.oval:def:22093 comment Microsoft Windows XP (32-bit) is installed oval oval:org.mitre.oval:def:1353 comment Microsoft Windows XP x64 is installed oval oval:org.mitre.oval:def:15247 comment Microsoft Windows Server 2003 (32-bit) is installed oval oval:org.mitre.oval:def:1870 comment Microsoft Windows Server 2003 (x64) is installed oval oval:org.mitre.oval:def:730 comment Microsoft Windows Server 2003 (ia64) Gold is installed oval oval:org.mitre.oval:def:396 comment Microsoft Windows Vista (32-bit) is installed oval oval:org.mitre.oval:def:1282 comment Microsoft Windows Vista x64 Edition is installed oval oval:org.mitre.oval:def:2041 comment Microsoft Windows Server 2008 (32-bit) is installed oval oval:org.mitre.oval:def:4870 comment Microsoft Windows Server 2008 (64-bit) is installed oval oval:org.mitre.oval:def:5356 comment Microsoft Windows Server 2008 (ia-64) is installed oval oval:org.mitre.oval:def:5667 comment Microsoft Windows Vista (32-bit) is installed oval oval:org.mitre.oval:def:1282 comment Microsoft Windows Vista x64 Edition is installed oval oval:org.mitre.oval:def:2041 comment Microsoft Windows Server 2008 (32-bit) is installed oval oval:org.mitre.oval:def:4870 comment Microsoft Windows Server 2008 (64-bit) is installed oval oval:org.mitre.oval:def:5356 comment Microsoft Windows Server 2008 (ia-64) is installed oval oval:org.mitre.oval:def:5667 comment Microsoft Windows 7 (32-bit) is installed oval oval:org.mitre.oval:def:6165 comment Microsoft Windows 7 x64 Edition is installed oval oval:org.mitre.oval:def:5950 comment Microsoft Windows Server 2008 R2 x64 Edition is installed oval oval:org.mitre.oval:def:6438 comment Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed oval oval:org.mitre.oval:def:5954
description The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. family windows id oval:org.mitre.oval:def:7315 status accepted submitted 2010-04-05T10:30:00.000-05:00 title TLS/SSL Renegotiation Vulnerability version 102 accepted 2014-01-20T04:01:35.276-05:00 class vulnerability contributors name Varun organization Hewlett-Packard name Chris Coffin organization The MITRE Corporation
definition_extensions comment VMware ESX Server 4.0 is installed oval oval:org.mitre.oval:def:6293 description The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. family unix id oval:org.mitre.oval:def:7478 status accepted submitted 2010-10-04T11:07:15.000-05:00 title VMware ESX, Service Console update for OpenSSL, GnuTLS, NSS and NSPR. version 7 accepted 2010-03-01T04:00:13.620-05:00 class vulnerability contributors name Pai Peng organization Hewlett-Packard definition_extensions comment Solaris 8 (SPARC) is installed oval oval:org.mitre.oval:def:1539 comment Solaris 9 (SPARC) is installed oval oval:org.mitre.oval:def:1457 comment Solaris 10 (SPARC) is installed oval oval:org.mitre.oval:def:1440 comment Solaris 9 (x86) is installed oval oval:org.mitre.oval:def:1683 comment Solaris 10 (x86) is installed oval oval:org.mitre.oval:def:1926
description The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. family unix id oval:org.mitre.oval:def:7973 status accepted submitted 2010-01-19T17:52:34.000-05:00 title Security Vulnerability in the Transport Layer Security (TLS) and Secure Sockets Layer 3.0 (SSLv3) Protocols Involving Handshake Renegotiation Affects Applications Utilizing Network Security Services (NSS) version 35 accepted 2015-04-20T04:02:38.278-04:00 class vulnerability contributors name Pai Peng organization Hewlett-Packard name Sushant Kumar Singh organization Hewlett-Packard name Sushant Kumar Singh organization Hewlett-Packard name Prashant Kumar organization Hewlett-Packard name Mike Cokus organization The MITRE Corporation
description The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. family unix id oval:org.mitre.oval:def:8366 status accepted submitted 2010-03-23T16:01:39.000-04:00 title HP-UX Running Apache, Remote Unauthorized Data Injection, Denial of Service (DoS) version 48 accepted 2015-04-20T04:02:39.904-04:00 class vulnerability contributors name Pai Peng organization Hewlett-Packard name Sushant Kumar Singh organization Hewlett-Packard name Sushant Kumar Singh organization Hewlett-Packard name Prashant Kumar organization Hewlett-Packard name Mike Cokus organization The MITRE Corporation
description The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. family unix id oval:org.mitre.oval:def:8535 status accepted submitted 2010-03-23T16:01:39.000-04:00 title HP-UX Running OpenSSL, Remote Unauthorized Data Injection, Denial of Service (DoS) version 48
Packetstorm
data source | https://packetstormsecurity.com/files/download/84112/tls-reneg.py.txt |
id | PACKETSTORM:84112 |
last seen | 2016-12-05 |
published | 2009-12-21 |
reporter | redteam-pentesting.de |
source | https://packetstormsecurity.com/files/84112/TLS-Renegotiation-Exploit.html |
title | TLS Renegotiation Exploit |
Redhat
advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
rpms |
|
Seebug
bulletinFamily exploit description No description provided by source. id SSV:18637 last seen 2017-11-19 modified 2009-12-21 published 2009-12-21 reporter Root source https://www.seebug.org/vuldb/ssvid-18637 title TLS Renegotiation Vulnerability PoC Exploit bulletinFamily exploit description No description provided by source. id SSV:67231 last seen 2017-11-19 modified 2014-07-01 published 2014-07-01 reporter Root source https://www.seebug.org/vuldb/ssvid-67231 title TLS Renegotiation Vulnerability PoC bulletinFamily exploit description No description provided by source. id SSV:12600 last seen 2017-11-19 modified 2009-11-10 published 2009-11-10 reporter Root source https://www.seebug.org/vuldb/ssvid-12600 title Cisco Security Advisory: Transport Layer Security Renegotiation Vulnerability bulletinFamily exploit description CVE ID: CVE-2009-3555 ProFTPD是一款开放源代码FTP服务程序。 ProFTPD的模块mod_tls存在OpenSSL的会话可重新协商选项的漏洞,导致攻击者可以在会话数据流中插入明文数据,操纵数据交互。 ProFTPD Project ProFTPD 1.3.x 厂商补丁: ProFTPD Project --------------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.proftpd.org/docs/RELEASE_NOTES-1.3.2c id SSV:15088 last seen 2017-11-19 modified 2009-12-15 published 2009-12-15 reporter Root title ProFTPD TLS会话重协商明文数据注入漏洞 bulletinFamily exploit description No description provided by source. id SSV:12673 last seen 2017-11-19 modified 2009-11-20 published 2009-11-20 reporter Root source https://www.seebug.org/vuldb/ssvid-12673 title apache2 vulnerabilities
Statements
contributor | Tomas Hoger |
lastmodified | 2009-11-20 |
organization | Red Hat |
statement | Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-3555 Additional information can be found in the Red Hat Knowledgebase article: http://kbase.redhat.com/faq/docs/DOC-20491 |
Vulner Lab
id | VULNERLAB:967 |
last seen | 2019-07-10 |
modified | 2014-01-29 |
published | 2014-01-29 |
reporter | Vulnerability Laboratory [Research Team] - Ateeq ur Rehman Khan [[email protected]] [www.vulnerability-lab.com] |
source | http://www.vulnerability-lab.com/get_content.php?id=967 |
title | Mozilla SeaMonkey - Filter Bypass & Persistent Vulnerability |
References
- http://www.tombom.co.uk/blog/?p=85
- http://www.ietf.org/mail-archive/web/tls/current/msg03948.html
- http://secunia.com/advisories/37292
- https://bugzilla.mozilla.org/show_bug.cgi?id=526689
- http://extendedsubset.com/?p=8
- http://www.ietf.org/mail-archive/web/tls/current/msg03928.html
- http://www.vupen.com/english/advisories/2009/3165
- http://marc.info/?l=cryptography&m=125752275331877&w=2
- http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_during
- http://www.vupen.com/english/advisories/2009/3164
- http://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2
- http://kbase.redhat.com/faq/docs/DOC-20491
- https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt
- http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00029.html
- http://www.securityfocus.com/bid/36935
- http://www.betanews.com/article/1257452450
- http://www.openwall.com/lists/oss-security/2009/11/06/3
- http://www.openwall.com/lists/oss-security/2009/11/05/3
- https://bugzilla.redhat.com/show_bug.cgi?id=533125
- http://www.links.org/?p=780
- http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html
- http://secunia.com/advisories/37291
- http://www.openwall.com/lists/oss-security/2009/11/05/5
- http://www.openwall.com/lists/oss-security/2009/11/07/3
- http://extendedsubset.com/Renegotiating_TLS.pdf
- http://www.cisco.com/en/US/products/products_security_advisory09186a0080b01d1d.shtml
- http://www.securitytracker.com/id?1023163
- http://www.kb.cert.org/vuls/id/120541
- http://www.links.org/?p=789
- http://seclists.org/fulldisclosure/2009/Nov/139
- http://blogs.iss.net/archive/sslmitmiscsrf.html
- http://www.links.org/?p=786
- http://www.vupen.com/english/advisories/2009/3220
- http://support.citrix.com/article/CTX123359
- http://secunia.com/advisories/37320
- http://www.vupen.com/english/advisories/2009/3205
- http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html
- http://securitytracker.com/id?1023148
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1
- http://www.debian.org/security/2009/dsa-1934
- http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.html
- http://sysoev.ru/nginx/patch.cve-2009-3555.txt
- http://www.openwall.com/lists/oss-security/2009/11/20/1
- http://www.openwall.com/lists/oss-security/2009/11/23/10
- http://wiki.rpath.com/Advisories:rPSA-2009-0155
- https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html
- http://www.securitytracker.com/id?1023272
- https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html
- http://www.securitytracker.com/id?1023271
- http://openbsd.org/errata45.html#010_openssl
- http://www.securitytracker.com/id?1023207
- http://secunia.com/advisories/37656
- http://www.securitytracker.com/id?1023211
- http://www.securitytracker.com/id?1023218
- http://www.vupen.com/english/advisories/2009/3353
- http://www.securitytracker.com/id?1023209
- http://www.securitytracker.com/id?1023273
- http://security.gentoo.org/glsa/glsa-200912-01.xml
- http://www.securitytracker.com/id?1023215
- http://www.ingate.com/Relnote.php?ver=481
- https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html
- http://secunia.com/advisories/37504
- http://www.securitytracker.com/id?1023208
- http://www.securitytracker.com/id?1023212
- http://www.securitytracker.com/id?1023243
- https://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html
- http://clicky.me/tlsvuln
- https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00634.html
- http://www.securitytracker.com/id?1023204
- http://secunia.com/advisories/37501
- http://www.securitytracker.com/id?1023217
- http://www.securitytracker.com/id?1023210
- http://www.securitytracker.com/id?1023274
- http://secunia.com/advisories/37675
- http://www.securitytracker.com/id?1023205
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686
- http://www.securitytracker.com/id?1023275
- http://www.securitytracker.com/id?1023216
- http://openbsd.org/errata46.html#004_openssl
- http://www.securitytracker.com/id?1023270
- http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html
- http://www.securitytracker.com/id?1023206
- http://osvdb.org/60521
- http://www.securitytracker.com/id?1023219
- http://www.vupen.com/english/advisories/2009/3354
- http://secunia.com/advisories/37604
- http://secunia.com/advisories/37859
- http://www.vupen.com/english/advisories/2009/3484
- http://www.vupen.com/english/advisories/2009/3587
- https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.html
- https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.html
- http://www-01.ibm.com/support/docview.wss?uid=swg24025312
- https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01029.html
- https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01020.html
- http://secunia.com/advisories/37640
- http://osvdb.org/60972
- http://www-1.ibm.com/support/search.wss?rs=0&q=PM00675&apar=only
- http://www.proftpd.org/docs/RELEASE_NOTES-1.3.2c
- http://www.vupen.com/english/advisories/2009/3521
- http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html
- http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html
- http://secunia.com/advisories/38056
- http://support.zeus.com/zws/media/docs/4.3/RELEASE_NOTES
- http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_released
- http://support.apple.com/kb/HT4004
- http://secunia.com/advisories/38241
- http://www.vupen.com/english/advisories/2010/0173
- http://secunia.com/advisories/38484
- http://osvdb.org/62210
- http://www.arubanetworks.com/support/alerts/aid-020810.txt
- http://www.vupen.com/english/advisories/2010/0086
- http://secunia.com/advisories/38003
- http://support.avaya.com/css/P8/documents/100070150
- http://www.securitytracker.com/id?1023428
- http://www.securitytracker.com/id?1023427
- http://www.securitytracker.com/id?1023411
- http://www.securitytracker.com/id?1023426
- http://www.redhat.com/support/errata/RHSA-2010-0119.html
- http://secunia.com/advisories/38687
- http://secunia.com/advisories/38020
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-273350-1
- http://www.redhat.com/support/errata/RHSA-2010-0167.html
- http://www.redhat.com/support/errata/RHSA-2010-0155.html
- http://www.vupen.com/english/advisories/2010/0748
- http://secunia.com/advisories/39243
- http://secunia.com/advisories/39136
- https://bugzilla.mozilla.org/show_bug.cgi?id=545755
- http://www.mozilla.org/security/announce/2010/mfsa2010-22.html
- http://secunia.com/advisories/39242
- http://www.redhat.com/support/errata/RHSA-2010-0338.html
- http://www.redhat.com/support/errata/RHSA-2010-0339.html
- http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html
- http://www.redhat.com/support/errata/RHSA-2010-0337.html
- http://secunia.com/advisories/39317
- http://ubuntu.com/usn/usn-923-1
- http://secunia.com/advisories/39292
- http://secunia.com/advisories/37453
- http://www.securitytracker.com/id?1023224
- http://secunia.com/advisories/37383
- http://secunia.com/advisories/37399
- http://www.vupen.com/english/advisories/2009/3310
- http://www.vupen.com/english/advisories/2009/3313
- http://www.securitytracker.com/id?1023214
- http://www.securitytracker.com/id?1023213
- http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.597446
- http://www.vupen.com/english/advisories/2010/0848
- http://secunia.com/advisories/38781
- http://secunia.com/advisories/39278
- http://www.redhat.com/support/errata/RHSA-2010-0130.html
- http://www.ubuntu.com/usn/USN-927-1
- http://secunia.com/advisories/39500
- http://www-01.ibm.com/support/docview.wss?uid=swg1IC67848
- http://www.vupen.com/english/advisories/2010/0982
- http://www-01.ibm.com/support/docview.wss?uid=swg21426108
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:076
- http://www.vupen.com/english/advisories/2010/0933
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:084
- http://secunia.com/advisories/39628
- http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247
- http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html
- http://secunia.com/advisories/39461
- http://www.vupen.com/english/advisories/2010/0916
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:089
- http://www.vupen.com/english/advisories/2010/1054
- http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039957.html
- http://support.avaya.com/css/P8/documents/100081611
- http://www.redhat.com/support/errata/RHSA-2010-0165.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040652.html
- http://secunia.com/advisories/39632
- http://secunia.com/advisories/39713
- http://www.vupen.com/english/advisories/2010/0994
- http://marc.info/?l=bugtraq&m=127419602507642&w=2
- http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
- http://www.vupen.com/english/advisories/2010/1107
- http://lists.apple.com/archives/security-announce/2010//May/msg00002.html
- http://secunia.com/advisories/39819
- http://lists.apple.com/archives/security-announce/2010//May/msg00001.html
- http://support.apple.com/kb/HT4170
- http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021752.1-1
- http://support.apple.com/kb/HT4171
- http://www.vupen.com/english/advisories/2010/1191
- http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html
- http://www.vupen.com/english/advisories/2010/1350
- http://secunia.com/advisories/40070
- http://osvdb.org/65202
- http://www.openoffice.org/security/cves/CVE-2009-3555.html
- http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
- http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021653.1-1
- http://secunia.com/advisories/39127
- http://www.vupen.com/english/advisories/2010/1639
- http://www.opera.com/support/search/view/944/
- http://www.ubuntu.com/usn/USN-927-5
- http://www.vupen.com/english/advisories/2010/1673
- http://www.opera.com/docs/changelogs/unix/1060/
- http://www.ubuntu.com/usn/USN-927-4
- http://www.vupen.com/english/advisories/2010/1793
- http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751
- http://secunia.com/advisories/40545
- http://secunia.com/advisories/40747
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02436041
- http://www.vupen.com/english/advisories/2010/2010
- http://secunia.com/advisories/40866
- http://www-01.ibm.com/support/docview.wss?uid=swg1IC68054
- http://www-01.ibm.com/support/docview.wss?uid=swg21432298
- http://www-01.ibm.com/support/docview.wss?uid=swg1IC68055
- http://www.us-cert.gov/cas/techalerts/TA10-222A.html
- http://secunia.com/advisories/41490
- http://secunia.com/advisories/41480
- http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995
- http://www.vupen.com/english/advisories/2010/2745
- http://support.avaya.com/css/P8/documents/100114315
- http://support.avaya.com/css/P8/documents/100114327
- http://www.redhat.com/support/errata/RHSA-2010-0770.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html
- http://www.us-cert.gov/cas/techalerts/TA10-287A.html
- http://www.ubuntu.com/usn/USN-1010-1
- http://www.redhat.com/support/errata/RHSA-2010-0786.html
- http://secunia.com/advisories/41972
- http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html
- http://www.redhat.com/support/errata/RHSA-2010-0807.html
- http://secunia.com/advisories/41967
- http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html
- http://www.redhat.com/support/errata/RHSA-2010-0865.html
- http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html
- http://www.redhat.com/support/errata/RHSA-2010-0768.html
- http://www.vupen.com/english/advisories/2010/3086
- http://www-01.ibm.com/support/docview.wss?uid=swg24006386
- http://secunia.com/advisories/42379
- http://secunia.com/advisories/42377
- http://www.securitytracker.com/id?1024789
- http://secunia.com/advisories/42467
- http://www.vupen.com/english/advisories/2010/3126
- http://www.vmware.com/security/advisories/VMSA-2010-0019.html
- http://www.vupen.com/english/advisories/2010/3069
- http://secunia.com/advisories/42811
- http://www.vupen.com/english/advisories/2011/0032
- http://www.debian.org/security/2011/dsa-2141
- http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html
- http://www.redhat.com/support/errata/RHSA-2010-0986.html
- http://www.redhat.com/support/errata/RHSA-2010-0987.html
- http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html
- http://secunia.com/advisories/42724
- http://secunia.com/advisories/42816
- http://secunia.com/advisories/42808
- http://secunia.com/advisories/42733
- https://kb.bluecoat.com/index?page=content&id=SA50
- http://www.vupen.com/english/advisories/2011/0033
- http://www.vupen.com/english/advisories/2011/0086
- http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
- http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html
- http://secunia.com/advisories/43308
- http://www.vmware.com/security/advisories/VMSA-2011-0003.html
- http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html
- http://secunia.com/advisories/44183
- http://www.redhat.com/support/errata/RHSA-2011-0880.html
- http://marc.info/?l=bugtraq&m=130497311408250&w=2
- http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html
- http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html
- http://marc.info/?l=bugtraq&m=132077688910227&w=2
- http://secunia.com/advisories/44954
- http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html
- http://www.securityfocus.com/archive/1/522176
- http://security.gentoo.org/glsa/glsa-201203-22.xml
- http://secunia.com/advisories/48577
- http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html
- http://archives.neohapsis.com/archives/bugtraq/2013-11/0120.html
- http://security.gentoo.org/glsa/glsa-201406-32.xml
- http://www.openssl.org/news/secadv_20091111.txt
- http://secunia.com/advisories/41818
- http://marc.info/?l=bugtraq&m=142660345230545&w=2
- http://www.debian.org/security/2015/dsa-3253
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888
- http://marc.info/?l=bugtraq&m=127128920008563&w=2
- http://marc.info/?l=bugtraq&m=134254866602253&w=2
- http://marc.info/?l=bugtraq&m=127557596201693&w=2
- http://marc.info/?l=bugtraq&m=126150535619567&w=2
- http://marc.info/?l=bugtraq&m=133469267822771&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/54158
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8535
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8366
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7973
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7478
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7315
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11617
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11578
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10088
- http://www.securityfocus.com/archive/1/516397/100/0/threaded
- http://www.securityfocus.com/archive/1/515055/100/0/threaded
- http://www.securityfocus.com/archive/1/508130/100/0/threaded
- http://www.securityfocus.com/archive/1/508075/100/0/threaded
- http://www.securityfocus.com/archive/1/507952/100/0/threaded
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-049
- https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E