Test ID:	1.3.6.1.4.1.25623.1.1.1.2.2016.400
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DLA-400-1)
Summary:	The remote host is missing an update for the Debian 'pound' package(s) announced via the DLA-400-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'pound' package(s) announced via the DLA-400-1 advisory. Vulnerability Insight: This update fixes certain known vulnerabilities in pound in squeeze-lts by backporting the version in wheezy. CVE-2009-3555 The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a plaintext injection attack, aka the Project Mogul issue. CVE-2011-3389 The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a BEAST attack. CVE-2012-4929 The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a CRIME attack. CVE-2014-3566 The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the POODLE issue. Affected Software/OS: 'pound' package(s) on Debian 6. Solution: Please install the updated package(s). CVSS Score: 5.8 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-3555 1021653 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021653.1-1 1021752 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021752.1-1 1023148 http://securitytracker.com/id?1023148 1023163 http://www.securitytracker.com/id?1023163 1023204 http://www.securitytracker.com/id?1023204 1023205 http://www.securitytracker.com/id?1023205 1023206 http://www.securitytracker.com/id?1023206 1023207 http://www.securitytracker.com/id?1023207 1023208 http://www.securitytracker.com/id?1023208 1023209 http://www.securitytracker.com/id?1023209 1023210 http://www.securitytracker.com/id?1023210 1023211 http://www.securitytracker.com/id?1023211 1023212 http://www.securitytracker.com/id?1023212 1023213 http://www.securitytracker.com/id?1023213 1023214 http://www.securitytracker.com/id?1023214 1023215 http://www.securitytracker.com/id?1023215 1023216 http://www.securitytracker.com/id?1023216 1023217 http://www.securitytracker.com/id?1023217 1023218 http://www.securitytracker.com/id?1023218 1023219 http://www.securitytracker.com/id?1023219 1023224 http://www.securitytracker.com/id?1023224 1023243 http://www.securitytracker.com/id?1023243 1023270 http://www.securitytracker.com/id?1023270 1023271 http://www.securitytracker.com/id?1023271 1023272 http://www.securitytracker.com/id?1023272 1023273 http://www.securitytracker.com/id?1023273 1023274 http://www.securitytracker.com/id?1023274 1023275 http://www.securitytracker.com/id?1023275 1023411 http://www.securitytracker.com/id?1023411 1023426 http://www.securitytracker.com/id?1023426 1023427 http://www.securitytracker.com/id?1023427 1023428 http://www.securitytracker.com/id?1023428 1024789 http://www.securitytracker.com/id?1024789 20091109 Transport Layer Security Renegotiation Vulnerability http://www.cisco.com/en/US/products/products_security_advisory09186a0080b01d1d.shtml 20091111 Re: SSL/TLS MiTM PoC http://seclists.org/fulldisclosure/2009/Nov/139 20091118 TLS / SSLv3 vulnerability explained (DRAFT) http://www.securityfocus.com/archive/1/507952/100/0/threaded 20091124 rPSA-2009-0155-1 httpd mod_ssl http://www.securityfocus.com/archive/1/508075/100/0/threaded 20091130 TLS / SSLv3 vulnerability explained (New ways to leverage the vulnerability) http://www.securityfocus.com/archive/1/508130/100/0/threaded 20101207 VMSA-2010-0019 VMware ESX third party updates for Service Console http://www.securityfocus.com/archive/1/515055/100/0/threaded 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX http://www.securityfocus.com/archive/1/516397/100/0/threaded 20131121 ESA-2013-077: RSA Data Protection Manager Appliance Multiple Vulnerabilities http://archives.neohapsis.com/archives/bugtraq/2013-11/0120.html 273029 http://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1 273350 http://sunsolve.sun.com/search/document.do?assetkey=1-26-273350-1 274990 http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1 36935 http://www.securityfocus.com/bid/36935 37291 http://secunia.com/advisories/37291 37292 http://secunia.com/advisories/37292 37320 http://secunia.com/advisories/37320 37383 http://secunia.com/advisories/37383 37399 http://secunia.com/advisories/37399 37453 http://secunia.com/advisories/37453 37501 http://secunia.com/advisories/37501 37504 http://secunia.com/advisories/37504 37604 http://secunia.com/advisories/37604 37640 http://secunia.com/advisories/37640 37656 http://secunia.com/advisories/37656 37675 http://secunia.com/advisories/37675 37859 http://secunia.com/advisories/37859 38003 http://secunia.com/advisories/38003 38020 http://secunia.com/advisories/38020 38056 http://secunia.com/advisories/38056 38241 http://secunia.com/advisories/38241 38484 http://secunia.com/advisories/38484 38687 http://secunia.com/advisories/38687 38781 http://secunia.com/advisories/38781 39127 http://secunia.com/advisories/39127 39136 http://secunia.com/advisories/39136 39242 http://secunia.com/advisories/39242 39243 http://secunia.com/advisories/39243 39278 http://secunia.com/advisories/39278 39292 http://secunia.com/advisories/39292 39317 http://secunia.com/advisories/39317 39461 http://secunia.com/advisories/39461 39500 http://secunia.com/advisories/39500 39628 http://secunia.com/advisories/39628 39632 http://secunia.com/advisories/39632 39713 http://secunia.com/advisories/39713 39819 http://secunia.com/advisories/39819 40070 http://secunia.com/advisories/40070 40545 http://secunia.com/advisories/40545 40747 http://secunia.com/advisories/40747 40866 http://secunia.com/advisories/40866 41480 http://secunia.com/advisories/41480 41490 http://secunia.com/advisories/41490 41818 http://secunia.com/advisories/41818 41967 http://secunia.com/advisories/41967 41972 http://secunia.com/advisories/41972 42377 http://secunia.com/advisories/42377 42379 http://secunia.com/advisories/42379 42467 http://secunia.com/advisories/42467 42724 http://secunia.com/advisories/42724 42733 http://secunia.com/advisories/42733 42808 http://secunia.com/advisories/42808 42811 http://secunia.com/advisories/42811 42816 http://secunia.com/advisories/42816 43308 http://secunia.com/advisories/43308 44183 http://secunia.com/advisories/44183 44954 http://secunia.com/advisories/44954 48577 http://secunia.com/advisories/48577 60521 http://osvdb.org/60521 60972 http://osvdb.org/60972 62210 http://osvdb.org/62210 65202 http://osvdb.org/65202 ADV-2009-3164 http://www.vupen.com/english/advisories/2009/3164 ADV-2009-3165 http://www.vupen.com/english/advisories/2009/3165 ADV-2009-3205 http://www.vupen.com/english/advisories/2009/3205 ADV-2009-3220 http://www.vupen.com/english/advisories/2009/3220 ADV-2009-3310 http://www.vupen.com/english/advisories/2009/3310 ADV-2009-3313 http://www.vupen.com/english/advisories/2009/3313 ADV-2009-3353 http://www.vupen.com/english/advisories/2009/3353 ADV-2009-3354 http://www.vupen.com/english/advisories/2009/3354 ADV-2009-3484 http://www.vupen.com/english/advisories/2009/3484 ADV-2009-3521 http://www.vupen.com/english/advisories/2009/3521 ADV-2009-3587 http://www.vupen.com/english/advisories/2009/3587 ADV-2010-0086 http://www.vupen.com/english/advisories/2010/0086 ADV-2010-0173 http://www.vupen.com/english/advisories/2010/0173 ADV-2010-0748 http://www.vupen.com/english/advisories/2010/0748 ADV-2010-0848 http://www.vupen.com/english/advisories/2010/0848 ADV-2010-0916 http://www.vupen.com/english/advisories/2010/0916 ADV-2010-0933 http://www.vupen.com/english/advisories/2010/0933 ADV-2010-0982 http://www.vupen.com/english/advisories/2010/0982 ADV-2010-0994 http://www.vupen.com/english/advisories/2010/0994 ADV-2010-1054 http://www.vupen.com/english/advisories/2010/1054 ADV-2010-1107 http://www.vupen.com/english/advisories/2010/1107 ADV-2010-1191 http://www.vupen.com/english/advisories/2010/1191 ADV-2010-1350 http://www.vupen.com/english/advisories/2010/1350 ADV-2010-1639 http://www.vupen.com/english/advisories/2010/1639 ADV-2010-1673 http://www.vupen.com/english/advisories/2010/1673 ADV-2010-1793 http://www.vupen.com/english/advisories/2010/1793 ADV-2010-2010 http://www.vupen.com/english/advisories/2010/2010 ADV-2010-2745 http://www.vupen.com/english/advisories/2010/2745 ADV-2010-3069 http://www.vupen.com/english/advisories/2010/3069 ADV-2010-3086 http://www.vupen.com/english/advisories/2010/3086 ADV-2010-3126 http://www.vupen.com/english/advisories/2010/3126 ADV-2011-0032 http://www.vupen.com/english/advisories/2011/0032 ADV-2011-0033 http://www.vupen.com/english/advisories/2011/0033 ADV-2011-0086 http://www.vupen.com/english/advisories/2011/0086 APPLE-SA-2010-01-19-1 http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html APPLE-SA-2010-05-18-1 http://lists.apple.com/archives/security-announce/2010//May/msg00001.html APPLE-SA-2010-05-18-2 http://lists.apple.com/archives/security-announce/2010//May/msg00002.html DSA-1934 http://www.debian.org/security/2009/dsa-1934 DSA-2141 http://www.debian.org/security/2011/dsa-2141 DSA-3253 http://www.debian.org/security/2015/dsa-3253 FEDORA-2009-12229 https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01029.html FEDORA-2009-12305 https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01020.html FEDORA-2009-12604 https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.html FEDORA-2009-12606 https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.html FEDORA-2009-12750 https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html FEDORA-2009-12775 https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html FEDORA-2009-12782 https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html FEDORA-2009-12968 https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00634.html FEDORA-2010-16240 http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html FEDORA-2010-16294 http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html FEDORA-2010-16312 http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html FEDORA-2010-5357 http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html FEDORA-2010-5942 http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039957.html FEDORA-2010-6131 http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040652.html GLSA-200912-01 http://security.gentoo.org/glsa/glsa-200912-01.xml GLSA-201203-22 http://security.gentoo.org/glsa/glsa-201203-22.xml GLSA-201406-32 http://security.gentoo.org/glsa/glsa-201406-32.xml HPSBGN02562 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02436041 HPSBHF02706 http://marc.info/?l=bugtraq&m=132077688910227&w=2 HPSBHF03293 http://marc.info/?l=bugtraq&m=142660345230545&w=2 HPSBMA02534 http://marc.info/?l=bugtraq&m=127419602507642&w=2 HPSBMA02547 http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 HPSBMA02568 http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995 HPSBMU02759 http://www.securityfocus.com/archive/1/522176 HPSBMU02799 http://marc.info/?l=bugtraq&m=134254866602253&w=2 HPSBOV02683 http://marc.info/?l=bugtraq&m=130497311408250&w=2 HPSBOV02762 http://marc.info/?l=bugtraq&m=133469267822771&w=2 HPSBUX02482 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686 HPSBUX02498 http://marc.info/?l=bugtraq&m=126150535619567&w=2 HPSBUX02517 http://marc.info/?l=bugtraq&m=127128920008563&w=2 HPSBUX02524 http://marc.info/?l=bugtraq&m=127557596201693&w=2 IC67848 http://www-01.ibm.com/support/docview.wss?uid=swg1IC67848 IC68054 http://www-01.ibm.com/support/docview.wss?uid=swg1IC68054 IC68055 http://www-01.ibm.com/support/docview.wss?uid=swg1IC68055 MDVSA-2010:076 http://www.mandriva.com/security/advisories?name=MDVSA-2010:076 MDVSA-2010:084 http://www.mandriva.com/security/advisories?name=MDVSA-2010:084 MDVSA-2010:089 http://www.mandriva.com/security/advisories?name=MDVSA-2010:089 MS10-049 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-049 PM00675 http://www-1.ibm.com/support/search.wss?rs=0&q=PM00675&apar=only PM12247 http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247 RHSA-2010:0119 http://www.redhat.com/support/errata/RHSA-2010-0119.html RHSA-2010:0130 http://www.redhat.com/support/errata/RHSA-2010-0130.html RHSA-2010:0155 http://www.redhat.com/support/errata/RHSA-2010-0155.html RHSA-2010:0165 http://www.redhat.com/support/errata/RHSA-2010-0165.html RHSA-2010:0167 http://www.redhat.com/support/errata/RHSA-2010-0167.html RHSA-2010:0337 http://www.redhat.com/support/errata/RHSA-2010-0337.html RHSA-2010:0338 http://www.redhat.com/support/errata/RHSA-2010-0338.html RHSA-2010:0339 http://www.redhat.com/support/errata/RHSA-2010-0339.html RHSA-2010:0768 http://www.redhat.com/support/errata/RHSA-2010-0768.html RHSA-2010:0770 http://www.redhat.com/support/errata/RHSA-2010-0770.html RHSA-2010:0786 http://www.redhat.com/support/errata/RHSA-2010-0786.html RHSA-2010:0807 http://www.redhat.com/support/errata/RHSA-2010-0807.html RHSA-2010:0865 http://www.redhat.com/support/errata/RHSA-2010-0865.html RHSA-2010:0986 http://www.redhat.com/support/errata/RHSA-2010-0986.html RHSA-2010:0987 http://www.redhat.com/support/errata/RHSA-2010-0987.html RHSA-2011:0880 http://www.redhat.com/support/errata/RHSA-2011-0880.html SSA:2009-320-01 http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.597446 SSRT090180 SSRT090208 SSRT090249 SSRT090264 SSRT100058 SSRT100089 SSRT100179 SSRT100219 SSRT100613 SSRT100817 SSRT100825 SSRT101846 SUSE-SA:2009:057 http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.html SUSE-SA:2010:061 http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html SUSE-SR:2010:008 http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html SUSE-SR:2010:011 http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html SUSE-SR:2010:012 http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html SUSE-SR:2010:013 http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html SUSE-SR:2010:019 http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html SUSE-SR:2010:024 http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html SUSE-SU-2011:0847 http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html TA10-222A http://www.us-cert.gov/cas/techalerts/TA10-222A.html TA10-287A http://www.us-cert.gov/cas/techalerts/TA10-287A.html USN-1010-1 http://www.ubuntu.com/usn/USN-1010-1 USN-923-1 http://ubuntu.com/usn/usn-923-1 USN-927-1 http://www.ubuntu.com/usn/USN-927-1 USN-927-4 http://www.ubuntu.com/usn/USN-927-4 USN-927-5 http://www.ubuntu.com/usn/USN-927-5 VU#120541 http://www.kb.cert.org/vuls/id/120541 [4.5] 010: SECURITY FIX: November 26, 2009 http://openbsd.org/errata45.html#010_openssl [4.6] 004: SECURITY FIX: November 26, 2009 http://openbsd.org/errata46.html#004_openssl [announce] 20091107 CVE-2009-3555 - apache/mod_ssl vulnerability and mitigation http://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2 [cryptography] 20091105 OpenSSL 0.9.8l released http://marc.info/?l=cryptography&m=125752275331877&w=2 [gnutls-devel] 20091105 Re: TLS renegotiation MITM http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00029.html [oss-security] 20091105 CVE-2009-3555 for TLS renegotiation MITM attacks http://www.openwall.com/lists/oss-security/2009/11/05/3 [oss-security] 20091105 Re: CVE-2009-3555 for TLS renegotiation MITM attacks http://www.openwall.com/lists/oss-security/2009/11/05/5 [oss-security] 20091107 Re: CVE-2009-3555 for TLS renegotiation MITM attacks http://www.openwall.com/lists/oss-security/2009/11/06/3 [oss-security] 20091107 Re: [TLS] CVE-2009-3555 for TLS renegotiation MITM attacks http://www.openwall.com/lists/oss-security/2009/11/07/3 [oss-security] 20091120 CVEs for nginx http://www.openwall.com/lists/oss-security/2009/11/20/1 [oss-security] 20091123 Re: CVEs for nginx http://www.openwall.com/lists/oss-security/2009/11/23/10 [tls] 20091104 MITM attack on delayed TLS-client auth through renegotiation http://www.ietf.org/mail-archive/web/tls/current/msg03928.html [tls] 20091104 TLS renegotiation issue http://www.ietf.org/mail-archive/web/tls/current/msg03948.html [tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/ https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E [tomcat-dev] 20190325 svn commit: r1856174 [26/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/ https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3Cdev.tomcat.apache.org%3E [tomcat-dev] 20200203 svn commit: r1873527 [26/30] - /tomcat/site/trunk/docs/ https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E [tomcat-dev] 20200213 svn commit: r1873980 [31/34] - /tomcat/site/trunk/docs/ https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3Cdev.tomcat.apache.org%3E http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html http://blogs.iss.net/archive/sslmitmiscsrf.html http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_during http://clicky.me/tlsvuln http://extendedsubset.com/?p=8 http://extendedsubset.com/Renegotiating_TLS.pdf http://kbase.redhat.com/faq/docs/DOC-20491 http://support.apple.com/kb/HT4004 http://support.apple.com/kb/HT4170 http://support.apple.com/kb/HT4171 http://support.avaya.com/css/P8/documents/100070150 http://support.avaya.com/css/P8/documents/100081611 http://support.avaya.com/css/P8/documents/100114315 http://support.avaya.com/css/P8/documents/100114327 http://support.citrix.com/article/CTX123359 http://support.zeus.com/zws/media/docs/4.3/RELEASE_NOTES http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_released http://sysoev.ru/nginx/patch.cve-2009-3555.txt http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html http://wiki.rpath.com/Advisories:rPSA-2009-0155 http://www-01.ibm.com/support/docview.wss?uid=swg21426108 http://www-01.ibm.com/support/docview.wss?uid=swg21432298 http://www-01.ibm.com/support/docview.wss?uid=swg24006386 http://www-01.ibm.com/support/docview.wss?uid=swg24025312 http://www.arubanetworks.com/support/alerts/aid-020810.txt http://www.betanews.com/article/1257452450 http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html http://www.ingate.com/Relnote.php?ver=481 http://www.links.org/?p=780 http://www.links.org/?p=786 http://www.links.org/?p=789 http://www.mozilla.org/security/announce/2010/mfsa2010-22.html http://www.openoffice.org/security/cves/CVE-2009-3555.html http://www.openssl.org/news/secadv_20091111.txt http://www.opera.com/docs/changelogs/unix/1060/ http://www.opera.com/support/search/view/944/ http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html http://www.proftpd.org/docs/RELEASE_NOTES-1.3.2c http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html http://www.tombom.co.uk/blog/?p=85 http://www.vmware.com/security/advisories/VMSA-2010-0019.html http://www.vmware.com/security/advisories/VMSA-2011-0003.html http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html https://bugzilla.mozilla.org/show_bug.cgi?id=526689 https://bugzilla.mozilla.org/show_bug.cgi?id=545755 https://bugzilla.redhat.com/show_bug.cgi?id=533125 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888 https://kb.bluecoat.com/index?page=content&id=SA50 https://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt openSUSE-SU-2011:0845 http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html oval:org.mitre.oval:def:10088 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10088 oval:org.mitre.oval:def:11578 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11578 oval:org.mitre.oval:def:11617 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11617 oval:org.mitre.oval:def:7315 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7315 oval:org.mitre.oval:def:7478 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7478 oval:org.mitre.oval:def:7973 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7973 oval:org.mitre.oval:def:8366 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8366 oval:org.mitre.oval:def:8535 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8535 tls-renegotiation-weak-security(54158) https://exchange.xforce.ibmcloud.com/vulnerabilities/54158 Common Vulnerability Exposure (CVE) ID: CVE-2011-3389 http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html http://lists.apple.com/archives/security-announce/2012/May/msg00001.html http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.html http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html BugTraq ID: 49388 http://www.securityfocus.com/bid/49388 BugTraq ID: 49778 http://www.securityfocus.com/bid/49778 Cert/CC Advisory: TA12-010A http://www.us-cert.gov/cas/techalerts/TA12-010A.html CERT/CC vulnerability note: VU#864643 http://www.kb.cert.org/vuls/id/864643 Debian Security Information: DSA-2398 (Google Search) http://www.debian.org/security/2012/dsa-2398 http://security.gentoo.org/glsa/glsa-201203-02.xml HPdes Security Advisory: HPSBMU02742 http://marc.info/?l=bugtraq&m=132872385320240&w=2 HPdes Security Advisory: HPSBMU02797 http://marc.info/?l=bugtraq&m=134254957702612&w=2 HPdes Security Advisory: HPSBMU02799 HPdes Security Advisory: HPSBMU02900 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862 HPdes Security Advisory: HPSBUX02730 http://marc.info/?l=bugtraq&m=132750579901589&w=2 HPdes Security Advisory: HPSBUX02760 http://marc.info/?l=bugtraq&m=133365109612558&w=2 HPdes Security Advisory: HPSBUX02777 http://marc.info/?l=bugtraq&m=133728004526190&w=2 HPdes Security Advisory: SSRT100710 HPdes Security Advisory: SSRT100740 HPdes Security Advisory: SSRT100805 HPdes Security Advisory: SSRT100854 HPdes Security Advisory: SSRT100867 http://www.mandriva.com/security/advisories?name=MDVSA-2012:058 http://ekoparty.org/2011/juliano-rizzo.php http://eprint.iacr.org/2004/111 http://eprint.iacr.org/2006/136 http://isc.sans.edu/diary/SSL+TLS+part+3+/11635 http://vnhacker.blogspot.com/2011/09/beast.html http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html http://www.insecure.cl/Beast-SSL.rar https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02 Microsoft Security Bulletin: MS12-006 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-006 http://osvdb.org/74829 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14752 http://www.redhat.com/support/errata/RHSA-2011-1384.html http://www.redhat.com/support/errata/RHSA-2012-0006.html RedHat Security Advisories: RHSA-2012:0508 http://rhn.redhat.com/errata/RHSA-2012-0508.html RedHat Security Advisories: RHSA-2013:1455 http://rhn.redhat.com/errata/RHSA-2013-1455.html http://www.securitytracker.com/id?1025997 http://www.securitytracker.com/id?1026103 http://www.securitytracker.com/id?1026704 http://www.securitytracker.com/id/1029190 http://secunia.com/advisories/45791 http://secunia.com/advisories/47998 http://secunia.com/advisories/48256 http://secunia.com/advisories/48692 http://secunia.com/advisories/48915 http://secunia.com/advisories/48948 http://secunia.com/advisories/49198 http://secunia.com/advisories/55322 http://secunia.com/advisories/55350 http://secunia.com/advisories/55351 SuSE Security Announcement: SUSE-SU-2012:0114 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html SuSE Security Announcement: SUSE-SU-2012:0122 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html SuSE Security Announcement: SUSE-SU-2012:0602 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html SuSE Security Announcement: openSUSE-SU-2012:0030 (Google Search) https://hermes.opensuse.org/messages/13154861 SuSE Security Announcement: openSUSE-SU-2012:0063 (Google Search) https://hermes.opensuse.org/messages/13155432 SuSE Security Announcement: openSUSE-SU-2020:0086 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html http://www.ubuntu.com/usn/USN-1263-1 Common Vulnerability Exposure (CVE) ID: CVE-2012-4929 http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html BugTraq ID: 55704 http://www.securityfocus.com/bid/55704 Debian Security Information: DSA-2579 (Google Search) http://www.debian.org/security/2012/dsa-2579 Debian Security Information: DSA-2627 (Google Search) http://www.debian.org/security/2013/dsa-2627 Debian Security Information: DSA-3253 (Google Search) http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101366.html HPdes Security Advisory: HPSBUX02866 http://marc.info/?l=bugtraq&m=136612293908376&w=2 HPdes Security Advisory: SSRT101139 http://jvn.jp/en/jp/JVN65273415/index.html http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000129.html http://arstechnica.com/security/2012/09/crime-hijacks-https-sessions/ http://isecpartners.com/blog/2012/9/14/details-on-the-crime-attack.html http://news.ycombinator.com/item?id=4510829 http://security.stackexchange.com/questions/19911/crime-how-to-beat-the-beast-successor http://threatpost.com/en_us/blogs/crime-attack-uses-compression-ratio-tls-requests-side-channel-hijack-secure-sessions-091312 http://threatpost.com/en_us/blogs/new-attack-uses-ssltls-information-leak-hijack-https-sessions-090512 http://www.ekoparty.org/2012/thai-duong.php http://www.iacr.org/cryptodb/data/paper.php?pubkey=3091 http://www.theregister.co.uk/2012/09/14/crime_tls_attack/ https://community.qualys.com/blogs/securitylabs/2012/09/14/crime-information-leakage-attack-against-ssltls https://gist.github.com/3696912 https://github.com/mpgn/CRIME-poc https://threatpost.com/en_us/blogs/demo-crime-tls-attack-091212 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18920 RedHat Security Advisories: RHSA-2013:0587 http://rhn.redhat.com/errata/RHSA-2013-0587.html SuSE Security Announcement: openSUSE-SU-2012:1420 (Google Search) http://lists.opensuse.org/opensuse-updates/2012-10/msg00096.html SuSE Security Announcement: openSUSE-SU-2013:0143 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-01/msg00034.html SuSE Security Announcement: openSUSE-SU-2013:0157 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-01/msg00048.html http://www.ubuntu.com/usn/USN-1627-1 http://www.ubuntu.com/usn/USN-1628-1 http://www.ubuntu.com/usn/USN-1898-1 Common Vulnerability Exposure (CVE) ID: CVE-2014-3566 1031029 http://www.securitytracker.com/id/1031029 1031039 http://www.securitytracker.com/id/1031039 1031085 http://www.securitytracker.com/id/1031085 1031086 http://www.securitytracker.com/id/1031086 1031087 http://www.securitytracker.com/id/1031087 1031088 http://www.securitytracker.com/id/1031088 1031089 http://www.securitytracker.com/id/1031089 1031090 http://www.securitytracker.com/id/1031090 1031091 http://www.securitytracker.com/id/1031091 1031092 http://www.securitytracker.com/id/1031092 1031093 http://www.securitytracker.com/id/1031093 1031094 http://www.securitytracker.com/id/1031094 1031095 http://www.securitytracker.com/id/1031095 1031096 http://www.securitytracker.com/id/1031096 1031105 http://www.securitytracker.com/id/1031105 1031106 http://www.securitytracker.com/id/1031106 1031107 http://www.securitytracker.com/id/1031107 1031120 http://www.securitytracker.com/id/1031120 1031123 http://www.securitytracker.com/id/1031123 1031124 http://www.securitytracker.com/id/1031124 1031130 http://www.securitytracker.com/id/1031130 1031131 http://www.securitytracker.com/id/1031131 1031132 http://www.securitytracker.com/id/1031132 20141014 SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle 59627 http://secunia.com/advisories/59627 60056 http://secunia.com/advisories/60056 60206 http://secunia.com/advisories/60206 60792 http://secunia.com/advisories/60792 60859 http://secunia.com/advisories/60859 61019 http://secunia.com/advisories/61019 61130 http://secunia.com/advisories/61130 61303 http://secunia.com/advisories/61303 61316 http://secunia.com/advisories/61316 61345 http://secunia.com/advisories/61345 61359 http://secunia.com/advisories/61359 61782 http://secunia.com/advisories/61782 61810 http://secunia.com/advisories/61810 61819 http://secunia.com/advisories/61819 61825 http://secunia.com/advisories/61825 61827 http://secunia.com/advisories/61827 61926 http://secunia.com/advisories/61926 61995 http://secunia.com/advisories/61995 70574 http://www.securityfocus.com/bid/70574 APPLE-SA-2014-10-16-1 http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html APPLE-SA-2014-10-16-3 http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html APPLE-SA-2014-10-16-4 http://www.securityfocus.com/archive/1/533724/100/0/threaded APPLE-SA-2014-10-20-1 http://www.securityfocus.com/archive/1/533747 APPLE-SA-2014-10-20-2 http://www.securityfocus.com/archive/1/533746 APPLE-SA-2015-01-27-4 http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html APPLE-SA-2015-09-16-2 http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html DSA-3053 http://www.debian.org/security/2014/dsa-3053 DSA-3144 http://www.debian.org/security/2015/dsa-3144 DSA-3147 http://www.debian.org/security/2015/dsa-3147 DSA-3489 http://www.debian.org/security/2016/dsa-3489 FEDORA-2014-12951 http://lists.fedoraproject.org/pipermail/package-announce/2014-November/142330.html FEDORA-2014-13012 http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141158.html FEDORA-2014-13069 http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141114.html FEDORA-2015-9090 http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169374.html FEDORA-2015-9110 http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169361.html GLSA-201507-14 https://security.gentoo.org/glsa/201507-14 GLSA-201606-11 https://security.gentoo.org/glsa/201606-11 HPSBGN03164 http://marc.info/?l=bugtraq&m=141577350823734&w=2 HPSBGN03191 http://marc.info/?l=bugtraq&m=141576815022399&w=2 HPSBGN03192 http://marc.info/?l=bugtraq&m=141620103726640&w=2 HPSBGN03201 http://marc.info/?l=bugtraq&m=141697638231025&w=2 HPSBGN03202 http://marc.info/?l=bugtraq&m=141703183219781&w=2 HPSBGN03203 http://marc.info/?l=bugtraq&m=141697676231104&w=2 HPSBGN03205 http://marc.info/?l=bugtraq&m=141775427104070&w=2 HPSBGN03208 http://marc.info/?l=bugtraq&m=141814011518700&w=2 HPSBGN03209 http://marc.info/?l=bugtraq&m=141715130023061&w=2 HPSBGN03222 http://marc.info/?l=bugtraq&m=141813976718456&w=2 HPSBGN03233 http://marc.info/?l=bugtraq&m=142118135300698&w=2 HPSBGN03237 http://marc.info/?l=bugtraq&m=142296755107581&w=2 HPSBGN03251 http://marc.info/?l=bugtraq&m=142354438527235&w=2 HPSBGN03252 http://marc.info/?l=bugtraq&m=142350743917559&w=2 HPSBGN03253 http://marc.info/?l=bugtraq&m=142350196615714&w=2 HPSBGN03254 http://marc.info/?l=bugtraq&m=142350298616097&w=2 HPSBGN03255 http://marc.info/?l=bugtraq&m=142357976805598&w=2 HPSBGN03305 http://marc.info/?l=bugtraq&m=142962817202793&w=2 HPSBGN03332 http://marc.info/?l=bugtraq&m=143290371927178&w=2 HPSBGN03391 http://marc.info/?l=bugtraq&m=144294141001552&w=2 HPSBGN03569 http://marc.info/?l=bugtraq&m=145983526810210&w=2 HPSBHF03156 http://marc.info/?l=bugtraq&m=141450973807288&w=2 HPSBHF03275 http://marc.info/?l=bugtraq&m=142721887231400&w=2 HPSBHF03300 http://marc.info/?l=bugtraq&m=142804214608580&w=2 HPSBMU03152 http://marc.info/?l=bugtraq&m=141450452204552&w=2 HPSBMU03183 http://marc.info/?l=bugtraq&m=141628688425177&w=2 HPSBMU03184 http://marc.info/?l=bugtraq&m=141577087123040&w=2 HPSBMU03214 http://marc.info/?l=bugtraq&m=141694355519663&w=2 HPSBMU03221 http://marc.info/?l=bugtraq&m=141879378918327&w=2 HPSBMU03223 http://marc.info/?l=bugtraq&m=143290583027876&w=2 HPSBMU03234 http://marc.info/?l=bugtraq&m=143628269912142&w=2 HPSBMU03241 http://marc.info/?l=bugtraq&m=143039249603103&w=2 HPSBMU03259 http://marc.info/?l=bugtraq&m=142624619906067&w=2 HPSBMU03260 http://marc.info/?l=bugtraq&m=142495837901899&w=2 HPSBMU03261 http://marc.info/?l=bugtraq&m=143290522027658&w=2 HPSBMU03262 http://marc.info/?l=bugtraq&m=142624719706349&w=2 HPSBMU03263 http://marc.info/?l=bugtraq&m=143290437727362&w=2 HPSBMU03267 http://marc.info/?l=bugtraq&m=142624590206005&w=2 HPSBMU03283 http://marc.info/?l=bugtraq&m=142624679706236&w=2 HPSBMU03294 http://marc.info/?l=bugtraq&m=142740155824959&w=2 HPSBMU03301 http://marc.info/?l=bugtraq&m=142721830231196&w=2 HPSBMU03304 http://marc.info/?l=bugtraq&m=142791032306609&w=2 HPSBMU03416 http://marc.info/?l=bugtraq&m=144101915224472&w=2 HPSBOV03227 http://marc.info/?l=bugtraq&m=142103967620673&w=2 HPSBPI03107 http://marc.info/?l=bugtraq&m=143558137709884&w=2 HPSBPI03360 http://marc.info/?l=bugtraq&m=143558192010071&w=2 HPSBST03195 http://marc.info/?l=bugtraq&m=142805027510172&w=2 HPSBST03265 http://marc.info/?l=bugtraq&m=142546741516006&w=2 HPSBST03418 http://marc.info/?l=bugtraq&m=144251162130364&w=2 HPSBUX03162 http://marc.info/?l=bugtraq&m=141477196830952&w=2 HPSBUX03194 http://marc.info/?l=bugtraq&m=143101048219218&w=2 HPSBUX03273 http://marc.info/?l=bugtraq&m=142496355704097&w=2 HPSBUX03281 http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581 MDVSA-2014:203 http://www.mandriva.com/security/advisories?name=MDVSA-2014:203 MDVSA-2015:062 http://www.mandriva.com/security/advisories?name=MDVSA-2015:062 NetBSD-SA2014-015 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc RHSA-2014:1652 http://rhn.redhat.com/errata/RHSA-2014-1652.html RHSA-2014:1653 http://rhn.redhat.com/errata/RHSA-2014-1653.html RHSA-2014:1692 http://rhn.redhat.com/errata/RHSA-2014-1692.html RHSA-2014:1876 http://rhn.redhat.com/errata/RHSA-2014-1876.html RHSA-2014:1877 http://rhn.redhat.com/errata/RHSA-2014-1877.html RHSA-2014:1880 http://rhn.redhat.com/errata/RHSA-2014-1880.html RHSA-2014:1881 http://rhn.redhat.com/errata/RHSA-2014-1881.html RHSA-2014:1882 http://rhn.redhat.com/errata/RHSA-2014-1882.html RHSA-2014:1920 http://rhn.redhat.com/errata/RHSA-2014-1920.html RHSA-2014:1948 http://rhn.redhat.com/errata/RHSA-2014-1948.html RHSA-2015:0068 http://rhn.redhat.com/errata/RHSA-2015-0068.html RHSA-2015:0079 http://rhn.redhat.com/errata/RHSA-2015-0079.html RHSA-2015:0080 http://rhn.redhat.com/errata/RHSA-2015-0080.html RHSA-2015:0085 http://rhn.redhat.com/errata/RHSA-2015-0085.html RHSA-2015:0086 http://rhn.redhat.com/errata/RHSA-2015-0086.html RHSA-2015:0264 http://rhn.redhat.com/errata/RHSA-2015-0264.html RHSA-2015:0698 http://rhn.redhat.com/errata/RHSA-2015-0698.html RHSA-2015:1545 http://rhn.redhat.com/errata/RHSA-2015-1545.html RHSA-2015:1546 http://rhn.redhat.com/errata/RHSA-2015-1546.html SSRT101739 SSRT101767 SSRT101779 SSRT101790 SSRT101795 SSRT101834 SSRT101838 SSRT101849 SSRT101854 SSRT101868 SSRT101892 SSRT101894 SSRT101896 SSRT101897 SSRT101898 SSRT101899 SSRT101916 SSRT101921 SSRT101922 http://marc.info/?l=bugtraq&m=142624619906067 SSRT101928 SSRT101951 SSRT101968 http://marc.info/?l=bugtraq&m=142607790919348&w=2 SSRT101998 SUSE-SU-2014:1357 http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html SUSE-SU-2014:1361 http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00003.html SUSE-SU-2014:1526 http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00021.html SUSE-SU-2014:1549 http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00002.html SUSE-SU-2015:0336 http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html SUSE-SU-2015:0344 http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html SUSE-SU-2015:0345 http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00027.html SUSE-SU-2015:0376 http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.html SUSE-SU-2015:0392 http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html SUSE-SU-2015:0503 http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00018.html SUSE-SU-2015:0578 http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html SUSE-SU-2016:1457 http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00066.html SUSE-SU-2016:1459 http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00000.html TA14-290A http://www.us-cert.gov/ncas/alerts/TA14-290A USN-2486-1 http://www.ubuntu.com/usn/USN-2486-1 USN-2487-1 http://www.ubuntu.com/usn/USN-2487-1 VU#577193 http://www.kb.cert.org/vuls/id/577193 [cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E [cxf-commits] 20200319 svn commit: r1058035 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E [cxf-commits] 20200401 svn commit: r1058573 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2020-1954.txt.asc security-advisories.html https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E [cxf-commits] 20201112 svn commit: r1067927 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2020-13954.txt.asc security-advisories.html https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E [cxf-commits] 20210402 svn commit: r1073270 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2021-22696.txt.asc security-advisories.html https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E [cxf-commits] 20210616 svn commit: r1075801 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2021-30468.txt.asc security-advisories.html https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E [openssl-dev] 20141014 Patch to mitigate CVE-2014-3566 ("POODLE") http://marc.info/?l=openssl-dev&m=141333049205629&w=2 http://advisories.mageia.org/MGASA-2014-0416.html http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc http://askubuntu.com/questions/537196/how-do-i-patch-workaround-sslv3-poodle-vulnerability-cve-2014-3566 http://blog.cryptographyengineering.com/2014/10/attack-of-week-poodle.html http://blog.nodejs.org/2014/10/23/node-v0-10-33-stable/ http://blogs.technet.com/b/msrc/archive/2014/10/14/security-advisory-3009008-released.aspx http://docs.ipswitch.com/MOVEit/DMZ82/ReleaseNotes/MOVEitReleaseNotes82.pdf http://downloads.asterisk.org/pub/security/AST-2014-011.html http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3566.html http://support.apple.com/HT204244 http://support.citrix.com/article/CTX200238 http://www-01.ibm.com/support/docview.wss?uid=isg3T1021431 http://www-01.ibm.com/support/docview.wss?uid=isg3T1021439 http://www-01.ibm.com/support/docview.wss?uid=swg21686997 http://www-01.ibm.com/support/docview.wss?uid=swg21687172 http://www-01.ibm.com/support/docview.wss?uid=swg21687611 http://www-01.ibm.com/support/docview.wss?uid=swg21688283 http://www-01.ibm.com/support/docview.wss?uid=swg21692299 http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html http://www.vmware.com/security/advisories/VMSA-2015-0003.html http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0 http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-405500.htm https://access.redhat.com/articles/1232123 https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/ https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6 https://bto.bluecoat.com/security-advisory/sa83 https://bugzilla.mozilla.org/show_bug.cgi?id=1076983 https://bugzilla.redhat.com/show_bug.cgi?id=1152789 https://devcentral.f5.com/articles/cve-2014-3566-removing-sslv3-from-big-ip https://github.com/mpgn/poodle-PoC https://groups.google.com/forum/#%21topic/docker-user/oYm0i3xShJU https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04819635 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068681 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946 https://kc.mcafee.com/corporate/index?page=content&id=SB10090 https://kc.mcafee.com/corporate/index?page=content&id=SB10091 https://kc.mcafee.com/corporate/index?page=content&id=SB10104 https://puppet.com/security/cve/poodle-sslv3-vulnerability https://security.netapp.com/advisory/ntap-20141015-0001/ https://support.apple.com/HT205217 https://support.apple.com/kb/HT6527 https://support.apple.com/kb/HT6529 https://support.apple.com/kb/HT6531 https://support.apple.com/kb/HT6535 https://support.apple.com/kb/HT6536 https://support.apple.com/kb/HT6541 https://support.apple.com/kb/HT6542 https://support.citrix.com/article/CTX216642 https://support.lenovo.com/product_security/poodle https://support.lenovo.com/us/en/product_security/poodle https://technet.microsoft.com/library/security/3009008.aspx https://www-01.ibm.com/support/docview.wss?uid=swg21688165 https://www.arista.com/en/support/advisories-notices/security-advisories/1015-security-advisory-7 https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html https://www.dfranke.us/posts/2014-10-14-how-poodle-happened.html https://www.elastic.co/blog/logstash-1-4-3-released https://www.imperialviolet.org/2014/10/14/poodle.html https://www.openssl.org/news/secadv_20141015.txt https://www.openssl.org/~bodo/ssl-poodle.pdf https://www.suse.com/support/kb/doc.php?id=7015773 openSUSE-SU-2014:1331 http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html openSUSE-SU-2015:0190 http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00001.html openSUSE-SU-2016:0640 http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
Copyright	Copyright (C) 2023 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.