{"containers": {"cna": {"affected": [{"product": "OpenSSL", "vendor": "OpenSSL", "versions": [{"status": "affected", "version": "Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q)"}]}], "credits": [{"lang": "en", "value": "Juraj Somorovsky, Robert Merget and Nimrod Aviram, with additional investigation by Steven Collison and Andrew Hourselt"}], "datePublic": "2019-02-26T00:00:00", "descriptions": [{"lang": "en", "value": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q)."}], "metrics": [{"other": {"content": {"lang": "eng", "url": "https://www.openssl.org/policies/secpolicy.html#Moderate", "value": "Moderate"}, "type": "unknown"}}], "problemTypes": [{"descriptions": [{"description": "Padding Oracle", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-01-20T14:42:01", "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "shortName": "openssl"}, "references": [{"name": "107174", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/107174"}, {"name": "GLSA-201903-10", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201903-10"}, {"name": "USN-3899-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3899-1/"}, {"name": "[debian-lts-announce] 20190301 [SECURITY] [DLA 1701-1] openssl security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html"}, {"name": "DSA-4400", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2019/dsa-4400"}, {"name": "openSUSE-SU-2019:1076", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html"}, {"name": "openSUSE-SU-2019:1105", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html"}, {"name": "openSUSE-SU-2019:1173", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html"}, {"name": "openSUSE-SU-2019:1175", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html"}, {"name": "openSUSE-SU-2019:1432", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html"}, {"name": "openSUSE-SU-2019:1637", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html"}, {"name": "RHSA-2019:2304", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:2304"}, {"name": "RHSA-2019:2439", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:2439"}, {"name": "RHSA-2019:2437", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:2437"}, {"name": "RHSA-2019:2471", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:2471"}, {"name": "FEDORA-2019-db06efdea1", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/"}, {"name": "FEDORA-2019-00c25b9379", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/"}, {"name": "FEDORA-2019-9a0a7c0986", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/"}, {"name": "RHSA-2019:3929", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:3929"}, {"name": "RHSA-2019:3931", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:3931"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpujan2020.html"}, {"name": "USN-4376-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4376-2/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpujan2021.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20190301-0001/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20190301-0002/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.openssl.org/news/secadv/20190226.txt"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.f5.com/csp/article/K18549143"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.tenable.com/security/tns-2019-02"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20190423-0002/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.tenable.com/security/tns-2019-03"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10282"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.f5.com/csp/article/K18549143?utm_source=f5support&amp%3Butm_medium=RSS"}], "title": "0-byte record padding oracle", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "openssl-security@openssl.org", "DATE_PUBLIC": "2019-02-26", "ID": "CVE-2019-1559", "STATE": "PUBLIC", "TITLE": "0-byte record padding oracle"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "OpenSSL", "version": {"version_data": [{"version_value": "Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q)"}]}}]}, "vendor_name": "OpenSSL"}]}}, "credit": [{"lang": "eng", "value": "Juraj Somorovsky, Robert Merget and Nimrod Aviram, with additional investigation by Steven Collison and Andrew Hourselt"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q)."}]}, "impact": [{"lang": "eng", "url": "https://www.openssl.org/policies/secpolicy.html#Moderate", "value": "Moderate"}], "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Padding Oracle"}]}]}, "references": {"reference_data": [{"name": "107174", "refsource": "BID", "url": "http://www.securityfocus.com/bid/107174"}, {"name": "GLSA-201903-10", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201903-10"}, {"name": "USN-3899-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3899-1/"}, {"name": "[debian-lts-announce] 20190301 [SECURITY] [DLA 1701-1] openssl security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html"}, {"name": "DSA-4400", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2019/dsa-4400"}, {"name": "openSUSE-SU-2019:1076", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html"}, {"name": "openSUSE-SU-2019:1105", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html"}, {"name": "openSUSE-SU-2019:1173", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html"}, {"name": "openSUSE-SU-2019:1175", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html"}, {"name": "openSUSE-SU-2019:1432", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html"}, {"name": "openSUSE-SU-2019:1637", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html"}, {"name": "RHSA-2019:2304", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2304"}, {"name": "RHSA-2019:2439", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2439"}, {"name": "RHSA-2019:2437", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2437"}, {"name": "RHSA-2019:2471", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2471"}, {"name": "FEDORA-2019-db06efdea1", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/"}, {"name": "FEDORA-2019-00c25b9379", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/"}, {"name": "FEDORA-2019-9a0a7c0986", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/"}, {"name": "RHSA-2019:3929", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3929"}, {"name": "RHSA-2019:3931", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3931"}, {"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "refsource": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"}, {"name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "refsource": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"}, {"name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "refsource": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"}, {"name": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujan2020.html"}, {"name": "USN-4376-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4376-2/"}, {"name": "https://www.oracle.com/security-alerts/cpujan2021.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujan2021.html"}, {"name": "https://security.netapp.com/advisory/ntap-20190301-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190301-0001/"}, {"name": "https://security.netapp.com/advisory/ntap-20190301-0002/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190301-0002/"}, {"name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e", "refsource": "CONFIRM", "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e"}, {"name": "https://www.openssl.org/news/secadv/20190226.txt", "refsource": "CONFIRM", "url": "https://www.openssl.org/news/secadv/20190226.txt"}, {"name": "https://support.f5.com/csp/article/K18549143", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K18549143"}, {"name": "https://www.tenable.com/security/tns-2019-02", "refsource": "CONFIRM", "url": "https://www.tenable.com/security/tns-2019-02"}, {"name": "https://security.netapp.com/advisory/ntap-20190423-0002/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190423-0002/"}, {"name": "https://www.tenable.com/security/tns-2019-03", "refsource": "CONFIRM", "url": "https://www.tenable.com/security/tns-2019-03"}, {"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10282", "refsource": "CONFIRM", "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10282"}, {"name": "https://support.f5.com/csp/article/K18549143?utm_source=f5support&utm_medium=RSS", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K18549143?utm_source=f5support&utm_medium=RSS"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T18:20:27.982Z"}, "title": "CVE Program Container", "references": [{"name": "107174", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/107174"}, {"name": "GLSA-201903-10", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201903-10"}, {"name": "USN-3899-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3899-1/"}, {"name": "[debian-lts-announce] 20190301 [SECURITY] [DLA 1701-1] openssl security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html"}, {"name": "DSA-4400", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2019/dsa-4400"}, {"name": "openSUSE-SU-2019:1076", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html"}, {"name": "openSUSE-SU-2019:1105", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html"}, {"name": "openSUSE-SU-2019:1173", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html"}, {"name": "openSUSE-SU-2019:1175", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html"}, {"name": "openSUSE-SU-2019:1432", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html"}, {"name": "openSUSE-SU-2019:1637", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html"}, {"name": "RHSA-2019:2304", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:2304"}, {"name": "RHSA-2019:2439", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:2439"}, {"name": "RHSA-2019:2437", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:2437"}, {"name": "RHSA-2019:2471", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:2471"}, {"name": "FEDORA-2019-db06efdea1", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/"}, {"name": "FEDORA-2019-00c25b9379", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/"}, {"name": "FEDORA-2019-9a0a7c0986", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/"}, {"name": "RHSA-2019:3929", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:3929"}, {"name": "RHSA-2019:3931", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:3931"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpujan2020.html"}, {"name": "USN-4376-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4376-2/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpujan2021.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20190301-0001/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20190301-0002/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.openssl.org/news/secadv/20190226.txt"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.f5.com/csp/article/K18549143"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.tenable.com/security/tns-2019-02"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20190423-0002/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.tenable.com/security/tns-2019-03"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10282"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.f5.com/csp/article/K18549143?utm_source=f5support&amp%3Butm_medium=RSS"}]}]}, "cveMetadata": {"assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "assignerShortName": "openssl", "cveId": "CVE-2019-1559", "datePublished": "2019-02-27T23:00:00Z", "dateReserved": "2018-11-28T00:00:00", "dateUpdated": "2024-09-17T04:20:35.057Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "matchCriteriaId": "1FB0EC34-4625-4B2A-8AB9-0764D9D9E6BC", "versionEndExcluding": "1.0.2r", "versionStartIncluding": "1.0.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62", "versionStartIncluding": "7.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB", "versionStartIncluding": "9.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:altavault:-:*:*:*:*:*:*:*", "matchCriteriaId": "4E878102-1EA0-4D83-9F36-955DCF902211", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*", "matchCriteriaId": "62347994-1353-497C-9C4A-D5D8D95F67E8", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:hyper_converged_infrastructure:-:*:*:*:*:*:*:*", "matchCriteriaId": "893C0367-DD1A-4754-B9E0-4944344108EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:*:*:*", "matchCriteriaId": "C18CA4B5-28FD-4199-B1F0-B1E59E920370", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:vsphere:*:*", "matchCriteriaId": "EB2FB857-5F1F-46E5-A90C-AFB990BF1660", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:oncommand_unified_manager_core_package:-:*:*:*:*:*:*:*", "matchCriteriaId": "0A4D418D-B526-46B9-B439-E1963BF88C0A", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:ontap_select_deploy:-:*:*:*:*:*:*:*", "matchCriteriaId": "7E968916-8CE0-4165-851F-14E37ECEA948", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*", "matchCriteriaId": "E7CF3019-975D-40BB-A8A4-894E62BD3797", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:*", "matchCriteriaId": "361B791A-D336-4431-8F68-8135BEFFAEA2", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:service_processor:-:*:*:*:*:*:*:*", "matchCriteriaId": "146A767F-DC04-454B-9913-17D3A2B5AAA4", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:smi-s_provider:-:*:*:*:*:*:*:*", "matchCriteriaId": "4BB0FDCF-3750-44C6-AC5C-0CC2AAD14093", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*", "matchCriteriaId": "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:unix:*:*", "matchCriteriaId": "61D7EF01-F618-497F-9375-8003CEA3D380", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:windows:*:*", "matchCriteriaId": "BEDE62C6-D571-4AF8-B85E-CBBCE4AF98B5", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:snapprotect:-:*:*:*:*:*:*:*", "matchCriteriaId": "F74F467A-0C81-40D9-BA06-40FB8EF02C04", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*", "matchCriteriaId": "7B7A6697-98CC-4E36-93DB-B7160F8399F9", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:storagegrid:*:*:*:*:*:*:*:*", "matchCriteriaId": "D239B58A-9386-443D-B579-B56AE2A500BC", "versionEndIncluding": "9.0.4", "versionStartIncluding": "9.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*", "matchCriteriaId": "8ADFF451-740F-4DBA-BD23-3881945D3E40", "vulnerable": true}, {"criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "6C3B5688-0235-4D4F-A26C-440FF24A1B43", "versionEndIncluding": "12.1.5", "versionStartIncluding": "12.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "706316DC-8C24-4D9E-B7B4-F62CB52106B8", "versionEndIncluding": "13.1.3", "versionStartIncluding": "13.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "FCBAF5C1-3761-47BB-AD8E-A55A64D33AF3", "versionEndIncluding": "14.1.2", "versionStartIncluding": "14.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "EFBB9E7C-08D1-4B30-AD3B-CADBF30D756B", "versionEndIncluding": "15.1.0", "versionStartIncluding": "15.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "151ED6D1-AA85-4213-8F3A-8167CBEC4721", "versionEndIncluding": "12.1.5", "versionStartIncluding": "12.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "BFA83D61-1A50-47F5-B9BE-15D672A6DDAD", "versionEndIncluding": "13.1.3", "versionStartIncluding": "13.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "925049D0-082E-4CED-9996-A55620A220CF", "versionEndIncluding": "14.1.2", "versionStartIncluding": "14.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "830028B5-9BAF-439C-8166-1053C0CB9836", "versionEndIncluding": "15.1.0", "versionStartIncluding": "15.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "5D5AA99B-08E7-4959-A3B4-41AA527B4B22", "versionEndIncluding": "12.1.5", "versionStartIncluding": "12.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "22C64069-68D1-445F-B20D-FD1FF8DB0F71", "versionEndIncluding": "13.1.3", "versionStartIncluding": "13.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "6D87C038-B96D-4EA8-AB03-0401B2C9BB24", "versionEndIncluding": "14.1.2", "versionStartIncluding": "14.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "01BC2A57-030F-4A13-B584-BE2627EA3FE7", "versionEndIncluding": "15.1.0", "versionStartIncluding": "15.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "9DC86A5F-C793-4848-901F-04BFB57A07F6", "versionEndIncluding": "12.1.5", "versionStartIncluding": "12.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "9CE03A8F-DAE1-4923-9741-DC89FA8A6FD8", "versionEndIncluding": "13.1.3", "versionStartIncluding": "13.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "037C035C-9CFC-4224-8264-6132252D11FD", "versionEndIncluding": "14.1.2", "versionStartIncluding": "14.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "FD91F1A1-67F5-4547-848B-21664A9CC685", "versionEndIncluding": "15.1.0", "versionStartIncluding": "15.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "2E5552A3-91CD-4B97-AD33-4F1FB4C8827A", "versionEndIncluding": "12.1.5", "versionStartIncluding": "12.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "A7E616EB-F2F9-43BF-A23D-8FD0650DA85B", "versionEndIncluding": "13.1.3", "versionStartIncluding": "13.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "AE66A673-75EF-4AB3-AD4D-A1E70C7EFB08", "versionEndIncluding": "14.1.2", "versionStartIncluding": "14.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "10367A28-787A-4FAB-80AD-ADD67A751732", "versionEndIncluding": "15.1.0", "versionStartIncluding": "15.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "55C2EC23-E78F-4447-BACF-21FC36ABF155", "versionEndIncluding": "12.1.5", "versionStartIncluding": "12.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "180D2770-61F3-4CFB-B5FA-1CF1796D4B3E", "versionEndIncluding": "13.1.3", "versionStartIncluding": "13.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "46712630-407A-4E61-B62F-3AB156353A1D", "versionEndIncluding": "14.1.2", "versionStartIncluding": "14.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "21E18EA5-2210-41B1-87B0-55AB16514FE2", "versionEndIncluding": "15.1.0", "versionStartIncluding": "15.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "EFFCCCFF-8B66-4C8B-A99A-32964855EF98", "versionEndIncluding": "12.1.5", "versionStartIncluding": "12.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "5D0BD10F-735D-4442-828B-0B90207ABEAD", "versionEndIncluding": "13.1.3", "versionStartIncluding": "13.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "448BB033-AE0F-46A0-8E98-3A6AE36EADAE", "versionEndIncluding": "14.1.2", "versionStartIncluding": "14.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "CC06609D-C362-4214-8487-2278161B5EAD", "versionEndIncluding": "15.1.0", "versionStartIncluding": "15.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "matchCriteriaId": "945A19E8-51EB-42FE-9BF1-12DAC78B5286", "versionEndIncluding": "12.1.5", "versionStartIncluding": "12.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "matchCriteriaId": "2008DD47-CC1D-430F-8478-E90617F5F998", "versionEndIncluding": "13.1.3", "versionStartIncluding": "13.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "matchCriteriaId": "DC39F6EE-478A-4638-B97D-3C25FD318F3D", "versionEndIncluding": "14.1.2", "versionStartIncluding": "14.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "matchCriteriaId": "317C50A2-FE92-4C78-A94A-062274E6A6A8", "versionEndIncluding": "15.1.0", "versionStartIncluding": "15.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "EB5007D0-BBDB-4D74-9C88-98FBA74757D1", "versionEndIncluding": "12.1.5", "versionStartIncluding": "12.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "389B6330-3041-4892-97D5-B5A6D9CE1487", "versionEndIncluding": "13.1.3", "versionStartIncluding": "13.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "5C556587-6963-49CF-8A2B-00431B386D78", "versionEndIncluding": "14.1.2", "versionStartIncluding": "14.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "D748001D-340C-45C4-A2D0-0575538C5CEC", "versionEndIncluding": "15.1.0", "versionStartIncluding": "15.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "B7725810-66D2-4460-A174-9F3BFAD966F2", "versionEndIncluding": "12.1.5", "versionStartIncluding": "12.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "D7854954-A9A4-487B-B6C7-8DC1F83F4BD7", "versionEndIncluding": "13.1.3", "versionStartIncluding": "13.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "572B1078-60C4-4A71-A0F4-2E2F4FBC4102", "versionEndIncluding": "14.1.2", "versionStartIncluding": "14.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "0371EB7C-3D41-4B8C-8FA9-DC6F42442448", "versionEndIncluding": "15.1.0", "versionStartIncluding": "15.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "EFD760FE-4347-4D36-B5C6-4009398060F2", "versionEndIncluding": "12.1.5", "versionStartIncluding": "12.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "FB7588DA-75D3-4374-8871-D92E95509C91", "versionEndIncluding": "13.1.3", "versionStartIncluding": "13.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "C95403E8-A078-47E8-9B2F-F572D24C79EF", "versionEndIncluding": "14.1.2", "versionStartIncluding": "14.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "9C1BC0A8-5868-4FCA-80A5-661C3870EB7D", "versionEndIncluding": "15.1.0", "versionStartIncluding": "15.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "65B76F53-7D8B-477E-8B6E-91AC0A9009FF", "versionEndIncluding": "12.1.5", "versionStartIncluding": "12.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "E824BD72-428F-4A8D-ABE6-2A45EB9A4E3A", "versionEndIncluding": "13.1.3", "versionStartIncluding": "13.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "57A92EE2-FFC9-45C9-9454-7DFAB1F7EE11", "versionEndIncluding": "14.1.2", "versionStartIncluding": "14.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "0585424E-3F74-400E-8199-ED964317F89F", "versionEndIncluding": "15.1.0", "versionStartIncluding": "15.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "matchCriteriaId": "69338CB1-B6E2-44E7-BEC1-6B9EAD560C8B", "versionEndIncluding": "12.1.5", "versionStartIncluding": "12.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "matchCriteriaId": "7A6CF6F4-D68A-45C3-A36E-A8B3AF61367F", "versionEndIncluding": "13.1.3", "versionStartIncluding": "13.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "matchCriteriaId": "F2ADF37B-FCEB-4735-82D9-4241E3A4DE64", "versionEndIncluding": "14.1.2", "versionStartIncluding": "14.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "matchCriteriaId": "D7722F39-9B7E-4267-B757-B9570B039323", "versionEndIncluding": "15.1.0", "versionStartIncluding": "15.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:*", "matchCriteriaId": "F37D18F2-8C6A-4557-85DC-2A751595423C", "versionEndIncluding": "6.1.0", "versionStartIncluding": "6.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:*", "matchCriteriaId": "C88B0206-093A-4A18-8322-A1CD1D4ACF2A", "versionEndIncluding": "7.1.0", "versionStartIncluding": "7.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "4E52F91D-3F39-4D89-8069-EC422FB1F700", "versionEndIncluding": "5.1.0", "versionStartIncluding": "5.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:traffix_signaling_delivery_controller:4.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "3D71A781-FBD8-4084-8D9C-00D7B6ECB9A1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*", "matchCriteriaId": "427DA624-2397-4A61-A2ED-23F5C22C174E", "versionEndIncluding": "8.2.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", "matchCriteriaId": "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:cn1610_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "EB30733E-68FC-49C4-86C0-7FEE75C366BF", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:cn1610:-:*:*:*:*:*:*:*", "matchCriteriaId": "6361DAC6-600F-4B15-8797-D67F298F46FB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:a320_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "6ADE5E80-06D3-4A1B-A655-FBB6CCA03939", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:a320:-:*:*:*:*:*:*:*", "matchCriteriaId": "E8FD5E05-3C58-465F-9D4F-ECC2CD78DCFF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:c190_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "75A43965-CB2E-4C28-AFC3-1ADE7A6B845C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:c190:-:*:*:*:*:*:*:*", "matchCriteriaId": "0D421A96-E6E9-4B27-ADE0-D8E87A82EEDE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:a220_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "4F2D2745-242C-4603-899E-70C9025BDDD2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:a220:-:*:*:*:*:*:*:*", "matchCriteriaId": "EFB4541D-5EF7-4266-BFF3-2DDEC95E8012", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:fas2720_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "B7FD1DA9-7980-4643-B378-7095892DA176", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:fas2720:-:*:*:*:*:*:*:*", "matchCriteriaId": "347E9E3E-941C-4109-B59F-B9BB05486B34", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:fas2750_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "AD661062-0D5B-4671-9D92-FEF8D7395C1E", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:fas2750:-:*:*:*:*:*:*:*", "matchCriteriaId": "8155BF5F-DD1B-4AB4-81F8-9BCE6A8821AE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:a800_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "B36CECA5-4545-49C2-92EB-B739407B207F", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:a800:-:*:*:*:*:*:*:*", "matchCriteriaId": "D8E7549A-DE35-4274-B3F6-22D51C7A6613", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mcafee:agent:*:*:*:*:*:*:*:*", "matchCriteriaId": "CBD9362E-F36F-4820-A29E-5BDDF6AC3ACE", "versionEndIncluding": "5.6.4", "versionStartIncluding": "5.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mcafee:data_exchange_layer:*:*:*:*:*:*:*:*", "matchCriteriaId": "02630E85-191E-4C58-B81B-4DAF93A26856", "versionEndExcluding": "6.0.0", "versionStartIncluding": "4.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "65D5476E-FBF9-474B-87E1-B6459E52736C", "versionEndExcluding": "3.0.0", "versionStartIncluding": "2.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "DDD5E877-978C-4A16-B6C5-41A30D020B54", "versionEndExcluding": "9.0.0", "versionStartIncluding": "7.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:jboss_enterprise_web_server:5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "E0F04157-FB34-4F22-B328-6BE1F2373DEE", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC", "vulnerable": false}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A", "vulnerable": false}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "6BBD7A51-0590-4DDF-8249-5AFA8D645CB6", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "BB28F9AF-3D06-4532-B397-96D7E4792503", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "A5553591-073B-45E3-999F-21B8BA2EEE22", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:business_intelligence:11.1.1.9.0:*:*:*:enterprise:*:*:*", "matchCriteriaId": "523CD57C-43D4-4C79-BA00-A9A65C6588E3", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*", "matchCriteriaId": "77C3DD16-1D81-40E1-B312-50FBD275507C", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*", "matchCriteriaId": "81DAC8C0-D342-44B5-9432-6B88D389584F", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "A9317C01-22AA-452B-BBBF-5FAFFFB8BEA4", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "C4534CF9-D9FD-4936-9D8C-077387028A05", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "D60384BD-284C-4A68-9EEF-0FAFDF0C21F3", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.3:*:*:*:*:*:*:*", "matchCriteriaId": "CDA8DD5B-8A34-4CB3-B0FB-F82C73B25007", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.4:*:*:*:*:*:*:*", "matchCriteriaId": "F6E5E8B0-EDE5-4FE4-880C-766FAE1EA42C", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_performance_intelligence_center:10.4.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "D8EDA23C-7F75-4712-AF3F-B0E3597810B3", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_session_border_controller:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "5D139E52-0528-4D05-8502-1AB9AB10CA9A", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_session_border_controller:8.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "1F59AE20-7B9D-47A5-9E0D-A73F4A0E7D34", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_session_border_controller:8.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "1D4AF039-F3B6-45EB-A87E-8BCCF822AE23", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_session_border_controller:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "2B9F6415-2950-49FE-9CAF-8BCA4DB6DF4B", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_session_border_controller:8.3:*:*:*:*:*:*:*", "matchCriteriaId": "C05190B9-237F-4E2E-91EA-DB1B738864AD", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_session_router:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D5D0F0C0-75EB-4685-A4CD-E58D1F2C6FDC", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_session_router:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "B59717B5-34D5-4C83-904A-884ED30DFC19", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_session_router:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "19BA6F25-B88A-42A1-A9E3-2DCF4E8F51A4", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_session_router:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "4E28B437-64A8-456C-98A1-4ADF5B6A2F60", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_session_router:8.3:*:*:*:*:*:*:*", "matchCriteriaId": "2D705705-0D0D-468B-A140-C9A1B7A6CE6F", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_unified_session_manager:7.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "07BB35D4-9CCD-43D3-B482-E0BEB3BF2351", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_unified_session_manager:8.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "FB468FEE-A0F4-49A0-BBEE-10D0733C87D4", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:endeca_server:7.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "DB290045-2140-47EE-9BB4-35BAE8F1599C", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "98F3E643-4B65-4668-BB11-C61ED54D5A53", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "459B4A5F-A6BD-4A1C-B6B7-C979F005EB70", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "CDCE0E90-495E-4437-8529-3C36441FB69D", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "37209C6F-EF99-4D21-9608-B3A06D283D24", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*", "matchCriteriaId": "41684398-18A4-4DC6-B8A2-3EBAA0CBF9A6", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jd_edwards_world_security:a9.3:*:*:*:*:*:*:*", "matchCriteriaId": "83800E2F-804C-485D-A8FA-F4B32CDB4548", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jd_edwards_world_security:a9.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "60BEB1C6-C279-4BB0-972C-BE28A6605C09", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:*:*:*:*:*:*:*", "matchCriteriaId": "0B1CAD50-749F-4ADB-A046-BF3585677A58", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*", "matchCriteriaId": "C637AC8A-F5F7-447E-A7F6-D6BA7AB45DF9", "versionEndIncluding": "5.6.43", "versionStartIncluding": "5.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*", "matchCriteriaId": "CA988288-7D0C-4ADE-BE61-484D2D555A8A", "versionEndIncluding": "5.7.25", "versionStartIncluding": "5.7.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*", "matchCriteriaId": "0E106D13-CBF8-4A2C-8E89-A66C6EF5D408", "versionEndIncluding": "8.0.15", "versionStartIncluding": "8.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*", "matchCriteriaId": "DFBC7A65-3C0B-4B17-B087-250E69EE5B12", "versionEndIncluding": "4.0.8", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*", "matchCriteriaId": "A443D73A-63BE-4D1F-B605-0F7D20915518", "versionEndIncluding": "8.0.14", "versionStartIncluding": "8.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*", "matchCriteriaId": "71CD99E7-3FE7-42E2-B480-7AA0E543340E", "versionEndIncluding": "8.0.16", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*", "matchCriteriaId": "45CB30A1-B2C9-4BF5-B510-1F2F18B60C64", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*", "matchCriteriaId": "D0A735B4-4F3C-416B-8C08-9CB21BAD2889", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*", "matchCriteriaId": "7E1E416B-920B-49A0-9523-382898C2979D", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:secure_global_desktop:5.4:*:*:*:*:*:*:*", "matchCriteriaId": "B5265C91-FF5C-4451-A7C2-D388A65ACFA2", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:services_tools_bundle:19.2:*:*:*:*:*:*:*", "matchCriteriaId": "62DAD71E-A6D5-4CA9-A016-100F2D5114A6", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "matchCriteriaId": "F457852F-D998-4BCF-99FE-09C6DFC8851A", "versionEndExcluding": "7.1.15", "versionStartIncluding": "7.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "matchCriteriaId": "ACA311D7-0ADC-497A-8A47-5AB864F201DE", "versionEndExcluding": "8.0.20", "versionStartIncluding": "8.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "matchCriteriaId": "0F57DBD8-DCA7-43FB-AC9E-6BDBB3EBE500", "versionEndExcluding": "8.1.8", "versionStartIncluding": "8.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "matchCriteriaId": "AD1987BB-8F42-48F0-8FE2-70ABD689F434", "versionEndExcluding": "9.0.2", "versionStartIncluding": "9.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "matchCriteriaId": "D107EC29-67E7-40C3-8E5A-324C9105C5E4", "versionEndIncluding": "6.8.1", "versionStartIncluding": "6.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "matchCriteriaId": "FD2FB20C-EC88-4CD3-BC6E-1E65FAFADC36", "versionEndExcluding": "6.17.0", "versionStartIncluding": "6.9.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "matchCriteriaId": "74FB695D-2C76-47AB-988E-5629D2E695E5", "versionEndIncluding": "8.8.1", "versionStartIncluding": "8.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "matchCriteriaId": "A94F4836-1873-43F4-916E-9D9B302A053A", "versionEndExcluding": "8.15.1", "versionStartIncluding": "8.9.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q)."}, {"lang": "es", "value": "Si una aplicaci\u00f3n encuentra un error de protocolo \"fatal\" y llama a SSL_shutdown() dos veces (una vez para enviar un close_notify y otra vez para recibir uno de \u00e9stos), posteriormente OpenSLL puede responder de manera diferente a la aplicaci\u00f3n llamante si un registro de 0 byte se recibe con un relleno inv\u00e1lido, comparado con si un registro de 0 bytes se recibe con un MAC inv\u00e1lido."}], "id": "CVE-2019-1559", "lastModified": "2024-11-21T04:36:48.960", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-02-27T23:29:00.277", "references": [{"source": "openssl-security@openssl.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html"}, {"source": "openssl-security@openssl.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html"}, {"source": "openssl-security@openssl.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html"}, {"source": "openssl-security@openssl.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html"}, {"source": "openssl-security@openssl.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html"}, {"source": "openssl-security@openssl.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html"}, {"source": "openssl-security@openssl.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/107174"}, {"source": "openssl-security@openssl.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:2304"}, {"source": "openssl-security@openssl.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:2437"}, {"source": "openssl-security@openssl.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:2439"}, {"source": "openssl-security@openssl.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:2471"}, {"source": "openssl-security@openssl.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:3929"}, {"source": "openssl-security@openssl.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:3931"}, {"source": "openssl-security@openssl.org", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e"}, {"source": "openssl-security@openssl.org", "tags": ["Third Party Advisory"], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10282"}, {"source": "openssl-security@openssl.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html"}, {"source": "openssl-security@openssl.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/"}, {"source": "openssl-security@openssl.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/"}, {"source": "openssl-security@openssl.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/"}, {"source": "openssl-security@openssl.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201903-10"}, {"source": "openssl-security@openssl.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20190301-0001/"}, {"source": "openssl-security@openssl.org", "tags": ["Broken Link", "Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20190301-0002/"}, {"source": "openssl-security@openssl.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20190423-0002/"}, {"source": "openssl-security@openssl.org", "tags": ["Third Party Advisory"], "url": "https://support.f5.com/csp/article/K18549143"}, {"source": "openssl-security@openssl.org", "url": "https://support.f5.com/csp/article/K18549143?utm_source=f5support&amp%3Butm_medium=RSS"}, {"source": "openssl-security@openssl.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3899-1/"}, {"source": "openssl-security@openssl.org", "tags": ["Broken Link"], "url": "https://usn.ubuntu.com/4376-2/"}, {"source": "openssl-security@openssl.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2019/dsa-4400"}, {"source": "openssl-security@openssl.org", "tags": ["Vendor Advisory"], "url": "https://www.openssl.org/news/secadv/20190226.txt"}, {"source": "openssl-security@openssl.org", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujan2020.html"}, {"source": "openssl-security@openssl.org", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujan2021.html"}, {"source": "openssl-security@openssl.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"}, {"source": "openssl-security@openssl.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"}, {"source": "openssl-security@openssl.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"}, {"source": "openssl-security@openssl.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.tenable.com/security/tns-2019-02"}, {"source": "openssl-security@openssl.org", "tags": ["Third Party Advisory"], "url": "https://www.tenable.com/security/tns-2019-03"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/107174"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:2304"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:2437"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:2439"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:2471"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:3929"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:3931"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10282"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201903-10"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20190301-0001/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20190301-0002/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20190423-0002/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://support.f5.com/csp/article/K18549143"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://support.f5.com/csp/article/K18549143?utm_source=f5support&amp%3Butm_medium=RSS"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3899-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "https://usn.ubuntu.com/4376-2/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2019/dsa-4400"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.openssl.org/news/secadv/20190226.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujan2020.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujan2021.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.tenable.com/security/tns-2019-02"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.tenable.com/security/tns-2019-03"}], "sourceIdentifier": "openssl-security@openssl.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-203"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHBA-2020:0547", "cpe": "cpe:/a:redhat:ansible_tower:3.4::el7", "package": "ansible-tower-34/ansible-tower-memcached:1.4.15-28", "product_name": "Red Hat Ansible Tower 3.4 for RHEL 7", "release_date": "2020-02-18T00:00:00Z"}, {"advisory": "RHBA-2020:0547", "cpe": "cpe:/a:redhat:ansible_tower:3.4::el7", "package": "ansible-tower-35/ansible-tower-memcached:1.4.15-28", "product_name": "Red Hat Ansible Tower 3.4 for RHEL 7", "release_date": "2020-02-18T00:00:00Z"}, {"advisory": "RHBA-2020:0547", "cpe": "cpe:/a:redhat:ansible_tower:3.4::el7", "package": "ansible-tower-37/ansible-tower-memcached-rhel7:1.4.15-28", "product_name": "Red Hat Ansible Tower 3.4 for RHEL 7", "release_date": "2020-02-18T00:00:00Z"}, {"advisory": "RHSA-2019:2471", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "openssl-0:1.0.1e-58.el6_10", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2019-08-13T00:00:00Z"}, {"advisory": "RHSA-2019:2304", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "openssl-1:1.0.2k-19.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2019-08-06T00:00:00Z"}, {"advisory": "RHSA-2019:3931", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.2", "package": "openssl", "product_name": "Red Hat JBoss Web Server 5", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3929", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.2::el6", "package": "jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws", "product_name": "Red Hat JBoss Web Server 5.2 on RHEL 6", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3929", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.2::el6", "package": "jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws", "product_name": "Red Hat JBoss Web Server 5.2 on RHEL 6", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3929", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.2::el6", "package": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws", "product_name": "Red Hat JBoss Web Server 5.2 on RHEL 6", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3929", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.2::el6", "package": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws", "product_name": "Red Hat JBoss Web Server 5.2 on RHEL 6", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3929", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.2::el6", "package": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws", "product_name": "Red Hat JBoss Web Server 5.2 on RHEL 6", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3929", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.2::el6", "package": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws", "product_name": "Red Hat JBoss Web Server 5.2 on RHEL 6", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3929", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.2::el6", "package": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws", "product_name": "Red Hat JBoss Web Server 5.2 on RHEL 6", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3929", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.2::el7", "package": "jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws", "product_name": "Red Hat JBoss Web Server 5.2 on RHEL 7", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3929", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.2::el7", "package": "jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws", "product_name": "Red Hat JBoss Web Server 5.2 on RHEL 7", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3929", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.2::el7", "package": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws", "product_name": "Red Hat JBoss Web Server 5.2 on RHEL 7", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3929", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.2::el7", "package": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws", "product_name": "Red Hat JBoss Web Server 5.2 on RHEL 7", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3929", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.2::el7", "package": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws", "product_name": "Red Hat JBoss Web Server 5.2 on RHEL 7", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3929", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.2::el7", "package": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws", "product_name": "Red Hat JBoss Web Server 5.2 on RHEL 7", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3929", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.2::el7", "package": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws", "product_name": "Red Hat JBoss Web Server 5.2 on RHEL 7", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3929", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.2::el8", "package": "jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws", "product_name": "Red Hat JBoss Web Server 5.2 on RHEL 8", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3929", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.2::el8", "package": "jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws", "product_name": "Red Hat JBoss Web Server 5.2 on RHEL 8", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3929", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.2::el8", "package": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws", "product_name": "Red Hat JBoss Web Server 5.2 on RHEL 8", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3929", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.2::el8", "package": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws", "product_name": "Red Hat JBoss Web Server 5.2 on RHEL 8", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3929", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.2::el8", "package": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws", "product_name": "Red Hat JBoss Web Server 5.2 on RHEL 8", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3929", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.2::el8", "package": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws", "product_name": "Red Hat JBoss Web Server 5.2 on RHEL 8", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3929", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.2::el8", "package": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws", "product_name": "Red Hat JBoss Web Server 5.2 on RHEL 8", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:2437", "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package": "imgbased-0:1.1.9-0.1.el7ev", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7", "release_date": "2019-08-12T00:00:00Z"}, {"advisory": "RHSA-2019:2437", "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package": "ovirt-node-ng-0:4.3.5-0.20190717.0.el7ev", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7", "release_date": "2019-08-12T00:00:00Z"}, {"advisory": "RHSA-2019:2437", "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package": "redhat-release-virtualization-host-0:4.3.5-2.el7ev", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7", "release_date": "2019-08-12T00:00:00Z"}, {"advisory": "RHSA-2019:2437", "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package": "redhat-virtualization-host-0:4.3.5-20190722.0.el7_7", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7", "release_date": "2019-08-12T00:00:00Z"}, {"advisory": "RHSA-2019:2439", "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package": "rhvm-appliance-0:4.3-20190722.0.el7", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7", "release_date": "2019-08-12T00:00:00Z"}], "bugzilla": {"description": "openssl: 0-byte record padding oracle", "id": "1683804", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1683804"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified"}, "cwe": "CWE-325", "details": ["If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q)."], "mitigation": {"lang": "en:us", "value": "As a workaround you can disable SHA384 if applications (compiled with OpenSSL) allow for adjustment of the ciphersuite string configuration."}, "name": "CVE-2019-1559", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Out of support scope", "package_name": "openssl", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Out of support scope", "package_name": "openssl097a", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "openssl098e", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "openssl098e", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "OVMF", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "compat-openssl10", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "openssl", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:jboss_core_services:1", "fix_state": "Affected", "package_name": "openssl", "product_name": "Red Hat JBoss Core Services"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:5", "fix_state": "Will not fix", "package_name": "openssl", "product_name": "Red Hat JBoss Enterprise Application Platform 5"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "fix_state": "Will not fix", "package_name": "openssl", "product_name": "Red Hat JBoss Enterprise Application Platform 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:2", "fix_state": "Will not fix", "package_name": "openssl", "product_name": "Red Hat JBoss Enterprise Web Server 2"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3", "fix_state": "Out of support scope", "package_name": "openssl", "product_name": "Red Hat JBoss Web Server 3"}], "public_date": "2019-02-26T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-1559\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-1559\nhttps://github.com/RUB-NDS/TLS-Padding-Oracles\nhttps://www.openssl.org/news/secadv/20190226.txt"], "statement": "1 For this issue to be exploitable, the (server) application using the OpenSSL library needs to use it incorrectly.\n2. There are multiple other requirements for the attack to succeed: \n- The ciphersuite used must be obsolete CBC cipher without a stitched implementation (or the system be in FIPS mode)\n- the attacker has to be a MITM\n- the attacker has to be able to control the client side to send requests to the buggy server on demand", "threat_severity": "Moderate", "upstream_fix": "openssl 1.0.2r"}