Juniper Junos OS: Multiple security vulnerabilities in OpenSSL (JSA10575) (multiple CVEs)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:N/I:N/A:P) | February 08, 2013 | May 07, 2014 | November 30, 2016 |
Description
OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.
Free Nexpose Download
Discover, prioritize, and remediate security risks today!
References
- APPLE-APPLE-SA-2013-09-12-1
- BID-57778
- CERT-TA13-051A
- CERT-VN-737740
- CVE-2013-0166
- CVE-2013-0169
- DEBIAN-DSA-2621
- DEBIAN-DSA-2622
- JUNIPER-JSA10575
- OVAL-OVAL18754
- OVAL-OVAL18841
- OVAL-OVAL19016
- OVAL-OVAL19081
- OVAL-OVAL19360
- OVAL-OVAL19424
- OVAL-OVAL19487
- OVAL-OVAL19540
- OVAL-OVAL19608
- REDHAT-RHSA-2013:0587
- REDHAT-RHSA-2013:0782
- REDHAT-RHSA-2013:0783
- REDHAT-RHSA-2013:0833
- REDHAT-RHSA-2013:1455
- REDHAT-RHSA-2013:1456
Solution
juniper-junos-os-upgrade-latestRelated Vulnerabilities
- RHSA-2013:0855: java-1.5.0-ibm security update
- Alpine Linux: CVE-2013-0166: openssl multiple issues
- VMSA-2013-0009: ESX userworld update for OpenSSL library (CVE-2013-0166)
- HP-UX: CVE-2013-0169: Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
- ELSA-2013-0273 Critical: Oracle Linux java-1.6.0-openjdk security update
- HP-UX: CVE-2013-0166: Running OpenSSL, Remote Denial of Service (DoS) and Unauthorized Disclosure
- TLS/SSL Timing Side-Channel Attacks, aka the "Lucky Thirteen" Attack
- USN-1732-1: OpenSSL vulnerabilities
- Oracle Solaris 11: CVE-2013-0166: Vulnerability in OpenSSL
- Alpine Linux: CVE-2013-0169: openssl multiple issues
- Oracle Database: Critical Patch Update - October 2013 (CVE-2013-0169)
- FreeBSD: OpenSSL -- TLS 1.1, 1.2 denial of service (Multiple CVEs)
- OS X update for OpenSSL (CVE-2013-0166)
- Amazon Linux AMI: Security patch for openssl (ALAS-2013-171) (multiple CVEs)
- Amazon Linux AMI: Security patch for java-1.7.0-openjdk (ALAS-2013-162) (multiple CVEs)
- DSA-2621-1 openssl -- several vulnerabilities
- RHSA-2013:0531: java-1.6.0-sun security update
- OS X update for OpenSSL (CVE-2013-0169)
- RHSA-2013:0273: java-1.6.0-openjdk security update
- USN-1735-1: OpenJDK vulnerabilities
- OS X update for Apache (CVE-2013-0166)
- Gentoo Linux: CVE-2013-0169: OpenSSL: Multiple Vulnerabilities
- Sun Patch: SunOS 5.10: wanboot patch
- F5 Networks: K14190 (CVE-2013-0169): TLS/DTLS 'Lucky 13' vulnerability CVE-2013-0169
- RHSA-2013:0823: java-1.6.0-ibm security update
- Amazon Linux AMI: Security patch for java-1.6.0-openjdk (ALAS-2013-163) (multiple CVEs)
- DSA-2622-1 polarssl -- several vulnerabilities
- ELSA-2013-0274 Important: Oracle Linux java-1.6.0-openjdk security update
- RHSA-2014:0416: rhevm-spice-client security update
- RHSA-2013:0587: openssl security update
- OS X update for Apache (CVE-2013-0169)
- Sun Patch: SunOS 5.10_x86: openssl patch
- SUSE Linux Security Vulnerability: CVE-2013-0169
- OpenSSL OCSP invalid key DoS issue (CVE-2013-0166)
- Gentoo Linux: CVE-2013-0166: OpenSSL: Multiple Vulnerabilities
- OpenSSL SSL, TLS and DTLS Plaintext Recovery Attack (CVE-2013-0169)
- SUSE Linux Security Vulnerability: CVE-2013-0166
- Apple Java security update for CVE-2013-0169
- ELSA-2013-0587 Moderate: Oracle Linux openssl security update
- VMSA-2013-0009: ESX userworld update for OpenSSL library (CVE-2013-0169)
- Oracle Solaris 11: CVE-2013-0169: Vulnerability in OpenSSL
- RHSA-2013:0275: java-1.7.0-openjdk security update
- FreeBSD: FreeBSD -- OpenSSL multiple vulnerabilities (FreeBSD-SA-13:03.openssl) (Multiple CVEs)
- RHSA-2013:0822: java-1.7.0-ibm security update
- RHSA-2013:0274: java-1.6.0-openjdk security update
- RHSA-2013:0532: java-1.7.0-oracle security update
- Amazon Linux AMI: Security patch for openssl (ALAS-2014-320) (multiple CVEs)
- RHSA-2013:1455: Red Hat Network Satellite server IBM Java Runtime security update
- Sun Patch: SunOS 5.10: openssl patch
- RHSA-2013:0636: rhev-hypervisor6 security and bug fix update
- IBM AIX: openssh_advisory2, openssl_advisory5 (CVE-2013-0169): Vulnerabilities in OpenSSH affect AIX
- ELSA-2013-0275 Important: Oracle Linux java-1.7.0-openjdk security update
- Java CPU February 2013 Java Runtime Environment JSSE vulnerability (CVE-2013-0169)
- RHSA-2013:1456: Red Hat Network Satellite server IBM Java Runtime security update
- USN-1732-3: OpenSSL vulnerability
- IBM AIX: openssl_advisory5 (CVE-2013-0166): Vulnerabilities in OpenSSL affect AIX
- Sun Patch: SunOS 5.9: wanboot and pkg utilities Patch