cpe:/a:openssl:openssl:1.0.0 cpe:/a:openssl:openssl:1.0.0:beta1 cpe:/a:openssl:openssl:1.0.0:beta2 cpe:/a:openssl:openssl:1.0.0:beta3 cpe:/a:openssl:openssl:1.0.0:beta4 cpe:/a:openssl:openssl:1.0.0:beta5 cpe:/a:openssl:openssl:1.0.0a cpe:/a:openssl:openssl:1.0.0b cpe:/a:openssl:openssl:1.0.0c cpe:/a:openssl:openssl:1.0.0d cpe:/a:openssl:openssl:1.0.0e cpe:/a:openssl:openssl:1.0.0f cpe:/a:openssl:openssl:1.0.0g cpe:/a:openssl:openssl:1.0.0h cpe:/a:openssl:openssl:1.0.0i cpe:/a:openssl:openssl:1.0.0j cpe:/a:openssl:openssl:1.0.1 cpe:/a:openssl:openssl:1.0.1:beta1 cpe:/a:openssl:openssl:1.0.1:beta2 cpe:/a:openssl:openssl:1.0.1:beta3 cpe:/a:openssl:openssl:1.0.1a cpe:/a:openssl:openssl:1.0.1b cpe:/a:openssl:openssl:1.0.1c cpe:/a:openssl:openssl:1.0.1d cpe:/a:openssl:openssl:1.0.1e CVE-2013-6450 2014-01-01T11:05:15.017-05:00 2017-12-08T21:29:02.577-05:00 5.8 NETWORK MEDIUM NONE NONE PARTIAL PARTIAL http://nvd.nist.gov 2016-07-08T11:57:28.730-04:00 SECTRACK 1029549 SECTRACK 1031594 BUGTRAQ 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities FULLDISC 20150402 NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE BID 64618 DEBIAN DSA-2833 FEDORA FEDORA-2014-9301 FEDORA FEDORA-2014-9308 GENTOO GLSA-201412-39 IAVM IAVM:2014-A-0062 IAVM IAVM:2014-B-0046 REDHAT RHSA-2014:0015 UBUNTU USN-2079-1 CONFIRM http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=34628967f1e65dc8f34e000f0f5518e21afbfc7b MISC http://packetstormsecurity.com/files/131271/VMware-Security-Advisory-2015-0003.html CONFIRM http://www-01.ibm.com/support/docview.wss?uid=isg400001841 CONFIRM http://www-01.ibm.com/support/docview.wss?uid=isg400001843 CONFIRM http://www.openssl.org/news/vulnerabilities.html CONFIRM http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html CONFIRM http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html CONFIRM http://www.vmware.com/security/advisories/VMSA-2014-0012.html CONFIRM https://puppet.com/security/cve/cve-2013-6450 CONFIRM https://security-tracker.debian.org/tracker/CVE-2013-6450 SUSE openSUSE-SU-2014:0048 SUSE openSUSE-SU-2014:0049 The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context and cause a denial of service (application crash) by interfering with packet delivery, related to ssl/d1_both.c and ssl/t1_enc.c.