Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMB001EA0C352C914F5BD75B1A7ED4DC332EFEAF82BBB300155C1592CB17C0172A
HistoryJun 15, 2018 - 7:06 a.m.

Security Bulletin: Vulnerabilities in Mozilla Network Security Services (NSS) affect IBM MQ Appliance (CVE-2016-2834, CVE-2016-5285, CVE-2016-8635)

2018-06-1507:06:54
www.ibm.com
41

0.025 Low

EPSS

Percentile

90.2%

JSON

Summary

Security vulnerabilities in Mozilla Network Security Services (NSS) affect IBM MQ Appliance. IBM MQ Appliance has addressed the applicable CVEs.

Vulnerability Details

CVEID: CVE-2016-2834**
DESCRIPTION:** Mozilla Network Security Services (NSS), as used in Mozilla Firefox, could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted website, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVSS Base Score: 8.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/113870&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID: CVE-2016-5285**
DESCRIPTION:** Mozilla Network Security Services (NSS), as used in Mozilla Firefox, is vulnerable to a denial of service, caused by a NULL pointer dereference in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime when handling invalid Diffie-Hellman keys. A remote attacker could exploit this vulnerability to crash a TLS/SSL server.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/119189&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2016-8635**
DESCRIPTION:** Mozilla Network Security Services (NSS), as used in Mozilla Firefox, could allow a remote attacker to obtain sensitive information, caused by a small subgroup confinement attack in Diffie Hellman Client key exchange handling. By confining the client DH key to a small subgroup of the desired group, a remote attacker could exploit this vulnerability to recover private keys.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/119190&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

The following versions are affected:

  • IBM MQ Appliance 8.0
    • Maintenance levels between 8.0.0.0 and 8.0.0.5
  • IBM MQ Appliance 9.0.x Continuous Delivery (CD) release
    • Continuous delivery update 9.0.1 only

Remediation/Fixes

IBM MQ Appliance 8.0

Apply fixpack 8.0.0.6 or later maintenance.

IBM MQ Appliance 9.0.x Continuous Delivery (CD) release

Apply continuous delivery update 9.0.2 or later.

Workarounds and Mitigations

None.

Related

redhat 1
openvas 26
nessus 29
ibm 12
centos 1
amazon 1
symantec 1
oraclelinux 1
ubuntu 3
redhatcve 3
ubuntucve 3
prion 3
cve 3
debiancve 3
nvd 3
veracode 3
cvelist 3
mozilla 1
f5 2
debian 2
osv 2
freebsd 1
gentoo 1
suse 10
kaspersky 1
oracle 2
redhat
redhat
(RHSA-2016:2779) Moderate: nss and nss-util security update
2016-11-16 00:00:00
openvas
openvas
CentOS Update for nss-util CESA-2016:2779 centos6
2016-11-20 00:00:00
Huawei EulerOS: Security Advisory for nss, nss-util (EulerOS-SA-2016-1084)
2020-01-23 00:00:00
RedHat Update for nss and nss-util RHSA-2016:2779-01
2016-11-16 00:00:00
nessus
nessus
Oracle Linux 5 / 6 / 7 : nss / nss-util (ELSA-2016-2779)
2016-11-17 00:00:00
CentOS 5 / 6 / 7 : nss / nss-util (CESA-2016:2779)
2016-11-21 00:00:00
RHEL 5 / 6 / 7 : nss and nss-util (RHSA-2016:2779)
2016-11-16 00:00:00
ibm
ibm
Security Bulletin: IBM Security Access Manager appliances are affected by vulnerabilities in Network Security Services (NSS) (CVE-2016-2834, CVE-2016-5285, CVE-2016-8635)
2018-06-16 21:50:26
Security Bulletin: Vulnerabilities in Mozilla NSS affect the IBM FlashSystem models 840 and 900
2023-02-18 01:45:50
Security Bulletin: Multiple vulnerabilities in Network Security Services (NSS) component affect SAN Volume Controller, Storwize family and FlashSystem V9000 products.
2023-03-29 01:48:02
centos
centos
nss security update
2016-11-19 11:17:02
amazon
amazon
Medium: nss-util, nss, nss-softokn
2016-12-15 00:32:00
symantec
symantec
SA137 : NSS Vulnerabilities
2016-12-20 08:00:00
oraclelinux
oraclelinux
nss and nss-util security update
2016-11-16 00:00:00
ubuntu
ubuntu
NSS vulnerabilities
2017-01-04 00:00:00
NSS vulnerability
2016-07-11 00:00:00
Firefox vulnerabilities
2016-06-09 00:00:00
redhatcve
redhatcve
CVE-2016-5285
2016-11-16 03:47:19
CVE-2016-8635
2016-11-16 03:47:31
CVE-2016-2834
2016-06-18 08:48:29
ubuntucve
ubuntucve
CVE-2016-5285
2016-11-16 00:00:00
CVE-2016-8635
2016-11-17 00:00:00
CVE-2016-2834
2016-06-08 00:00:00
prion
prion
Null pointer dereference
2019-11-15 16:15:00
Design/Logic Flaw
2018-08-01 13:29:00
Memory corruption
2016-06-13 10:59:00
cve
cve
CVE-2016-5285
2019-11-15 16:15:10
CVE-2016-8635
2018-08-01 13:29:00
CVE-2016-2834
2016-06-13 10:59:15
debiancve
debiancve
CVE-2016-5285
2019-11-15 16:15:10
CVE-2016-8635
2018-08-01 13:29:00
CVE-2016-2834
2016-06-13 10:59:15
nvd
nvd
CVE-2016-5285
2019-11-15 16:15:10
CVE-2016-8635
2018-08-01 13:29:00
CVE-2016-2834
2016-06-13 10:59:15
veracode
veracode
Null Pointer Dereference
2019-05-02 06:02:29
Information Disclosure
2019-05-02 06:02:29
Denial Of Service
2019-01-15 09:14:44
cvelist
cvelist
CVE-2016-5285
2019-11-15 15:44:05
CVE-2016-8635
2018-08-01 13:00:00
CVE-2016-2834
2016-06-13 10:00:00
mozilla
mozilla
Network Security Services (NSS) vulnerabilities โ€” Mozilla
2016-06-07 00:00:00
f5
f5
K15479471 : Mozilla NSS vulnerability CVE-2016-2834
2016-09-01 00:00:00
SOL15479471 - Mozilla NSS vulnerability CVE-2016-2834
2016-09-01 00:00:00
debian
debian
[SECURITY] [DLA 527-1] nss security update
2016-06-25 18:05:55
[SECURITY] [DSA 3688-1] nss security update
2016-10-05 20:20:43
osv
osv
nss - security update
2016-06-25 00:00:00
nss - security update
2016-10-05 00:00:00
freebsd
freebsd
NSS -- multiple vulnerabilities
2016-06-07 00:00:00
gentoo
gentoo
Mozilla Network Security Service (NSS): Multiple vulnerabilities
2017-01-19 00:00:00
suse
suse
Security update for MozillaFirefox, mozilla-nss (important)
2016-12-05 21:07:10
Security update for MozillaFirefox, mozilla-nss (important)
2016-12-10 23:09:49
Security update for MozillaFirefox, mozilla-nss (important)
2016-12-13 13:07:50
kaspersky
kaspersky
KLA10822 Multiple vulnerabilities in Mozilla Firefox and Firefox ESR
2016-06-07 00:00:00
oracle
oracle
Oracle Critical Patch Update - October 2017
2017-10-17 00:00:00
Oracle Critical Patch Update Advisory - July 2017
2018-03-20 00:00:00

0.025 Low

EPSS

Percentile

90.2%

JSON
Related for B001EA0C352C914F5BD75B1A7ED4DC332EFEAF82BBB300155C1592CB17C0172A
redhat1openvas26nessus29ibm12centos1amazon1symantec1oraclelinux1ubuntu3redhatcve3ubuntucve3prion3cve3debiancve3nvd3veracode3cvelist3mozilla1f52debian2osv2freebsd1gentoo1suse10kaspersky1oracle2