Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
symantecSymantec Security ResponseSMNTC-1325
HistoryJun 17, 2015 - 8:00 a.m.

SA98 : OpenSSL Security Advisory 11-June-2015

2015-06-1708:00:00
Symantec Security Response
32

EPSS

0.974

Percentile

99.9%

JSON

SUMMARY

Blue Coat products using affected versions of OpenSSL 1.0.2, 1.0.1, 1.0.0, and 0.9.8 are vulnerable to multiple vulnerabilities. A remote attacker may exploit these vulnerabilities to cause a denial of service, memory corruption, application crash, or downgrade in the Diffie-Hellman ephemeral (DHE) key size.

AFFECTED PRODUCTS

The following products are vulnerable to multiple vulnerabilities:

Android Mobile Agent

CVE |Affected Version(s)|Remediation
CVE-2015-4000 | 1.3 | Upgrade to 1.3.8.

BCAAA

CVE |Affected Version(s)|Remediation
All CVEs | 6.1 (only when a Novell SSO realm is used) | A fix will not be provided. An updated Novell SSO SDK is no longer available. Please, contact Novell for more information.

CacheFlow

CVE |Affected Version(s)|Remediation
CVE-2015-1789, CVE-2015-1792 | 3.x | Upgrade to 3.4.2.3.
CVE-2015-4000 | 3.x | Upgrade to 3.4.2.8.
CVE-2015-1790 | 3.x (not vulnerable to known vectors of attack) | Upgrade to 3.4.2.3.
CVE-2014-8176, CVE-2015-1788 | 3.x (not vulnerable to known vectors of attack) | Upgrade to 3.4.2.5.
All CVEs except CVE-2015-1791 | 2.x | Upgrade to later release with fixes.

Client Connector

CVE |Affected Version(s)|Remediation
All CVEs | 1.6 | Upgrade to latest release of Unified Agent with fixes.

Content Analysis System (CAS)

CVE |Affected Version(s)|Remediation
All CVEs except CVE-2015-1788 | 2.1 and later | Not vulnerable, fixed in 2.1.1.1
CVE-2014-8176, CVE-2015-1789,
CVE-2015-1790, CVE-2015-1791,
CVE-2015-1792 | 1.3 | Not vulnerable, fixed in 1.3.1.1
1.2 | Upgrade to 1.2.3.1.
1.1 | Upgrade to 1.1.5.6.
CVE-2015-4000 | 1.3 | Upgrade to 1.3.7.3.
1.1, 1.2 | Upgrade to later release with fixes.

Director

CVE |Affected Version(s)|Remediation
CVE-2015-1788, CVE-2015-1789,
CVE-2015-1790, CVE-2015-1791,
CVE-2015-1792 | 6.1 | Upgrade to 6.1.20.1.
CVE-2015-4000 | 6.1 | Upgrade to 6.1.21.2.

Malware Analysis Appliance (MAA)

CVE |Affected Version(s)|Remediation
CVE-2014-8176, CVE-2015-1788,
CVE-2015-1789, CVE-2015-1791,
CVE-2015-4000 | 4.2 | Upgrade to 4.2.6.

Malware Analyzer G2 (MAG2)

CVE |Affected Version(s)|Remediation
CVE-2014-8176, CVE-2015-1788,
CVE-2015-1789, CVE-2015-1791,
CVE-2015-4000 | All versions | Upgrade to latest release of MAA with fixes.

Management Center (MC)

CVE |Affected Version(s)|Remediation
CVE-2015-1788, CVE-2014-1789,
CVE-2015-1790, CVE0215-1792,
CVE-2015-4000 | 1.5 and later | Not vulnerable, fixed in 1.5.1.1
1.4 | Upgrade to 1.4.2.1.
1.x prior to 1.4 | Upgrade to later release with fixes.

Norman Shark Industrial Control System Protection (ICSP)

CVE |Affected Version(s)|Remediation
CVE-2014-8176, CVE-2015-1788,
CVE-2015-1789, CVE-2015-1791,
CVE-2015-4000 | 5.3 | Upgrade to 5.3.5.

Norman Shark Network Protection (NNP)

CVE |Affected Version(s)|Remediation
CVE-2014-8176, CVE-2015-1788,
CVE-2015-1789, CVE-2015-1791,
CVE-2015-4000 | 5.3 | Upgrade to 5.3.5.

Norman Shark SCADA Protection (NSP)

CVE |Affected Version(s)|Remediation
CVE-2014-8176, CVE-2015-1788,
CVE-2015-1789, CVE-2015-1791,
CVE-2015-4000 | 5.3 | Upgrade to 5.3.5.

PacketShaper (PS)

CVE |Affected Version(s)|Remediation
CVE-2015-1788, CVE-2015-1791 | 9.2 | Upgrade to 9.2.13p1.
CVE-2015-4000 | 9.2 | Upgrade to 9.2.13p2.

PacketShaper (PS) S-Series

CVE |Affected Version(s)|Remediation
All CVEs except CVE-2015-4000 | 11.4 and later | Not vulnerable, fixed in 11.4.1.1
11.2, 11.3 | Upgrade to later release with fixes.
CVE-2015-4000 | 11.6 and later | Not vulnerable, fixed in 11.6.1.1
11.5 | Upgrade to 11.5.3.2.
11.1, 11.2, 11.3, 11.4 | Upgrade to later release with fixes.

PolicyCenter (PC)

CVE |Affected Version(s)|Remediation
CVE-2015-1788, CVE-2015-1791 | 9.2 | Upgrade to 9.2.13p1.
CVE-2015-4000 | 9.2 | Upgrade to 9.2.13p2.

ProxyAV

CVE |Affected Version(s)|Remediation
All CVEs except CVE-2015-4000 | 3.5 | Upgrade to 3.5.3.3.
3.4 | Upgrade to 3.4.3.1.
CVE-2015-4000 | 3.4, 3.5 | Upgrade to a version of CAS with the fix.

ProxyClient

CVE |Affected Version(s)|Remediation
All CVEs | 3.4 | Upgrade to latest release of Unified Agent with fixes.

ProxySG

CVE |Affected Version(s)|Remediation
All CVEs | 6.7 and later | Not vulnerable, fixed in 6.7.1.1
CVE-2015-1788 | 6.6 | Upgrade to 6.6.2.1.
6.5 | Upgrade to 6.5.7.7.
CVE-2015-1789 | 6.6 | Upgrade to 6.6.2.1.
6.5 | Upgrade to 6.5.7.7.
6.2 | Upgrade to 6.2.16.6.
CVE-2015-4000 | 6.6 | Upgrade to 6.6.2.1.
6.5 | Upgrade to 6.5.7.7.
6.2 | Upgrade to later release with fixes.

Reporter

CVE |Affected Version(s)|Remediation
CVE-2015-1791 | 10.3 and later | Not vulnerable, fixed
9.4, 9.5, 10.1, 10.2 | Upgrade to later release with fixes.
CVE-2015-4000 | 10.5 | Upgrade to 10.5.2.1.
10.2, 10.3, 10.4 | Upgrade to later release with fixes.
10.1 | Not vulnerable
9.4, 9.5 | Upgrade to later release with fixes.

Security Analytics Platform

CVE |Affected Version(s)|Remediation
All CVEs | 7.2 and later | Not vulnerable, fixed in 7.2.1
CVE-2014-8176 | 7.1 | Upgrade to 7.1.5.
7.0 | Upgrade to later release with fixes.
6.6 | Upgrade to 6.6.10.
CVE-2015-1789, CVE-2015-1790,
CVE-2015-1791, CVE-2015-1792 | 7.1 | Upgrade to 7.1.9.
6.6, 7.0 | Upgrade to later release with fixes.
CVE-2015-4000 | 6.6, 7.0, 7.1 | Upgrade to later release with fixes.

SSL Visibility

CVE |Affected Version(s)|Remediation
CVE-2015-1788, CVE-2015-1789,
CVE-2015-1790, CVE-2015-1791,
CVE-2015-1792 | 3.9 and later | Not vulnerable, fixed in 3.9.1.1
3.8.4FC | Not vulnerable, fixed in 3.8.4FC-17.
3.8 | Upgrade to 3.8.5.
CVE-2014-8176 | 3.9 and later | Not vulnerable, fixed in 3.9.1.1
3.8.4FC | Not vulnerable, fixed in 3.8.4FC-17
3.8 (not vulnerable to known vectors of attack) | Upgrade to 3.8.5.
CVE-2015-4000 | 3.10 and later | Not vulnerable, fixed in 3.10.1.1.
3.9 | Upgrade to 3.9.7.1.
3.8.4FC | Upgrade to 3.8.4FC-55.
3.8 | Upgrade to later release with fixes.

Unified Agent

CVE |Affected Version(s)|Remediation
CVE-2015-4000 | 4.7 and later | Not vulnerable, fixed in 4.7.1
4.6 | Upgrade to 4.6.2.
4.1 | Upgrade to later release with fixes.

X-Series XOS

CVE |Affected Version(s)|Remediation
CVE-2015-1790, CVE-2015-1792 | 11.0 | Not available at this time
10.0 | Not avaialble at this time
9.7 | Upgrade to later release with fixes.

ADDITIONAL PRODUCT INFORMATION

Blue Coat products may act as both client and server in SSL/TLS connections, and may use application functionality for cryptographic operations. Blue Coat products act as a client when connecting to Blue Coat services such as WebPulse, DRTR, and licensing and subscription services. Products should be considered vulnerable in all interfaces that provide SSL/TLS connections for data and management interfaces unless the CVE is specific to SSL/TLS client or server functionality (as noted in the descriptions above) or unless otherwise stated below:

  • CAS: CVE-2015-4000 (Logjam) only affects SSL/TLS clients and the secure ICAP server.
  • Security Analytics: CVE-2015-4000 (Logjam) only affects the web UI and VPN connections between CMC and sensors.
  • SSLV: CVE-2015-1789 affects data and management planes, connections to Blue Coat, and connections to an HSM; CVE-2015-1790 and CVE-2015-1792 affect management connections when importing PKCS#7 and signed CMS formatted data; CVE-2015-1791 affects connections to Blue Coat and to an HSM; CVE-2015-4000 affects management connections, connections to Blue Coat, and connections to an HSM

Blue Coat products that use a native installation of OpenSSL but do not install or maintain that implementation are not vulnerable to any of these CVEs. However, the underlying platform or application that installs and maintains OpenSSL may be vulnerable. Blue Coat urges our customers to update the versions of OpenSSL that are natively installed for Reporter on Linux, Unified Agent on Linux, and ProxyClient.

Blue Coat products do not enable or use all functionality within OpenSSL. Products that do not utilize or enable the functionality described in a CVE are not vulnerable to that CVE. However, fixes for those CVEs will be included in the patches that are provided. The following products include vulnerable versions of OpenSSL, but do not use the functionality described in the CVEs and are not known to be vulnerable.

  • Android Mobile Agent: CVE-2014-8176, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, and CVE-2015-1792
  • CacheFlow: CVE-2014-8176, CVE-2015-1788, and CVE-2015-1790 (only signed and validated content is accepted)
  • Director: CVE-2014-8176
  • MAA and MAG2: CVE-2015-1790 and CVE-2015-1792
  • MC: CVE-2014-8176 and CVE-2015-1791
  • ICSP: CVE-2015-1790 and CVE-2015-1792
  • NNP: CVE-2015-1790 and CVE-2015-1792
  • NSP: CVE-2015-1790 and CVE-2015-1792
  • PacketShaper: CVE-2014-8176, CVE-2015-1789, CVE-2015-1790, and CVE-2015-1792
  • PacketShaper S-Series: CVE-2014-8176, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, and CVE-2015-1792
  • PolicyCenter: CVE-2014-8176, CVE-2015-1789, CVE-2015-1790, and CVE-2015-1792
  • ProxySG: CVE-2014-8176, CVE-2015-1790 and CVE-2015-1792 (only signed and validated content is accepted), and CVE-2015-1791
  • **Reporter: **CVE-2014-8176, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, and CVE-2015-1792
  • SA: CVE-2014-8176 and CVE-2015-1788
  • SSLV: CVE-2014-8175 and CVE-2015-1788
  • Unified Agent: CVE-2014-8176 (4.1 only), CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, and CVE-2015-1792
  • XOS: CVE-2014-8176, CVE-2015-1789, CVE-2015-1791, and CVE-2015-4000 (Logjam).

The following products are not vulnerable:
Advanced Secure Gateway
Auth Connector
Cloud Data Protection for Salesforce
Cloud Data Protection for Salesforce Analytics
Cloud Data Protection for ServiceNow
Cloud Data Protection for Oracle CRM On Demand
Cloud Data Protection for Oracle Field Service Cloud
Cloud Data Protection for Oracle Sales Cloud
Cloud Data Protection Integration Server
Cloud Data Protection Communication Server
Cloud Data Protection Policy Builder
General Auth Connector Login Application
K9
Mail Threat Defense
PolicyCenter S-Series
ProxyAV ConLog and ConLogXP
Web Isolation

The following products are under investigation:
IntelligenceCenter Reporter

Blue Coat no longer provides vulnerability information for the following products:

DLP
Please, contact Digital Guardian technical support regarding vulnerability information for DLP.

ISSUES

CVE-2014-8176

Severity / CVSSv2 | High / 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) References| SecurityFocus: BID 75159 / NVD: CVE-2014-8176 Impact| Denial of service, unspecified other impact Description | A flaw in DTLS allows an attacker sending unexpected application data to cause memory corruption, application crashes, denial of service, or other unspecified impacts. This vulnerability affects Blue Coat products that support DTLS.

CVE-2015-1788

Severity / CVSSv2 | Medium / 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P) References| SecurityFocus: BID 75158 / NVD: CVE-2015-1788 Impact| Denial of service Description | A flaw in the handling of elliptic curve (EC) parameters allows an attacker to sending malformed parameters to cause the product or application to enter an infinite loop resulting in a denial of service. This vulnerability affects Blue Coat products that Support elliptic curve cryptography.

CVE-2015-1789

Severity / CVSSv2 | Medium / 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P) References| SecurityFocus: BID 75156 / NVD: CVE-2015-1789 Impact| Denial of service Description | A flaw in the time comparison function allows an attacker sending a crafted ASN.1 time data to cause a crash and denial of service. This vulnerability affects Blue Coat products that act as a TLS client.

CVE-2015-1790

Severity / CVSSv2 | Medium / 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) References| SecurityFocus: BID 75157 / NVD: CVE-2015-1790 Impact| Denial of service Description | A flaw in PKCS#7 parsing allows an attacker sending crafted PKCS#7 data to cause a crash and a denial of service. This vulnerability affects Blue Coat products that decrypt or parse PKCS#7 data outside of the TLS protocol.

CVE-2015-1791

Severity / CVSSv2 | Medium / 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) References| SecurityFocus: BID 75161 / NVD: CVE-2015-1791 Impact| Denial of service, unspecified other impact Description | A race condition in multi-threaded clients allows an attacker to send an unexpected new session ticket and cause a crash, denial of service, and other unspecified impacts. This vulnerability affects Blue Coat products that have a multi-threaded client and use session tickets.

CVE-2015-1792

Severity / CVSSv2 | Medium / 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) References| SecurityFocus: BID 75154 / NVD: CVE-2015-1792 Impact| Denial of service Description | A flaw in CMS allows an attacker to send an unexpected OID value and cause an infinite loop and a denial of service. This vulnerability affects Blue Coat products that use CMS functionality.

CVE-2015-4000 (Logjam)

Severity / CVSSv2 | Medium / 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N) References| SecurityFocus: BID 74733 / NVD: CVE-2015-4000 Impact| Information disclosure, unauthorized modification of data Description | A flaw in the TLS protocol that allows a man-in-the-middle attacker to downgrade vulnerable TLS connections using ephemeral Diffie-Hellman key exchange to 512-bit export grade cryptography. There also exists a related pre-computation attack against DH parameters of size 1024 bits or less. Blue Coat products that act as a TLS client or server, support ephemeral DH key exchange, and use DH parameters of size 1024 bits or less are vulnerable.

MITIGATION

There are no known workarounds or remediation for CVE-2014-8176, CVE-2015-1788, CVE-2015-1789, or CVE-2015-1791. Customers should apply the patch.

CVE-2015-1790 can be remediated by ensuring that PKCS#7 content always comes from a trusted source.

CVE-2015-1792 can be remediated by ensuring that data signed using CMS always comes from a trusted source.

CVE-2015-4000 can be partially remediated by ensuring that export grade ciphers are always disabled for all interfaces, or to not use DHE ciphers. A full remediation is not possible because strong Diffie-Hellman parameters are not configurable.

REFERENCES

OpenSSL Security Advisory - <https://www.openssl.org/news/secadv/20150611.txt&gt;
Logjam attack - <https://weakdh.org/&gt;
OpenSSL changes for Logjam - <https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/&gt;

REVISION

2020-05-06 A fix for CVE-2015-4000 in Reporter 10.5 is available in 10.5.2.1. Advisory status changed to Closed.
2020-04-20 Reporter 10.5 is vulnerable to CVE-2015-4000.
2020-04-03 Reporter 10.3 and later versions are not vulnerable to CVE-2015-1791 because a fix is available in 10.3.1.1. A fix for CVE-2015-4000 in Reporter 10.3 will not be provided. Please upgrade to a later version with the vulnerability fixes. Reporter 10.5 is not vulnerable to CVE-2015-4000 because a fix is available in 10.5.1.1.
2020-01-15 A fix for CVE-2015-4000 in ProxyAV will not be provided. Please upgrade to a version of CAS with the vulnerability fix.
2019-10-02 Web Isolation is not vulnerable.
2019-08-28 Reporter 10.2, 10.3, and 10.4 are vulnerable to CVE-2015-4000 (Logjam).
2018-04-25 A fix for XOS 9.7 will not be provided. Please upgrade to a later version with the vulnerability fixes.
2018-04-22 PacketShaper S-Series 11.10 is not vulnerable.
2017-08-02 SSLV 4.1 is not vulnerable.
2017-07-24 PacketShaper S-Series 11.9 is not vulnerable.
2017-07-20 MC 1.10 is not vulnerable.
2017-06-22 Security Analytics 7.3 is not vulnerable.
2017-06-05 PS S-Series 11.6, 11.7, and 11.8 are not vulnerable.
2017-05-29 A fix for Android Mobile Agent is available in 1.3.8. A fix for CVE-2015-4000 (Logjam) in Security Analytics 6.6 will not be provided. Please upgrade to a later version with the vulnerability fix.
2017-05-17 CAS 2.1 is not vulnerable.
2017-04-29 A fix for CVE-2015-4000 (Logjam) in CacheFlow 3.4 is available in 3.4.2.8.
2017-03-30 MC 1.9 is not vulnerable.
2017-03-16 PacketShaper S-Series 11.2, 11.3, 11.4, and 11.5 are vulnerable to CVE-2015-4000 (Logjam). A fix for PS S-Series 11.5 is available in 11.5.3.2.
2017-03-06 MC 1.8 is not vulnerable. ProxySG 6.7 is not vulnerable. SSLV 4.0 is not vulnerable. Vulnerability inquiries for DLP should be addressed to Digital Guardian technical support.
2017-01-24 A fix for CVE-2015-4000 (Logjam) in CAS 1.3 is available in 1.3.7.3.
2017-01-13 A fix for CVE-2015-4000 (Logjam) in SSLV 3.9 is available in 3.9.7.1.
2016-12-04 A fix for CVE-2015-4000 (Logjam) is available in SSLV 3.10.1.1 and 3.11.1.1.
2016-11-17 Cloud Data Protection for Oracle Field Service Cloud is not vulnerable.
2016-11-15 MC 1.6 and 1.7 are not vulnerable.
2016-11-11 SSLV 3.10 is not vulnerable.
2016-11-03 A fix for CVE-2015-4000 (Logjam) in PacketShaper 9.2 is available in 9.2.13p2. A fix for CVE-2015-4000 (Logjam) in PolicyCenter 9.2 is available in 9.2.13p2.
2016-09-23 A fix for CVE-2015-1789, CVE-2015-1790, and CVE-2015-1792 in CacheFlow 3.4 is available in 3.4.2.3. A fix for CVE-2014-8176 and CVE-2015-1788 in CacheFlow 3.4 is available in 3.4.2.5.
2016-09-15 Advanced Secure Gateway is not vulnerable.
2016-09-01 A fix for SSLV 3.8.4FC is available in 3.8.4FC-55.
2016-08-12 Security Analytics 7.2 is not vulnerable because a fix for all CVEs is available in 7.2.1.
2016-08-10 Unified Agent 4.7 is not vulnerable.
2016-07-24 A fix for CVE-2015-4000 (Logjam) in ProxySG is available in 6.5.7.7 and 6.6.2.1. A fix for Logjam in ProxySG 6.2 will not be provided. Please upgrade to a later version with the Logjam vulnerability fix.
2016-07-15 XOS 9.7, 10.0, and 11.0 are vulnerable to CVE-2015-1790 and CVE-2015-1792. They also have vulnerable code for CVE-2014-8176, CVE-2015-1789, CVE-2015-1791, and CVE-2015-4000 (Logjam). A fix for all CVEs in XOS 10.0 is available in 10.0.6. A fix for all CVEs in XOS 11.0 is available in 11.0.2.
2016-07-15 A fix for CVE-2015-4000 (Logjam) will not be provided in SSLV 3.8. Please upgrade to a later version with the vulnerability fix.
2016-06-16 Security Analytics 6.6, 7.0, and 7.1 are vulnerable to CVE-2015-4000 (Logjam). A fix is not avaialble at this time.
2016-06-15 MAA 4.x prior to 4.2.6 is vulnerable to CVE-2015-4000 (Logjam). A fix for all CVEs is available in 4.2.6.
2016-06-11 PolicyCenter S-Series is not vulnerable.
2016-06-07 BCAAA 6.1 is vulnerable when a Novell SSO realm is used. A fix will not be provided. An updated Novell SSO SDK is no longer available. Please, contact Novell for more information.
2016-05-31 MC 1.x prior to 1.4.2.1 is vulnerable. MC 1.5 is not vulnerable.
2016-05-27 ICSP, NNP, and NSP 5.x are vulnerable. Fixes are available in ICSP, NNP, and NSP 5.3.5.
2016-05-24 Android Mobile Agent, Client Connector for Windows, ProxyClient for Windows, and Unified Agent are vulnerable. Fixes for Client Connector and ProxyClient will not be provided - customers should upgrade to the latest version of Unified Agent with vulnerability fixes. Fixes for Unified Agent are available in 4.6.2.
2016-05-22 CAS 1.1, 1.2, and 1.3 are vulnerable to CVE-2015-4000 (Logjam). A fix will not be provided for CAS 1.1. and 1.2. ProxyAV 3.4 and 3.5 are vulnerable to CVE-2015-4000 (Logjam). A fix will not be provided for ProxyAV 3.4.
2016-05-22 The complete fix for CVE-2015-4000 (Logjam) in Director 6.1 is available in 6.1.21.2, not as was previously reported in 6.1.22.1.
2016-05-21 General Auth Connector Login Application is not vulnerable.
2016-05-12 A complete fix for CVE-2015-4000 (Logjam) in SSLV is not available at this time.
2016-05-11 No Cloud Data Protection products are vulnerable.
2016-05-06 A fix for all CVEs except CVE-2015-4000 (Logjam) in PolicyCenter 9.2 is available in 9.2.13p1.
2016-05-06 A fix for all CVEs except CVE-2015-4000 (Logjam) in PacketShaper 9.2 is available in 9.2.13p1.
2016-04-27 Mail Threat Defense is not vulnerable.
2016-03-17 The complete fix for CVE-2015-4000 (Logjam) in Director 6.1 is available in 6.1.22.1.
2016-02-26 OPIC was removed as the product is no longer supported.
2016-01-23 PacketShaper S-Series does not have vulnerable code for CVE-2015-1788. A fix for CVE-2014-8176, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, and CVE-2015-1792 are available in 11.4.1.1 and 11.5.1.1. CVE-2015-4000 (Logjam) is under investigation.
2016-01-16 PacketShaper S-Series has vulnerable, but not used, code for CVE-2014-8176, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, and CVE-2015-1792. CVE-2015-4000 (Logjam) is under investigation.
2016-01-15 PacketShaper 9.2 and PolicyCenter 9.2 are vulnerable to CVE-2015-1788, CVE-2015-1791, and CVE-2015-4000. They also have vulnerable, but not used, code for CVE-2014-8176, CVE-2015-1789, CVE-2015-1790, and CVE-2015-1792.
2015-12-18 Director 6.1.20.1 does not contain a complete fix for CVE-2015-4000 (Logjam). Other Blue Coat products are under investigation for CVE-2015-4000.
2015-12-02 All fixes are available for Security Analytics
2015-10-02 Fixes are available for ProxyAV 3.4 and 3.5
2015-10-01 Fixes are available for ProxySG 6.2 and 6.6; fix is available for SSLV; SSLV is also vulnerable to CVE-2014-8176
2015-09-30 CAS is vulnerable and fixes are available for 1.1 and 1.2
2015-08-05 Reporter for Windows is not vulnerable to CVE-2015-1791
2015-08-02 Reporter is only vulnerable to CVE-2015-4000 (Logjam) if export grade cipher suites are enabled.
2015-07-25 a fix is available for Director; a fix is available in SGOS 6.5; ProxyAV is vulnerable; Reporter is vulnerable
2015-06-18 added CVEs for Management Center
2015-06-17 initial public release

Related

freebsd_advisory 1
ibm 58
freebsd 1
openvas 46
nessus 42
aix 1
debian 2
fortinet 1
osv 2
suse 13
paloalto 2
gentoo 1
arista 1
securityvulns 2
cisco 1
ubuntu 1
mageia 1
archlinux 1
slackware 1
amazon 1
redhat 2
centos 2
veracode 1
altlinux 5
fedora 4
oraclelinux 3
prion 1
cve 1
nvd 1
freebsd_advisory
freebsd_advisory
FreeBSD-SA-15:10.openssl
2015-06-12 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in OpenSSL including Logjam affect IBM PureApplication System. (CVE-2014-8176, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792, and CVE-2015-4000)
2018-06-15 07:03:47
Security Bulletin: Vulnerabilities in OpenSSL including Logjam affect Rational Application Developer for WebSphere Software (CVE-2015-1791, CVE-2015-1792, CVE-2014-8176, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790)
2020-02-05 00:09:48
Security Bulletin: Vulnerabilities in OpenSSL including Logjam affect IBM® SDK for Node.js™
2018-08-09 04:20:36
freebsd
freebsd
openssl -- multiple vulnerabilities
2015-06-11 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 201506-02
2015-09-29 00:00:00
Debian: Security Advisory (DSA-3287-1)
2015-06-12 00:00:00
Debian Security Advisory DSA 3287-1 (openssl - security update)
2015-06-13 00:00:00
nessus
nessus
FreeBSD : openssl -- multiple vulnerabilities (8305e215-1080-11e5-8ba2-000c2980a9f3) (Logjam)
2015-06-12 00:00:00
AIX OpenSSL Advisory : openssl_advisory14.asc (Logjam)
2015-07-20 00:00:00
Debian DSA-3287-1 : openssl - security update (Logjam)
2015-06-15 00:00:00
aix
aix
Multiple Security vulnerabilities in AIX OpenSSL
2015-07-15 00:20:05
debian
debian
[SECURITY] [DSA 3287-1] openssl security update
2015-06-13 14:32:55
[SECURITY] [DLA 247-1] openssl security update
2015-06-17 21:46:50
fortinet
fortinet
OpenSSL vulnerabilities - June 2015
2015-06-11 00:00:00
osv
osv
openssl - security update
2015-06-13 00:00:00
openssl - security update
2015-06-17 00:00:00
suse
suse
Security update for OpenSSL (important)
2015-07-03 16:06:39
Security update for openssl (important)
2015-06-25 18:05:48
Security update for compat-openssl098 (important)
2015-06-26 13:05:09
paloalto
paloalto
OpenSSL Vulnerabilities
2016-10-18 00:00:00
OpenSSL Vulnerabilities
2016-08-15 00:00:00
gentoo
gentoo
OpenSSL: Multiple vulnerabilities
2015-06-22 00:00:00
arista
arista
Security Advisory 0011
2015-06-17 00:00:00
securityvulns
securityvulns
OpenSSL multiple security vulnerabilities
2015-06-13 00:00:00
[USN-2639-1] OpenSSL vulnerabilities
2015-06-13 00:00:00
cisco
cisco
Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products
2015-06-12 16:00:00
ubuntu
ubuntu
OpenSSL vulnerabilities
2015-06-11 00:00:00
mageia
mageia
Updated openssl package fixes security vulnerabilities
2015-06-19 16:33:05
archlinux
archlinux
openssl: multiple issues
2015-06-12 00:00:00
slackware
slackware
[slackware-security] openssl
2015-06-11 23:01:09
amazon
amazon
Medium: openssl
2015-06-16 11:29:00
redhat
redhat
(RHSA-2015:1115) Moderate: openssl security update
2015-06-15 00:00:00
(RHSA-2015:1197) Moderate: openssl security update
2015-06-30 00:00:00
centos
centos
openssl security update
2015-06-15 20:01:35
openssl security update
2015-07-02 12:10:41
veracode
veracode
Denial Of Service (DoS)
2019-05-02 05:39:36
altlinux
altlinux
Security fix for the ALT Linux 7 package openssl10 version 1.0.1k-alt2.M70P.1
2015-06-26 00:00:00
Security fix for the ALT Linux 9 package openssl1.1 version 1.0.1k-alt3
2015-06-15 00:00:00
Security fix for the ALT Linux 8 package openssl10 version 1.0.1k-alt3
2015-06-15 00:00:00
fedora
fedora
[SECURITY] Fedora 22 Update: openssl-1.0.1k-10.fc22
2015-06-21 00:19:25
[SECURITY] Fedora 22 Update: openssl-1.0.1k-11.fc22
2015-07-13 19:18:15
[SECURITY] Fedora 21 Update: openssl-1.0.1k-10.fc21
2015-06-24 15:57:49
oraclelinux
oraclelinux
openssl security update
2015-06-15 00:00:00
openssl security update
2015-06-30 00:00:00
openssl security update
2015-12-14 00:00:00
prion
prion
Design/Logic Flaw
2015-07-08 15:59:00
cve
cve
CVE-2014-8175
2015-07-08 15:59:00
nvd
nvd
CVE-2014-8175
2015-07-08 15:59:00

EPSS

0.974

Percentile

99.9%

JSON
Related for SMNTC-1325
freebsd_advisory1ibm58freebsd1openvas46nessus42aix1debian2fortinet1osv2suse13paloalto2gentoo1arista1securityvulns2cisco1ubuntu1mageia1archlinux1slackware1amazon1redhat2centos2veracode1altlinux5fedora4oraclelinux3prion1cve1nvd1