Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
symantecSymantec Security ResponseSMNTC-1382
HistoryOct 06, 2016 - 8:00 a.m.

SA132 : OpenSSL Vulnerabilities 22-Sep-2016 and 26-Sep-2016

2016-10-0608:00:00
Symantec Security Response
23

0.911 High

EPSS

Percentile

98.9%

JSON

SUMMARY

Blue Coat products using affected versions of OpenSSL are susceptible to multiple vulnerabilities. A remote attacker can exploit these vulnerabilities to recover private DSA keys or execute arbitrary code through integer overflow and buffer overwrites. The attacker can also cause denial of service through application crashes, endless CPU loops, and dropped connection packets.

AFFECTED PRODUCTS

The following products are vulnerable:

Advanced Secure Gateway (ASG)

CVE |Affected Version(s)|Remediation
CVE-2016-2177, CVE-2016-2182,
CVE-2016-6306 | 6.7 and later | Not vulnerable, fixed in 6.7.2.1
6.6 | Upgrade to 6.6.5.2.
CVE-2016-6303
CVE-2016-6304 | 6.7 and later | Not vulnerable, fixed in 6.7.2.1
6.6 (not vulnerable to known vectors of attack) | Upgrade to 6.6.5.13.
CVE-2016-2178, CVE-2016-2179,
CVE-2016-2180, CVE-2016-2181,
CVE-2016-6302 | 6.7 and later | Not vulnerable, fixed in 6.7.2.1
6.6 (not vulnerable to known vectors of attack) | Upgrade to later release with fixes.

Android Mobile Agent

CVE |Affected Version(s)|Remediation
CVE-2016-2182 | 1.3 | Upgrade to 1.3.8.

BCAAA

CVE |Affected Version(s)|Remediation
All CVEs except CVE-2016-2180, CVE-2016-6305, CVE-2016-6307, CVE-2016-6308, CVE-2016-6309, CVE-2016-7052 | 6.1 (only when a Novell SSO realm is used). | A fix will not be provided. An updated Novell SSO SDK is no longer available. Please contact Novell for more information.

CacheFlow

CVE |Affected Version(s)|Remediation
CVE-2016-2177, CVE-2016-2182,
CVE-2016-6306 | 3.4 | Upgrade to 3.4.2.8.

Client Connector

CVE |Affected Version(s)|Remediation
CVE-2016-2177, CVE-2016-2182,
CVE-2016-6306 | 1.6 | Upgrade to latest version of Unified Agent with fixes.

Content Analysis System (CAS)

CVE |Affected Version(s)|Remediation
CVE-2016-2177, CVE-2016-2182,
CVE-2016-6302, CVE-2016-6304,
CVE-2016-6306. | 2.1 and later | Not vulnerable, fixed in 2.1.1.1.
1.3 | Upgrade to 1.3.7.5.

Director

CVE |Affected Version(s)|Remediation
CVE-2016-2182, CVE-2016-6302,
CVE-2016-6303, CVE-2016-6304,
CVE-2016-6306 | 6.1 | Upgrade to 6.1.23.1.

Mail Threat Defense (MTD)

CVE |Affected Version(s)|Remediation
CVE-2016-2177, CVE-2016-2182,
CVE-2016-6302, CVE-2016-6304,
CVE-2016-6306 | 1.1 | Not available at this time

Malware Analysis Appliance (MAA)

CVE |Affected Version(s)|Remediation
CVE-2016-2177, CVE-2016-2178,
CVE-2016-2182, CVE-2016-6303,
CVE-2016-6304, CVE-2016-6306 | 4.2 | Upgrade to 4.2.11.

Management Center (MC)

CVE |Affected Version(s)|Remediation
CVE-2016-2177, CVE-2016-2178,
CVE-2016-2180, CVE-2016-2182,
CVE-2016-6306 | 1.9 and later | Not vulnerable, fixed in 1.9.1.1
1.8 | Upgrade to later release with fixes.
1.7 | Upgrade to later release with fixes.

Norman Shark Industrial Control System Protection (ICSP)

CVE |Affected Version(s)|Remediation
CVE-2016-2177, CVE-2016-2178,
CVE-2016-2182, CVE-2016-6306 | 5.4 and later | Not vulnerable, fixed in 5.4.1
5.3 | Upgrade to later release with fixes.

Norman Shark Network Protection (NNP)

CVE |Affected Version(s)|Remediation
CVE-2016-2177, CVE-2016-2178,
CVE-2016-2182, CVE-2016-6306 | 5.3 | A fix will not be provided.

Norman Shark SCADA Protection (NSP)

CVE |Affected Version(s)|Remediation
CVE-2016-2177, CVE-2016-2178,
CVE-2016-2182, CVE-2016-6306 | 5.3 | A fix will not be provided. Customers who use NSP for USB cleaning can switch to a version of ICSP with fixes.

PacketShaper (PS)

CVE |Affected Version(s)|Remediation
CVE-2016-2177, CVE-2016-2178,
CVE-2016-6303, CVE-2016-6304,
CVE-2016-6306 | 9.2 | Not vulnerable, fixed in 9.2.13p7

PacketShaper (PS) S-Series

CVE |Affected Version(s)|Remediation
CVE-2016-2177, CVE-2016-2178,
CVE-2016-2180, CVE-2016-2182,
CVE-2016-6302, CVE-2016-6304,
CVE-2016-6306 | 11.7 and later | Not vulnerable, fixed in 11.7.1.1
11.6 | Upgrade to 11.6.2.2.
11.2, 11.3, 11.4, 11.5 | Upgrade to later release with fixes.

PolicyCenter (PC)

CVE |Affected Version(s)|Remediation
CVE-2016-2177, CVE-2016-2178,
CVE-2016-6303, CVE-2016-6304,
CVE-2016-6306 | 9.2 | Not vulnerable, fixed in 9.2.13p7

PolicyCenter (PC) S-Series

CVE |Affected Version(s)|Remediation
CVE-2016-2177, CVE-2016-2178,
CVE-2016-2180, CVE-2016-2182,
CVE-2016-6302, CVE-2016-6304,
CVE-2016-6306 | 1.1 | Upgrade to 1.1.3.1.

ProxyAV

CVE |Affected Version(s)|Remediation
CVE-2016-2177, CVE-2016-2182,
CVE-2016-6302, CVE-2016-6304,
CVE-2016-6306 | 3.5 | Upgrade to 3.5.4.2.

ProxyClient

CVE |Affected Version(s)|Remediation
CVE-2016-2177, CVE-2016-2182,
CVE-2016-6306 | 3.4 | Upgrade to latest release of Unified Agent with fixes.

ProxySG

CVE |Affected Version(s)|Remediation
CVE-2016-2177, CVE-2016-2182,
CVE-2016-6306 | 6.7 and later | Not vulnerable, fixed in 6.7.1.1.
6.6 | Upgrade to 6.6.5.2.
6.5 | Upgrade to 6.5.9.13.
CVE-2016-6303, CVE-2016-6304 | 6.7 and later | Not vulnerable, fixed in 6.7.1.1
6.6 (not vulnerable to known vectors of attack) | Upgrade to 6.6.5.13.
6.5 (not vulnerable to known vectors of attack) | Upgrade to 6.5.10.4.
CVE-2016-2179, CVE-2016-2180,
CVE-2016-2181, CVE-2016-6302, | 6.7 and later | Not vulnerable, fixed in 6.7.1.1
6.6 (not vulnerable to known vectors of attack) | Upgrade to later release with fixes.
6.5 (not vulnerable to known vectors of attack) | Upgrade to 6.5.10.4.
CVE-2016-2178 | 6.7 and later | Not vulnerable fixed in 6.7.1.1
6.6 (not vulnerable to known vectors of attack) | Upgrade to later release with fixes.
6.5 (not vulnerable to known vectors of attack) | Upgrade to later release with fixes.

Reporter

CVE |Affected Version(s)|Remediation
CVE-2016-2177, CVE-2016-2182,
CVE-2016-6306 | 10.2 and later | Not vulnerable, fixed in 10.2.1.1.
10.1 | Upgrade to 10.1.5.4.
9.5 | Upgrade to 9.5.4.1.
9.4 | Upgrade to later release with fixes.

Security Analytics (SA)

CVE |Affected Version(s)|Remediation
CVE-2016-2177, CVE-2016-2180,
CVE-2016-2182, CVE-2016-6304,
CVE-2016-6306 | 7.3 and later | Not vulnerable, fixed in 7.3.1
7.2 | Upgrade to 7.2.2.
7.1 | Apply RPM patch from Blue Coat Support.
6.6 | Apply RPM patch from Blue Coat Support.

SSL Visibility (SSLV)

CVE |Affected Version(s)|Remediation
CVE-2016-2177, CVE-2016-2178,
CVE-2016-2182, CVE-2016-6304,
CVE-2016-6306 | 3.11 and later | Not vulnerable, fixed in 3.11.1.1
3.10 | Upgrade to 3.10.2.1.
3.9 | Upgrade to 3.9.7.1.
3.8.4FC | Upgrade to later release with fixes.

Unified Agent (UA)

CVE |Affected Version(s)|Remediation
CVE-2016-2177, CVE-2016-2182,
CVE-2016-6306 | 4.8 and later | Not vulnerable, fixed in 4.8.0
4.7 | Upgrade to later release with fixes.
4.6 | Upgrade to later release with fixes.
4.1 | Upgrade to later release with fixes.

X-Series XOS

CVE |Affected Version(s)|Remediation
CVE-2016-2178 | 11.0 | Not available at this time
10.0 | Not available at this time
9.7 | Upgrade to later release with fixes.

ADDITIONAL PRODUCT INFORMATION

Blue Coat products may act as both client and server in SSL/TLS connections, and may use application functionality for cryptographic operations. Blue Coat products act as a client when connecting to Blue Coat services such as WebPulse, DRTR, and licensing and subscription services. Products should be considered vulnerable in all interfaces that provide SSL/TLS connections for data and management interfaces unless the CVE is specific to SSL/TLS client or server functionality (as noted in the descriptions above) or unless otherwise stated below:

  • CacheFlow: All CVEs affect only management connections.
  • MC: CVE-2016-2178 only affects PDM connections from ProxySG.

Blue Coat products that use a native installation of OpenSSL but do not install or maintain that implementation are not vulnerable to any of these CVEs. However, the underlying platform or application that installs and maintains OpenSSL may be vulnerable. Blue Coat urges our customers to update the versions of OpenSSL that are natively installed for Client Connector for OS X, Proxy Client for OS X, and Reporter 9.x for Linux.

Some Blue Coat products do not enable or use all functionality within OpenSSL. The products listed below do not utilize the functionality described in the CVEs below and are thus not known to be vulnerable to them. However, fixes for these CVEs will be included in the patches that are provided.

  • ASG: CVE-2016-2178, CVE-2016-2179, CVE-2016-2180, CVE-2016-2181, CVE-2016-6302, CVE-2016-6303, and CVE-2016-6304
  • **Android Mobile Agent:**CVE-2016-2177, CVE-2016-2178, CVE-2016-2179, CVE-2016-2180, CVE-2016-2181, CVE-2016-6302, CVE-2016-6303, CVE-2016-6304, and CVE-2016-6306
  • CacheFlow: CVE-2016-2178, CVE-2016-2179, CVE-2016-2180, CVE-2016-2181, CVE-2016-6302, CVE-2016-6303, and CVE-2016-6304
  • Client Connector: CVE-2016-2178, CVE-2016-2179, CVE-2016-2181, CVE-2016-6302, CVE-2016-6303, and CVE-2016-6304
  • CAS: CVE-2016-2178, CVE-2016-2179, CVE-2016-2180, CVE-2016-2181, and CVE-2016-6303
  • Director: CVE-2016-2179
  • MTD: CVE-2016-2178, CVE-2016-2179, CVE-2016-2180, CVE-2016-2181, and CVE-2016-6303
  • MAA: CVE-2016-2179, CVE-2016-2180, CVE-2016-2181, and CVE-2016-6302
  • MC: CVE-2016-2179, CVE-2016-2181, CVE-2016-6302, and CVE-2016-6304
  • ICSP: CVE-2016-2179, CVE-2016-2180, CVE-2016-2181, CVE-2016-6302, CVE-2016-6303, and CVE-2016-6304
  • NNP: CVE-2016-2179, CVE-2016-2180, CVE-2016-2181, CVE-2016-6302, CVE-2016-6303, and CVE-2016-6304
  • NSP: CVE-2016-2179, CVE-2016-2180, CVE-2016-2181, CVE-2016-6302, CVE-2016-6303, and CVE-2016-6304
  • PS: CVE-2016-2179, CVE-2016-2180, CVE-2016-2181, CVE-2016-2182, and CVE-2016-6302
  • PS S-Series: CVE-2016-2179 and CVE-2016-2181
  • PC: CVE-2016-2179, CVE-2016-2180, CVE-2016-2181, CVE-2016-2182, and CVE-2016-6302
  • PC S-Series: CVE-2016-2179 and CVE-2016-2181
  • ProxyAV: CVE-2016-2178, CVE-2016-2179, CVE-2016-2180, CVE-2016-2181, and CVE-2016-6303
  • ProxyClient: CVE-2016-2178, CVE-2016-2179, CVE-2016-2181, CVE-2016-6302, CVE-2016-6303, and CVE-2016-6304
  • ProxySG: CVE-2016-2178, CVE-2016-2179, CVE-2016-2180, CVE-2016-2181, CVE-2016-6302, CVE-2016-6303, and CVE-2016-6304
  • Reporter: CVE-2016-2178, CVE-2016-2179, CVE-2016-2180 (9.5 and 10.1 only), CVE-2016-2181, CVE-2016-6302, CVE-2016-6303, and CVE-2016-6304.
  • Security Analytics: CVE-2016-2178, CVE-2016-2179, CVE-2016-2181, and CVE-2016-6302
  • SSLV: CVE-2016-2179, CVE-2016-2180, CVE-2016-2181, CVE-2016-6302, and CVE-2016-6303
  • **UA:**CVE-2016-2178, CVE-2016-2179, CVE-2016-2180, CVE-2016-2181, CVE-2016-6302, CVE-2016-6303, and CVE-2016-6304
  • XOS: CVE-2016-2177, CVE-2016-2179, CVE-2016-2180, CVE-2016-2181, CVE-2016-2182, CVE-2016-6302, CVE-2016-6304, and CVE-2016-6306

The following products are not vulnerable:
AuthConnector
Blue Coat HSM Agent for the Luna SP
Cloud Data Protection for Salesforce
Cloud Data Protection for Salesforce Analytics
Cloud Data Protection for ServiceNow
Cloud Data Protection for Oracle Sales Cloud
Cloud Data Protection Integration Server
Cloud Data Protection Communication Server
Cloud Data Protection Policy Builder
General Auth Connector Login Application
K9
ProxyAV ConLog and ConLogXP
Web Isolation

Information is not available about the following products. NetDialog NetX is a replacement product for IntelligenceCenter.
IntelligenceCenter
IntelligenceCenter Data Collector

Blue Coat no longer provides vulnerability information for the following products:

DLP
Please, contact Digital Guardian technical support regarding vulnerability information for DLP.

ISSUES

CVE-2016-2177

Severity / CVSSv2 | Medium / 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P) References| SecurityFocus: BID 91319 / NVD: CVE-2016-2177 Impact| Denial of service Description | An integer overflow flaw in multiple modules allows a remote attacker to send crafted data and cause heap-based buffer overflow, resulting in application crashes and denial of service.

CVE-2016-2178

Severity / CVSSv2 | Low / 2.1 (AV:L/AC:L/Au:N/C:P/I:N/A:N) References| SecurityFocus: BID 91081 / NVD: CVE-2016-2178 Impact| Information disclosure Description | A non-constant operation time flaw in the DSA signature implementation provides a timing side channel. A remote attacker can exploit the side channel to recover private DSA keys through cache-timing attacks.

CVE-2016-2179

Severity / CVSSv2 | Medium / 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) References| SecurityFocus: BID 92987 / NVD: CVE-2016-2179 Impact| Denial of service Description | A flaw in DTLS message handling allows a remote attacker to establish a large number of DTLS connections with out-of-order messages. This can cause memory depletion and result in denial of service.

CVE-2016-2180

Severity / CVSSv2 | Medium / 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) References| SecurityFocus: BID 92117 / NVD: CVE-2016-2180 Impact| Denial of service Description | A flaw in the X.509 Time Stamp Protocol implementation allows an attacker to provide a crafted timestamp file to the “openssl ts” application and cause an application crash, resulting in denial of service.

CVE-2016-2181

Severity / CVSSv2 | Medium / 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) References| SecurityFocus: BID 92982 / NVD: CVE-2016-2181 Impact| Denial of service Description | A flaw in the DTLS server-side replay protection mechanism allows a remote attacker to force the server to drop legitimate packets as duplicates. This results in denial of service for a specific DTLS connection.

CVE-2016-2182

Severity / CVSSv2 | High / 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) References| SecurityFocus: BID 92557 / NVD: CVE-2016-2182 Impact| Denial of service, code execution Description | A buffer overwrite flaw in large number binary conversion allows a remote attacker to send a certificate or CRL with a large binary number. The attacker can cause memory corruption, resulting in denial of service and possibly arbitrary code execution.

CVE-2016-6302

Severity / CVSSv2 | Medium / 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) References| SecurityFocus: BID 92628 / NVD: CVE-2016-6302 Impact| Denial of service Description | An integer overflow flaw in TLS session ticket validation allows a remote attacker to send a crafted session ticket and cause a buffer overread. This can cause an application crash, resulting in denial of service.

CVE-2016-6303

Severity / CVSSv2 | High / 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) References| SecurityFocus: BID 92984 / NVD: CVE-2016-6303 Impact| Denial of service, code execution Description | An integer overflow flaw in the MDC-2 module allows a remote attacker to send crafted data and cause a buffer overwrite. This can cause memory corruption, resulting in denial of service and possibly arbitrary code execution.

CVE-2016-6304

Severity / CVSSv2 | High / 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C) References| SecurityFocus: BID 93150 / NVD: CVE-2016-6304 Impact| Denial of service Description | A memory leak flaw in the TLS server module that allows a remote attacker to continuously renegotiate a TLS connection with large OCSP TLS extensions. The attacker can cause memory depletion on the TLS server, resulting in denial of service.

CVE-2016-6305

Severity / CVSSv2 | Medium / 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) References| SecurityFocus: BID 93149 / NVD: CVE-2016-6305 Impact| Denial of service Description | A flaw in SSL/TLS record handling allows a remote attacker to send an empty SSL/TLS record and cause an endless CPU loop, resulting in denial of service.

CVE-2016-6306

Severity / CVSSv2 | Medium / 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P) References| SecurityFocus: BID 93153 / NVD: CVE-2016-6306 Impact| Denial of service Description | A flaw in the SSL/TLS module allows a remote attacker to send crafted SSL/TLS messages and cause a buffer overread. This can result in application crashes and denial of service.

CVE-2016-6307

Severity / CVSSv2 | Medium / 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P) References| SecurityFocus: BID 93152 / NVD: CVE-2016-6307 Impact| Denial of service Description | A flaw in SSL/TLS message handling may allow a remote attacker to send creafted SSL/TLS messages and cause memory depletion, resulting in denial of service.

CVE-2016-6308

Severity / CVSSv2 | High / 7.1 (AV:N/AC:M/Au:N/C:N/I:N/A:C) References| SecurityFocus: BID 93151 / NVD: CVE-2016-6308 Impact| Denial of service Description | A flaw in DTLS message handling may allow a remote attacker to send creafted DTLS messages and cause memory depletion, resulting in denial of service.

CVE-2016-6309

Severity / CVSSv2 | High / 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C) References| SecurityFocus: BID 93177 / NVD: CVE-2016-6309 Impact| Denial of service, code execution Description | A flaw in SSL/TLS message handling is introduced by the fix for CVE-2016-6307. It allows a remote attacker to send crafted SSL/TLS messages and cause memory corruption, resulting in denial of service and possibly arbitrary code execution.

CVE-2016-7052

Severity / CVSSv2 | Medium / 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) References| SecurityFocus: BID 93171 / NVD: CVE-2016-7052 Impact| Denial of service Description | A flaw in CRL processing allows a remote attacker to cause an application crash through the usage of CRLs, resulting in denial of service.

MITIGATION

These vulnerabilities can be exploited in CacheFlow only through the management interface. Allowing only machines, IP addresses and subnets from a trusted network to access the CacheFlow management interface reduces the threat of exploiting the vulnerabilities.

REFERENCES

OpenSSL Security Advisory [22 Sep 2016] - <https://www.openssl.org/news/secadv/20160922.txt&gt;
OpenSSL Security Advisory [26 Sep 2016] - <https://www.openssl.org/news/secadv/20160926.txt&gt;

REVISION

2020-04-22 Information is not available about IntelligenceCenter and IntelligenceCenter Data Collector. NetDialog NetX is a replacement product for IntelligenceCenter. A fix will not be provided for Industrial Control System Protection (ICSP) 5.3. Please upgrade to a later version with the vulnerability fixes. Advisory status changed to Closed.
2019-10-02 Web Isolation is not vulnerable.
2019-01-29 ICSP 5.4 is not vulnerable because a fix is available in 5.4.1.
2019-01-21 SA 8.0 is not vulnerable.
2018-09-24 A fix for SSLV 3.8.4FC will not be provided. Please upgrade to a later version with the vulnerability fixes.
2018-08-03 Customers who use NSP for USB cleaning can switch to a version of Industrial Control System Protection (ICSP) with fixes.
2018-07-02 A fix for PolicyCenter 9.2 is available in 9.2.13p7.
2018-07-01 A fix for PacketShaper 9.2 is available in 9.2.13p7.
2018-06-29 A fix for Norman Shark Network Protection (NNP) 5.3 and Norman Shark SCADA Protection (NSP) 5.3 will not be provided.
2018-04-25 A fix for XOS 9.7 will not be provided. Please upgrade to a later version with the vulnerability fixes.
2018-04-22 PacketShaper S-Series 11.10 is not vulnerable.
2018-02-05 A fix for Reporter 9.5 is available in 9.5.4.1.
2017-11-16 A fix for PS S-Series 11.5 will not be provided. Please upgrade to a later version with the vulnerability fixes.
2017-11-06 ASG 6.7 is not vulnerable because a fix is available in 6.7.2.1.
2017-11-05 A fix for CVE-2016-6303 and CVE-2016-6304 in ASG 6.6 and ProxySG 6.6 is available in 6.6.5.13. A fix for the remaining CVEs will not be provided in ASG 6.6 and ProxySG 6.6. Please upgrade to a later version with the vulnerability fixes.
2017-08-02 SSLV 4.1 is not vulnerable.
2017-07-24 PacketShaper S-Series 11.9 is not vulnerable.
2017-07-20 MC 1.10 is not vulnerable.
2017-07-10 A fix for CVE-2016-2179, CVE-2016-2180, CVE-2016-2181, CVE-2016-6302, CVE-2016-6303, and CVE-2016-6304 in ProxySG 6.5 is available in 6.5.10.4. A fix for CVE-2016-2178 in ProxySG 6.5 will not be provided. Please upgrade to a later version with the vulnerability fixes.
2016-06-30 A fix for ProxyAV 3.5 is available in 3.5.4.2.
2017-06-24 Reporter 9.4, 9.5, and 10.1 are vulnerable to CVE-2016-2177, CVE-2016-2182, and CVE-2016-6306. They also have a vulnerable version of OpenSSL for CVE-2016-2178, CVE-2016-2179, CVE-2016-2180, CVE-2016-2181, CVE-2016-6302, CVE-2016-6303, and CVE-2016-6304, but are not vulnerable to known vectors of attack. A fix for Reporter 10.1 is available in 10.1.5.4.
2017-06-22 Security Analytics 7.3 is not vulnerable.
2017-06-05 PacketShaper S-Series 11.8 is not vulnerable.
2017-05-26 A fix for CAS 1.3 is available in 1.3.7.5.
2017-05-22 UA 4.8 is not vulnerable because a fix is available in 4.8.0.
2017-05-18 CAS 2.1 is not vulnerable.
2017-04-30 A fix for Director 6.1 is available in 6.1.23.1.
2017-04-29 A fix for CacheFlow 3.4 is available in 3.4.2.8.
2017-03-30 MC 1.9 is not vulnerable because a fix is available in 1.9.1.1.
2017-03-16 A fix for SSLV 3.10 is available in 3.10.2.1.
2017-03-08 MC 1.8 is vulnerable to CVE-2016-2177, CVE-2016-2178, CVE-2016-2180, CVE-2016-2182, and CVE-2016-6306. ProxySG 6.7 is not vulnerable. SSLV 4.0 is not vulnerable. A fix for PolicyCenter S-Series is available in 1.1.3.1.
2017-02-07 A fix for Android Mobile Agent is available in 1.3.8. Vulnerability inquiries for DLP should be addressed to Digital Guardian technical support.
2017-01-27 A fix for Security Analytics 7.2 is available in 7.2.2.
2017-01-13 A fix for SSLV 3.9 is available in 3.9.7.1.
2016-12-19 A fix for MAA is available in 4.2.11.
2016-12-02 A fix is available in SSLV 3.11.1.1.
2016-11-29 A fix for PacketShaper S-Series 11.6 is available in 11.6.2.2. PacketShaper S-Series 11.7 is not vulnerable because the fix is available in 11.7.1.1.
2016-11-11 SSLV 3.10 is vulnerable to CVE-2016-2177, CVE-2016-2178, CVE-2016-2182, CVE-2016-6304, and CVE-2016-6306. A fix is not available at this time.
2016-11-09 A fix for CVE-2016-2177, CVE-2016-2182, and CVE-2016-6306 is available in 6.5.9.13.
2016-11-08 Fixes for Security Analytics 6.6 and 7.1 are available through RPM patches from Blue Coat Support.
2016-10-24 A fix for CVE-2016-2177, CVE-2016-2182, and CVE-2016-6306 in ProxySG 6.6 is available in 6.6.5.2. A fix for CVE-2016-2177, CVE-2016-2182, and CVE-2016-6306 in ASG is available in 6.6.5.2. Fixes for the remaining CVEs is not available at this time.
2016-10-06 initial public release

Related

openvas 33
huawei 1
ibm 76
nessus 44
freebsd 1
slackware 1
fortinet 1
fedora 3
arista 1
aix 1
freebsd_advisory 1
suse 9
archlinux 2
cisco 1
altlinux 5
f5 2
ubuntu 2
osv 3
oraclelinux 2
centos 1
mageia 2
cloudfoundry 1
debian 2
nodejsblog 1
redhat 1
amazon 1
gentoo 1
openvas
openvas
Juniper Networks Junos OS Multiple OpenSSL Vulnerabilities
2016-10-14 00:00:00
Huawei Data Communication: Sixteen OpenSSL Vulnerabilities on Some Huawei products (huawei-sa-20170322-01-openssl)
2020-06-05 00:00:00
Fedora Update for openssl FEDORA-2016-97454404fe
2016-11-14 00:00:00
huawei
huawei
Security Advisory - Sixteen OpenSSL Vulnerabilities on Some Huawei products
2017-03-22 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in OpenSSL affect Rational Reporting for Development Intelligence
2018-06-17 05:17:53
Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Workload Scheduler
2018-06-17 15:32:47
Security Bulletin: OpenSSL Security Advisory [22 Sep 2016] and [26 Sep 2016] affects IBM Cisco SAN switches and directors.
2022-04-11 15:07:09
nessus
nessus
Tenable Nessus 6.x < 6.9 Multiple Vulnerabilities (TNS-2016-16) (SWEET32)
2017-02-15 00:00:00
Slackware 14.0 / 14.1 / 14.2 / current : openssl (SSA:2016-266-01)
2016-09-23 00:00:00
EulerOS 2.0 SP1 : openssl (EulerOS-SA-2016-1047)
2017-05-01 00:00:00
freebsd
freebsd
OpenSSL -- multiple vulnerabilities
2016-09-22 00:00:00
slackware
slackware
[slackware-security] openssl
2016-09-22 18:53:12
fortinet
fortinet
OpenSSL Security Advisory [22 Sept 2016]
2017-04-03 00:00:00
fedora
fedora
[SECURITY] Fedora 23 Update: openssl-1.0.2j-1.fc23
2016-10-11 23:24:05
[SECURITY] Fedora 25 Update: openssl-1.0.2j-1.fc25
2016-10-09 03:28:42
[SECURITY] Fedora 24 Update: openssl-1.0.2j-1.fc24
2016-09-28 01:57:16
arista
arista
Security Advisory 0024
2016-10-04 00:00:00
aix
aix
Vulnerabilities in OpenSSL affect AIX
2016-11-14 13:29:26
freebsd_advisory
freebsd_advisory
FreeBSD-SA-16:26.openssl
2016-09-23 00:00:00
suse
suse
Security update for openssl1 (important)
2016-10-06 20:11:44
Security update for openssl (important)
2016-09-27 19:11:34
Security update for openssl (important)
2016-09-28 12:10:35
archlinux
archlinux
[ASA-201609-24] lib32-openssl: multiple issues
2016-09-26 00:00:00
[ASA-201609-23] openssl: multiple issues
2016-09-26 00:00:00
cisco
cisco
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016
2016-09-27 22:40:00
altlinux
altlinux
Security fix for the ALT Linux 10 package openssl1.1 version 1.0.2i-alt1
2016-09-22 00:00:00
Security fix for the ALT Linux 7 package openssl10 version 1.0.1u-alt0.M70P.1
2016-09-23 00:00:00
Security fix for the ALT Linux 8 package openssl10 version 1.0.2i-alt1
2016-09-22 00:00:00
f5
f5
SOL22071504 - September 2016 OpenSSL security vulnerability announcement
2016-09-22 00:00:00
SOL09422508 - OpenSSL vulnerabilities CVE-2016-6302, CVE-2016-6307, and CVE-2016-6308
2016-10-19 00:00:00
ubuntu
ubuntu
OpenSSL vulnerabilities
2016-09-22 00:00:00
OpenSSL regression
2016-09-23 00:00:00
osv
osv
openssl - regression update
2016-09-22 00:00:00
openssl - security update
2016-09-22 00:00:00
openssl - security update
2016-09-25 00:00:00
oraclelinux
oraclelinux
openssl security update
2016-09-27 00:00:00
openssl security update
2016-10-13 00:00:00
centos
centos
openssl security update
2016-09-28 14:48:04
mageia
mageia
Updated openssl packages fix security vulnerabilities
2016-10-12 01:12:20
Updated virtualbox packages fixes security vulnerabilities
2016-12-06 00:49:27
cloudfoundry
cloudfoundry
USN-3087-2 OpenSSL Regression | Cloud Foundry
2016-09-28 00:00:00
debian
debian
[SECURITY] [DSA 3673-1] openssl security update
2016-09-22 16:50:14
[SECURITY] [DLA 637-1] openssl security update
2016-09-25 11:55:01
nodejsblog
nodejsblog
Security updates for all active release lines, September 2016
2016-09-23 00:00:00
redhat
redhat
(RHSA-2016:1940) Important: openssl security update
2016-09-27 11:50:45
amazon
amazon
Medium: openssl
2016-10-12 17:00:00
gentoo
gentoo
OpenSSL: Multiple vulnerabilities
2016-12-07 00:00:00

0.911 High

EPSS

Percentile

98.9%

JSON
Related for SMNTC-1382
openvas33huawei1ibm76nessus44freebsd1slackware1fortinet1fedora3arista1aix1freebsd_advisory1suse9archlinux2cisco1altlinux5f52ubuntu2osv3oraclelinux2centos1mageia2cloudfoundry1debian2nodejsblog1redhat1amazon1gentoo1