Apple Computer Inc. Affected

Updated:  April 30, 2003

Status

Affected

Vendor Statement

This is fixed in Security Update 2002-08-02. Further information is available from: http://docs.info.apple.com/article.html?artnum=61798

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Conectiva Affected

Updated:  July 08, 2002

Status

Affected

Vendor Statement

Please see http://lwn.net/Articles/3951/.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Data General Unknown

Notified:  April 29, 2003 Updated: April 29, 2003

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Debian Affected

Updated:  April 30, 2003

Status

Affected

Vendor Statement

This vulnerability was fixed in DSA-135 (02 Jul 2002): http://www.debian.org/security/2002/dsa-135

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Engarde Affected

Updated:  April 17, 2003

Status

Affected

Vendor Statement

http://mail-archives.engardelinux.org/engarde-users/2002/Jul/0009.html

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Extreme Networks Not Affected

Updated:  May 01, 2003

Status

Not Affected

Vendor Statement

Extreme Networks software suite is not vulnerable to the attack explained in VU#10455, as it does not include the Webserver implementation from Apache. Investigation and testing by Extreme Network engineering reveals the current Webserver implementation in Extreme Networks software suite is not vulnerable to the attack explained in VU#104555.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Foundry Networks Inc. Not Affected

Updated:  May 07, 2003

Status

Not Affected

Vendor Statement

Foundry Networks has tested for this vulnerability and is not affected by the buffer overflow in mod_ssl as described in VU#104555.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Hewlett-Packard Company Affected

Updated:  April 17, 2003

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see http://www.securityfocus.com/advisories/4298.

Hitachi Not Affected

Updated:  May 08, 2003

Status

Not Affected

Vendor Statement

Hitachi Web Server is NOT Vulnerable to this issue.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

IBM Affected

Updated:  June 17, 2003

Status

Affected

Vendor Statement

The AIX operating system does not ship with mod_ssl. However, mod_ssl is available for installation on AIX from the Linux Affinity Toolbox. Users using mod_ssl 2.8.10 are later are not vulnerable to the issues discussed in CERT Vulnerability Note VU#104555 and any advisories which follow. This vulnerability is present in mod_ssl 2.8.9 and earlier; users are urged to upgrade as soon as possible. The Linux Affinity Toolbox is available at: http://www-1.ibm.com/servers/aix/products/aixos/linux/download.html This software is offered on an "as-is" and is unwarranted.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Ingrian Networks Not Affected

Updated:  May 02, 2003

Status

Not Affected

Vendor Statement

Ingrian Networks products are not vulnerable to VU#104555.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

NeXT Unknown

Notified:  April 29, 2003 Updated: April 29, 2003

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Red Hat Inc. Affected

Updated:  April 30, 2003

Status

Affected

Vendor Statement

A number of Red Hat products included mod_ssl packages vulnerable to this issue. Updated packages are available along with our advisories at the URLs below. Users of the Red Hat Network can update their systems using the 'up2date' tool. Red Hat Linux: http://rhn.redhat.com/errata/RHSA-2002-134.html Red Hat Enterprise Linux: http://rhn.redhat.com/errata/RHSA-2002-136.html Stronghold 3: http://rhn.redhat.com/errata/RHSA-2002-164.html Stronghold 4 (cross-platform): http://rhn.redhat.com/errata/RHSA-2002-146.html

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

SCO Affected

Updated:  April 17, 2003

Status

Affected

Vendor Statement

ftp://ftp.caldera.com/pub/updates/OpenUNIX/CSSA-2002-SCO.31/CSSA-2002-SCO.31.txt

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

SGI Not Affected

Updated:  April 30, 2003

Status

Not Affected

Vendor Statement

The mod_ssl that SGI just started shipping as a supported offering, in IRIX 6.5.20, is not vulnerable.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Sun Microsystems Inc. Unknown

Updated:  May 08, 2003

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

The mod_ssl project Affected

Updated:  July 08, 2002

Status

Affected

Vendor Statement

Please see http://www.mail-archive.com/modssl-users@modssl.org/msg14451.html.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Xerox Corporation Not Affected

Updated:  May 30, 2003

Status

Not Affected

Vendor Statement

A response to this vulnerability is available from our web site: http://www.xerox.com/security.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

View all 18 vendors View less vendors