Notified: November 15, 2017 Updated: November 15, 2017
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: November 15, 2017 Updated: November 15, 2017
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: November 15, 2017 Updated: November 15, 2017
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: November 15, 2017 Updated: November 15, 2017
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: November 15, 2017 Updated: November 15, 2017
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: November 15, 2017 Updated: November 20, 2017
Statement Date: November 16, 2017
Not Affected
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 12, 2017 Updated: December 12, 2017
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Updated: December 14, 2017
Statement Date: December 14, 2017
Not Affected
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: November 15, 2017 Updated: December 14, 2017
Affected
No statement is currently available from the vendor regarding this vulnerability.
Cisco ACE is affected, and assigned CVE-2017-17428 Cisco ASA is affected and assigned CVE-2017-12373 Please see Cisco's security advisory for full vendor statement.
Notified: November 15, 2017 Updated: December 12, 2017
Statement Date: December 12, 2017
Affected
No statement is currently available from the vendor regarding this vulnerability.
Citrix NetScaler ADC and Gateway - CVE-2017-17382
Notified: November 15, 2017 Updated: November 15, 2017
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: November 15, 2017 Updated: November 15, 2017
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: November 15, 2017 Updated: November 15, 2017
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: November 15, 2017 Updated: November 29, 2017
Statement Date: November 28, 2017
Not Affected
No statement is currently available from the vendor regarding this vulnerability.
EMC does not develop TLS stacks and so is unaffected.
Updated: December 12, 2017
Affected
No statement is currently available from the vendor regarding this vulnerability.
This vulnerability was assigned CVE-2017-1000385.
Notified: November 15, 2017 Updated: November 20, 2017
Statement Date: November 17, 2017
Affected
F5 Networks made a public announcement of this issue today as CVE-2017-6168 – please see https://support.f5.com/csp/article/K21905460
We are not aware of further vendor information regarding this vulnerability.
Updated: December 22, 2017
Statement Date: December 22, 2017
Not Affected
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 12, 2017 Updated: December 12, 2017
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: November 15, 2017 Updated: December 13, 2017
Statement Date: December 13, 2017
Not Affected
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: November 15, 2017 Updated: November 15, 2017
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: November 15, 2017 Updated: November 15, 2017
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: November 15, 2017 Updated: December 06, 2017
Statement Date: December 06, 2017
Not Affected
iSaSiLk TLS is not affected.
We are not aware of further vendor information regarding this vulnerability.
Notified: November 15, 2017 Updated: November 15, 2017
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: November 15, 2017 Updated: December 12, 2017
Statement Date: December 12, 2017
Affected
BouncyCastle TLS servers, when configured to use the JCE (Java Cryptography Extension) for cryptographic functions, contained a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange was negotiated. This specifically includes servers using the BCJSSE provider in its default configuration. Affected software: bctls-fips-1.0.2.jar and earlier versions bctls-jdk15on-1.58.jar and earlier versions Note that the older TLS implementation (in the org.bouncycastle.crypto.tls package) is not vulnerable. For FIPS users, the issue is fixed in bctls-fips-1.0.3.jar We recommend all FIPS users upgrade as soon as possible. For the regular API, version 1.59 containing the fix is expected to be available before the end of 2017. In the meantime, beta versions beginning with 1.59b09 contain the fix, and are available from https://downloads.bouncycastle.org/betas/ . We recommend users upgrade immediately to bctls-jdk15on-159b09.jar and then upgrade to the full 1.59 release as soon as it is available. If continuing to deploy vulnerable versions, we strongly recommend disabling TLS cipher suites that use RSA key exchange.
CVE-2017-13098 was assigned to BouncyCastle.
Notified: December 12, 2017 Updated: December 12, 2017
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: December 12, 2017 Updated: December 12, 2017
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: November 15, 2017 Updated: November 15, 2017
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: November 15, 2017 Updated: December 12, 2017
Affected
No statement is currently available from the vendor regarding this vulnerability.
MatrixSSL was previously known affected in versions prior to 3.8.3, and assigned CVE-2016-6883.
Notified: November 15, 2017 Updated: March 22, 2018
Statement Date: March 22, 2018
Affected
Certain versions of Micro Focus Host Access Management and Security Server, Reflection for the Web, Reflection ZFE and Verastream Software Development Kit for Unisys and Airlines are affected by CVE-2017-13098. Updates which address the issue are available for these products. More information is available at https://support.microfocus.com/kb/doc.php?id=7022561.
We are not aware of further vendor information regarding this vulnerability.
Notified: November 15, 2017 Updated: December 12, 2017
Statement Date: December 12, 2017
Not Affected
No statement is currently available from the vendor regarding this vulnerability.
Microsoft is not affected in default configurations.
Notified: December 12, 2017 Updated: December 12, 2017
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: November 15, 2017 Updated: November 15, 2017
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: November 15, 2017 Updated: November 20, 2017
Statement Date: November 17, 2017
Not Affected
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: November 15, 2017 Updated: December 18, 2017
Statement Date: December 15, 2017
Unknown
No statement is currently available from the vendor regarding this vulnerability.
According to the reporter, Java/JSSE were previously known vulnerable in 2012 and assigned CVE-2012-5081. We do not currently have any verification that CVE-2012-5081 was a Bleichenbacher-style vulnerability, but the vulnerability was resolved in 2012 in any case. Please ensure you are using the release of any products since 2012.
Notified: December 12, 2017 Updated: December 12, 2017
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: November 15, 2017 Updated: November 15, 2017
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: November 15, 2017 Updated: December 13, 2017
Statement Date: November 28, 2017
Not Affected
RSA BSAFE TLS stacks are not vulnerable to the reported vulnerability.
Please see the statement below. The URL requires RSA Link Support credentials.
Notified: November 15, 2017 Updated: December 08, 2017
Statement Date: December 07, 2017
Not Affected
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: November 15, 2017 Updated: November 15, 2017
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: November 15, 2017 Updated: November 15, 2017
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Updated: March 22, 2018
Statement Date: March 22, 2018
Not Affected
No statement is currently available from the vendor regarding this vulnerability.
The following products are NOT impacted, please see the vendor's security advisory for more information. VMware ESXi Site Recovery Manager vCloud Director for Service Providers vRealize Automation vRealize Business for Cloud vRealize Orchestrator vRealize Operations
Notified: December 12, 2017 Updated: December 12, 2017
Affected
No statement is currently available from the vendor regarding this vulnerability.
Assigned CVE-2017-13099