Apache HTTP Server Project

Notified:  October 17, 2014 Updated: October 17, 2014

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor References

    Apache-SSL

    Notified:  October 17, 2014 Updated: October 17, 2014

    Status

      Unknown

    Vendor Statement

    No statement is currently available from the vendor regarding this vulnerability.

    Vendor References

      Apple Inc.

      Updated:  October 17, 2014

      Status

        Affected

      Vendor Statement

      No statement is currently available from the vendor regarding this vulnerability.

      Vendor Information

      We are not aware of further vendor information regarding this vulnerability.

      Vendor References

      Aruba Networks, Inc.

      Notified:  October 17, 2014 Updated: October 20, 2014

      Status

        Affected

      Vendor Statement

      Aruba has published an advisory. Users should refer to the advisory for up-to-date information.

      Vendor Information

      We are not aware of further vendor information regarding this vulnerability.

      Vendor References

      Attachmate

      Notified:  October 17, 2014 Updated: October 27, 2014

      Status

        Affected

      Vendor Statement

      Attachmate has released an advisory.

      Vendor Information

      We are not aware of further vendor information regarding this vulnerability.

      Vendor References

      Botan

      Notified:  October 17, 2014 Updated: October 17, 2014

      Status

        Unknown

      Vendor Statement

      No statement is currently available from the vendor regarding this vulnerability.

      Vendor References

        Certicom

        Notified:  October 17, 2014 Updated: October 17, 2014

        Status

          Unknown

        Vendor Statement

        No statement is currently available from the vendor regarding this vulnerability.

        Vendor References

          Cryptlib

          Notified:  October 17, 2014 Updated: October 17, 2014

          Status

            Unknown

          Vendor Statement

          No statement is currently available from the vendor regarding this vulnerability.

          Vendor References

            Crypto++ Library

            Notified:  October 17, 2014 Updated: October 17, 2014

            Status

              Unknown

            Vendor Statement

            No statement is currently available from the vendor regarding this vulnerability.

            Vendor References

              EMC Corporation

              Notified:  October 17, 2014 Updated: October 17, 2014

              Status

                Unknown

              Vendor Statement

              No statement is currently available from the vendor regarding this vulnerability.

              Vendor References

                F5 Networks, Inc.

                Notified:  October 17, 2014 Updated: October 17, 2014

                Status

                  Unknown

                Vendor Statement

                No statement is currently available from the vendor regarding this vulnerability.

                Vendor References

                  GnuTLS

                  Notified:  October 17, 2014 Updated: October 17, 2014

                  Status

                    Unknown

                  Vendor Statement

                  No statement is currently available from the vendor regarding this vulnerability.

                  Vendor References

                    IAIK Java Group

                    Notified:  October 17, 2014 Updated: October 17, 2014

                    Status

                      Unknown

                    Vendor Statement

                    No statement is currently available from the vendor regarding this vulnerability.

                    Vendor References

                      Legion of the Bouncy Castle

                      Notified:  October 17, 2014 Updated: October 20, 2014

                      Status

                        Not Affected

                      Vendor Statement

                      "Bouncy Castle Java APIs version 1.46, or later, offer the ability to access SSL v3 by overriding methods in order to allow support for it. By default SSL v3 support is turned off. It is possible to see if a developer has created the necessary overrides by looking for overrides of the methods AbstractTlsClient.getMinimumVersion () or TlsClient.notifyServerVersion () in client code, and by looking for overrides of AbstractTlsServer.getMinimumVersion () or TlsServer.getServerVersion () in server code. Bouncy Castle C# APIs version 1.8 (still in beta), also contains a TLS API, which follows the same profile as the Bouncy Castle Java APIs in respect to SSL v3. Support for “TLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing Protocol Downgrade Attacks”, currently described at https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00 has been added to both the Java and C# APIs to allow developers to prevent SSL v3 as anything but a worst case. We are planning to continue tracking the fallback document as it evolves and will include the results in the next releases of the Java and C# APIs (1.52 and 1.8 respectively) For further enquiries in relation to this please contact us at office@bouncycastle.org."

                      Vendor Information

                      We are not aware of further vendor information regarding this vulnerability.

                      Vendor References

                      libgcrypt

                      Notified:  October 17, 2014 Updated: October 17, 2014

                      Status

                        Unknown

                      Vendor Statement

                      No statement is currently available from the vendor regarding this vulnerability.

                      Vendor References

                        Microsoft Corporation

                        Notified:  October 17, 2014 Updated: January 21, 2015

                        Status

                          Affected

                        Vendor Statement

                        https://technet.microsoft.com/en-us/library/security/3009008.aspx

                        Vendor Information

                        We are not aware of further vendor information regarding this vulnerability.

                        Mirapoint, Inc.

                        Notified:  October 17, 2014 Updated: October 17, 2014

                        Status

                          Unknown

                        Vendor Statement

                        No statement is currently available from the vendor regarding this vulnerability.

                        Vendor References

                          mod_ssl

                          Notified:  October 17, 2014 Updated: October 17, 2014

                          Status

                            Unknown

                          Vendor Statement

                          No statement is currently available from the vendor regarding this vulnerability.

                          Vendor References

                            Mozilla

                            Updated:  October 17, 2014

                            Status

                              Affected

                            Vendor Statement

                            No statement is currently available from the vendor regarding this vulnerability.

                            Vendor Information

                            We are not aware of further vendor information regarding this vulnerability.

                            Vendor References

                            Mozilla - Network Security Services

                            Notified:  October 17, 2014 Updated: October 17, 2014

                            Status

                              Unknown

                            Vendor Statement

                            No statement is currently available from the vendor regarding this vulnerability.

                            Vendor References

                              National Center for Supercomputing Applications

                              Notified:  October 17, 2014 Updated: October 17, 2014

                              Status

                                Unknown

                              Vendor Statement

                              No statement is currently available from the vendor regarding this vulnerability.

                              Vendor References

                                NEC Corporation

                                Updated:  October 28, 2014

                                Status

                                  Affected

                                Vendor Statement

                                "We provide information on this issue at the following URL: http://jpn.nec.com/security-info/av14-004.html"

                                Vendor Information

                                We are not aware of further vendor information regarding this vulnerability.

                                Vendor References

                                Netscape NSS

                                Notified:  October 17, 2014 Updated: October 17, 2014

                                Status

                                  Unknown

                                Vendor Statement

                                No statement is currently available from the vendor regarding this vulnerability.

                                Vendor References

                                  Nettle

                                  Notified:  October 17, 2014 Updated: October 17, 2014

                                  Status

                                    Unknown

                                  Vendor Statement

                                  No statement is currently available from the vendor regarding this vulnerability.

                                  Vendor References

                                    Nokia

                                    Notified:  October 17, 2014 Updated: October 17, 2014

                                    Status

                                      Unknown

                                    Vendor Statement

                                    No statement is currently available from the vendor regarding this vulnerability.

                                    Vendor References

                                      Novell, Inc.

                                      Updated:  October 27, 2014

                                      Status

                                        Affected

                                      Vendor Statement

                                      Novell has released an advisory.

                                      Vendor Information

                                      We are not aware of further vendor information regarding this vulnerability.

                                      Vendor References

                                      OpenSSL

                                      Updated:  October 17, 2014

                                      Status

                                        Affected

                                      Vendor Statement

                                      No statement is currently available from the vendor regarding this vulnerability.

                                      Vendor Information

                                      We are not aware of further vendor information regarding this vulnerability.

                                      PeerSec Networks

                                      Notified:  October 17, 2014 Updated: October 20, 2014

                                      Status

                                        Not Affected

                                      Vendor Statement

                                      "MatrixSSL version support is configured with compile-time define, and we have disabled SSL3.0 by default since MatrixSSL 3.3.1 on July 16, 2012. Anyone using MatrixSSL over the past 2 years would have had to manually enable SSL 3.0. Also, we do TLS style padding for SSL3.0 since the beginning for record encoding, however we can¹t enforce it on decoding, so that was of limited use unless communicating with our own library"

                                      Vendor Information

                                      We are not aware of further vendor information regarding this vulnerability.

                                      SafeNet

                                      Notified:  October 17, 2014 Updated: October 17, 2014

                                      Status

                                        Unknown

                                      Vendor Statement

                                      No statement is currently available from the vendor regarding this vulnerability.

                                      Vendor References

                                        Spyrus

                                        Notified:  October 17, 2014 Updated: October 17, 2014

                                        Status

                                          Unknown

                                        Vendor Statement

                                        No statement is currently available from the vendor regarding this vulnerability.

                                        Vendor References

                                          Stunnel

                                          Notified:  October 17, 2014 Updated: October 17, 2014

                                          Status

                                            Unknown

                                          Vendor Statement

                                          No statement is currently available from the vendor regarding this vulnerability.

                                          Vendor References

                                            SUSE Linux

                                            Updated:  October 27, 2014

                                            Status

                                              Affected

                                            Vendor Statement

                                            SUSE has released an advisory.

                                            Vendor Information

                                            We are not aware of further vendor information regarding this vulnerability.

                                            Vendor References

                                            wolfSSL

                                            Notified:  October 17, 2014 Updated: October 17, 2014

                                            Status

                                              Unknown

                                            Vendor Statement

                                            No statement is currently available from the vendor regarding this vulnerability.

                                            Vendor References

                                              View all 33 vendors View less vendors