[Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems'
Notification of New Vulnerabilties to Windows Systems Fixlet Messages
winvulns-announcements at bigmail.bigfix.com
Tue Oct 17 05:21:11 PDT 2017
Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 566 Published: Mon, 16 Oct 2017 23:11:20 GMT
New Fixlets:
============
***************************************************************
Title: OpenSSL Security Bypass Vulnerability - CVE-2017-3735
Severity: Medium
Fixlet ID: 337701
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3377
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3735
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL since then.
More information about the WinVulns-Announcements
mailing list