Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2017-3733

Published: 04/05/2017 Updated: 23/04/2019
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Openssl

Vulnerability Summary

During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 prior to 1.1.0e to crash (dependent on ciphersuite). Both clients and servers are affected.

Vulnerable Product Search on Vulmon Subscribe to Product

openssl openssl 1.1.0

openssl openssl 1.1.0c

openssl openssl 1.1.0d

openssl openssl 1.1.0a

openssl openssl 1.1.0b

hp operations agent 11.15

hp operations agent 11.14

Vendor Advisories

Red Hat: CVE-2017-3733
It was found that changing the ciphersuite during a renegotiation of the Encrypt-Then-Mac extension could result in a crash of the OpenSSL server or client ...
Cisco: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017
On January 26, 2017, the OpenSSL Software Foundation released a security advisory that included three new vulnerabilities The foundation also released one vulnerability that was already disclosed in the OpenSSL advisory for November 2016 and included in the Cisco Security Advisory Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: Novem ...

Github Repositories

https://github.com/scarby/cve_details_client

a basic ruby command like to check cvedetails for details on a given product

CveDetailsClient Usage After checking out the repo run bundle install You can then run the cvetest client using bundle exec bin/cve_details_client product dataFile [toEmail] [fromEmail] If the dataFile is blank it will check for vulnerabilities from the current day which there may not be any of - create one with content like: { "cve_id": "CVE-2017-3733&quo

References

CWE-20https://www.openssl.org/news/secadv/20170216.txthttp://www.securityfocus.com/bid/96269https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03728en_ushttp://www.securitytracker.com/id/1037846http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlhttps://github.com/openssl/openssl/commit/4ad93618d26a3ea23d36ad5498ff4f59eff3a4d2https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlhttps://nvd.nist.govhttps://github.com/scarby/cve_details_clienthttps://access.redhat.com/security/cve/cve-2017-3733
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook