JVN/CVE Demo: Cveinfos

CVE

Id: 47882
CVE No.: CVE-2010-5298
Status: Candidate
Description: Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment.
Phase: Assigned (20140414)
Votes: None (candidate not yet proposed)
Comments

Actions

Related CVE References

Id	CVE Id	CVE No.	Reference	Actions
520437	47882	CVE-2010-5298	BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities	View
520438	47882	CVE-2010-5298	URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded	View
520439	47882	CVE-2010-5298	FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities	View
520440	47882	CVE-2010-5298	URL:http://seclists.org/fulldisclosure/2014/Dec/23	View
520441	47882	CVE-2010-5298	MLIST:[oss-security] 20140412 Use-after-free race condition,in OpenSSL"s read buffer	View
520442	47882	CVE-2010-5298	URL:http://openwall.com/lists/oss-security/2014/04/13/1	View
520443	47882	CVE-2010-5298	MISC:http://www.tedunangst.com/flak/post/analysis-of-openssl-freelist-reuse	View
520444	47882	CVE-2010-5298	MISC:https://rt.openssl.org/Ticket/Display.html?id=2167&user=guest&pass=guest	View
520445	47882	CVE-2010-5298	MISC:https://rt.openssl.org/Ticket/Display.html?id=3265&user=guest&pass=guest	View
520446	47882	CVE-2010-5298	CONFIRM:http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/004_openssl.patch.sig	View
520447	47882	CVE-2010-5298	CONFIRM:http://svnweb.freebsd.org/ports/head/security/openssl/files/patch-ssl-s3_pkt.c?revision=351191&view=markup	View
520448	47882	CVE-2010-5298	CONFIRM:http://www.openssl.org/news/secadv_20140605.txt	View
520449	47882	CVE-2010-5298	CONFIRM:https://kb.bluecoat.com/index?page=content&id=SA80	View
520450	47882	CVE-2010-5298	CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21676035	View
520451	47882	CVE-2010-5298	CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21676062	View
520452	47882	CVE-2010-5298	CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21676419	View
520453	47882	CVE-2010-5298	CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21676655	View
520454	47882	CVE-2010-5298	CONFIRM:http://www.blackberry.com/btsc/KB36051	View
520455	47882	CVE-2010-5298	CONFIRM:http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm	View
520456	47882	CVE-2010-5298	CONFIRM:https://kc.mcafee.com/corporate/index?page=content&id=SB10075	View
520457	47882	CVE-2010-5298	CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21673137	View
520458	47882	CVE-2010-5298	CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21677828	View
520459	47882	CVE-2010-5298	CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21677527	View
520460	47882	CVE-2010-5298	CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21677695	View
520461	47882	CVE-2010-5298	CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21678167	View
520462	47882	CVE-2010-5298	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html	View
520463	47882	CVE-2010-5298	CONFIRM:http://www.fortiguard.com/advisory/FG-IR-14-018/	View
520464	47882	CVE-2010-5298	CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html	View
520465	47882	CVE-2010-5298	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html	View
520466	47882	CVE-2010-5298	CONFIRM:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946	View
520467	47882	CVE-2010-5298	CONFIRM:http://advisories.mageia.org/MGASA-2014-0187.html	View
520468	47882	CVE-2010-5298	CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21683332	View
520469	47882	CVE-2010-5298	CONFIRM:http://support.citrix.com/article/CTX140876	View
520470	47882	CVE-2010-5298	CONFIRM:http://www.ibm.com/support/docview.wss?uid=swg21676356	View
520471	47882	CVE-2010-5298	CONFIRM:http://www.ibm.com/support/docview.wss?uid=swg24037783	View
520472	47882	CVE-2010-5298	CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0006.html	View
520473	47882	CVE-2010-5298	CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629	View
520474	47882	CVE-2010-5298	CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=KB29195	View
520475	47882	CVE-2010-5298	CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21676529	View
520476	47882	CVE-2010-5298	CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21676879	View
520477	47882	CVE-2010-5298	CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21676889	View
520478	47882	CVE-2010-5298	CONFIRM:https://www.novell.com/support/kb/doc.php?id=7015271	View
520479	47882	CVE-2010-5298	CONFIRM:http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754	View
520480	47882	CVE-2010-5298	CONFIRM:http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755	View
520481	47882	CVE-2010-5298	CONFIRM:http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756	View
520482	47882	CVE-2010-5298	CONFIRM:http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757	View
520483	47882	CVE-2010-5298	CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21677836	View
520484	47882	CVE-2010-5298	CISCO:20140605 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products	View
520485	47882	CVE-2010-5298	URL:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl	View
520486	47882	CVE-2010-5298	FEDORA:FEDORA-2014-9301	View
520487	47882	CVE-2010-5298	URL:http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html	View
520488	47882	CVE-2010-5298	FEDORA:FEDORA-2014-9308	View
520489	47882	CVE-2010-5298	URL:http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html	View
520490	47882	CVE-2010-5298	GENTOO:GLSA-201407-05	View
520491	47882	CVE-2010-5298	URL:http://security.gentoo.org/glsa/glsa-201407-05.xml	View
520492	47882	CVE-2010-5298	HP:HPSBGN03068	View
520493	47882	CVE-2010-5298	URL:http://marc.info/?l=bugtraq&m=140544599631400&w=2	View
520494	47882	CVE-2010-5298	HP:HPSBHF03052	View
520495	47882	CVE-2010-5298	URL:http://marc.info/?l=bugtraq&m=141658880509699&w=2	View
520496	47882	CVE-2010-5298	HP:HPSBMU03051	View
520497	47882	CVE-2010-5298	URL:http://marc.info/?l=bugtraq&m=140448122410568&w=2	View
520498	47882	CVE-2010-5298	HP:HPSBMU03055	View
520499	47882	CVE-2010-5298	URL:http://marc.info/?l=bugtraq&m=140431828824371&w=2	View
520500	47882	CVE-2010-5298	HP:HPSBMU03056	View
520501	47882	CVE-2010-5298	URL:http://marc.info/?l=bugtraq&m=140389355508263&w=2	View
520502	47882	CVE-2010-5298	HP:HPSBMU03057	View
520503	47882	CVE-2010-5298	URL:http://marc.info/?l=bugtraq&m=140389274407904&w=2	View
520504	47882	CVE-2010-5298	HP:HPSBMU03062	View
520505	47882	CVE-2010-5298	URL:http://marc.info/?l=bugtraq&m=140752315422991&w=2	View
520506	47882	CVE-2010-5298	HP:HPSBMU03074	View
520507	47882	CVE-2010-5298	URL:http://marc.info/?l=bugtraq&m=140621259019789&w=2	View
520508	47882	CVE-2010-5298	HP:HPSBMU03076	View
520509	47882	CVE-2010-5298	URL:http://marc.info/?l=bugtraq&m=140904544427729&w=2	View
520510	47882	CVE-2010-5298	MANDRIVA:MDVSA-2015:062	View
520511	47882	CVE-2010-5298	URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:062	View
520512	47882	CVE-2010-5298	MANDRIVA:MDVSA-2014:090	View
520513	47882	CVE-2010-5298	URL:http://www.mandriva.com/security/advisories?name=MDVSA-2014:090	View
520514	47882	CVE-2010-5298	OPENBSD:[5.5] 004: SECURITY FIX: April 12, 2014	View
520515	47882	CVE-2010-5298	URL:http://www.openbsd.org/errata55.html#004_openssl	View
520516	47882	CVE-2010-5298	SUSE:SUSE-SU-2015:0743	View
520517	47882	CVE-2010-5298	URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html	View
520518	47882	CVE-2010-5298	BID:66801	View
520519	47882	CVE-2010-5298	URL:http://www.securityfocus.com/bid/66801	View
520520	47882	CVE-2010-5298	SECUNIA:58939	View
520521	47882	CVE-2010-5298	URL:http://secunia.com/advisories/58939	View
520522	47882	CVE-2010-5298	SECUNIA:59162	View
520523	47882	CVE-2010-5298	URL:http://secunia.com/advisories/59162	View
520524	47882	CVE-2010-5298	SECUNIA:59300	View
520525	47882	CVE-2010-5298	URL:http://secunia.com/advisories/59300	View
520526	47882	CVE-2010-5298	SECUNIA:59438	View
520527	47882	CVE-2010-5298	URL:http://secunia.com/advisories/59438	View
520528	47882	CVE-2010-5298	SECUNIA:59450	View
520529	47882	CVE-2010-5298	URL:http://secunia.com/advisories/59450	View
520530	47882	CVE-2010-5298	SECUNIA:59490	View
520531	47882	CVE-2010-5298	URL:http://secunia.com/advisories/59490	View
520532	47882	CVE-2010-5298	SECUNIA:59655	View
520533	47882	CVE-2010-5298	URL:http://secunia.com/advisories/59655	View
520534	47882	CVE-2010-5298	SECUNIA:59721	View
520535	47882	CVE-2010-5298	URL:http://secunia.com/advisories/59721	View
520536	47882	CVE-2010-5298	SECUNIA:59413	View
520537	47882	CVE-2010-5298	URL:http://secunia.com/advisories/59413	View
520538	47882	CVE-2010-5298	SECUNIA:59669	View
520539	47882	CVE-2010-5298	URL:http://secunia.com/advisories/59669	View
520540	47882	CVE-2010-5298	SECUNIA:59301	View
520541	47882	CVE-2010-5298	URL:http://secunia.com/advisories/59301	View
520542	47882	CVE-2010-5298	SECUNIA:59666	View
520543	47882	CVE-2010-5298	URL:http://secunia.com/advisories/59666	View
520544	47882	CVE-2010-5298	SECUNIA:59342	View
520545	47882	CVE-2010-5298	URL:http://secunia.com/advisories/59342	View
520546	47882	CVE-2010-5298	SECUNIA:59437	View
520547	47882	CVE-2010-5298	URL:http://secunia.com/advisories/59437	View
520548	47882	CVE-2010-5298	SECUNIA:59287	View
520549	47882	CVE-2010-5298	URL:http://secunia.com/advisories/59287	View
520550	47882	CVE-2010-5298	SECUNIA:59440	View
520551	47882	CVE-2010-5298	URL:http://secunia.com/advisories/59440	View
520552	47882	CVE-2010-5298	SECUNIA:58337	View
520553	47882	CVE-2010-5298	URL:http://secunia.com/advisories/58337	View
520554	47882	CVE-2010-5298	SECUNIA:58713	View
520555	47882	CVE-2010-5298	URL:http://secunia.com/advisories/58713	View
520556	47882	CVE-2010-5298	SECUNIA:58977	View

Related JVN

Id	JVN No.	Title	Summary	CVE No.	CVE Id	CVSS_v2	CVSS_v3	JVN URL	Actions
39890	JVNDB-2010-005675	複数の製品で使用される TimThumb の timthumb.php におけるクロスサイトスクリプティングの脆弱性	複数の製品で使用される TimThumb の timthumb.php には、クロスサイトスクリプティングの脆弱性が存在します。	CVE-2010-5302	47882	4.3		http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-005675.html	View

Message	Memory use
Component initialization	1.39 MB
Controller action start	1.49 MB
Controller render start	2.45 MB
View render complete	3.06 MB

Message	Time in ms	Graph
Core Processing (Derived from $_SERVER["REQUEST_TIME"])	2.86
Event: Controller.initialize	0.02
Event: Controller.startup	0.06
Controller action	403.13
Event: Controller.beforeRender	5.69
» Processing toolbar data	5.59
Rendering View	37.41
» Event: View.beforeRender	0.02
» Rendering APP/View/Cveinfos/view.ctp	36.22
» Event: View.afterRender	0.02
» Event: View.beforeLayout	0.02
» Rendering APP/View/Layouts/default.ctp	0.68
» » Rendering CORE/Cake/View/Elements/sql_dump.ctp	0.11
Event: View.afterLayout	0.00

Constant	Value
APP	/virtual/inogo77/public_html/jvn/app/
APP_DIR	app
APPLIBS	/virtual/inogo77/public_html/jvn/app/Lib/
CACHE	/virtual/inogo77/public_html/jvn/app/tmp/cache/
CAKE	/virtual/inogo77/public_html/jvn/lib/Cake/
CAKE_CORE_INCLUDE_PATH	/virtual/inogo77/public_html/jvn/lib
CORE_PATH	/virtual/inogo77/public_html/jvn/lib/
CAKE_VERSION	2.6.0
CSS	/virtual/inogo77/public_html/jvn/app/webroot/css/
CSS_URL	css/
DS	/
FULL_BASE_URL	http://inogo77.s500.xrea.com
IMAGES	/virtual/inogo77/public_html/jvn/app/webroot/img/
IMAGES_URL	img/
JS	/virtual/inogo77/public_html/jvn/app/webroot/js/
JS_URL	js/
LOGS	/virtual/inogo77/public_html/jvn/app/tmp/logs/
ROOT	/virtual/inogo77/public_html/jvn
TESTS	/virtual/inogo77/public_html/jvn/app/Test/
TMP	/virtual/inogo77/public_html/jvn/app/tmp/
VENDORS	/virtual/inogo77/public_html/jvn/vendors/
WEBROOT_DIR	webroot
WWW_ROOT	/virtual/inogo77/public_html/jvn/app/webroot/

Environment Variable	Value
Php Version	5.6.40
Phprc	php56.ini
Php Fcgi Children	1
Pwd	/virtual/inogo77/public_html/.fast-cgi-bin
Php Fcgi Max Requests	10000
Shlvl	0
Path	/usr/local/bin:/usr/bin:/bin
Script Name	/jvn/app/webroot/index.php
Request Uri	/jvn/cveinfos/view/47882
Query String
Request Method	GET
Server Protocol	HTTP/1.1
Gateway Interface	CGI/1.1
Redirect Url	/jvn/app/webroot/cveinfos/view/47882
Remote Port	53837
Script Filename	/virtual/inogo77/public_html/jvn/app/webroot/index.php
Server Admin	[no address given]
Context Document Root	/virtual/inogo77/public_html
Context Prefix
Request Scheme	http
Document Root	/virtual/inogo77/public_html
Remote Addr	216.73.216.148
Server Port	80
Server Addr	160.251.151.205
Server Name	inogo77.s500.xrea.com
Server Software	Apache
Server Signature
Http Connection	close
Http Cache Control	max-age=259200
Http X Forwarded For	10.1.78.197
Http Via	1.1 squid-proxy-5b5d847c96-v2jzj (squid/6.10)
Http Host	inogo77.s500.xrea.com
Http Accept Encoding	gzip, br, zstd, deflate
Http Cookie	advanced-frontend=nvkmff9153q3ppeb65fids8371
Http User Agent	Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)
Http Accept	/
Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Suspectdos	1
X Dostranslated Ip	216.73.216.148
Mm Country Code	US
Mmdb Info	result found
Mmdb Addr	216.73.216.148
Unique Id	aFUzAm1bbbct8oO9cH__pwAAA7E
Redirect Status	200
Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect Suspectdos	1
Redirect X Dostranslated Ip	216.73.216.148
Redirect Mm Country Code	US
Redirect Mmdb Info	result found
Redirect Mmdb Addr	216.73.216.148
Redirect Unique Id	aFUzAm1bbbct8oO9cH__pwAAA7E
Redirect Redirect Status	200
Redirect Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect Redirect Suspectdos	1
Redirect Redirect X Dostranslated Ip	216.73.216.148
Redirect Redirect Mm Country Code	US
Redirect Redirect Mmdb Info	result found
Redirect Redirect Mmdb Addr	216.73.216.148
Redirect Redirect Unique Id	aFUzAm1bbbct8oO9cH__pwAAA7E
Fcgi Role	RESPONDER
Php Self	/jvn/app/webroot/index.php
Request Time Float	1750414082.3009
Request Time	1750414082

CVE

Actions

Related CVE References

Related JVN

Request History

Session

Request

Cake Params

Post data

Query string

Cookie

Current Route

Sql Logs

default

Memory

Timers

Logs

View Variables

App Constants

CakePHP Constants

PHP Environment

Included Files

Include Paths

Included Files