OpenSSL多个高危漏洞安全风险通告 (已复现)
Tags
| attack-pattern: | Exploits - T1587.004 Exploits - T1588.005 Server - T1583.004 Server - T1584.004 Software - T1592.002 Vulnerabilities - T1588.006 |
Common Information
| Type | Value |
|---|---|
| UUID | 8f803c71-7e17-4894-bbd7-0b24aa654002 |
| Fingerprint | d2d1d8a2a99a908d |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Nov. 2, 2022, midnight |
| Added to db | Dec. 19, 2024, 11:27 p.m. |
| Last updated | Dec. 22, 2024, 10:29 p.m. |
| Headline | OpenSSL多个高危漏洞安全风险通告 (已复现) |
| Title | OpenSSL多个高危漏洞安全风险通告 (已复现) |
| Detected Hints/Tags/Attributes | 27/1/40 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://www.secrss.com/articles/48582 |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 40 | cve-2022-3786 |
|
| Details | CVE | 40 | cve-2022-3602 |
|
| Details | CVE | 10 | cve-2022-42827 |
|
| Details | Domain | 17 | proc.pid |
|
| Details | Domain | 38 | psirt.global.sonicwall.com |
|
| Details | Domain | 176 | tools.cisco.com |
|
| Details | Domain | 86 | www.openssl.org |
|
| Details | Domain | 3 | mta.openssl.org |
|
| Details | Domain | 49 | www.helpnetsecurity.com |
|
| Details | Domain | 4692 | github.com |
|
| Details | Domain | 201 | readme.md |
|
| Details | Domain | 41 | www.akamai.com |
|
| Details | Domain | 7 | securitylabs.datadoghq.com |
|
| Details | Domain | 6752 | 163.com |
|
| Details | File | 1 | mirror.html |
|
| Details | File | 995 | node.js |
|
| Details | File | 2 | 000238.html |
|
| Details | File | 1 | 000241.html |
|
| Details | File | 8 | securitylabs.dat |
|
| Details | File | 8 | vulnerabilities.html |
|
| Details | File | 5 | 20221101.txt |
|
| Details | Github username | 7 | ncsc-nl |
|
| Details | Github username | 11 | datadog |
|
| Details | sha1 | 1 | c42165b5706e42f67ef8ef4c351a9a4c5d21639a |
|
| Details | sha1 | 1 | fe3b639dc19b325846f4f6801f2f4604f56e3de3 |
|
| Details | Url | 1 | https://www.akamai.com/blog/security-research/openssl-vulnerability-how-to-effectively-prepare |
|
| Details | Url | 1 | https://psirt.global.sonicwall.com/vuln-detail/snwlid-2022-0023 |
|
| Details | Url | 1 | https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-openssl-w9sdcc2a |
|
| Details | Url | 1 | https://www.openssl.org/source/mirror.html |
|
| Details | Url | 2 | https://mta.openssl.org/pipermail/openssl-announce/2022-october/000238.html |
|
| Details | Url | 1 | https://www.helpnetsecurity.com/2022/10/25/cve-2022-42827 |
|
| Details | Url | 2 | https://github.com/ncsc-nl/openssl-2022/blob/main/software/readme.md |
|
| Details | Url | 1 | https://mta.openssl.org/pipermail/openssl-announce/2022-november/000241.html |
|
| Details | Url | 4 | https://git.openssl.org/gitweb/?p=openssl.git |
|
| Details | Url | 2 | https://securitylabs.datadoghq.com/articles/openssl-november-1-vulnerabilities |
|
| Details | Url | 1 | https://github.com/datadog/security-labs-pocs/tree/main/proof-of-concept-exploits/openssl-punycode-vulnerability |
|
| Details | Url | 2 | https://www.openssl.org/news/vulnerabilities.html |
|
| Details | Url | 5 | https://www.openssl.org/news/secadv/20221101.txt |
|
| Details | Url | 5 | https://www.openssl.org/blog/blog/2022/11/01/email-address-overflows |
|
| Details | Yara rule | 1 | rule openssl_3 {
strings:
$re1 = /OpenSSL\\s3\\.[0-6]{1}\\.[0-9]{1}[a-z]{,1}/
condition:
$re1
} |