{
  "threat_severity" : "Moderate",
  "public_date" : "2011-09-06T00:00:00Z",
  "bugzilla" : {
    "description" : "openssl: CRL verification vulnerability",
    "id" : "736087",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=736087"
  },
  "cvss" : {
    "cvss_base_score" : "4.3",
    "cvss_scoring_vector" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
    "status" : "verified"
  },
  "details" : [ "crypto/x509/x509_vfy.c in OpenSSL 1.0.x before 1.0.0e does not initialize certain structure members, which makes it easier for remote attackers to bypass CRL validation by using a nextUpdate value corresponding to a time in the past." ],
  "statement" : "This issue did not affect the versions of openssl as shipped with Red Hat Enterprise Linux 4 and 5, openssl096b as shipped with Red Hat Enterprise Linux 4, openssl097a as shipped with Red Hat Enterprise Linux 5, or openssl098e as shipped with Red Hat Enterprise Linux 6.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2011-10-26T00:00:00Z",
    "advisory" : "RHSA-2011:1409",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "openssl-0:1.0.0-10.el6_1.5"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 4",
    "fix_state" : "Not affected",
    "package_name" : "openssl",
    "cpe" : "cpe:/o:redhat:enterprise_linux:4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 4",
    "fix_state" : "Not affected",
    "package_name" : "openssl096b",
    "cpe" : "cpe:/o:redhat:enterprise_linux:4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "openssl",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "openssl097a",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "openssl098e",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2011-3207\nhttps://nvd.nist.gov/vuln/detail/CVE-2011-3207\nhttp://www.openssl.org/news/secadv_20110906.txt" ],
  "name" : "CVE-2011-3207",
  "csaw" : false
}