{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"OpenSSL versions 0.9.8h \u00e0 0.9.8q ;","product":{"name":"OpenSSL","vendor":{"name":"OpenSSL","scada":false}}},{"description":"OpenSSL versions 1.0.0 \u00e0 1.0.0c.","product":{"name":"OpenSSL","vendor":{"name":"OpenSSL","scada":false}}}],"affected_systems_content":null,"content":"## Description\n\nUne vuln\u00e9rabilit\u00e9 dans OpenSSL permet de provoquer un d\u00e9ni de service \u00e0\ndistance en envoyant des messages sp\u00e9cialement con\u00e7us au serveur.\n\nCette faille ne concerne que les serveurs utilisant la fonction\nSSL_CTX_set_tlsext_status_cb(). Les versions 2.3.3 et suivantes du\nserveur Apache httpd sont notamment concern\u00e9es.\n\n## Solution\n\nMettre \u00e0 jour en version 1.0.0d ou en version 0.9.8r.\n","cves":[{"name":"CVE-2011-0014","url":"https://www.cve.org/CVERecord?id=CVE-2011-0014"}],"links":[{"title":"Bulletin de s\u00e9curit\u00e9 Fedora FEDORA-2011-1273 du 10 f\u00e9vrier    2011 :","url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054007.html"},{"title":"Bulletin de s\u00e9curit\u00e9 Fedora FEDORA-2011-1255 du 10 f\u00e9vrier    2011 :","url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056102.html"},{"title":"Bulletin de s\u00e9curit\u00e9 Fedora FEDORA-2011-5876 du 23 avril    2011 (mingw32-openssl) :","url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059314.html"},{"title":"Bulletin de s\u00e9curit\u00e9 Mandriva MDVSA-2011:028 du 15 f\u00e9vrier    2011 :","url":"http://www.mandriva.com/support/security/advisories/?name=MDVSA-2011:028"},{"title":"Bulletin de s\u00e9curit\u00e9 Ubuntu USN-1064-1 du 15 f\u00e9vrier 2011 :","url":"http://www.ubuntu.com/usn/usn-1064-1"},{"title":"Bulletin de s\u00e9curit\u00e9 Fedora FEDORA-2011-5865 du 23 avril    2011 (mingw32-openssl) :","url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059313.html"}],"reference":"CERTA-2011-AVI-073","revisions":[{"description":"version initiale.","revision_date":"2011-02-09T00:00:00.000000"},{"description":"ajout des r\u00e9f\u00e9rences aux bulletins Fedora, Mandriva et Ubuntu.","revision_date":"2011-02-16T00:00:00.000000"},{"description":"ajout de la r\u00e9f\u00e9rence au bulletin Fedora (mingw32-openssl).","revision_date":"2011-05-04T00:00:00.000000"}],"risks":[{"description":"D\u00e9ni de service \u00e0 distance"}],"summary":"Une vuln\u00e9rabilit\u00e9 dans OpenSSL permet \u00e0 une personne malintentionn\u00e9e de\nprovoquer un d\u00e9ni de service \u00e0 distance.\n","title":"Vuln\u00e9rabilit\u00e9 dans OpenSSL","vendor_advisories":[{"published_at":null,"title":"Avis de s\u00e9curit\u00e9 OpenSSL du 08 f\u00e9vrier 2011","url":"http://www.openssl.org/news/secadv_20110208.txt"}]}