IBM Rational ClearQuest 7.1.1.x / 7.1.2.x < / 8.0.0.x < / 8.0.1.x < OpenSSL Library Multiple Vulnerabilities (credentialed check) (Heartbleed)

This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.

Synopsis :

The remote host has software installed that is affected by multiple

Description :

The remote host has a version of IBM Rational ClearQuest 7.1.1.x /
7.1.2.x prior to / 8.0.0.x prior to / 8.0.1.x
prior to installed. It is, therefore, potentially affected
by multiple vulnerabilities in the OpenSSL library :

- An error exists related to the implementation of the
Elliptic Curve Digital Signature Algorithm (ECDSA) that
allows nonce disclosure via the 'FLUSH+RELOAD' cache
side-channel attack. (CVE-2014-0076)

- An out-of-bounds read error, known as the 'Heartbleed
Bug', exists related to handling TLS heartbeat
extensions that allows an attacker to obtain sensitive
information such as primary key material, secondary key
material, and other protected content. Note that this
error only affects versions of ClearQuest later than
7.1.2. (CVE-2014-0160)

See also :

Solution :

Upgrade to IBM Rational ClearQuest Interim Fix 01
( / Interim Fix 01 ( /
Interim Fix 01 ( or later.

Risk factor :

High / CVSS Base Score : 9.4
CVSS Temporal Score : 7.4
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 81782 ()

Bugtraq ID: 66363

CVE ID: CVE-2014-0076

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now