ID

VAR-201811-0912


CVE

CVE-2018-5407


TITLE

OpenSSL CVE-2018-5407 Side Channel Attack Information Disclosure Vulnerability

Trust: 0.3

sources: BID: 105897

DESCRIPTION

Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'. OpenSSL is prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information. This may aid in further attacks. The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc. This vulnerability stems from configuration errors in network systems or products during operation. Solution: For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/ index.html 4. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201903-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: OpenSSL: Multiple vulnerabilities Date: March 14, 2019 Bugs: #673056, #678564 ID: 201903-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple Information Disclosure vulnerabilities in OpenSSL allow attackers to obtain sensitive information. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/openssl < 1.0.2r >= 1.0.2r Description =========== Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker to obtain sensitive information, caused by the failure to immediately close the TCP connection after the hosts encounter a zero-length record with valid padding. A local attacker could run a malicious process next to legitimate processes using the architectureas parallel thread running capabilities to leak encrypted data from the CPU's internal processes. Workaround ========== There is no known workaround at this time. Resolution ========== All OpenSSL users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.2r" References ========== [ 1 ] CVE-2018-5407 https://nvd.nist.gov/vuln/detail/CVE-2018-5407 [ 2 ] CVE-2019-1559 https://nvd.nist.gov/vuln/detail/CVE-2019-1559 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201903-10 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2019 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: openssl security and bug fix update Advisory ID: RHSA-2019:0483-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:0483 Issue date: 2019-03-12 CVE Names: CVE-2018-5407 ==================================================================== 1. Summary: An update for openssl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x 3. Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es): * openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Perform the RSA signature self-tests with SHA-256 (BZ#1673914) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. 5. Package List: Red Hat Enterprise Linux Client (v. 7): Source: openssl-1.0.2k-16.el7_6.1.src.rpm x86_64: openssl-1.0.2k-16.el7_6.1.x86_64.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.i686.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.x86_64.rpm openssl-libs-1.0.2k-16.el7_6.1.i686.rpm openssl-libs-1.0.2k-16.el7_6.1.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: openssl-debuginfo-1.0.2k-16.el7_6.1.i686.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.x86_64.rpm openssl-devel-1.0.2k-16.el7_6.1.i686.rpm openssl-devel-1.0.2k-16.el7_6.1.x86_64.rpm openssl-perl-1.0.2k-16.el7_6.1.x86_64.rpm openssl-static-1.0.2k-16.el7_6.1.i686.rpm openssl-static-1.0.2k-16.el7_6.1.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: openssl-1.0.2k-16.el7_6.1.src.rpm x86_64: openssl-1.0.2k-16.el7_6.1.x86_64.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.i686.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.x86_64.rpm openssl-libs-1.0.2k-16.el7_6.1.i686.rpm openssl-libs-1.0.2k-16.el7_6.1.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: openssl-debuginfo-1.0.2k-16.el7_6.1.i686.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.x86_64.rpm openssl-devel-1.0.2k-16.el7_6.1.i686.rpm openssl-devel-1.0.2k-16.el7_6.1.x86_64.rpm openssl-perl-1.0.2k-16.el7_6.1.x86_64.rpm openssl-static-1.0.2k-16.el7_6.1.i686.rpm openssl-static-1.0.2k-16.el7_6.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: openssl-1.0.2k-16.el7_6.1.src.rpm ppc64: openssl-1.0.2k-16.el7_6.1.ppc64.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.ppc.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.ppc64.rpm openssl-devel-1.0.2k-16.el7_6.1.ppc.rpm openssl-devel-1.0.2k-16.el7_6.1.ppc64.rpm openssl-libs-1.0.2k-16.el7_6.1.ppc.rpm openssl-libs-1.0.2k-16.el7_6.1.ppc64.rpm ppc64le: openssl-1.0.2k-16.el7_6.1.ppc64le.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.ppc64le.rpm openssl-devel-1.0.2k-16.el7_6.1.ppc64le.rpm openssl-libs-1.0.2k-16.el7_6.1.ppc64le.rpm s390x: openssl-1.0.2k-16.el7_6.1.s390x.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.s390.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.s390x.rpm openssl-devel-1.0.2k-16.el7_6.1.s390.rpm openssl-devel-1.0.2k-16.el7_6.1.s390x.rpm openssl-libs-1.0.2k-16.el7_6.1.s390.rpm openssl-libs-1.0.2k-16.el7_6.1.s390x.rpm x86_64: openssl-1.0.2k-16.el7_6.1.x86_64.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.i686.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.x86_64.rpm openssl-devel-1.0.2k-16.el7_6.1.i686.rpm openssl-devel-1.0.2k-16.el7_6.1.x86_64.rpm openssl-libs-1.0.2k-16.el7_6.1.i686.rpm openssl-libs-1.0.2k-16.el7_6.1.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7): Source: openssl-1.0.2k-16.el7_6.1.src.rpm aarch64: openssl-1.0.2k-16.el7_6.1.aarch64.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.aarch64.rpm openssl-devel-1.0.2k-16.el7_6.1.aarch64.rpm openssl-libs-1.0.2k-16.el7_6.1.aarch64.rpm ppc64le: openssl-1.0.2k-16.el7_6.1.ppc64le.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.ppc64le.rpm openssl-devel-1.0.2k-16.el7_6.1.ppc64le.rpm openssl-libs-1.0.2k-16.el7_6.1.ppc64le.rpm s390x: openssl-1.0.2k-16.el7_6.1.s390x.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.s390.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.s390x.rpm openssl-devel-1.0.2k-16.el7_6.1.s390.rpm openssl-devel-1.0.2k-16.el7_6.1.s390x.rpm openssl-libs-1.0.2k-16.el7_6.1.s390.rpm openssl-libs-1.0.2k-16.el7_6.1.s390x.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: openssl-debuginfo-1.0.2k-16.el7_6.1.ppc.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.ppc64.rpm openssl-perl-1.0.2k-16.el7_6.1.ppc64.rpm openssl-static-1.0.2k-16.el7_6.1.ppc.rpm openssl-static-1.0.2k-16.el7_6.1.ppc64.rpm ppc64le: openssl-debuginfo-1.0.2k-16.el7_6.1.ppc64le.rpm openssl-perl-1.0.2k-16.el7_6.1.ppc64le.rpm openssl-static-1.0.2k-16.el7_6.1.ppc64le.rpm s390x: openssl-debuginfo-1.0.2k-16.el7_6.1.s390.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.s390x.rpm openssl-perl-1.0.2k-16.el7_6.1.s390x.rpm openssl-static-1.0.2k-16.el7_6.1.s390.rpm openssl-static-1.0.2k-16.el7_6.1.s390x.rpm x86_64: openssl-debuginfo-1.0.2k-16.el7_6.1.i686.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.x86_64.rpm openssl-perl-1.0.2k-16.el7_6.1.x86_64.rpm openssl-static-1.0.2k-16.el7_6.1.i686.rpm openssl-static-1.0.2k-16.el7_6.1.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7): aarch64: openssl-debuginfo-1.0.2k-16.el7_6.1.aarch64.rpm openssl-perl-1.0.2k-16.el7_6.1.aarch64.rpm openssl-static-1.0.2k-16.el7_6.1.aarch64.rpm ppc64le: openssl-debuginfo-1.0.2k-16.el7_6.1.ppc64le.rpm openssl-perl-1.0.2k-16.el7_6.1.ppc64le.rpm openssl-static-1.0.2k-16.el7_6.1.ppc64le.rpm s390x: openssl-debuginfo-1.0.2k-16.el7_6.1.s390.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.s390x.rpm openssl-perl-1.0.2k-16.el7_6.1.s390x.rpm openssl-static-1.0.2k-16.el7_6.1.s390.rpm openssl-static-1.0.2k-16.el7_6.1.s390x.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: openssl-1.0.2k-16.el7_6.1.src.rpm x86_64: openssl-1.0.2k-16.el7_6.1.x86_64.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.i686.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.x86_64.rpm openssl-devel-1.0.2k-16.el7_6.1.i686.rpm openssl-devel-1.0.2k-16.el7_6.1.x86_64.rpm openssl-libs-1.0.2k-16.el7_6.1.i686.rpm openssl-libs-1.0.2k-16.el7_6.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: openssl-debuginfo-1.0.2k-16.el7_6.1.i686.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.x86_64.rpm openssl-perl-1.0.2k-16.el7_6.1.x86_64.rpm openssl-static-1.0.2k-16.el7_6.1.i686.rpm openssl-static-1.0.2k-16.el7_6.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-5407 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXIj7zdzjgjWX9erEAQiieQ//TzEytTXxxzNqnsMz3yxbDgb1jni0dPYx 6If80sSKu32kPgoTUgTcoJ27jUIpupYHJj3ml1zhF0zTqMAd2fYXkl2/0HSzbX6z w7FKXiRuzoA8JNG+bbqNjLhwsJBP4Avqfi/S9Z/s/0v93ep54Aqo9pmxfZYJuUMQ GncD2JcidZXLm1sky4PFl59D94szXdRkkzS3xxYcp37dyAUxwqOyzDPwbDA4q3CO 4+TBL1hevmm5FSJjp/Bux70iEXubT+aGRM7Ab1Qex1h6rZjOfEgZabLOAJL9feGT mXPnML6DW96C4W9urZJZZcYJcZ34MfeH7TjaFKjfKeDIlb0fzdGuDqsrUXi95GjF atGtjkXsu5n2Nh3QQNvTRs5N+0w1PSp5VMlrQbeizE0FQVH60z6EUUGlcKEQglof Gs+pRtn7e9R/ncCNOrGAW0QbkmCGge3cg/kYlrJTt5dvQH1oSuG49ZqowG5It4vT kzIIDIhxrQrHE23eV7O1g48nV8/rPIZI6W2UuYs4sgQuWAtHx1gncWGXwiWRNtn1 38Iqnd+UBpxwBgb+fYYwZ54SOpLXGeUa1pR+ZV2+ToEmGM1yHQ+DMVKhRlAojKYa qwSvm7HPdu7ceUkW3HTOwU8llXOGmXJ0UIr+reqIJBemRg/24NeHZ20a9qMeybEX t5ytPgxAFC4=jvvo -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . For the stable distribution (stretch), these problems have been fixed in version 1.1.0j-1~deb9u1. Going forward, openssl security updates for stretch will be based on the 1.1.0x upstream releases. We recommend that you upgrade your openssl packages. For the detailed security status of openssl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openssl Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlwBuAcACgkQEMKTtsN8 TjZbBw/+MOB5+pZbCHHXyH3IeD+yj+tSPvmNc3SCwdEtUxGXr0ZX7TKHfaLs/8s6 Udto0K8a1FvjrcUQCfhnFpNcSAv9pxX13Fr6Pd560miIfAu9/5jAqiCufCoiz+xj 45LNJGlaxxaFjgBGCitZSJA0Fc4SM6v5XFyJfR3kChdQ/3kGQbbMNAp16Fy3ZsxJ VXwviomUxmmmdvjxyhifTIpuwr9OiJSQ+13etQjTDQ3pzSbLBPSOxmpV0vPIC7I2 Dwa4zuQXA/DF4G6l8T4rXCwCN4e4pwbTc8bbCjXeZK+iVAhnRD6wXlS3cc5IVAzx /qTa89LZU8B6ylcB6nodeAHLuZTC3Le8ndoxYz5S2/jHZMM/jCQNHYJemHWNbOqn q+e5W0D1fIVLiLoL/iHW5XhN6yJY2Ma7zjXMRBnkzJA9CTNIKgUjrSFz0Ud+wIM/ u8QhNPwZ0hPd5IfSgIyWqmuQ5XzFYqAQvwT1gUJiK7tIvuT0VsSyKVaSZVbi4yrM 9sxkZaP1UNLcTVCFw6A0KFwhb9z6kQtyH1MRkFPphmnb8jlHA3cTdPJkFUBi3VaT 7izThm5/mVLbAjZ8X7nkqnzWzmc885j0ml3slDd/MOVWB5CD3vFAcI8k3VZr3A61 P2gNSN6UbAbLMGsxgs3hYUHgazi7MdXJ/aNavjGSbYBNL780Iaw=3Qji -----END PGP SIGNATURE----- . Description: This release adds the new Apache HTTP Server 2.4.37 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.29 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release. Security Fix(es): * openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys (CVE-2018-0737) * openssl: timing side channel attack in the DSA signature algorithm (CVE-2018-0734) * mod_auth_digest: access control bypass due to race condition (CVE-2019-0217) * openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407) * mod_session_cookie does not respect expiry time (CVE-2018-17199) * mod_http2: DoS via slow, unneeded request bodies (CVE-2018-17189) * mod_http2: possible crash on late upgrade (CVE-2019-0197) * mod_http2: read-after-free on a string compare (CVE-2019-0196) * nghttp2: HTTP/2: large amount of data request leads to denial of service (CVE-2019-9511) * nghttp2: HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption (CVE-2019-9513) * mod_http2: HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516) * mod_http2: HTTP/2: request for large response leads to denial of service (CVE-2019-9517) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. After installing the updated packages, the httpd daemon will be restarted automatically. Bugs fixed (https://bugzilla.redhat.com/): 1568253 - CVE-2018-0737 openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys 1644364 - CVE-2018-0734 openssl: timing side channel attack in the DSA signature algorithm 1645695 - CVE-2018-5407 openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) 1668493 - CVE-2018-17199 httpd: mod_session_cookie does not respect expiry time 1668497 - CVE-2018-17189 httpd: mod_http2: DoS via slow, unneeded request bodies 1695020 - CVE-2019-0217 httpd: mod_auth_digest: access control bypass due to race condition 1695030 - CVE-2019-0196 httpd: mod_http2: read-after-free on a string compare 1695042 - CVE-2019-0197 httpd: mod_http2: possible crash on late upgrade 1735741 - CVE-2019-9513 HTTP/2: flood using PRIORITY frames results in excessive resource consumption 1741860 - CVE-2019-9511 HTTP/2: large amount of data requests leads to denial of service 1741864 - CVE-2019-9516 HTTP/2: 0-length headers lead to denial of service 1741868 - CVE-2019-9517 HTTP/2: request for large response leads to denial of service 6. ========================================================================== Ubuntu Security Notice USN-3840-1 December 06, 2018 openssl, openssl1.0 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.10 - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Several security issues were fixed in OpenSSL. An attacker could possibly use this issue to perform a timing side-channel attack and recover private DSA keys. (CVE-2018-0734) Samuel Weiser discovered that OpenSSL incorrectly handled ECDSA signing. An attacker could possibly use this issue to perform a timing side-channel attack and recover private ECDSA keys. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-0735) Billy Bob Brumley, Cesar Pereida Garcia, Sohaib ul Hassan, Nicola Tuveri, and Alejandro Cabrera Aldaya discovered that Simultaneous Multithreading (SMT) architectures are vulnerable to side-channel leakage. This issue is known as "PortSmash". An attacker could possibly use this issue to perform a timing side-channel attack and recover private keys. (CVE-2018-5407) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10: libssl1.0.0 1.0.2n-1ubuntu6.1 libssl1.1 1.1.1-1ubuntu2.1 Ubuntu 18.04 LTS: libssl1.0.0 1.0.2n-1ubuntu5.2 libssl1.1 1.1.0g-2ubuntu4.3 Ubuntu 16.04 LTS: libssl1.0.0 1.0.2g-1ubuntu4.14 Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.27 After a standard system update you need to reboot your computer to make all the necessary changes

Trust: 2.07

sources: NVD: CVE-2018-5407 // BID: 105897 // VULHUB: VHN-135438 // PACKETSTORM: 152240 // PACKETSTORM: 152084 // PACKETSTORM: 155414 // PACKETSTORM: 155413 // PACKETSTORM: 152071 // PACKETSTORM: 150860 // PACKETSTORM: 150561 // PACKETSTORM: 155416 // PACKETSTORM: 150683

AFFECTED PRODUCTS

vendor:oraclemodel:enterprise manager base platformscope:eqversion:13.2.0.0.0

Trust: 1.0

vendor:redhatmodel:enterprise linux server tusscope:eqversion:7.6

Trust: 1.0

vendor:oraclemodel:mysql enterprise backupscope:gteversion:3.12.4

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:18.04

Trust: 1.0

vendor:tenablemodel:nessusscope:ltversion:8.1.1

Trust: 1.0

vendor:oraclemodel:peoplesoft enterprise peopletoolsscope:eqversion:8.55

Trust: 1.0

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:lteversion:17.12

Trust: 1.0

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:eqversion:16.2

Trust: 1.0

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:gteversion:17.7

Trust: 1.0

vendor:opensslmodel:opensslscope:gteversion:1.1.0

Trust: 1.0

vendor:redhatmodel:enterprise linux server eusscope:eqversion:7.6

Trust: 1.0

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:eqversion:15.1

Trust: 1.0

vendor:oraclemodel:enterprise manager base platformscope:eqversion:13.3.0.0.0

Trust: 1.0

vendor:opensslmodel:opensslscope:ltversion:1.0.2q

Trust: 1.0

vendor:oraclemodel:enterprise manager base platformscope:eqversion:12.1.0.5.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:14.04

Trust: 1.0

vendor:oraclemodel:application serverscope:eqversion:0.9.8

Trust: 1.0

vendor:oraclemodel:mysql enterprise backupscope:lteversion:3.12.3

Trust: 1.0

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:eqversion:8.4

Trust: 1.0

vendor:oraclemodel:application serverscope:eqversion:1.0.1

Trust: 1.0

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:eqversion:18.8

Trust: 1.0

vendor:nodejsmodel:node.jsscope:ltversion:8.11.4

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:10.0.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:18.10

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:oraclemodel:vm virtualboxscope:ltversion:6.0.0

Trust: 1.0

vendor:redhatmodel:enterprise linux serverscope:eqversion:7.6

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:8.0.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:16.04

Trust: 1.0

vendor:oraclemodel:peoplesoft enterprise peopletoolsscope:eqversion:8.56

Trust: 1.0

vendor:nodejsmodel:node.jsscope:ltversion:6.14.4

Trust: 1.0

vendor:oraclemodel:mysql enterprise backupscope:lteversion:4.1.2

Trust: 1.0

vendor:nodejsmodel:node.jsscope:ltversion:10.9.0

Trust: 1.0

vendor:oraclemodel:application serverscope:eqversion:1.0.0

Trust: 1.0

vendor:oraclemodel:tuxedoscope:eqversion:12.1.1.0.0

Trust: 1.0

vendor:oraclemodel:enterprise manager ops centerscope:eqversion:12.3.3

Trust: 1.0

vendor:redhatmodel:enterprise linux desktopscope:eqversion:7.0

Trust: 1.0

vendor:opensslmodel:opensslscope:gteversion:1.0.2

Trust: 1.0

vendor:oraclemodel:peoplesoft enterprise peopletoolsscope:eqversion:8.57

Trust: 1.0

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:eqversion:16.1

Trust: 1.0

vendor:redhatmodel:enterprise linux serverscope:eqversion:7.0

Trust: 1.0

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:eqversion:15.2

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:8.0

Trust: 1.0

vendor:opensslmodel:opensslscope:ltversion:1.1.0i

Trust: 1.0

vendor:oraclemodel:api gatewayscope:eqversion:11.1.2.4.0

Trust: 1.0

vendor:redhatmodel:enterprise linux workstationscope:eqversion:7.0

Trust: 1.0

vendor:redhatmodel:enterprise linux server ausscope:eqversion:7.6

Trust: 1.0

vendor:tenablemodel:nessusscope:eqversion:8.1

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:8.0

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:7.2.2

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:7.2.1

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:7.2

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:7.1.3

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:7.1.2

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:7.1.1

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:7.1

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:6.9.3

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:6.9

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:6.8

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:6.7

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:6.6.2

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:6.6.1

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:6.6

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:6.5.6

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:6.5.5

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:6.5.4

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:6.5.3

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:6.5.2

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:6.5.1

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:6.5

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:6.4.3

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:6.4.2

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:6.4.1

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:6.4

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:6.3.7

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:6.3.6

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:6.3.5

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:6.3.4

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:6.3.3

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:6.3.2

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:6.3.1

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:6.3

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:6.2.1

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:6.2

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:6.1.2

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:6.1.1

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:6.1

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:6.0.2

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:6.0.1

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:6.0

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:5.2.7

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:5.2.4

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:5.2.3

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:1.0.1

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:7.0

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:6.9.2

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:6.9.1

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:4.4.1

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:3.0.3

Trust: 0.3

vendor:redhatmodel:enterprise linuxscope:eqversion:7

Trust: 0.3

vendor:redhatmodel:enterprise linuxscope:eqversion:6

Trust: 0.3

vendor:redhatmodel:enterprise linuxscope:eqversion:5

Trust: 0.3

vendor:oraclemodel:solarisscope:eqversion:11.4

Trust: 0.3

vendor:oraclemodel:solarisscope:eqversion:11.3

Trust: 0.3

vendor:oraclemodel:solarisscope:eqversion:10

Trust: 0.3

vendor:opensslmodel:project opensslscope:eqversion:1.0.2

Trust: 0.3

vendor:opensslmodel:project openssl 1.1.0hscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.1.0gscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.1.0fscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.1.0escope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.1.0dscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.1.0cscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.1.0bscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.1.0ascope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.2pscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.2oscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.2nscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.2mscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.2l-gitscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.2lscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.2kscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.2jscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.2iscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.2hscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.2gscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.2fscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.2escope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.2dscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.2cscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.2bscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.2ascope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.2-1.0.2oscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl beta1scope:eqversion:1.0.2

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.3

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.14

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.4.0

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.3.50

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.3.4

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.3.3

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.3.2

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.3.0

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.2.6

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.2.5

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.2.4

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.2.0

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.1.9

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.1.8

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.1.3

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.1.1

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.1.0

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.0.13

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.0.12

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.0.11

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.0.10

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:7.2

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:7.1

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:5.3

Trust: 0.3

vendor:tenablemodel:nessusscope:neversion:8.1.1

Trust: 0.3

vendor:opensslmodel:project opensslscope:neversion:1.1.1

Trust: 0.3

vendor:opensslmodel:project openssl 1.1.0iscope:neversion: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.2qscope:neversion: -

Trust: 0.3

sources: BID: 105897 // NVD: CVE-2018-5407

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-5407
value: MEDIUM

Trust: 1.0

VULHUB: VHN-135438
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2018-5407
severity: LOW
baseScore: 1.9
vectorString: AV:L/AC:M/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-135438
severity: LOW
baseScore: 1.9
vectorString: AV:L/AC:M/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-5407
baseSeverity: MEDIUM
baseScore: 4.7
vectorString: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.0
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-135438 // NVD: CVE-2018-5407

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.1

problemtype:CWE-203

Trust: 1.1

sources: VULHUB: VHN-135438 // NVD: CVE-2018-5407

THREAT TYPE

local

Trust: 0.5

sources: BID: 105897 // PACKETSTORM: 150860 // PACKETSTORM: 150561

TYPE

Design Error

Trust: 0.3

sources: BID: 105897

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-135438

EXTERNAL IDS

db:NVDid:CVE-2018-5407

Trust: 2.3

db:TENABLEid:TNS-2018-16

Trust: 1.4

db:BIDid:105897

Trust: 1.4

db:TENABLEid:TNS-2018-17

Trust: 1.1

db:EXPLOIT-DBid:45785

Trust: 1.1

db:PACKETSTORMid:152084

Trust: 0.2

db:PACKETSTORMid:155413

Trust: 0.2

db:PACKETSTORMid:152240

Trust: 0.2

db:PACKETSTORMid:152071

Trust: 0.2

db:PACKETSTORMid:150138

Trust: 0.1

db:PACKETSTORMid:152241

Trust: 0.1

db:PACKETSTORMid:155415

Trust: 0.1

db:CNNVDid:CNNVD-201811-279

Trust: 0.1

db:VULHUBid:VHN-135438

Trust: 0.1

db:PACKETSTORMid:155414

Trust: 0.1

db:PACKETSTORMid:150860

Trust: 0.1

db:PACKETSTORMid:150561

Trust: 0.1

db:PACKETSTORMid:155416

Trust: 0.1

db:PACKETSTORMid:150683

Trust: 0.1

sources: VULHUB: VHN-135438 // BID: 105897 // PACKETSTORM: 152240 // PACKETSTORM: 152084 // PACKETSTORM: 155414 // PACKETSTORM: 155413 // PACKETSTORM: 152071 // PACKETSTORM: 150860 // PACKETSTORM: 150561 // PACKETSTORM: 155416 // PACKETSTORM: 150683 // NVD: CVE-2018-5407

REFERENCES

url:https://www.tenable.com/security/tns-2018-16

Trust: 1.4

url:https://github.com/bbbrumley/portsmash

Trust: 1.4

url:https://security.gentoo.org/glsa/201903-10

Trust: 1.2

url:https://access.redhat.com/errata/rhsa-2019:0483

Trust: 1.2

url:https://access.redhat.com/errata/rhsa-2019:0652

Trust: 1.2

url:https://access.redhat.com/errata/rhsa-2019:3931

Trust: 1.2

url:https://access.redhat.com/errata/rhsa-2019:3933

Trust: 1.2

url:https://access.redhat.com/errata/rhsa-2019:3935

Trust: 1.2

url:http://www.securityfocus.com/bid/105897

Trust: 1.1

url:https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/

Trust: 1.1

url:https://security.netapp.com/advisory/ntap-20181126-0001/

Trust: 1.1

url:https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

Trust: 1.1

url:https://www.tenable.com/security/tns-2018-17

Trust: 1.1

url:https://www.debian.org/security/2018/dsa-4348

Trust: 1.1

url:https://www.debian.org/security/2018/dsa-4355

Trust: 1.1

url:https://www.exploit-db.com/exploits/45785/

Trust: 1.1

url:https://eprint.iacr.org/2018/1060.pdf

Trust: 1.1

url:https://www.oracle.com/security-alerts/cpuapr2020.html

Trust: 1.1

url:https://www.oracle.com/security-alerts/cpujan2020.html

Trust: 1.1

url:https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

Trust: 1.1

url:https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

Trust: 1.1

url:https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html

Trust: 1.1

url:https://access.redhat.com/errata/rhsa-2019:0651

Trust: 1.1

url:https://access.redhat.com/errata/rhsa-2019:2125

Trust: 1.1

url:https://access.redhat.com/errata/rhsa-2019:3929

Trust: 1.1

url:https://access.redhat.com/errata/rhsa-2019:3932

Trust: 1.1

url:https://usn.ubuntu.com/3840-1/

Trust: 1.1

url:https://support.f5.com/csp/article/k49711130?utm_source=f5support&amp%3butm_medium=rss

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2018-5407

Trust: 0.9

url:https://access.redhat.com/security/cve/cve-2018-5407

Trust: 0.8

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.5

url:https://access.redhat.com/security/team/contact/

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2018-0734

Trust: 0.5

url:https://access.redhat.com/articles/11258

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2018-0737

Trust: 0.4

url:https://bugzilla.redhat.com/):

Trust: 0.4

url:https://www.openssl.org/news/cl102.txt

Trust: 0.3

url:http://openssl.org/

Trust: 0.3

url:https://bugzilla.redhat.com/show_bug.cgi?id=1645695

Trust: 0.3

url:https://www.openssl.org/news/openssl-1.0.2-notes.html

Trust: 0.3

url:https://www.openssl.org/news/secadv/20181112.txt

Trust: 0.3

url:https://www.oracle.com/technetwork/topics/security/bulletinjan2019-5251593.html

Trust: 0.3

url:http://aix.software.ibm.com/aix/efixes/security/openssl_advisory29.asc

Trust: 0.3

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-1559

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-9513

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-9511

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-9517

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-0197

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-17199

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-9511

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-17189

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-9517

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-0737

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-17199

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-9516

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-9513

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-0217

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-0217

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-0197

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-17189

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-9516

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-0196

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-0196

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-0734

Trust: 0.2

url:https://access.redhat.com/security/team/key/

Trust: 0.2

url:https://www.debian.org/security/faq

Trust: 0.2

url:https://www.debian.org/security/

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-0732

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-0735

Trust: 0.2

url:https://support.f5.com/csp/article/k49711130?utm_source=f5support&amp;amp;utm_medium=rss

Trust: 0.1

url:https://docs.ansible.com/ansible-tower/latest/html/release-notes/index.html

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-3838

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-3838

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-3835

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-3835

Trust: 0.1

url:https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:https://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-10072

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-0221

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-1559

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-0221

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-10072

Trust: 0.1

url:https://security-tracker.debian.org/tracker/openssl1.0

Trust: 0.1

url:https://security-tracker.debian.org/tracker/openssl

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/openssl/1.1.1-1ubuntu2.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.14

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.27

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/openssl/1.1.0g-2ubuntu4.3

Trust: 0.1

url:https://usn.ubuntu.com/usn/usn-3840-1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/openssl1.0/1.0.2n-1ubuntu6.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/openssl1.0/1.0.2n-1ubuntu5.2

Trust: 0.1

sources: VULHUB: VHN-135438 // BID: 105897 // PACKETSTORM: 152240 // PACKETSTORM: 152084 // PACKETSTORM: 155414 // PACKETSTORM: 155413 // PACKETSTORM: 152071 // PACKETSTORM: 150860 // PACKETSTORM: 150561 // PACKETSTORM: 155416 // PACKETSTORM: 150683 // NVD: CVE-2018-5407

CREDITS

Red Hat

Trust: 0.5

sources: PACKETSTORM: 152240 // PACKETSTORM: 155414 // PACKETSTORM: 155413 // PACKETSTORM: 152071 // PACKETSTORM: 155416

SOURCES

db:VULHUBid:VHN-135438
db:BIDid:105897
db:PACKETSTORMid:152240
db:PACKETSTORMid:152084
db:PACKETSTORMid:155414
db:PACKETSTORMid:155413
db:PACKETSTORMid:152071
db:PACKETSTORMid:150860
db:PACKETSTORMid:150561
db:PACKETSTORMid:155416
db:PACKETSTORMid:150683
db:NVDid:CVE-2018-5407

LAST UPDATE DATE

2026-06-29T22:55:31.475000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-135438date:2020-09-18T00:00:00
db:BIDid:105897date:2019-01-17T10:00:00
db:NVDid:CVE-2018-5407date:2026-06-17T02:00:16.487

SOURCES RELEASE DATE

db:VULHUBid:VHN-135438date:2018-11-15T00:00:00
db:BIDid:105897date:2018-10-30T00:00:00
db:PACKETSTORMid:152240date:2019-03-27T00:33:09
db:PACKETSTORMid:152084date:2019-03-14T16:23:47
db:PACKETSTORMid:155414date:2019-11-20T23:02:22
db:PACKETSTORMid:155413date:2019-11-20T20:32:22
db:PACKETSTORMid:152071date:2019-03-13T14:25:37
db:PACKETSTORMid:150860date:2018-12-20T15:05:22
db:PACKETSTORMid:150561date:2018-12-03T21:06:37
db:PACKETSTORMid:155416date:2019-11-20T20:55:55
db:PACKETSTORMid:150683date:2018-12-07T01:03:36
db:NVDid:CVE-2018-5407date:2018-11-15T21:29:00.233