Details of VAR-201810-0932

ID

VAR-201810-0932

CVE

CVE-2018-0734

TITLE

OpenSSL Encryption problem vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-201810-1435

DESCRIPTION

The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p). The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc. The vulnerability stems from incorrect use of relevant cryptographic algorithms by network systems or products, resulting in improperly encrypted content, weak encryption, and storing sensitive information in plain text. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/openssl-1.0.2q-i586-1_slack14.2.txz: Upgraded. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5407 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0734 (* Security fix *) patches/packages/openssl-solibs-1.0.2q-i586-1_slack14.2.txz: Upgraded. +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1u-i486-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1u-i486-1_slack14.0.txz Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1u-x86_64-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1u-x86_64-1_slack14.0.txz Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1u-i486-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1u-i486-1_slack14.1.txz Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1u-x86_64-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1u-x86_64-1_slack14.1.txz Updated packages for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-1.0.2q-i586-1_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-solibs-1.0.2q-i586-1_slack14.2.txz Updated packages for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-1.0.2q-x86_64-1_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-solibs-1.0.2q-x86_64-1_slack14.2.txz Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.1.1a-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.1.1a-i586-1.txz Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.1.1a-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.1.1a-x86_64-1.txz MD5 signatures: +-------------+ Slackware 14.0 packages: e6d4b3a76383f9f253da4128ba23f269 openssl-1.0.1u-i486-1_slack14.0.txz c61d31a1751ae39af89d3fee0b54f0d8 openssl-solibs-1.0.1u-i486-1_slack14.0.txz Slackware x86_64 14.0 packages: 96be19e6a96c9beb5d3bbc55348fb483 openssl-1.0.1u-x86_64-1_slack14.0.txz b7a8fa2ebd16c8ae106fc1267bc29eca openssl-solibs-1.0.1u-x86_64-1_slack14.0.txz Slackware 14.1 packages: 099b960e62eaea5d1a639a61a2fabca7 openssl-1.0.1u-i486-1_slack14.1.txz b5d5219e05db97f63c4d6c389d6884fb openssl-solibs-1.0.1u-i486-1_slack14.1.txz Slackware x86_64 14.1 packages: fc96c87d76c9d1efd1290ac847fa7c7c openssl-1.0.1u-x86_64-1_slack14.1.txz e873b66f84f45ea34d028a3d524ce573 openssl-solibs-1.0.1u-x86_64-1_slack14.1.txz Slackware 14.2 packages: d5f0cc19451e9c7e3967820cf02a20c6 openssl-1.0.2q-i586-1_slack14.2.txz 594ca80447baecd608a51083b12a26d9 openssl-solibs-1.0.2q-i586-1_slack14.2.txz Slackware x86_64 14.2 packages: 943bb2f3259ccf97a1b8b25f5f511c30 openssl-1.0.2q-x86_64-1_slack14.2.txz 0d45afe2487c47b283c06902c56e4559 openssl-solibs-1.0.2q-x86_64-1_slack14.2.txz Slackware -current packages: 6f01f6dd0f40a12e473320386cfc8536 a/openssl-solibs-1.1.1a-i586-1.txz 6e5a2ab2475a0d851376d12911b3c6b7 n/openssl-1.1.1a-i586-1.txz Slackware x86_64 -current packages: eb4697703f1f4b81ad38e9247ab70dac a/openssl-solibs-1.1.1a-x86_64-1.txz 12a10fd6bd2344b3e73106c8d5b9828c n/openssl-1.1.1a-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the packages as root: # upgradepkg openssl-1.0.2q-i586-1_slack14.2.txz openssl-solibs-1.0.2q-i586-1_slack14.2.txz +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For the stable distribution (stretch), these problems have been fixed in version 1.0.2q-1~deb9u1. Going forward, openssl1.0 security updates for stretch will be based on the 1.0.2x upstream releases. We recommend that you upgrade your openssl1.0 packages. For the detailed security status of openssl1.0 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openssl1.0 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlwaxeQACgkQEMKTtsN8 TjZVQQ//eOqeqdTZgGqXS7hI2TPT/m1mLLFfGQvxKvqYAvo+eNns5PbHGvhoM3OY 6TnR7dh3PFRHogYh7IeEymFM12HmNxX75Fz5Rs2/AX8dNvbACZFWmodkE7REm1// oLaQbr74Bq0T8pzfRntLZGqTRcumfvbGEWO4Sfob/RJ9F9+LfUKdiTI6wIcNXBtr 47Lffe10gGok+5qmruMgf3fy+verwu6uLPrLX+ekHKW383gB9M26S0BwQMU2AIlu PzJ7IPL515aBdOogeCTG3Ag1nMFfkaX4537zn5QpqcPcx/NGmcyrRgHzS0CbRIBG DFlAsO5rJdAUqw660MxNgkBkUNBDok6jW79HFmjyAO2aY5/QcCN+LhLng7A3FO7F Eg+kFifibUgs2y7fGlcGMZmLzRtparDtb+MrBXXrSar/nzcdrRwSk+1gjmB8iIVO W/J7s0GFHZ2V+FfOuDeBoprH7yLT8Ny8/IBSfLe/JiiTzzh+5l9D23dRTcT0PfFy hRboNQ+VLEpl1N1mfgB6pNpRaFoMCsoXe26rpkRiEfwXVRFgcsJbAJA27kgMko4S q8JzaJo4/YiACng5u6b0bwv2IaExrEnXhfje8oxxABDNQmu5E9tu1artCtHVaL3K TNyBsE9TZNSIZQgkoVoSHbeLVdAVgBLXTyzjKNxuzCvMl0VolGY= =Q1ou -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: openssl security and bug fix update Advisory ID: RHSA-2019:2304-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:2304 Issue date: 2019-08-06 CVE Names: CVE-2018-0734 CVE-2019-1559 ==================================================================== 1. Summary: An update for openssl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. 5. Package List: Red Hat Enterprise Linux Client (v. 7): Source: openssl-1.0.2k-19.el7.src.rpm x86_64: openssl-1.0.2k-19.el7.x86_64.rpm openssl-debuginfo-1.0.2k-19.el7.i686.rpm openssl-debuginfo-1.0.2k-19.el7.x86_64.rpm openssl-libs-1.0.2k-19.el7.i686.rpm openssl-libs-1.0.2k-19.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: openssl-debuginfo-1.0.2k-19.el7.i686.rpm openssl-debuginfo-1.0.2k-19.el7.x86_64.rpm openssl-devel-1.0.2k-19.el7.i686.rpm openssl-devel-1.0.2k-19.el7.x86_64.rpm openssl-perl-1.0.2k-19.el7.x86_64.rpm openssl-static-1.0.2k-19.el7.i686.rpm openssl-static-1.0.2k-19.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: openssl-1.0.2k-19.el7.src.rpm x86_64: openssl-1.0.2k-19.el7.x86_64.rpm openssl-debuginfo-1.0.2k-19.el7.i686.rpm openssl-debuginfo-1.0.2k-19.el7.x86_64.rpm openssl-libs-1.0.2k-19.el7.i686.rpm openssl-libs-1.0.2k-19.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: openssl-debuginfo-1.0.2k-19.el7.i686.rpm openssl-debuginfo-1.0.2k-19.el7.x86_64.rpm openssl-devel-1.0.2k-19.el7.i686.rpm openssl-devel-1.0.2k-19.el7.x86_64.rpm openssl-perl-1.0.2k-19.el7.x86_64.rpm openssl-static-1.0.2k-19.el7.i686.rpm openssl-static-1.0.2k-19.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: openssl-1.0.2k-19.el7.src.rpm ppc64: openssl-1.0.2k-19.el7.ppc64.rpm openssl-debuginfo-1.0.2k-19.el7.ppc.rpm openssl-debuginfo-1.0.2k-19.el7.ppc64.rpm openssl-devel-1.0.2k-19.el7.ppc.rpm openssl-devel-1.0.2k-19.el7.ppc64.rpm openssl-libs-1.0.2k-19.el7.ppc.rpm openssl-libs-1.0.2k-19.el7.ppc64.rpm ppc64le: openssl-1.0.2k-19.el7.ppc64le.rpm openssl-debuginfo-1.0.2k-19.el7.ppc64le.rpm openssl-devel-1.0.2k-19.el7.ppc64le.rpm openssl-libs-1.0.2k-19.el7.ppc64le.rpm s390x: openssl-1.0.2k-19.el7.s390x.rpm openssl-debuginfo-1.0.2k-19.el7.s390.rpm openssl-debuginfo-1.0.2k-19.el7.s390x.rpm openssl-devel-1.0.2k-19.el7.s390.rpm openssl-devel-1.0.2k-19.el7.s390x.rpm openssl-libs-1.0.2k-19.el7.s390.rpm openssl-libs-1.0.2k-19.el7.s390x.rpm x86_64: openssl-1.0.2k-19.el7.x86_64.rpm openssl-debuginfo-1.0.2k-19.el7.i686.rpm openssl-debuginfo-1.0.2k-19.el7.x86_64.rpm openssl-devel-1.0.2k-19.el7.i686.rpm openssl-devel-1.0.2k-19.el7.x86_64.rpm openssl-libs-1.0.2k-19.el7.i686.rpm openssl-libs-1.0.2k-19.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: openssl-debuginfo-1.0.2k-19.el7.ppc.rpm openssl-debuginfo-1.0.2k-19.el7.ppc64.rpm openssl-perl-1.0.2k-19.el7.ppc64.rpm openssl-static-1.0.2k-19.el7.ppc.rpm openssl-static-1.0.2k-19.el7.ppc64.rpm ppc64le: openssl-debuginfo-1.0.2k-19.el7.ppc64le.rpm openssl-perl-1.0.2k-19.el7.ppc64le.rpm openssl-static-1.0.2k-19.el7.ppc64le.rpm s390x: openssl-debuginfo-1.0.2k-19.el7.s390.rpm openssl-debuginfo-1.0.2k-19.el7.s390x.rpm openssl-perl-1.0.2k-19.el7.s390x.rpm openssl-static-1.0.2k-19.el7.s390.rpm openssl-static-1.0.2k-19.el7.s390x.rpm x86_64: openssl-debuginfo-1.0.2k-19.el7.i686.rpm openssl-debuginfo-1.0.2k-19.el7.x86_64.rpm openssl-perl-1.0.2k-19.el7.x86_64.rpm openssl-static-1.0.2k-19.el7.i686.rpm openssl-static-1.0.2k-19.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: openssl-1.0.2k-19.el7.src.rpm x86_64: openssl-1.0.2k-19.el7.x86_64.rpm openssl-debuginfo-1.0.2k-19.el7.i686.rpm openssl-debuginfo-1.0.2k-19.el7.x86_64.rpm openssl-devel-1.0.2k-19.el7.i686.rpm openssl-devel-1.0.2k-19.el7.x86_64.rpm openssl-libs-1.0.2k-19.el7.i686.rpm openssl-libs-1.0.2k-19.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: openssl-debuginfo-1.0.2k-19.el7.i686.rpm openssl-debuginfo-1.0.2k-19.el7.x86_64.rpm openssl-perl-1.0.2k-19.el7.x86_64.rpm openssl-static-1.0.2k-19.el7.i686.rpm openssl-static-1.0.2k-19.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-0734 https://access.redhat.com/security/cve/CVE-2019-1559 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXUl3otzjgjWX9erEAQgZQQ//XNcjRJGLVmjAzbVGiwxEqfFUvDVNiu97 fW0vLXuV9TnQTveOVqOAWmmMv2iShkVIRPDvzlOfUsYrrDEYHKr0N38R/fhDEZsM WQrJh54WK9IjEGNevLTCePKMhVuII1WnHrLDwZ6hxYGdcap/sJrf+N428b5LvHbM B39vWl3vqJYXoiI5dmIYL8ko2SfLms5Cg+dR0hLrNohf9gK2La+jhWb/j2xw6X6q /LXw5+hi/G+USbnNFfjt9G0fNjMMZRX2bukUvY6UWJRYTOXpIUOFqqp5w9zgM7tZ uX7TMTC9xe6te4mBCAFDdt+kYYLYSHfSkFlFq+S7V0MY8DmnIzqBJE4lJIDTVp9F JbrMIPs9G5jdnzPUKZw/gH9WLgka8Q8AYI+KA2xSxFX9VZ20Z+EDDC9/4uwj3i0A gLeIB68OwD70jn4sjuQqizr7TCviQhTUoKVd/mTBAxSEFZLcE8Sy/BEYxLPm81z0 veL16l6pmfg9uLac4V576ImfYNWlBEnJspA5E9K5CqQRPuZpCQFov7/D17Qm8v/x IcVKUaXiGquBwzHmIsD5lTCpl7CrGoU1PfNJ6Y/4xrVFOh1DLA4y6nnfysyO9eZx zBfuYS2VmfIq/tp1CjagI/DmJC4ezXeE4Phq9jm0EBASXtnLzVmc5j7kkqWjCcfm BtpJTAdr1kE=7kKR -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Description: This release adds the new Apache HTTP Server 2.4.37 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.29 and includes bug fixes and enhancements. After installing the updated packages, the httpd daemon will be restarted automatically. Bugs fixed (https://bugzilla.redhat.com/): 1568253 - CVE-2018-0737 openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys 1644364 - CVE-2018-0734 openssl: timing side channel attack in the DSA signature algorithm 1645695 - CVE-2018-5407 openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) 1668493 - CVE-2018-17199 httpd: mod_session_cookie does not respect expiry time 1668497 - CVE-2018-17189 httpd: mod_http2: DoS via slow, unneeded request bodies 1695020 - CVE-2019-0217 httpd: mod_auth_digest: access control bypass due to race condition 1695030 - CVE-2019-0196 httpd: mod_http2: read-after-free on a string compare 1695042 - CVE-2019-0197 httpd: mod_http2: possible crash on late upgrade 1735741 - CVE-2019-9513 HTTP/2: flood using PRIORITY frames results in excessive resource consumption 1741860 - CVE-2019-9511 HTTP/2: large amount of data requests leads to denial of service 1741864 - CVE-2019-9516 HTTP/2: 0-length headers lead to denial of service 1741868 - CVE-2019-9517 HTTP/2: request for large response leads to denial of service 6. 8) - aarch64, ppc64le, s390x, x86_64 3. The following packages have been upgraded to a later upstream version: openssl (1.1.1c)

Trust: 1.71

sources: NVD: CVE-2018-0734 // VULHUB: VHN-118936 // VULMON: CVE-2018-0734 // PACKETSTORM: 150437 // PACKETSTORM: 155414 // PACKETSTORM: 155417 // PACKETSTORM: 150860 // PACKETSTORM: 153932 // PACKETSTORM: 155416 // PACKETSTORM: 155160

AFFECTED PRODUCTS

vendor:	oracle	model:	mysql enterprise backup	scope:	lte	version:	4.1.2	Trust: 1.0
vendor:	oracle	model:	e-business suite technology stack	scope:	eq	version:	1.0.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	16.04	Trust: 1.0
vendor:	oracle	model:	mysql enterprise backup	scope:	lte	version:	3.12.3	Trust: 1.0
vendor:	oracle	model:	peoplesoft enterprise peopletools	scope:	eq	version:	8.55	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	18.10	Trust: 1.0
vendor:	oracle	model:	enterprise manager base platform	scope:	eq	version:	13.3.0.0.0	Trust: 1.0
vendor:	netapp	model:	santricity smi-s provider	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	e-business suite technology stack	scope:	eq	version:	1.0.1	Trust: 1.0
vendor:	oracle	model:	primavera p6 professional project management	scope:	lte	version:	17.12	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	lte	version:	1.0.2p	Trust: 1.0
vendor:	oracle	model:	mysql enterprise backup	scope:	gte	version:	3.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	18.04	Trust: 1.0
vendor:	oracle	model:	mysql enterprise backup	scope:	gte	version:	4.0	Trust: 1.0
vendor:	oracle	model:	primavera p6 professional project management	scope:	eq	version:	16.2	Trust: 1.0
vendor:	oracle	model:	api gateway	scope:	eq	version:	11.1.2.4.0	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	gte	version:	1.0.2	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	gte	version:	10.0.0	Trust: 1.0
vendor:	netapp	model:	steelstore	scope:	eq	version:	-	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	gte	version:	6.9.0	Trust: 1.0
vendor:	oracle	model:	enterprise manager ops center	scope:	eq	version:	12.3.3	Trust: 1.0
vendor:	oracle	model:	e-business suite technology stack	scope:	eq	version:	0.9.8	Trust: 1.0
vendor:	oracle	model:	peoplesoft enterprise peopletools	scope:	eq	version:	8.56	Trust: 1.0
vendor:	netapp	model:	snapcenter	scope:	eq	version:	-	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	eq	version:	10.13.0	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.1.1	Trust: 1.0
vendor:	oracle	model:	primavera p6 professional project management	scope:	eq	version:	8.4	Trust: 1.0
vendor:	oracle	model:	primavera p6 professional project management	scope:	gte	version:	17.7	Trust: 1.0
vendor:	oracle	model:	tuxedo	scope:	eq	version:	12.1.1.0.0	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	lte	version:	8.8.1	Trust: 1.0
vendor:	oracle	model:	primavera p6 professional project management	scope:	eq	version:	16.1	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	lte	version:	6.8.1	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	gte	version:	8.0.0	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	lt	version:	8.14.0	Trust: 1.0
vendor:	oracle	model:	enterprise manager base platform	scope:	eq	version:	13.2.0.0.0	Trust: 1.0
vendor:	oracle	model:	peoplesoft enterprise peopletools	scope:	eq	version:	8.57	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	lte	version:	1.1.0i	Trust: 1.0
vendor:	netapp	model:	storage automation store	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	enterprise manager base platform	scope:	eq	version:	12.1.0.5.0	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	lt	version:	11.3.0	Trust: 1.0
vendor:	netapp	model:	oncommand unified manager	scope:	eq	version:	*	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	gte	version:	1.1.0	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	lt	version:	6.15.0	Trust: 1.0
vendor:	netapp	model:	cn1610	scope:	eq	version:	-	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	gte	version:	6.0.0	Trust: 1.0
vendor:	oracle	model:	primavera p6 professional project management	scope:	eq	version:	15.2	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	lte	version:	10.12.0	Trust: 1.0
vendor:	netapp	model:	cloud backup	scope:	eq	version:	-	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	14.04	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	gte	version:	11.0.0	Trust: 1.0
vendor:	oracle	model:	primavera p6 professional project management	scope:	eq	version:	15.1	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	gte	version:	8.9.0	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	9.0	Trust: 1.0
vendor:	oracle	model:	primavera p6 professional project management	scope:	eq	version:	18.8	Trust: 1.0

sources: NVD: CVE-2018-0734

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-0734
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-201810-1435
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-118936
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2018-0734
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-0734
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-118936
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-0734
baseSeverity:	MEDIUM
baseScore:	5.9
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.2
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-118936 // VULMON: CVE-2018-0734 // CNNVD: CNNVD-201810-1435 // NVD: CVE-2018-0734

PROBLEMTYPE DATA

problemtype:	CWE-327	Trust: 1.1
problemtype:	CWE-320	Trust: 0.1

sources: VULHUB: VHN-118936 // NVD: CVE-2018-0734

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201810-1435

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201810-1435

PATCH

title:	OpenSSL Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86419	Trust: 0.6
title:	Red Hat: Moderate: openssl security and bug fix update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192304 - Security Advisory	Trust: 0.1
title:	Red Hat: Low: openssl security, bug fix, and enhancement update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193700 - Security Advisory	Trust: 0.1
title:	Amazon Linux AMI: ALAS-2019-1153	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2019-1153	Trust: 0.1
title:	Ubuntu Security Notice: openssl, openssl1.0 vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3840-1	Trust: 0.1
title:	Amazon Linux 2: ALAS2-2019-1153	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2019-1153	Trust: 0.1
title:	Red Hat: CVE-2018-0734	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2018-0734	Trust: 0.1
title:	Arch Linux Issues:	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2018-0734	Trust: 0.1
title:	Debian Security Advisories: DSA-4355-1 openssl1.0 -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=7cc6b04edacd67d6e5bf27bd36f54217	Trust: 0.1
title:	Amazon Linux 2: ALAS2-2019-1362	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2019-1362	Trust: 0.1
title:	Arch Linux Advisories: [ASA-201812-7] lib32-openssl-1.0: private key recovery	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201812-7	Trust: 0.1
title:	Arch Linux Advisories: [ASA-201812-6] lib32-openssl: private key recovery	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201812-6	Trust: 0.1
title:	Arch Linux Advisories: [ASA-201812-5] openssl: private key recovery	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201812-5	Trust: 0.1
title:	Arch Linux Advisories: [ASA-201812-8] openssl-1.0: private key recovery	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201812-8	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193935 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release on RHEL 6	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193932 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release on RHEL 7	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193933 - Security Advisory	Trust: 0.1
title:	Debian Security Advisories: DSA-4348-1 openssl -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=322bd50b7b929759e38c99b73122a852	Trust: 0.1
title:	IBM: IBM Security Bulletin: IBM NeXtScale Fan Power Controller (FPC) is affected by vulnerability in OpenSSL (CVE-2018-0734)	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=089729287496a632fa4c42658b60b635	Trust: 0.1
title:	IBM: IBM Security Bulletin: IBM MQ Appliance is affected by an OpenSSL vulnerability (CVE-2018-0734)	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=3b0880c0fe7c1c2995382c68ba0fd928	Trust: 0.1
title:	IBM: IBM Security Bulletin: OpenSSL DSA signature algorithm security vulnerability affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2018-0734)	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=bf4a61aab0614bc21bae17e61513abdc	Trust: 0.1
title:	IBM: IBM Security Bulletin: A security vulnerability has been identified in OpenSSL, which is shipped with IBM Tivoli Network Manager IP Edition (CVE-2018-0734)	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=9f92a5713223095107b36bb14efd3013	Trust: 0.1
title:	IBM: IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Rational ClearQuest (CVE-2018-0734, CVE-2018-5407)	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=c36f1dd66164e22918d817553be91620	Trust: 0.1
title:	IBM: IBM Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM Worklight and IBM MobileFirst Platform Foundation	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=1b873a45dce8bb56ff011908a9402b67	Trust: 0.1
title:	IBM: IBM Security Bulletin: IBM QRadar Network Security is affected by openssl vulnerabilities (CVE-2019-1559, CVE-2018-0734)	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=7ceb7cf440b088f91358d1c597d5a414	Trust: 0.1
title:	IBM: IBM Security Bulletin: IBM Cloud Manager with OpenStack is affected by a OpenSSL vulnerabilities (CVE-2018-0734)	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=bcd3c8de23a34fb577cecdb0096912bf	Trust: 0.1
title:	IBM: IBM Security Bulletin: OpenSSL vunerability	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=f89f8f6307af3f9e5b1f4d0ffb1a9677	Trust: 0.1
title:	IBM: IBM Security Bulletin: IBM Security Proventia Network Active Bypass is affected by openssl vulnerabilities (CVE-2018-0734)	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=4f65fc12e5864fd96d0965bd485769d5	Trust: 0.1
title:	IBM: IBM Security Bulletin: IBM RackSwitch firmware products are affected by vulnerability in OpenSSL (CVE-2018-0734)	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=96f2e72442af5a4308e4a45305db78b4	Trust: 0.1
title:	IBM: IBM Security Bulletin: Multiple Security Vulnerabilities in OpenSSL Affect IBM Sterling B2B Integrator (CVE-2018-0734, CVE-2018-5407)	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=e4ca493bfda92c5355c98328872a84e5	Trust: 0.1
title:	IBM: IBM Security Bulletin: IBM Event Streams is affected by OpenSSL vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=efdce9b94f89918f3f2b2dfc69780ccd	Trust: 0.1
title:	IBM: IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Rational ClearCase (CVE-2018-0734, CVE-2018-5407)	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=ddeebd7237369bd2318e4087834121a5	Trust: 0.1
title:	Tenable Security Advisories: [R1] Nessus 8.1.1 Fixes Multiple Third-party Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2018-16	Trust: 0.1
title:	IBM: IBM Security Bulletin: Vulnerability affects Watson Explorer Foundational Components (CVE-2018-0732, CVE-2018-0734, CVE-2018-0737)	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=4f5f12bea67642140a5af636a3850c79	Trust: 0.1
title:	IBM: IBM Security Bulletin: Security vulnerabilities identified in OpenSSL affect Rational Build Forge (CVE-2018-0734, CVE-2018-5407 and CVE-2019-1559)	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=e59d7f075c856823d6f7370dea35e662	Trust: 0.1
title:	IBM: IBM Security Bulletin: Vulnerabilities in GNU OpenSSL (1.0.2 series) affect IBM Netezza Analytics	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=ac5ccbde4e4ddbcabd10cacf82487a11	Trust: 0.1
title:	IBM: IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Sterling Connect:Express for UNIX (CVE-2018-0734 and CVE-2018-5407)	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=fda6d001f041b9b0a29d906059d798b4	Trust: 0.1
title:	IBM: IBM Security Bulletin: IBM DataPower Gateway is affected by vulnerabilities in OpenSSL	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=c7313d7a6ba5364a603c214269588feb	Trust: 0.1
title:	IBM: Security Bulletin: Vulnerabities in SSL in IBM DataPower Gateway	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=5fc1433ca504461e3bbb1d30e408592c	Trust: 0.1
title:	IBM: IBM Security Bulletin: IBM InfoSphere Master Data Management Standard and Advanced Editions are affected by vulnerabilities in OpenSSL (CVE-2018-0735, CVE-2018-0734, CVE-2018-5407)	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=c829d56f5888779e791387897875c4b4	Trust: 0.1
title:	IBM: IBM Security Bulletin: Vulnerability affects Watson Explorer Foundational Components (CVE-2018-0732, CVE-2018-0734, CVE-2018-0737)	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=35f40c202a57607f29c0bb486da6ea8a	Trust: 0.1
title:	Tenable Security Advisories: [R1] Nessus 7.1.4 Fixes Multiple Third-party Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2018-17	Trust: 0.1
title:	IBM: IBM Security Bulletin: Vulnerabilities in OpenSSL affect GCM16 & GCM32 KVM Switch Firmware (CVE-2018-0734, CVE-2018-0737, CVE-2018-0739)	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=d3d3f316d14423d9850192f1d5f20a1b	Trust: 0.1
title:	IBM: IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM InfoSphere Information Server	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=d04b79d120c8d1de061ffc3f57258fcb	Trust: 0.1
title:	IBM: IBM Security Bulletin:IBM Security Identity Adapters has released a fix in response to the OpenSSL vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=00b8bc7d11e5484e8721f3f62ec2ce87	Trust: 0.1
title:	IBM: Security Bulletin: Vulnerabilities have been identified in OpenSSL and the Kernel shipped with the DS8000 Hardware Management Console (HMC)	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=423d1da688755122eb2591196e4cc160	Trust: 0.1
title:	Debian CVElist Bug Report Logs: mysql-5.7: Security fixes from the January 2019 CPU	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=996600102cb3180bfad1fcc5c68a4d77	Trust: 0.1
title:	Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2019	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=4ee609eeae78bbbd0d0c827f33a7f87f	Trust: 0.1
title:	IBM: IBM Security Bulletin: Multiple Security Vulnerabilities affect IBM® Cloud Private – Node.js	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=2e571e7bc5566212c3e69e37ecfa5ad4	Trust: 0.1
title:	IBM: IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Rational Application Developer for WebSphere Software	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=2bd72b857f21f300d83d07a791be44cf	Trust: 0.1
title:	Forcepoint Security Advisories: CVE-2018-0734 and CVE-2019-1559 (OpenSSL)	url:	https://vulmon.com/vendoradvisory?qidtp=forcepoint_security_advisories&qid=b508c983da563a8786bf80c360afb887	Trust: 0.1
title:	IBM: IBM Security Bulletin: Multiple vulnerabilities affect IBM® SDK for Node.js™ in IBM Cloud	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=26f585287da19915b94b6cae2d1b864f	Trust: 0.1
title:	IBM: IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Cloud App Management V2018	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=dce787e9d669a768893a91801bf5eea4	Trust: 0.1
title:	IBM: IBM Security Bulletin: Multiple Security Vulnerabilities have been addressed in IBM Security Access Manager Appliance	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=800337bc69aa7ad92ac88a2adcc7d426	Trust: 0.1
title:	IBM: IBM Security Bulletin: Multiple Security Vulnerabilities affect IBM® Cloud Private – fluentd	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=60de0933c28b353f38df30120aa2a908	Trust: 0.1
title:	Oracle: Oracle Critical Patch Update Advisory - January 2019	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=f655264a6935505d167bbf45f409a57b	Trust: 0.1
title:	IBM: IBM Security Bulletin: Vyatta 5600 vRouter Software Patches – Releases 1801-w and 1801-y	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=bf3f2299a8658b7cd3984c40e7060666	Trust: 0.1
title:	Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2019	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=aea3fcafd82c179d3a5dfa015e920864	Trust: 0.1
title:	IBM: IBM Security Bulletin: Vyatta 5600 vRouter Software Patches – Release 1801-v	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=413b5f9466c1ebf3ab090a45e189b43e	Trust: 0.1
title:	IBM: IBM Security Bulletin: IBM API Connect has addressed multiple vulnerabilities in Developer Portal’s dependencies – Cumulative list from June 28, 2018 to December 13, 2018	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=43da2cd72c1e378d8d94ecec029fcc61	Trust: 0.1
title:	-	url:	https://github.com/Live-Hack-CVE/CVE-2018-0734	Trust: 0.1
title:	-	url:	https://github.com/Qi-Zhan/ps3	Trust: 0.1
title:	vyger	url:	https://github.com/mrodden/vyger	Trust: 0.1
title:	-	url:	https://github.com/vincent-deng/veracode-container-security-finding-parser	Trust: 0.1

sources: VULMON: CVE-2018-0734 // CNNVD: CNNVD-201810-1435

EXTERNAL IDS

db:	NVD	id:	CVE-2018-0734	Trust: 2.5
db:	TENABLE	id:	TNS-2018-17	Trust: 1.8
db:	TENABLE	id:	TNS-2018-16	Trust: 1.8
db:	BID	id:	105758	Trust: 1.8
db:	PACKETSTORM	id:	155414	Trust: 0.8
db:	CNNVD	id:	CNNVD-201810-1435	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.0660	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.0960	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.0481	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.0514	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.3390.4	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.4251	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4403	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.0644.2	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.0491	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.0696	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4479.2	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4753	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4479	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.0102	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.0529	Trust: 0.6
db:	PACKETSTORM	id:	153932	Trust: 0.2
db:	PACKETSTORM	id:	155160	Trust: 0.2
db:	PACKETSTORM	id:	155417	Trust: 0.2
db:	PACKETSTORM	id:	150437	Trust: 0.2
db:	PACKETSTORM	id:	155416	Trust: 0.2
db:	PACKETSTORM	id:	150683	Trust: 0.1
db:	VULHUB	id:	VHN-118936	Trust: 0.1
db:	VULMON	id:	CVE-2018-0734	Trust: 0.1
db:	PACKETSTORM	id:	150860	Trust: 0.1

sources: VULHUB: VHN-118936 // VULMON: CVE-2018-0734 // PACKETSTORM: 150437 // PACKETSTORM: 155414 // PACKETSTORM: 155417 // PACKETSTORM: 150860 // PACKETSTORM: 153932 // PACKETSTORM: 155416 // PACKETSTORM: 155160 // CNNVD: CNNVD-201810-1435 // NVD: CVE-2018-0734

REFERENCES

url:	http://www.securityfocus.com/bid/105758	Trust: 3.1
url:	https://access.redhat.com/errata/rhsa-2019:3932	Trust: 2.5
url:	https://access.redhat.com/errata/rhsa-2019:3933	Trust: 2.5
url:	https://access.redhat.com/errata/rhsa-2019:3935	Trust: 2.5
url:	https://access.redhat.com/errata/rhsa-2019:2304	Trust: 2.0
url:	https://access.redhat.com/errata/rhsa-2019:3700	Trust: 1.9
url:	https://usn.ubuntu.com/3840-1/	Trust: 1.9
url:	https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/	Trust: 1.8
url:	https://security.netapp.com/advisory/ntap-20181105-0002/	Trust: 1.8
url:	https://security.netapp.com/advisory/ntap-20190118-0002/	Trust: 1.8
url:	https://security.netapp.com/advisory/ntap-20190423-0002/	Trust: 1.8
url:	https://www.openssl.org/news/secadv/20181030.txt	Trust: 1.8
url:	https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html	Trust: 1.8
url:	https://www.tenable.com/security/tns-2018-16	Trust: 1.8
url:	https://www.tenable.com/security/tns-2018-17	Trust: 1.8
url:	https://www.debian.org/security/2018/dsa-4348	Trust: 1.8
url:	https://www.debian.org/security/2018/dsa-4355	Trust: 1.8
url:	https://www.oracle.com/security-alerts/cpuapr2020.html	Trust: 1.8
url:	https://www.oracle.com/security-alerts/cpujan2020.html	Trust: 1.8
url:	https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html	Trust: 1.8
url:	https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html	Trust: 1.8
url:	http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html	Trust: 1.8
url:	http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html	Trust: 1.8
url:	https://git.openssl.org/gitweb/?p=openssl.git%3ba=commitdiff%3bh=8abfe72e8c1de1b95f50aa0d9134803b4d00070f	Trust: 1.1
url:	https://git.openssl.org/gitweb/?p=openssl.git%3ba=commitdiff%3bh=ef11e19d1365eea2b1851e6f540a0bf365d303e7	Trust: 1.1
url:	https://git.openssl.org/gitweb/?p=openssl.git%3ba=commitdiff%3bh=43e6a58d4991a451daf4891ff05a48735df871ac	Trust: 1.1
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ewc42uxl5ghtu5g77vkbf6jyuungshom/	Trust: 1.1
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/zbev5qgdrfuzdmnecfxusn5fmyozde4v/	Trust: 1.1
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/y3ivfgserazlnjck35tem2r4726xih3z/	Trust: 1.1
url:	https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=43e6a58d4991a451daf4891ff05a48735df871ac	Trust: 0.7
url:	https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8abfe72e8c1de1b95f50aa0d9134803b4d00070f	Trust: 0.7
url:	https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ef11e19d1365eea2b1851e6f540a0bf365d303e7	Trust: 0.7
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/zbev5qgdrfuzdmnecfxusn5fmyozde4v/	Trust: 0.7
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/y3ivfgserazlnjck35tem2r4726xih3z/	Trust: 0.7
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ewc42uxl5ghtu5g77vkbf6jyuungshom/	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0734	Trust: 0.7
url:	http://aix.software.ibm.com/aix/efixes/security/openssl_advisory29.asc	Trust: 0.6
url:	https://www.oracle.com/technetwork/topics/security/bulletinjan2019-5251593.html	Trust: 0.6
url:	https://www.oracle.com/technetwork/topics/security/bulletinapr2019-5462008.html	Trust: 0.6
url:	https://www.openssl.org/news/vulnerabilities.html	Trust: 0.6
url:	https://www.openssl.org/news/openssl-1.0.2-notes.html	Trust: 0.6
url:	http://openssl.org/	Trust: 0.6
url:	https://www.openssl.org/news/cl102.txt	Trust: 0.6
url:	https://github.com/openssl/openssl/commit/ef11e19d1365eea2b1851e6f540a0bf365d303e7	Trust: 0.6
url:	https://github.com/openssl/openssl/commit/8abfe72e8c1de1b95f50aa0d9134803b4d00070f	Trust: 0.6
url:	https://github.com/openssl/openssl/commit/43e6a58d4991a451daf4891ff05a48735df871ac	Trust: 0.6
url:	https://support.symantec.com/us/en/article.symsa1490.html	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1284802	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1115655	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1115643	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1170328	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1170340	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1170334	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1170322	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1170352	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1170346	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1116357	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1142626	Trust: 0.6
url:	http://www.ibm.com/support/docview.wss	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1115649	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/76338	Trust: 0.6
url:	https://www-01.ibm.com/support/docview.wss?uid=ibm10875298	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-openssl-affect-ibm-tivoli-netcool-system-service-monitors-application-service-monitors-cve-2018-5407cve-2020-1967cve-2018-0734cve-2019-1563cve-2019/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/76414	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4403/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4479/	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1138588	Trust: 0.6
url:	https://www.oracle.com/security-alerts/cpujan2020verbose.html	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/3517185	Trust: 0.6
url:	https://www-01.ibm.com/support/docview.wss?uid=ibm10870936	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1167202	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/77674	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-openssl-as-used-in-ibm-qradar-siem-is-vulnerable-to-a-timing-side-channel-attack-cve-2018-0734/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.0491/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.3390.4/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4479.2/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/75658	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.4251/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.0696	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-have-been-identified-in-openssl-and-the-kernel-shipped-with-the-ds8000-hardware-management-console-hmc/	Trust: 0.6
url:	https://packetstormsecurity.com/files/155414/red-hat-security-advisory-2019-3935-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.0529/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4753/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-openssl-affects-ibm-integrated-analytics-system-2/	Trust: 0.6
url:	http://www.ibm.com/support/docview.wss?uid=ibm10794861	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.0102/	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1143442	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-openssl-affect-ibm-spectrum-protect-plus-cve-2018-0735-cve-2018-0734-cve-2018-5407/	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1169938	Trust: 0.6
url:	https://www-01.ibm.com/support/docview.wss?uid=ibm10873310	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/75802	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2018-5407	Trust: 0.5
url:	https://access.redhat.com/articles/11258	Trust: 0.5
url:	https://access.redhat.com/security/team/contact/	Trust: 0.5
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.5
url:	https://bugzilla.redhat.com/):	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2018-0734	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0737	Trust: 0.4
url:	https://access.redhat.com/security/team/key/	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9513	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-9511	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9517	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0197	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2018-17199	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9511	Trust: 0.3
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2018-17189	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-9517	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2018-0737	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2018-17199	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-9516	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-9513	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-0217	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0217	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-0197	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2018-17189	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9516	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2018-5407	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-0196	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0196	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/327.html	Trust: 0.1
url:	https://github.com/live-hack-cve/cve-2018-0734	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://tools.cisco.com/security/center/viewalert.x?alertid=59087	Trust: 0.1
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0734	Trust: 0.1
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5407	Trust: 0.1
url:	http://slackware.com	Trust: 0.1
url:	http://osuosl.org)	Trust: 0.1
url:	http://slackware.com/gpg-key	Trust: 0.1
url:	https://www.debian.org/security/faq	Trust: 0.1
url:	https://security-tracker.debian.org/tracker/openssl1.0	Trust: 0.1
url:	https://www.debian.org/security/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0732	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-1559	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-1559	Trust: 0.1
url:	https://access.redhat.com/security/updates/classification/#moderate	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0735	Trust: 0.1
url:	https://access.redhat.com/security/updates/classification/#low	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-1543	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.1_release_notes/	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-0735	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-1543	Trust: 0.1

CREDITS

Red Hat,Samuel Weiser.

Trust: 0.6

sources: CNNVD: CNNVD-201810-1435

SOURCES

db:	VULHUB	id:	VHN-118936
db:	VULMON	id:	CVE-2018-0734
db:	PACKETSTORM	id:	150437
db:	PACKETSTORM	id:	155414
db:	PACKETSTORM	id:	155417
db:	PACKETSTORM	id:	150860
db:	PACKETSTORM	id:	153932
db:	PACKETSTORM	id:	155416
db:	PACKETSTORM	id:	155160
db:	CNNVD	id:	CNNVD-201810-1435
db:	NVD	id:	CVE-2018-0734

LAST UPDATE DATE

2024-11-07T21:28:34.233000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-118936	date:	2020-08-24T00:00:00
db:	VULMON	id:	CVE-2018-0734	date:	2023-11-07T00:00:00
db:	CNNVD	id:	CNNVD-201810-1435	date:	2022-02-18T00:00:00
db:	NVD	id:	CVE-2018-0734	date:	2023-11-07T02:51:05.217

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-118936	date:	2018-10-30T00:00:00
db:	VULMON	id:	CVE-2018-0734	date:	2018-10-30T00:00:00
db:	PACKETSTORM	id:	150437	date:	2018-11-22T23:23:23
db:	PACKETSTORM	id:	155414	date:	2019-11-20T23:02:22
db:	PACKETSTORM	id:	155417	date:	2019-11-20T21:11:11
db:	PACKETSTORM	id:	150860	date:	2018-12-20T15:05:22
db:	PACKETSTORM	id:	153932	date:	2019-08-06T21:09:19
db:	PACKETSTORM	id:	155416	date:	2019-11-20T20:55:55
db:	PACKETSTORM	id:	155160	date:	2019-11-06T15:56:37
db:	CNNVD	id:	CNNVD-201810-1435	date:	2018-10-31T00:00:00
db:	NVD	id:	CVE-2018-0734	date:	2018-10-30T12:29:00.257