Details of VAR-201811-0912

ID

VAR-201811-0912

CVE

CVE-2018-5407

TITLE

OpenSSL Information disclosure vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-201811-279

DESCRIPTION

Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'. OpenSSL is prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information. This may aid in further attacks. The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc. This vulnerability stems from configuration errors in network systems or products during operation. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/openssl-1.0.2q-i586-1_slack14.2.txz: Upgraded. This update fixes a timing side-channel flaw on processors which implement SMT/Hyper-Threading architectures, and a side channel attack on DSA signature generation that could allow an attacker to recover the private key. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5407 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0734 (* Security fix *) patches/packages/openssl-solibs-1.0.2q-i586-1_slack14.2.txz: Upgraded. +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1u-i486-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1u-i486-1_slack14.0.txz Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1u-x86_64-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1u-x86_64-1_slack14.0.txz Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1u-i486-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1u-i486-1_slack14.1.txz Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1u-x86_64-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1u-x86_64-1_slack14.1.txz Updated packages for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-1.0.2q-i586-1_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-solibs-1.0.2q-i586-1_slack14.2.txz Updated packages for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-1.0.2q-x86_64-1_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-solibs-1.0.2q-x86_64-1_slack14.2.txz Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.1.1a-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.1.1a-i586-1.txz Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.1.1a-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.1.1a-x86_64-1.txz MD5 signatures: +-------------+ Slackware 14.0 packages: e6d4b3a76383f9f253da4128ba23f269 openssl-1.0.1u-i486-1_slack14.0.txz c61d31a1751ae39af89d3fee0b54f0d8 openssl-solibs-1.0.1u-i486-1_slack14.0.txz Slackware x86_64 14.0 packages: 96be19e6a96c9beb5d3bbc55348fb483 openssl-1.0.1u-x86_64-1_slack14.0.txz b7a8fa2ebd16c8ae106fc1267bc29eca openssl-solibs-1.0.1u-x86_64-1_slack14.0.txz Slackware 14.1 packages: 099b960e62eaea5d1a639a61a2fabca7 openssl-1.0.1u-i486-1_slack14.1.txz b5d5219e05db97f63c4d6c389d6884fb openssl-solibs-1.0.1u-i486-1_slack14.1.txz Slackware x86_64 14.1 packages: fc96c87d76c9d1efd1290ac847fa7c7c openssl-1.0.1u-x86_64-1_slack14.1.txz e873b66f84f45ea34d028a3d524ce573 openssl-solibs-1.0.1u-x86_64-1_slack14.1.txz Slackware 14.2 packages: d5f0cc19451e9c7e3967820cf02a20c6 openssl-1.0.2q-i586-1_slack14.2.txz 594ca80447baecd608a51083b12a26d9 openssl-solibs-1.0.2q-i586-1_slack14.2.txz Slackware x86_64 14.2 packages: 943bb2f3259ccf97a1b8b25f5f511c30 openssl-1.0.2q-x86_64-1_slack14.2.txz 0d45afe2487c47b283c06902c56e4559 openssl-solibs-1.0.2q-x86_64-1_slack14.2.txz Slackware -current packages: 6f01f6dd0f40a12e473320386cfc8536 a/openssl-solibs-1.1.1a-i586-1.txz 6e5a2ab2475a0d851376d12911b3c6b7 n/openssl-1.1.1a-i586-1.txz Slackware x86_64 -current packages: eb4697703f1f4b81ad38e9247ab70dac a/openssl-solibs-1.1.1a-x86_64-1.txz 12a10fd6bd2344b3e73106c8d5b9828c n/openssl-1.1.1a-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the packages as root: # upgradepkg openssl-1.0.2q-i586-1_slack14.2.txz openssl-solibs-1.0.2q-i586-1_slack14.2.txz +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. Solution: For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/ index.html 4. Description: This release adds the new Apache HTTP Server 2.4.37 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.29 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release. Security Fix(es): * openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys (CVE-2018-0737) * openssl: timing side channel attack in the DSA signature algorithm (CVE-2018-0734) * mod_auth_digest: access control bypass due to race condition (CVE-2019-0217) * openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407) * mod_session_cookie does not respect expiry time (CVE-2018-17199) * mod_http2: DoS via slow, unneeded request bodies (CVE-2018-17189) * mod_http2: possible crash on late upgrade (CVE-2019-0197) * mod_http2: read-after-free on a string compare (CVE-2019-0196) * nghttp2: HTTP/2: large amount of data request leads to denial of service (CVE-2019-9511) * nghttp2: HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption (CVE-2019-9513) * mod_http2: HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516) * mod_http2: HTTP/2: request for large response leads to denial of service (CVE-2019-9517) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. After installing the updated packages, the httpd daemon will be restarted automatically. Bugs fixed (https://bugzilla.redhat.com/): 1568253 - CVE-2018-0737 openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys 1644364 - CVE-2018-0734 openssl: timing side channel attack in the DSA signature algorithm 1645695 - CVE-2018-5407 openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) 1668493 - CVE-2018-17199 httpd: mod_session_cookie does not respect expiry time 1668497 - CVE-2018-17189 httpd: mod_http2: DoS via slow, unneeded request bodies 1695020 - CVE-2019-0217 httpd: mod_auth_digest: access control bypass due to race condition 1695030 - CVE-2019-0196 httpd: mod_http2: read-after-free on a string compare 1695042 - CVE-2019-0197 httpd: mod_http2: possible crash on late upgrade 1735741 - CVE-2019-9513 HTTP/2: flood using PRIORITY frames results in excessive resource consumption 1741860 - CVE-2019-9511 HTTP/2: large amount of data requests leads to denial of service 1741864 - CVE-2019-9516 HTTP/2: 0-length headers lead to denial of service 1741868 - CVE-2019-9517 HTTP/2: request for large response leads to denial of service 6. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: openssl security and bug fix update Advisory ID: RHSA-2019:0483-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:0483 Issue date: 2019-03-12 CVE Names: CVE-2018-5407 ==================================================================== 1. Summary: An update for openssl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x 3. Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es): * openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Perform the RSA signature self-tests with SHA-256 (BZ#1673914) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. 5. Package List: Red Hat Enterprise Linux Client (v. 7): Source: openssl-1.0.2k-16.el7_6.1.src.rpm x86_64: openssl-1.0.2k-16.el7_6.1.x86_64.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.i686.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.x86_64.rpm openssl-libs-1.0.2k-16.el7_6.1.i686.rpm openssl-libs-1.0.2k-16.el7_6.1.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: openssl-debuginfo-1.0.2k-16.el7_6.1.i686.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.x86_64.rpm openssl-devel-1.0.2k-16.el7_6.1.i686.rpm openssl-devel-1.0.2k-16.el7_6.1.x86_64.rpm openssl-perl-1.0.2k-16.el7_6.1.x86_64.rpm openssl-static-1.0.2k-16.el7_6.1.i686.rpm openssl-static-1.0.2k-16.el7_6.1.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: openssl-1.0.2k-16.el7_6.1.src.rpm x86_64: openssl-1.0.2k-16.el7_6.1.x86_64.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.i686.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.x86_64.rpm openssl-libs-1.0.2k-16.el7_6.1.i686.rpm openssl-libs-1.0.2k-16.el7_6.1.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: openssl-debuginfo-1.0.2k-16.el7_6.1.i686.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.x86_64.rpm openssl-devel-1.0.2k-16.el7_6.1.i686.rpm openssl-devel-1.0.2k-16.el7_6.1.x86_64.rpm openssl-perl-1.0.2k-16.el7_6.1.x86_64.rpm openssl-static-1.0.2k-16.el7_6.1.i686.rpm openssl-static-1.0.2k-16.el7_6.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: openssl-1.0.2k-16.el7_6.1.src.rpm ppc64: openssl-1.0.2k-16.el7_6.1.ppc64.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.ppc.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.ppc64.rpm openssl-devel-1.0.2k-16.el7_6.1.ppc.rpm openssl-devel-1.0.2k-16.el7_6.1.ppc64.rpm openssl-libs-1.0.2k-16.el7_6.1.ppc.rpm openssl-libs-1.0.2k-16.el7_6.1.ppc64.rpm ppc64le: openssl-1.0.2k-16.el7_6.1.ppc64le.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.ppc64le.rpm openssl-devel-1.0.2k-16.el7_6.1.ppc64le.rpm openssl-libs-1.0.2k-16.el7_6.1.ppc64le.rpm s390x: openssl-1.0.2k-16.el7_6.1.s390x.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.s390.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.s390x.rpm openssl-devel-1.0.2k-16.el7_6.1.s390.rpm openssl-devel-1.0.2k-16.el7_6.1.s390x.rpm openssl-libs-1.0.2k-16.el7_6.1.s390.rpm openssl-libs-1.0.2k-16.el7_6.1.s390x.rpm x86_64: openssl-1.0.2k-16.el7_6.1.x86_64.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.i686.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.x86_64.rpm openssl-devel-1.0.2k-16.el7_6.1.i686.rpm openssl-devel-1.0.2k-16.el7_6.1.x86_64.rpm openssl-libs-1.0.2k-16.el7_6.1.i686.rpm openssl-libs-1.0.2k-16.el7_6.1.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7): Source: openssl-1.0.2k-16.el7_6.1.src.rpm aarch64: openssl-1.0.2k-16.el7_6.1.aarch64.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.aarch64.rpm openssl-devel-1.0.2k-16.el7_6.1.aarch64.rpm openssl-libs-1.0.2k-16.el7_6.1.aarch64.rpm ppc64le: openssl-1.0.2k-16.el7_6.1.ppc64le.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.ppc64le.rpm openssl-devel-1.0.2k-16.el7_6.1.ppc64le.rpm openssl-libs-1.0.2k-16.el7_6.1.ppc64le.rpm s390x: openssl-1.0.2k-16.el7_6.1.s390x.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.s390.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.s390x.rpm openssl-devel-1.0.2k-16.el7_6.1.s390.rpm openssl-devel-1.0.2k-16.el7_6.1.s390x.rpm openssl-libs-1.0.2k-16.el7_6.1.s390.rpm openssl-libs-1.0.2k-16.el7_6.1.s390x.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: openssl-debuginfo-1.0.2k-16.el7_6.1.ppc.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.ppc64.rpm openssl-perl-1.0.2k-16.el7_6.1.ppc64.rpm openssl-static-1.0.2k-16.el7_6.1.ppc.rpm openssl-static-1.0.2k-16.el7_6.1.ppc64.rpm ppc64le: openssl-debuginfo-1.0.2k-16.el7_6.1.ppc64le.rpm openssl-perl-1.0.2k-16.el7_6.1.ppc64le.rpm openssl-static-1.0.2k-16.el7_6.1.ppc64le.rpm s390x: openssl-debuginfo-1.0.2k-16.el7_6.1.s390.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.s390x.rpm openssl-perl-1.0.2k-16.el7_6.1.s390x.rpm openssl-static-1.0.2k-16.el7_6.1.s390.rpm openssl-static-1.0.2k-16.el7_6.1.s390x.rpm x86_64: openssl-debuginfo-1.0.2k-16.el7_6.1.i686.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.x86_64.rpm openssl-perl-1.0.2k-16.el7_6.1.x86_64.rpm openssl-static-1.0.2k-16.el7_6.1.i686.rpm openssl-static-1.0.2k-16.el7_6.1.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7): aarch64: openssl-debuginfo-1.0.2k-16.el7_6.1.aarch64.rpm openssl-perl-1.0.2k-16.el7_6.1.aarch64.rpm openssl-static-1.0.2k-16.el7_6.1.aarch64.rpm ppc64le: openssl-debuginfo-1.0.2k-16.el7_6.1.ppc64le.rpm openssl-perl-1.0.2k-16.el7_6.1.ppc64le.rpm openssl-static-1.0.2k-16.el7_6.1.ppc64le.rpm s390x: openssl-debuginfo-1.0.2k-16.el7_6.1.s390.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.s390x.rpm openssl-perl-1.0.2k-16.el7_6.1.s390x.rpm openssl-static-1.0.2k-16.el7_6.1.s390.rpm openssl-static-1.0.2k-16.el7_6.1.s390x.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: openssl-1.0.2k-16.el7_6.1.src.rpm x86_64: openssl-1.0.2k-16.el7_6.1.x86_64.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.i686.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.x86_64.rpm openssl-devel-1.0.2k-16.el7_6.1.i686.rpm openssl-devel-1.0.2k-16.el7_6.1.x86_64.rpm openssl-libs-1.0.2k-16.el7_6.1.i686.rpm openssl-libs-1.0.2k-16.el7_6.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: openssl-debuginfo-1.0.2k-16.el7_6.1.i686.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.x86_64.rpm openssl-perl-1.0.2k-16.el7_6.1.x86_64.rpm openssl-static-1.0.2k-16.el7_6.1.i686.rpm openssl-static-1.0.2k-16.el7_6.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-5407 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXIj7zdzjgjWX9erEAQiieQ//TzEytTXxxzNqnsMz3yxbDgb1jni0dPYx 6If80sSKu32kPgoTUgTcoJ27jUIpupYHJj3ml1zhF0zTqMAd2fYXkl2/0HSzbX6z w7FKXiRuzoA8JNG+bbqNjLhwsJBP4Avqfi/S9Z/s/0v93ep54Aqo9pmxfZYJuUMQ GncD2JcidZXLm1sky4PFl59D94szXdRkkzS3xxYcp37dyAUxwqOyzDPwbDA4q3CO 4+TBL1hevmm5FSJjp/Bux70iEXubT+aGRM7Ab1Qex1h6rZjOfEgZabLOAJL9feGT mXPnML6DW96C4W9urZJZZcYJcZ34MfeH7TjaFKjfKeDIlb0fzdGuDqsrUXi95GjF atGtjkXsu5n2Nh3QQNvTRs5N+0w1PSp5VMlrQbeizE0FQVH60z6EUUGlcKEQglof Gs+pRtn7e9R/ncCNOrGAW0QbkmCGge3cg/kYlrJTt5dvQH1oSuG49ZqowG5It4vT kzIIDIhxrQrHE23eV7O1g48nV8/rPIZI6W2UuYs4sgQuWAtHx1gncWGXwiWRNtn1 38Iqnd+UBpxwBgb+fYYwZ54SOpLXGeUa1pR+ZV2+ToEmGM1yHQ+DMVKhRlAojKYa qwSvm7HPdu7ceUkW3HTOwU8llXOGmXJ0UIr+reqIJBemRg/24NeHZ20a9qMeybEX t5ytPgxAFC4=jvvo -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . For the stable distribution (stretch), these problems have been fixed in version 1.1.0j-1~deb9u1. Going forward, openssl security updates for stretch will be based on the 1.1.0x upstream releases. We recommend that you upgrade your openssl packages. For the detailed security status of openssl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openssl Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlwBuAcACgkQEMKTtsN8 TjZbBw/+MOB5+pZbCHHXyH3IeD+yj+tSPvmNc3SCwdEtUxGXr0ZX7TKHfaLs/8s6 Udto0K8a1FvjrcUQCfhnFpNcSAv9pxX13Fr6Pd560miIfAu9/5jAqiCufCoiz+xj 45LNJGlaxxaFjgBGCitZSJA0Fc4SM6v5XFyJfR3kChdQ/3kGQbbMNAp16Fy3ZsxJ VXwviomUxmmmdvjxyhifTIpuwr9OiJSQ+13etQjTDQ3pzSbLBPSOxmpV0vPIC7I2 Dwa4zuQXA/DF4G6l8T4rXCwCN4e4pwbTc8bbCjXeZK+iVAhnRD6wXlS3cc5IVAzx /qTa89LZU8B6ylcB6nodeAHLuZTC3Le8ndoxYz5S2/jHZMM/jCQNHYJemHWNbOqn q+e5W0D1fIVLiLoL/iHW5XhN6yJY2Ma7zjXMRBnkzJA9CTNIKgUjrSFz0Ud+wIM/ u8QhNPwZ0hPd5IfSgIyWqmuQ5XzFYqAQvwT1gUJiK7tIvuT0VsSyKVaSZVbi4yrM 9sxkZaP1UNLcTVCFw6A0KFwhb9z6kQtyH1MRkFPphmnb8jlHA3cTdPJkFUBi3VaT 7izThm5/mVLbAjZ8X7nkqnzWzmc885j0ml3slDd/MOVWB5CD3vFAcI8k3VZr3A61 P2gNSN6UbAbLMGsxgs3hYUHgazi7MdXJ/aNavjGSbYBNL780Iaw=3Qji -----END PGP SIGNATURE----- . Description: Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied

Trust: 2.16

sources: NVD: CVE-2018-5407 // BID: 105897 // VULHUB: VHN-135438 // VULMON: CVE-2018-5407 // PACKETSTORM: 150437 // PACKETSTORM: 152240 // PACKETSTORM: 155417 // PACKETSTORM: 155413 // PACKETSTORM: 152071 // PACKETSTORM: 150860 // PACKETSTORM: 150561 // PACKETSTORM: 155415 // PACKETSTORM: 152241

AFFECTED PRODUCTS

vendor:	oracle	model:	mysql enterprise backup	scope:	lte	version:	3.12.3	Trust: 1.0
vendor:	redhat	model:	enterprise linux server	scope:	eq	version:	7.6	Trust: 1.0
vendor:	oracle	model:	mysql enterprise backup	scope:	lte	version:	4.1.2	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	lt	version:	6.14.4	Trust: 1.0
vendor:	redhat	model:	enterprise linux server tus	scope:	eq	version:	7.6	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	gte	version:	8.0.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux server	scope:	eq	version:	7.0	Trust: 1.0
vendor:	oracle	model:	primavera p6 enterprise project portfolio management	scope:	eq	version:	15.2	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	gte	version:	10.0.0	Trust: 1.0
vendor:	oracle	model:	enterprise manager base platform	scope:	eq	version:	13.2.0.0.0	Trust: 1.0
vendor:	oracle	model:	peoplesoft enterprise peopletools	scope:	eq	version:	8.56	Trust: 1.0
vendor:	oracle	model:	peoplesoft enterprise peopletools	scope:	eq	version:	8.57	Trust: 1.0
vendor:	oracle	model:	vm virtualbox	scope:	lt	version:	6.0.0	Trust: 1.0
vendor:	oracle	model:	primavera p6 enterprise project portfolio management	scope:	eq	version:	16.2	Trust: 1.0
vendor:	oracle	model:	primavera p6 enterprise project portfolio management	scope:	eq	version:	18.8	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	14.04	Trust: 1.0
vendor:	oracle	model:	application server	scope:	eq	version:	1.0.1	Trust: 1.0
vendor:	oracle	model:	primavera p6 enterprise project portfolio management	scope:	gte	version:	17.7	Trust: 1.0
vendor:	redhat	model:	enterprise linux desktop	scope:	eq	version:	7.0	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	8.0	Trust: 1.0
vendor:	oracle	model:	application server	scope:	eq	version:	0.9.8	Trust: 1.0
vendor:	tenable	model:	nessus	scope:	lt	version:	8.1.1	Trust: 1.0
vendor:	oracle	model:	peoplesoft enterprise peopletools	scope:	eq	version:	8.55	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	lt	version:	1.0.2q	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	gte	version:	1.0.2	Trust: 1.0
vendor:	redhat	model:	enterprise linux workstation	scope:	eq	version:	7.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	18.04	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	16.04	Trust: 1.0
vendor:	oracle	model:	application server	scope:	eq	version:	1.0.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	7.6	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	lt	version:	8.11.4	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	lt	version:	1.1.0i	Trust: 1.0
vendor:	oracle	model:	api gateway	scope:	eq	version:	11.1.2.4.0	Trust: 1.0
vendor:	oracle	model:	enterprise manager ops center	scope:	eq	version:	12.3.3	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	18.10	Trust: 1.0
vendor:	oracle	model:	tuxedo	scope:	eq	version:	12.1.1.0.0	Trust: 1.0
vendor:	oracle	model:	primavera p6 enterprise project portfolio management	scope:	eq	version:	15.1	Trust: 1.0
vendor:	oracle	model:	primavera p6 enterprise project portfolio management	scope:	eq	version:	16.1	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	gte	version:	1.1.0	Trust: 1.0
vendor:	oracle	model:	enterprise manager base platform	scope:	eq	version:	12.1.0.5.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux server eus	scope:	eq	version:	7.6	Trust: 1.0
vendor:	oracle	model:	primavera p6 enterprise project portfolio management	scope:	lte	version:	17.12	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	9.0	Trust: 1.0
vendor:	oracle	model:	enterprise manager base platform	scope:	eq	version:	13.3.0.0.0	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	lt	version:	10.9.0	Trust: 1.0
vendor:	oracle	model:	primavera p6 enterprise project portfolio management	scope:	eq	version:	8.4	Trust: 1.0
vendor:	oracle	model:	mysql enterprise backup	scope:	gte	version:	3.12.4	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.1.0h	Trust: 0.6
vendor:	tenable	model:	nessus	scope:	eq	version:	8.1	Trust: 0.3
vendor:	tenable	model:	nessus	scope:	eq	version:	8.0	Trust: 0.3
vendor:	tenable	model:	nessus	scope:	eq	version:	7.2.2	Trust: 0.3
vendor:	tenable	model:	nessus	scope:	eq	version:	7.2.1	Trust: 0.3
vendor:	tenable	model:	nessus	scope:	eq	version:	7.2	Trust: 0.3
vendor:	tenable	model:	nessus	scope:	eq	version:	7.1.3	Trust: 0.3
vendor:	tenable	model:	nessus	scope:	eq	version:	7.1.2	Trust: 0.3
vendor:	tenable	model:	nessus	scope:	eq	version:	7.1.1	Trust: 0.3
vendor:	tenable	model:	nessus	scope:	eq	version:	7.1	Trust: 0.3
vendor:	tenable	model:	nessus	scope:	eq	version:	6.9.3	Trust: 0.3
vendor:	tenable	model:	nessus	scope:	eq	version:	6.9	Trust: 0.3
vendor:	tenable	model:	nessus	scope:	eq	version:	6.8	Trust: 0.3
vendor:	tenable	model:	nessus	scope:	eq	version:	6.7	Trust: 0.3
vendor:	tenable	model:	nessus	scope:	eq	version:	6.6.2	Trust: 0.3
vendor:	tenable	model:	nessus	scope:	eq	version:	6.6.1	Trust: 0.3
vendor:	tenable	model:	nessus	scope:	eq	version:	6.6	Trust: 0.3
vendor:	tenable	model:	nessus	scope:	eq	version:	6.5.6	Trust: 0.3
vendor:	tenable	model:	nessus	scope:	eq	version:	6.5.5	Trust: 0.3
vendor:	tenable	model:	nessus	scope:	eq	version:	6.5.4	Trust: 0.3
vendor:	tenable	model:	nessus	scope:	eq	version:	6.5.3	Trust: 0.3
vendor:	tenable	model:	nessus	scope:	eq	version:	6.5.2	Trust: 0.3
vendor:	tenable	model:	nessus	scope:	eq	version:	6.5.1	Trust: 0.3
vendor:	tenable	model:	nessus	scope:	eq	version:	6.5	Trust: 0.3
vendor:	tenable	model:	nessus	scope:	eq	version:	6.4.3	Trust: 0.3
vendor:	tenable	model:	nessus	scope:	eq	version:	6.4.2	Trust: 0.3
vendor:	tenable	model:	nessus	scope:	eq	version:	6.4.1	Trust: 0.3
vendor:	tenable	model:	nessus	scope:	eq	version:	6.4	Trust: 0.3
vendor:	tenable	model:	nessus	scope:	eq	version:	6.3.7	Trust: 0.3
vendor:	tenable	model:	nessus	scope:	eq	version:	6.3.6	Trust: 0.3
vendor:	tenable	model:	nessus	scope:	eq	version:	6.3.5	Trust: 0.3
vendor:	tenable	model:	nessus	scope:	eq	version:	6.3.4	Trust: 0.3
vendor:	tenable	model:	nessus	scope:	eq	version:	6.3.3	Trust: 0.3
vendor:	tenable	model:	nessus	scope:	eq	version:	6.3.2	Trust: 0.3
vendor:	tenable	model:	nessus	scope:	eq	version:	6.3.1	Trust: 0.3
vendor:	tenable	model:	nessus	scope:	eq	version:	6.3	Trust: 0.3
vendor:	tenable	model:	nessus	scope:	eq	version:	6.2.1	Trust: 0.3
vendor:	tenable	model:	nessus	scope:	eq	version:	6.2	Trust: 0.3
vendor:	tenable	model:	nessus	scope:	eq	version:	6.1.2	Trust: 0.3
vendor:	tenable	model:	nessus	scope:	eq	version:	6.1.1	Trust: 0.3
vendor:	tenable	model:	nessus	scope:	eq	version:	6.1	Trust: 0.3
vendor:	tenable	model:	nessus	scope:	eq	version:	6.0.2	Trust: 0.3
vendor:	tenable	model:	nessus	scope:	eq	version:	6.0.1	Trust: 0.3
vendor:	tenable	model:	nessus	scope:	eq	version:	6.0	Trust: 0.3
vendor:	tenable	model:	nessus	scope:	eq	version:	5.2.7	Trust: 0.3
vendor:	tenable	model:	nessus	scope:	eq	version:	5.2.4	Trust: 0.3
vendor:	tenable	model:	nessus	scope:	eq	version:	5.2.3	Trust: 0.3
vendor:	tenable	model:	nessus	scope:	eq	version:	1.0.1	Trust: 0.3
vendor:	tenable	model:	nessus	scope:	eq	version:	7.0	Trust: 0.3
vendor:	tenable	model:	nessus	scope:	eq	version:	6.9.2	Trust: 0.3
vendor:	tenable	model:	nessus	scope:	eq	version:	6.9.1	Trust: 0.3
vendor:	tenable	model:	nessus	scope:	eq	version:	4.4.1	Trust: 0.3
vendor:	tenable	model:	nessus	scope:	eq	version:	3.0.3	Trust: 0.3
vendor:	redhat	model:	enterprise linux	scope:	eq	version:	7	Trust: 0.3
vendor:	redhat	model:	enterprise linux	scope:	eq	version:	6	Trust: 0.3
vendor:	redhat	model:	enterprise linux	scope:	eq	version:	5	Trust: 0.3
vendor:	oracle	model:	solaris	scope:	eq	version:	11.4	Trust: 0.3
vendor:	oracle	model:	solaris	scope:	eq	version:	11.3	Trust: 0.3
vendor:	oracle	model:	solaris	scope:	eq	version:	10	Trust: 0.3
vendor:	openssl	model:	project openssl	scope:	eq	version:	1.0.2	Trust: 0.3
vendor:	openssl	model:	project openssl 1.1.0h	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.1.0g	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.1.0f	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.1.0e	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.1.0d	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.1.0c	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.1.0b	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.1.0a	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.2p	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.2o	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.2n	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.2m	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.2l-git	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.2l	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.2k	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.2j	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.2i	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.2h	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.2g	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.2f	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.2e	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.2d	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.2c	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.2b	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.2a	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.2-1.0.2o	scope:	-	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl beta1	scope:	eq	version:	1.0.2	Trust: 0.3
vendor:	ibm	model:	vios	scope:	eq	version:	2.2.3	Trust: 0.3
vendor:	ibm	model:	vios	scope:	eq	version:	2.2.14	Trust: 0.3
vendor:	ibm	model:	vios	scope:	eq	version:	2.2	Trust: 0.3
vendor:	ibm	model:	vios	scope:	eq	version:	2.2.4.0	Trust: 0.3
vendor:	ibm	model:	vios	scope:	eq	version:	2.2.3.50	Trust: 0.3
vendor:	ibm	model:	vios	scope:	eq	version:	2.2.3.4	Trust: 0.3
vendor:	ibm	model:	vios	scope:	eq	version:	2.2.3.3	Trust: 0.3
vendor:	ibm	model:	vios	scope:	eq	version:	2.2.3.2	Trust: 0.3
vendor:	ibm	model:	vios	scope:	eq	version:	2.2.3.0	Trust: 0.3
vendor:	ibm	model:	vios	scope:	eq	version:	2.2.2.6	Trust: 0.3
vendor:	ibm	model:	vios	scope:	eq	version:	2.2.2.5	Trust: 0.3
vendor:	ibm	model:	vios	scope:	eq	version:	2.2.2.4	Trust: 0.3
vendor:	ibm	model:	vios	scope:	eq	version:	2.2.2.0	Trust: 0.3
vendor:	ibm	model:	vios	scope:	eq	version:	2.2.1.9	Trust: 0.3
vendor:	ibm	model:	vios	scope:	eq	version:	2.2.1.8	Trust: 0.3
vendor:	ibm	model:	vios	scope:	eq	version:	2.2.1.3	Trust: 0.3
vendor:	ibm	model:	vios	scope:	eq	version:	2.2.1.1	Trust: 0.3
vendor:	ibm	model:	vios	scope:	eq	version:	2.2.1.0	Trust: 0.3
vendor:	ibm	model:	vios	scope:	eq	version:	2.2.0.13	Trust: 0.3
vendor:	ibm	model:	vios	scope:	eq	version:	2.2.0.12	Trust: 0.3
vendor:	ibm	model:	vios	scope:	eq	version:	2.2.0.11	Trust: 0.3
vendor:	ibm	model:	vios	scope:	eq	version:	2.2.0.10	Trust: 0.3
vendor:	ibm	model:	aix	scope:	eq	version:	7.2	Trust: 0.3
vendor:	ibm	model:	aix	scope:	eq	version:	7.1	Trust: 0.3
vendor:	ibm	model:	aix	scope:	eq	version:	6.1	Trust: 0.3
vendor:	ibm	model:	aix	scope:	eq	version:	5.3	Trust: 0.3
vendor:	tenable	model:	nessus	scope:	ne	version:	8.1.1	Trust: 0.3
vendor:	openssl	model:	project openssl	scope:	ne	version:	1.1.1	Trust: 0.3
vendor:	openssl	model:	project openssl 1.1.0i	scope:	ne	version:	-	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.2q	scope:	ne	version:	-	Trust: 0.3

sources: BID: 105897 // CNNVD: CNNVD-201811-279 // NVD: CVE-2018-5407

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-5407
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-201811-279
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-135438
value:	LOW
Trust: 0.1
VULMON:	CVE-2018-5407
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2018-5407
severity:	LOW
baseScore:	1.9
vectorString:	AV:L/AC:M/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.4
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-135438
severity:	LOW
baseScore:	1.9
vectorString:	AV:L/AC:M/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.4
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-5407
baseSeverity:	MEDIUM
baseScore:	4.7
vectorString:	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.0
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-135438 // VULMON: CVE-2018-5407 // CNNVD: CNNVD-201811-279 // NVD: CVE-2018-5407

PROBLEMTYPE DATA

problemtype:	CWE-200	Trust: 1.1
problemtype:	CWE-203	Trust: 1.1

sources: VULHUB: VHN-135438 // NVD: CVE-2018-5407

THREAT TYPE

local

Trust: 1.1

sources: BID: 105897 // PACKETSTORM: 150860 // PACKETSTORM: 150561 // CNNVD: CNNVD-201811-279

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201811-279

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-135438 // VULMON: CVE-2018-5407

PATCH

title:	Red Hat: Moderate: openssl security and bug fix update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20190483 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: Red Hat Ansible Tower 3.4.3	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20190651 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: Red Hat JBoss Web Server 5.2 security release	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193931 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: Red Hat JBoss Web Server 5.2 security release	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193929 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: Red Hat Ansible Tower 3.3.5	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20190652 - Security Advisory	Trust: 0.1
title:	Ubuntu Security Notice: openssl, openssl1.0 vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3840-1	Trust: 0.1
title:	Red Hat: CVE-2018-5407	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2018-5407	Trust: 0.1
title:	HP: HPSBHF03597 rev. 3 - PortSmash Side-Channel Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=HPSBHF03597	Trust: 0.1
title:	Arch Linux Issues:	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2018-5407	Trust: 0.1
title:	Arch Linux Advisories: [ASA-201812-7] lib32-openssl-1.0: private key recovery	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201812-7	Trust: 0.1
title:	Red Hat: Moderate: ovmf security and enhancement update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192125 - Security Advisory	Trust: 0.1
title:	HP: SUPPORT COMMUNICATION- SECURITY BULLETIN HPSBHF03597 rev. 3 - PortSmash Side-Channel Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=ffa91dec4581eb47b3539880d466865f	Trust: 0.1
title:	Amazon Linux AMI: ALAS-2019-1188	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2019-1188	Trust: 0.1
title:	Arch Linux Advisories: [ASA-201812-8] openssl-1.0: private key recovery	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201812-8	Trust: 0.1
title:	Debian Security Advisories: DSA-4355-1 openssl1.0 -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=7cc6b04edacd67d6e5bf27bd36f54217	Trust: 0.1
title:	Amazon Linux 2: ALAS2-2019-1188	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2019-1188	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193935 - Security Advisory	Trust: 0.1
title:	IBM: IBM Security Bulletin: IBM QRadar Network Security is affected by a an openssl vulnerability (CVE-2018-5407)	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=002162619f80b70121c9a8d365823283	Trust: 0.1
title:	IBM: IBM Security Bulletin: OpenSSL as used in IBM QRadar SIEM is vulnerable to a information disclosure (CVE-2018-5407)	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=8aafdc7a03aa0793602eaa5ae3724cec	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release on RHEL 6	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193932 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release on RHEL 7	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193933 - Security Advisory	Trust: 0.1
title:	Debian Security Advisories: DSA-4348-1 openssl -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=322bd50b7b929759e38c99b73122a852	Trust: 0.1
title:	IBM: IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Integrated Analytics System	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=78c4a4229b60aec60d80d95cb29a4147	Trust: 0.1
title:	IBM: IBM Security Bulletin: A vulnerability in OpenSSL affects PowerKVM	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=e1dbc019531cd5742827de595730d1b0	Trust: 0.1
title:	IBM: IBM Security Bulletin: IBM has released Unified Extensible Firmware Interface (UEFI) fixes in response to OpenSSL vulnerability CVE-2018-5407	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=e2e9722c1fb1c14c9f54120082381491	Trust: 0.1
title:	IBM: IBM Security Bulletin: A security vulnerability has been identified in OpenSSL, which is shipped with IBM Tivoli Network Manager IP Edition (CVE-2018-5407)	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=49fff94fe759cd40f1f516a339f15743	Trust: 0.1
title:	IBM: IBM Security Bulletin: Multiple Security Vulnerabilities in OpenSSL Affect IBM Sterling B2B Integrator (CVE-2018-0734, CVE-2018-5407)	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=e4ca493bfda92c5355c98328872a84e5	Trust: 0.1
title:	IBM: IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Rational ClearQuest (CVE-2018-0734, CVE-2018-5407)	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=c36f1dd66164e22918d817553be91620	Trust: 0.1
title:	IBM: IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Sterling Connect:Express for UNIX (CVE-2018-0734 and CVE-2018-5407)	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=fda6d001f041b9b0a29d906059d798b4	Trust: 0.1
title:	IBM: IBM Security Bulletin: IBM DataPower Gateway is affected by vulnerabilities in OpenSSL	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=c7313d7a6ba5364a603c214269588feb	Trust: 0.1
title:	IBM: IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Rational ClearCase (CVE-2018-0734, CVE-2018-5407)	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=ddeebd7237369bd2318e4087834121a5	Trust: 0.1
title:	IBM: IBM Security Bulletin: Security vulnerabilities identified in OpenSSL affect Rational Build Forge (CVE-2018-0734, CVE-2018-5407 and CVE-2019-1559)	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=e59d7f075c856823d6f7370dea35e662	Trust: 0.1
title:	Tenable Security Advisories: [R1] Nessus 8.1.1 Fixes Multiple Third-party Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2018-16	Trust: 0.1
title:	IBM: IBM Security Bulletin: IBM Event Streams is affected by OpenSSL vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=efdce9b94f89918f3f2b2dfc69780ccd	Trust: 0.1
title:	IBM: IBM Security Bulletin: IBM InfoSphere Master Data Management Standard and Advanced Editions are affected by vulnerabilities in OpenSSL (CVE-2018-0735, CVE-2018-0734, CVE-2018-5407)	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=c829d56f5888779e791387897875c4b4	Trust: 0.1
title:	Tenable Security Advisories: [R1] Nessus 7.1.4 Fixes Multiple Third-party Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2018-17	Trust: 0.1
title:	IBM: IBM Security Bulletin: BigFix Platform 9.2.x affected by multiple vulnerabilities (CVE-2017-1231, CVE-2018-5407, CVE-2012-5883, CVE-2012-6708, CVE-2015-9251)	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=3101664cb57ad9d937108c187df59ecf	Trust: 0.1
title:	IBM: IBM Security Bulletin: BigFix Platform 9.5.x affected by multiple vulnerabilities (CVE-2019-4013, CVE-2018-5407, CVE-2012-5883, CVE-2012-6708, CVE-2015-9251)	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=7dde8d528837d3c0eae28428fd6e703d	Trust: 0.1
title:	IBM: IBM Security Bulletin: Multiple Security Vulnerabilities affect IBM® Cloud Private – Node.js	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=2e571e7bc5566212c3e69e37ecfa5ad4	Trust: 0.1
title:	IBM: IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Rational Application Developer for WebSphere Software	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=2bd72b857f21f300d83d07a791be44cf	Trust: 0.1
title:	IBM: IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Cloud App Management V2018	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=dce787e9d669a768893a91801bf5eea4	Trust: 0.1
title:	IBM: IBM Security Bulletin: Multiple vulnerabilities affect IBM® SDK for Node.js™ in IBM Cloud	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=26f585287da19915b94b6cae2d1b864f	Trust: 0.1
title:	IBM: IBM Security Bulletin: Multiple Security Vulnerabilities have been addressed in IBM Security Access Manager Appliance	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=800337bc69aa7ad92ac88a2adcc7d426	Trust: 0.1
title:	IBM: IBM Security Bulletin: Multiple Security Vulnerabilities affect IBM® Cloud Private – fluentd	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=60de0933c28b353f38df30120aa2a908	Trust: 0.1
title:	Oracle: Oracle Critical Patch Update Advisory - January 2019	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=f655264a6935505d167bbf45f409a57b	Trust: 0.1
title:	IBM: IBM Security Bulletin: Vyatta 5600 vRouter Software Patches – Releases 1801-w and 1801-y	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=bf3f2299a8658b7cd3984c40e7060666	Trust: 0.1
title:	Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2019	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=aea3fcafd82c179d3a5dfa015e920864	Trust: 0.1
title:	IBM: IBM Security Bulletin: Vyatta 5600 vRouter Software Patches – Release 1801-v	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=413b5f9466c1ebf3ab090a45e189b43e	Trust: 0.1
title:	IBM: IBM Security Bulletin: IBM API Connect has addressed multiple vulnerabilities in Developer Portal’s dependencies – Cumulative list from June 28, 2018 to December 13, 2018	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=43da2cd72c1e378d8d94ecec029fcc61	Trust: 0.1
title:	portsmash	url:	https://github.com/bbbrumley/portsmash	Trust: 0.1
title:	vyger	url:	https://github.com/mrodden/vyger	Trust: 0.1
title:	Firmware-Security	url:	https://github.com/virusbeeE/Firmware-Security	Trust: 0.1
title:	Hardware-and-Firmware-Security-Guidance	url:	https://github.com/nsacyber/Hardware-and-Firmware-Security-Guidance	Trust: 0.1
title:	hardware-attacks-state-of-the-art	url:	https://github.com/codexlynx/hardware-attacks-state-of-the-art	Trust: 0.1
title:	Threatpost	url:	https://threatpost.com/portsmash-side-channel-attack-siphons-data-from-intel-other-cpus/138777/	Trust: 0.1

sources: VULMON: CVE-2018-5407

EXTERNAL IDS

db:	NVD	id:	CVE-2018-5407	Trust: 3.0
db:	TENABLE	id:	TNS-2018-16	Trust: 2.1
db:	BID	id:	105897	Trust: 2.1
db:	TENABLE	id:	TNS-2018-17	Trust: 1.8
db:	EXPLOIT-DB	id:	45785	Trust: 1.8
db:	PACKETSTORM	id:	152084	Trust: 0.7
db:	CNNVD	id:	CNNVD-201811-279	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.0514	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4293	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.0644.2	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4405	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.0696	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.0811	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.0481	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.0529	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.3390.4	Trust: 0.6
db:	PACKETSTORM	id:	155414	Trust: 0.6
db:	PACKETSTORM	id:	155413	Trust: 0.2
db:	PACKETSTORM	id:	152241	Trust: 0.2
db:	PACKETSTORM	id:	152240	Trust: 0.2
db:	PACKETSTORM	id:	152071	Trust: 0.2
db:	PACKETSTORM	id:	155415	Trust: 0.2
db:	PACKETSTORM	id:	150138	Trust: 0.1
db:	VULHUB	id:	VHN-135438	Trust: 0.1
db:	VULMON	id:	CVE-2018-5407	Trust: 0.1
db:	PACKETSTORM	id:	150437	Trust: 0.1
db:	PACKETSTORM	id:	155417	Trust: 0.1
db:	PACKETSTORM	id:	150860	Trust: 0.1
db:	PACKETSTORM	id:	150561	Trust: 0.1

sources: VULHUB: VHN-135438 // VULMON: CVE-2018-5407 // BID: 105897 // PACKETSTORM: 150437 // PACKETSTORM: 152240 // PACKETSTORM: 155417 // PACKETSTORM: 155413 // PACKETSTORM: 152071 // PACKETSTORM: 150860 // PACKETSTORM: 150561 // PACKETSTORM: 155415 // PACKETSTORM: 152241 // CNNVD: CNNVD-201811-279 // NVD: CVE-2018-5407

REFERENCES

url:	http://www.securityfocus.com/bid/105897	Trust: 2.5
url:	https://access.redhat.com/errata/rhsa-2019:0483	Trust: 2.5
url:	https://access.redhat.com/errata/rhsa-2019:3929	Trust: 2.5
url:	https://access.redhat.com/errata/rhsa-2019:3931	Trust: 2.5
url:	https://github.com/bbbrumley/portsmash	Trust: 2.2
url:	https://www.tenable.com/security/tns-2018-16	Trust: 2.1
url:	https://www.exploit-db.com/exploits/45785/	Trust: 1.9
url:	https://access.redhat.com/errata/rhsa-2019:0651	Trust: 1.9
url:	https://access.redhat.com/errata/rhsa-2019:0652	Trust: 1.9
url:	https://access.redhat.com/errata/rhsa-2019:3932	Trust: 1.9
url:	https://usn.ubuntu.com/3840-1/	Trust: 1.9
url:	https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/	Trust: 1.8
url:	https://security.netapp.com/advisory/ntap-20181126-0001/	Trust: 1.8
url:	https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html	Trust: 1.8
url:	https://www.tenable.com/security/tns-2018-17	Trust: 1.8
url:	https://www.debian.org/security/2018/dsa-4348	Trust: 1.8
url:	https://www.debian.org/security/2018/dsa-4355	Trust: 1.8
url:	https://security.gentoo.org/glsa/201903-10	Trust: 1.8
url:	https://eprint.iacr.org/2018/1060.pdf	Trust: 1.8
url:	https://www.oracle.com/security-alerts/cpuapr2020.html	Trust: 1.8
url:	https://www.oracle.com/security-alerts/cpujan2020.html	Trust: 1.8
url:	https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html	Trust: 1.8
url:	https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html	Trust: 1.8
url:	https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2019:2125	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2019:3933	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2019:3935	Trust: 1.8
url:	https://support.f5.com/csp/article/k49711130?utm_source=f5support&amp%3butm_medium=rss	Trust: 1.1
url:	https://access.redhat.com/security/cve/cve-2018-5407	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2018-5407	Trust: 0.9
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.6
url:	https://access.redhat.com/security/team/contact/	Trust: 0.6
url:	https://support.f5.com/csp/article/k49711130?utm_source=f5support&utm_medium=rss	Trust: 0.6
url:	https://support.symantec.com/us/en/article.symsa1490.html	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1096270	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1106139	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1106487	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1106553	Trust: 0.6
url:	http://www.ibm.com/support/docview.wss	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/75658	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.0696	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/76338	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-openssl-affect-ibm-tivoli-netcool-system-service-monitors-application-service-monitors-cve-2018-5407cve-2020-1967cve-2018-0734cve-2019-1563cve-2019/	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1106493	Trust: 0.6
url:	https://packetstormsecurity.com/files/155414/red-hat-security-advisory-2019-3935-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4405/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.0529/	Trust: 0.6
url:	https://packetstormsecurity.com/files/152084/gentoo-linux-security-advisory-201903-10.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4293/	Trust: 0.6
url:	https://www.ibm.com/support/docview.wss?uid=ibm10869830	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/77062	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1143442	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1118487	Trust: 0.6
url:	https://www-01.ibm.com/support/docview.wss?uid=ibm10870936	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.3390.4/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-openssl-affect-ibm-spectrum-protect-plus-cve-2018-0735-cve-2018-0734-cve-2018-5407/	Trust: 0.6
url:	https://www-01.ibm.com/support/docview.wss?uid=ibm10873310	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/75802	Trust: 0.6
url:	https://access.redhat.com/security/updates/classification/#moderate	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0734	Trust: 0.4
url:	https://access.redhat.com/articles/11258	Trust: 0.4
url:	https://bugzilla.redhat.com/):	Trust: 0.4
url:	https://www.openssl.org/news/cl102.txt	Trust: 0.3
url:	http://openssl.org/	Trust: 0.3
url:	https://bugzilla.redhat.com/show_bug.cgi?id=1645695	Trust: 0.3
url:	https://www.openssl.org/news/openssl-1.0.2-notes.html	Trust: 0.3
url:	https://www.openssl.org/news/secadv/20181112.txt	Trust: 0.3
url:	https://www.oracle.com/technetwork/topics/security/bulletinjan2019-5251593.html	Trust: 0.3
url:	http://aix.software.ibm.com/aix/efixes/security/openssl_advisory29.asc	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0737	Trust: 0.3
url:	https://access.redhat.com/security/team/key/	Trust: 0.3
url:	https://docs.ansible.com/ansible-tower/latest/html/release-notes/index.html	Trust: 0.2
url:	https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-10072	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-0221	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-1559	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-1559	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0221	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-10072	Trust: 0.2
url:	https://www.debian.org/security/faq	Trust: 0.2
url:	https://www.debian.org/security/	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0732	Trust: 0.2
url:	https://support.f5.com/csp/article/k49711130?utm_source=f5support&amp;utm_medium=rss	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/203.html	Trust: 0.1
url:	https://threatpost.com/portsmash-side-channel-attack-siphons-data-from-intel-other-cpus/138777/	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://tools.cisco.com/security/center/viewalert.x?alertid=59118	Trust: 0.1
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0734	Trust: 0.1
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5407	Trust: 0.1
url:	http://slackware.com	Trust: 0.1
url:	http://osuosl.org)	Trust: 0.1
url:	http://slackware.com/gpg-key	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-3838	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-3838	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-3835	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-3835	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9513	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-9511	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9517	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0197	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-17199	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9511	Trust: 0.1
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-17189	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-9517	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-0737	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-17199	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-9516	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-9513	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-0217	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0217	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-0197	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-17189	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9516	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-0196	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0196	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-0734	Trust: 0.1
url:	https://security-tracker.debian.org/tracker/openssl1.0	Trust: 0.1
url:	https://security-tracker.debian.org/tracker/openssl	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0735	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_jboss_web_server/5.2/	Trust: 0.1

CREDITS

Red Hat

Trust: 0.6

sources: PACKETSTORM: 152240 // PACKETSTORM: 155417 // PACKETSTORM: 155413 // PACKETSTORM: 152071 // PACKETSTORM: 155415 // PACKETSTORM: 152241

SOURCES

db:	VULHUB	id:	VHN-135438
db:	VULMON	id:	CVE-2018-5407
db:	BID	id:	105897
db:	PACKETSTORM	id:	150437
db:	PACKETSTORM	id:	152240
db:	PACKETSTORM	id:	155417
db:	PACKETSTORM	id:	155413
db:	PACKETSTORM	id:	152071
db:	PACKETSTORM	id:	150860
db:	PACKETSTORM	id:	150561
db:	PACKETSTORM	id:	155415
db:	PACKETSTORM	id:	152241
db:	CNNVD	id:	CNNVD-201811-279
db:	NVD	id:	CVE-2018-5407

LAST UPDATE DATE

2025-04-26T21:35:43.373000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-135438	date:	2020-09-18T00:00:00
db:	VULMON	id:	CVE-2018-5407	date:	2023-11-07T00:00:00
db:	BID	id:	105897	date:	2019-01-17T10:00:00
db:	CNNVD	id:	CNNVD-201811-279	date:	2022-03-10T00:00:00
db:	NVD	id:	CVE-2018-5407	date:	2024-11-21T04:08:45.530

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-135438	date:	2018-11-15T00:00:00
db:	VULMON	id:	CVE-2018-5407	date:	2018-11-15T00:00:00
db:	BID	id:	105897	date:	2018-10-30T00:00:00
db:	PACKETSTORM	id:	150437	date:	2018-11-22T23:23:23
db:	PACKETSTORM	id:	152240	date:	2019-03-27T00:33:09
db:	PACKETSTORM	id:	155417	date:	2019-11-20T21:11:11
db:	PACKETSTORM	id:	155413	date:	2019-11-20T20:32:22
db:	PACKETSTORM	id:	152071	date:	2019-03-13T14:25:37
db:	PACKETSTORM	id:	150860	date:	2018-12-20T15:05:22
db:	PACKETSTORM	id:	150561	date:	2018-12-03T21:06:37
db:	PACKETSTORM	id:	155415	date:	2019-11-20T20:44:44
db:	PACKETSTORM	id:	152241	date:	2019-03-27T00:35:38
db:	CNNVD	id:	CNNVD-201811-279	date:	2018-11-12T00:00:00
db:	NVD	id:	CVE-2018-5407	date:	2018-11-15T21:29:00.233