ID

VAR-201811-0912


CVE

CVE-2018-5407


TITLE

HPE Integrated Lights-Out 5 , HPE Integrated Lights-Out 4 , HPE Integrated Lights-Out 3 Vulnerabilities related to security functions

Trust: 0.8

sources: JVNDB: JVNDB-2018-012393

DESCRIPTION

Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'. HPE Integrated Lights-Out 5 (iLO 5) , HPE Integrated Lights-Out 4(iLO 4) , HPE Integrated Lights-Out 3 (iLO 3) Contains vulnerabilities related to security features.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Simultaneous Multi-threading (SMT) Contains an information disclosure vulnerability.Information may be obtained. OpenSSL is prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information. This may aid in further attacks. The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc. This vulnerability stems from configuration errors in network systems or products during operation. OpenSSL Security Advisory [12 November 2018] ============================================ Microarchitecture timing vulnerability in ECC scalar multiplication (CVE-2018-5407) =================================================================================== Severity: Low OpenSSL ECC scalar multiplication, used in e.g. ECDSA and ECDH, has been shown to be vulnerable to a microarchitecture timing side channel attack. An attacker with sufficient access to mount local timing attacks during ECDSA signature generation could recover the private key. This issue does not impact OpenSSL 1.1.1 and is already fixed in the latest version of OpenSSL 1.1.0 (1.1.0i). OpenSSL 1.0.2 is affected but due to the low severity of this issue we are not creating a new release at this time. The 1.0.2 mitigation for this issue can be found in commit b18162a7c. OpenSSL 1.1.0 users should upgrade to 1.1.0i. This issue was reported to OpenSSL on 26th October 2018 by Alejandro Cabrera Aldaya, Billy Brumley, Sohaib ul Hassan, Cesar Pereida Garcia and Nicola Tuveri. Note ==== OpenSSL 1.1.0 is currently only receiving security updates. Support for this version will end on 11th September 2019. Users of this version should upgrade to OpenSSL 1.1.1. References ========== URL for this Security Advisory: https://www.openssl.org/news/secadv/20181112.txt Note: the online version of the advisory may be updated with additional details over time. For details of OpenSSL severity classifications please see: https://www.openssl.org/policies/secpolicy.html . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201903-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: OpenSSL: Multiple vulnerabilities Date: March 14, 2019 Bugs: #673056, #678564 ID: 201903-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple Information Disclosure vulnerabilities in OpenSSL allow attackers to obtain sensitive information. Background ========== OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general purpose cryptography library. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/openssl < 1.0.2r >= 1.0.2r Description =========== Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker to obtain sensitive information, caused by the failure to immediately close the TCP connection after the hosts encounter a zero-length record with valid padding. A local attacker could run a malicious process next to legitimate processes using the architectureas parallel thread running capabilities to leak encrypted data from the CPU's internal processes. Workaround ========== There is no known workaround at this time. Resolution ========== All OpenSSL users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.2r" References ========== [ 1 ] CVE-2018-5407 https://nvd.nist.gov/vuln/detail/CVE-2018-5407 [ 2 ] CVE-2019-1559 https://nvd.nist.gov/vuln/detail/CVE-2019-1559 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201903-10 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2019 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release adds the new Apache HTTP Server 2.4.37 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.29 and includes bug fixes and enhancements. Security Fix(es): * openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys (CVE-2018-0737) * openssl: timing side channel attack in the DSA signature algorithm (CVE-2018-0734) * mod_auth_digest: access control bypass due to race condition (CVE-2019-0217) * openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407) * mod_session_cookie does not respect expiry time (CVE-2018-17199) * mod_http2: DoS via slow, unneeded request bodies (CVE-2018-17189) * mod_http2: possible crash on late upgrade (CVE-2019-0197) * mod_http2: read-after-free on a string compare (CVE-2019-0196) * nghttp2: HTTP/2: large amount of data request leads to denial of service (CVE-2019-9511) * nghttp2: HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption (CVE-2019-9513) * mod_http2: HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516) * mod_http2: HTTP/2: request for large response leads to denial of service (CVE-2019-9517) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/): 1568253 - CVE-2018-0737 openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys 1644364 - CVE-2018-0734 openssl: timing side channel attack in the DSA signature algorithm 1645695 - CVE-2018-5407 openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) 1668493 - CVE-2018-17199 httpd: mod_session_cookie does not respect expiry time 1668497 - CVE-2018-17189 httpd: mod_http2: DoS via slow, unneeded request bodies 1695020 - CVE-2019-0217 httpd: mod_auth_digest: access control bypass due to race condition 1695030 - CVE-2019-0196 httpd: mod_http2: read-after-free on a string compare 1695042 - CVE-2019-0197 httpd: mod_http2: possible crash on late upgrade 1735741 - CVE-2019-9513 HTTP/2: flood using PRIORITY frames results in excessive resource consumption 1741860 - CVE-2019-9511 HTTP/2: large amount of data requests leads to denial of service 1741864 - CVE-2019-9516 HTTP/2: 0-length headers lead to denial of service 1741868 - CVE-2019-9517 HTTP/2: request for large response leads to denial of service 5. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. Bugs fixed (https://bugzilla.redhat.com/): 1645695 - CVE-2018-5407 openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) 1683804 - CVE-2019-1559 openssl: 0-byte record padding oracle 1713275 - CVE-2019-0221 tomcat: XSS in SSI printenv 1723708 - CVE-2019-10072 tomcat: HTTP/2 connection window exhaustion on write, incomplete fix of CVE-2019-0199 5. For the stable distribution (stretch), these problems have been fixed in version 1.1.0j-1~deb9u1. For the detailed security status of openssl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openssl Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlwBuAcACgkQEMKTtsN8 TjZbBw/+MOB5+pZbCHHXyH3IeD+yj+tSPvmNc3SCwdEtUxGXr0ZX7TKHfaLs/8s6 Udto0K8a1FvjrcUQCfhnFpNcSAv9pxX13Fr6Pd560miIfAu9/5jAqiCufCoiz+xj 45LNJGlaxxaFjgBGCitZSJA0Fc4SM6v5XFyJfR3kChdQ/3kGQbbMNAp16Fy3ZsxJ VXwviomUxmmmdvjxyhifTIpuwr9OiJSQ+13etQjTDQ3pzSbLBPSOxmpV0vPIC7I2 Dwa4zuQXA/DF4G6l8T4rXCwCN4e4pwbTc8bbCjXeZK+iVAhnRD6wXlS3cc5IVAzx /qTa89LZU8B6ylcB6nodeAHLuZTC3Le8ndoxYz5S2/jHZMM/jCQNHYJemHWNbOqn q+e5W0D1fIVLiLoL/iHW5XhN6yJY2Ma7zjXMRBnkzJA9CTNIKgUjrSFz0Ud+wIM/ u8QhNPwZ0hPd5IfSgIyWqmuQ5XzFYqAQvwT1gUJiK7tIvuT0VsSyKVaSZVbi4yrM 9sxkZaP1UNLcTVCFw6A0KFwhb9z6kQtyH1MRkFPphmnb8jlHA3cTdPJkFUBi3VaT 7izThm5/mVLbAjZ8X7nkqnzWzmc885j0ml3slDd/MOVWB5CD3vFAcI8k3VZr3A61 P2gNSN6UbAbLMGsxgs3hYUHgazi7MdXJ/aNavjGSbYBNL780Iaw=3Qji -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: ovmf security and enhancement update Advisory ID: RHSA-2019:2125-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:2125 Issue date: 2019-08-06 CVE Names: CVE-2017-5731 CVE-2017-5732 CVE-2017-5733 CVE-2017-5734 CVE-2017-5735 CVE-2018-3613 CVE-2018-5407 CVE-2018-12181 CVE-2019-0160 CVE-2019-0161 ==================================================================== 1. Summary: An update for ovmf is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server (v. 7) - noarch 3. Description: OVMF (Open Virtual Machine Firmware) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fix(es): * edk2: Privilege escalation via processing of malformed files in TianoCompress.c (CVE-2017-5731) * edk2: Privilege escalation via processing of malformed files in BaseUefiDecompressLib.c (CVE-2017-5732) * edk2: Privilege escalation via heap-based buffer overflow in MakeTable() function (CVE-2017-5733) * edk2: Privilege escalation via stack-based buffer overflow in MakeTable() function (CVE-2017-5734) * edk2: Privilege escalation via heap-based buffer overflow in Decode() function (CVE-2017-5735) * edk2: Logic error in MdeModulePkg in EDK II firmware allows for privilege escalation by authenticated users (CVE-2018-3613) * openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407) * edk2: Stack buffer overflow with corrupted BMP (CVE-2018-12181) * edk2: buffer overflows in PartitionDxe and UdfDxe with long file names and invalid UDF media (CVE-2019-0160) * edk2: stack overflow in XHCI causing denial of service (CVE-2019-0161) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1641433 - CVE-2018-3613 edk2: Logic error in MdeModulePkg in EDK II firmware allows for privilege escalation by authenticated users 1641442 - CVE-2017-5731 edk2: Privilege escalation via processing of malformed files in TianoCompress.c 1641446 - CVE-2017-5732 edk2: Privilege escalation via processing of malformed files in BaseUefiDecompressLib.c 1641450 - CVE-2017-5733 edk2: Privilege escalation via heap-based buffer overflow in MakeTable() function 1641458 - CVE-2017-5734 edk2: Privilege escalation via stack-based buffer overflow in MakeTable() function 1641465 - CVE-2017-5735 edk2: Privilege escalation via heap-based buffer overflow in Decode() function 1645695 - CVE-2018-5407 openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) 1686783 - CVE-2018-12181 edk2: Stack buffer overflow with corrupted BMP 1691640 - CVE-2019-0160 edk2: buffer overflows in PartitionDxe and UdfDxe with long file names and invalid UDF media 1694065 - CVE-2019-0161 edk2: stack overflow in XHCI causing denial of service 6. Package List: Red Hat Enterprise Linux Server (v. 7): Source: ovmf-20180508-6.gitee3198e672e2.el7.src.rpm noarch: OVMF-20180508-6.gitee3198e672e2.el7.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-5731 https://access.redhat.com/security/cve/CVE-2017-5732 https://access.redhat.com/security/cve/CVE-2017-5733 https://access.redhat.com/security/cve/CVE-2017-5734 https://access.redhat.com/security/cve/CVE-2017-5735 https://access.redhat.com/security/cve/CVE-2018-3613 https://access.redhat.com/security/cve/CVE-2018-5407 https://access.redhat.com/security/cve/CVE-2018-12181 https://access.redhat.com/security/cve/CVE-2019-0160 https://access.redhat.com/security/cve/CVE-2019-0161 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXUl2ZNzjgjWX9erEAQhKuA/+O5K7BxvCHuj1pDM/pezYzjBfOcdVKQWz L61IFKCy653XFNrw0fLFh8Er+/vkrlZD93rmGl9JqU4PmaeqO8Tofgw9d3XsuaI6 7hWuhyiYqjzkbRP+XZGQK3B8a8aY4a2uRMjNemo9nMjLTuEpkGWShxo6O0AGPuCG GLhV6PTqAmNaxQSqEIdzzBk/YTVx+/ElEKEAYINfhyFV/KLAJcEso/v9DwA0vRaR J0srktZqKHG0WZ8JUMGBT+iEfwsgWI/oZP2DdcUwALTtS8LiGsY6eUmhR6Hj7BBx DDazP8ihme8q1Z3sTZVb+s2O4/v76bFexY6Q+k5SkS9/Xs8kYan8twTXo+r3d8Hy AJBtCnUS8WQV3mXokvIjPtEWfzomcL0N2RYJlhFMFwO43LLUfBH2k7yq+4qQRPqC KJI/I0lqckFDPJcW1T5CPhzPmixGchWoJpMzxNI4axznXg5SeyEX0Rd2czsuCUA0 wPXmrt6VBpEReROhjY0707Wyaq65BZws9+E7CoXDjvKiobQ/yHUVmv1GdUDeHpH5 dhOU+BMp38VwPORp/hX/cbm+FIZyPZWBKtOF/fuPJ3VV8xKNyGZ4Igcr9AdHT9O+ nHDfz2bu3595ZdZlUMw5wMb3pvtT48dT1NAgwsvTWgts/p9tg/JqoD3DJkHQaDiG bSZXnvoCTGA=vpvG -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================== Ubuntu Security Notice USN-3840-1 December 06, 2018 openssl, openssl1.0 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.10 - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Several security issues were fixed in OpenSSL. (CVE-2018-0734) Samuel Weiser discovered that OpenSSL incorrectly handled ECDSA signing. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. This issue is known as "PortSmash". (CVE-2018-5407) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10: libssl1.0.0 1.0.2n-1ubuntu6.1 libssl1.1 1.1.1-1ubuntu2.1 Ubuntu 18.04 LTS: libssl1.0.0 1.0.2n-1ubuntu5.2 libssl1.1 1.1.0g-2ubuntu4.3 Ubuntu 16.04 LTS: libssl1.0.0 1.0.2g-1ubuntu4.14 Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.27 After a standard system update you need to reboot your computer to make all the necessary changes. Solution: For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/ index.html 4

Trust: 3.42

sources: NVD: CVE-2018-5407 // JVNDB: JVNDB-2018-012393 // JVNDB: JVNDB-2018-012363 // BID: 105897 // VULHUB: VHN-135438 // PACKETSTORM: 169678 // PACKETSTORM: 152084 // PACKETSTORM: 155414 // PACKETSTORM: 155413 // PACKETSTORM: 150561 // PACKETSTORM: 153887 // PACKETSTORM: 150683 // PACKETSTORM: 152241

AFFECTED PRODUCTS

vendor:oraclemodel:mysql enterprise backupscope:lteversion:3.12.3

Trust: 1.0

vendor:redhatmodel:enterprise linux serverscope:eqversion:7.6

Trust: 1.0

vendor:oraclemodel:mysql enterprise backupscope:lteversion:4.1.2

Trust: 1.0

vendor:nodejsmodel:node.jsscope:ltversion:6.14.4

Trust: 1.0

vendor:redhatmodel:enterprise linux server tusscope:eqversion:7.6

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:8.0.0

Trust: 1.0

vendor:redhatmodel:enterprise linux serverscope:eqversion:7.0

Trust: 1.0

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:eqversion:15.2

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:10.0.0

Trust: 1.0

vendor:oraclemodel:enterprise manager base platformscope:eqversion:13.2.0.0.0

Trust: 1.0

vendor:oraclemodel:peoplesoft enterprise peopletoolsscope:eqversion:8.56

Trust: 1.0

vendor:oraclemodel:peoplesoft enterprise peopletoolsscope:eqversion:8.57

Trust: 1.0

vendor:oraclemodel:vm virtualboxscope:ltversion:6.0.0

Trust: 1.0

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:eqversion:16.2

Trust: 1.0

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:eqversion:18.8

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:14.04

Trust: 1.0

vendor:oraclemodel:application serverscope:eqversion:1.0.1

Trust: 1.0

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:gteversion:17.7

Trust: 1.0

vendor:redhatmodel:enterprise linux desktopscope:eqversion:7.0

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:8.0

Trust: 1.0

vendor:oraclemodel:application serverscope:eqversion:0.9.8

Trust: 1.0

vendor:tenablemodel:nessusscope:ltversion:8.1.1

Trust: 1.0

vendor:oraclemodel:peoplesoft enterprise peopletoolsscope:eqversion:8.55

Trust: 1.0

vendor:opensslmodel:opensslscope:ltversion:1.0.2q

Trust: 1.0

vendor:opensslmodel:opensslscope:gteversion:1.0.2

Trust: 1.0

vendor:redhatmodel:enterprise linux workstationscope:eqversion:7.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:18.04

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:16.04

Trust: 1.0

vendor:oraclemodel:application serverscope:eqversion:1.0.0

Trust: 1.0

vendor:redhatmodel:enterprise linux server ausscope:eqversion:7.6

Trust: 1.0

vendor:nodejsmodel:node.jsscope:ltversion:8.11.4

Trust: 1.0

vendor:opensslmodel:opensslscope:ltversion:1.1.0i

Trust: 1.0

vendor:oraclemodel:api gatewayscope:eqversion:11.1.2.4.0

Trust: 1.0

vendor:oraclemodel:enterprise manager ops centerscope:eqversion:12.3.3

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:18.10

Trust: 1.0

vendor:oraclemodel:tuxedoscope:eqversion:12.1.1.0.0

Trust: 1.0

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:eqversion:15.1

Trust: 1.0

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:eqversion:16.1

Trust: 1.0

vendor:opensslmodel:opensslscope:gteversion:1.1.0

Trust: 1.0

vendor:oraclemodel:enterprise manager base platformscope:eqversion:12.1.0.5.0

Trust: 1.0

vendor:redhatmodel:enterprise linux server eusscope:eqversion:7.6

Trust: 1.0

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:lteversion:17.12

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:oraclemodel:enterprise manager base platformscope:eqversion:13.3.0.0.0

Trust: 1.0

vendor:nodejsmodel:node.jsscope:ltversion:10.9.0

Trust: 1.0

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:eqversion:8.4

Trust: 1.0

vendor:oraclemodel:mysql enterprise backupscope:gteversion:3.12.4

Trust: 1.0

vendor:hewlett packardmodel:hpe integrated lights-out 3scope:ltversion:1.90

Trust: 0.8

vendor:hewlett packardmodel:hpe integrated lights-out 4scope:ltversion:2.61

Trust: 0.8

vendor:hewlett packardmodel:hpe integrated lights-out 5scope:ltversion:1.35

Trust: 0.8

vendor:canonicalmodel:ubuntuscope: - version: -

Trust: 0.8

vendor:debianmodel:gnu/linuxscope: - version: -

Trust: 0.8

vendor:node jsmodel:node.jsscope: - version: -

Trust: 0.8

vendor:opensslmodel:opensslscope: - version: -

Trust: 0.8

vendor:opensslmodel:opensslscope:eqversion:1.1.0h

Trust: 0.6

vendor:tenablemodel:nessusscope:eqversion:8.1

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:8.0

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:7.2.2

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:7.2.1

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:7.2

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:7.1.3

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:7.1.2

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:7.1.1

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:7.1

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:6.9.3

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:6.9

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:6.8

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:6.7

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:6.6.2

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:6.6.1

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:6.6

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:6.5.6

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:6.5.5

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:6.5.4

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:6.5.3

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:6.5.2

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:6.5.1

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:6.5

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:6.4.3

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:6.4.2

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:6.4.1

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:6.4

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:6.3.7

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:6.3.6

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:6.3.5

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:6.3.4

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:6.3.3

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:6.3.2

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:6.3.1

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:6.3

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:6.2.1

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:6.2

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:6.1.2

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:6.1.1

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:6.1

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:6.0.2

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:6.0.1

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:6.0

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:5.2.7

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:5.2.4

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:5.2.3

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:1.0.1

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:7.0

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:6.9.2

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:6.9.1

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:4.4.1

Trust: 0.3

vendor:tenablemodel:nessusscope:eqversion:3.0.3

Trust: 0.3

vendor:redhatmodel:enterprise linuxscope:eqversion:7

Trust: 0.3

vendor:redhatmodel:enterprise linuxscope:eqversion:6

Trust: 0.3

vendor:redhatmodel:enterprise linuxscope:eqversion:5

Trust: 0.3

vendor:oraclemodel:solarisscope:eqversion:11.4

Trust: 0.3

vendor:oraclemodel:solarisscope:eqversion:11.3

Trust: 0.3

vendor:oraclemodel:solarisscope:eqversion:10

Trust: 0.3

vendor:opensslmodel:project opensslscope:eqversion:1.0.2

Trust: 0.3

vendor:opensslmodel:project openssl 1.1.0hscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.1.0gscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.1.0fscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.1.0escope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.1.0dscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.1.0cscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.1.0bscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.1.0ascope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.2pscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.2oscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.2nscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.2mscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.2l-gitscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.2lscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.2kscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.2jscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.2iscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.2hscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.2gscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.2fscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.2escope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.2dscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.2cscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.2bscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.2ascope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.2-1.0.2oscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl beta1scope:eqversion:1.0.2

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.3

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.14

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.4.0

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.3.50

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.3.4

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.3.3

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.3.2

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.3.0

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.2.6

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.2.5

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.2.4

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.2.0

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.1.9

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.1.8

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.1.3

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.1.1

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.1.0

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.0.13

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.0.12

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.0.11

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.0.10

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:7.2

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:7.1

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:5.3

Trust: 0.3

vendor:tenablemodel:nessusscope:neversion:8.1.1

Trust: 0.3

vendor:opensslmodel:project opensslscope:neversion:1.1.1

Trust: 0.3

vendor:opensslmodel:project openssl 1.1.0iscope:neversion: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.2qscope:neversion: -

Trust: 0.3

sources: BID: 105897 // JVNDB: JVNDB-2018-012393 // JVNDB: JVNDB-2018-012363 // CNNVD: CNNVD-201811-279 // NVD: CVE-2018-5407

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-5407
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-5407
value: HIGH

Trust: 0.8

NVD: CVE-2018-5407
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201811-279
value: MEDIUM

Trust: 0.6

VULHUB: VHN-135438
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2018-5407
severity: LOW
baseScore: 1.9
vectorString: AV:L/AC:M/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

NVD: CVE-2018-5407
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-135438
severity: LOW
baseScore: 1.9
vectorString: AV:L/AC:M/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-5407
baseSeverity: MEDIUM
baseScore: 4.7
vectorString: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.0
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2018-5407
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

NVD: CVE-2018-5407
baseSeverity: MEDIUM
baseScore: 4.7
vectorString: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-135438 // JVNDB: JVNDB-2018-012393 // JVNDB: JVNDB-2018-012363 // CNNVD: CNNVD-201811-279 // NVD: CVE-2018-5407

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

problemtype:CWE-203

Trust: 1.1

problemtype:CWE-254

Trust: 0.8

sources: VULHUB: VHN-135438 // JVNDB: JVNDB-2018-012393 // JVNDB: JVNDB-2018-012363 // NVD: CVE-2018-5407

THREAT TYPE

local

Trust: 1.1

sources: BID: 105897 // PACKETSTORM: 169678 // PACKETSTORM: 150561 // CNNVD: CNNVD-201811-279

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201811-279

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-012393

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-135438

PATCH

title:hpesbhf03866en_usurl:https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03866en_us

Trust: 0.8

title:DSA-4348url:https://www.debian.org/security/2018/dsa-4348

Trust: 0.8

title:DSA-4355url:https://www.debian.org/security/2018/dsa-4355

Trust: 0.8

title:[SECURITY] [DLA 1586-1] openssl security updateurl:https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html

Trust: 0.8

title:opensslurl:https://github.com/openssl/openssl

Trust: 0.8

title:November 2018 Security Releasesurl:https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/

Trust: 0.8

title:USN-3840-1url:https://usn.ubuntu.com/3840-1/

Trust: 0.8

sources: JVNDB: JVNDB-2018-012393 // JVNDB: JVNDB-2018-012363

EXTERNAL IDS

db:NVDid:CVE-2018-5407

Trust: 4.4

db:TENABLEid:TNS-2018-16

Trust: 2.0

db:BIDid:105897

Trust: 2.0

db:TENABLEid:TNS-2018-17

Trust: 1.7

db:EXPLOIT-DBid:45785

Trust: 1.7

db:PACKETSTORMid:152084

Trust: 0.8

db:JVNDBid:JVNDB-2018-012393

Trust: 0.8

db:JVNDBid:JVNDB-2018-012363

Trust: 0.8

db:CNNVDid:CNNVD-201811-279

Trust: 0.7

db:PACKETSTORMid:155414

Trust: 0.7

db:AUSCERTid:ESB-2019.0514

Trust: 0.6

db:AUSCERTid:ESB-2019.4293

Trust: 0.6

db:AUSCERTid:ESB-2019.0644.2

Trust: 0.6

db:AUSCERTid:ESB-2019.4405

Trust: 0.6

db:AUSCERTid:ESB-2022.0696

Trust: 0.6

db:AUSCERTid:ESB-2019.0811

Trust: 0.6

db:AUSCERTid:ESB-2019.0481

Trust: 0.6

db:AUSCERTid:ESB-2020.0529

Trust: 0.6

db:AUSCERTid:ESB-2019.3390.4

Trust: 0.6

db:PACKETSTORMid:155413

Trust: 0.2

db:PACKETSTORMid:152241

Trust: 0.2

db:PACKETSTORMid:150138

Trust: 0.1

db:PACKETSTORMid:152240

Trust: 0.1

db:PACKETSTORMid:152071

Trust: 0.1

db:PACKETSTORMid:155415

Trust: 0.1

db:VULHUBid:VHN-135438

Trust: 0.1

db:PACKETSTORMid:169678

Trust: 0.1

db:PACKETSTORMid:150561

Trust: 0.1

db:PACKETSTORMid:153887

Trust: 0.1

db:PACKETSTORMid:150683

Trust: 0.1

sources: VULHUB: VHN-135438 // BID: 105897 // JVNDB: JVNDB-2018-012393 // JVNDB: JVNDB-2018-012363 // PACKETSTORM: 169678 // PACKETSTORM: 152084 // PACKETSTORM: 155414 // PACKETSTORM: 155413 // PACKETSTORM: 150561 // PACKETSTORM: 153887 // PACKETSTORM: 150683 // PACKETSTORM: 152241 // CNNVD: CNNVD-201811-279 // NVD: CVE-2018-5407

REFERENCES

url:https://access.redhat.com/errata/rhsa-2019:3931

Trust: 2.4

url:http://www.securityfocus.com/bid/105897

Trust: 2.3

url:https://access.redhat.com/errata/rhsa-2019:0483

Trust: 2.3

url:https://access.redhat.com/errata/rhsa-2019:3929

Trust: 2.3

url:https://www.tenable.com/security/tns-2018-16

Trust: 2.0

url:https://github.com/bbbrumley/portsmash

Trust: 2.0

url:https://security.gentoo.org/glsa/201903-10

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2019:0651

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2019:2125

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2019:3935

Trust: 1.8

url:https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/

Trust: 1.7

url:https://security.netapp.com/advisory/ntap-20181126-0001/

Trust: 1.7

url:https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

Trust: 1.7

url:https://www.tenable.com/security/tns-2018-17

Trust: 1.7

url:https://www.debian.org/security/2018/dsa-4348

Trust: 1.7

url:https://www.debian.org/security/2018/dsa-4355

Trust: 1.7

url:https://www.exploit-db.com/exploits/45785/

Trust: 1.7

url:https://eprint.iacr.org/2018/1060.pdf

Trust: 1.7

url:https://www.oracle.com/security-alerts/cpuapr2020.html

Trust: 1.7

url:https://www.oracle.com/security-alerts/cpujan2020.html

Trust: 1.7

url:https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

Trust: 1.7

url:https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

Trust: 1.7

url:https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html

Trust: 1.7

url:https://access.redhat.com/errata/rhsa-2019:0652

Trust: 1.7

url:https://access.redhat.com/errata/rhsa-2019:3932

Trust: 1.7

url:https://access.redhat.com/errata/rhsa-2019:3933

Trust: 1.7

url:https://usn.ubuntu.com/3840-1/

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2018-5407

Trust: 1.6

url:https://support.f5.com/csp/article/k49711130?utm_source=f5support&amp%3butm_medium=rss

Trust: 1.0

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7105

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-7105

Trust: 0.8

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5407

Trust: 0.8

url:https://access.redhat.com/security/cve/cve-2018-5407

Trust: 0.7

url:https://support.f5.com/csp/article/k49711130?utm_source=f5support&utm_medium=rss

Trust: 0.6

url:https://support.symantec.com/us/en/article.symsa1490.html

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1096270

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1106139

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1106487

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1106553

Trust: 0.6

url:http://www.ibm.com/support/docview.wss

Trust: 0.6

url:https://www.auscert.org.au/bulletins/75658

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.0696

Trust: 0.6

url:https://www.auscert.org.au/bulletins/76338

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-openssl-affect-ibm-tivoli-netcool-system-service-monitors-application-service-monitors-cve-2018-5407cve-2020-1967cve-2018-0734cve-2019-1563cve-2019/

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1106493

Trust: 0.6

url:https://packetstormsecurity.com/files/155414/red-hat-security-advisory-2019-3935-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4405/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.0529/

Trust: 0.6

url:https://packetstormsecurity.com/files/152084/gentoo-linux-security-advisory-201903-10.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4293/

Trust: 0.6

url:https://www.ibm.com/support/docview.wss?uid=ibm10869830

Trust: 0.6

url:https://www.auscert.org.au/bulletins/77062

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1143442

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1118487

Trust: 0.6

url:https://www-01.ibm.com/support/docview.wss?uid=ibm10870936

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3390.4/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-openssl-affect-ibm-spectrum-protect-plus-cve-2018-0735-cve-2018-0734-cve-2018-5407/

Trust: 0.6

url:https://www-01.ibm.com/support/docview.wss?uid=ibm10873310

Trust: 0.6

url:https://www.auscert.org.au/bulletins/75802

Trust: 0.6

url:https://www.openssl.org/news/secadv/20181112.txt

Trust: 0.4

url:https://access.redhat.com/security/team/contact/

Trust: 0.4

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.4

url:https://www.openssl.org/news/cl102.txt

Trust: 0.3

url:http://openssl.org/

Trust: 0.3

url:https://bugzilla.redhat.com/show_bug.cgi?id=1645695

Trust: 0.3

url:https://www.openssl.org/news/openssl-1.0.2-notes.html

Trust: 0.3

url:https://www.oracle.com/technetwork/topics/security/bulletinjan2019-5251593.html

Trust: 0.3

url:http://aix.software.ibm.com/aix/efixes/security/openssl_advisory29.asc

Trust: 0.3

url:https://access.redhat.com/articles/11258

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2018-0734

Trust: 0.3

url:https://bugzilla.redhat.com/):

Trust: 0.3

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-1559

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-0737

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-0735

Trust: 0.2

url:https://support.f5.com/csp/article/k49711130?utm_source=f5support&amp;amp;utm_medium=rss

Trust: 0.1

url:https://www.openssl.org/policies/secpolicy.html

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:https://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-9513

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-9511

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-9517

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-0197

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-17199

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-9511

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-17189

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-9517

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-0737

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-17199

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-9516

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-9513

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-0217

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-0217

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-0197

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-17189

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-9516

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-0196

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-0196

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-0734

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-10072

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-0221

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-1559

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-0221

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-10072

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-0732

Trust: 0.1

url:https://security-tracker.debian.org/tracker/openssl

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-5731

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-3613

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-5735

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-0160

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-12181

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2017-5734

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-12181

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-0161

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2017-5731

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2017-5733

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-5732

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-5734

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-0160

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2017-5732

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2017-5735

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-5733

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-3613

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-0161

Trust: 0.1

url:https://access.redhat.com/security/team/key/

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/openssl/1.1.1-1ubuntu2.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.14

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.27

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/openssl/1.1.0g-2ubuntu4.3

Trust: 0.1

url:https://usn.ubuntu.com/usn/usn-3840-1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/openssl1.0/1.0.2n-1ubuntu6.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/openssl1.0/1.0.2n-1ubuntu5.2

Trust: 0.1

url:https://docs.ansible.com/ansible-tower/latest/html/release-notes/index.html

Trust: 0.1

url:https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/

Trust: 0.1

sources: VULHUB: VHN-135438 // BID: 105897 // JVNDB: JVNDB-2018-012393 // JVNDB: JVNDB-2018-012363 // PACKETSTORM: 169678 // PACKETSTORM: 152084 // PACKETSTORM: 155414 // PACKETSTORM: 155413 // PACKETSTORM: 150561 // PACKETSTORM: 153887 // PACKETSTORM: 150683 // PACKETSTORM: 152241 // CNNVD: CNNVD-201811-279 // NVD: CVE-2018-5407

CREDITS

Red Hat,Gentoo

Trust: 0.6

sources: CNNVD: CNNVD-201811-279

SOURCES

db:VULHUBid:VHN-135438
db:BIDid:105897
db:JVNDBid:JVNDB-2018-012393
db:JVNDBid:JVNDB-2018-012363
db:PACKETSTORMid:169678
db:PACKETSTORMid:152084
db:PACKETSTORMid:155414
db:PACKETSTORMid:155413
db:PACKETSTORMid:150561
db:PACKETSTORMid:153887
db:PACKETSTORMid:150683
db:PACKETSTORMid:152241
db:CNNVDid:CNNVD-201811-279
db:NVDid:CVE-2018-5407

LAST UPDATE DATE

2025-04-02T20:44:35.625000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-135438date:2020-09-18T00:00:00
db:BIDid:105897date:2019-01-17T10:00:00
db:JVNDBid:JVNDB-2018-012393date:2019-02-01T00:00:00
db:JVNDBid:JVNDB-2018-012363date:2019-02-01T00:00:00
db:CNNVDid:CNNVD-201811-279date:2022-03-10T00:00:00
db:NVDid:CVE-2018-5407date:2024-11-21T04:08:45.530

SOURCES RELEASE DATE

db:VULHUBid:VHN-135438date:2018-11-15T00:00:00
db:BIDid:105897date:2018-10-30T00:00:00
db:JVNDBid:JVNDB-2018-012393date:2019-02-01T00:00:00
db:JVNDBid:JVNDB-2018-012363date:2019-02-01T00:00:00
db:PACKETSTORMid:169678date:2018-11-12T12:12:12
db:PACKETSTORMid:152084date:2019-03-14T16:23:47
db:PACKETSTORMid:155414date:2019-11-20T23:02:22
db:PACKETSTORMid:155413date:2019-11-20T20:32:22
db:PACKETSTORMid:150561date:2018-12-03T21:06:37
db:PACKETSTORMid:153887date:2019-08-06T20:47:00
db:PACKETSTORMid:150683date:2018-12-07T01:03:36
db:PACKETSTORMid:152241date:2019-03-27T00:35:38
db:CNNVDid:CNNVD-201811-279date:2018-11-12T00:00:00
db:NVDid:CVE-2018-5407date:2018-11-15T21:29:00.233