ID

VAR-201811-0912


CVE

CVE-2018-5407


TITLE

OpenSSL Information disclosure vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-201811-279

DESCRIPTION

Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'. OpenSSL is an open source general encryption library of the OpenSSL team that can implement the Secure Sockets Layer (SSLv2/v3) and Transport Layer Security (TLSv1) protocols. The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc. An information disclosure vulnerability exists in OpenSSL. This vulnerability stems from configuration errors in network systems or products during operation. An unauthorized attacker could exploit the vulnerability to obtain sensitive information of the affected components. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] openssl (SSA:2018-325-01) New openssl packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/openssl-1.0.2q-i586-1_slack14.2.txz: Upgraded. This update fixes a timing side-channel flaw on processors which implement SMT/Hyper-Threading architectures, and a side channel attack on DSA signature generation that could allow an attacker to recover the private key. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5407 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0734 (* Security fix *) patches/packages/openssl-solibs-1.0.2q-i586-1_slack14.2.txz: Upgraded. +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1u-i486-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1u-i486-1_slack14.0.txz Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1u-x86_64-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1u-x86_64-1_slack14.0.txz Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1u-i486-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1u-i486-1_slack14.1.txz Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1u-x86_64-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1u-x86_64-1_slack14.1.txz Updated packages for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-1.0.2q-i586-1_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-solibs-1.0.2q-i586-1_slack14.2.txz Updated packages for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-1.0.2q-x86_64-1_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-solibs-1.0.2q-x86_64-1_slack14.2.txz Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.1.1a-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.1.1a-i586-1.txz Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.1.1a-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.1.1a-x86_64-1.txz MD5 signatures: +-------------+ Slackware 14.0 packages: e6d4b3a76383f9f253da4128ba23f269 openssl-1.0.1u-i486-1_slack14.0.txz c61d31a1751ae39af89d3fee0b54f0d8 openssl-solibs-1.0.1u-i486-1_slack14.0.txz Slackware x86_64 14.0 packages: 96be19e6a96c9beb5d3bbc55348fb483 openssl-1.0.1u-x86_64-1_slack14.0.txz b7a8fa2ebd16c8ae106fc1267bc29eca openssl-solibs-1.0.1u-x86_64-1_slack14.0.txz Slackware 14.1 packages: 099b960e62eaea5d1a639a61a2fabca7 openssl-1.0.1u-i486-1_slack14.1.txz b5d5219e05db97f63c4d6c389d6884fb openssl-solibs-1.0.1u-i486-1_slack14.1.txz Slackware x86_64 14.1 packages: fc96c87d76c9d1efd1290ac847fa7c7c openssl-1.0.1u-x86_64-1_slack14.1.txz e873b66f84f45ea34d028a3d524ce573 openssl-solibs-1.0.1u-x86_64-1_slack14.1.txz Slackware 14.2 packages: d5f0cc19451e9c7e3967820cf02a20c6 openssl-1.0.2q-i586-1_slack14.2.txz 594ca80447baecd608a51083b12a26d9 openssl-solibs-1.0.2q-i586-1_slack14.2.txz Slackware x86_64 14.2 packages: 943bb2f3259ccf97a1b8b25f5f511c30 openssl-1.0.2q-x86_64-1_slack14.2.txz 0d45afe2487c47b283c06902c56e4559 openssl-solibs-1.0.2q-x86_64-1_slack14.2.txz Slackware -current packages: 6f01f6dd0f40a12e473320386cfc8536 a/openssl-solibs-1.1.1a-i586-1.txz 6e5a2ab2475a0d851376d12911b3c6b7 n/openssl-1.1.1a-i586-1.txz Slackware x86_64 -current packages: eb4697703f1f4b81ad38e9247ab70dac a/openssl-solibs-1.1.1a-x86_64-1.txz 12a10fd6bd2344b3e73106c8d5b9828c n/openssl-1.1.1a-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the packages as root: # upgradepkg openssl-1.0.2q-i586-1_slack14.2.txz openssl-solibs-1.0.2q-i586-1_slack14.2.txz +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. Solution: For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/ index.html 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. Bugs fixed (https://bugzilla.redhat.com/): 1645695 - CVE-2018-5407 openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) 1683804 - CVE-2019-1559 openssl: 0-byte record padding oracle 1713275 - CVE-2019-0221 tomcat: XSS in SSI printenv 1723708 - CVE-2019-10072 tomcat: HTTP/2 connection window exhaustion on write, incomplete fix of CVE-2019-0199 5. For the stable distribution (stretch), these problems have been fixed in version 1.1.0j-1~deb9u1. Going forward, openssl security updates for stretch will be based on the 1.1.0x upstream releases. We recommend that you upgrade your openssl packages. For the detailed security status of openssl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openssl Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlwBuAcACgkQEMKTtsN8 TjZbBw/+MOB5+pZbCHHXyH3IeD+yj+tSPvmNc3SCwdEtUxGXr0ZX7TKHfaLs/8s6 Udto0K8a1FvjrcUQCfhnFpNcSAv9pxX13Fr6Pd560miIfAu9/5jAqiCufCoiz+xj 45LNJGlaxxaFjgBGCitZSJA0Fc4SM6v5XFyJfR3kChdQ/3kGQbbMNAp16Fy3ZsxJ VXwviomUxmmmdvjxyhifTIpuwr9OiJSQ+13etQjTDQ3pzSbLBPSOxmpV0vPIC7I2 Dwa4zuQXA/DF4G6l8T4rXCwCN4e4pwbTc8bbCjXeZK+iVAhnRD6wXlS3cc5IVAzx /qTa89LZU8B6ylcB6nodeAHLuZTC3Le8ndoxYz5S2/jHZMM/jCQNHYJemHWNbOqn q+e5W0D1fIVLiLoL/iHW5XhN6yJY2Ma7zjXMRBnkzJA9CTNIKgUjrSFz0Ud+wIM/ u8QhNPwZ0hPd5IfSgIyWqmuQ5XzFYqAQvwT1gUJiK7tIvuT0VsSyKVaSZVbi4yrM 9sxkZaP1UNLcTVCFw6A0KFwhb9z6kQtyH1MRkFPphmnb8jlHA3cTdPJkFUBi3VaT 7izThm5/mVLbAjZ8X7nkqnzWzmc885j0ml3slDd/MOVWB5CD3vFAcI8k3VZr3A61 P2gNSN6UbAbLMGsxgs3hYUHgazi7MdXJ/aNavjGSbYBNL780Iaw=3Qji -----END PGP SIGNATURE----- . Description: This release adds the new Apache HTTP Server 2.4.37 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.29 and includes bug fixes and enhancements. Security Fix(es): * openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys (CVE-2018-0737) * openssl: timing side channel attack in the DSA signature algorithm (CVE-2018-0734) * mod_auth_digest: access control bypass due to race condition (CVE-2019-0217) * openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407) * mod_session_cookie does not respect expiry time (CVE-2018-17199) * mod_http2: DoS via slow, unneeded request bodies (CVE-2018-17189) * mod_http2: possible crash on late upgrade (CVE-2019-0197) * mod_http2: read-after-free on a string compare (CVE-2019-0196) * nghttp2: HTTP/2: large amount of data request leads to denial of service (CVE-2019-9511) * nghttp2: HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption (CVE-2019-9513) * mod_http2: HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516) * mod_http2: HTTP/2: request for large response leads to denial of service (CVE-2019-9517) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. After installing the updated packages, the httpd daemon will be restarted automatically. Bugs fixed (https://bugzilla.redhat.com/): 1568253 - CVE-2018-0737 openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys 1644364 - CVE-2018-0734 openssl: timing side channel attack in the DSA signature algorithm 1645695 - CVE-2018-5407 openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) 1668493 - CVE-2018-17199 httpd: mod_session_cookie does not respect expiry time 1668497 - CVE-2018-17189 httpd: mod_http2: DoS via slow, unneeded request bodies 1695020 - CVE-2019-0217 httpd: mod_auth_digest: access control bypass due to race condition 1695030 - CVE-2019-0196 httpd: mod_http2: read-after-free on a string compare 1695042 - CVE-2019-0197 httpd: mod_http2: possible crash on late upgrade 1735741 - CVE-2019-9513 HTTP/2: flood using PRIORITY frames results in excessive resource consumption 1741860 - CVE-2019-9511 HTTP/2: large amount of data requests leads to denial of service 1741864 - CVE-2019-9516 HTTP/2: 0-length headers lead to denial of service 1741868 - CVE-2019-9517 HTTP/2: request for large response leads to denial of service 6. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: ovmf security and enhancement update Advisory ID: RHSA-2019:2125-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:2125 Issue date: 2019-08-06 CVE Names: CVE-2017-5731 CVE-2017-5732 CVE-2017-5733 CVE-2017-5734 CVE-2017-5735 CVE-2018-3613 CVE-2018-5407 CVE-2018-12181 CVE-2019-0160 CVE-2019-0161 ==================================================================== 1. Summary: An update for ovmf is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server (v. 7) - noarch 3. Description: OVMF (Open Virtual Machine Firmware) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fix(es): * edk2: Privilege escalation via processing of malformed files in TianoCompress.c (CVE-2017-5731) * edk2: Privilege escalation via processing of malformed files in BaseUefiDecompressLib.c (CVE-2017-5732) * edk2: Privilege escalation via heap-based buffer overflow in MakeTable() function (CVE-2017-5733) * edk2: Privilege escalation via stack-based buffer overflow in MakeTable() function (CVE-2017-5734) * edk2: Privilege escalation via heap-based buffer overflow in Decode() function (CVE-2017-5735) * edk2: Logic error in MdeModulePkg in EDK II firmware allows for privilege escalation by authenticated users (CVE-2018-3613) * openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407) * edk2: Stack buffer overflow with corrupted BMP (CVE-2018-12181) * edk2: buffer overflows in PartitionDxe and UdfDxe with long file names and invalid UDF media (CVE-2019-0160) * edk2: stack overflow in XHCI causing denial of service (CVE-2019-0161) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1641433 - CVE-2018-3613 edk2: Logic error in MdeModulePkg in EDK II firmware allows for privilege escalation by authenticated users 1641442 - CVE-2017-5731 edk2: Privilege escalation via processing of malformed files in TianoCompress.c 1641446 - CVE-2017-5732 edk2: Privilege escalation via processing of malformed files in BaseUefiDecompressLib.c 1641450 - CVE-2017-5733 edk2: Privilege escalation via heap-based buffer overflow in MakeTable() function 1641458 - CVE-2017-5734 edk2: Privilege escalation via stack-based buffer overflow in MakeTable() function 1641465 - CVE-2017-5735 edk2: Privilege escalation via heap-based buffer overflow in Decode() function 1645695 - CVE-2018-5407 openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) 1686783 - CVE-2018-12181 edk2: Stack buffer overflow with corrupted BMP 1691640 - CVE-2019-0160 edk2: buffer overflows in PartitionDxe and UdfDxe with long file names and invalid UDF media 1694065 - CVE-2019-0161 edk2: stack overflow in XHCI causing denial of service 6. Package List: Red Hat Enterprise Linux Server (v. 7): Source: ovmf-20180508-6.gitee3198e672e2.el7.src.rpm noarch: OVMF-20180508-6.gitee3198e672e2.el7.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-5731 https://access.redhat.com/security/cve/CVE-2017-5732 https://access.redhat.com/security/cve/CVE-2017-5733 https://access.redhat.com/security/cve/CVE-2017-5734 https://access.redhat.com/security/cve/CVE-2017-5735 https://access.redhat.com/security/cve/CVE-2018-3613 https://access.redhat.com/security/cve/CVE-2018-5407 https://access.redhat.com/security/cve/CVE-2018-12181 https://access.redhat.com/security/cve/CVE-2019-0160 https://access.redhat.com/security/cve/CVE-2019-0161 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXUl2ZNzjgjWX9erEAQhKuA/+O5K7BxvCHuj1pDM/pezYzjBfOcdVKQWz L61IFKCy653XFNrw0fLFh8Er+/vkrlZD93rmGl9JqU4PmaeqO8Tofgw9d3XsuaI6 7hWuhyiYqjzkbRP+XZGQK3B8a8aY4a2uRMjNemo9nMjLTuEpkGWShxo6O0AGPuCG GLhV6PTqAmNaxQSqEIdzzBk/YTVx+/ElEKEAYINfhyFV/KLAJcEso/v9DwA0vRaR J0srktZqKHG0WZ8JUMGBT+iEfwsgWI/oZP2DdcUwALTtS8LiGsY6eUmhR6Hj7BBx DDazP8ihme8q1Z3sTZVb+s2O4/v76bFexY6Q+k5SkS9/Xs8kYan8twTXo+r3d8Hy AJBtCnUS8WQV3mXokvIjPtEWfzomcL0N2RYJlhFMFwO43LLUfBH2k7yq+4qQRPqC KJI/I0lqckFDPJcW1T5CPhzPmixGchWoJpMzxNI4axznXg5SeyEX0Rd2czsuCUA0 wPXmrt6VBpEReROhjY0707Wyaq65BZws9+E7CoXDjvKiobQ/yHUVmv1GdUDeHpH5 dhOU+BMp38VwPORp/hX/cbm+FIZyPZWBKtOF/fuPJ3VV8xKNyGZ4Igcr9AdHT9O+ nHDfz2bu3595ZdZlUMw5wMb3pvtT48dT1NAgwsvTWgts/p9tg/JqoD3DJkHQaDiG bSZXnvoCTGA=vpvG -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 1.89

sources: NVD: CVE-2018-5407 // VULHUB: VHN-135438 // VULMON: CVE-2018-5407 // PACKETSTORM: 150437 // PACKETSTORM: 152240 // PACKETSTORM: 155414 // PACKETSTORM: 155413 // PACKETSTORM: 150860 // PACKETSTORM: 150561 // PACKETSTORM: 155416 // PACKETSTORM: 153887 // PACKETSTORM: 152241

AFFECTED PRODUCTS

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:eqversion:8.4

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:8.0

Trust: 1.0

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:eqversion:16.1

Trust: 1.0

vendor:oraclemodel:mysql enterprise backupscope:lteversion:4.1.2

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:16.04

Trust: 1.0

vendor:oraclemodel:mysql enterprise backupscope:lteversion:3.12.3

Trust: 1.0

vendor:oraclemodel:peoplesoft enterprise peopletoolsscope:eqversion:8.55

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:18.10

Trust: 1.0

vendor:nodejsmodel:node.jsscope:ltversion:10.9.0

Trust: 1.0

vendor:oraclemodel:enterprise manager base platformscope:eqversion:13.3.0.0.0

Trust: 1.0

vendor:redhatmodel:enterprise linux server ausscope:eqversion:7.6

Trust: 1.0

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:gteversion:17.7

Trust: 1.0

vendor:oraclemodel:vm virtualboxscope:ltversion:6.0.0

Trust: 1.0

vendor:oraclemodel:application serverscope:eqversion:0.9.8

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:18.04

Trust: 1.0

vendor:nodejsmodel:node.jsscope:ltversion:6.14.4

Trust: 1.0

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:eqversion:15.2

Trust: 1.0

vendor:redhatmodel:enterprise linux serverscope:eqversion:7.0

Trust: 1.0

vendor:redhatmodel:enterprise linux server tusscope:eqversion:7.6

Trust: 1.0

vendor:oraclemodel:api gatewayscope:eqversion:11.1.2.4.0

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:10.0.0

Trust: 1.0

vendor:opensslmodel:opensslscope:gteversion:1.0.2

Trust: 1.0

vendor:redhatmodel:enterprise linux workstationscope:eqversion:7.0

Trust: 1.0

vendor:oraclemodel:enterprise manager ops centerscope:eqversion:12.3.3

Trust: 1.0

vendor:oraclemodel:peoplesoft enterprise peopletoolsscope:eqversion:8.56

Trust: 1.0

vendor:redhatmodel:enterprise linux server eusscope:eqversion:7.6

Trust: 1.0

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:eqversion:18.8

Trust: 1.0

vendor:opensslmodel:opensslscope:ltversion:1.0.2q

Trust: 1.0

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:eqversion:15.1

Trust: 1.0

vendor:tenablemodel:nessusscope:ltversion:8.1.1

Trust: 1.0

vendor:oraclemodel:tuxedoscope:eqversion:12.1.1.0.0

Trust: 1.0

vendor:redhatmodel:enterprise linux desktopscope:eqversion:7.0

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:8.0.0

Trust: 1.0

vendor:oraclemodel:enterprise manager base platformscope:eqversion:13.2.0.0.0

Trust: 1.0

vendor:opensslmodel:opensslscope:ltversion:1.1.0i

Trust: 1.0

vendor:oraclemodel:peoplesoft enterprise peopletoolsscope:eqversion:8.57

Trust: 1.0

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:lteversion:17.12

Trust: 1.0

vendor:oraclemodel:enterprise manager base platformscope:eqversion:12.1.0.5.0

Trust: 1.0

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:eqversion:16.2

Trust: 1.0

vendor:opensslmodel:opensslscope:gteversion:1.1.0

Trust: 1.0

vendor:nodejsmodel:node.jsscope:ltversion:8.11.4

Trust: 1.0

vendor:oraclemodel:mysql enterprise backupscope:gteversion:3.12.4

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:14.04

Trust: 1.0

vendor:oraclemodel:application serverscope:eqversion:1.0.0

Trust: 1.0

vendor:oraclemodel:application serverscope:eqversion:1.0.1

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:redhatmodel:enterprise linux serverscope:eqversion:7.6

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.1.0h

Trust: 0.6

sources: CNNVD: CNNVD-201811-279 // NVD: CVE-2018-5407

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-5407
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-201811-279
value: MEDIUM

Trust: 0.6

VULHUB: VHN-135438
value: LOW

Trust: 0.1

VULMON: CVE-2018-5407
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2018-5407
severity: LOW
baseScore: 1.9
vectorString: AV:L/AC:M/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-135438
severity: LOW
baseScore: 1.9
vectorString: AV:L/AC:M/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-5407
baseSeverity: MEDIUM
baseScore: 4.7
vectorString: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.0
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-135438 // VULMON: CVE-2018-5407 // CNNVD: CNNVD-201811-279 // NVD: CVE-2018-5407

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.1

problemtype:CWE-203

Trust: 1.1

sources: VULHUB: VHN-135438 // NVD: CVE-2018-5407

THREAT TYPE

local

Trust: 0.8

sources: PACKETSTORM: 150860 // PACKETSTORM: 150561 // CNNVD: CNNVD-201811-279

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201811-279

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-135438 // VULMON: CVE-2018-5407

PATCH

title:Red Hat: Moderate: openssl security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20190483 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: Red Hat Ansible Tower 3.4.3url:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20190651 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: Red Hat JBoss Web Server 5.2 security releaseurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193931 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: Red Hat JBoss Web Server 5.2 security releaseurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193929 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: Red Hat Ansible Tower 3.3.5url:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20190652 - Security Advisory

Trust: 0.1

title:Ubuntu Security Notice: openssl, openssl1.0 vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3840-1

Trust: 0.1

title:Red Hat: CVE-2018-5407url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2018-5407

Trust: 0.1

title:HP: HPSBHF03597 rev. 3 - PortSmash Side-Channel Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=HPSBHF03597

Trust: 0.1

title:Arch Linux Issues: url:https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2018-5407

Trust: 0.1

title:Arch Linux Advisories: [ASA-201812-7] lib32-openssl-1.0: private key recoveryurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201812-7

Trust: 0.1

title:Red Hat: Moderate: ovmf security and enhancement updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192125 - Security Advisory

Trust: 0.1

title:HP: SUPPORT COMMUNICATION- SECURITY BULLETIN HPSBHF03597 rev. 3 - PortSmash Side-Channel Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=ffa91dec4581eb47b3539880d466865f

Trust: 0.1

title:Amazon Linux AMI: ALAS-2019-1188url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2019-1188

Trust: 0.1

title:Arch Linux Advisories: [ASA-201812-8] openssl-1.0: private key recoveryurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201812-8

Trust: 0.1

title:Debian Security Advisories: DSA-4355-1 openssl1.0 -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=7cc6b04edacd67d6e5bf27bd36f54217

Trust: 0.1

title:Amazon Linux 2: ALAS2-2019-1188url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2019-1188

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Releaseurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193935 - Security Advisory

Trust: 0.1

title:IBM: IBM Security Bulletin: IBM QRadar Network Security is affected by a an openssl vulnerability (CVE-2018-5407)url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=002162619f80b70121c9a8d365823283

Trust: 0.1

title:IBM: IBM Security Bulletin: OpenSSL as used in IBM QRadar SIEM is vulnerable to a information disclosure (CVE-2018-5407)url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=8aafdc7a03aa0793602eaa5ae3724cec

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release on RHEL 6url:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193932 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release on RHEL 7url:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193933 - Security Advisory

Trust: 0.1

title:Debian Security Advisories: DSA-4348-1 openssl -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=322bd50b7b929759e38c99b73122a852

Trust: 0.1

title:IBM: IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Integrated Analytics Systemurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=78c4a4229b60aec60d80d95cb29a4147

Trust: 0.1

title:IBM: IBM Security Bulletin: A vulnerability in OpenSSL affects PowerKVMurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=e1dbc019531cd5742827de595730d1b0

Trust: 0.1

title:IBM: IBM Security Bulletin: IBM has released Unified Extensible Firmware Interface (UEFI) fixes in response to OpenSSL vulnerability CVE-2018-5407url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=e2e9722c1fb1c14c9f54120082381491

Trust: 0.1

title:IBM: IBM Security Bulletin: A security vulnerability has been identified in OpenSSL, which is shipped with IBM Tivoli Network Manager IP Edition (CVE-2018-5407)url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=49fff94fe759cd40f1f516a339f15743

Trust: 0.1

title:IBM: IBM Security Bulletin: Multiple Security Vulnerabilities in OpenSSL Affect IBM Sterling B2B Integrator (CVE-2018-0734, CVE-2018-5407)url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=e4ca493bfda92c5355c98328872a84e5

Trust: 0.1

title:IBM: IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Rational ClearQuest (CVE-2018-0734, CVE-2018-5407)url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=c36f1dd66164e22918d817553be91620

Trust: 0.1

title:IBM: IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Sterling Connect:Express for UNIX (CVE-2018-0734 and CVE-2018-5407)url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=fda6d001f041b9b0a29d906059d798b4

Trust: 0.1

title:IBM: IBM Security Bulletin: IBM DataPower Gateway is affected by vulnerabilities in OpenSSLurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=c7313d7a6ba5364a603c214269588feb

Trust: 0.1

title:IBM: IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Rational ClearCase (CVE-2018-0734, CVE-2018-5407)url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=ddeebd7237369bd2318e4087834121a5

Trust: 0.1

title:IBM: IBM Security Bulletin: Security vulnerabilities identified in OpenSSL affect Rational Build Forge (CVE-2018-0734, CVE-2018-5407 and CVE-2019-1559)url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=e59d7f075c856823d6f7370dea35e662

Trust: 0.1

title:Tenable Security Advisories: [R1] Nessus 8.1.1 Fixes Multiple Third-party Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2018-16

Trust: 0.1

title:IBM: IBM Security Bulletin: IBM Event Streams is affected by OpenSSL vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=efdce9b94f89918f3f2b2dfc69780ccd

Trust: 0.1

title:IBM: IBM Security Bulletin: IBM InfoSphere Master Data Management Standard and Advanced Editions are affected by vulnerabilities in OpenSSL (CVE-2018-0735, CVE-2018-0734, CVE-2018-5407)url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=c829d56f5888779e791387897875c4b4

Trust: 0.1

title:Tenable Security Advisories: [R1] Nessus 7.1.4 Fixes Multiple Third-party Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2018-17

Trust: 0.1

title:IBM: IBM Security Bulletin: BigFix Platform 9.2.x affected by multiple vulnerabilities (CVE-2017-1231, CVE-2018-5407, CVE-2012-5883, CVE-2012-6708, CVE-2015-9251)url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=3101664cb57ad9d937108c187df59ecf

Trust: 0.1

title:IBM: IBM Security Bulletin: BigFix Platform 9.5.x affected by multiple vulnerabilities (CVE-2019-4013, CVE-2018-5407, CVE-2012-5883, CVE-2012-6708, CVE-2015-9251)url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=7dde8d528837d3c0eae28428fd6e703d

Trust: 0.1

title:IBM: IBM Security Bulletin: Multiple Security Vulnerabilities affect IBM® Cloud Private – Node.jsurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=2e571e7bc5566212c3e69e37ecfa5ad4

Trust: 0.1

title:IBM: IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Rational Application Developer for WebSphere Softwareurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=2bd72b857f21f300d83d07a791be44cf

Trust: 0.1

title:IBM: IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Cloud App Management V2018url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=dce787e9d669a768893a91801bf5eea4

Trust: 0.1

title:IBM: IBM Security Bulletin: Multiple vulnerabilities affect IBM® SDK for Node.js™ in IBM Cloudurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=26f585287da19915b94b6cae2d1b864f

Trust: 0.1

title:IBM: IBM Security Bulletin: Multiple Security Vulnerabilities have been addressed in IBM Security Access Manager Applianceurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=800337bc69aa7ad92ac88a2adcc7d426

Trust: 0.1

title:IBM: IBM Security Bulletin: Multiple Security Vulnerabilities affect IBM® Cloud Private – fluentdurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=60de0933c28b353f38df30120aa2a908

Trust: 0.1

title:Oracle: Oracle Critical Patch Update Advisory - January 2019url:https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=f655264a6935505d167bbf45f409a57b

Trust: 0.1

title:IBM: IBM Security Bulletin: Vyatta 5600 vRouter Software Patches – Releases 1801-w and 1801-yurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=bf3f2299a8658b7cd3984c40e7060666

Trust: 0.1

title:Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2019url:https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=aea3fcafd82c179d3a5dfa015e920864

Trust: 0.1

title:IBM: IBM Security Bulletin: Vyatta 5600 vRouter Software Patches – Release 1801-vurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=413b5f9466c1ebf3ab090a45e189b43e

Trust: 0.1

title:IBM: IBM Security Bulletin: IBM API Connect has addressed multiple vulnerabilities in Developer Portal’s dependencies – Cumulative list from June 28, 2018 to December 13, 2018url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=43da2cd72c1e378d8d94ecec029fcc61

Trust: 0.1

title:portsmashurl:https://github.com/bbbrumley/portsmash

Trust: 0.1

title:vygerurl:https://github.com/mrodden/vyger

Trust: 0.1

title:Firmware-Securityurl:https://github.com/virusbeeE/Firmware-Security

Trust: 0.1

title:Hardware-and-Firmware-Security-Guidanceurl:https://github.com/nsacyber/Hardware-and-Firmware-Security-Guidance

Trust: 0.1

title:hardware-attacks-state-of-the-arturl:https://github.com/codexlynx/hardware-attacks-state-of-the-art

Trust: 0.1

title:Threatposturl:https://threatpost.com/portsmash-side-channel-attack-siphons-data-from-intel-other-cpus/138777/

Trust: 0.1

sources: VULMON: CVE-2018-5407

EXTERNAL IDS

db:NVDid:CVE-2018-5407

Trust: 2.7

db:TENABLEid:TNS-2018-17

Trust: 1.8

db:TENABLEid:TNS-2018-16

Trust: 1.8

db:BIDid:105897

Trust: 1.8

db:EXPLOIT-DBid:45785

Trust: 1.8

db:PACKETSTORMid:152084

Trust: 0.7

db:CNNVDid:CNNVD-201811-279

Trust: 0.7

db:PACKETSTORMid:155414

Trust: 0.7

db:AUSCERTid:ESB-2019.0514

Trust: 0.6

db:AUSCERTid:ESB-2019.4293

Trust: 0.6

db:AUSCERTid:ESB-2019.0644.2

Trust: 0.6

db:AUSCERTid:ESB-2019.4405

Trust: 0.6

db:AUSCERTid:ESB-2022.0696

Trust: 0.6

db:AUSCERTid:ESB-2019.0811

Trust: 0.6

db:AUSCERTid:ESB-2019.0481

Trust: 0.6

db:AUSCERTid:ESB-2020.0529

Trust: 0.6

db:AUSCERTid:ESB-2019.3390.4

Trust: 0.6

db:PACKETSTORMid:155413

Trust: 0.2

db:PACKETSTORMid:152241

Trust: 0.2

db:PACKETSTORMid:152240

Trust: 0.2

db:PACKETSTORMid:150138

Trust: 0.1

db:PACKETSTORMid:152071

Trust: 0.1

db:PACKETSTORMid:155415

Trust: 0.1

db:VULHUBid:VHN-135438

Trust: 0.1

db:VULMONid:CVE-2018-5407

Trust: 0.1

db:PACKETSTORMid:150437

Trust: 0.1

db:PACKETSTORMid:150860

Trust: 0.1

db:PACKETSTORMid:150561

Trust: 0.1

db:PACKETSTORMid:155416

Trust: 0.1

db:PACKETSTORMid:153887

Trust: 0.1

sources: VULHUB: VHN-135438 // VULMON: CVE-2018-5407 // PACKETSTORM: 150437 // PACKETSTORM: 152240 // PACKETSTORM: 155414 // PACKETSTORM: 155413 // PACKETSTORM: 150860 // PACKETSTORM: 150561 // PACKETSTORM: 155416 // PACKETSTORM: 153887 // PACKETSTORM: 152241 // CNNVD: CNNVD-201811-279 // NVD: CVE-2018-5407

REFERENCES

url:http://www.securityfocus.com/bid/105897

Trust: 2.5

url:https://access.redhat.com/errata/rhsa-2019:3931

Trust: 2.5

url:https://access.redhat.com/errata/rhsa-2019:0483

Trust: 2.4

url:https://access.redhat.com/errata/rhsa-2019:3929

Trust: 2.4

url:https://www.exploit-db.com/exploits/45785/

Trust: 1.9

url:https://github.com/bbbrumley/portsmash

Trust: 1.9

url:https://access.redhat.com/errata/rhsa-2019:0651

Trust: 1.9

url:https://access.redhat.com/errata/rhsa-2019:0652

Trust: 1.9

url:https://access.redhat.com/errata/rhsa-2019:2125

Trust: 1.9

url:https://access.redhat.com/errata/rhsa-2019:3933

Trust: 1.9

url:https://access.redhat.com/errata/rhsa-2019:3935

Trust: 1.9

url:https://usn.ubuntu.com/3840-1/

Trust: 1.9

url:https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/

Trust: 1.8

url:https://security.netapp.com/advisory/ntap-20181126-0001/

Trust: 1.8

url:https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

Trust: 1.8

url:https://www.tenable.com/security/tns-2018-16

Trust: 1.8

url:https://www.tenable.com/security/tns-2018-17

Trust: 1.8

url:https://www.debian.org/security/2018/dsa-4348

Trust: 1.8

url:https://www.debian.org/security/2018/dsa-4355

Trust: 1.8

url:https://security.gentoo.org/glsa/201903-10

Trust: 1.8

url:https://eprint.iacr.org/2018/1060.pdf

Trust: 1.8

url:https://www.oracle.com/security-alerts/cpuapr2020.html

Trust: 1.8

url:https://www.oracle.com/security-alerts/cpujan2020.html

Trust: 1.8

url:https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

Trust: 1.8

url:https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

Trust: 1.8

url:https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2019:3932

Trust: 1.8

url:https://support.f5.com/csp/article/k49711130?utm_source=f5support&amp%3butm_medium=rss

Trust: 1.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-5407

Trust: 0.9

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2018-5407

Trust: 0.6

url:https://access.redhat.com/security/team/contact/

Trust: 0.6

url:https://support.f5.com/csp/article/k49711130?utm_source=f5support&utm_medium=rss

Trust: 0.6

url:https://support.symantec.com/us/en/article.symsa1490.html

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1096270

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1106139

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1106487

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1106553

Trust: 0.6

url:http://www.ibm.com/support/docview.wss

Trust: 0.6

url:https://www.auscert.org.au/bulletins/75658

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.0696

Trust: 0.6

url:https://www.auscert.org.au/bulletins/76338

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-openssl-affect-ibm-tivoli-netcool-system-service-monitors-application-service-monitors-cve-2018-5407cve-2020-1967cve-2018-0734cve-2019-1563cve-2019/

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1106493

Trust: 0.6

url:https://packetstormsecurity.com/files/155414/red-hat-security-advisory-2019-3935-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4405/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.0529/

Trust: 0.6

url:https://packetstormsecurity.com/files/152084/gentoo-linux-security-advisory-201903-10.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4293/

Trust: 0.6

url:https://www.ibm.com/support/docview.wss?uid=ibm10869830

Trust: 0.6

url:https://www.auscert.org.au/bulletins/77062

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1143442

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1118487

Trust: 0.6

url:https://www-01.ibm.com/support/docview.wss?uid=ibm10870936

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3390.4/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-openssl-affect-ibm-spectrum-protect-plus-cve-2018-0735-cve-2018-0734-cve-2018-5407/

Trust: 0.6

url:https://www-01.ibm.com/support/docview.wss?uid=ibm10873310

Trust: 0.6

url:https://www.auscert.org.au/bulletins/75802

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2018-0734

Trust: 0.5

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.4

url:https://access.redhat.com/articles/11258

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2018-0737

Trust: 0.4

url:https://bugzilla.redhat.com/):

Trust: 0.4

url:https://docs.ansible.com/ansible-tower/latest/html/release-notes/index.html

Trust: 0.2

url:https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-9513

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-9511

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-9517

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-0197

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-17199

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-9511

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-17189

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-9517

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-0737

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-17199

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-9516

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-9513

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-0217

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-0217

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-0197

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-17189

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-9516

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-0196

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-0196

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-0734

Trust: 0.2

url:https://www.debian.org/security/faq

Trust: 0.2

url:https://www.debian.org/security/

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-0732

Trust: 0.2

url:https://access.redhat.com/security/team/key/

Trust: 0.2

url:https://support.f5.com/csp/article/k49711130?utm_source=f5support&amp;amp;utm_medium=rss

Trust: 0.1

url:https://cwe.mitre.org/data/definitions/203.html

Trust: 0.1

url:https://threatpost.com/portsmash-side-channel-attack-siphons-data-from-intel-other-cpus/138777/

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://tools.cisco.com/security/center/viewalert.x?alertid=59118

Trust: 0.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0734

Trust: 0.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5407

Trust: 0.1

url:http://slackware.com

Trust: 0.1

url:http://osuosl.org)

Trust: 0.1

url:http://slackware.com/gpg-key

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-3838

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-3838

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-3835

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-3835

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-10072

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-0221

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-1559

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-1559

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-0221

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-10072

Trust: 0.1

url:https://security-tracker.debian.org/tracker/openssl1.0

Trust: 0.1

url:https://security-tracker.debian.org/tracker/openssl

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-0735

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-5731

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-3613

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-5735

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-0160

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-12181

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2017-5734

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-12181

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-0161

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2017-5731

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2017-5733

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-5732

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-5734

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-0160

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2017-5732

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2017-5735

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-5733

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-3613

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-0161

Trust: 0.1

sources: VULHUB: VHN-135438 // VULMON: CVE-2018-5407 // PACKETSTORM: 150437 // PACKETSTORM: 152240 // PACKETSTORM: 155414 // PACKETSTORM: 155413 // PACKETSTORM: 150860 // PACKETSTORM: 150561 // PACKETSTORM: 155416 // PACKETSTORM: 153887 // PACKETSTORM: 152241 // CNNVD: CNNVD-201811-279 // NVD: CVE-2018-5407

CREDITS

Red Hat

Trust: 0.6

sources: PACKETSTORM: 152240 // PACKETSTORM: 155414 // PACKETSTORM: 155413 // PACKETSTORM: 155416 // PACKETSTORM: 153887 // PACKETSTORM: 152241

SOURCES

db:VULHUBid:VHN-135438
db:VULMONid:CVE-2018-5407
db:PACKETSTORMid:150437
db:PACKETSTORMid:152240
db:PACKETSTORMid:155414
db:PACKETSTORMid:155413
db:PACKETSTORMid:150860
db:PACKETSTORMid:150561
db:PACKETSTORMid:155416
db:PACKETSTORMid:153887
db:PACKETSTORMid:152241
db:CNNVDid:CNNVD-201811-279
db:NVDid:CVE-2018-5407

LAST UPDATE DATE

2024-11-11T23:12:44.304000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-135438date:2020-09-18T00:00:00
db:VULMONid:CVE-2018-5407date:2023-11-07T00:00:00
db:CNNVDid:CNNVD-201811-279date:2022-03-10T00:00:00
db:NVDid:CVE-2018-5407date:2023-11-07T02:58:42.920

SOURCES RELEASE DATE

db:VULHUBid:VHN-135438date:2018-11-15T00:00:00
db:VULMONid:CVE-2018-5407date:2018-11-15T00:00:00
db:PACKETSTORMid:150437date:2018-11-22T23:23:23
db:PACKETSTORMid:152240date:2019-03-27T00:33:09
db:PACKETSTORMid:155414date:2019-11-20T23:02:22
db:PACKETSTORMid:155413date:2019-11-20T20:32:22
db:PACKETSTORMid:150860date:2018-12-20T15:05:22
db:PACKETSTORMid:150561date:2018-12-03T21:06:37
db:PACKETSTORMid:155416date:2019-11-20T20:55:55
db:PACKETSTORMid:153887date:2019-08-06T20:47:00
db:PACKETSTORMid:152241date:2019-03-27T00:35:38
db:CNNVDid:CNNVD-201811-279date:2018-11-12T00:00:00
db:NVDid:CVE-2018-5407date:2018-11-15T21:29:00.233