Vulnerabilities > CVE-2018-0732 - Key Management Errors vulnerability in multiple products

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
openssl
debian
canonical
nodejs
CWE-320
nessus

Summary

During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o).

Vulnerable Configurations

Part Description Count
Application
Openssl
36
Application
Nodejs
74
OS
Debian
1
OS
Canonical
5

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2018-3221.NASL
    descriptionAn update for openssl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es) : * openssl: ROHNP - Key Extraction Side Channel in Multiple Crypto Libraries (CVE-2018-0495) * openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang (CVE-2018-0732) * openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service (CVE-2018-0739) * openssl: Malformed X.509 IPAdressFamily could cause OOB read (CVE-2017-3735) * openssl: RSA key generation cache timing vulnerability in crypto/rsa/ rsa_gen.c allows attackers to recover private keys (CVE-2018-0737) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id118998
    published2018-11-16
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118998
    titleCentOS 7 : openssl (CESA-2018:3221)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2018:3221 and 
    # CentOS Errata and Security Advisory 2018:3221 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(118998);
      script_version("1.3");
      script_cvs_date("Date: 2019/12/31");
    
      script_cve_id("CVE-2017-3735", "CVE-2018-0495", "CVE-2018-0732", "CVE-2018-0737", "CVE-2018-0739");
      script_xref(name:"RHSA", value:"2018:3221");
    
      script_name(english:"CentOS 7 : openssl (CESA-2018:3221)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An update for openssl is now available for Red Hat Enterprise Linux 7.
    
    Red Hat Product Security has rated this update as having a security
    impact of Moderate. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL)
    and Transport Layer Security (TLS) protocols, as well as a
    full-strength general-purpose cryptography library.
    
    Security Fix(es) :
    
    * openssl: ROHNP - Key Extraction Side Channel in Multiple Crypto
    Libraries (CVE-2018-0495)
    
    * openssl: Malicious server can send large prime to client during
    DH(E) TLS handshake causing the client to hang (CVE-2018-0732)
    
    * openssl: Handling of crafted recursive ASN.1 structures can cause a
    stack overflow and resulting denial of service (CVE-2018-0739)
    
    * openssl: Malformed X.509 IPAdressFamily could cause OOB read
    (CVE-2017-3735)
    
    * openssl: RSA key generation cache timing vulnerability in
    crypto/rsa/ rsa_gen.c allows attackers to recover private keys
    (CVE-2018-0737)
    
    For more details about the security issue(s), including the impact, a
    CVSS score, and other related information, refer to the CVE page(s)
    listed in the References section.
    
    Additional Changes :
    
    For detailed information on changes in this release, see the Red Hat
    Enterprise Linux 7.6 Release Notes linked from the References section."
      );
      # https://lists.centos.org/pipermail/centos-cr-announce/2018-November/005594.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?2d02fe63"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected openssl packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-3735");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:openssl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:openssl-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:openssl-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:openssl-perl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:openssl-static");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/08/28");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/11/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/11/16");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 7.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"openssl-1.0.2k-16.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"openssl-devel-1.0.2k-16.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"openssl-libs-1.0.2k-16.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"openssl-perl-1.0.2k-16.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"openssl-static-1.0.2k-16.el7")) flag++;
    
    
    if (flag)
    {
      cr_plugin_caveat = '\n' +
        'NOTE: The security advisory associated with this vulnerability has a\n' +
        'fixed package version that may only be available in the continuous\n' +
        'release (CR) repository for CentOS, until it is present in the next\n' +
        'point release of CentOS.\n\n' +
    
        'If an equal or higher package level does not exist in the baseline\n' +
        'repository for your major version of CentOS, then updates from the CR\n' +
        'repository will need to be applied in order to address the\n' +
        'vulnerability.\n';
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get() + cr_plugin_caveat
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openssl / openssl-devel / openssl-libs / openssl-perl / etc");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-9A0A7C0986.NASL
    descriptionPatch for CVE-2018-0737, CVE-2018-0732, CVE-2018-0734, CVE-2019-1552, CVE-2019-1559. https://www.openssl.org/news/vulnerabilities.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id129368
    published2019-09-26
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129368
    titleFedora 29 : 1:compat-openssl10 (2019-9a0a7c0986)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2019-9a0a7c0986.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(129368);
      script_version("1.2");
      script_cvs_date("Date: 2019/12/23");
    
      script_cve_id("CVE-2018-0732", "CVE-2018-0734", "CVE-2018-0737", "CVE-2019-1543", "CVE-2019-1552", "CVE-2019-1559");
      script_xref(name:"FEDORA", value:"2019-9a0a7c0986");
    
      script_name(english:"Fedora 29 : 1:compat-openssl10 (2019-9a0a7c0986)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Patch for CVE-2018-0737, CVE-2018-0732, CVE-2018-0734, CVE-2019-1552,
    CVE-2019-1559.
    
    https://www.openssl.org/news/vulnerabilities.html
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-9a0a7c0986"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.openssl.org/news/vulnerabilities.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected 1:compat-openssl10 package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-1543");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:1:compat-openssl10");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:29");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/04/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/09/26");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/09/26");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^29([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 29", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC29", reference:"compat-openssl10-1.0.2o-7.fc29", epoch:"1")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "1:compat-openssl10");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-520E4C5B4E.NASL
    descriptionUpdate to 1.1.0i version from upstream fixing minor security issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2019-01-03
    plugin id120424
    published2019-01-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120424
    titleFedora 28 : 1:openssl (2018-520e4c5b4e)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2018-520e4c5b4e.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(120424);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2018-0732", "CVE-2018-0737");
      script_xref(name:"FEDORA", value:"2018-520e4c5b4e");
    
      script_name(english:"Fedora 28 : 1:openssl (2018-520e4c5b4e)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Update to 1.1.0i version from upstream fixing minor security issues.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2018-520e4c5b4e"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected 1:openssl package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-0737");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:1:openssl");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:28");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/04/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/09/22");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/03");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^28([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 28", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC28", reference:"openssl-1.1.0i-1.fc28", epoch:"1")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "1:openssl");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-DB06EFDEA1.NASL
    descriptionPatch for CVE-2018-0737, CVE-2018-0732, CVE-2018-0734, CVE-2019-1552, CVE-2019-1559. https://www.openssl.org/news/vulnerabilities.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id129653
    published2019-10-07
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129653
    titleFedora 31 : 1:compat-openssl10 (2019-db06efdea1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2019-db06efdea1.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(129653);
      script_version("1.2");
      script_cvs_date("Date: 2019/12/19");
    
      script_cve_id("CVE-2018-0732", "CVE-2018-0734", "CVE-2018-0737", "CVE-2019-1543", "CVE-2019-1552", "CVE-2019-1559");
      script_xref(name:"FEDORA", value:"2019-db06efdea1");
    
      script_name(english:"Fedora 31 : 1:compat-openssl10 (2019-db06efdea1)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Patch for CVE-2018-0737, CVE-2018-0732, CVE-2018-0734, CVE-2019-1552,
    CVE-2019-1559.
    
    https://www.openssl.org/news/vulnerabilities.html
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-db06efdea1"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.openssl.org/news/vulnerabilities.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected 1:compat-openssl10 package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-1543");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:1:compat-openssl10");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:31");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/04/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/09/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/10/07");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^31([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 31", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC31", reference:"compat-openssl10-1.0.2o-8.fc31", epoch:"1")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "1:compat-openssl10");
    }
    
  • NASL familyMisc.
    NASL idSECURITYCENTER_5_7_1_TNS_2018_12.NASL
    descriptionAccording to its self-reported version, the Tenable SecurityCenter application installed on the remote host is prior to 5.7.1. It is, therefore, affected by multiple vulnerabilities. Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id117672
    published2018-09-24
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117672
    titleTenable SecurityCenter < 5.7.1 Multiple Vulnerabilities (TNS-2018-12)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-2036-1.NASL
    descriptionThis update for openssl-1_1 fixes the following issues : - CVE-2018-0732: During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack (bsc#1097158). - Blinding enhancements for ECDSA and DSA (bsc#1097624, bsc#1098592) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-21
    modified2019-01-02
    plugin id120056
    published2019-01-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120056
    titleSUSE SLED15 / SLES15 Security Update : openssl-1_1 (SUSE-SU-2018:2036-1)
  • NASL familyMisc.
    NASL idNESSUS_TNS_2018_14.NASL
    descriptionAccording to its self-reported version, the Tenable Nessus application running on the remote host is prior to 8.0.0. It is, therefore, affected by multiple vulnerabilities: - Tenable Nessus contains a flaw in the bundled third-party component OpenSSL library
    last seen2020-06-01
    modified2020-06-02
    plugin id118398
    published2018-10-26
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118398
    titleTenable Nessus < 8.0.0 Multiple Vulnerabilities (TNS-2018-14)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1643.NASL
    descriptionAccording to the versions of the compat-openssl10 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack.(CVE-2017-0732) - OpenSSL RSA key generation was found to be vulnerable to cache side-channel attacks. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover parts of the private key.(CVE-2018-0737) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-03
    modified2019-06-27
    plugin id126270
    published2019-06-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126270
    titleEulerOS 2.0 SP8 : compat-openssl10 (EulerOS-SA-2019-1643)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-863.NASL
    descriptionThis update for VirtualBox 5.2.20 fixes security issues and bugs. A number of vulnerabilities were fixed a affecting multiple components of VirtualBox bsc#1112097: CVE-2018-0732, CVE-2018-2909, CVE-2018-3287, CVE-2018-3288, CVE-2018-3289, CVE-2018-3290, CVE-2018-3291, CVE-2018-3292, CVE-2018-3293, CVE-2018-3294, CVE-2018-3295, CVE-2018-3296, CVE-2018-3297, and CVE-2018-3298. This update also contains various bug fixes in the 5.2.20 release : - VMM: fixed task switches triggered by INTn instruction - Storage: fixed connecting to certain iSCSI targets - Storage: fixed handling of flush requests when configured to be ignored when the host I/O cache is used - Drag and drop fixes - Video recording: fixed starting video recording on VM power up - Various fixes to Linux Additions
    last seen2020-05-31
    modified2019-03-27
    plugin id123360
    published2019-03-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123360
    titleopenSUSE Security Update : VirtualBox (openSUSE-2019-863)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-1887-1.NASL
    descriptionThis update for openssl fixes the following issues : - CVE-2018-0732: During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack (bsc#1097158). - Blinding enhancements for ECDSA and DSA (bsc#1097624, bsc#1098592) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id110938
    published2018-07-06
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110938
    titleSUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2018:1887-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-2552.NASL
    descriptionAn update is now available for Red Hat OpenShift Application Runtimes. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat Openshift Application Runtimes provides an application platform that reduces the complexity of developing and operating applications (monoliths and microservices) for OpenShift as a containerized platform. This release of RHOAR Node.js 8.11.4 serves as a replacement for RHOAR Node.js 8.11.3, and includes bug fixes and enhancements. For further information, refer to the Release Notes linked to in the References section. Security Fix(es) : * openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang (CVE-2018-0732) * nodejs: Out of bounds (OOB) write via UCS-2 encoding (CVE-2018-12115) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-12
    modified2018-12-04
    plugin id119402
    published2018-12-04
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119402
    titleRHEL 7 : Red Hat OpenShift Application Runtimes Node.js 8.11.4 (RHSA-2018:2552)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2018-3221.NASL
    descriptionFrom Red Hat Security Advisory 2018:3221 : An update for openssl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es) : * openssl: ROHNP - Key Extraction Side Channel in Multiple Crypto Libraries (CVE-2018-0495) * openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang (CVE-2018-0732) * openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service (CVE-2018-0739) * openssl: Malformed X.509 IPAdressFamily could cause OOB read (CVE-2017-3735) * openssl: RSA key generation cache timing vulnerability in crypto/rsa/ rsa_gen.c allows attackers to recover private keys (CVE-2018-0737) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id118777
    published2018-11-07
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118777
    titleOracle Linux 7 : openssl (ELSA-2018-3221)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-2553.NASL
    descriptionAn update is now available for Red Hat OpenShift Application Runtimes. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat Openshift Application Runtimes provides an application platform that reduces the complexity of developing and operating applications (monoliths and microservices) for OpenShift as a containerized platform. This release of RHOAR Node.js 10.9.0 serves as a replacement for RHOAR Node.js 10.8.0, and includes bug fixes and enhancements. For further information, refer to the Release Notes linked to in the References section. Security Fix(es) : * openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang (CVE-2018-0732) * nodejs: Unintentional exposure of uninitialized memory (CVE-2018-7166) * nodejs: Out of bounds (OOB) write via UCS-2 encoding (CVE-2018-12115) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-12
    modified2018-12-04
    plugin id119403
    published2018-12-04
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119403
    titleRHEL 7 : Red Hat OpenShift Application Runtimes Node.js 10.9.0 (RHSA-2018:2553)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-704.NASL
    descriptionThis update for openssl fixes the following issues : - CVE-2018-0732: During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack (bsc#1097158). - Blinding enhancements for ECDSA and DSA (bsc#1097624, bsc#1098592) This update was imported from the SUSE:SLE-12-SP2:Update update project.
    last seen2020-06-05
    modified2018-07-09
    plugin id110960
    published2018-07-09
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110960
    titleopenSUSE Security Update : openssl (openSUSE-2018-704)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2018-226-01.NASL
    descriptionNew openssl packages are available for Slackware 14.2 and -current to fix security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id111737
    published2018-08-15
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111737
    titleSlackware 14.2 / current : openssl (SSA:2018-226-01)
  • NASL familyWeb Servers
    NASL idOPENSSL_1_0_2P.NASL
    descriptionAccording to its banner, the version of OpenSSL running on the remote host is 1.0.x prior to 1.0.2p. It is, therefore, affected by a denial of service vulnerability and a cache timing side channel vulnerability.
    last seen2020-06-01
    modified2020-06-02
    plugin id112119
    published2018-08-27
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/112119
    titleOpenSSL 1.0.x < 1.0.2p Multiple Vulnerabilities
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-1_0-0175_OPENSSL.NASL
    descriptionAn update of the openssl package has been released.
    last seen2020-03-17
    modified2019-02-07
    plugin id121875
    published2019-02-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121875
    titlePhoton OS 1.0: Openssl PHSA-2018-1.0-0175
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-1968-1.NASL
    descriptionThis update for openssl fixes the following issues : - CVE-2018-0732: During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack (bsc#1097158). - Blinding enhancements for ECDSA and DSA (bsc#1097624, bsc#1098592) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id111134
    published2018-07-17
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111134
    titleSUSE SLES12 Security Update : openssl (SUSE-SU-2018:1968-1)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0065_OPENSSL.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has openssl packages installed that are affected by multiple vulnerabilities: - While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g. (CVE-2017-3735) - Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. (CVE-2018-0495) - OpenSSL RSA key generation was found to be vulnerable to cache side-channel attacks. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover parts of the private key. (CVE-2018-0737) - Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n). (CVE-2018-0739) - A microprocessor side-channel vulnerability was found on SMT (e.g, Hyper-Threading) architectures. An attacker running a malicious process on the same core of the processor as the victim process can extract certain secret information. (CVE-2018-5407) - During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o). (CVE-2018-0732) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id127262
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127262
    titleNewStart CGSL CORE 5.04 / MAIN 5.04 : openssl Multiple Vulnerabilities (NS-SA-2019-0065)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-1041.NASL
    descriptionThis update for nodejs6 to version 6.14.4 fixes the following issues : Security issues fixed : CVE-2018-12115: Fixed an out-of-bounds (OOB) write in Buffer.write() for UCS-2 encoding (bsc#1105019) CVE-2018-0732: Upgrade to OpenSSL 1.0.2p, fixing a client DoS due to large DH parameter (bsc#1097158) Other issues fixed : - Recommend same major version npm package (bsc#1097748) This update was imported from the SUSE:SLE-12:Update update project.
    last seen2020-06-05
    modified2018-09-25
    plugin id117689
    published2018-09-25
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117689
    titleopenSUSE Security Update : nodejs6 (openSUSE-2018-1041)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20181030_OPENSSL_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - openssl: ROHNP - Key Extraction Side Channel in Multiple Crypto Libraries (CVE-2018-0495) - openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang (CVE-2018-0732) - openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service (CVE-2018-0739) - openssl: Malformed X.509 IPAdressFamily could cause OOB read (CVE-2017-3735) - openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys (CVE-2018-0737)
    last seen2020-03-18
    modified2018-11-27
    plugin id119194
    published2018-11-27
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119194
    titleScientific Linux Security Update : openssl on SL7.x x86_64 (20181030)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1185.NASL
    descriptionAccording to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.i1/4^CVE-2018-0495i1/4%0 - During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o).i1/4^CVE-2018-0732i1/4%0 - Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n).i1/4^CVE-2018-0739i1/4%0 Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-19
    modified2019-04-09
    plugin id123871
    published2019-04-09
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123871
    titleEulerOS Virtualization 2.5.3 : openssl (EulerOS-SA-2019-1185)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-763.NASL
    descriptionThis update for openssl-1_0_0 fixes the following issues : - CVE-2018-0732: During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack (bsc#1097158). - Blinding enhancements for ECDSA and DSA (bsc#1097624, bsc#1098592) This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-05
    modified2018-07-30
    plugin id111415
    published2018-07-30
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111415
    titleopenSUSE Security Update : openssl-1_0_0 (openSUSE-2018-763)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-1330.NASL
    descriptionThis update for VirtualBox 5.2.20 fixes security issues and bugs. A number of vulnerabilities were fixed a affecting multiple components of VirtualBox bsc#1112097: CVE-2018-0732, CVE-2018-2909, CVE-2018-3287, CVE-2018-3288, CVE-2018-3289, CVE-2018-3290, CVE-2018-3291, CVE-2018-3292, CVE-2018-3293, CVE-2018-3294, CVE-2018-3295, CVE-2018-3296, CVE-2018-3297, and CVE-2018-3298. This update also contains various bug fixes in the 5.2.20 release : - VMM: fixed task switches triggered by INTn instruction - Storage: fixed connecting to certain iSCSI targets - Storage: fixed handling of flush requests when configured to be ignored when the host I/O cache is used - Drag and drop fixes - Video recording: fixed starting video recording on VM power up - Various fixes to Linux Additions
    last seen2020-06-05
    modified2018-10-31
    plugin id118562
    published2018-10-31
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118562
    titleopenSUSE Security Update : VirtualBox (openSUSE-2018-1330)
  • NASL familyWeb Servers
    NASL idOPENSSL_1_1_0I.NASL
    descriptionAccording to its banner, the version of OpenSSL running on the remote host is 1.1.0 prior to 1.1.0i. It is, therefore, affected by a denial of service vulnerability, a cache timing side channel vulnerability, and a microarchitecture timing side channel attack.
    last seen2020-06-01
    modified2020-06-02
    plugin id112120
    published2018-08-27
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/112120
    titleOpenSSL 1.1.0 < 1.1.0i Multiple Vulnerabilities
  • NASL familyMisc.
    NASL idNESSUS_TNS_2018_17.NASL
    descriptionAccording to its self-reported version, the Tenable Nessus application running on the remote host is prior to 7.1.4. It is, therefore, affected by multiple vulnerabilities: - Tenable Nessus contains a flaw in the bundled third-party component OpenSSL library
    last seen2020-06-01
    modified2020-06-02
    plugin id120198
    published2019-01-02
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120198
    titleTenable Nessus < 7.1.4 Multiple Vulnerabilities (TNS-2018-17)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1009.NASL
    descriptionAccording to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - openssl: ROHNP - Key Extraction Side Channel in Multiple Crypto Libraries (CVE-2018-0495) - openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang (CVE-2018-0732) - openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service (CVE-2018-0739) - openssl: Malformed X.509 IPAdressFamily could cause OOB read (CVE-2017-3735) - openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys (CVE-2018-0737) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2019-01-08
    plugin id120997
    published2019-01-08
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120997
    titleEulerOS 2.0 SP5 : openssl (EulerOS-SA-2019-1009)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2019-0040.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - Oracle bug 28730228: backport (CVE-2018-0732) - Oracle bug 28758493: backport (CVE-2018-0737) - Merge upstream patch to fix (CVE-2018-0739) - Avoid out-of-bounds read. Fixes CVE-2017-3735. By Rich Salz - sha256 is used for the RSA pairwise consistency test instead of sha1 - fix CVE-2019-1559 - 0-byte record padding oracle
    last seen2020-06-01
    modified2020-06-02
    plugin id127975
    published2019-08-20
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127975
    titleOracleVM 3.4 : openssl (OVMSA-2019-0040)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-3221.NASL
    descriptionAn update for openssl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es) : * openssl: ROHNP - Key Extraction Side Channel in Multiple Crypto Libraries (CVE-2018-0495) * openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang (CVE-2018-0732) * openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service (CVE-2018-0739) * openssl: Malformed X.509 IPAdressFamily could cause OOB read (CVE-2017-3735) * openssl: RSA key generation cache timing vulnerability in crypto/rsa/ rsa_gen.c allows attackers to recover private keys (CVE-2018-0737) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id118534
    published2018-10-31
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118534
    titleRHEL 7 : openssl (RHSA-2018:3221)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_0904E81FA89D11E8AFBBBC5FF4F77B71.NASL
    descriptionNode.js reports : OpenSSL: Client DoS due to large DH parameter This fixes a potential denial of service (DoS) attack against client connections by a malicious server. During a TLS communication handshake, where both client and server agree to use a cipher-suite using DH or DHE (Diffie-Hellman, in both ephemeral and non-ephemeral modes), a malicious server can send a very large prime value to the client. Because this has been unbounded in OpenSSL, the client can be forced to spend an unreasonably long period of time to generate a key, potentially causing a denial of service. OpenSSL: ECDSA key extraction via local side-channel Attackers with access to observe cache-timing may be able to extract DSA or ECDSA private keys by causing the victim to create several signatures and watching responses. This flaw does not have a CVE due to OpenSSL policy to not assign itself CVEs for local-only vulnerabilities that are more academic than practical. This vulnerability was discovered by Keegan Ryan at NCC Group and impacts many cryptographic libraries including OpenSSL. Unintentional exposure of uninitialized memory Only Node.js 10 is impacted by this flaw. Node.js TSC member Nikita Skovoroda discovered an argument processing flaw that causes Buffer.alloc() to return uninitialized memory. This method is intended to be safe and only return initialized, or cleared, memory. The third argument specifying encoding can be passed as a number, this is misinterpreted by Buffer
    last seen2020-06-01
    modified2020-06-02
    plugin id112128
    published2018-08-28
    reporterThis script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/112128
    titleFreeBSD : node.js -- multiple vulnerabilities (0904e81f-a89d-11e8-afbb-bc5ff4f77b71)
  • NASL familyFirewalls
    NASL idSYMANTEC_PROXY_SG_SA1462.NASL
    descriptionThe self-reported SGOS version installed on the remote Symantec ProxySG device is 6.5.x, 6.6.x or 6.7 prior to 6.7.4.1. It is, therefore, affected by OpenSSL denial of service vulnerability.
    last seen2020-06-01
    modified2020-06-02
    plugin id128303
    published2019-08-29
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128303
    titleSymantec ProxySG 6.5 / 6.6 / 6.7 < 6.7.4.1 OpenSSL Denial of Service Vulnerability (SA1462)
  • NASL familyMisc.
    NASL idORACLE_OATS_CPU_JAN_2019.NASL
    descriptionThe version of Oracle Application Testing Suite installed on the remote host is affected by multiple vulnerabilities : - Enterprise Manager Base Platform Agent Next Gen (Jython) component of Oracle Enterprise Manager Products Suite is easily exploited and can allow an unauthenticated attacker the ability to takeover the Enterprise Manager Base Platform. (CVE-2016-4000) - Enterprise Manager Base Platform Discovery Framework (OpenSSL) component of Oracle Enterprise Manager Products Suite is easily exploited and can allow an unauthenticated attacker the ability to cause a frequent crash (DoS) of the Enterprise Manager Base Platform. (CVE-2018-0732) - Enterprise Manager Ops Center Networking (OpenSSL) component of Oracle Enterprise Manager Products Suite is easily exploited and can allow an unauthenticated attacker the ability to cause a frequent crash (DoS) of the Enterprise Manager Ops Center Platform. (CVE-2018-0732) - Oracle Application Testing Suite Load Testing for Web Apps (Spring Framework) component of Oracle Enterprise Manager Products Suite is easily exploited and can allow an unauthenticated attacker the ability to takeover the Enterprise Manager Base Platform. (CVE-2018-1258) - Enterprise Manager Base Platform EM Console component is easily exploited by an unauthenticated attacker. Successful attacks can result in unauthorized update, insert, or delete access. (CVE-2018-3303) - Oracle Application Testing Suite Load Testing for Web Apps component is easily exploited by an unauthenticated attacker. Successful attacks can result in unauthorized update, insert, or delete access and a partial denial of service. (CVE-2018-3304) - Oracle Application Testing Suite Load Testing for Web Apps component is easily exploited by an unauthenticated attacker. Successful attacks can result in unauthorized update, insert, or delete access and a partial denial of service. (CVE-2018-3305) - Enterprise Manager for Virtualization Plug-In Lifecycle (jackson-databind) component of Oracle Enterprise Manager allows an unauthenticated attacker the ability to takeover Enterprise Manager for Virtualization. (CVE-2018-12023) - Enterprise Manager for Virtualization Plug-In Lifecycle (jackson-databind) component of Oracle Enterprise Manager allows an unauthenticated attacker the ability to takeover Enterprise Manager for Virtualization. (CVE-2018-14718) - Enterprise Manager Ops Center Networking (cURL) component of Oracle Enterprise Manager allows an unauthenticated attacker the ability to takeover Enterprise Manager Ops Center. (CVE-2018-1000300)
    last seen2020-06-01
    modified2020-06-02
    plugin id121257
    published2019-01-21
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121257
    titleOracle Application Testing Suite Multiple Vulnerabilities (Jan 2019 CPU)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-1109.NASL
    descriptionThis update for openssl-1_1 to 1.1.0i fixes the following issues : These security issues were fixed : - CVE-2018-0732: During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack (bsc#1097158) - Make problematic ECDSA sign addition length-invariant - Add blinding to ECDSA and DSA signatures to protect against side channel attacks These non-security issues were fixed : - When unlocking a pass phrase protected PEM file or PKCS#8 container, we now allow empty (zero character) pass phrases. - Certificate time validation (X509_cmp_time) enforces stricter compliance with RFC 5280. Fractional seconds and timezone offsets are no longer allowed. - Fixed a text canonicalisation bug in CMS - Add openssl(cli) Provide so the packages that require the openssl binary can require this instead of the new openssl meta package (bsc#1101470) This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-05
    modified2018-10-09
    plugin id117976
    published2018-10-09
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117976
    titleopenSUSE Security Update : openssl-1_1 (openSUSE-2018-1109)
  • NASL familyMisc.
    NASL idVIRTUALBOX_5_2_20.NASL
    descriptionThe version of Oracle VM VirtualBox running on the remote host is 5.2.x prior to 5.2.20. It is, therefore, affected by multiple vulnerabilities as noted in the October 2018 Critical Patch Update advisory : - An unspecified vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization in the Core subcomponent could allow an unauthenticated, remote attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. (CVE-2018-2909, CVE-2018-3287, CVE-2018-3288, CVE-2018-3289, CVE-2018-3290, CVE-2018-3291, CVE-2018-3292, CVE-2018-3293, CVE-2018-3294, CVE-2018-3295, CVE-2018-3296, CVE-2018-3297, CVE-2018-3298) - An unspecified vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization in the OpenSSL subcomponent could allow an unauthenticated, remote attacker with network access via TLS to compromise Oracle VM VirtualBox. (CVE-2018-0732) Please consult the CVRF details for the applicable CVEs for additional information. Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id118204
    published2018-10-18
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118204
    titleOracle VM VirtualBox < 5.2.20 Multiple Vulnerabilities (Oct 2018 CPU)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-997.NASL
    descriptionThis update for compat-openssl098 fixes the following security issues : - CVE-2018-0732: During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack (bsc#1097158) - Blinding enhancements for ECDSA and DSA (bsc#1097624, bsc#1098592) - CVE-2018-0737: The RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could have recovered the private key (bsc#1089039) - CVE-2018-0739: Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could have resulted in DoS (bsc#1087102). This update was imported from the SUSE:SLE-12:Update update project.
    last seen2020-06-05
    modified2018-09-13
    plugin id117476
    published2018-09-13
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117476
    titleopenSUSE Security Update : compat-openssl098 (openSUSE-2018-997)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-1887-2.NASL
    descriptionThis update for openssl fixes the following issues : CVE-2018-0732: During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack (bsc#1097158). Blinding enhancements for ECDSA and DSA (bsc#1097624, bsc#1098592) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id118273
    published2018-10-22
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118273
    titleSUSE SLES12 Security Update : openssl (SUSE-SU-2018:1887-2)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-751.NASL
    descriptionThis update for openssl-1_1 to 1.1.0i fixes the following issues : These security issues were fixed : - CVE-2018-0732: During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack (bsc#1097158) - Make problematic ECDSA sign addition length-invariant - Add blinding to ECDSA and DSA signatures to protect against side channel attacks These non-security issues were fixed : - When unlocking a pass phrase protected PEM file or PKCS#8 container, we now allow empty (zero character) pass phrases. - Certificate time validation (X509_cmp_time) enforces stricter compliance with RFC 5280. Fractional seconds and timezone offsets are no longer allowed. - Fixed a text canonicalisation bug in CMS - Add openssl(cli) Provide so the packages that require the openssl binary can require this instead of the new openssl meta package (bsc#1101470) This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id123322
    published2019-03-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123322
    titleopenSUSE Security Update : openssl-1_1 (openSUSE-2019-751)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1420.NASL
    descriptionAccording to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - openssl: ROHNP - Key Extraction Side Channel in Multiple Crypto Libraries (CVE-2018-0495) - openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang (CVE-2018-0732) - openssl: Malformed X.509 IPAdressFamily could cause OOB read (CVE-2017-3735) - openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys (CVE-2018-0737) - openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service (CVE-2018-0739) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2018-12-28
    plugin id119909
    published2018-12-28
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119909
    titleEulerOS 2.0 SP2 : openssl (EulerOS-SA-2018-1420)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2018-4249.NASL
    descriptionDescription of changes: [1.0.2k-12.0.3] - Oracle bug 28672370: backport CVE-2018-0732 - Oracle bug 28672351: backport CVE-2018-0737
    last seen2020-06-01
    modified2020-06-02
    plugin id118106
    published2018-10-15
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118106
    titleOracle Linux 7 : openssl (ELSA-2018-4249)
  • NASL familyMisc.
    NASL idNODEJS_2018_AUG.NASL
    descriptionThe version of Node.js installed on the remote host is 6.x prior to 6.14.4, 8.x prior to 8.11.4 or 10.x prior to 10.9.0. It, therefore, is affected by multiple vulnerabilities. Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id118937
    published2018-11-14
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118937
    titleNode.js multiple vulnerabilities (August 2018 Security Releases).
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-991.NASL
    descriptionThis update for nodejs4 fixes the following issues : Security issues fixed : - CVE-2018-12115: Fixed an out-of-bounds memory write in Buffer that could be used to write to memory outside of a Buffer
    last seen2020-06-05
    modified2018-09-10
    plugin id117381
    published2018-09-10
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117381
    titleopenSUSE Security Update : nodejs4 (openSUSE-2018-991)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4355.NASL
    descriptionSeveral local side channel attacks and a denial of service via large Diffie-Hellman parameters were discovered in OpenSSL, a Secure Sockets Layer toolkit.
    last seen2020-03-28
    modified2018-12-20
    plugin id119792
    published2018-12-20
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119792
    titleDebian DSA-4355-1 : openssl1.0 - security update
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1553-1.NASL
    descriptionThis update for openssl fixes the following issues : CVE-2018-0732: Reject excessively large primes in DH key generation (bsc#1097158) CVE-2018-0734: Timing vulnerability in DSA signature generation (bsc#1113652) CVE-2018-0737: Cache timing vulnerability in RSA Key Generation (bsc#1089039) CVE-2018-5407: Elliptic curve scalar multiplication timing attack defenses (fixes
    last seen2020-06-01
    modified2020-06-02
    plugin id126046
    published2019-06-19
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126046
    titleSUSE SLES12 Security Update : openssl (SUSE-SU-2019:1553-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-2041-1.NASL
    descriptionThis update for openssl-1_1 fixes the following issues : - CVE-2018-0732: During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack (bsc#1097158). - Blinding enhancements for ECDSA and DSA (bsc#1097624, bsc#1098592) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-21
    modified2019-01-02
    plugin id120057
    published2019-01-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120057
    titleSUSE SLES15 Security Update : openssl-1_1 (SUSE-SU-2018:2041-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1306.NASL
    descriptionAccording to the versions of the openssl110f packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack.(CVE-2017-0732) - OpenSSL RSA key generation was found to be vulnerable to cache side-channel attacks. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover parts of the private key.(CVE-2018-0737) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2018-09-27
    plugin id117749
    published2018-09-27
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117749
    titleEulerOS 2.0 SP2 : openssl110f (EulerOS-SA-2018-1306)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-2683-1.NASL
    descriptionThis update for compat-openssl098 fixes the following security issues : CVE-2018-0732: During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack (bsc#1097158) Blinding enhancements for ECDSA and DSA (bsc#1097624, bsc#1098592) CVE-2018-0737: The RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could have recovered the private key (bsc#1089039) CVE-2018-0739: Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could have resulted in DoS (bsc#1087102). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id117450
    published2018-09-12
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117450
    titleSUSE SLED12 / SLES12 Security Update : compat-openssl098 (SUSE-SU-2018:2683-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-2956-1.NASL
    descriptionThis update for openssl-1_1 to 1.1.0i fixes the following issues : These security issues were fixed : CVE-2018-0732: During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack (bsc#1097158) Make problematic ECDSA sign addition length-invariant Add blinding to ECDSA and DSA signatures to protect against side channel attacks The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-18
    modified2019-01-02
    plugin id120114
    published2019-01-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120114
    titleSUSE SLED15 / SLES15 Security Update : openssl-1_1 (SUSE-SU-2018:2956-1)
  • NASL familyF5 Networks Local Security Checks
    NASL idF5_BIGIP_SOL21665601.NASL
    descriptionDuring key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o). (CVE-2018-0732) Impact A remote attacker may be able to cause a denial-of-service (DoS) attack.
    last seen2020-06-01
    modified2020-06-02
    plugin id118642
    published2018-11-02
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118642
    titleF5 Networks BIG-IP : OpenSSL vulnerability (K21665601)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-2_0-0084.NASL
    descriptionAn update of 'procps-ng', 'openssl', 'perl' packages of Photon OS has been released.
    last seen2019-02-21
    modified2019-02-07
    plugin id112035
    published2018-08-21
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=112035
    titlePhoton OS 2.0: Openssl / Procps-ng / Perl PHSA-2018-2.0-0084 (deprecated)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1214.NASL
    descriptionAccording to the versions of the openssl110f packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack.(CVE-2017-0732) - OpenSSL RSA key generation was found to be vulnerable to cache side-channel attacks. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover parts of the private key.(CVE-2018-0737) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2018-07-03
    plugin id110878
    published2018-07-03
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110878
    titleEulerOS 2.0 SP3 : openssl110f (EulerOS-SA-2018-1214)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4348.NASL
    descriptionSeveral local side channel attacks and a denial of service via large Diffie-Hellman parameters were discovered in OpenSSL, a Secure Sockets Layer toolkit.
    last seen2020-06-01
    modified2020-06-02
    plugin id119313
    published2018-12-01
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119313
    titleDebian DSA-4348-1 : openssl - security update
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1449.NASL
    descriptionTwo issues were discovered in OpenSSL, the Secure Sockets Layer toolkit. CVE-2018-0732 Denial of service by a malicious server that sends a very large prime value to the client during TLS handshake. CVE-2018-0737 Alejandro Cabrera Aldaya, Billy Brumley, Cesar Pereida Garcia and Luis Manuel Alvarez Tapia discovered that the OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. For Debian 8
    last seen2020-06-01
    modified2020-06-02
    plugin id111390
    published2018-07-30
    reporterThis script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111390
    titleDebian DLA-1449-1 : openssl security update
  • NASL familyMisc.
    NASL idORACLE_ENTERPRISE_MANAGER_OPS_CENTER_JAN_2019_CPU.NASL
    descriptionThe version of Oracle Enterprise Manager Cloud Control installed on the remote host is affected by multiple vulnerabilities in Enterprise Manager Base Platform component: - An unspecified vulnerability in the subcomponent Networking (jQuery) of Enterprise Manager Ops Center. Supported versions that are affected are 12.2.2 and 12.3.3. An easy to exploit vulnerability could allow an unauthenticated attacker with network access via HTTP to compromise Enterprise Manager Ops Center. A successful attacks requires human interaction and can result in unauthorized update, insert or delete access to some of Enterprise Manager Ops Center accessible data. (CVE-2015-9251) - An unspecified vulnerability in the subcomponent Networking (OpenSSL) of the Enterprise Manager Ops Center. Supported versions that are affected are 12.2.2 and 12.3.3. An easy to exploit vulnerability could allow an unauthenticated attacker with network access via HTTPS to compromise Enterprise Manager Ops Center. A successful attack of this vulnerability could result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Enterprise Manager Ops Center. (CVE-2018-0732) - An unspecified vulnerability in the subcomponent Networking (cURL) of Enterprise Manager Ops Center. Supported versions that are affected are 12.2.2 and 12.3.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager Ops Center. A successful attack requires human interaction from a person other than the attacker and can result in takeover of Enterprise Manager Ops Center. (CVE-2018-1000300)
    last seen2020-06-01
    modified2020-06-02
    plugin id131184
    published2019-11-21
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131184
    titleOracle Enterprise Manager Ops Center (Jan 2019 CPU)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-1297.NASL
    descriptionAn update is now available for JBoss Core Services on RHEL 6 and RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.29 Service Pack 2 serves as an update to Red Hat JBoss Core Services Apache HTTP Server 2.4.29, and includes bug fixes for CVEs which are linked to in the References section. Security Fix(es) : * openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang (CVE-2018-0732) * openssl: ROHNP - Key Extraction Side Channel in Multiple Crypto Libraries (CVE-2018-0495) * httpd: privilege escalation from modules scripts (CVE-2019-0211) Details around this issue, including information about the CVE, severity of the issue, and CVSS scores can be found on the CVE pages listed in the References section below.
    last seen2020-06-01
    modified2020-06-02
    plugin id125616
    published2019-05-31
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125616
    titleRHEL 6 / 7 : Red Hat JBoss Core Services Apache HTTP Server 2.4.29 SP2 (RHSA-2019:1297)
  • NASL familyCGI abuses
    NASL idORACLE_PRIMAVERA_P6_EPPM_CPU_JAN_2019.NASL
    descriptionAccording to its self-reported version number, the Oracle Primavera P6 Enterprise Project Portfolio Management (EPPM) installation running on the remote web server is 8.4 prior to 8.4.15.9, 15.x prior to 15.2.18.3, 16.x prior to 16.2.17.0, 17.x prior to 17.12.10.0, or 18.x prior to 18.8.5.0. It is, therefore, affected by multiple vulnerabilities: - A denial of service (DoS) vulnerability exists in OpenSSL due to an issue processing very large prime values during TLS handshakes using a DH(E) based ciphersuite. An unauthenticated, remote attacker can exploit this issue to cause the client to stop responding. (CVE-2018-0732) - The OpenSSL RSA Key generation algorithm is vulnerable to a chache timing side channel attack. An attacker can exploit this to potentially recover the private key. (CVE-2018-0737) - The Web Access subcomponent of Oracle Primavera P6 EPPM is affected by a vulnerability which could allow an unauthenticated attacker with HTTP access to compromise the system. Successful exploitation of this vulnerability require user interaction, and could result in unauthorized read/write access to Primavera P6 EPPM data. (CVE-2019-2512) Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id121252
    published2019-01-18
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121252
    titleOracle Primavera P6 Enterprise Project Portfolio Management (EPPM) Multiple Vulnerabilities (Jan 2019 CPU)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-2647-1.NASL
    descriptionThis update for nodejs4 fixes the following issues : Security issues fixed : CVE-2018-12115: Fixed an out-of-bounds memory write in Buffer that could be used to write to memory outside of a Buffer
    last seen2020-03-19
    modified2019-01-02
    plugin id120093
    published2019-01-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120093
    titleSUSE SLES12 Security Update : nodejs4 (SUSE-SU-2018:2647-1)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_C82ECAC56E3F11E88777B499BAEBFEAF.NASL
    descriptionThe OpenSSL project reports : During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack.
    last seen2020-06-01
    modified2020-06-02
    plugin id110504
    published2018-06-13
    reporterThis script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110504
    titleFreeBSD : OpenSSL -- Client DoS due to large DH parameter (c82ecac5-6e3f-11e8-8777-b499baebfeaf)
  • NASL familyMisc.
    NASL idORACLE_ENTERPRISE_MANAGER_JAN_2019_CPU.NASL
    descriptionThe version of Oracle Enterprise Manager Cloud Control installed on the remote host is affected by multiple vulnerabilities in Enterprise Manager Base Platform component: - A remote code execution vulnerability exists in Jython before 2.7.1rc1. An unauthenticated, remote attacker can exploit this by sending a serialized function to the deserializer. (CVE-2016-4000) - A denial of service (DoS) vulnerability exists in OpenSSL due to the client spending long periods of time generating a key from large prime values. A malicious remote server can exploit this issue via sending a very large prime value to the clients, resulting in a hang until the client has finished generating the key. (CVE-2018-0732)
    last seen2020-06-01
    modified2020-06-02
    plugin id121225
    published2019-01-17
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121225
    titleOracle Enterprise Manager Cloud Control (January 2019 CPU)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1546.NASL
    descriptionAccording to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.(CVE-2018-0495) - OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.(CVE-2013-0166) - OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an
    last seen2020-06-01
    modified2020-06-02
    plugin id124999
    published2019-05-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124999
    titleEulerOS Virtualization 3.0.1.0 : openssl (EulerOS-SA-2019-1546)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1392.NASL
    descriptionAccording to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - openssl: ROHNP - Key Extraction Side Channel in Multiple Crypto Libraries (CVE-2018-0495) - openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang (CVE-2018-0732) - openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service (CVE-2018-0739) - openssl: Malformed X.509 IPAdressFamily could cause OOB read (CVE-2017-3735) - openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys (CVE-2018-0737) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-15
    modified2018-12-10
    plugin id119520
    published2018-12-10
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119520
    titleEulerOS 2.0 SP3 : openssl (EulerOS-SA-2018-1392)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1400.NASL
    descriptionAccording to the versions of the openssl packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable
    last seen2020-06-01
    modified2020-06-02
    plugin id124903
    published2019-05-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124903
    titleEulerOS Virtualization for ARM 64 3.0.1.0 : openssl (EulerOS-SA-2019-1400)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-2812-1.NASL
    descriptionThis update for nodejs8 to version 8.11.4 fixes the following issues : Security issues fixed : CVE-2018-12115: Fixed an out-of-bounds memory write in Buffer that could be used to write to memory outside of a Buffer
    last seen2020-03-19
    modified2019-01-02
    plugin id120104
    published2019-01-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120104
    titleSUSE SLES15 Security Update : nodejs8 (SUSE-SU-2018:2812-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-718.NASL
    descriptionThis update for nodejs8 to version 8.11.4 fixes the following issues : Security issues fixed : - CVE-2018-12115: Fixed an out-of-bounds memory write in Buffer that could be used to write to memory outside of a Buffer
    last seen2020-06-01
    modified2020-06-02
    plugin id123312
    published2019-03-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123312
    titleopenSUSE Security Update : nodejs8 (openSUSE-2019-718)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-2_0-0084_OPENSSL.NASL
    descriptionAn update of the openssl package has been released.
    last seen2020-03-17
    modified2019-02-07
    plugin id121981
    published2019-02-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121981
    titlePhoton OS 2.0: Openssl PHSA-2018-2.0-0084
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2018-4248.NASL
    descriptionDescription of changes: [1.0.1e-57.0.6] - Oracle bug 28730228: backport CVE-2018-0732 - Oracle bug 28758493: backport CVE-2018-0737
    last seen2020-06-01
    modified2020-06-02
    plugin id118105
    published2018-10-15
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118105
    titleOracle Linux 6 : openssl (ELSA-2018-4248)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1201.NASL
    descriptionAccording to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.i1/4^CVE-2018-0495i1/4%0 - During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o).i1/4^CVE-2018-0732i1/4%0 - Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n).i1/4^CVE-2018-0739i1/4%0 - While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g.i1/4^CVE-2017-3735i1/4%0 - OpenSSL RSA key generation was found to be vulnerable to cache side-channel attacks. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover parts of the private key.i1/4^CVE-2018-0737i1/4%0 Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-19
    modified2019-04-09
    plugin id123887
    published2019-04-09
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123887
    titleEulerOS Virtualization 2.5.4 : openssl (EulerOS-SA-2019-1201)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-777.NASL
    descriptionThis update for openssl-1_1 fixes the following issues : - CVE-2018-0732: During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack (bsc#1097158). - Blinding enhancements for ECDSA and DSA (bsc#1097624, bsc#1098592) This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-05
    modified2018-07-30
    plugin id111429
    published2018-07-30
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111429
    titleopenSUSE Security Update : openssl-1_1 (openSUSE-2018-777)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-2207-1.NASL
    descriptionThis update for openssl fixes the following issues : - CVE-2018-0732: During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack (bsc#1097158). - Blinding enhancements for ECDSA and DSA (bsc#1097624, bsc#1098592) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id111575
    published2018-08-07
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111575
    titleSUSE SLES11 Security Update : openssl (SUSE-SU-2018:2207-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-1110.NASL
    descriptionThis update for openssl-1_0_0 to 1.0.2p fixes the following issues : These security issues were fixed : - Prevent One&Done side-channel attack on RSA that allowed physically near attackers to use EM emanations to recover information (bsc#1104789) - CVE-2018-0737: The RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could have recovered the private key (bsc#1089039) - CVE-2018-0732: During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack (bsc#1097158) - Make problematic ECDSA sign addition length-invariant - Add blinding to ECDSA and DSA signatures to protect against side channel attacks This non-security issue was fixed : - Add openssl(cli) Provide so the packages that require the openssl binary can require this instead of the new openssl meta package (bsc#1101470) This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-05
    modified2018-10-09
    plugin id117977
    published2018-10-09
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117977
    titleopenSUSE Security Update : openssl-1_0_0 (openSUSE-2018-1110)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-02A38AF202.NASL
    descriptionUpdate to 1.1.0i version from upstream fixing minor security issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2018-10-03
    plugin id117891
    published2018-10-03
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117891
    titleFedora 27 : 1:openssl (2018-02a38af202)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3692-1.NASL
    descriptionKeegan Ryan discovered that OpenSSL incorrectly handled ECDSA key generation. An attacker could possibly use this issue to perform a cache-timing attack and recover private ECDSA keys. (CVE-2018-0495) Guido Vranken discovered that OpenSSL incorrectly handled very large prime values during a key agreement. A remote attacker could possibly use this issue to consume resources, leading to a denial of service. (CVE-2018-0732) Alejandro Cabrera Aldaya, Billy Brumley, Cesar Pereida Garcia and Luis Manuel Alvarez Tapia discovered that OpenSSL incorrectly handled RSA key generation. An attacker could possibly use this issue to perform a cache-timing attack and recover private RSA keys. (CVE-2018-0737). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id110721
    published2018-06-27
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110721
    titleUbuntu 14.04 LTS / 16.04 LTS / 17.10 / 18.04 LTS : openssl, openssl1.0 vulnerabilities (USN-3692-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-550.NASL
    descriptionThis update for openssl-1_1 fixes the following issues : - CVE-2018-0732: During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack (bsc#1097158). - Blinding enhancements for ECDSA and DSA (bsc#1097624, bsc#1098592) This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id123236
    published2019-03-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123236
    titleopenSUSE Security Update : openssl-1_1 (openSUSE-2019-550)
  • NASL familyPalo Alto Local Security Checks
    NASL idPALO_ALTO_PAN-SA-2018-0015.NASL
    descriptionThe version of Palo Alto Networks PAN-OS running on the remote host is 6.1.x including 6.1.20 or 7.1.x prior to 7.1.21 or 8.0.x prior to 8.0.14 or 8.1.x prior to 8.1.4. It is, therefore, affected by multiple vulnerabilities : - A denial of service (DoS) vulnerability that exists in OpenSSL due to failure of handling the exception conditions during the TLS handshake. An authenticated, remote attacker can exploit this issue , via malicious server to send large prime value to the client to spend unreasonably long time for generating the key for this prime resulting hang until the client finished. (CVE-2018-0732) - An information disclosure vulnerability that exists in OpenSSL RSA key generation algorithm due to a cache timing side channel attack. An authenticated, local attacker can exploit this issue, via cache timing attacks during the RSA key generation process, to recover the private key. (CVE-2018-0737) - A denial of service (DoS) vulnerability that exists in OpenSSL due to a constructed ASN.1 types with a recursive definition. An unauthenticated, remote attacker can exploit this issue, via creating malicious input with excessive recursion, to cause the Denial Of Service attack. (CVE-2018-0739)
    last seen2020-06-01
    modified2020-06-02
    plugin id123512
    published2019-03-29
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123512
    titlePalo Alto Networks PAN-OS 6.1.x <= 6.1.20 / 7.1.x < 7.1.21 / 8.0.x < 8.0.14 / 8.1.x < 8.1.4 Multiple Vulnerabilities (PAN-SA-2018-0015)
  • NASL familyMisc.
    NASL idLCE_5_1_1.NASL
    descriptionThe version of Tenable Log Correlation Engine (LCE) installed on the remote host is a version prior to 5.1.1. It is, therefore, affected by multiple vulnerabilities: - A flaw exists in the bundled third-party component OpenSSL library
    last seen2020-06-01
    modified2020-06-02
    plugin id118399
    published2018-10-26
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118399
    titleTenable Log Correlation Engine (LCE) < 5.1.1 (TNS-2018-13)
  • NASL familyJunos Local Security Checks
    NASL idJUNIPER_JSA10919.NASL
    descriptionAccording to its self-reported version number, the remote Juniper Junos device is affected by a multiple vulnerabilities: - During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o). (CVE-2018-0732) - The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o). (CVE-2018-0737)
    last seen2020-06-01
    modified2020-06-02
    plugin id121069
    published2019-01-11
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121069
    titleJunos OS: OpenSSL Security Advisories [16 Apr 2018] and [12 June 2018] (JSA10919)
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2018-1102.NASL
    descriptionDuring key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack.(CVE-2018-0732) Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.(CVE-2018-0495) Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe.(CVE-2018-0739) While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006.(CVE-2017-3735)
    last seen2020-06-01
    modified2020-06-02
    plugin id118833
    published2018-11-09
    reporterThis script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118833
    titleAmazon Linux 2 : openssl (ALAS-2018-1102)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-2796-1.NASL
    descriptionThis update for nodejs6 to version 6.14.4 fixes the following issues : Security issues fixed : - CVE-2018-12115: Fixed an out-of-bounds (OOB) write in Buffer.write() for UCS-2 encoding (bsc#1105019) CVE-2018-0732: Upgrade to OpenSSL 1.0.2p, fixing a client DoS due to large DH parameter (bsc#1097158) Other issues fixed : Recommend same major version npm package (bsc#1097748) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-19
    modified2019-01-02
    plugin id120103
    published2019-01-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120103
    titleSUSE SLES12 Security Update : nodejs6 (SUSE-SU-2018:2796-1)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2018-1098.NASL
    descriptionDuring key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack.(CVE-2018-0732 )
    last seen2020-06-01
    modified2020-06-02
    plugin id118595
    published2018-11-02
    reporterThis script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118595
    titleAmazon Linux AMI : openssl (ALAS-2018-1098)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-00C25B9379.NASL
    descriptionPatch for CVE-2018-0737, CVE-2018-0732, CVE-2018-0734, CVE-2019-1552, CVE-2019-1559. https://www.openssl.org/news/vulnerabilities.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id129319
    published2019-09-25
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129319
    titleFedora 30 : 1:compat-openssl10 (2019-00c25b9379)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-2965-1.NASL
    descriptionThis update for openssl-1_0_0 to 1.0.2p fixes the following issues : These security issues were fixed : Prevent One&Done side-channel attack on RSA that allowed physically near attackers to use EM emanations to recover information (bsc#1104789) CVE-2018-0737: The RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could have recovered the private key (bsc#1089039) CVE-2018-0732: During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack (bsc#1097158) Make problematic ECDSA sign addition length-invariant Add blinding to ECDSA and DSA signatures to protect against side channel attacks The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-18
    modified2019-01-02
    plugin id120115
    published2019-01-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120115
    titleSUSE SLES15 Security Update : openssl-1_0_0 (SUSE-SU-2018:2965-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-753.NASL
    descriptionThis update for openssl-1_0_0 to 1.0.2p fixes the following issues : These security issues were fixed : - Prevent One&Done side-channel attack on RSA that allowed physically near attackers to use EM emanations to recover information (bsc#1104789) - CVE-2018-0737: The RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could have recovered the private key (bsc#1089039) - CVE-2018-0732: During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack (bsc#1097158) - Make problematic ECDSA sign addition length-invariant - Add blinding to ECDSA and DSA signatures to protect against side channel attacks This non-security issue was fixed : - Add openssl(cli) Provide so the packages that require the openssl binary can require this instead of the new openssl meta package (bsc#1101470) This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id123323
    published2019-03-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123323
    titleopenSUSE Security Update : openssl-1_0_0 (openSUSE-2019-753)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-1047.NASL
    descriptionThis update for nodejs8 to version 8.11.4 fixes the following issues : Security issues fixed : - CVE-2018-12115: Fixed an out-of-bounds memory write in Buffer that could be used to write to memory outside of a Buffer
    last seen2020-06-05
    modified2018-09-27
    plugin id117790
    published2018-09-27
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117790
    titleopenSUSE Security Update : nodejs8 (openSUSE-2018-1047)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201811-03.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201811-03 (OpenSSL: Denial of Service) It was discovered that OpenSSL allow malicious servers to send very large primes to a client during DH(E) based TLS handshakes. Impact : A remote attacker, by sending large prime to client during DH(E) TLS handshake, could possibly cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id118847
    published2018-11-09
    reporterThis script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118847
    titleGLSA-201811-03 : OpenSSL: Denial of Service
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-549.NASL
    descriptionThis update for openssl-1_0_0 fixes the following issues : - CVE-2018-0732: During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack (bsc#1097158). - Blinding enhancements for ECDSA and DSA (bsc#1097624, bsc#1098592) This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id123235
    published2019-03-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123235
    titleopenSUSE Security Update : openssl-1_0_0 (openSUSE-2019-549)

Redhat

advisories
  • rhsa
    idRHSA-2018:2552
  • rhsa
    idRHSA-2018:2553
  • rhsa
    idRHSA-2018:3221
  • rhsa
    idRHSA-2018:3505
  • rhsa
    idRHSA-2019:1296
  • rhsa
    idRHSA-2019:1297
  • rhsa
    idRHSA-2019:1543
rpms
  • npm-1:5.6.0-1.8.11.4.2.el7
  • rhoar-nodejs-1:8.11.4-2.el7
  • rhoar-nodejs-debuginfo-1:8.11.4-2.el7
  • rhoar-nodejs-docs-1:8.11.4-2.el7
  • npm-1:6.2.0-1.10.9.0.1.el7
  • rhoar-nodejs-1:10.9.0-1.el7
  • rhoar-nodejs-debuginfo-1:10.9.0-1.el7
  • rhoar-nodejs-docs-1:10.9.0-1.el7
  • openssl-1:1.0.2k-16.el7
  • openssl-debuginfo-1:1.0.2k-16.el7
  • openssl-devel-1:1.0.2k-16.el7
  • openssl-libs-1:1.0.2k-16.el7
  • openssl-perl-1:1.0.2k-16.el7
  • openssl-static-1:1.0.2k-16.el7
  • jbcs-httpd24-httpd-0:2.4.29-40.jbcs.el6
  • jbcs-httpd24-httpd-0:2.4.29-40.jbcs.el7
  • jbcs-httpd24-httpd-debuginfo-0:2.4.29-40.jbcs.el6
  • jbcs-httpd24-httpd-debuginfo-0:2.4.29-40.jbcs.el7
  • jbcs-httpd24-httpd-devel-0:2.4.29-40.jbcs.el6
  • jbcs-httpd24-httpd-devel-0:2.4.29-40.jbcs.el7
  • jbcs-httpd24-httpd-manual-0:2.4.29-40.jbcs.el6
  • jbcs-httpd24-httpd-manual-0:2.4.29-40.jbcs.el7
  • jbcs-httpd24-httpd-selinux-0:2.4.29-40.jbcs.el6
  • jbcs-httpd24-httpd-selinux-0:2.4.29-40.jbcs.el7
  • jbcs-httpd24-httpd-tools-0:2.4.29-40.jbcs.el6
  • jbcs-httpd24-httpd-tools-0:2.4.29-40.jbcs.el7
  • jbcs-httpd24-mod_ldap-0:2.4.29-40.jbcs.el6
  • jbcs-httpd24-mod_ldap-0:2.4.29-40.jbcs.el7
  • jbcs-httpd24-mod_proxy_html-1:2.4.29-40.jbcs.el6
  • jbcs-httpd24-mod_proxy_html-1:2.4.29-40.jbcs.el7
  • jbcs-httpd24-mod_session-0:2.4.29-40.jbcs.el6
  • jbcs-httpd24-mod_session-0:2.4.29-40.jbcs.el7
  • jbcs-httpd24-mod_ssl-1:2.4.29-40.jbcs.el6
  • jbcs-httpd24-mod_ssl-1:2.4.29-40.jbcs.el7
  • jbcs-httpd24-openssl-1:1.0.2n-15.jbcs.el6
  • jbcs-httpd24-openssl-1:1.0.2n-15.jbcs.el7
  • jbcs-httpd24-openssl-debuginfo-1:1.0.2n-15.jbcs.el6
  • jbcs-httpd24-openssl-debuginfo-1:1.0.2n-15.jbcs.el7
  • jbcs-httpd24-openssl-devel-1:1.0.2n-15.jbcs.el6
  • jbcs-httpd24-openssl-devel-1:1.0.2n-15.jbcs.el7
  • jbcs-httpd24-openssl-libs-1:1.0.2n-15.jbcs.el6
  • jbcs-httpd24-openssl-libs-1:1.0.2n-15.jbcs.el7
  • jbcs-httpd24-openssl-perl-1:1.0.2n-15.jbcs.el6
  • jbcs-httpd24-openssl-perl-1:1.0.2n-15.jbcs.el7
  • jbcs-httpd24-openssl-static-1:1.0.2n-15.jbcs.el6
  • jbcs-httpd24-openssl-static-1:1.0.2n-15.jbcs.el7

References